Exporting and importing Sigma rules of a custom collection

To export or import Sigma rules from a custom collection:

1. In the main window of the Web Console, select Assets (Devices) → Policies & profiles.
2. Click the name of the Kaspersky Industrial CyberSecurity for Nodes policy.

   The policy properties window opens.

3. Select the Application settings tab.
4. In the Anomaly Detection using Sigma rules section, use the check box next to the collection name to select a custom collection of Sigma rules that you want to add one or more Sigma rules to.
5. Click Edit.

   The Changing the Sigma rules collection window opens.

6. Click the Export button to export Sigma rules from a custom collection.

   Kaspersky Industrial CyberSecurity for Nodes saves an archive named sigma.zip in the standard download folder.

7. Import Sigma rules into a custom collection:
   1. Click Import.
   2. In the window that opens, select the ZIP archive that contains the YAML files with the described Sigma rules.
   3. Click Open.

      If a Sigma rule contains syntax errors or if mandatory attributes are missing, the rule will not be added to the collection.

      Sigma rules contained in the archive will be displayed in the list of rules in the collection.

      If the imported ZIP archive contains duplicate Sigma rules that already exist in the collection, these rules will not be overwritten.

8. Click OK.

Page top