Traffic data of the Sensor component
September 6, 2024
ID 197172
Traffic data of the Sensor component is stored on the server with the Sensor component or on the server with Sensor and Central Node components if Sensor and Central Node are installed on the same server or deployed as a cluster.
Traffic data is recorded and stored in sequentially created files. The application stops recording data in one file and starts logging data in the next file if:
- The maximum file size is reached (you can configure this setting)
- The configured time interval has elapsed (you can configure this setting)
- The traffic saving service or the entire Kaspersky Anti Targeted Attack Platform application is restarted
As traffic data accrues, Kaspersky Anti Targeted Attack Platform filters data and keeps only the following information:
- Information related to alerts generated by the Targeted Attack Analyzer technology
- PCAP files in which:
- Source or destination IP address matches an IP address from the alert
- Traffic data belongs to the time period within 15 minutes from the alert time
Filtered traffic data is moved to a separate section. The rest of the traffic data (that do not satisfy filtering criteria) is deleted.
Filtered traffic data is saved in sequentially created files. The application stops recording data in one file and starts logging data in the next file if:
- The maximum file size is reached
- The configured time interval has elapsed
Filtered data traffic is stored for the last 24 hours. Older data is deleted.
