Getting assets
This section explains how to get assets using Kaspersky Industrial CyberSecurity for Networks API RPC calls.
Overview
Assets are devices, connected to the industrial network. Kaspersky Industrial CyberSecurity for Networks monitors their activity and updates information about them, making it easier for an administrator to make security-related decisions.
You can get a list of assets from Kaspersky Industrial CyberSecurity for Networks by using the AssetProvider service. This service is defined in the asset_provider_service.proto file. Messages and enumerations are defined in the asset_provider.proto file.
The AssetProvider service has the following method for getting assets:
GetAssetsUpdatedAfterReturns a list of assets: either all available assets or assets that were updated after some specified time.
Getting a list of assets
To get a list of assets, use the GetAssetsUpdatedAfter method. See example below.
ts = timestamp_pb2.Timestamp() # Initialize time stamp object with the date a day before to read assets, changed for the last day. ts.FromDatetime(datetime.utcnow() - timedelta(minutes=1)) # Comment out this line to retrieve full list of assets.
# Initialize request object. request = asset_provider_pb2.AssetsUpdatedAfterRequest() # Set the time stamp to read updates from. request.updateTimestamp.CopyFrom(ts)
# Read whole list of updated assets asset_list = asset_provider.GetAssetsUpdatedAfter(request) for asset in asset_list: # Make an asset description, which contains the asset name and address information. # Asset name is first. asset_description = 'Asset: ' + asset.name # Then all the asset addresses are listed. for address in asset.addresses: asset_description += '\n\t' address_blocks = set() if len(address.mac) > 0: address_blocks.add('MAC: ' + address.mac) if len(address.ips) > 0: address_blocks.add('IP: ' + ', '.join(address.ips)) asset_description += '; '.join(address_blocks) print(asset_description) |