Kaspersky Endpoint Detection and Response (KATA) integration settings

The table below describes the settings of the Kaspersky Endpoint Detection and Response Expert (on-premise) (KATAEDR) Integration predefined task, which you can manage when integrating with Kaspersky Endpoint Detection and Response (KATA).

This task also allows you to manage the Kaspersky Endpoint Detection and Response Expert (on-premise) integration settings. For the integration with Kaspersky Endpoint Detection and Response (KATA), you need to select the EDR (KATA) integration mode in the task settings (Mode=EDRKATA).

Setting	Description	Value

`Mode`	Integration mode. For the Kaspersky Endpoint Detection and Response Expert (on-premise) integration, the Kaspersky Endpoint Security application interacts with servers on the OSMP platform. For the Kaspersky Endpoint Detection and Response (KATA) integration, the Kaspersky Endpoint Security application interacts with servers on the Kaspersky Anti Targeted Attack Platform.	`EDRKATA` (default) is the EDR (KATA) integration mode. Allows enabling integration with Kaspersky Endpoint Detection and Response (KATA), a component of Kaspersky Anti Targeted Attack Platform. `EDRExpertOnPrem` is the EDR Expert (OSMP) integration mode. Enables the Kaspersky Endpoint Detection and Response Expert (on-premise) integration
`UseClientPinnedCertificate`	Enable and disable two-way authentication to further secure the connection to the KATA server. If two-way authentication is enabled on the KATA server side, you need to enable two-way authentication in the settings of Kaspersky Endpoint Detection and Response Expert (on-premise) Integration task and add the client certificate before starting the task.	`Yes` – use two-way authentication to further secure the connection to the KATA server. `No` (default value) — do not use two-way authentication.
`SynchronizationPeriod`	Frequency of sending synchronization requests to the KATA server in minutes.	The default value is `5`.
`ConnectionTimeout`	Maximum time to wait for a connection to the KATA server in seconds.	The default value is `10`.
`RequestTimeout`	Maximum time to wait for a response from the KATA server in seconds.	The default value is `10`.
`EnableTelemetry`	Enable and disable sending event data (telemetry) to KATA.	`Yes` (default value) – send telemetry to the KATA server. `No` – do not send telemetry.
The [Endpoints.item_#] section contains the address and port of the KATA server. You can add multiple servers.
`Address`	KATA server address IP address (IPv4 or IPv6) or fully qualified domain name (FQDN) of the integration server can be specified. To ensure that communication with the server is not interrupted in the event of an application failure while network isolation is enabled on the device, we recommend specifying the server's IP address.	Default value: `127.0.0.1`.
`Port`	Port to connect to the KATA server.	The default value is `443`.
The [EventTransferSettings] section contains settings for sending data to the KATA server.
`MaximumDataTransferTime`	The maximum delay in sending events to the KATA server in seconds.	The default value is `30`.
`UseRequestCountLimits`	Enable and disable regulating the number of events sent to the KATA server.	`Yes` (default value) – regulate the number of events sent. `No` – do not regulate the number of events.
`MaximumNumberOfEventsInHour`	Maximum number of events per hour	The default value is `3000`.
`MaximumNumberOfEventsInPackage`	Maximum number of events in one package.	The default value is `1024`.
`EventLimitExceededPercentage`	Number of events above the limit (percentage). Sending events is limited if the ratio of events of a certain type to the total number of events exceeds the configured threshold (as a percentage).	The default value is `15`.

Page top