Kaspersky Industrial CyberSecurity for Networks
- About Kaspersky Industrial CyberSecurity for Networks
- What's new
- Application architecture
- Installing and removing the application
- Common deployment scenarios
- Preparing for application installation
- Installation menu commands
- Application installation procedure
- Viewing the End User License Agreement and Privacy Policy
- Reconfiguring and reinstalling the application
- Installing the application in non-interactive mode
- Reinforcing the security of computers with application components installed
- Installing the Kaspersky Industrial CyberSecurity for Networks Administration Plug-in for Kaspersky Security Center
- Getting started
- Upgrading from a previous version of the application
- Removing the application
- Starting and stopping the application
- Application interface
- Licensing the application
- About the End User License Agreement
- About the Privacy Policy
- About the license
- About the license certificate
- About the license key used for activating update functionality
- About the license key file used for activating update functionality
- Adding a license key in the Application Console
- Viewing information about an added license key in the Application Console
- Removing a license key in the Application Console
- Processing and storing data in Kaspersky Industrial CyberSecurity for Networks
- Administration of Kaspersky Industrial CyberSecurity for Networks
- Managing monitoring points
- Monitoring the state of Kaspersky Industrial CyberSecurity for Networks
- Monitoring the application state when connected through the web interface
- Viewing application messages
- Viewing user activity audit entries
- Monitoring the application state in the Kaspersky Industrial CyberSecurity for Networks Console
- Viewing information about nodes with application components installed and about network interfaces on nodes
- Viewing the status of services supporting operation of application components
- Restarting a computer that has application components installed
- Using a test network packet to verify event registration
- Synchronizing Server time with the time source for industrial network assets
- Updating SSL connection certificates
- Updating databases and application modules
- Distributing access to application functions
- About application user accounts
- Application functions available through the web interface
- Application functions available in the Console
- Viewing information about application user accounts
- Creating an application user account
- Changing the role of an application user account
- Deleting an application user account
- Changing a user account password
- Security policies
- Creating a new security policy
- Saving a security policy to a folder
- Opening a security policy from a folder
- Applying a security policy on the Server
- Loading a security policy from the Server to the Console
- Viewing security policy properties
- Changing the name of a security policy
- About the security policy conversion tool
- Converting and importing a security policy
- Process Control
- Supported devices and protocols
- Tree of devices and tags for process control
- Devices and tags for Process Control
- About Unknown Tag Detection
- Enabling and disabling Unknown Tag Detection
- Adding a process control device
- Adding tags from the detected tag storage
- Manually adding a tag
- Editing the settings of a process control device or tag
- Removing a process control device or tag
- Searching tags
- Importing tags and process control devices from data files
- Selecting the monitored system commands
- Detecting default passwords when connecting to devices
- Process Control rules
- About Process Control rules
- Rules with defined conditions for tag values
- Rules using Lua scripts
- Creating a group in the list of Process Control rules
- Moving an item in the list of Process Control rules
- Renaming an item in the list of Process Control rules
- Removing an item from the list of Process Control rules
- Searching Process Control rules
- Highlighting tags used in Process Control rules
- Configuring events
- Grouping event types
- Searching for event types
- Creating event types
- Changing event types
- Configuring automatic saving of traffic during event registration
- Deleting event types
- About transmission of events to recipient systems
- Adding a recipient
- Changing the recipient settings
- Configuring the transmission of events to recipient systems
- Removing a recipient
- Kaspersky Industrial CyberSecurity for Networks event configuration variables
- Asset management
- Asset Management modes and methods
- About monitoring read/write of PLC projects
- Selecting the applied methods and changing the Asset Management mode
- Assets table
- Viewing the assets table
- Selecting assets in the assets table
- Automatically adding and updating assets
- About the asset group tree
- Creating an asset group tree
- Manually adding assets
- Merging assets
- Deleting assets
- Automatically changing the statuses of assets
- Manually changing the statuses of assets
- Viewing asset information
- Managing the arrangement of assets in the group tree
- Adding and removing labels for assets
- Editing asset information
- Adding, editing and deleting custom fields for an asset
- Viewing events associated with assets
- Network Control
- Network Control learning mode
- Network Control monitoring mode
- Selecting the applied technologies and changing the Network Control mode
- Automatic generation of Network Control rules in learning mode
- Viewing the table of Network Control rules
- Selecting Network Control rules
- Manually creating Network Control rules
- Editing Network Control rule settings
- Changing the state of Network Control rules
- Deleting Network Control rules
- Intrusion Detection
- Intrusion Detection rules
- Additional Intrusion Detection methods
- Enabling and disabling rule-based Intrusion Detection
- Enabling and disabling additional Intrusion Detection methods
- Viewing the table containing sets of Intrusion Detection rules
- Changing the state of sets of Intrusion Detection rules
- Loading and replacing custom sets of Intrusion Detection rules
- Removing custom sets of Intrusion Detection rules
- Managing logs
- Managing technologies
