Kaspersky Anti Targeted Attack Platform
- Kaspersky Anti Targeted Attack Platform Help
- Kaspersky Anti Targeted Attack Platform
- About data provision
- Program licensing
- About the End User License Agreement
- About the license
- About the license certificate
- About the key
- About the key file
- Viewing information about the license and added keys
- Viewing the text of the End User License Agreement in the web interface of the Central Node
- Viewing the text of the Privacy Policy in the web interface of the Central Node
- Viewing information about the third-party code used in the program
- Viewing the text of the End User License Agreement in the web interface of the Sandbox
- Viewing the text of the End User License Agreement on the computer with the Endpoint Sensors component
- Adding a key
- Replacing a key
- Removing a key
- Program modes based on the license
- Program architecture
- Operation of the program
- Distributed solution and multitenancy mode
- Distributed mode and multitenancy transition scenario
- Modifications of program settings for distributed solution mode and multitenancy
- Assigning the PCN role to a server
- Assigning the SCN role to a server
- Processing SCN to PCN connection requests
- Viewing information about organizations, PCN and SCN servers
- Adding an organization to the PCN server
- Removing an organization from the PCN server
- Renaming an organization on the PCN server
- Disconnecting an SCN from PCN
- Modifications of program settings for disconnecting an SCN from PCN
- Decommissioning an SCN server
- Sizing Guide
- Installing and performing initial configuration of the solution
- Preparing for installing program components
- Preparing the IT infrastructure for program components installation
- Preparing the IT infrastructure for integration with a mail server used for receiving messages via POP3
- Preparing the IT infrastructure for integration with a mail server used for receiving messages via SMTP
- Preparing the virtual machine for installing the Sandbox component
- Procedure for installing and configuring program components
- Installation: Sandbox component
- Step 1. Viewing the End User License Agreement and Privacy Policy
- Step 2. Selecting a disk for installing the Sandbox component
- Step 3. Creating the Sandbox administrator account
- Step 4. Selecting the controlling network interface in the list
- Step 5. Assigning the address and network mask of the controlling interface
- Step 6. Configuring a static network route
- Installing and configuring the Central Node and Sensor components on the same server
- Step 1. Starting installation of the Central Node and Sensor components and selecting a server role
- Step 2. Viewing the End User License Agreement and Privacy Policy
- Step 3. Selecting a disk for installing the Central Node and Sensor components
- Step 4. Creating an account for working in the administrator menu and in the server management console
- Step 5. Assigning the host name
- Step 6. Enabling a network interface for the first time
- Step 7. Configuring the default network route
- Step 8. Configuring DNS settings
- Step 9. Configuring proxy server connection settings
- Step 10. Setting the time zone
- Step 11. Configuring time synchronization with an NTP server
- Step 12. Connecting to the server with the Sandbox component
- Step 13. Allocating the disk for the Targeted Attack Analyzer component's database
- Step 14. Creating a local administrator account for the web interface
- Step 15. Configuring receipt of mirrored traffic from SPAN ports
- Step 16. Configuring integration with a proxy server via ICAP
- Step 17. Configuring integration with a mail server via POP3
- Step 18. Configuring integration with a mail server via SMTP
- Installing and configuring the Sensor component on a separate server
- Step 1. Starting installation of the Sensor component and selecting a server role
- Step 2. Viewing the End User License Agreement and Privacy Policy
- Step 3. Selecting a disk for installing the Sensor component
- Step 4. Creating an account for working in the administrator menu and in the server management console
- Step 5. Assigning the host name
- Step 6. Enabling a network interface for the first time
- Step 7. Configuring the default network route
- Step 8. Configuring DNS settings
- Step 9. Configuring proxy server connection settings
- Step 10. Setting the time zone
- Step 11. Configuring time synchronization with an NTP server
- Step 12. Connecting to the server with the Central Node component
- Step 13. Selecting the Central Node server as the source of Sensor component database updates
- Step 14. Configuring receipt of mirrored traffic from SPAN ports
- Step 15. Configuring integration with a proxy server via ICAP
- Step 16. Configuring integration with a mail server via POP3
- Step 17. Configuring integration with a mail server via SMTP
- Installing and removing the Endpoint Sensors component
- Special considerations for installing the Endpoint Sensors component if the program is used together with KES
- Installing the Endpoint Sensors component
- Preparing an SSL connection for data exchange between the Endpoint Sensors and Central Node components
- Downloading an SSL certificate from the server with the Central Node component
- Creating an SSL certificate on the server with the Central Node component
- Uploading an independently prepared SSL certificate to the server with the Central Node component
- Preparing and uploading an SSL certificate to Active Directory
- Removing the Endpoint Sensors component
- Configuring traffic redirection from the Endpoint Sensors components to the Sensor component
- Managing Endpoint Sensors components in Kaspersky Security Center.
