Filtering Sigma rules within a collection of rules

If the number of Sigma rules in a collection is large and you need to display a list of Sigma rules with certain parameters, you can use a filter.

To filter the Sigma rules in a collection:

1. In the main window of the Web Console, select Assets (Devices) → Policies & profiles.
2. Click the name of the Kaspersky Industrial CyberSecurity for Nodes policy.

   The policy properties window opens.

3. Select the Application settings tab.
4. In the Anomaly Detection using Sigma rules section, use the check box next to the name of a collection to select the collection to which you want to apply the rule filter.
5. Click Edit.

   The Changing the Sigma rules collection window opens.

6. Click Filter.

   A window with filtering criteria opens.

7. Specify the values of the filtering criteria you need:
   • The A rule contains the text criterion selects rules based on a case-insensitive match of the fragment. You can enter any rule attribute and/or its value.
   • The Rule state criterion selects rules based on their state.
   • The Availability of exclusions criterion selects rules based on the presence of exclusions.

     This criterion is available only for filtering rules in a collection supplied by Kaspersky.

8. Click OK.

   The rules that match the filtering criteria are displayed in the list of rules in the collection.

Page top