To view information about an asset, open the asset information window in one of the following ways:
In the KUMA web interface, select Assets → select a category with the relevant assets → select an asset.
In the KUMA web interface, select Alerts → click the link with the relevant alert → select the asset in the Related endpoints section.
In the KUMA web interface, select Events → search and filter events → select the relevant event → click the link in one of the following fields: SourceAssetID, DestinationAssetID, or DeviceAssetID.
The following information may be displayed in the asset details window:
Name—asset name.
Assets imported into KUMA retain the names that were assigned to them at the source. You can change these names in the KUMA web interface.
Tenant—the name of the tenant that owns the asset.
Asset source—source of information about the asset. There may be several sources. For instance, information can be added in the KUMA web interface or by using the API, or it can be imported from Kaspersky Security Center, KICS for Networks, and MaxPatrol reports.
When using multiple sources to add information about the same asset to KUMA, you should take into account the rules for merging asset data.
Created—date and time when the asset was added to KUMA.
Updated—date and time when the asset information was most recently modified.
Owner—owner of the asset, if provided.
IP address—IP address of the asset (if any).
If there are several assets with identical IP addresses in KUMA, the asset that was added the latest is returned in all cases when assets are searched by IP address. If assets with identical IP addresses can coexist in your organization's network, plan accordingly and use additional attributes to identify the assets. For example, this may become important during correlation.
FQDN—Fully Qualified Domain Name of the asset, if provided.
MAC address—MAC address of the asset (if any).
Operating system—operating system of the asset.
Related alerts—alerts associated with the asset (if any).
To view the list of alerts related to an asset, click the Find in Alerts link. This opens the Alerts tab with the search expression set to filter all assets with the corresponding asset ID.
Software info and Hardware info—if the asset software and hardware parameters are provided, they are displayed in this section.
Asset vulnerability information:
Kaspersky Security Center vulnerabilities—vulnerabilities of the asset, if provided. This information is available for the assets imported from Kaspersky Security Center.
You can learn more about the vulnerability by clicking the icon, which opens the Kaspersky Threats portal. You can also update the vulnerabilities list by clicking the Update link and requesting updated information from Kaspersky Security Center.
KICS for Networks vulnerabilities—vulnerabilities of the asset, if provided. This information is available for the assets imported from KICS for Networks.
Asset source information:
Last visible—time when information about the asset was last received from Kaspersky Security Center. This information is available for the assets imported from Kaspersky Security Center.
Host ID—ID of the Kaspersky Security Center Network Agent from which the asset information was received. This information is available for the assets imported from Kaspersky Security Center. This ID is used to determine the uniqueness of the asset in Kaspersky Security Center.
KICS for Networks server IP address and KICS for Networks connector ID—data on the KICS for Networks instance from which the asset was imported.
Additional information about the protection settings of an asset with Kaspersky Endpoint Security for Windows or Kaspersky Endpoint Security for Linux installed:
KSC extended status ID – asset status. It can have the following values:
OK
Critical
Warning
KSC extended status – information about the asset status. For example, "The anti-virus databases were updated too long ago".
Real-time protection status – status of Kaspersky applications installed on the asset. For example: "Running (if the anti-virus application does not support the Running status categories)".
Encryption status – information about asset encryption. For example: "Encryption rules are not configured on the host".
Spam protection status – status of anti-spam protection. For example, "Started".
Anti-virus protection status of mail servers – status of the virus protection of mail servers. For example, "Started".
Data Leakage Prevention status – status of data leak protection. For example, "Started".
Endpoint Sensor status – status of data leak protection. For example, "Started".
Anti-virus databases last updated – the version of the downloaded anti-virus databases.
Protection last updated – the time when the anti-virus databases were last updated.
System last started – the time when the system was last started.
This information is displayed if the asset was imported from Kaspersky Security Center.
Categories—categories associated with the asset (if any).
By clicking the KSC response button, you can start a Kaspersky Security Center task on the asset.
By clicking the KEDR response button, you can can run a Kaspersky Endpoint Detection and Response task on the asset.
By clicking the Refresh KSC asset button, you can run a task to refresh information about the asset from Kaspersky Security Center.
By clicking the Refresh vulnerabilities button, you can run a task on the asset to refresh information from Kaspersky Security Center about vulnerabilities detected on the asset.