Adding Log Inspection rules via the Administration Plug-in
October 25, 2023
Perform the following actions to add and configure a new custom Log Inspection rule:
- Expand the Managed devices node in the Kaspersky Security Center Administration Console tree.
- Select the administration group for which you want to configure application settings.
- Perform one of the following actions in the details pane of the selected administration group:
- To configure application settings for a group of protected devices, select the Policies tab and open the Properties: <Policy name> window.
- To configure the settings of a task or application for an individual protected device, select the Devices tab and go to local task settings or application settings.
- In the System inspection section, click the Log Inspection button in the Settings subsection.
The Log Inspection window opens.
- On the Custom rules tab, select or clear the Apply custom rules for log inspection check box.
You can control whether the preset rules are applied for Log Inspection. Select the check boxes corresponding to the rules you want to apply to Log Inspection.
- To add a new custom rule, click the Add button.
The Custom log inspection rule window opens.
- In the General section specify the following information about the new rule:
- In the Triggering criteria section, specify the event IDs that will trigger the rule:
- Enter an ID.
- Click the Add button.
The entered event ID is added to the list. You can add an unlimited number of identifiers to each rule.
- Click the OK button.
The Log Inspection rule is added to the list of rules.