Network segment polling via Kaspersky Security Center Cloud Console

Information about the structure of the network (and devices in it) is received through regular polling of cloud segments by using the AWS API, Azure API, or Google API tools. Kaspersky Security Center Cloud Console uses this information to update the contents of the Unassigned devices and Managed devices folders. If you have configured devices to be moved to administration groups automatically, detected devices are included in administration groups.

To allow the polling of cloud segments, you must have the corresponding rights that are provided with an IAM user account (in AWS); with an Application ID and password (in Azure); or with a Google client email, Google project ID, and private key (in Google Cloud).

You can add and delete connections, as well as set the polling schedule, for each cloud segment.

Adding connections for cloud segment polling via Kaspersky Security Center Cloud Console

Expand all | Collapse all

To add a connection for cloud segment polling to the list of available connections:

1. In the main menu, go to Discovery & deployment → Discovery → Cloud.
2. In the window that opens, click Properties.
3. In the Settings window that opens, click Add.

   The Cloud segment settings window opens.

4. Specify the name of the cloud environment for the connection that will be used for further polling of the cloud segment:
   • Cloud environment

     Select the cloud environment in which you are deploying Kaspersky Security Center Cloud Console: AWS, Azure, or Google Cloud.

     If you plan to work with more than one cloud environment, select one environment and then run the wizard again.

   • Connection name

     Enter a name for the connection. The name cannot contain more than 256 characters. Only Unicode characters are permitted.

     This name will also be used as the name for the administration group for the cloud devices.

     If you plan to work with more than one cloud environment, you might want to include the name of the environment in the connection name, for example, "Azure Segment", "AWS Segment", or "Google Segment".

5. Enter your credentials to receive authorization in the cloud environment that you specified.
   • If you selected AWS, specify the following:
     • Access key ID

       The IAM access key ID is a sequence of alphanumeric characters. You received the key ID when you created the IAM user account.

       The field is available after you selected an AWS IAM access key for authorization.

     • Secret key

       The secret key that you received with the access key ID when you created the IAM user account.

       The characters of the secret key are displayed as asterisks. After you begin entering the secret key, the Show button is displayed. Click and hold this button for the necessary amount of time to view the characters you entered.

       The field is available after you selected an AWS IAM access key for authorization.

       To see the characters that you entered, click and hold the Show button.

   • If you selected Azure, specify the following settings:
     • Azure Application ID

       You created this application ID on the Azure portal.

       You can provide only one Azure Application ID for polling and other purposes. If you want to poll another Azure segment, you must first delete the existing Azure connection.

     • Azure Subscription ID

       You created the subscription on the Azure portal.

     • Azure Application password

       You received the password of the Application ID when you created the Application ID.

       The characters of the password are displayed as asterisks. After you begin entering the password, the Show button becomes available. Click and hold this button to view the characters you entered.

       To see the characters that you entered, click and hold the Show button.

     • Azure storage account name

       You created the name of the Azure storage account for working with Kaspersky Security Center Cloud Console.

     • Azure storage access key

       You received a password (key) when you created Azure storage account for working with Kaspersky Security Center Cloud Console.

       The key is available in section "Overview of the Azure storage account", in subsection "Keys".

       To see the characters that you entered, click and hold the Show button.

   If you selected Google Cloud, specify the following settings:

   • Client email address

     Client email is the email address that you used for registering your project at Google Cloud.

   • Project ID

     Project ID is the ID that you received when you registered your project at Google Cloud.

   • Private key

     Private key is the sequence of characters that you received as your private key when you registered your project at Google Cloud. You might want to copy and paste this sequence to avoid mistakes.

     To see the characters that you entered, click and hold the Show button.

6. If you want, click Set polling schedule and change the default settings.

The connection is saved in the application settings.

After the new cloud segment is polled for the first time, the subgroup corresponding to that segment appears in the Managed devices\Cloud administration group.

If you specify incorrect credentials, no instances will be found during cloud segment polling and a new subgroup will not appear in the Managed devices\Cloud administration group.

