Importing vulnerability and compliance audit rule sets

You can import vulnerability and compliance audit rules from files to Kaspersky Industrial CyberSecurity for Networks. Files can contain rules written in the OVAL language or in the XCCDF language using OVAL definitions.

Imported rule sets are called custom rule sets. For these rule sets, Origin is set to User.

To import files, they must be packed into a ZIP archive. Supported options for the contents of the ZIP archive:

• XCCDF package files that represent an XCCDF document and OVAL definitions in XML format. If the package includes reference files in the CPE (Common Platform Enumeration) format, these files must also be added to the archive.

  The files must be located at the root of the archive. The names of the files in the archive must match the following name masks:

  • *-xccdf.xml – mask for the name of the XCCDF document file (for example, SCAP1-xccdf.xml)
  • *-oval.xml – mask for the name of the file with OVAL definitions (for example, SCAP1-oval.xml)
  • *-cpe-dictionary.xml – mask for the name of the CPE dictionary file (for example, SCAP1-cpe-dictionary.xml)
  • *-cpe-oval.xml – mask for the name of the file with OVAL definitions and CPE dictionary (for example, SCAP1-cpe-oval.xml)
• A file that contains OVAL definitions and is not a part of an XCCDF package (the XCCDF document is not required to use the file).

  The file must be located at the root of the archive. The name of the file in the archive must match the mask: *-oval.xml (for example, SCAP2-oval.xml).

To import a set of vulnerability and compliance audit rules:

1. Connect to the Kaspersky Industrial CyberSecurity for Networks Server through the web interface using the Administrator account.
2. Select the Security audit section.
3. On the Rule sets tab, click Import in the toolbar.
4. Click Browse and specify the local path to the ZIP archive.
5. Click Import.

   The data import process starts. Information about the running import operation is displayed in the list of background operations.

6. To switch to a new rule set, perform the following actions:
   1. Click in the application web interface menu.

      The list of background operations opens.

   2. Wait for the import operation to complete.
   3. Click Show.

Page top