For devices known to the application, you can add jobs to receive, save, and compare device configurations.
Only users with the Administrator role can add configuration control jobs.
The configuration control job is configured using the Wizard. The Wizard guides you step by step through the configuration of all required job settings. After the configuration is complete, you can wait for the scheduled scans to start on devices or start the scan job manually.
When adding a configuration control job, you can invoke the Configuration Wizard in the following ways:
The Configuration Wizard settings do not have the default values.
In the Configuration Wizard settings, a list of devices consisting of the selected devices is generated by default.
To configure job settings in the Configuration Wizard window:
You can create a list of devices using the Add to job and Delete from job buttons. When you add devices, the application opens a window with a table of devices for selection. You can filter and sort the table to display the desired devices.
If a secret with the required credentials has not been added to the application, you can open a new tab in the browser without closing the Configuration Wizard window, connect to the Server and add the secret, and then use the button in the Configuration Wizard window to refresh the list of secrets.
You can use letters, numerals, a space, and the following special characters: ! @ # № $ % ^ & ( ) [ ] { } / \ : ; , . - _
. The job name must begin and end with any permitted character except space.
The job name must contain no more than 256 characters. The job description must contain no more than 4,096 characters.
You can use this method if the Endpoint Agent software component is installed on the devices selected for the job and integration between the EPP application and Kaspersky Industrial CyberSecurity for Networks is configured. This method is used for scanning using Endpoint Agent on each device.
Use this method if the devices selected for the job do not have the Endpoint Agent software component installed, but it is possible to connect to these devices via protocols that ensure secure management and data transfer. The method is supported for getting the Linux operating system and Network devices configuration types. This method requires the following additional data:
You can select only one secret with one set of credentials for the job. The credentials stored in the selected secret must be valid on all devices selected for the job: connecting to these devices must be possible with the same credentials from the secret. Bear in mind that certain types of system data, such as passwords of operating system users, can be obtained only if requested by a user with a sufficiently high level of privileges. To get this data, you need to specify in the secret the credentials of a user with an appropriate level of privileges, such as a user with root access or a user listed in /etc/sudoers.
If a secret with the required credentials has not been added to the application, you can open a new tab in the browser without closing the Configuration Wizard window, connect to the Server and add the secret, and then use the button in the Configuration Wizard window to refresh the list of secrets.
The application run the job according to the schedule, provided that the previous start of this job has been completed. If by the time a scheduled job is started its previous launch has the Running status, the application skips the run of the scheduled job.
The specified settings are displayed in the job details, on the Settings and Devices tabs.