You can use vulnerability and compliance audit jobs to conduct security audits of monitored devices. You can manually run security audit jobs or configure a schedule to automatically run each job.
When a job is started, the application initiates a scan of devices covered by this job. You can receive the job execution results by email or view and download the relevant data in the application web interface. Based on the job execution results and on the scans, the application can perform the following actions:
The application generates report files in PDF format. If sending reports by email is enabled in the job settings, the application automatically generates reports on each job execution and sends these reports to the specified recipients. If necessary, you can manually generate a report for a completed job or an individual device scan and then export the report to a file.
For the risks registered based on the results of vulnerability and compliance audit jobs, the application indicates the source of the OVAL vulnerability. Such risks are registered by the application if registration of detected vulnerabilities is enabled in the job settings. At the same time, risks with the specified source of OVAL vulnerability are registered and processed irrespective of the risks for which other vulnerability sources are specified. Thus, the risk table may display risks with the same CVE ID (or an ID of a different vulnerability database), but with different vulnerability sources.
The vulnerability and compliance audit jobs must specify the rules used for conducting the audits. Rules can be written in the OVAL language or in the XCCDF language using OVAL definitions.
You can perform device scans as part of a job in one of the following device polling methods:
You can use this method if the Endpoint Agent software component is installed on the devices selected for the job and integration between the EPP application and Kaspersky Industrial CyberSecurity for Networks is configured. This method is used for scanning using Endpoint Agent on each device.
Use this method if the devices selected for the job do not have the Endpoint Agent software component installed, but it is possible to connect to these devices via protocols that ensure secure management and data transfer. For this method, in the job settings specify one of the nodes with the installed application components from which connection to the devices is established. Also, specify the credentials for remote connections (credentials are stored in the application as secrets).
On devices running Linux operating systems, scans are performed using the commands to run standard diagnostic utilities for Linux devices.
You can manage vulnerability and compliance audit jobs on the Vulnerability and compliance audit tab in the Security audit section. If the Remote connection method is used to scan devices, you can create secrets with the necessary credentials under Settings → Secrets.
After the jobs are started and the device scans are completed, you can get information about the performed scans.