Configuring the Security Audit task settings using a custom database from file
August 27, 2024
ID 231842
The task can be run only if you have an active Kaspersky Industrial CyberSecurity for Node license key with an ICS Audit licensed object.
To configure the Security Audit task settings using a custom database from a file:
- In the main Kaspersky Security Center Web Console window, open the Devices → Tasks section.
- Open the task settings window by clicking the task name.
- Select the Application settings tab.
- In the Source of rules section, select Custom rule base from file.
- Click the Import rule base from file.
- In the window that opens, specify the file with the rule database.
You can load only one archive containing an XML file with OVAL rules and XCCDF rules.
The total archive size must not exceed 2 MB.
- Click OK.
The Source of rules section displays information about the loaded rules. Follow the Details links in the Platforms and Products fields to open windows with lists of the operating systems and products mentioned in the rules of the selected source.
- If necessary, load the file with external variables:
You cannot use external variables if the selected rule source contains XCCDF rules.
- Select the Use external variables data with custom database check box.
- Click the Import external variables from file.
- In the window that opens, specify the path to the file with the external variables.
- Click OK.
- In the Scope section, if necessary, change the vulnerability scan mode:
The Scope section is unavailable if the selected rule source contains XCCDF rules.
- Select one of the modes:
- Scan all vulnerabilities.
Kaspersky Endpoint Agent scans the devices to which the task is assigned in order to detect all vulnerabilities described in the rules of the Kaspersky ICS CERT vulnerabilities database for SCADA.
- Scan all vulnerabilities except added to the list.
Kaspersky Endpoint Agent scans the devices to which the task is assigned in order to detect all vulnerabilities described in the rules of the Kaspersky ICS CERT vulnerabilities database for SCADA except for those added to the list below.
- Scan vulnerabilities added to the list.
Kaspersky Endpoint Agent scans the devices to which the task is assigned in order to detect vulnerabilities added to the list below.
- Scan all vulnerabilities.
- If you selected Scan all vulnerabilities except added to the list or Scan vulnerabilities added to the list, create a list of vulnerabilities using the Add or Add according to conditions.
- Select one of the modes:
- In the Advanced section, if necessary, determine the statuses of directive-based scans that will be included in the Security Audit task report:
Directives cannot be applied if the selected rule source contains XCCDF rules.
- Select the Use Directives check box.
- Using the switch next to each directive, determine the statuses of directive-based scans that will be displayed in the Security Audit task report.
If the switch next to a directive status is on, results of scans based on the directive's rules that have this status will be displayed in the Security Audit task report.
By default, the check boxes next to the True and False scan result are selected for all directives.
- In the Advanced section, if necessary, configure settings for logging task completion events:
- Select the Enable logging check box.
- Select the desired Logging level from the list.
- Click OK to save the changes.
You can start the created task manually or configure a scheduled task start.