Viewing the table of Network Anomaly Detection rules:

The network anomaly detection rules table is displayed in Detection rules, on the Network Anomaly Detection tab.

Users with the Administrator, Security Specialist, or Operator role can view the Network Anomaly Detection rules table.

On the Network Anomaly Detection tab, a delay of traffic receipt counter is displayed under the toolbar. The counter contains the dynamically changing lag time of incoming traffic data received by the database used to store protocol attributes. If the application detects a critical lag time, the green icon is no longer displayed next to the counter. In this case, automatic runs of rules occurring during this period may lead to an incorrect result. Before returning the counter to its normal state, it is recommended to manually run the rules while taking into account the available range for analyzing protocol attributes.

The settings of rules are displayed in the following columns of the table:

• Rule ID

  Rule ID assigned by Kaspersky Industrial CyberSecurity for Networks.

• Name

  Defined name of the rule.

• Status

  Current status of the rule (Enabled or Disabled).

• Created

  The date and time when the rule was created.

• Changed

  The date and time when the rule was last modified.

• Template name

  The name of the template associated with the rule. If the rule is not associated with a built-in template, the User-defined template is specified for the rule.

• Search depth.

  The duration of the time interval for searching for network anomalies among the protocol attributes.

• Description

  Rule description.

• Schedule

  Information about the schedule according to which the application automatically starts the rule.

• Last run

  Date and time when the rule was last started.

• Status of last run

  Resulting status of the rule when it was last run.

• Number of events.

  Number of events registered when the rule was run.

• Event title

  Header of the event registered when the rule is triggered.

• Event score

  Assessed score of the event that was registered when the rule was triggered. Events are scored on a scale from 0.0 to 10.0.

• Event description.

  Description of the event registered when the rule is triggered.

When viewing the Network Anomaly Detection rules table, you can use the configuration, filter, and sorting functions.

Page top