Data on program settings

The values of program settings are stored indefinitely on the server with the Central Node component in the directory /data/var/lib/kaspersky/storage/pgsql/10/data/.

Kaspersky Anti Targeted Attack Platform resources provide no capability to restrict the rights of the users of servers and operating systems to which the Central Node component is installed. The administrator is advised to use any system resources at their own discretion to control how the users of servers and operating systems with the program installed may be granted access to the personal data of other users.

Data on policies and tasks are stored on the Central Node server in non-encrypted form.

Data on policies

Policy data may contain the following information:

Data on tasks

Based on the task results, a report is generated that is stored on the server hosting the Central Node component.

Task data may contain the following information:

Data on user accounts

Program user account data may contain the following information:

Information about Endpoint Agent components (previously known as Endpoint Sensors)

Information about Endpoint Agent components may contain the following:

Information about parameters of IOC and TAA (IOA) user rules.

Information about parameters of IOC and TAA (IOA) user rules can contain the following:

Information about parameters of IDS user rules

Information about parameters of IDS user rules can contain the following:

Data on network isolation rules.

Data on network isolation rules may contain the following information:

Data on report templates.

Report template data may contain the following information:

Data on the general settings of the program.

Data on the general settings of the program may contain the following information:

Service data necessary for program operation

The service data necessary for program operation is provided in the table below. Service data may also contain the user data described above in this section.

Service data necessary for program operation

Data type

Storage location

Access to data

Storage duration

Event log of the operating system.

  • /var/log

Access for users with root privileges.

Indefinite.

Program data cache (redis).

  • /var/log

User access is defined by the administrator using operating system tools.

Access is provided only over an encrypted IPSec channel.

Indefinite.

Alert export files.

Files may contain the following information:

  • Name of the computer on which the alert was generated.
  • Alert time.
  • Category of the detected object.
  • IP address of the data packet sender.
  • IP address of the data packet recipient.
  • URL address of the data packet sender.
  • URL address of the data packet recipient.
  • UserAgent of the computer with the Endpoint Agent component.
  • URL of the visited website.
  • MD5 hash of the detected object.
  • SHA256 hash of the detected object.
  • Full name of the detected object.
  • Command-line parameters.
  • Email address of the sender of the message in which the object was detected.
  • Email addresses of the recipients of the message in which the object was detected.
  • Name of the domain in which the alert was generated.
  • /var/log

User access is defined by the administrator using operating system tools.

Data export is available only for authorized users.

Access is provided only over an encrypted IPSec channel.

Indefinite.

Artifacts of the Sandbox component, PCAP files of intercepted traffic.

  • /var/opt/kaspersky/apt-agents/sb_storage

User access is defined by the administrator using operating system tools.

Files are rotated as the allocated storage location is filled.

Object scan queue.

  • /var/opt/kaspersky/apt-collector/spool

User access is defined by the administrator using operating system tools.

Until scan completion.

Objects in quarantine, and objects received from the Endpoint Agent component.

  • /var/opt/kaspersky/apt/edr_quarantine
  • /var/opt/kaspersky/apt/edr_storage

User access is defined by the administrator using operating system tools.

Files are rotated as the allocated storage location is filled.

YARA Rules

  • /var/opt/kaspersky/apt-agents/yara_rules

User access is defined by the administrator using operating system tools.

Indefinite.

Certificates of servers used for integration of program components.

  • /etc/ssl/certs

User access is defined by the administrator using operating system tools.

Information about actions with certificates is saved in the program event log.

Indefinite.

Encryption keys transmitted between program components.

  • /etc/opt/kaspersky/apt-base/ipsec.d

User access is defined by the administrator using operating system tools.

Information about modifications to encryption keys is saved in the program event log.

Indefinite.

See also

Traffic data of the Sensor component

Data in alerts

Data in events

Data in reports

Data on objects in Storage and Quarantine

Page top