Adding custom rules
You can set your own Log Inspection rule triggering criteria. To do so, you must enter an event ID and select an event source. You can look up the event ID on the Microsoft technical support website. You can select an event source from among the standard logs: Application, Security or System. You can also specify the log of a third-party application. You can find out the name of the third-party application log using the Event Viewer tool. Third-party application logs are kept in the Application and Services Logs folder (for example, the Windows PowerShell log).
The application does not check if the specified log is actually present in the Windows event log. If there is a mistake in the name of the log, the application does not monitor events from that log.
The list of custom rules already includes three rules created by Kaspersky experts.
How to add a custom rule in the Administration Console (MMC)
How to add a custom rule in the Web Console and Cloud Console
How to add a custom rule in the application interface
button.As a result, when the rule triggers, Kaspersky Endpoint Security creates Critical event.