- Creating an Endpoint Sensors installation package
- Remotely installing the Endpoint Sensors component
- Remotely changing the settings of the Endpoint Sensors component
- Remotely uninstalling the Endpoint Sensors component
- Remotely starting and stopping the Endpoint Sensors component
- Creating a policy for remote management of the Endpoint Sensors component
- Reconfiguring a policy for remote management of the Endpoint Sensors component
- Receiving data from the Endpoint Sensors component in the Kaspersky Security Center Administration Console
- Preparing for installing program components
- Getting started with the program
- Managing accounts of program administrators and users
- Creating an administrator account for the program web interface
- Creating a user account for the program web interface
- Changing access rights of a program web interface user account
- Enabling and disabling an administrator account or user account of the program web interface
- Changing the password of a program administrator or user account
- Changing the password of your account
- Participation in Kaspersky Security Network and use of Kaspersky Private Security Network
- Managing the Sandbox component through the web interface
- Updating the Sandbox component databases
- Configuring connection between the Sandbox and Central Node components
- Configuring the Sandbox component network interfaces
- Updating the Sandbox system
- Setting the Sandbox system date and time
- Installing and configuring images of operating systems and software required for the operation of the Sandbox component
- Downloading ISO images of operating systems and software required for the operation of the Sandbox component
- Creating virtual machines with images of operating systems and software required for the operation of the Sandbox component
- Installing virtual machines with images of operating systems and software required for the operation of the Sandbox component
- Deleting all pending virtual machines
- Setting the maximum number of simultaneously running virtual machines
- Downloading the Sandbox system log to the hard drive
- Exporting the Sandbox parameters
- Importing the Sandbox parameters
- Restarting the Sandbox server
- Shutdown of the Sandbox server
- Changing the Sandbox administrator account password
- For an administrator: Getting started with the program web interface
- Kaspersky Anti Targeted Attack Platform Interface
- Monitoring program operation
- About widgets and layouts
- Selecting an organization and a server to manage in the Dashboard section
- Adding a widget to the current layout
- Moving a widget in the current layout
- Removing a widget from the current layout
- Saving a layout to PDF
- Configuring the period for displaying data in widgets
- Monitoring the receipt and processing of incoming data
- Monitoring the queues for data processing by program modules and components
- Monitoring the processing of data by the Sandbox component
- Viewing information about failures of program modules and components
- Managing Central Node, PCN, or SCN servers using the program web interface
- Configuring the date and time on the server
- Powering off and restarting the server
- Replacing the server certificate
- Saving a server certificate file on a computer
- Assigning a server DNS name
- Configuring DNS settings
- Enabling and disabling the network interface
- Configuring settings of the network interface
- Configuring the default network route
- Configuring proxy server connection settings
- Managing the Sensor component
- Processing a connection request from the Sensor component
- Viewing the table of servers with the Sensor component
- Configuring the maximum size of a scanned file
- Configuring receipt of mirrored traffic from SPAN ports
- Configuring integration with a mail server via SMTP
- Configuring TLS encryption of connections with a mail server via SMTP
- Enabling integration with a proxy server via ICAP
- Configuring integration with a mail server via POP3
- Managing the Endpoint Sensors component
- Selecting an organization to manage in the Endpoint Sensors section
- Viewing the Endpoint Sensors table on a standalone Central Node server
- Viewing the Endpoint Sensors table on a standalone Central Node server with KSC integration
- Viewing the Endpoint Sensors table in distributed solution and multitenancy mode
- Viewing information about a host
- Filtering and searching Endpoint Sensors by host name
- Filtering and searching Endpoint Sensors that have been isolated from the network
- Filtering and searching Endpoint Sensors by PCN and SCN server names
- Filtering and searching Endpoint Sensors by computer IP address
- Filtering and searching Endpoint Sensors by operating system version on the computer
- Filtering and searching Endpoint Sensors based on the Endpoint Sensor component version
- Filtering and searching Endpoint Sensors based on their activity
- Quickly creating a filter for computers with the Endpoint Sensors component
- Clearing the Endpoint Sensors filter
- Configuring Endpoint Sensors activity indicators
- Creating a task for restarting the Endpoint Sensors components in KSC
- Configuring integration with the Sandbox component
- Configuring integration with external systems
- Configuring integration with an SIEM system
- Enabling and disabling event logging to a local log
- Enabling and disabling event logging to a remote log
- Configuring the main settings for SIEM system integration
