Triggering device response actions

You can trigger the Isolate device from the network response action and the corresponding reverse action Disable network isolation, and the Start process action on a device. To trigger a response action, the device must run the Endpoint Agent software component and must be prepared to receive data from EPP applications.

To trigger a network isolation action for a device:

  1. Connect to the Kaspersky Industrial CyberSecurity for Networks Server through the web interface using an Administrator or Security Officer account.
  2. Select the device in the Assets section on the Devices tab or in the Network map section.

    In the Network map section, you can select the device on both the network interaction map and the topology map.

    The details area appears in the right part of the web interface window.

  3. In the details area, open the Threat response drop-down list and select the appropriate item:
    • Isolate device from the network – if you want to isolate the selected device from the network.
    • Disable network isolation – if you want to disable network isolation of a device for which the Isolate device from the network action was previously triggered.

    Items in the Threat response drop-down list are available if the Endpoint Agent software component is installed on the device.

    A window with a confirmation prompt opens.

  4. In the request window, confirm the start of the response action.

The application will register a new response action. You can view information about this action in the Events section on the Response actions tab.

To start a process on a device:

  1. Connect to the Kaspersky Industrial CyberSecurity for Networks Server through the web interface using an Administrator or Security Officer account.
  2. Select the device in the Assets section on the Devices tab or in the Network map section.

    In the Network map section, you can select the device on both the network interaction map and the topology map.

    The details area appears in the right part of the web interface window.

  3. In the details area, open the Threat response drop-down list and select Start process.

    Items in the Threat response drop-down list are available if the Endpoint Agent software component is installed on the device.

    This opens the window for configuring the response action.

  4. Configure the settings for running the process on the device. To do so, enter values for the following settings:
    • Full path to the executable file, script, utility, or application.
    • Working directory (optional).
    • Additional startup keys (optional).
  5. Enter your password in the Operation confirmation password field.
  6. Click Run.

The application will register a new response action. You can view information about this action in the Events section on the Response actions tab.

Page top