Enabling Anomaly Detection using Sigma Rules

Support

Support for business applications

Kaspersky Endpoint Agent

Managing the application using Kaspersky Security Center Web Console and Kaspersky Security Center Cloud Console

Configuring Kaspersky Endpoint Agent settings

Configuring Anomaly Detection using Sigma rules

Enabling Anomaly Detection using Sigma Rules

August 27, 2024

ID 270608

To enable Anomaly Detection using Sigma rules:

Do one of the following:
- for a group of protected devices, open the application policy properties window.
  1. In the main Kaspersky Security Center Web Console window select Devices → Policies and profiles.
  2. Select the policy you want to configure.
  3. In the <Policy name> window that opens, select the Application settings tab.
- for an individual protected device, open the application settings for the device.
  1. In the main Kaspersky Security Center Web Console window select Devices → Managed devices.
  2. Select the device for which you want to configure application settings.
  3. In the <Device name> window that opens, select the Applications tab.
  4. Select Kaspersky Endpoint Agent.
  5. In the Kaspersky Endpoint Agent window that opens, select the Application settings tab.
In the Anomaly Detection using Sigma rules section, select the Enable Anomaly Detection using Sigma rules check box.
Add one or more collections of Sigma rules.
Click the Save button.
Kaspersky Endpoint Agent will search for anomalies using the enabled collections of Sigma rules.