Viewing the table of devices

To manage devices, the application generates a table of devices. The application considers all devices in the table to be known devices.

To view the table of devices:

1. Select the Assets section in the application web interface window.
2. Go to the Devices tab.

   The table of devices is displayed.

The table displays the following information:

• Name is the name that represents the device in the application.
• Device ID is the ID of the device assigned in Kaspersky Anti Targeted Attack Platform.
• Status is the device status that determines whether the device is allowed to be active on the corporate LAN. A device can have one of the following statuses:
  • Authorized. This status is assigned to a device that is allowed to be active on the network.
  • Unauthorized. This status is assigned to a device that is not allowed to be active on the network.
  • Archived. This status is assigned to a device if it is no longer in use or must not be used on the network, or if the device has not been active for a long time (30 days or more) and information about this device has not been updated.
• Address information lists MAC and/or IP addresses of the device. If a device has multiple network interfaces, each network interface can have a different MAC and/or IP address.
• Category is the name of the category that characterizes the functional purpose of the device. Kaspersky Anti Targeted Attack Platform recognizes the following device categories:
  • Server for a computer on which server software is deployed.
  • Network device for a piece of network equipment (for example, a router, a switch).
  • Workstation for a stationary personal computer or operator workstation.
  • Mobile device for a portable electronic device with computing functionality.
  • Laptop for a portable personal computer.
  • Printer for a printing device.
  • UPS for an uninterruptible power supply connected to a computer network.
  • Network camera for a device that performs video surveillance and transmits digital imaging data.
  • Gateway for a device that connects networks by converting various interfaces (for example, Serial Ethernet) in networks with a heterogeneous data transmission medium and different protocols.
  • Storage system for a device that stores information inside memory systems.
  • Firewall for a device that act as a firewall to scan and block unwanted traffic.
  • Switch for a device that physically connects hosts of the local network.
  • Virtual switch for a device that logically combines physical switches or software switches for virtualization systems.
  • Router for a device that forwards network packets between segments of a computer network.
  • Virtual router for a device that logically combines physical routers or routers that use multiple independent routing and forwarding tables.
  • Wi-Fi for an access point that provides wireless connection of devices from Wi-Fi networks.
  • Historian server for a server with archived data.
  • Other for a device that does not belong to any of the above categories.
• Group is the name of the group in which the device is placed in the device group tree (contains the name of the group itself and the names of all its parent groups).
• Security state is the security state of the device, which is determined by the existence of events related to the device. A device can have one of the following security states:
  • Critical. The device has associated events that have a 8.0–10.0 severity score.
  • Warning. The device has associated events that have a 4.0–7.9 severity score.
  • OК. The device has associated events that have a 0.0-3.9 severity score, or the device has no associated events.
• Importance is the importance of the device. Importance is assigned to the device in accordance with its category. A device can have one of the following importance ratings:
  • High. Assigned to devices of the Server category.
  • Medium. Assigned to devices of the following categories: Network device, Workstation, Gateway, Storage system, Firewall, Switch, Virtual switch, Router, Virtual router, Wi-Fi, Historian server.
  • Low. Assigned to devices of the following categories: Mobile device, Laptop, Printer, UPS, Network camera, or Other.
• Last seen is the date and time of the last recorded activity of the device.
• Risks lists the categories of risks detected for the device. By default, the device table displays information only for current risks. To display information for all risks, you can select the Show remediated and accepted risks check box when configuring the device table.
• Last modified is the date and time when the device information was last modified.
• Created is date and time when the device was added to the table of devices.
• OS is the name of the operating system installed on the device.
• Hardware vendor is the name of the vendor of the hardware of the device. In the details area, this parameter is called Vendor and is displayed on the General tab under Hardware.
• Hardware Model is the name of the device model. In the details area, this parameter is called Model and is displayed on the General tab under Hardware.
• Hardware version is the version number of the device hardware. In the details area, this parameter is called Version and is displayed on the General tab under Hardware.
• Software vendor is the vendor name of the device software. In the details area, this parameter is called Vendor and is displayed on the General tab under Software.
• Software name is the name of the device software. In the details area, this parameter is called Name and is displayed on the General tab under Software.
• Software version is the version number of the device software. In the details area, this parameter is called Version and is displayed on the General tab under Software.
• Network name is the name that represents the device on the network.
• Labels lists labels assigned to the device.
• EPP application is the short name of the EPP application installed on the device (if this application has communicated with Kaspersky Anti Targeted Attack Platform).
• EPP connection is the status of the connection of the Endpoint Agent component installed on the device to the integration server. The following statuses are possible:
  • Active. Less than 24 hours have passed since the application last connected to the integration server.
  • Inactive. Over 24 hours have passed since the application last connected to the integration server.
  • N/A. The connection status is unknown.
• Last connection to EPP is the date of the last connection of the Endpoint Agent component to the integration server.