Managing accounts of application administrators and users

Kaspersky Anti Targeted Attack Platform provides accounts for servers with the following components:

• Sensor. Administrator account for managing the application web interface, the application administrator menu, and the server management console (in Technical Support Mode).

  The "admin" account that was created during component installation is used by default.

• Sandbox. Administrator account for managing the application web interface, the application administrator menu, and the server management console (in Technical Support Mode).

  The "admin" account that was created during component installation is used by default.

• Central Node. The following accounts:
  • Administrator account for working in the application administrator menu and in the server management console (in Technical Support Mode).

    The "admin" account that was created during component installation is used by default.

  • Administrator account of the application web interface.
  • Application web interface user accounts with the Security auditor, Security officer, and Senior security officer roles.

Data from each of these accounts is stored on the server hosting the application component to which the account belongs.

In distributed solution and multitenancy mode, data from each of these accounts is stored on the PCN and on the server hosting the application component to which the account belongs.

The administrator account used for working in the server management console has unlimited rights to manage the server hosting the application component to which the account belongs (superuser rights). Under this account, you can turn off or restart a server, or modify the settings of the application in Technical Support Mode in the server management console.

An administrator account for working in the management console of a server (admin) has unlimited access to data on that server. The password of the administrator account for working in the server management console must be strong. The administrator must take steps to ensure the security of the servers. The administrator bears responsibility for access to data stored on servers.

You can use an account with the Administrator role to manage application user accounts as well as application settings that are available to administrators of the application web interface. In distributed solution and multitenancy mode, user accounts are managed on the PCN.

An account with the Security auditor role can view all sections of the web interface available to administrators and security officers. A user with the Security auditor role can view data but cannot edit this data.

The Senior security officer and Security officer roles are intended for employees of your organization whose job description involves managing events, alerts, tasks of Kaspersky Anti Targeted Attack Platform and managing response actions. When logged in to the application under accounts that have these roles, you can see all sections of the application web interface that are available to security officers. Users with the Senior security officer role have access to all operations. The restrictions for users with the Security officer role are listed in the table below.

Access restrictions for application users with the Security officer role

Functional scope / Section of the web interface	Restrictions
Dashboard	Widgets of VIP group events are not available. It is not possible to use a link in the widget to go to the Alerts section.
Alerts	The following actions are not available: Viewing alert details. Marking the completion of VIP group alert processing. Performing operations on multiple alerts. Exporting the list of all alerts.
Assets: Devices	Device grouping is not available.
Assets: Endpoint Agents	Access to viewing tables of workstations with the Endpoint Agent; restrictions on viewing details of tasks, policies, and network isolation.
Network traffic events	Operations with events related to alerts of the VIP group are not available.
Threat Hunting	The following actions are not available: Viewing events related to workstations from alerts of the VIP group Creating TAA (IOA) rules based on event search conditions
Tasks	No access.
Prevention rules	No access.
Custom rules: IOC	Read access.
Custom rules: YARA	Access only to export rules.
Custom rules: TAA	Read access.
User-defined Sandbox rules and Intrusion Detection rules	No access.
Logs	No access to the audit log and user activity log in the web interface of the application.
Storage	There is no access to objects that are placed in Storage as a result of tasks. Full access to objects that were manually downloaded by the user.
Quarantine	No access.
Reports	No access.
Settings	The following actions are not available: Creating of alert notification rules (full access to rules for sending notifications about problems encountered by the application) Managing exclusions from Kaspersky TAA (IOA) rules and exclusions from scanning (read access) No access to the following functionality: Managing the Endpoint Agent Local KPSN reputation database connection settings Rules for assigning the VIP status to alerts Allow rules Sandbox connection settings Settings of operating systems to use when scanning objects in Sandbox Archive passwords

If you are using the distributed solution and multitenancy mode, access to tenants and the web interface of the SCN server can be allowed or denied for each account.

See also Kaspersky Anti Targeted Attack Platform Help Kaspersky Anti Targeted Attack Platform Data provision Application licensing Architecture of the application Operating principle of the application Distributed solution and multitenancy Sizing Guide Installing and performing initial configuration of the application Configuring the sizing settings of the application Configuring firewall rules Configuring integration of the Endpoint Agent component with the KEDR functional block Configuring integration of the Endpoint Agent component with the NDR functional block Getting started with the application Authentication using domain accounts Participation in Kaspersky Security Network and use of Kaspersky Private Security Network Managing the Sandbox component through the web interface For administrators: Getting started with the application web interface For security officers: Getting started with the application web interface Managing user-defined Sandbox rules Sending notifications Managing logs Viewing application messages Viewing information about files that have been sent for scanning to the Kaspersky Anti Targeted Attack Platform Managing Kaspersky Endpoint Agent for Windows Managing Kaspersky Endpoint Security for Windows Managing Kaspersky Endpoint Security for Linux Managing Kaspersky Endpoint Security for Mac Backing up and restoring data Upgrading Kaspersky Anti Targeted Attack Platform Using Kaspersky Anti Targeted Attack Platform API KATA and KEDR Using Kaspersky Anti Targeted Attack Platform API NDR Sources of information about the application Contacting the Technical Support Service Information about third-party code Trademark notices

In this Help section Creating an administrator account for the application web interface Creating a user account for the application web interface Configuring user account table display Viewing the user account table Filtering user accounts Clearing the account filter Changing access permissions to PCN and SCN data for a user account Enabling or disabling a user account Changing the password of an application administrator or user account Changing the password of your account

Page top