Adding a configuration control job

For devices known to the application, you can add jobs to receive, save, and compare device configurations.

Only users with the Administrator role can add configuration control jobs.

The configuration control job is configured using the Wizard. The Wizard guides you step by step through the configuration of all required job settings. After the configuration is complete, you can wait for the scheduled scans to start on devices or start the scan job manually.

When adding a configuration control job, you can invoke the Configuration Wizard in the following ways:

• Adding a job with blank settings. To do this:
  1. Select the Security audit section.
  2. On the Configuration control tab, click Add job.

  The Configuration Wizard settings do not have the default values.

• Adding a job for selected devices. To do this:
  1. Select the Assets section.
  2. On the Devices tab, select the devices for which you want to add a configuration control job.
  3. You can select no more than 100 devices.
  4. In the toolbar above the devices table, open the Create job drop-down list and select Configuration control.

  In the Configuration Wizard settings, a list of devices consisting of the selected devices is generated by default.

To configure job settings in the Configuration Wizard window:

1. In the Select device section, create a list of devices to run the scans during the job execution. Select up to 100 devices for the job.

   You can create a list of devices using the Add to job and Delete from job buttons. When you add devices, the application opens a window with a table of devices for selection. You can filter and sort the table to display the desired devices.

2. In the Select parameters section, do the following:
   1. Select the configuration type to receive when the job is being executed.
   2. Configure the settings of the selected configuration type. Depending on the selected type, you can specify the required configuration components, such as Local users and groups, or connection details, such as a connector and an account credentials secret for remote connections if the PLC configuration type is selected.

      If a secret with the required credentials has not been added to the application, you can open a new tab in the browser without closing the Configuration Wizard window, connect to the Server and add the secret, and then use the button in the Configuration Wizard window to refresh the list of secrets.

3. In the Job configuration section, configure the rest of the job settings:
   1. Enter the job name and description.

      You can use letters, numerals, a space, and the following special characters: ! @ # № $ % ^ & ( ) [ ] { } / \ : ; , . - _. The job name must begin and end with any permitted character except space.

      The job name must contain no more than 256 characters. The job description must contain no more than 4,096 characters.

   2. Select configuration processing mode.
   3. If the Windows operating system, Linux operating system, or Network devices configuration type is selected in the Select parameters section, select one of the following methods to poll devices:
      • Local agent

        You can use this method if the Endpoint Agent software component is installed on the devices selected for the job and integration between the EPP application and Kaspersky Industrial CyberSecurity for Networks is configured. This method is used for scanning using Endpoint Agent on each device.

      • Remote connection

        Use this method if the devices selected for the job do not have the Endpoint Agent software component installed, but it is possible to connect to these devices via protocols that ensure secure management and data transfer. The method is supported for getting the Linux operating system and Network devices configuration types. This method requires the following additional data:

        • A node with the application components installed that will connect to the devices.
        • Account credentials secret for remote connections

          You can select only one secret with one set of credentials for the job. The credentials stored in the selected secret must be valid on all devices selected for the job: connecting to these devices must be possible with the same credentials from the secret. Bear in mind that certain types of system data, such as passwords of operating system users, can be obtained only if requested by a user with a sufficiently high level of privileges. To get this data, you need to specify in the secret the credentials of a user with an appropriate level of privileges, such as a user with root access or a user listed in /etc/sudoers.

        If a secret with the required credentials has not been added to the application, you can open a new tab in the browser without closing the Configuration Wizard window, connect to the Server and add the secret, and then use the button in the Configuration Wizard window to refresh the list of secrets.

   4. To run the job according to a schedule, enable the Run job according to schedule option and configure the schedule settings:
      • In the Frequency drop-down list, select how often to run the job: Hourly, Daily, Weekly, or Monthly.
      • Depending on the selected option, specify the values for the settings to define the precise job start time.

      The application run the job according to the schedule, provided that the previous start of this job has been completed. If by the time a scheduled job is started its previous launch has the Running status, the application skips the run of the scheduled job.

4. Click Create job to close the wizard.

The specified settings are displayed in the job details, on the Settings and Devices tabs.

See also: Adding a secret

Page top