Managing user-defined IDS rules
Managing user-defined IDS rules
November 8, 2023
ID 247710
In distributed solution and multitenancy mode, custom IDS rules can have one of the following types:
- Global—Created on the PCN server. These rules are used to scan events on this PCN server and all SCN servers connected to this PCN server. Scanned events belong to the tenant which the user is managing in the program web interface.
- Local—Created on the SCN server. These rules are used to scan events on this SCN server. Scanned events belong to the tenant which the user is managing in the program web interface.
Users with the Senior security officer role can import, replace, and delete user-defined IDS rules, as well as add Kaspersky-defined IDS rules to exclusions from scanning. Users with the Senior security officer or Security auditor roles can use IDS rules to search for signs of targeted attacks, infected and possibly infected objects in the alert database, and to view the IDS rule information.
Users with the Security officer role cannot gain access to user-defined IDS rules.
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.