Updating Kaspersky Anti Targeted Attack Platform from version 7.0.1 to version 7.0.3
Before installing the application upgrade package, it is recommended to first create a backup of the current state of each Central Node server to be updated and download it to the hard drive from the application administrator menu. If installing an application upgrade package fails, or if you need to reinstall Kaspersky Anti Targeted Attack Platform, you can use the backup copy of the application.
We also recommend learning about the limitations of the version to which you are upgrading.
If you are using the distributed solution and multitenancy mode, you need to upgrade each Central Node in accordance with the following procedure without disconnecting the SCNs from the PCN.
The disconnection of SCNs from the PCN is irreversible, you cannot reconnect an SCN to any PCN server.
The upgrade is delivered as an upgrade package. The package is included in the application distribution kit.
To update Central Node:
- If Central Node is installed on a server:
- Place the application upgrade package on the Central Node server in the
/datadirectory. - Sign in to the management console of the Central Node server where you want to perform the upgrade via SSH or through the terminal.
- Place the application upgrade package on the Central Node server in the
- If Central Node is installed as a cluster
- Place the application upgrade package on the Central Node cluster server with the manager role in the Docker swarm, in the
/datadirectory. To view the role, use the$ docker node lscommand. - Enter the management console of the relevant server over SSH or through a terminal.
- Place the application upgrade package on the Central Node cluster server with the manager role in the Docker swarm, in the
- Make sure that the /dev/sda2 file system has more than 100 GB of free space.
- Unpack the update archive:
tar xvf /data/kata-upgrade-7.0.3.520-x86_64_en-ru.tar.gz -C /data/ - Install the upgrade package by running the following commands:
cd /data/upgrade/./run_kata_upgrade.py --patch-version 703The user name entry window is displayed.
- In the displayed window, in the Username field, enter the name of the user with administrator rights, select the OK button and press Enter.
Default value: admin.
- In the displayed window, in the Password field, enter the password of the user with administrator rights, select the OK button and press Enter.
This opens the window for entering the path to the update archive.
- This opens a window; in that window, in the Data directory field, enter the path to the update archive, select the OK button and press Enter.
Default value: /data/upgrade
- In the displayed window, select the localization language for the NDR functionality.
Parts of the application related to NDR functionality will be displayed in the selected language.
The Central Node component is upgraded.
After the update is complete, we recommend restarting all updated Central Nodes. If Central Node is installed as a cluster, we recommend restarting all cluster servers one by one.
After upgrading a Central Node cluster, the alert table may not display new alerts generated by the IDS technology. We recommend checking that new alerts are displayed in the table by following the steps of the instructions below.
To see if new alerts are being displayed in the alerts table:
- Log in to the management console of any server in the Central Node cluster over SSH or through a terminal.
- Check if all cluster services are running and stable (have not been restarted within the last 10 minutes) by running the following command:
docker ps --format "table {{.Image}} | {{.Status}}" - If all services of the cluster are stable, generate a test alert by making the following request:
curl "http://eicar.com/counter.php?act=1&uid=1&id=234" - Log in to the application web interface under a Senior security officer user account.
- Select the Alerts section in the window of the application web interface.
This opens the table of alerts.
- Check if the alerts table contains a new alert for a network event with the http://eicar.com/counter.php?act=1&uid=1&id=234 address.
If the alert is missing from the table, follow the steps in the instructions to fix the limitation.
To remove the limitation:
- Over SSH or through a terminal, log in to the management console of that cluster server on which mirrored SPAN traffic processing is enabled.
- Raise the privileges of the user by running the following command:
sudo -i - Run the following command:
docker service update --force kata_product_main_1_ids_alert_syncer - Check if the new alert is present in the alerts table by following steps 3 through 6 of the instructions above.
The limitation is removed.
If the test alert is missing from the table, please contact Technical Support.
Page top