Kaspersky Endpoint Detection and Response (KATA) is a component of the Kaspersky Anti Targeted Attack Platform solution, which is designed to protect the IT infrastructure of organizations and promptly detect threats, such as zero-day attacks, targeted attacks, and advanced persistent threats (APT). To read more, check out the Kaspersky Anti Targeted Attack Platform Help.
When interacting with Kaspersky Endpoint Detection and Response (KATA), Kaspersky Endpoint Security may send data about events on devices (telemetry) to the Kaspersky Anti Targeted Attack Platform server with the Central Node component ("KATA server") and execute commands from Kaspersky Anti Targeted Attack Platform intended to provide security.
This feature is not supported in the KESL container.
Management of integration settings with Kaspersky Endpoint Detection and Response (KATA) via Kaspersky Security Center Cloud Console is not supported.
For integration with Kaspersky Endpoint Detection and Response (KATA), the Behavior Detection component must be enabled.
The integration of Kaspersky Endpoint Security with Kaspersky Endpoint Detection and Response (KATA) is only possible if these components are enabled. Otherwise, the required telemetry data cannot be transmitted.
Kaspersky Endpoint Detection and Response (KATA) can additionally use data received from the following components:
When integrated with Kaspersky Endpoint Detection and Response (KATA), devices with Kaspersky Endpoint Security establish secure connections to the KATA server via the HTTPS protocol. To ensure a secure connection, the following certificates issued by the KATA server are used:
Certificates for securing the connection to the KATA server are provided by the Kaspersky Anti Targeted Attack Platform administrator.
A proxy server is used to connect to the KATA server if use of a proxy server is configured in the general application settings of Kaspersky Endpoint Security.
Kaspersky Endpoint Detection and Response (KATA) integration settings
Setting |
Description |
---|---|
Integration with Endpoint Detection and Response (KATA) enabled / disabled |
Enables or disables the integration of the Kaspersky Endpoint Security application with Kaspersky Endpoint Detection and Response (KATA). The integration server is disabled by default. |
Server connection settings |
Clicking the Configure button in the block opens a window where you can configure general settings for connecting to KATA servers, add a server certificate, and configure two-way authentication when connecting to KATA servers. |
KATA servers |
The table contains a list of KATA servers to which connection is configured. The Add button opens a window where you can configure the connection to the KATA server. You can use the buttons above the table to edit and remove previously configured connection settings. |
Maximum delay when sending events (sec) |
The maximum delay in sending events to the KATA server in seconds. The default value is |
Enable event throttling |
Enables or disables regulating the number of events sent to the KATA server. |
Maximum number of events per hour |
Maximum number of events per hour The default value is |
Event throttle threshold (percentage) |
Event throttle threshold (percentage). Sending events is limited if ratio of events of one type (for example, events about registry changes) to the total number of events exceeds the set threshold (as a percentage). The default value is |