Support

Support for business applications

Kaspersky XDR Expert

Appendices

Correlation rules

Kaspersky Next XDR Expert
Online Help
FAQ Forum Contact support Recovery tools

Correlation rules

May 15, 2024

ID 270428

Get as PDF

The file that can be downloaded by clicking the link describes the correlation rules that are included in the distribution kit. It provides the scenarios covered by rules, the conditions of their use, and the necessary sources of events.

The correlation rules described in this document are contained in the SOC_package file in the OSMP distribution kit; the password for the file is SOC_package1. Only one version of the SOC rule set can be used at a time: either Russian or English.

You can import correlation rules into KUMA. Refer to the following topic for details: Importing resources.

You can add imported correlation rules to correlators that your organization uses. Refer to the following topic for details: Step 3. Correlation.

Download the description of correlation rules contained in the SOC_package.xlsx file.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.