Kaspersky Network Detection and Response (KATA) Integration task settings

The table describes all available settings and the default values of all the settings that you can specify for the Kaspersky Network Detection and Response (KATA) Integration task.

Kaspersky Network Detection and Response (KATA) Integration task settings

Setting

Description

Value

UseClientPinnedCertificate

Enable and disable two-way authentication to further secure the connection to the NDR server.

If client certificate validation is enabled on the NDR server side, enable the use of a client certificate and add a client certificate before starting the Kaspersky Network Detection and Response (KATA) Integration task.

Yes — use two-way authentication to further secure the connection to the NDR server.

No (default value) — do not use two-way authentication.

SynchronizationPeriod

Frequency of sending synchronization requests to the NDR server in minutes.

The default value is 5.

ConnectionTimeout

Maximum time to wait for a connection to the NDR server in seconds.

The default value is 10.

RequestTimeout

Maximum time to wait for a response from the NDR server in seconds.

The default value is 10.

The [Endpoints.item_#] section contains the settings of the NDR server.

Address

NDR server address.

IP address (IPv4 or IPv6) or fully qualified domain name (FQDN) of the integration server can be specified.

Default value: 127.0.0.1.

Port

Port for connecting to the NDR server.

The default value is 8081.

The [EventTransferSettings] section contains settings for sending events to the NDR server.

MaximumDataTransferTime

The maximum delay in sending events to the NDR server in seconds.

The default value is 30.

MaximumNumberOfEventsInPackage

Maximum number of events in one package.

The default value is 1024.

UseRequestCountLimits

Enable or disable regulating the number of events sent to the KATA/NDR server.

Yes (default value) – regulate the number of events sent.

No – do not regulate the number of events.

MaximumNumberOfEventsInHour

Maximum number of events per hour

The default value is 3000.

EventLimitExceededPercentage

Event throttle threshold (percentage). Sending events is limited if the ratio of events of a certain type to the total number of events exceeds the configured threshold (as a percentage).

The default value is 15.

PingPeriod

NDR server polling period in seconds.

The default value is 450.

Page top