Kaspersky Industrial CyberSecurity for Networks Integration

You can configure and enable integration of Kaspersky Industrial CyberSecurity for Linux Nodes with Kaspersky Industrial CyberSecurity for Networks. Integration enhances capabilities to investigate and respond to threats in industrial networks. If integration with Kaspersky Industrial CyberSecurity for Networks is enabled, data about events on the device received by Kaspersky Industrial CyberSecurity for Linux Nodes is sent to Kaspersky Industrial CyberSecurity for Networks integration server.

You can get information about successfully connecting to the integration server from Kaspersky Industrial CyberSecurity for Networks. A successful connection is indicated by events arriving from Kaspersky Industrial CyberSecurity for Linux Nodes to the integration server. Kaspersky Industrial CyberSecurity for Linux Nodes does not provide custom information about successfully connecting to the integration server to Kaspersky Industrial CyberSecurity for Networks.

An integration server certificate is used to protect the connection with the Kaspersky Industrial CyberSecurity for Networks integration server. Add a server certificate before enabling integration.

Additionally, to secure the connection, you can use a client certificate to authenticate the integration server clients, which are computers running Kaspersky Industrial CyberSecurity for Linux Nodes. By default, the integration server does not validate client certificates, but validation can be enabled on the integration server side. In this case, enable the client certificate usage in the integration settings and add the client certificate.

The Kaspersky Industrial CyberSecurity for Networks administrator provides the certificates for securing the connection with the integration server.

A proxy server is used to connect to Kaspersky Industrial CyberSecurity for Networks if the use of a proxy server is configured in the Kaspersky Industrial CyberSecurity for Linux Nodes general settings.

For details about Kaspersky Industrial CyberSecurity for Networks, refer to Kaspersky Industrial CyberSecurity for Networks documentation.

Kaspersky Industrial CyberSecurity for Networks integration settings

Setting

Description

Enable integration with KICS for Networks

Enables or disables integration of Kaspersky Industrial CyberSecurity for Linux Nodes with Kaspersky Industrial CyberSecurity for Networks.

The integration server is disabled by default.

After selecting the check box, the integration settings become configurable.

Integration server address

Kaspersky Industrial CyberSecurity for Networks integration server address.

IP address or fully qualified domain name (FQDN) of the integration server can be specified.

Port

Port for connecting to Kaspersky Industrial CyberSecurity for Networks integration server.

The default value is 8081.

Use integration server certificate

Enables or disables server certificate usage to secure the connection to Kaspersky Industrial CyberSecurity for Networks integration server.

The check box is selected by default.

Using a server certificate is required for secure connection to the Integration Server.

Add a server certificate

The link opens a window where you can add or change the Kaspersky Industrial CyberSecurity for Networks integration server certificate.

The link is available if the Use server certificate check box is selected.

Certificate information

Information about the Kaspersky Industrial CyberSecurity for Networks integration server certificate you added:

  • certificate serial number
  • certificate subject
  • certificate issuer
  • certificate start date
  • certificate expiration date

Protect connection using a client certificate

Enables or disables client certificate usage for additional protection of the connection to Kaspersky Industrial CyberSecurity for Networks integration server.

If a client certificate validation is enabled on the integration server side, enable the client certificate usage in the integration settings and add the client certificate. You can add or change a client certificate in the window that opens using the Add a client certificate link. The link is available only if the Protect connection using a client certificate check box is selected.

Maximum time to wait for a response from the server (sec)

Maximum time to wait for a response from the integration server in seconds.

The default value is 10.

Maximum number of events in one packet

Maximum number of events in one packet.

The default value is 1024.

Interval for sending the event packet (sec).

Period for sending the event packet in seconds.

The default value is 30.

Page top