Managing accounts of application administrators and users

Kaspersky Anti Targeted Attack Platform provides accounts for servers with the following components:

Data from each of these accounts is stored on the server hosting the application component to which the account belongs.

In distributed solution and multitenancy mode, data from each of these accounts is stored on the PCN and on the server hosting the application component to which the account belongs.

The administrator account used for working in the server management console has unlimited rights to manage the server hosting the application component to which the account belongs (superuser rights). Under this account, you can turn off or restart a server, or modify the settings of the application in Technical Support Mode in the server management console.

An administrator account for working in the management console of a server (admin) has unlimited access to data on that server. The password of the administrator account for working in the server management console must be strong. The administrator must take steps to ensure the security of the servers. The administrator bears responsibility for access to data stored on servers.

An account with the Administrator role can add, enable and disable application user accounts, and change the passwords of application administrator accounts and web interface user accounts. In distributed solution and multitenancy mode, user accounts are managed on the PCN.

The local administrator account of the application web interface is intended for employees of your organization who need to manage Kaspersky Anti Targeted Attack Platform. When signing in to the application under this account, you will see all sections of the web interface that are available to a user with the Administrator role.

The administrator account of the application web interface lets you manage the application, however, unlike the local administrator account of the application web interface, such accounts are not allowed to manage PCN and SCN servers or tenants in the Operation mode section.

An account with the Security auditor role can view all sections of the web interface available to the local administrator and security personnel. A user with the Security auditor role can view data but cannot edit this data.

The Senior security officer and Security officer roles are intended for employees of your organization whose job description involves managing events and tasks of Kaspersky Anti Targeted Attack Platform. When signing in to the application under accounts with these roles, you will see all sections of the web interface that are available to security officers. Users with the Senior security officer role have access to all operations. The restrictions for users with the Security officer role are listed in the table below.

Access restrictions for application users with the Security officer role

Functional scope / Section of the web interface

Restrictions

Dashboard

Widgets of VIP group events are not available.

It is not possible to use a link in the widget to go to the Alerts section.

Alerts

The following actions are not available:

  • Viewing alert details.
  • Marking the completion of VIP group alert processing.
  • Performing operations on multiple alerts.
  • Exporting the list of all alerts.

Threat Hunting

Events that are associated with hosts from VIP group alerts are not available.

Tasks

No access.

Prevention

No access.

Custom rules

Read access.

Storage

There is no access to objects that are placed in Storage as a result of tasks.

Full access to objects that were manually downloaded by the user.

Endpoint Agents

Access to viewing tables of Kaspersky Endpoint Agent computers; restrictions on viewing details of tasks, policies, and network isolation.

Network isolation of hosts

No access.

Reports

No access.

Settings: IOC scanning schedule

Read access.

Settings: Endpoint Agents

Read access.

Settings: KPSN reputation database

No access.

Settings: Notification rules

No access to rules for sending notifications about alerts. Full access to rules for sending notifications about problems in application operation.

Settings: VIP status

Read access.

Custom rules: YARA

Access only to export rules.

Settings: TAA exclusions

Access to read and export.

Settings: Passwords for archives

No access.

Settings: License

Read access.

If you are using the distributed solution and multitenancy mode, access to tenants and the web interface of the SCN server can be allowed or denied for each account.

See also

Kaspersky Anti Targeted Attack Platform Help

Kaspersky Anti Targeted Attack Platform

Data provision

Application licensing

Architecture of the application

Operating principle of the application

Distributed solution and multitenancy

Sizing Guide

Installing and performing initial configuration of the application

Configuring the sizing settings of the application

Configuring the integration of Kaspersky Anti Targeted Attack Platform with the Kaspersky Endpoint Agent component

Getting started with the application

Authentication using domain accounts

Participation in Kaspersky Security Network and use of Kaspersky Private Security Network

Managing the Sandbox component through the web interface

For administrators: Getting started with the application web interface

For security officers: Getting started with the application web interface

Managing user-defined Sandbox rules

Sending notifications

Managing Kaspersky Endpoint Agent for Windows

Managing Kaspersky Endpoint Security for Windows

Managing Kaspersky Endpoint Security for Linux

Managing Kaspersky Endpoint Security for Mac

Backing up and restoring data

Upgrading Kaspersky Anti Targeted Attack Platform

Interaction with external systems via API

Sources of information about the application

Contacting the Technical Support Service

Information about third-party code

Trademark notices

In this Help section

Creating an administrator account for the application web interface

Creating a user account for the application web interface

Configuring user account table display

Viewing the user account table

Filtering user accounts

Resetting the account filter

Changing access rights of an application web interface user account

Enabling and disabling an administrator account or user account of the application web interface

Changing the password of an application administrator or user account

Changing the password of your account

Page top