Manually starting and stopping a Network Anomaly Detection rule

You can start and stop network anomaly detection rules manually. Stopping or starting a rule is available only for enabled rules.

A rule cannot run if it is in a status of New, Pending, Awaiting data, or Running.

To trigger the Network Anomaly Detection rule:

1. Connect to the Kaspersky Industrial CyberSecurity for Networks Server through the web interface using an Administrator or Security Officer account.
2. Select Detection rules.
3. On the Network Anomaly Detection tab, select the rule you want to trigger.

   The details area appears in the right part of the web interface window.

4. Click Run at interval. The button is disabled if the rule cannot be triggered.

   The Configure rule run carrier appears on the right. The upper part of the panel displays information about the available range for analyzing protocol attributes. The range is limited to the earliest and latest arrival of traffic data in the database used to store protocol attributes.

5. Use the Search depth parameter to specify the duration of the time interval for searching for network anomalies among the protocol attributes. To manually run a rule, this value may be different from the value that was defined for the rule when it was created or when the settings were changed.
6. In the Interval end field, specify the date and time of the end of the time interval.
7. Click Run.

You can stop rules if they have one of the following statuses: New, Pending, Awaiting data, or Running.

To stop the execution of a network anomaly detection rule:

1. Connect to the Kaspersky Industrial CyberSecurity for Networks Server through the web interface using an Administrator or Security Officer account.
2. Select Detection rules.
3. On the Network Anomaly Detection tab, select the rule that you want to stop.

   The details area appears in the right part of the web interface window.

4. Click Stop (this button is disabled if the rule cannot be stopped at this time).

Page top