- Enabling and disabling TLS encryption of the connection with the SIEM system
- Loading a TLS certificate
- Content and properties of syslog messages about alerts
- Configuring integration with Kaspersky Security Center
- Configuring server settings for delivery of notifications
- About database updates
- Creating a list of passwords for archives
- For a security officer: Getting started with the program web interface
- Kaspersky Anti Targeted Attack Platform Interface
- Selecting an organization to manage in the web interface of the program
- Monitoring program operation
- About widgets and layouts
- Adding a widget to the current layout
- Moving a widget in the current layout
- Removing a widget from the current layout
- Saving a layout to PDF
- Configuring the period for displaying data in widgets
- Configuring the widget display size
- Main principles of working with "Alerts" widgets
- Table of alerts
- Filtering and searching alerts
- Filtering alerts by VIP status
- Filtering and searching alerts by time
- Filtering alerts by level of importance
- Filtering and searching alerts by categories of objects detected
- Filtering and searching alerts by obtained information
- Filtering and searching alerts by source address
- Filtering and searching alerts by destination address
- Filtering and searching alerts by server name
- Filtering and searching alerts based on names of program modules and components
- Filtering and searching alerts by the status of their processing by the user
- Quickly creating an alert filter
- Clearing an alert filter
- Viewing alerts
- Viewing information about an alert
- General information about an alert
- Information in the Object information section
- Information in the Alert information section
- Information in the Scan results section
- Information in the Network event section
- Information in the Sandbox scan results section
- Information in the Remote hosts section
- Information in the Hosts section
- Information about network activity of the computer in the Processes section
- Information in the User account details section
- Information in the Modules loaded into the process section
- Information in the Change log section
- Sending alert data
- User actions performed on alerts
- Events database threat hunting
- Event information
- Viewing the table of events
- Viewing information about an event
- Information about process startup
- Information about module loading
- Information about a remote connection
- Information about prevention rule triggering
- Information about document blocking
- Information about file creation
- Information about an event in the Windows log
- Information about changes in the registry
- Information about port listening
- Information about driver loading
- Information about changing a host name
- Information about the alert
- Information about alert processing results
- Managing the Endpoint Sensors component
- Viewing the Endpoint Sensors table on a standalone Central Node server
- Viewing the Endpoint Sensors table on a standalone Central Node server with KSC integration
- Viewing the Endpoint Sensors table in distributed solution and multitenancy mode
- Viewing information about a host
- Filtering and searching Endpoint Sensors by host name
- Filtering and searching Endpoint Sensors that have been isolated from the network
- Filtering and searching Endpoint Sensors by PCN and SCN server names
- Filtering and searching Endpoint Sensors by computer IP address
- Filtering and searching Endpoint Sensors by operating system version on the computer
- Filtering and searching Endpoint Sensors based on the Endpoint Sensor component version
- Filtering and searching Endpoint Sensors based on their activity
- Filtering and searching Endpoint Sensors by operating errors of the component
- Quickly creating a filter for computers with the Endpoint Sensors component
- Clearing the Endpoint Sensors filter
- Configuring Endpoint Sensors activity indicators
- Supported interpreters and processes
- Network isolation of hosts with the Endpoint Sensors component
- Managing tasks
- Viewing the task table
- Viewing information about a task
- Creating a process termination task
- Creating a program execution task
- Creating a file download task
- Creating a file deletion task
- Creating a file quarantine task
- Creating a quarantined file recovery task
- Creating a copy of a task
- Deleting a task
- Filtering tasks by creation time
- Filtering tasks by type
- Filtering tasks by name
- Filtering tasks by file name and path
- Filtering tasks by description
- Filtering tasks by server name
- Filtering tasks based on the name of the user that created the task
- Filtering tasks by processing status
- Clearing a task filter
- Managing policies (prevention rules)
- Viewing the prevention rule table
- Viewing a prevention rule
- Creating a prevention rule
- Enabling and disabling a prevention
- Deleting a prevention rule
- Filtering preventions by name
- Filtering prevention rules by type
- Filtering preventions by file hash
- Filtering preventions by server name
- Clearing a prevention rule filter
- Managing indicators of compromise and attack
- IOC scan of events
- Viewing the table of IOC files
- Viewing information about an IOC file
- Uploading an IOC file
- Downloading an IOC file to a computer
- Enabling and disabling the automatic use of an IOC file when scanning events
- Deleting an IOC file
- Searching IOC scan results
- Filtering and searching IOC files
- Clearing an IOC file filter
