What's new

Kaspersky Anti Targeted Attack Platform 3.7.1. now has the following new features:

  1. Added integration with Kaspersky Managed Detection and Response.
  2. Added policies for automatically creating prevention rules (presets) based on medium and high severity alerts of the Sandbox component.
  3. The Threat Hunting section is changed:
    • New default value for the time filter (Last day)
    • You can now group entries if more than 10,000 events exist.
  4. In information about Remote connection type events, a link is added to the Remote IP field. You can click the link to:
    • Find events and alerts with the same IP address in the program database
    • View information about this IP address on the KL TIP portal
    • Copy the IP address to the clipboard
  5. In the event information window, links to separate pages are now opened in a new browser tab.
  6. The Reference field that contained links to third-party websites is now removed from the information of alerts created using the IDS technology.
  7. The display of information about hosts with Kaspersky Endpoint Agent is optimized.

Kaspersky Endpoint Agent 3.8 now has the following new features:

  1. Search for indicators of compromise (OpenIOC) by means of group user tasks. The list of supported terms of the OpenIOC standard is significantly extended compared to the previous version. The full list of supported terms of the OpenIOC standard is provided in Kaspersky Anti Targeted Attack Platform Guide.
  2. Network isolation of a compromised device by command from Kaspersky Anti Targeted Attack Platform.
  3. Capability to activate Kaspersky Endpoint Agent to enable integration with Kaspersky Anti Targeted Attack Platform is implemented.
  4. Integration with Kaspersky Anti Targeted Attack Platform (KEDR):
    • Transmitting telemetry data from the protected devices to Kaspersky Anti Targeted Attack Platform for subsequent retrospective analysis.
    • Applying filter settings for telemetry from the protected devices.
    • Applying the settings of protection against complex threats: list of rules for preventing execution of scripts and launch of executable files, lists of rules prohibiting opening of documents, the rules of network isolation of devices.
    • Execution of the following tasks received from Kaspersky Anti Targeted Attack Platform: Delete file, Get file, Quarantine file, Restore file from Quarantine, Run program, and Terminate process.

See also

Kaspersky Anti Targeted Attack Platform

About Kaspersky Threat Intelligence Portal

Distribution kit

Hardware and software requirements

Limitations of the current version of the program

Page top