Adding a vulnerability and compliance audit job

For the existing sets of vulnerability and compliance audit rules, you can add jobs that the application uses to perform device scans.

Only users with the Administrator role can add vulnerability and compliance audit jobs.

The vulnerability and compliance audit job is configured using the Wizard. The Wizard guides you step by step through the configuration of all required job settings. After the configuration is complete, you can wait for the scheduled scans to start on devices or start the scan job manually.

When adding a vulnerability and compliance audit job, you can invoke the Configuration Wizard in the following ways:

Adding a job for a selected rule set. To do this:
1. Select the Security audit section.
2. On the Rule sets tab, select the rule set for which you want to add a vulnerability and compliance audit job.
3. Click Add job.
In the Configuration Wizard settings, the selected rule set is specified as default.
Adding a job with blank settings. To do this:
1. Select the Security audit section.
2. On the Vulnerability and compliance audit tab, click Add job.
The Configuration Wizard settings do not have the default values.
Adding a job from an existing one. To do this:
1. Select the Security audit section.
2. On the Vulnerability and compliance audit tab, select the job based on which you want to add a new vulnerability and compliance audit job.
3. Click Copy.
The default values of the Configuration Wizard settings are set to the values of the existing job settings.
Adding a job for selected devices. To do this:
1. Select the Assets section.
2. On the Devices tab, select the devices for which you want to add a vulnerability and compliance audit job.
3. In the toolbar above the devices table, open the Create job drop-down list and select Vulnerability and compliance audit.
In the Configuration Wizard settings, a list of devices consisting of the selected devices is generated by default.

To configure job settings in the Configuration Wizard window:

In the Select rules section, do the following:
1. Select the desired rule set for the job (not available when editing a job).
2. Specify the profile of the selected rule set.
3. Select the rules used to perform the scans and, if necessary, specify the desired values for the variables.
In the Select device section, create a list of devices to run the scans during the job execution. Select up to 1000 devices for the job.
You can create a list of devices using the Add to job and Delete from job buttons. When you add devices, the application opens a window with a table of devices for selection. You can filter and sort the table to display the desired devices.
In the Job configuration section, configure the rest of the job settings:
1. Enter the job name and description.
  You can use letters, numerals, a space, and the following special characters: ! @ # № $ % ^ & ( ) [ ] { } / \ : ; , . - _. The job name must begin and end with any permitted character except space.
  
  The job name must contain no more than 256 characters. The job description must contain no more than 4,096 characters.
2. Select one of the following methods to poll devices:
  - Local agent
    You can use this method if the Endpoint Agent software component is installed on the devices selected for the job and integration between the EPP application and Kaspersky Industrial CyberSecurity for Networks is configured. This method is used for scanning using Endpoint Agent on each device.
  - Remote connection
    Use this method if the devices selected for the job do not have the Endpoint Agent software component installed, but it is possible to connect to these devices via protocols that ensure secure management and data transfer. This method requires the following additional data:
    - A node with the application components installed that will connect to the devices.
    - Account credentials secret for remote connections
      You can select only one secret with one set of credentials for the job. The credentials stored in the selected secret must be valid on all devices selected for the job: connecting to these devices must be possible with the same credentials from the secret. Bear in mind that certain types of system data, such as passwords of operating system users, can be obtained only if requested by a user with a sufficiently high level of privileges. To get this data, you need to specify in the secret the credentials of a user with an appropriate level of privileges, such as a user with root access or a user listed in /etc/sudoers.
    If a secret with the required credentials has not been added to the application, you can open a new tab in the browser without closing the Configuration Wizard window, connect to the Server and add the secret, and then use the button in the Configuration Wizard window to refresh the list of secrets.
3. If necessary, enable detection of risks of the Vulnerability category based on the job execution results. For this purpose, select the Register detected vulnerabilities check box.
4. To run the job according to a schedule, enable the Run job according to schedule option and configure the schedule settings:
  - In the Frequency drop-down list, select how often to run the job: Hourly, Daily, Weekly, or Monthly.
  - Depending on the selected option, specify the values for the settings to define the precise job start time.
  The application run the job according to the schedule, provided that the previous start of this job has been completed. If by the time a scheduled job is started its previous launch has the Running status, the application skips the run of the scheduled job.
5. To send reports on the job starts by email, enable the Send by email option and specify the addresses of the recipients.
  The maximum number of report recipients is 10.
Click Create job to close the wizard.

The specified settings are displayed in the job details, on the Settings, Rules, and Devices tabs.

Page top