Exporting and importing telemetry event filtering rules

In the Kaspersky Security Center Administration Console tree, select the Policies folder.
Select the necessary policy and double-click to open the policy properties.
In the policy properties window, go to the Supplementary section.
In the SIEM telemetry block, click the Settings button.
To export the event filters:
1. Select event logs with filters that you want to export.
2. Click the button to open a context menu and select Export.
3. This opens a window; in that window, specify the name of file to which you want to export the event filters, and select the folder in which you want to save this file.
4. Save the file.
Kaspersky Industrial CyberSecurity for Nodes exports the event filters to the JSON file.
To import the event filters:
1. Click the button to open a context menu and select Import.
2. In the window that opens, select the JSON file from which you want to import the event filters.
3. Open the file.
Save your changes. To apply the policy on computers, close the lock .

In the main window of the Web Console, select Assets (Devices) → Policies & profiles.
Click the name of the Kaspersky Industrial CyberSecurity for Nodes policy.
The policy properties window opens.
Select the Application settings tab.
Select the Supplementary section.
In the Telemetry settings block, click the Configure button.
The Telemetry settings window opens.
Go to the SIEM Telemetry tab.
To export the event filters:
1. Select event logs with filters that you want to export.
2. Click Export.
3. This opens a window; in that window, specify the name of file to which you want to export the event filters, and select the folder in which you want to save this file.
4. Save the file.
Kaspersky Industrial CyberSecurity for Nodes exports the event filters to the JSON file.
To import the event filters:
1. Click Import.
2. In the window that opens, select the JSON file from which you want to import the event filters.
3. Open the file.
Save your changes. To apply the policy on computers, close the locks .

In the Application Console tree, select the Telemetry settings node.
In the SIEM telemetry block, click the Settings button.
To export the event filters:
1. Click Export.
2. In the window that opens, specify the name of the JSON file to which you want to export the event filters, and select the folder in which you want to save this file.
3. Save the file.
Kaspersky Industrial CyberSecurity for Nodes exports the event filters to the JSON file.
To import the event filters:
1. Click Import.
2. In the displayed dialog box, confirm the modification of SIEM telemetry settings.
3. Select the JSON file from which you want to import the event filters.
4. Open the file.
Click OK to save the changes.

Run a command line interpreter (for example, Command Prompt cmd.exe) with local administrator privileges.
To run the command, go to the folder where the kavshell.exe executable file is located. You can also add the executable file path to the %PATH% system variable and run the command without navigating to the application folder.
To export the event filters, run the following command:
KAVSHELL TELEMETRYFILTERS /EXPORT <file name>

If the command contains only the name of the file to which you want to export settings, the application places the file as follows:
- If the path to kavshell.exe is added to the %PATH% system variable, the application places the file in the folder from which you run the command.
- If you run the command from the application installation folder, the export will fail because the application's self-protection blocks the creation of a new file in the application folder. To export application settings to a file, enter the file path.
To import event filtering rules, run the following command:
KAVSHELL TELEMETRYFILTERS /IMPORT <full path to json file>