Using Kaspersky Anti Targeted Attack Platform API KATA and KEDR

You can configure the integration of Kaspersky Anti Targeted Attack Platform with external systems to manage Threat Response actions, to scan files that are stored in those systems, and to provide access to information about all alerts and events to the external systems.

API method calls are available only to authorized external systems. For authorization, the application administrator must create a request to integrate the external system with the application. Then the administrator must process the request in the web interface of Kaspersky Anti Targeted Attack Platform.

If you have deployed the Central Node and Sensor components as a cluster, you can configure high availability integration with an external system using one of the following options:

• Using the Round Robin function.
• Configure the external system so that if a timeout occurs, the external system switches between the IP addresses of the cluster servers.

To configure high availability integration with an external system using the Round Robin function:

1. Configure Round Robin on the DNS server for the domain name corresponding to the Central Node cluster.
2. Specify this domain name in the mail server settings.

Integration with the external system is configured based on the domain name. The external system will communicate with a random server in the cluster. If this server fails, the external system will communicate with another healthy server in the cluster.

In this Help section Integrating an external system with Kaspersky Anti Targeted Attack Platform API for scanning objects of external systems API that external systems can use to receive information about application alerts API that external systems can use to receive information about application events API for managing Threat Response actions

Page top