- Configuring an IOC scan schedule
- Supported OpenIOC Indicators of Compromise
- IOA analysis of events
- Viewing the IOA rule table
- Viewing information about an IOA rule
- Enabling or disabling an IOA rule
- Adding an IOA rule
- Editing an IOA rule
- Deleting an IOA rule
- Viewing an IOA white list
- Viewing information about an IOA rule in the white list
- Adding an IOA rule to the white list
- Removing an IOA rule from the white list
- Viewing the IOA analysis results
- Filtering and searching IOA rules
- Clearing an IOA rules filter
- IOC scan of events
- Managing objects in Backup
- Viewing the table of objects that were placed in Backup
- Viewing information about an object in Backup
- Downloading objects from Backup
- Uploading objects to Backup
- Scanning objects from Backup
- Deleting objects from Backup
- Filtering objects in Backup by object type
- Filtering objects in Backup by object description
- Filtering objects in Backup based on scan results
- Filtering objects in Backup based on the name of Central Node, PCN, or SCN server
- Filtering objects in Backup by object source
- Filtering objects based on the time they were placed in Backup
- Clearing a Backup objects filter
- Viewing space usage in Backup and Quarantine
- Managing reports
- Creating a template
- Creating a report based on a template
- Viewing the table of templates and reports
- Viewing a report
- Downloading a report to a local computer
- Editing a template
- Filtering templates by name
- Filtering templates based on the name of the user that created the template
- Filtering templates by creation time
- Clearing a template filter
- Deleting a template
- Filtering reports by creation time
- Filtering reports by name
- Filtering reports by the name of the server with the Central Node component
- Filtering reports based on the name of the user that created the report
- Clearing a report filter
- Deleting a report
- Sending notifications
- Viewing the table of rules for sending notifications
- Creating a rule for sending notifications about alerts
- Creating a rule for sending notifications about the operation of program components
- Enabling and disabling a rule for sending notifications
- Modifying a rule for sending notifications
- Deleting a rule for sending notifications
- Filtering and searching notification forwarding rules by rule type
- Filtering and searching notification forwarding rules based on the notification subject
- Filtering and searching notification forwarding rules by email address
- Filtering and searching notification forwarding rules based on their status
- Clearing a notification forwarding rule filter
- Managing rules for assigning the VIP status to alerts
- Adding a VIP status assignment rule
- Deleting a VIP status assignment rule
- Modifying a VIP status assignment rule
- Importing a list of VIP status assignment rules
- Exporting a list of VIP status assignment rules
- Filtering and searching by type of VIP status assignment rule
- Filtering and searching by value of VIP status assignment rule
- Filtering and searching by description of VIP status assignment rule
- Clearing a VIP status assignment rule filter
- Managing YARA rules
- Managing a white list
- Adding a record to the white list
- Removing a record from the white list
- Modifying a record in the white list
- Importing a white list
- Exporting a white list
- Filtering and searching records in the white list based on the type of rule
- Filtering and searching records in the white list based on a value of rules
- Clearing a white list record filter
- Creating a list of passwords for archives
- Creating a backup copy and restoring the program from backup
- Creating a backup copy of the program from the program administrator menu
- Downloading a file containing a backup copy of the program from the Central Node or PCN server to the hard drive of the computer
- Uploading a file containing a backup copy of the program from your computer to the Central Node server
- Restoring the program from a backup copy through the program administrator menu
- Creating a backup copy of the program in Technical Support Mode
- Restoring the program from a backup copy in Technical Support Mode
- Upgrading Kaspersky Anti Targeted Attack Platform
- Interaction with external systems via API
- Contacting the Technical Support Service
- Sources of information about the program
- Glossary
- Advanced persistent threat (APT)
- Alternate data stream
- Anti-Malware Engine
- Backdoor program
- Central Node
- Communication channel bandwidth
- CSRF attack
- Distributed solution
- Dump
- End User License Agreement
- Endpoint Sensors
- ICAP data
- Intrusion Detection System
- IOA
- IOA rule
- IOC
- IOC file
- Kaspersky Anti Targeted Attack Platform
- Kaspersky Private Security Network
- Kaspersky Secure Mail Gateway
- Kaspersky Security Network (KSN)
- KATA
- KEDR
- Local reputation database of KPSN
- Malicious web addresses
- Mirrored traffic
- MITM attack
- MITRE technique
- Multitenancy
- New generation threats
- NTP server
- Open IOC
- Phishing URL addresses
- Sandbox
- Sensor
- SIEM system
- Signature
- SPAN
- Syslog
- Targeted attack
- Targeted Attack Analyzer
- TLS encryption
- Tracing
- VIP status
- YARA
- YARA Rules
- Zero-day attack
- Zero-day vulnerability
- AO Kaspersky Lab
- Information about third-party code
- Trademark notices
Program licensing
Program licensing
This section covers the main aspects of program licensing.
Article ID: 69238, Last review: Jan 20, 2020