Support

Support for business applications

Kaspersky Industrial CyberSecurity for Networks

Administration of Kaspersky Industrial CyberSecurity for Networks

Security audit using Kaspersky Industrial CyberSecurity for Networks

Managing sets of security audit rules

Importing sets of security audit rules

Kaspersky Industrial CyberSecurity for Networks
Нет результатов
Online Help
FAQ Download Forum Contact support Recovery tools Product videos

Importing sets of security audit rules

March 22, 2024

ID 255086

Get as PDF

You can import security audit rules from files to Kaspersky Industrial CyberSecurity for Networks. Files can contain rules written in the OVAL language or in the XCCDF language using OVAL definitions.

Imported rule sets are called custom rule sets. The Origin setting of these rule sets contains the User value.

To import files, they must be packed into a ZIP archive. Supported options for the contents of the ZIP archive:

  • XCCDF package files that represent an XCCDF document and OVAL definitions in XML format. If the package includes reference files in the CPE (Common Platform Enumeration) format, these files must also be added to the archive.

    The files must be located at the root of the archive. The names of the files in the archive must match the following name masks:

    • *-xccdf.xml – mask for the name of the XCCDF document file (for example, SCAP1-xccdf.xml)
    • *-oval.xml – mask for the name of the file with OVAL definitions (for example, SCAP1-oval.xml)
    • *-cpe-dictionary.xml – mask for the name of the CPE dictionary file (for example, SCAP1-cpe-dictionary.xml)
    • *-cpe-oval.xml – mask for the name of the file with OVAL definitions and CPE dictionary (for example, SCAP1-cpe-oval.xml).
  • A file that contains OVAL definitions and is not a part of an XCCDF package (the XCCDF document is not required to use the file).

    The file must be located at the root of the archive. The name of the file in the archive must match the mask: *-oval.xml (for example, SCAP2-oval.xml).

To import a set of security audit rules:

  1. Connect to the Kaspersky Industrial CyberSecurity for Networks Server through the web interface using the Administrator account.
  2. Select the Security audit section.
  3. On the Rule sets tab, click Import on the toolbar.
  4. Specify the local path to the ZIP archive using the Browse button.
  5. Click the Import button.

    The data import process starts. Information about the running import operation is displayed in the list of background operations.

  6. To switch to a new rule set, perform the following actions:
    1. Click the Icon in the form of an arrow pointing to the tray. button in the menu of the application web interface.

      The list of background operations appears.

    2. Wait for the import operation to complete.
    3. Click the Show button.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.