Importing assets

Details on identifying, creating, and updating assets

Asset identification varies depending on whether those assets reside in zones with dynamic addresses or static addresses:

Dynamic address zone: the asset ID is the FQDN of the asset and the first IP address from the asset's specified array of addresses.
Static address zone: the asset ID is the first IP address from the asset's specified array of addresses.

The conditions for automatic creation of assets also depend on the particular address zone:

Dynamic address zone:
- IP address: 192.168.1.1; host name: host.example.com – asset is created.
- IP address: 192.168.1.1; host name: none – asset is not created.
- IP address: none; host name: host.example.com – asset is not created.
Static address zone:
- IP address: 192.168.1.1; host name: host.example.com – asset is created.
- IP address: 192.168.1.1; host name: none – asset is created.
- IP address: none; host name: host.example.com – asset is not created.

The rules for creating assets based on network scanner reports are the same for creating assets in static address zones. If the asset name is not specified, it is filled with either the FQDN value or the value of the first IP address.

The conditions for asset data updates are provided in the table below. If there are any conflicts that prevent new data from being correlated with existing assets, new assets are created.

	Manually created asset	Asset imported from Kaspersky Security Center	Asset created based on events	Asset created based on reports of network scanners
Asset is manually updated	No restrictions	No restrictions	No restrictions	No restrictions
Asset is updated with data from Kaspersky Security Center	If the IP address and FQDN of assets match: Data from Kaspersky Security Center is added to the asset. The asset is considered to be an imported asset from Kaspersky Security Center.	When the Kaspersky Security Center server and Agent ID match, data on the asset is updated.	If the IP address and FQDN of assets match: Data from Kaspersky Security Center is added to the asset. The asset is considered to be an imported asset from Kaspersky Security Center.	If the IP addresses and FQDNs of assets match, vulnerability information is added.
Asset is updated with data from events	Dynamic address zone: if the FQDNs of assets match, the IP address of the asset is updated. Static address zone: if the IP addresses of assets match, the asset's FQDN is added.	Dynamic address zone: if the FQDNs of assets match, the IP address of the asset is updated. Static address zone: if the IP addresses of assets match, the asset's FQDN is added.	Dynamic address zone: if the FQDNs of assets match, the IP address of the asset is updated. Static address zone: if the IP addresses of assets match, the asset's FQDN is added.	Dynamic address zone: if the FQDNs of assets match, the IP address of the asset is updated. Static address zone: if the IP addresses of assets match, the asset's FQDN is added.
Asset is updated with data from reports of network scanners	Vulnerability information is added if: The IP addresses and FQDNs of assets match in the dynamic address zone. The IP addresses of assets match in the static address zone.	If the IP addresses and FQDNs of assets match, vulnerability information is added.	Vulnerability information is added if: The IP addresses and FQDNs of assets match in the dynamic address zone. The IP addresses of assets match in the static address zone.	Vulnerability information is added if: The IP addresses and FQDNs of assets match in the dynamic address zone. The IP addresses of assets match in the static address zone.

Conflicts during asset data updates prevent the processing of the conflicting asset, but do not prevent the processing of other assets specified in the request body.

POST /api/v1/assets/import

Bulk creation or update of assets.

Access: administrator and analyst.

Request body

Format: JSON

type Request struct {

TenantID string `json:"tenantID"`

Assets []Asset `json:"assets"`

}

type Asset struct {

Name string `json:"name"`

FQDN string `json:"fqdn"`

IPAddresses []string `json:"ipAddresses"`

MACAddresses []string `json:"macAddresses"`

Owner string `json:"owner"`

OS *OS `json:"os"`

Software []Software `json:"software"`

Vulnerabilities []Vulnerability `json:"vulnerabilities"`

}

type OS struct {

Name string `json:"name"`

Version uint64 `json:"version"`

}

type Software struct {

Name string `json:"name"`

Version string `json:"version"`

Vendor string `json:"vendor"`

}

type Vulnerability struct {

KasperskyID string `json:"kasperskyID"`

ProductName string `json:"productName"`

DescriptionURL string `json:"descriptionURL"`

RecommendedMajorPatch string `json:"recommendedMajorPatch"`

RecommendedMinorPatch string `json:"recommendedMinorPatch"`

SeverityStr string `json:"severityStr"`

Severity uint64 `json:"severity"`

CVE []string `json:"cve"`

ExploitExists bool `json:"exploitExists"`

MalwareExists bool `json:"malwareExists"`

}

Request mandatory fields

Name	Data type	Mandatory	Description	Value example
TenantID	string	Yes	Tenant ID	00000000-0000-0000-0000-000000000000
assets	[]Asset	Yes	Array of imported assets

Asset mandatory fields

Name

Data type

Mandatory

Description

Value example

fqdn

string

If the ipAddresses array is not specified

Asset FQDN. It is recommended that you specify the FQDN and not just the host name. Priority indicator for asset identification.

my-asset-1.example.com

my-asset-1

ipAddresses

[]string

If FQDN is not specified

Array of IP addresses for the asset. IPv4 or IPv6. The first element of the array is used as a secondary indicator for asset identification.

["192.168.1.1", "192.168.2.2"]

["2001:0db8:85a3:0000:0000:8a2e:0370:7334"]

Response

HTTP code: 200

Format: JSON

type Response struct {

InsertedIDs map[int64]interface{} `json:"insertedIDs"`

UpdatedCount uint64 `json:"updatedCount"`

Errors []ImportError `json:"errors"`

}

type ImportError struct {

Index uint64 `json:"index"`

Message string `json:"message"`

}

Possible errors

HTTP code	Description	message field value	details field value
400	Tenant ID is not specified	tenantID required
400	Attempt to import assets into the shared tenant	import into shared tenant not allowed
400	Not a single asset was specified in the request body	at least one asset required
400	None of the mandatory fields is specified	one of fields required	asset[<index>]: fqdn, ipAddresses
400	Invalid FQDN	invalid value	asset[<index>].fqdn
400	Invalid IP address	invalid value	asset[<index>].ipAddresses[<index>]
400	IP address is repeated	duplicated value	asset[<index>].ipAddresses
400	Invalid MAC address	invalid value	asset[<index>].macAddresses[<index>]
400	MAC address is repeated	duplicated value	asset[<index>].macAddresses
403	The user does not have the required role in the specified tenant	access denied
404	The specified tenant was not found	tenant not found
406	The specified tenant was disabled	tenant disabled
500	Any other internal errors	variable	variable

Page top