- Using the Kaspersky Industrial CyberSecurity for Networks API
- Performing common tasks
- System monitoring in online mode
- Information in the Assets block
- Viewing detailed information about assets
- Searching assets and proceeding to the Assets section
- Information in the Events block
- Selecting a period for displaying a histogram
- Viewing detailed information about events and incidents
- Searching events and incidents and proceeding to the Events section
- Working with the network map
- Nodes on the network map
- Groups of assets on the network map
- Links on the network map
- Viewing details about objects
- Changing the network map scale and positioning
- Collapsing and expanding groups
- Moving nodes and groups to other groups on the network map
- Pinning and unpinning nodes and groups
- Manually changing the location of nodes and groups
- Automatic arrangement of nodes and groups
- Filtering nodes and links by time of communication
- Filtering nodes on the network map
- Filtering links on the network map
- Saving and loading network map display settings
- Resetting the defined filter settings on the network map
- Searching nodes on the network map
- Viewing events associated with nodes of known assets
- Viewing events associated with a link
- Viewing information in the assets table for selected nodes
- Viewing information in the assets table for a selected link
- Monitoring events and incidents
- Event severity levels
- Event registration technologies
- Event statuses
- Table of registered events
- Selecting events in the events table
- Viewing events included in an incident
- Filtering events
- Searching events
- Resetting the defined filter and search settings in the events table
- Sorting events
- Configuring the table of registered events
- Viewing event details
- Viewing information about assets associated with events
- Changing the statuses of events
- Setting markers
- Copying events to a text editor
- Exporting events to a file
- Loading traffic for events
- Monitoring process parameters
- System monitoring in online mode
- Application interaction with Kaspersky Security Center
- Connecting to the Console from Kaspersky Security Center
- Adding a license key to Kaspersky Industrial CyberSecurity for Networks from Kaspersky Security Center
- Using the Kaspersky Security Center Administration Server as the source of updates
- Monitoring events via Kaspersky Security Center
- Monitoring the ICS security state: Kaspersky Security Center and SCADA
- Troubleshooting
- An application component cannot be installed on a selected node
- Application problems detected
- New application message
- Not enough free space on hard drive
- No traffic at monitoring point
- Unknown state of the application
- Traffic is not being loaded for events or incidents
- Preventative maintenance and adjustment operations on the ICS
- Unexpected system restart
- After the Kaspersky Security Center Administration Server is reinstalled, Network Agent cannot be synchronized
- Unable to connect to the Server through a web browser
- When connecting to the Server, the web browser displays a certificate warning
- Contacting Technical Support
- Sources of information about the application
- Appendices
- Example installation of a Server and sensor
- System event types in Kaspersky Industrial CyberSecurity for Networks
- System event types based on Deep Packet Inspection technology
- System event types based on Command Control technology
- System event types based on Network Integrity Control technology
- System event types based on Intrusion Detection technology
- System event types based on Asset Management technology
- System event types based on External technology
- Files for importing custom tags and device configurations
- File with descriptions of devices: devices.csv
- File with descriptions of connections and protocols: connections.csv
- File with descriptions of tags and variables: variables.csv
- File with descriptions of enumerations: enums.csv
- File with descriptions of data sets (tag sets): datasets.csv
- File with descriptions of MMS protocol reports: iec61850_mms_reports.csv
- File with descriptions of Sampled Values protocol messages: iec61850_sv_messages.csv
- Glossary
- Account role
- ARP spoofing
- Asset management
- Command Control
- Dedicated Kaspersky Industrial CyberSecurity network
- Deep Packet Inspection
- Device
- Event
- Event correlation rule
- Event type
- External
- ICS
- Incident
- Industrial network
- Intelligent electronic device (IED)
- Intrusion Detection
- Intrusion Detection rule
- Kaspersky Industrial CyberSecurity for Networks Console
- Kaspersky Industrial CyberSecurity for Networks Sensor
- Kaspersky Industrial CyberSecurity for Networks Server
- Kaspersky Industrial CyberSecurity for Networks Web Server
- Link on the network map
- Monitoring point
- Network Control rule
- Network Integrity Control
- Network map
- Node
- Notification
- PLC project
- Process Control rule
- Programmable Logic Controller (PLC)
- SCADA
- Security policy
- SIEM
- System command
- Tag
- AO Kaspersky Lab
- Information about third-party code
- Trademark notices
Viewing information about assets associated with events
You can view information about assets associated with events in the assets table. The assets table is automatically filtered based on the IDs of assets using the values of the MAC- and IP addresses specified in events.
The capability to load information is available if no more than 200 events are selected, not including incidents (if incidents are selected, information is loaded for the first 200 events selected, including events of the selected incidents). The assets table displays information for no more than 200 assets associated with events.
To view information about assets in the assets table:
- Select the Events section.
- In the events table, select the events and/or incidents for which you want to view asset information.
The details area appears in the right part of the web interface window.
- Click the Show assets button.
The Show assets button is not available if there are no incidents among the selected events and the number of selected events exceeds 200.
The Assets section opens. The assets table will be filtered based on the IDs of assets corresponding to the selected events.