Kaspersky Anti Targeted Attack Platform Interface

The application is managed through the web interface. Sections of the application web interface differ depending on the role of the user: Administrator or Senior security officer / Security officer / Security auditor.

The window of the application web interface contains the following:

• Sections in the left part and in the lower part of the application web interface window.
• Tabs in the upper part of the application web interface window for certain sections of the application.
• The workspace in the lower part of the application web interface window.

Sections of the application web interface window

The application web interface provides the following sections for users with the Senior security officer, Security officer, and Security auditor roles:

• Dashboard. Contains Kaspersky Anti Targeted Attack Platform Monitoring data.
• Alerts Contains information about alerts in the network of the tenant to which you have access.

  An individual organization or branch office of an organization to which the Kaspersky Anti Targeted Attack Platform solution is being provided.

• Threat Hunting. Contains information about events found on hosts of the tenant to which you have access.
• Tasks. Contains information about tasks that you can use to manage files and application on hosts.
• Prevention. Contains information about policies that you can use to manage preventions of files running on selected hosts.
• Custom rules: TAA, IDS, IOC, and YARA. Contains information for managing user-defined rules.
• Storage: Files, and Quarantine. Contains information for managing objects in Quarantine and Storage.
• Endpoint Agents. Contains information about computers with the Kaspersky Endpoint Agent component and their settings.
• Reports: Generated reports and Templates. Contains a report builder and a list of generated reports about alerts.
• Settings: IOC scanning schedule, Endpoint Agents, KPSN reputation database, Notification rules, VIP status, Exclusions, Passwords for archives, and License. Contains information on the IOC scan schedule, and the settings for publishing objects in KPSN and assigning the VIP status to alerts based on information contained in alerts, the list of allowed objects, and IDS and TAA (IOA) rules excluded from scanning, passwords of archives, and added keys.

Workspace of the application web interface window

The workspace displays the information you choose to view in the sections and on the tabs of the application web interface window. It also contains control elements that you can use to configure how the information is displayed.

See also Selecting a tenant to manage in the web interface of the application Monitoring the performance of the application Viewing the alert table Configuring the alert table display Filtering, sorting, and searching alerts Recommendations for processing alerts Viewing alerts User actions performed on alerts Events database threat hunting Event information Managing Endpoint Agent host information Network isolation of hosts with the Endpoint Agent component Automatically sending files from Kaspersky Endpoint Agent hosts to be scanned by the Sandbox component in accordance with Kaspersky TAA (IOA) rules Selecting operating systems to use when scanning objects in Sandbox Managing tasks Managing policies (prevention rules) Managing user-defined rules Managing objects in Storage and Quarantine Managing reports Managing rules for assigning the VIP status to alerts Managing the list of scan exclusions Managing IDS exclusions Managing TAA exclusions Managing ICAP exclusions Creating a list of passwords for archives Viewing server settings Viewing the table of servers with the Sandbox component Viewing the settings of the set of operating systems used for scanning objects in Sandbox Viewing the table of servers with the Sensor component Managing raw network traffic Viewing the table of external systems

Page top