Kaspersky Endpoint Detection and Response (KATA) is a component of the Kaspersky Anti Targeted Attack Platform solution, which is designed to protect the IT infrastructure of organizations and promptly detect threats, such as zero-day attacks, targeted attacks, and advanced persistent threats (APT). To read more, check out the Kaspersky Anti Targeted Attack Platform Help.
When interacting with Kaspersky Endpoint Detection and Response (KATA), Kaspersky Endpoint Security may send data about events on devices (telemetry) to the Kaspersky Anti Targeted Attack Platform server with the Central Node component ("KATA server") and execute commands from Kaspersky Anti Targeted Attack Platform intended to provide security.
This feature is not supported in the KESL container.
For integration with Kaspersky Endpoint Detection and Response (KATA), the Behavior Detection component must be enabled.
The integration of Kaspersky Endpoint Security with Kaspersky Endpoint Detection and Response (KATA) is only possible if these components are enabled. Otherwise, the required telemetry data cannot be transmitted.
Kaspersky Endpoint Detection and Response (KATA) can additionally use data received from the following components:
When integrated with Kaspersky Endpoint Detection and Response (KATA), devices with Kaspersky Endpoint Security establish secure connections to the KATA server via the HTTPS protocol. To ensure a secure connection, the following certificates issued by the KATA server are used:
Certificates for securing the connection to the KATA server are provided by the Kaspersky Anti Targeted Attack Platform administrator.
A proxy server is used to connect to the KATA server if use of a proxy server is configured in the general application settings of Kaspersky Endpoint Security.
Kaspersky Endpoint Detection and Response (KATA) integration settings
Setting |
Description |
---|---|
Integration with Endpoint Detection and Response (KATA). |
Enables or disables the integration of the Kaspersky Endpoint Security application with Kaspersky Endpoint Detection and Response (KATA). The integration server is disabled by default. |
KATA servers |
The Configure button in the block opens the KATA servers window. In this window, you can configure a connection to KATA servers and view the list of servers to which a connection is configured. |
Server connection settings |
The Configure button in the block opens a window where you can configure general settings for connecting to KATA servers, add a server certificate, and configure two-way authentication upon connecting to KATA servers. |
Data transfer settings |
The Configure button in the block opens a window where you can configure settings for data to KATA servers. |