You can import vulnerability and compliance audit rules from files to Kaspersky Industrial CyberSecurity for Networks. Files can contain rules written in the OVAL language or in the XCCDF language using OVAL definitions.
Imported rule sets are called custom rule sets. For these rule sets, Origin is set to User.
To import files, they must be packed into a ZIP archive. Supported options for the contents of the ZIP archive:
The files must be located at the root of the archive. The names of the files in the archive must match the following name masks:
*-xccdf.xml
– mask for the name of the XCCDF document file (for example, SCAP1-xccdf.xml)*-oval.xml
– mask for the name of the file with OVAL definitions (for example, SCAP1-oval.xml)*-cpe-dictionary.xml
– mask for the name of the CPE dictionary file (for example, SCAP1-cpe-dictionary.xml)*-cpe-oval.xml
– mask for the name of the file with OVAL definitions and CPE dictionary (for example, SCAP1-cpe-oval.xml)The file must be located at the root of the archive. The name of the file in the archive must match the mask: *-oval.xml
(for example, SCAP2-oval.xml).
To import a set of vulnerability and compliance audit rules:
The data import process starts. Information about the running import operation is displayed in the list of background operations.
The list of background operations opens.