Deleting a connection for cloud segment polling

If you no longer have to poll a specific cloud segment, you can delete the connection corresponding to it from the list of available connections. You can also delete a connection if, for example, permissions to poll a cloud segment have been transferred to another user who has different credentials.

To delete a connection:

1. In the main menu, go to Discovery & deployment → Discovery → Cloud.
2. In the window that opens, click Properties.
3. In the Settings window that opens, click the name of the segment that you want to delete.
4. Click Delete.
5. In the window that opens, click the OK button to confirm your selection.

The connection is deleted. The devices in the cloud segment corresponding to this connection are automatically deleted from the administration groups.

Configuring the polling schedule via Kaspersky Security Center Cloud Console

Expand all | Collapse all

Cloud segment polling is performed according to schedule. You can set the polling frequency.

The polling frequency is automatically set at five minutes by the Cloud environment configuration wizard. You can change this value at any time and set a different schedule. However, it is not recommended to configure polling to run more frequently than every five minutes, because this could lead to errors in the API operation.

To configure a cloud segment polling schedule:

1. In the main menu, go to Discovery & deployment → Discovery → Cloud.
2. In the window that opens, click Properties.
3. In the Settings window that opens, click the name of the segment for which you want to configure a polling schedule.

   The Cloud segment settings window opens.

4. In the Cloud segment settings window, click the Set polling schedule button.

   The Schedule window opens.

5. In the Schedule window, define the following settings:
   • Scheduled start

     Polling schedule options:

     • Every N days

       The polling runs regularly, with the specified interval in days, starting from the specified date and time.

       By default, the polling runs every day, starting from the current system date and time.

     • Every N minutes

       The polling runs regularly, with the specified interval in minutes, starting from the specified time.

       By default, the polling runs every five minutes, starting from the current system time.

     • By days of week

       The polling runs regularly, on the specified days of week, and at the specified time.

       By default, the polling runs every Friday at 6:00:00 PM.

     • Every month on specified days of selected weeks

       The polling runs regularly, on the specified days of each month, and at the specified time.

       By default, no days of month are selected; the default start time is 6:00:00 PM.

   • Start interval (days)

     Specify what N is equal to (for minutes or days).

   • Starting from

     Specify when to start the first poll.

   • Run missed tasks

     If your workspace is unavailable during the time for which the poll is scheduled, Kaspersky Security Center Cloud Console can either start the poll immediately after the workspace is available again, or wait for the next time for which the poll is scheduled.

     If this option is enabled, Kaspersky Security Center Cloud Console starts polling immediately after the workspace is available again.

     If this option is disabled, Kaspersky Security Center Cloud Console waits for the next time for which the polling is scheduled.

     By default, this option is enabled.

6. Click Save to save the changes.

The polling schedule for the segment is configured and saved.

Viewing the results of cloud segment polling via Kaspersky Security Center Cloud Console

You can view the results of cloud segment polling, that is, view the list of cloud devices managed by the Administration Server.

To view the results of cloud segment polling,

In the main menu, go to Discovery & deployment → Discovery → Cloud.

The cloud segments available for polling are displayed.

Viewing the properties of cloud devices via Kaspersky Security Center Cloud Console

You can view the properties of each cloud device.

To view the properties of a cloud device:

1. In the main menu, go to Assets (Devices) → Managed devices.
2. Click the name of the device whose properties you want to view.

   A properties window opens with the General section selected.

3. If you want to view the properties specific for cloud devices, select the System section in the properties window.

   The properties are displayed depending on the cloud platform of the device.

   For devices in AWS, the following properties are displayed:

   • Device discovered using API (value: AWS)
   • Cloud region
   • Cloud VPC
   • Cloud availability zone
   • Cloud subnet
   • Cloud placement group (this unit is only displayed if the instance belongs to a placement group; otherwise, it is not displayed)

   For devices in Azure, the following properties are displayed:

   • Device discovered using API (value: Microsoft Azure)
   • Cloud region
   • Cloud subnet

   For devices in Google Cloud, the following properties are displayed:

   • Device discovered using API (value: Google Cloud)
   • Cloud region
   • Cloud VPC
   • Cloud availability zone
   • Cloud subnet