Configuring the Security audit task settings

This Help provides information related to Kaspersky Endpoint Agent for Windows. This information may be partially or completely inapplicable to Kaspersky Endpoint Agent for Linux. For complete information about Kaspersky Endpoint Agent for Linux, please refer to the Help of the solution that includes the application: Kaspersky Anti Targeted Attack Platform or Kaspersky Managed Detection and Response.

The task can be run only if you have an active Kaspersky Industrial CyberSecurity for Nodes license key with an ICS Audit licensed object.

Before you start configuring the Security audit task, perform the following actions:

  1. Create a signing certificate using Kaspersky Endpoint Agent command line interface.

    You can also use a signing certificate that already exists.

  2. Create Kaspersky Security Center installation package named package.zip using Kaspersky Endpoint Agent command line interface.
  3. Create and run the installation package installation task and select to install only the Administration Server. It is required to add the package.zip archive with OVAL rules to Kaspersky Security Center repository. The archive was created earlier using Kaspersky Endpoint Agent command line interface.

    In Kaspersky Endpoint Agent, you can only update an installed and deployed package with a custom database of OVAL rules. It is not possible to remove the package.

  4. Create the Security audit task or proceed to configure the settings of a task created earlier.

To configure the Security audit task settings:

  1. In the main Kaspersky Security Center Web Console window select DevicesTasks.
  2. Open the task settings window by clicking the task name.
  3. Select the Application settings tab.
  4. In the Source section, select User databases from the KSC repository, click Select an OVAL file from the collection of custom databases, and select the appropriate file from the list. Click OK to confirm your selection.
  5. Depending on your needs, select the Use thumbprint check box and in the field that appears, specify the thumbprint received using Kaspersky Endpoint Agent command line interface.
  6. To download a file with external variables, select the Use data with external variables for custom databases check box and click Import external variables from file.

    After you select the rule source, the Source tab displays data on OVAL rules uploaded by Kaspersky Security Center administrator to the server.

  7. In the Scope section, select the action for the Run a scan task in the selected mode option:
    • Scan all definitions
    • Scan definitions, except for the ones in the following list
    • Scan only definitions included in the list below

    Click Save to save and apply the selected settings.

  8. In the Advanced section, select the settings based on your requirements:
    • Select the Apply directives check box and specify the Directive settings.
    • Select the Enable logging check box and select the desired Logging level from the list.

    Click Save to save and apply the selected settings.

    You can start the created task manually or configure a scheduled task start.

Page top