Obtaining reports

In Kaspersky Industrial CyberSecurity for Networks, you can generate reports based on templates to obtain information about devices, the statuses of devices and system security, monitored technological process parameters and system commands, and information about detected risks and interactions with third-party devices.

The application has two types of report templates:

• System templates are created automatically during installation of the application. In the report templates table, system templates are displayed with the  icon. You cannot delete system templates.

  Kaspersky Industrial CyberSecurity for Networks supports the following system templates for generating reports:

  • Inventory report.

    Report containing information about devices, monitored technological process parameters and system commands, utilized protocols, and detected risks on devices.

  • System security report.

    Report containing information about the security status of devices, registered events, detected risks, and interactions with devices of external networks.

  • Executive summary.

    Report containing concise information about devices and the security status of the system.

  • Full report.

    Report containing comprehensive information about devices and the security status of the system.

• User-defined templates are created manually by duplicating templates. System templates and user-defined templates can be duplicated. Only users with the Administrator role can duplicate templates.

Data in reports is presented in separate information blocks. For each report, Kaspersky Industrial CyberSecurity for Networks uses a fixed set and layout of information blocks. The information blocks used in reports and their descriptions are presented in the table below.

Use of information blocks in reports

Name of information block	Inventory report	System security report	Executive summary	Full report
Device categories Quantitative distribution of devices by category
Device vendors Most frequently indicated device vendors
Device operating systems Quantitative distribution of devices based on the operating systems they use
Monitored technological process parameters Quantitative distribution of tags by device
Devices with the most risks Devices with the most risks, with consideration of their risk severity levels
Most vulnerable industrial devices Devices with the most vulnerabilities, with consideration of their risk severity levels
System command sources Devices that sent the most system commands to other devices
Situational awareness Notifications about detected system security threats, listed in the order of their importance
New devices in the network Number of new devices detected by Kaspersky Industrial CyberSecurity for Networks
Protocols with the most traffic Most frequently used protocols based on traffic volume
Devices with the most connections to other nodes Devices with the most connections to other devices, with consideration of the traffic volume in the connections
Network traffic volume Volume of network traffic transmitted by common protocols and industrial protocols during the specified period
Common protocols Detected common protocols with the most traffic
Industrial protocols Detected industrial protocols with the most traffic
System command recipients Devices that received the most system commands from other devices
Device security statuses Quantitative distribution of devices by security statuses
Distribution of devices by status Quantitative distribution of devices by status
Statistics on events Quantitative distribution of events based on their severity level
Distribution of events by detection technologies Quantitative distribution of events by registration technology
Devices with the most events Devices most frequently registered in events
Most critical events Events with the highest severity scores
Most frequently triggered malicious activity detection rules Malicious activity detection rules that were triggered most frequently on the devices
Unusual protocols in the industrial network Detected unwanted protocols that are inadvisable for interactions between devices in an industrial network
Devices with signs of access to public resources Devices that have the most communications with devices located in Public subnets
Connections via remote control protocols Devices with the most interactions via protocols that use remote control applications
Modification of industrial device programs Devices with the most changes made to their programs
Active risks Quantitative distribution of detected risks based on their severity level

You can manually start generating reports based on templates in the Reports section on the Report templates tab of the application web interface. Kaspersky Industrial CyberSecurity for Networks can also start generating reports according to a schedule. Only users with the Administrator role can configure template schedule settings.

Kaspersky Industrial CyberSecurity for Networks generates reports in PDF files that are no more than 10 MB in size, and sends the report files to the email addresses indicated in the report templates. You can view information about generated reports and export them to files on the Generated reports tab.

The Generated reports tab also displays the reports generated when working with security audit jobs. A user with the Administrator role starts generation of reports with the results of device scans as part of a security audit job, as well as reports on the starts of the security audit job in the Security audit section.