Enabling and disabling sets of Intrusion Detection rules

Sets of Intrusion Detection rules can be assigned a status of Enabled or Disabled. If a set of rules is disabled, no rules in this set are used for Intrusion Detection.

Whenever you enable or disable selected rule sets on all computers that have application components installed (Server and sensors), the Intrusion Detection system is restarted. A restart is required to apply the changes.

Users with the Administrator or Security Officer role can change the states of Intrusion Detection rule sets.

To change the status of Intrusion Detection rule sets:

1. Connect to the Kaspersky Industrial CyberSecurity for Networks Server through the web interface using an Administrator or Security Officer account.
2. In the Detection rules → Intrusion Detection section, select the sets of rules whose status you want to change.
3. Right-click to open the context menu.
4. In the context menu, select one of the following options:
   • Enable if you want to enable all disabled sets of rules from among the selected rule sets.
   • Disable if you want to disable all enabled sets of rules from among the selected rule sets.
   • Change the statuses of selected rule sets if you want to invert the statuses of all selected rule sets. This option lets you quickly enable or disable selected sets of rules with different statuses on all computers that have application components installed, as the Intrusion Detection System is restarted on all computers only once to apply all the changes together.

   A window with a confirmation prompt opens.

5. In the prompt window, click OK.

Page top