Creating an allow rule with blank settings or settings from a template

To create an allow rule with blank settings or settings from a template:

  1. Connect to the Kaspersky Industrial CyberSecurity for Networks Server through the web interface using the Administrator account.
  2. In the Allow rules section, open the details area by clicking Add rule.
  3. If you want to define the values of settings from a template, in the details area click Use template, select the necessary template in the opened window and click Apply.
  4. In the details area, click EVT.
  5. In the Protocol field, specify the protocol that will be indicated in the events.

    When the Protocol field is selected, a window opens showing the table of supported protocols displayed as a protocol stack tree. You can manage how tree elements are displayed by using the + and - buttons next to the names of protocols that contain protocols of subsequent layers.

    If necessary, use the search field above the table to find relevant protocols.

    To specify the protocol:

    1. In the protocols table, select the protocol that you want to specify for the rule. To select the relevant protocol, click the button that is displayed in the left column of the protocols table.
    2. Click OK.

    If you select a protocol that can be identified by the application based on the contents of network packets, a notification about this appears below the Protocol field.

  6. If required, enter additional information about the rule in the Comment field.
  7. In the Side 1 and Side 2 settings groups, specify the editable address information for the participants (sides) of network interaction. Depending on the selected protocol (or set of protocols), address information may contain a MAC address, IP address, and/or port number. If additional address spaces were added to the application, you can specify the names of the address spaces for addresses.

    To autofill the address information of a side of network interaction, you can select devices that are known to the application. To do so:

    1. Open the device selection window by clicking Specify device addresses.
    2. In the device selection window, select the check boxes next to the devices that you want to use.

      The device selection window contains a table in which you can configure the layout and order of columns, and also filter, search and sort similarly to the devices table in the Assets section.

    3. Click OK in the device selection window.
  8. In the Event type field, specify the event type whose numerical code is indicated in events.

    Selecting the Event type field opens a window containing a list of event types that may be indicated in allow rules. If necessary, use the search field above the list to find the relevant event type. To specify the event type, select it in the list and click Apply.

  9. In the Monitoring point field, specify the monitoring point name that is indicated in events.

    Selecting the Monitoring point field opens a window containing a list of all monitoring points on all nodes that have application components installed. If necessary, use the search field above the list to find the name of the relevant monitoring point. To specify the monitoring point name, select it in the list and click Apply.

  10. In the Rule in event field, enter the name (or part of the name) that is indicated as the triggered rule in events.
  11. In the details area, click Save.

    The new rule will be added to the allow rules table.

Page top