In the Web Console, you can enable or disable the EDR (KATA) and NDR (KATA) components and configure the integration of the Kaspersky Endpoint Security application with the Kaspersky Anti Targeted Attack Platform in the policy properties (Application settings → Detection and Response → Endpoint Detection and Response (KATA) and Application settings → Detection and Response → Network Detection and Response (KATA)).
Managing Kaspersky Anti Targeted Attack Platform component integration settings in Kaspersky Security Center Cloud Console is not supported.
Integration settings
|
Setting |
Description |
|---|---|
|
Endpoint Detection and Response (KATA) / Network Detection and Response (KATA) enabled/disabled |
Enables or disables the EDR (KATA) component or the NDR (KATA) component. The components are disabled by default. |
|
Execution prevention for objects is enabled/disabled |
Enables or disables EDR (KATA) rules for execution prevention for objects. Execution prevention rules for objects can be applied only if the EDR (KATA) component is enabled. This toggle switch is displayed only when integrating with Kaspersky Endpoint Detection and Response (KATA). |
|
Server connection settings |
The Configure link opens the Server connection settings window, where you can configure general settings for connecting to KATA/NDR servers, add a server certificate, and configure two-way authentication when connecting to KATA/NDR servers. |
|
KATA servers / NDR servers |
The table contains a list of KATA/NDR servers to which connection is configured. The Add button opens a window where you can configure the connection to the KATA/NDR server. You can use the buttons above the table to edit and remove previously configured connection settings. |
|
Maximum delay when sending events (sec) |
The maximum delay in sending events to the KATA/NDR server in seconds. The default value is |
|
Maximum number of events in one package |
Maximum number of events in one package. The default value is The field is displayed only when integrating with Kaspersky Network Detection and Response (KATA). |
|
Server poll frequency (sec) |
NDR server polling period in seconds. The default value is The check box is displayed only when integrating with Kaspersky Network Detection and Response (KATA). |
|
Enable event throttling |
Enables or disables the regulation of the number of events sent to the KATA/NDR server. |
|
Maximum number of events per hour |
Maximum number of events per hour The default value is |
|
Event throttle threshold (percentage) |
Event throttle threshold (percentage). Sending events is limited if ratio of events of one type (for example, events about registry changes) to the total number of events exceeds the set threshold (as a percentage). The default value is |