Managing Log Inspection rules via the Web Plug-in
To add and configure Log Inspection rules via the Web Plug-in:
- In the main window of the Web Console, select Devices → Policies & profiles.
- Click the policy name you want to configure.
- In the <Policy name> window that opens select the Application settings tab.
- Select the System Inspection section.
- Click Settings in the Log Inspection subsection.
- Configure the settings described in the table below.
Log Inspection task settings
Setting
Description
Apply custom rules for log inspection
You can enable, disable, add, or modify the custom rules.
The setting is available on the table is with the list of custom rules.
Apply predefined rules for log inspection
You can enable or disable the heuristic analyzer, which detects abnormal activity on the protected device.
The setting is available on the table is with the list of custom rules.
Detect brute-force attack if an incorrect password is entered with a frequency defined
You can set the number of attempts and time frame used, which will be considered as triggers by the heuristic analyzer.
Detect network logon, if logged on within a period defined
You can indicate the start and end of the time interval during which Kaspersky Security for Windows Server treats sign-in attempts as abnormal activity.
Users Exclusions
You can specify users which will not trigger the heuristic analyzer.
Excluded IP Addresses
You can specify IP addresses which will not trigger the heuristic analyzer.
Task management
You can configure settings to start the task on a schedule.
