Importing sets of security audit rules

You can import security audit rules from files to Kaspersky Industrial CyberSecurity for Networks. Files can contain rules written in the OVAL language or in the XCCDF language using OVAL definitions.

Imported rule sets are called custom rule sets. The Origin setting of these rule sets contains the User value.

To import files, they must be packed into a ZIP archive. Supported options for the contents of the ZIP archive:

• XCCDF package files that represent an XCCDF document and OVAL definitions in XML format. If the package includes reference files in the CPE (Common Platform Enumeration) format, these files must also be added to the archive.

  The files must be located at the root of the archive. The names of the files in the archive must match the following name masks:

  • *-xccdf.xml – mask for the name of the XCCDF document file (for example, SCAP1-xccdf.xml)
  • *-oval.xml – mask for the name of the file with OVAL definitions (for example, SCAP1-oval.xml)
  • *-cpe-dictionary.xml – mask for the name of the CPE dictionary file (for example, SCAP1-cpe-dictionary.xml)
  • *-cpe-oval.xml – mask for the name of the file with OVAL definitions and CPE dictionary (for example, SCAP1-cpe-oval.xml).
• A file that contains OVAL definitions and is not a part of an XCCDF package (the XCCDF document is not required to use the file).

  The file must be located at the root of the archive. The name of the file in the archive must match the mask: *-oval.xml (for example, SCAP2-oval.xml).

To import a set of security audit rules:

1. Connect to the Kaspersky Industrial CyberSecurity for Networks Server through the web interface using the Administrator account.
2. Select the Security audit section.
3. On the Rule sets tab, click Import on the toolbar.
4. Specify the local path to the ZIP archive using the Browse button.
5. Click the Import button.

   The data import process starts. Information about the running import operation is displayed in the list of background operations.

6. To switch to a new rule set, perform the following actions:
   1. Click the button in the menu of the application web interface.

      The list of background operations appears.

   2. Wait for the import operation to complete.
   3. Click the Show button.

Page top