Viewing asset details

To view information about an asset, open the asset information window in one of the following ways:

• In the KUMA Console, select Assets → select a category with the relevant assets → select an asset.
• In the KUMA Console, select Alerts → click the link with the relevant alert → select the asset in the Related endpoints section.
• In the KUMA Console, select Events → search and filter events → select the relevant event → click the link in one of the following fields: SourceAssetID, DestinationAssetID, or DeviceAssetID.

The following information may be displayed in the asset details window:

• Name—asset name.

  Assets imported into KUMA retain the names that were assigned to them at the source. You can change these names in the KUMA Console.

• Tenant—the name of the tenant that owns the asset.
• Asset source—source of information about the asset. There may be several sources. For instance, information can be added in the KUMA Console or by using the API, or it can be imported from Open Single Management Platform, KICS/KATA, and MaxPatrol reports.

  When using multiple sources to add information about the same asset to KUMA, you should take into account the rules for merging asset data.

• Created—date and time when the asset was added to KUMA.
• Updated—date and time when the asset information was most recently modified.
• Owner—owner of the asset, if provided.
• IP address—IP address of the asset (if any).

  If there are several assets with identical IP addresses in KUMA, the asset that was added the latest is returned in all cases when assets are searched by IP address. If assets with identical IP addresses can coexist in your organization's network, plan accordingly and use additional attributes to identify the assets. For example, this may become important during correlation.

• FQDN—Fully Qualified Domain Name of the asset, if provided.
• MAC address—MAC address of the asset (if any).
• Operating system—operating system of the asset.
• Related alerts—alerts associated with the asset (if any).

  To view the list of alerts related to an asset, click the Find in Alerts link. This opens the Alerts tab with the search expression set to filter all assets with the corresponding asset ID.

• Software info and Hardware info—if the asset software and hardware parameters are provided, they are displayed in this section.
• Asset vulnerability information:
  • Open Single Management Platform vulnerabilities—vulnerabilities of the asset, if provided. This information is available for the assets imported from Open Single Management Platform.

    You can learn more about the vulnerability by clicking the icon, which opens the Kaspersky Threats portal. You can also update the vulnerabilities list by clicking the Update link and requesting updated information from Open Single Management Platform.

  • KICS/KATA vulnerabilities—vulnerabilities of the asset, if any. This information is available for the assets imported from KICS/KATA.
• Asset source information:
  • Last visible—time when information about the asset was last received from Open Single Management Platform. This information is available for the assets imported from Open Single Management Platform.
  • Host ID—ID of the Open Single Management Platform Network Agent from which the asset information was received. This information is available for the assets imported from Open Single Management Platform. This ID is used to determine the uniqueness of the asset in Open Single Management Platform.
  • KICS/KATA server IP address and KICS/KATA connector ID—data on the KICS/KATA instance from which the asset was imported.
• Custom fields—data written to the asset custom fields.
• Additional information about the protection settings of an asset with Kaspersky Endpoint Security for Windows or Kaspersky Endpoint Security for Linux installed:
  • KSC extended status ID – asset status. It can have the following values:
    • OK
    • Critical
    • Warning
  • KSC extended status – information about the asset status. For example, "The anti-virus databases were updated too long ago".
  • Real-time protection status – status of Kaspersky applications installed on the asset. For example: "Running (if the anti-virus application does not support the Running status categories)".
  • Encryption status – information about asset encryption. For example: "Encryption rules are not configured on the host".
  • Spam protection status – status of anti-spam protection. For example, "Started".
  • Anti-virus protection status of mail servers – status of the virus protection of mail servers. For example, "Started".
  • Data Leakage Prevention status – status of data leak protection. For example, "Started".
  • Endpoint Sensor status – status of data leak protection. For example, "Started".
  • Anti-virus databases last updated – the version of the downloaded anti-virus databases.
  • Protection last updated – the time when the anti-virus databases were last updated.
  • System last started – the time when the system was last started.

  This information is displayed if the asset was imported from Open Single Management Platform.

• Categories—categories associated with the asset (if any).
• CII category—information about whether an asset is a critical information infrastructure (CII) object.

By clicking the Move to KSC group button, you can move the asset that you are viewing between Open Single Management Platform administration groups. You can also click the Start task drop-down list to run tasks available on the asset:

• By clicking the KSC response button, you can start a Open Single Management Platform task on the asset.
• By clicking the KEDR response button, you can run a Kaspersky Endpoint Detection and Response task on the asset.
• By clicking the Refresh KSC asset button, you can run a task to refresh information about the asset from Open Single Management Platform.

The tasks are available when integrated with Open Single Management Platform and when integrated with Kaspersky Endpoint Detection and Response.

Page top