[OOTB] KSC package - ENG
<html lang="en">
<body>
  
  <p>
	The Kaspersky Security Center (KSC) event monitoring correlation rules package identifies potentially dangerous system activity based on internal audit events.<br>
	Rules detect anomalies in privileged user behavior, such as failed administrator login attempts, connections from non-standard IP addresses, and password brute-force attempts. Attempts to change application settings are also monitored, including the suspicious creation of tasks, which may indicate unauthorized access or bypass of security mechanisms for further attacks on the infrastructure. The package also includes rules for monitoring the correct operation of the KSC and KES Windows services, violations of which may also indicate attempts to weaken protection.<br>
	<br>
	For the rules to function correctly, it is necessary to verify the audit settings to ensure the event logs contain a sufficient level of detail. The rules package operates on events collected through the KSC database.
  </p>

</body>
</html>