Data provided when integrating with Kaspersky Industrial CyberSecurity for Networks
If Kaspersky Industrial CyberSecurity for Linux Nodes is integrated with Kaspersky Industrial CyberSecurity for Networks, Kaspersky Industrial CyberSecurity for Linux Nodes saves the following information, which may contain personal and confidential data:
Addresses of Kaspersky Industrial CyberSecurity for Networks servers (hereinafter also referred to as "KICS for Networks servers").
Public key of the KICS for Networks server certificate.
Client certificate.
Credentials for authenticating on the proxy server.
Settings for the frequency of synchronization with the KICS for Networks server, and settings for transferring data to the server.
KICS for Networks server connection status and information about errors related to the client certificate and server certificate.
Settings of tasks received from KICS for Networks servers:
Type of OVAL script source: application databases or file
Full path and name of the file described in the OVAL / XCCDF / CPE language, or its archive, if a file is selected as the source
OVAL definition scan mode: all OVAL definitions, list of specified OVAL definitions, or list of all OVAL definitions with the specified ones excluded
List of OVAL definition names (IDs of the "oval:org.mitre.oval.test:def:998" form), separated by semicolons, that must be scanned or excluded from scanning
Whether the scan must be logged and the level of logging
Task start schedule settings
Names and passwords of accounts that must be used to start tasks
Versions of settings
Type of service start
Names of services
When integrating Kaspersky Industrial CyberSecurity for Linux Nodes with Kaspersky Industrial CyberSecurity for Networks, Kaspersky Industrial CyberSecurity for Linux Nodes saves the following data and sends it to the KICS for Networks Server:
Data from synchronization requests to the KICS for Networks server:
Unique ID
Base part of the server address
Device name
IP address of the device
MAC address of the device
Local time on the device
Name, family and version of the operating system installed on the device
Version of Kaspersky Industrial CyberSecurity for Linux Nodes
Release date of the application databases being used
License status
Model and manufacturer of the user's device
Information from requests to the KICS for Networks Server in task result reports:
Task execution errors and return codes
Task completion statuses
Task completion time
Versions of task settings used
Information from the vulnerability scan report:
OVAL definition IDs
OVAL definition class
Names of OVAL definitions
Types of OVAL definition scan results: True, False, Unknown, Error, Not Evaluated, Not Applicable
Full paths and names of file objects, as well as registry keys and values for which an OVAL definition of the 'vulnerability' type was triggered with a 'True' scan result
Device parameters:
Device manufacturer
Device model
Device version
List of CPUs; for each CPU, name, core count, number of logical CPUs
Device BIOS vendor, version, release date
Total amount of RAM
List of local disks; for each drive, its local disk name, total size, and free disk space
List of USB devices; for each USB device, its name, class, ID
List of optical drives; for each optical drive, its model, whether a disk is inserted
List of network interfaces; for each network interface: the name of the network interface, address information, virtual or not, activated or not
Device configuration settings:
Domain name of the user in the domain\name format
Full name of the user
Unique ID of the user
Name of the group that the user belongs to
Unique ID of the group
Unique ID of the user as a member of the group
Name of the user as a member of the group
Information about the activity of the account
Information about the account being blocked
Information about the password being time-limited
Information about the password being current
Information about the user being able to change the password
Name of the application installed on the device
Vendor of the application installed on the device
Size of the application installed on the device, in bytes
Version of the application installed on the device
Time when the application was installed on the device
Data in telemetry packets:
Information about the device and users:
Device name and time
Family, name, and version of the operating system
Information about network interfaces (description, list of IP addresses with subnet mask, MAC address, metric number, DNS domain name, routing information, listening port numbers)
Device internal unique ID
User names and IDs
User group names and IDs
Information about Kaspersky Industrial CyberSecurity for Linux Nodes:
Name and version of the application
Date of the last application update
Information about license keys (serial number, type, license validity period, key status)
Application database version
List of supported API versions
Information about established connections:
Local IP address, port and MAC address
Remote IP address, port and MAC address
Gateway IP address
Protocol type (according to IANA), protocol number and EtherType
Number of received and sent packages
Information about processed files:
File name and unique ID
File type and size
Full path to the file image
File system attribute mask
The time when the file was created and modified
Checksums (MD5 and SHA256)
File privileges, including inherited and effective
Information about running processes:
Process UID and PID
Process type
Session ID
Executed command
Environment variables
Information about detected and processed threats:
Name of the detected threat and the technology that detected the threat, according to the Kaspersky classification
Application database version
Web address from which the infected object was downloaded
Threat processing status
The reason why the threat cannot be eliminated
The information listed here can also be saved in trace files and dump.