The table describes all available settings and the default values of all the settings that you can specify for the Kaspersky Network Detection and Response (KATA) Integration task.
Kaspersky Network Detection and Response (KATA) Integration task settings
|
Setting |
Description |
Value |
|---|---|---|
|
|
Enable and disable two-way authentication to further secure the connection to the NDR server. If client certificate validation is enabled on the NDR server side, enable the use of a client certificate and add a client certificate before starting the Kaspersky Network Detection and Response (KATA) Integration task. |
|
|
|
Frequency of sending synchronization requests to the NDR server in minutes. |
The default value is |
|
|
Maximum time to wait for a connection to the NDR server in seconds. |
The default value is |
|
|
Maximum time to wait for a response from the NDR server in seconds. |
The default value is |
|
The [Endpoints.item_#] section contains the settings of the NDR server. |
||
|
|
NDR server address. IP address (IPv4 or IPv6) or fully qualified domain name (FQDN) of the integration server can be specified. |
Default value: |
|
|
Port for connecting to the NDR server. |
The default value is |
|
The [EventTransferSettings] section contains settings for sending events to the NDR server. |
||
|
|
The maximum delay in sending events to the NDR server in seconds. |
The default value is |
|
|
Maximum number of events in one package. |
The default value is |
|
|
Enable or disable regulating the number of events sent to the KATA/NDR server. |
|
|
|
Maximum number of events per hour |
The default value is |
|
|
Event throttle threshold (percentage). Sending events is limited if the ratio of events of a certain type to the total number of events exceeds the configured threshold (as a percentage). |
The default value is |
|
|
NDR server polling period in seconds. |
The default value is |