A devices table is created for the purpose of asset management in the application. All devices in the table are considered to be known to the application. You can view the devices table in the Assets section on the Devices tab of the application web interface.
The devices table has the following limitations on the number of elements:
The total number of devices with the Authorized and Unauthorized statuses can be no more than 100 thousand.
If the maximum number of devices with the Authorized or Unauthorized statuses is reached, new devices with these statuses are not added to the table. If this is the case, to add a new device to the table you need to remove one of the previously added devices.
The number of devices with the Archived status can be no more than 100 thousand.
If the maximum number of devices with the Archived status is reached, new devices with this status are added to the table in place of devices that have went the longest without showing any activity.
When the devices table is overfilled, the application displays the appropriate message.
The devices table contains the following information:
Name – name used to represent a device in the application.
Device ID – device ID assigned in Kaspersky Industrial CyberSecurity for Networks.
Status – asset status that determines whether activity of the device is allowed in the industrial network. A device can have one of the following statuses:
Authorized. This status is assigned to a device for which activity is allowed in the industrial network.
Unauthorized. This status is assigned to a device for which activity is not allowed in the industrial network.
Archived. This status is assigned to a device if it is no longer being used or must not be used in the industrial network, or if the device has shown no activity and the device information has not changed in a long time (30 days or more).
Address information – MAC- and/or IP addresses of the device. If a device has multiple network interfaces, you can specify different MAC- and/or IP addresses for the device on different network interfaces (up to 64 network interfaces can be indicated in the device information). If additional address spaces were added to the application, you can enable or disable the display of the names of address spaces by using the Show address spaces setting when configuring the devices table.
Category – name of the category that determines the functional purpose of the device. Kaspersky Industrial CyberSecurity for Networks supports the following categories of devices:
PLC – programmable logic controllers.
IED – intelligent electronic devices.
HMI / SCADA – computers with installed software for human-machine interface (HMI) systems or SCADA systems.
Engineering workstation – computers with installed software to be used by ICS engineers.
Server – devices with server software installed.
Network device – network equipment (for example, routers, switches).
Workstation – desktop personal computers or operator workstations.
Mobile device – portable electronic devices with computer functionality.
Laptop – portable PCs.
HMI panel – devices that use a human-machine interface to manage individual devices or operations of the industrial process.
Printer – printing devices.
UPS – uninterruptible power supply units connected to a computer network.
Network camera – devices that perform video surveillance functions and transmit digital images.
Gateway – devices that connect networks by converting various interfaces (for example, Serial/Ethernet) within networks that use a different data transfer medium and different protocols.
Storage system – devices used for storing information in storage systems.
Firewall – devices that perform firewall functions to inspect and block unwanted traffic.
Switch – devices used for a physical connection between LAN nodes.
Virtual switch – devices that logically merge physical switches, or software-implemented switches for virtualization systems.
Router – devices that redirect network packets between segments of a computer network.
Virtual router – devices that logically merge physical routers, or routers that utilize multiple independent routing tables.
Wi-Fi – access points that provide a wireless connection for devices from Wi-Fi networks.
Historian server – archived data servers.
Other – devices that do not fall into the categories described above.
Group – name of the group containing the device in the device group tree (contains the name of the group and the names of all its parent groups).
Security state – device security state determined by the presence of events linked to the device. The following security states are available:
Critical. Events associated with the device have severity rating 8.0–10.0.
Warning. Events associated with the device have severity rating 4.0–7.9.
OK. Events associated with the device have severity rating 0.0–3.9, or the device has no associated events.
Importance – importance of the device for the enterprise. Importance is assigned to a device based on its category. The following device importance values are provided:
High. Assigned to the devices of the following categories: PLC, IED, HMI / SCADA, or Server.
Medium. Assigned to the devices of the following categories: Engineering workstation, Network device, Workstation, HMI panel, Gateway, Storage system, Firewall, Switch, Virtual switch, Router, Virtual router, Wi-Fi, or Historian server.
Low. Assigned to the devices of the following categories: Mobile device, Laptop, Printer, UPS, Network camera, or Other.
Last seen – date and time when the last activity of the device was registered.
Risks – risk categories detected for the device. By default, the device table displays information for current risks only. To display information on all risks, select the Show remediated and accepted risks check box when configuring the device table.
Last modified – date and time when information about the device was last modified.
Created – date and time when the device was added to the devices table.
OS – name of the operating system installed on the device.
Hardware vendor – name of the device hardware vendor.
Hardware model – name of the device model.
Hardware version – device hardware version number.
Software vendor – name of the device software vendor.
Software name – name of the device software.
Software version – device software version number.
Network name – name used to represent the device in the network.
Labels – list of labels assigned to a device.
Process Control settings – indicator of whether there are Process Control settings defined for the device.
EPP application – concise name of the EPP application installed on the device (if data from this application was received in Kaspersky Industrial CyberSecurity for Networks).
EPP connection – status of the connection between the integration server and the EPP application installed on the device. The following statuses are available:
Active. Less than 24 hours have passed since the last connection between the program and the integration server.
Inactive. More than 24 hours have passed since the last connection between the program and the integration server.
N/A. The status of the connection is unknown.
Last connection to EPP – date of the last connection between the integration server and the EPP application installed on the device.