The scenario for preparing to receive data from the Endpoint Agent component involves the following steps:
At this step, you must install Kaspersky Endpoint Security for Windows or Kaspersky Endpoint Security for Linux, which acts as the Endpoint Agent component, on all computers that you want to receive information about in Kaspersky Anti Targeted Attack Platform. These computers must be on the same network as one of the servers with the Sensor component.
The current version of Kaspersky Anti Targeted Attack Platform supports receiving and processing data only when integrated with Kaspersky Endpoint Security for Windows 12.7 and later or Kaspersky Endpoint Security for Linux 12.2 and later.
This phase involves the completion of procedures for adding integration servers to the servers to which the Endpoint Agent components will connect. Network interactions between servers and Endpoint Agent components are possible only through network interfaces that are not being used as monitoring points. Specific network interfaces and IP addresses are not configured for integration servers because any available network interface and IP address of a computer can be used for an external connection to the integration server.
At this stage, you must create and download communication data packages in which the application stores certificates and keys for connections of clients to the integration servers. Each communication data package is an archive containing the following data:
We recommend using Kaspersky Security Center to do this. For Kaspersky Anti Targeted Attack Platform integration servers, clients are computers with the Endpoint Agent component. Upload certificates and/or keys from communication data packages to the Kaspersky Security Center Administration Server by using the Endpoint Agent administration plug-in. Then, create policies in Kaspersky Security Center for uploading data to computers with Endpoint Agent. For information on managing data and creating policies, see the documentation of the Kaspersky Endpoint Security for Windows and Kaspersky Endpoint Security for Linux.
For each integration server, at least one policy must be created, containing the following data to be uploaded to client computers:
This phase is completed after applying policies and uploading data to computers with the Endpoint Agent component. At this stage, you need to enable all integration servers to which you want data from EPP applications to be sent.
As a result of the scenario, Kaspersky Anti Targeted Attack Platform starts receiving and processing data from EPP applications.
Page top