Kaspersky Industrial CyberSecurity for Networks automatically generates Interaction Control rules when importing configurations from a project for IEC 61850 devices. The application creates new rules based on information about devices in the configuration being imported.
After loading the project, Kaspersky Industrial CyberSecurity for Networks checks whether data in the traffic exchanged between the devices conforms to the imported configuration. If Kaspersky Industrial CyberSecurity for Networks detects irregularities in the traffic, it logs events.
If the configuration being imported defines protocols and connection settings for communications between devices, the application creates a Network Integrity Control rule. When the application detects network interactions that match disabled rules, it registers events based on Network Integrity Control technology.
If the configuration being imported defines system commands used for communications between devices, the application creates a Command Control rule. When it detects system commands that match disabled rules, it logs detections of unauthorized system commands using Command Control.
For rules created when importing configurations from a project for IEC 61850 devices, Origin is set to System. If you manually change rule settings, Origin will be set to User.
Page top