This Help provides information related to Kaspersky Endpoint Agent for Windows. This information may be partially or completely inapplicable to Kaspersky Endpoint Agent for Linux. For complete information about Kaspersky Endpoint Agent for Linux, please refer to the Help of the solution that includes the application: Kaspersky Anti Targeted Attack Platform or Kaspersky Managed Detection and Response.
The task can be run only if you have an active Kaspersky Industrial CyberSecurity for Nodes license key with an ICS Audit licensed object.
Standard Security audit tasks are local or group tasks that are created and configured using the command line interface. These tasks are used to search for definitions and assess compliance of the enterprise systems with security standards and regulations. You can search for the following categories of definitions:
The following sources of OVAL rules are available for performing security audit using the command line:
To create and configure a Standard Security audit task using the command line interface:
cd command, navigate to the folder where the Agent.exe file is located.For example, you can type the following command cd "C:\Program Files (x86)\Kaspersky Lab\Endpoint Agent\" and press Enter.
agent.exe --scan-oval --source={kl|file} [--path={<full path to the file with OVAL rules>|<full path to a folder containing several files with OVAL rules>}] [--external-vars=<name of the file with external variables>] [--mode={all|exclude|include}] [--definitions=<definition type_01;definition type_02;definition type_N>] [--log={none|critical|warning|information|debug}] --result-path=<path to the folder with the report>
Command parameters for running and configuring Standard Security audit tasks
Parameters |
Description |
|
Required parameter. Starts the Standard Security audit task on the device. |
|
Required parameter. Establishes connection to the source of OVAL rules that are required for the task execution. Available values:
|
|
The parameter specifies the path to the file with OVAL rules for scanning in the Available values:
|
|
Optional parameter. The parameter specifies the full path to the XML file with external variables for OVAL rules. Kaspersky Endpoint Agent does not check if the variables are linked to a file with OVAL rules. The total size of the file with OVAL rules and the file with external variables must not exceed 2 MB. If this limit is exceeded, the task execution fails. |
|
Optional parameter. The parameter defines the definitions scan mode. If the parameter is not specified, all the definitions listed in the source are scanned by default. Available values:
|
|
Optional parameter. Semicolon-separated list of definitions types that must be scanned or must be excluded from scan. For example, you can specify the following value: < > . Used together with the--mode=include or --mode=exclude parameter.
|
|
Optional parameter. The parameter defines the logging mode. If the parameter value is not specified, the Available values:
|
|
Required parameter. Specifies the path to the folder where the scan report in the XML format is stored. The file name contains the node name, as well as the date and time when the task was run. If the parameter is not specified, the task execution fails. |
Return codes of the --scan-oval command:
0 – command successfully executed.1 – general error.If the command execution completes successfully (code 0), a report in the XML format will be available in the folder specified by the --result-path parameter, and if a logging parameter was specified, a log in LOG format will be available as well.