Configuring incident generation and interactions with the Administration Server

To select the types of objects about which Kaspersky Industrial CyberSecurity for Nodes sends information to the Kaspersky Security Center Administration Server:

  1. Expand the Managed devices node in the Kaspersky Security Center Administration Console tree.
  2. Select the administration group for which you want to configure application settings.
  3. Perform one of the following actions in the details pane of the selected administration group:
    • To configure application settings for a group of protected devices, select the Policies tab and open the Properties: <Policy name> window.
    • To configure the application for a single protected device, select the Devices tab and open the Application settings window.

      If an active Kaspersky Security Center policy is applied to a device and blocks changes to application settings, then these settings cannot be edited in the Application settings window.

  4. In the Logs and notifications section, click the Settings button in the Interaction with Administration Server subsection.

    The Administration Server Network lists window opens.

  5. In the Administration Server Network lists window, choose the types of objects about which Kaspersky Industrial CyberSecurity for Nodes will send information to the Kaspersky Security Center Administration Server:
    • Information about Quarantine objects.
    • Information about Backup objects.
    • Information about available Wi-Fi networks.
    • Information about Blocked sessions (Are shown in unprocessed objects on KSC side).
    • Information about Versions of PLC projects.

    To configure Wi-Fi Control tasks settings for a group of protected devices using a Kaspersky Security Center policy, be sure to enable the sending of information about available Wi-Fi networks to the Administration Server.

  6. Click OK.

    Kaspersky Industrial CyberSecurity for Nodes will send information about the selected object types to the Administration Server.

Incident generation

The Administration Server's database stores information about application events that occur on the managed protected devices.

To configure the notifications that Kaspersky Industrial CyberSecurity for Nodes will use as the basis for generating incidents in Kaspersky Security Center:

  1. Expand the Managed devices node in the Kaspersky Security Center Administration Console tree.
  2. Select the administration group for which you want to configure application settings.
  3. Perform one of the following actions in the details pane of the selected administration group:
    • To configure application settings for a group of protected devices, select the Policies tab and open the Properties: <Policy name> window.
    • To configure the application for a single protected device, select the Devices tab and open the Application settings window.

      If an active Kaspersky Security Center policy is applied to a device and blocks changes to application settings, then these settings cannot be edited in the Application settings window.

  4. In the Logs and notifications section, click the Settings button in the Incidents subsection.

    The Incidents window opens.

  5. In the Incidents window, edit the selection of events in the table below, which Kaspersky Industrial CyberSecurity for Nodes will use to generate incidents:

    List of events for incident generation

    Event

    Default Value

    PLC project does not match reference project

    Selected

    Error matching PLC project to reference project

    Selected

    Error getting PLC project information

    Selected

    License has expired

    Not selected

    End User License Agreement violation

    Selected

    Failed to update

    Not selected

    Application database is corrupted

    Not selected

    Application database is extremely out of date

    Not selected

    Application database is out of date

    Not selected

    Application modules integrity is corrupted

    Selected

    Host listed as untrusted

    Selected

    Application launch denied

    Not selected

    Statistics only mode: application launch denied

    Selected

    Error processing application launch

    Not selected

    Error processing device connection

    Selected

    Untrusted external device detected and restricted

    Not selected

    Untrusted external device detected and restricted

    Selected

    Statistics only: untrusted external device detected

    Selected

    Infected or other object detected

    Not selected

    KSN-untrusted object found

    Selected

    Probably infected object detected

    Selected

    Object not disinfected

    Not selected

    Object not backed up

    Not selected

    Object not quarantined

    Not selected
  6. Click the OK button in the Application settings window.

    The incident generation settings are saved.

Page top