Data provided when integrating with the Kaspersky Network Detection and Response (KATA) component

When integrating Kaspersky Endpoint Security with Kaspersky Network Detection and Response (KATA), a component of the Kaspersky Anti Targeted Attack Platform solution, Kaspersky Endpoint Security stores the following information, which may contain personal and confidential data:

• NDR server addresses
• Public key of the server certificate for integration with Kaspersky Network Detection and Response (KATA)
• Client certificate for integration with Kaspersky Network Detection and Response (KATA)
• Credentials for authenticating on the proxy server
• Settings for the frequency of synchronization with the NDR server, and settings for transferring data to the NDR server
• NDR server connection status and information about errors related to the client certificate and server certificate

When Kaspersky Endpoint Security is integrated with the Kaspersky Network Detection and Response (KATA) component, the Kaspersky Endpoint Security application stores and sends the following data to the NDR server:

• Data from synchronization requests to the NDR server:
  • Unique identifier
  • Base part of the server address
  • Device name
  • IP address of the device
  • MAC address of the device
  • Local time on the device
  • Name, family and version of the operating system installed on the device
  • Version of Kaspersky Endpoint Security
  • Release date of the application databases being used
  • License key status
  • Model and manufacturer of the user's device
• Data in telemetry packets:
  • Information about the device and users:
    • Device name and time on the device
    • Family, name, and version of the operating system
    • Information about network interfaces (description, list of IP addresses with subnet mask, MAC address, metric number, DNS domain name, routing information, listening port numbers)
    • Device internal unique ID
    • User names and IDs
    • User group names and IDs
  • Information about the Kaspersky Endpoint Security application:
    • Name and version of the application
    • Date of the last application update
    • Information about license keys (serial number, type, license validity period, key status)
    • Application database version
    • List of supported API versions
  • Information about established connections:
    • Local IP address, port and MAC address
    • Remote IP address, port and MAC address
    • Gateway IP address
    • Protocol type (according to IANA), protocol number and EtherType
    • Number of received and sent packages
  • Information about processed files:
    • File name and unique ID
    • File type and size
    • Full path to the file image
    • File system attribute mask
    • The time when the file was created and modified
    • Checksums (MD5 and SHA256)
    • File privileges, including inherited and effective
  • Information about running and terminating processes:
    • Process UID and PID
    • Process type
    • Session ID
    • Executed command
    • Environment variables
  • Information about detected and processed threats:
    • Name of the detected threat and the technology that detected the threat, according to the Kaspersky classification
    • Application database version
    • Web address from which the infected object was downloaded
    • Threat processing status
    • The reason why the threat cannot be eliminated

The information listed here can also be saved in trace files and dump files.

Page top