Replacing a user-defined IDS rule

Support

Support for business applications

Kaspersky Anti Targeted Attack (KATA) Platform

For security officers: Getting started with the application web interface

Managing user-defined rules

Managing user-defined IDS rules

Replacing a user-defined IDS rule

8 November 2023

ID 247715

You can replace a previously imported Snort or Suricata file and use it to scan events and create Intrusion Detection System alerts.

It is highly recommended that you test custom IDS rules in a test environment before you import them. Custom IDS rules may cause performance issues, in which case stable performance of Kaspersky Anti Targeted Attack Platform is not guaranteed

IDs and attributes of custom rules may be modified when they are uploaded. Reject and Drop actions are changed to Alert. Rules with the Pass action are deleted

To replace a custom IDS rule:

In the window of the application web interface, select the Custom rules section, IDS subsection.
This opens the user-defined IDS rule window. Under the rule information, click Replace.
This opens the file selection window on your local computer.
Select the file that you want to upload and click Open.

The user-defined IDS rule is imported into the application, replacing the previously imported rule.

Users with the Security auditor role cannot replace user-defined IDS rules.

Users with the Security officer role cannot gain access to user-defined IDS rules.

Kaspersky Professional Services

Implementation services. Health check and security system configuration. Contact us if you need expert help.

Kaspersky Premium Support (MSA): High‑priority incident processing

Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.