Adding and editing a security audit job

Expand all | Collapse all

For the existing sets of security audit rules, you can add and edit jobs that the application uses to perform device scans.

Only users with the Administrator role can add and edit security audit jobs.

The security audit job is configured using the Wizard. The Wizard guides you step by step through the configuration of all required job settings. After the configuration is complete, you can wait for the scheduled scans to start on devices or start the scan job manually.

You can invoke the Security Audit Job Configuration Wizard in the following ways:

• When adding a job for the selected rule set
  1. Select the Security audit section.
  2. On the Rule sets tab, select the rule set for which you want to add a security audit job.
  3. Click the Add job button.

  In the Configuration Wizard settings, the selected rule set is specified as default.

• When adding a job with unspecified settings
  1. Select the Security audit section.
  2. On the Jobs tab, click the Add job button.

  The Configuration Wizard settings do not have the default values.

• When adding a job based on an existing job
  1. Select the Security audit section.
  2. On the Jobs tab, select the job based on which you want to add a new security audit job.
  3. Click the Copy button.

  The default values of the Configuration Wizard settings are set to the values of the existing job settings.

• When adding a job for selected devices
  1. Select the Assets section.
  2. On the Devices tab, select the devices for which you want to add a security audit job.
  3. Right-click to open the context menu.
  4. In the context menu, select Create security audit job.

  In the Configuration Wizard settings, a list of devices consisting of the selected devices is generated by default.

• When modifying the selected job
  1. Select the Security audit section.
  2. On the Jobs tab, select the job for which you want to change the settings.
  3. Click the Edit button.

  The default values of the Configuration Wizard settings are set to the values of the selected job settings.

To configure job settings in the Configuration Wizard window:

1. In the Select rules section, do the following:
   1. Select the desired rule set for the job (not available when editing a job).
   2. Specify the profile of the selected rule set.
   3. Select the rules used to perform the scans and, if necessary, specify the desired values for the variables.
2. In the Select devices section, create a list of devices to run the scans during the job execution. Select up to 1,000 devices for the job.

   You can create a list of devices using the Add to job and Delete from job buttons. When you add devices, the application opens a window with a table of devices for selection. You can filter and sort the table to display the desired devices.

3. In the Job configuration section, configure the other job settings:
   1. Enter the job name and description.

      You can use letters, numerals, a space, and the following special characters: ! @ # № $ % ^ & ( ) [ ] { } / \ : ; , . - _. The job name must begin and end with any permitted character except space.

      The job name must contain no more than 1,024 characters. The job description must contain no more than 4,096 characters.

   2. Select one of the following methods to poll devices:
      • Local agent.

        You can use this method if Kaspersky Endpoint Agent is installed on the devices selected for the job and integration between Kaspersky Endpoint Agent and Kaspersky Industrial CyberSecurity for Networks is configured. This method is used for scanning using Kaspersky Endpoint Agent on each device.

      • Remote connection.

        Use this method if the devices selected for the job do not have Kaspersky Endpoint Agent installed, but it is possible to connect to these devices via protocols that ensure secure management and data transfer. For this method, in the job settings specify one of the nodes with the installed application components from which connection to the devices is established. Specify the secret with the credentials for remote connections. You can select only one secret with one set of credentials for the job. In this case, the credentials stored in the selected secret must be applicable on all devices selected for the job (connections to these devices are possible with the same credentials from the secret).

      For the Remote connection device polling method, the option to strengthen the security of connections with devices by verifying the certificates of these devices is not available. Attackers can attempt to spoof these devices in the network by exploiting the lack of device certificate authentication.

   3. If necessary, enable detection of risks of the Vulnerability category based on the job execution results. For this purpose, select the Register detected vulnerabilities check box.
   4. To run the job according to a schedule, enable the Run job according to schedule option and configure the schedule settings:
      • In the Frequency drop-down list, select how often to run the job: Hourly, Daily, Weekly, Monthly.
      • Depending on the selected option, specify the values for the settings to define the precise job start time.

      The application starts the job according to the schedule, provided that the previous start of this job has been completed. If by the time a scheduled job is started its previous launch has the Running status, the application skips the start of the scheduled job.

   5. To send reports on the job starts by email, enable the Send by email option and specify the addresses of the recipients.

      The maximum number of report recipients is 10.

4. Click the button to close the Wizard: Create job or Edit job.

The specified settings are displayed in the job details, on the Settings, Rules, and Devices tabs.