Kaspersky Anti Targeted Attack Platform

Enabling and disabling sets of Intrusion Detection rules

Intrusion Detection rule sets can be Enabled or Disabled. If a rule set is disabled, none of the rules in that rule set are used for intrusion detection.

When you enable or disable selected rule sets, the Intrusion Detection system is restarted on all computers that have application components (Central Node and Sensor) installed. A restart is necessary to apply the changes.

Only users with the Senior security officer role can change the status of Intrusion Detection rule sets.

To change the status of Intrusion Detection rule sets:

  1. In the window of the application web interface, select the Custom rules section, Intrusion detection subsection.
  2. Select the check boxes next to the rule sets whose status you want to change.
  3. Right-click to open the context menu.
  4. In the context menu, select one of the following commands:
    • Enable if you want to enable all disabled sets of rules from among the selected rule sets.
    • Disable if you want to disable all enabled sets of rules from among the selected rule sets.
    • Change the statuses of selected rule sets if you want to invert the statuses of all selected rule sets. This option allows you to quickly enable and disable selected rule sets with different statuses on all computers with installed application components: to apply the changes, you only need one restart of the Intrusion Detection system on these computers.
  5. In the confirmation window, click OK.

The statuses of the intrusion detection rule sets are changed.