Kaspersky Industrial CyberSecurity for Networks can analyze incoming industrial network traffic for signs of intrusions, attacks, and various anomalies. For these purposes, you can use intrusion detection rules, intrusion detection methods based on built-in algorithms, and network anomaly detection rules. If rules or built-in algorithms are triggered during traffic analysis, the application uses the Intrusion Detection technology to register events.
Methods and rules can be configured when connected to the Kaspersky Industrial CyberSecurity for Networks Server through the web interface. Configurable sets of intrusion detection rules and network anomaly detection rules are displayed in the Detection rules section. The application allows you to enable or disable the use of detection technologies and methods in Settings → Deployment.
You can view Intrusion Detection and Network Anomaly Detection events in the table of registered events.