Using the configuration control jobs, you can conduct a security audit of monitored devices in terms of receiving, saving, and comparing device configurations. Configuration control jobs additionally let you upload data to Kaspersky Industrial CyberSecurity for Networks for device user control, device application and patch monitoring, and OT device hardware monitoring.
The application can monitor the following configuration types on devices:
For details on data retrieval depending on the selected type of configuration, see the Appendix.
You can manually run security audit jobs or configure a schedule to automatically run each job.
When a job is started, the application initiates a scan of devices covered by this job. If a device scan detects configuration changes for the device, the application registers an event. Depending on the configuration processing mode selected for the job, the event contains the comparison results of the received configuration with the previous configuration of the device or with its golden configuration.
The following configuration processing modes are provided for configuration control jobs:
You can scan devices to get the PLC configuration type only if you use Active Poll connectors. The following device polling methods are provided for getting the remaining configuration types:
You can use this method if the Endpoint Agent software component is installed on the devices selected for the job and integration between the EPP application and Kaspersky Industrial CyberSecurity for Networks is configured. This method is used for scanning using Endpoint Agent on each device.
Use this method if the devices selected for the job do not have the Endpoint Agent software component installed, but it is possible to connect to these devices via protocols that ensure secure management and data transfer. The method is supported for getting the Linux operating system and Network devices configuration types. For this method, in the job settings specify one of the nodes with the installed application components from which connection to the devices is established. Also, specify the credentials for remote connections (credentials are stored in the application as secrets).
You can manage configuration control jobs on the Configuration control tab in the Security audit section. If the Active poll connector or the Remote connection method is used to scan devices, you can create secrets with the necessary credentials under Settings → Secrets.
After the jobs are run and the device scans are completed, you can view information about the received device configurations in the device details area on the Configurations tab. The options for comparing configurations and assigning a golden configuration are also available on this tab.
You can view information about registered events when connected to the Server through the web interface.