Scenario for preparing to receive data from the Endpoint Agent component

The scenario for preparing to receive data from the Endpoint Agent component involves the following steps:

1. Installing the Endpoint Agent component on computers of the controlled network

   At this step, you must install Kaspersky Endpoint Security for Windows or Kaspersky Endpoint Security for Linux, which acts as the Endpoint Agent component, on all computers that you want to receive information about in Kaspersky Anti Targeted Attack Platform. These computers must be on the same network as one of the servers with the Sensor component.

   The current version of Kaspersky Anti Targeted Attack Platform supports receiving and processing data only when integrated with Kaspersky Endpoint Security for Windows 12.7 and later or Kaspersky Endpoint Security for Linux 12.2 and later.

2. Adding integration servers for Kaspersky Anti Targeted Attack Platform components

   This phase involves the completion of procedures for adding integration servers to the servers to which the Endpoint Agent components will connect. Network interactions between servers and Endpoint Agent components are possible only through network interfaces that are not being used as monitoring points. Specific network interfaces and IP addresses are not configured for integration servers because any available network interface and IP address of a computer can be used for an external connection to the integration server.

3. Creating communication data packages for clients of integration servers

   At this stage, you must create and download communication data packages in which the application stores certificates and keys for connections of clients to the integration servers. Each communication data package is an archive containing the following data:

   • Public key of the integration server certificate.
   • The certificate for clients of the integration server (with a private key). This certificate is added if client certificate verification is enabled on the integration server. The certificate and key are encrypted using the password specified when creating the communication data package.
4. Uploading data for connecting to integration servers to client computers

   We recommend using Kaspersky Security Center to do this. For Kaspersky Anti Targeted Attack Platform integration servers, clients are computers with the Endpoint Agent component. Upload certificates and/or keys from communication data packages to the Kaspersky Security Center Administration Server by using the Endpoint Agent administration plug-in. Then, create policies in Kaspersky Security Center for uploading data to computers with Endpoint Agent. For information on managing data and creating policies, see the documentation of the Kaspersky Endpoint Security for Windows and Kaspersky Endpoint Security for Linux.

   For each integration server, at least one policy must be created, containing the following data to be uploaded to client computers:

   • Public key of the integration server certificate.
   • IP address for connecting to the integration server. You can specify any of the available IP addresses of the integration server node. You can view IP addresses in the web interface in the Settings section, Connection servers subsection, on the Integration servers tab. By default, port 8070 is used for the connection.
   • The certificate for clients of the integration server (with a private key). This certificate is added if client certificate verification is enabled on the integration server.
5. Enabling integration servers

   This phase is completed after applying policies and uploading data to computers with the Endpoint Agent component. At this stage, you need to enable all integration servers to which you want data from EPP applications to be sent.

As a result of the scenario, Kaspersky Anti Targeted Attack Platform starts receiving and processing data from EPP applications.

Page top