If you are using the distributed solution and multitenancy mode, use the web interface of the PCN or SCN server for which you want to configure parameters.
Operation mode in which Kaspersky Anti Targeted Attack Platform is used to protect the infrastructure of multiple organizations or branch offices of the same organization simultaneously.
Two-level hierarchy of servers with Central Node components installed. This hierarchy allocates a primary control server (Primary Central Node (PCN)) and secondary servers (Secondary Central Nodes (SCN)).
The table of IOC files contains information about IOC files used for scanning on computers with the Endpoint Agent component installed; you can find the table in the Custom rules section, IOC subsection of the application web interface window.
The table of IOC files contains the following information:
—Importance level that will be assigned to an alert generated using this IOC file.
The importance level can have one of the following values:
— Low importance.
— Medium importance.
— High importance.
Type—Type of IOC file depending on the application operating mode and the server to which the IOC file was uploaded:
Local—IOC files uploaded to an SCN server. These IOC files are used to search for indicators of compromise on hosts with the Endpoint Agent component connected to the SCN server.
Global—IOC files uploaded to the PCN server. These IOC files are used to search for indicators of compromise on hosts with the Endpoint Agent component connected to the PCN server and all SCN servers connected to the PCN server.
Name—Name of the IOC file.
Servers are names of servers with the PCN or SCN role to which the rule applies.