Monitoring device applications and patches

Kaspersky Industrial CyberSecurity for Networks can monitor applications and patches installed on devices it knows about. When monitoring applications and patches, it automatically receives information about software installed and registered in the operating systems of the devices. The application uses these details to generate application and patch tables.

To use the application and patch monitoring feature, asset management methods for device activity detection and device information detection must be enabled. These methods must be enabled on all nodes where the application components from which information is received are installed.

Application and patch monitoring relies on data from the following source types:

1. OVAL scanning: software components that scan devices according to built-in OVAL rules, such as EPP applications that send extended device data on demand to Kaspersky Industrial CyberSecurity for Networks or nodes with installed application components that connect to devices remotely when scanning devices as part of a configuration monitoring job.

2. External source: applications that use the Kaspersky Industrial CyberSecurity for Networks API and send application and patch details to Kaspersky Industrial CyberSecurity for Networks.

The sources are listed in the descending order of priority of data coming from them. When processing application and patch details, the application follows data source priority. Application and patch details from a higher-priority source can overwrite information from other sources. The application also automatically deletes from the tables those applications and patches whose details were previously received, but such applications or patches are not present in the new data received from these sources.

You can view applications and patches details in the following tables:

• The all applications table under Assets on the Applications tab.

  This table displays information about all applications whose data has been received by the application. When viewing the all applications table, you can configure, filter, search, sort, and navigate to related items.

• The all patches table under Assets on the Patches tab.

  This table displays information about all patches whose data has been received by the application. When viewing the all patches table, you can configure, filter, search, sort, and navigate to related items.

The all applications and all patches tables are limited to 200,000 items each.

The application displays the following device application details in the table and details area for the selected application:

• Application ID: the application identifier assigned in Kaspersky Industrial CyberSecurity for Networks
• Name: application name
• Vendor: application vendor name
• Device: device name and address
• Origin: application data source type
• Installed: the date and time when the application was installed
• Size: the amount of disk space used by the application files
• Version: application version number
• Data received: the date and time when application details were last received
• Description: the description set for the application

The application displays the following device patch details in the table and details area for the selected patch:

• Patch ID: the patch identifier assigned in Kaspersky Industrial CyberSecurity for Networks
• Name: patch name
• Product: the name of the patched software product
• Version: patch version number
• Vendor: patch vendor name
• Device: device name and address
• Origin: patch data source type
• Installed: the date and time when the patch was installed
• Data received: the date and time when patch details were last received
• Description: the description set for the patch

When monitoring applications and patches, the application uses the Asset Management technology for event logging. Events are registered with system event types that are assigned the following codes:

• 4000005601: for application added or removed events
• 4000005602: for patch added or removed events

You can configure the available settings for event types under Settings → Event types.

You can view information about registered events when connected to the Server through the web interface.

Page top