Configuring receipt of mirrored traffic from SPAN ports and the http-body parameter
If you are using the distributed solution and multitenancy mode, use the web interface of the PCN or SCN server for which you want to configure parameters.
Operation mode in which Kaspersky Anti Targeted Attack Platform is used to protect the infrastructure of multiple organizations or branch offices of the same organization simultaneously.
Two-level hierarchy of servers with Central Node components installed. This hierarchy allocates a primary control server (Primary Central Node (PCN)) and secondary servers (Secondary Central Nodes (SCN)).
To configure receipt of mirrored traffic from SPAN ports:
Select the Sensor servers section in the window of the application web interface.
The Server list table will be displayed.
Select the Sensor server for which you want to configure the receipt of mirrored traffic from SPAN ports.
This opens the Sensor server settings page.
Select the SPAN traffic processing section.
The Network interfaces table is displayed.
In the row of the network interface from which you want to configure the receipt of mirrored traffic, set the toggle switch in the SPAN traffic scanning column to Enabled.
Under Dump HTTP body:
If you want to enable the http-body parameter in the Suricata configuration file, set the toggle switch to Enabled. By default, the toggle switch is in the Enabled position.
If you want to disable the http-body parameter in the Suricata configuration file, set the toggle switch to Disabled.
Click Apply.
Receipt of mirrored traffic from SPAN ports and the http-body parameter are configured.