A devices table is created for the purpose of asset management in the application. All devices in the table are considered to be known to the application.
The devices table has the following limitations on the number of elements:
The total number of devices with the Authorized and Unauthorized statuses can be no more than 100 thousand.
If the maximum number of devices with the Authorized or Unauthorized statuses is reached, new devices with these statuses are not added to the table. If this is the case, to add a new device to the table you need to remove one of the previously added devices.
The number of devices with the Archived status can be no more than 100 thousand.
If the maximum number of devices with the Archived status is reached, new devices with this status are added to the table in place of devices that have went the longest without showing any activity.
When the devices table is overfilled, the application displays the appropriate message.
The devices table contains the following information:
Name – name used to represent a device in the application.
Device ID – device ID assigned in Kaspersky Industrial CyberSecurity for Networks.
Status – asset status that determines whether activity of the device is allowed in the industrial network. A device can have one of the following statuses:
Authorized. This status is assigned to a device for which activity is allowed in the industrial network.
Unauthorized. This status is assigned to a device for which activity is not allowed in the industrial network.
Archived. This status is assigned to a device if it is no longer being used or must not be used in the industrial network, or if the device has shown no activity and the device information has not changed in a long time (30 days or more).
Address information – MAC- and/or IP addresses of the device. If a device has multiple network interfaces, you can specify the MAC- and/or IP addresses for the network interfaces of the device. Up to 64 network interfaces can be assigned for a device.
Category – name of the category that determines the functional purpose of the device. Kaspersky Industrial CyberSecurity for Networks supports the following categories of devices:
PLC – programmable logic controllers.
IED – intelligent electronic devices.
HMI / SCADA – computers with installed software for human-machine interface (HMI) systems or SCADA systems.
Engineering workstation – computers with installed software to be used by ICS engineers.
Server – devices with server software installed.
Network device – network equipment (for example, routers, switches).
Workstation – desktop personal computers or operator workstations.
Mobile device – portable electronic devices with computer functionality.
Laptop – portable PCs.
HMI panel – devices that use a human-machine interface to manage individual devices or operations of the industrial process.
Printer – printing devices.
UPS – uninterruptible power supply units connected to a computer network.
Network camera – devices that perform video surveillance functions and transmit digital images.
Gateway – devices that connect networks by converting various interfaces (for example, Serial/Ethernet) within networks that use a different data transfer medium and different protocols.
Storage system – devices used for storing information in storage systems.
Firewall – devices that perform firewall functions to inspect and block unwanted traffic.
Switch – devices used for a physical connection between LAN nodes.
Virtual switch – devices that logically merge physical switches, or software-implemented switches for virtualization systems.
Router – devices that redirect network packets between segments of a computer network.
Virtual router – devices that logically merge physical routers, or routers that utilize multiple independent routing tables.
Wi-Fi – access points that provide a wireless connection for devices from Wi-Fi networks.
Historian server – archived data servers.
Other – devices that do not fall into the categories described above.
Group – name of the group containing the device in the device group tree (contains the name of the group and the names of all its parent groups).
Security state – device security state determined by the presence of events linked to the device and current vulnerabilities. The following security states are available:
Critical. The device has unprocessed events with Critical severity or current vulnerabilities with High severity.
Warning. The device has unprocessed events with Warning severity or current vulnerabilities with Medium severity (but there are no unprocessed events with Critical severity or current vulnerabilities with High severity).
OK. All events linked to the device have been processed or have Informational severity. In addition, all vulnerabilities associated with the device have been switched to Remediated or Accepted state or have Low severity.
Last seen – date and time when the last activity of the device was registered.
Last modified – date and time when information about the device was last modified.
Created – date and time when the device was added to the devices table.
OS – name of the operating system installed on the device.
Network name – name used to represent the device in the network.
Hardware vendor – name of the device hardware vendor.
Hardware model – name of the device model.
Hardware version – device hardware version number.
Software name – name of the device software.
Software vendor – name of the device software vendor.
Software version – device software version number.
Labels – list of labels assigned to a device.
Vulnerabilities – CVE IDs of vulnerabilities associated with the device (vulnerabilities detected based on device information).
Process Control settings – indicator of whether there are Process Control settings defined for the device.
EPP application – concise name of the EPP application installed on the device (if data from this application was received in Kaspersky Industrial CyberSecurity for Networks).
EPP connection – status of the connection between the integration server and the EPP application installed on the device. The following statuses are available:
Active. Less than 24 hours have passed since the last connection between the program and the integration server.
Inactive. More than 24 hours have passed since the last connection between the program and the integration server.
N/A. The status of the connection is unknown.
Last connection to EPP – date of the last connection between the integration server and the EPP application installed on the device.