Kaspersky Anti Targeted Attack Platform provides an API that lets external systems access information about all alerts of the program and not just to scan results for objects stored in these external systems.
In order to receive information only for alerts that satisfy certain conditions, you can specify filters in the request parameters.
The program does not automatically send information about new alerts based on prior requests. A new request must be sent to receive up-to-date information.
Special considerations for operation in the distributed solution
If the program operates in the distributed solution mode, an external system can complete the authorization procedure only on the SCN server. Authorization on the PCN server is not available.
In this case, an external system cannot receive information about all alerts registered in the infrastructure using a single request. This limitation arises because the common database which contains records about all alerts in the infrastructure is stored on the PCN server. To receive information about all alerts, the external system must query each SCN server separately.