Managing assets

In the Assets section of the KUMA web interface, you can view and edit information about known assets and their categories. Devices can be imported from Kaspersky Security Center.

The asset categories tree is displayed in the left part of the Assets section. You can browse the tree, and expand or collapse nodes. When a node is selected, the assets belonging to that tree node category are displayed in the right part of the window.

When you select an asset, the Asset details pane displaying the asset parameters opens on the right side of the window:

• Name—the name of the asset. Assets imported from Kaspersky Security Center retain their Kaspersky Security Center names.
• Tenant name—name of the tenant that owns the asset.
• Created—the date and time when the asset was added to KUMA.
• Updated—the date and time when the asset information was modified.
• Owner—the owner of the asset, if provided.
• IP address—IP address of the asset, if provided.

  If in KUMA there are several assets with identical IP address, the asset that was added later is returned in all cases where assets are searched by IP address. If assets with identical IP addresses can exist in your organization's network, plan accordingly and use additional attributes to identify assets. For example, this may become important during correlation.

• FQDN—Fully Qualified Domain Name of the asset, if provided.
• MAC address—MAC address of the asset, if provided.
• Operating system—operation system of the asset.
• Related alerts—alerts associated with the asset (if any).

  You can see the list of the alerts that the asset is related to by clicking the Find in Alerts link. After that the Alerts tab opens with the search expression set to filter all alerts with the identifier of asset.

• Categories—categories associated with the asset (if any).
• Vulnerabilities—vulnerabilities of the asset, if provided. This information is available only for the assets, imported from Kaspersky Security Center.

  You can learn more about the vulnerability by clicking the icon, which opens the Kaspersky Threats portal. You can also update the vulnerabilities list by clicking the Update link and requesting updated information from Kaspersky Security Center.

• Software info—if the asset software parameters are provided, they are displayed in this section.
• Hardware info—if the asset hardware parameters are provided, they are displayed in this section.
• Agent ID—identifier of network agent of the asset, if provided.
• Last connection time with KSC—if the asset was imported from Kaspersky Security Center, this section displays the time of the last connection with Kaspersky Security Center.

You can select check boxes near assets and then assign them to a category using the Link to category button.

Do not link assets to the Categorized assets category.

Asset categories

In KUMA assets are assigned to tree-structured categories. The category tree is displayed in the left part of the Assets section of the KUMA web interface in the All assets tab, which is selected by default. When a tree node is selected, the assets assigned to it are displayed in the right part of the window. Assets from the subcategories of the selected category are not displayed unless you specify that you want to see assets from subcategories as well.

Categories can be assigned to assets either manually or automatically. Automatic categorization can be responsive, which means that categories are populated with assets by using correlation rules, or automatic categorization can be active, which means that all assets that meet specific conditions are assigned to a category. The categorization method can be specified in the category settings when you create or edit a category.

If you hover the mouse over a category, the ellipsis icon will appear to the right of the category name. Clicking this icon opens a category context menu in which you can select the following options:

• Show assets—display assets of the selected category in the right part of the window.
• Show assets recursively—display assets from the subcategories of the selected category. If you want to exit recursive viewing mode, select another category to view.
• Show info—view information about the selected category in the Category information details area displayed in the right part of the web interface window.
• Start categorization—start automatic attachment of assets to the selected category. This option is available for categories that have active categorization.
• Add subcategory—add a subcategory to the selected category.
• Edit category—edit the selected category.
• Delete category—remove the selected category. It is possible to remove only the categories without assets or subcategories. Otherwise the Delete category option will be inactive.
• Pin as tab—display the selected category in a separate tab You can undo this action by selecting Unpin as tab in the context menu of the relevant category.

Add asset category

To add an asset category:

1. Open the Assets section in the KUMA web interface.
2. Open the category creation window:
   • Click the Add category button.
   • If you want to create a subcategory, select Add subcategory in the context menu of the parent category.

   The Add category details area appears in the right part of the web interface window.

3. Add information about the category:
   • In the Name field, enter the name of the category. The name must contain from 1 to 128 Unicode characters.
   • In the Parent field, indicate the position of the category within the categories tree hierarchy:
     1. Click the button.

        This opens the Select categories window showing the categories tree. If you are creating a new category and not a subcategory, the window may show multiple asset category trees, one for each tenant that you can access. Your tenant selection in this window cannot be undone.

     2. Select the parent category for the category you are creating.
     3. Click Save.

     Selected category appears in Parent fields.

   • The Tenant field displays the tenant whose structure contains your selected parent category. The tenant category cannot be changed.
   • Assign a priority to the category in the Priority drop-down list.
   • If necessary, in the Description field, you can add a note consisting of up to 256 Unicode characters.
4. In the Categorization kind drop-down list, select how the category will be populated with assets. Depending on your selection, you may need to specify additional settings:
   • Manually—assets can only be manually linked to a category.
   • Active—assets will be assigned to a category at regular intervals if they satisfy the defined filter.

     Active category of assets

     1. In the Repeat categorization every drop-down list, specify how often assets will be linked to a category. You can select values ranging from once per hour to once per 24 hours.

        You can forcibly start categorization by selecting Start categorization in the category context menu.

     2. In the Conditions settings block, specify the filter for matching conditions to attach an asset to a category.

        You can add conditions by clicking the Add conditions buttons. Groups of conditions can be added by using the Add group buttons. Group operators can be switched between AND, OR, and NOT values.

