Data provided when integrating with Kaspersky Industrial CyberSecurity for Networks
If Kaspersky Industrial CyberSecurity for Linux Nodes is integrated with Kaspersky Industrial CyberSecurity for Networks, Kaspersky Industrial CyberSecurity for Linux Nodes saves the following information, which may contain personal and confidential data:
Integration Server addresses
Public key of the Integration Server certificate
Client certificate.
Credentials for authenticating on the proxy server
Settings for the frequency of synchronization with the Integration Server and settings for sending data to the Integration Server
Status of the connection with the Integration Server and information about client certificate and server certificate errors
Settings of tasks received from Integration Servers:
Type of OVAL script source: application databases or file
Full path and name of the file described in the OVAL / XCCDF / CPE language, or its archive, if a file is selected as the source
OVAL definition scan mode: all OVAL definitions, list of specified OVAL definitions, or list of all OVAL definitions with the specified ones excluded
List of OVAL definition names (IDs of the "oval:org.mitre.oval.test:def:998" form), separated by semicolons, that must be scanned or excluded from scanning
Whether the scan must be logged and the level of logging
Task start schedule settings
Names and passwords of accounts that must be used to start tasks
Versions of settings
Type of service start
Names of services
When integrating Kaspersky Industrial CyberSecurity for Linux Nodes with Kaspersky Industrial CyberSecurity for Networks, Kaspersky Industrial CyberSecurity for Linux Nodes saves the following data and sends it to the Integration Server:
Data from synchronization requests to the Integration Server:
Unique identifier
Base part of the server address
Device name
IP address of the device
MAC address of the device
Local time on the device
Name, family, and version of the operating system installed on the device
Version of Kaspersky Industrial CyberSecurity for Linux Nodes
Release date of the application databases being used
License status
Model and manufacturer of the user's device
Information from requests to the Integration Server in task result reports:
Task execution errors and return codes
Task completion statuses
Task completion time
Versions of task settings used
Information from the vulnerability scan report:
OVAL definition IDs
OVAL definition class
Names of OVAL definitions
Types of OVAL definition scan results: True, False, Unknown, Error, Not Evaluated, Not Applicable
Full paths and names of file objects, as well as registry keys and values for which an OVAL definition of the 'vulnerability' type was triggered with a 'True' scan result
Device parameters:
Device manufacturer
Device model
Device version
List of CPUs; for each CPU, name, core count, number of logical CPUs
Device BIOS vendor, version, release date
Total amount of RAM
List of local disks; for each drive, its local disk name, total size, and free disk space
List of USB devices; for each USB device, its name, class, ID
List of optical drives; for each optical drive, its model, whether a disk is inserted
List of network interfaces; for each network interface: the name of the network interface, address information, virtual or not, activated or not
Device configuration settings:
Domain name of the user in the domain\name format
Full name of the user
Unique ID of the user
Name of the group that the user belongs to
Unique ID of the group
Unique ID of the user as a member of the group
Name of the user as a member of the group
Information about the activity of the account
Information about the account being blocked
Information about the password being time-limited
Information about the password being current
Information about the user being able to change the password
Name of the application installed on the device
Vendor of the application installed on the device
Size of the application installed on the device, in bytes
Version of the application installed on the device
Time when the application was installed on the device
Data in telemetry packets:
Information about the device and users:
Name and time of the device
Family, name, and version of the operating system
Information about network interfaces (description, list of IP addresses with subnet mask, MAC address, metric number, DNS domain name, routing information, numbers of ports being listened on)
Unique internal ID of the device
Names and IDs of users
Names and IDs of user groups
Information about Kaspersky Industrial CyberSecurity for Linux Nodes:
Application name and version
Date of the last application update
Information about license keys (serial number, type, license validity period, key status)
Application database version.
List of supported API versions
Information about established connections:
Local IP address, port and MAC address.
Remote IP address, port and MAC address.
Gateway IP address.
Protocol type (according to IANA), protocol number and EtherType.
Number of received and sent packages.
Information about processed files:
File name and unique ID
File type and size
Full path to the file image
File system attribute mask
The time when the file was created and modified
Checksums (MD5 and SHA256).
File privileges, including inherited and effective
Information about running processes:
Process UID and PID
Process type.
Session ID
Executed command
Environment variables
Information about detected and processed threats:
Name of the detected threat and the technology that detected the threat, according to the Kaspersky classification
Application database version.
Web address from which the infected object was downloaded
Threat processing status
The reason why the threat cannot be eliminated
The information listed here can also be saved in trace files and dump.