To add an exclusion to a previously created network isolation rule, you must create a request to add an exclusion. To create the request, the HTTP POST method is used.
Command settings are passed in the body of the request in JSON format.
Command syntax
curl -k --<path to TLS certificate file> --key <path to private key file> -X POST "<URL of Central Node server>:<port, 443 by default>/kata/response_api/v1/<external_system_id>/settings?sensor_id=<sensor_id>&settings_type=network_isolation" -H 'Content-Type: application/json' -d '
{
"settings": [
{
"excludedRules": [
{
"direction": "<outbound or inbound>",
"protocol": <number of IP protocol>,
"remotePortRange": {
"fromPort": remoteIpv6Address,
"toPort": <port number>
},
"localPortRange":
{
"fromPort": <port number>,
"toPort": <port number>
}
}
],
"autoTurnoffTimeoutInSec": <duration of network isolation>
}
}
'
Parameters
Parameter |
Type |
Description |
|
|
Unique ID of the external system used for authorization in Kaspersky Anti Targeted Attack Platform. |
|
|
Unique Kaspersky Endpoint Agent host identifier. |
|
|
Direction of network traffic that must not be blocked. Possible values:
|
|
|
Number of IP protocol, assigned by the Internet Assigned Numbers Authority (IANA). |
|
|
IP address of the Kaspersky Endpoint Agent host whose traffic must not be blocked. |
|
|
Destination port. |
|
|
Port from which the connection is initiated. |
|
|
Period of time during which the network isolation will be active. Allowed range - 1 to 9999 hours. Network isolation time period is specified in seconds. For example, if you want to enable network isolation of a host for two hours, you must specify 7200 seconds. |
Example of entering a command with switches
|
Returned value
Return code |
Description |
---|---|
|
Operation completed successfully. |
|
Incorrect parameters. |
|
Authorization required. |
|
Specified Kaspersky Endpoint Agent host not found. |
|
Internal server error. Repeat the request later. |
If you want to edit the settings of the created exclusion, you must create a new request to add the exclusion with the new settings.
Page top