        Categorization filter operands and operators

        Operand	Operators	Comment
        Build number	>, >=, =, <=, <
        OS	=, like	The "like" operator ensures that the search is not case sensitive.
        IP address	inSubnet, inRange	The IP address is indicated in CIDR notation (for example: 192.168.0.0/24). When the inRange operator is selected, you can indicate only addresses from private ranges of IP addresses (for example: 10.0.0.0,10.255.255.255). Both addresses must be in the same range.
        FQDN	=, like	The "like" operator ensures that the search is not case sensitive.
        CVE	=, in	The "in" operator lets you specify an array of values.

     3. Use the Test conditions button to make sure that the specified filter is correct. When you click the button, you should see the Assets for given conditions window containing a list of assets that satisfy the search conditions.
   • Reactive—the category will be filled with assets by using correlation rules.
5. Click Save.

The new category will be added to the asset categories tree.

Configuring the table of assets

In KUMA, you can configure the contents and order of columns displayed in the assets table. These settings are stored locally on your machine.

To configure the settings for displaying the assets table:

1. Click the icon in the top right corner of the assets table.
2. Select the check boxes next to the parameters you want to view in the table:
   • FQDN
   • IP address
   • Owner
   • MAC address
   • Created by
   • Updated
   • Tenant name

   When you select a check box, the assets table is updated and a new column is added. When a check box is cleared, the column disappears. The table can be sorted based on multiple columns.

3. If you need to change the order of columns, click the left mouse button on the column name and drag it to the desired location in the table.

The asset table display settings are configured.

Importing asset information from Kaspersky Security Center

All assets monitored by this program are registered in Kaspersky Security Center. This data can be accessed using the API. If KUMA has an active connection to Kaspersky Security Center, you can import assets from Kaspersky Security Center to KUMA.

To import information about assets from Kaspersky Security Center:

1. Open the KUMA web interface and select the Assets section.
2. Click the Import KSC assets button.

   The Import KSC assets window opens.

3. In the drop-down list, select a tenant to import data from Kaspersky Security Center.
4. Click OK.

The asset information is imported from Kaspersky Security Center to KUMA.

Searching assets

KUMA has a full-text search function to look for assets. The search uses Name, FQDN, IP address, MAC address, and Owner asset parameters.

To find the asset you need,

In the Assets section of the KUMA web interface, enter your search query in the Search field and press ENTER or click the icon.

The table displays all assets with the names meet the search criteria.

Add assets

In KUMA, you can add assets manually or import them from Kaspersky Security Center.

To add an asset manually:

1. In the Assets section of the KUMA web interface, click the Add asset button.

   The Add asset details area opens in the right part of the window.

2. Enter asset parameters:
   • Asset name (required)
   • Tenant name (required)
   • IP address and/or FQDN (required)
   • MAC address.
   • Owner
3. If required, assign one or several categories to the asset:
   1. Click the button with the icon.

      Select categories window opens.

   2. Select check boxes next to the categories that should be assigned to the asset. Use the and icons to expand and collapse the subcategories.
   3. Click Save.

   The selected categories appear in the Categories fields.

4. If required, add information about the operating system installed on the asset in the Software section.
5. If required, add information about asset hardware in the Hardware info section.
6. Click Add.

The asset is added and is displayed in the assets table in the category assigned to it or in the Uncategorized assets category.

Deleting assets

KUMA has an option to delete assets.

To delete an asset:

1. In the Assets section of the KUMA web interface, click the asset that you want to delete.

   The Asset details area opens in the right part of the window.

2. Click the Delete button.

   A confirmation window opens.

3. Click OK.

The asset is deleted.

The assets imported from Kaspersky Security Center cannot be deleted manually. They are deleted automatically when the information about them has not updated for 30 days.

Editing assets

In KUMA, you can edit asset parameters. All the parameters of manually added assets can be edited. For assets imported from Kaspersky Security Center, you can only change the name of the asset and its category.

To change the asset parameters:

1. In the Assets section of the KUMA web interface, click the asset that you want to edit.

   The Asset details area opens in the right part of the window.

2. Click the Edit button.

   The Edit asset window opens.

3. Make the changes you need in the available fields:
   • Asset name (required. This is the only field available to edit if the asset was imported from Kaspersky Security Center.)
   • IP address and/or FQDN (required)
   • MAC address
   • Owner
   • Software info:
     • Operating system name
     • Operating system build
   • Hardware info:

     Hardware parameters

     You can add information about asset hardware to the Hardware info section:

     Available fields for describing asset CPU:

     • CPU name
     • CPU frequency
     • CPU core count

     You can add CPUs to the asset by using the Add CPU link.

     Available fields for describing asset disk:

     • Disk free bytes
     • Disk volume

     You can add disks to the asset by using the Add Disk link.

     Available fields for describing asset RAM:

     • RAM frequency
     • RAM total bytes

     Available fields for describing asset network card:

     • Network card name
     • Network card manufacture
     • Network card driver version

     You can add network cards to the asset by using the Add network card link.

4. Assign or change the category of the asset:
   1. Click the button with the icon.

      Select categories window opens.

   2. Select check boxes next to the categories that should be assigned to the asset.
   3. Click Save.

   The selected categories appear in the Categories fields.

   You can also select the asset and then drag and drop it into the required category. This category will be added to the list of asset categories.

   Do not link assets to the Categorized assets category.

5. If required, add information about the operating system installed on the asset in the Software section.
6. If required, add information about the asset hardware in the Hardware info section.
7. Click the Save button.

The asset parameters will be modified.