Adding a collection of Sigma rules

To add a collection of Sigma rules:

1. In the main window of the Web Console, select Assets (Devices) → Policies & profiles.
2. Click the name of the Kaspersky Industrial CyberSecurity for Nodes policy.

   The policy properties window opens.

3. Select the Application settings tab.
4. In the Anomaly Detection using Sigma rules section, click Add.

   The Adding a rules collection window opens.

5. Use the Choose a rules collection drop-down list to do one of the following:
   • Select one of the predefined Sigma rule collections.

     If predefined Sigma rule collections are not displayed, make sure the application is activated with a license key with EDR Optimum and ICS Telemetry objects. You can also run the Download updates to the Administration Server repository task to update predefined collections.

   • Select the Custom rules collection option to add a custom collection of Sigma rules.
6. If you are adding a custom collection of Sigma rules, enter a unique name for the collection in the corresponding field.
7. Click OK.

In the Settings of Anomaly Detection using Sigma rules section, a line appears with the name of the created rule collection, which is enabled by default (the toggle button to the left of the collection name is in the Enabled position). When you create a custom collection of Sigma rules, it does not contain any rules at first.

Page top