Contents of exported data
Kaspersky Anti Targeted Attack Platform may contain user data and other confidential information. The Kaspersky Anti Targeted Attack Platform administrator must take steps to ensure the security of this data when creating a backup copy, when replacing equipment on which the application is installed, or in other cases when it may be necessary to permanently delete data. The Kaspersky Anti Targeted Attack Platform administrator bears responsibility for access to data stored on application servers.
You can create a backup copy of the following data:
- The application database.
- Objects in Storage.
- Files from alerts generated during a rescan.
- Sandbox artifacts.
- Configuration files.
- Central Node or PCN settings:
You can clear the directory before creating a backup copy of the application.
Before restoring data from backup, the following is cleared on the Central Node or PCN server on which the application is being restored:
- The application database.
- Objects in Storage.
- Files from alerts generated during a rescan.
- Sandbox artifacts.
- Configuration files.
- Central Node or PCN settings.
Contents and amount of data exported to create a backup copy
Data type
Exported data
Application operation mode
Deployment method
- Central Node settings.
- The application database on Central Node:
- Alerts and VIP statuses of alerts
- Tasks and task execution results
- Policies
- User-defined TAA (IOA) rules and exclusions
- User-defined IDS rules and exclusions
- IOC files
- Scan exclusion rules
- Information about files in Storage
- Information about quarantined objects
- List of computers with Endpoint Agent
- Reports and report templates
- User account data
- Notifications
Central Node settings, if selected.
Application databases, by default.
Standalone Central Node server.
All deployment methods.
PCN settings.
Custom
Distributed solution and multitenancy mode.
All deployment methods.
SCN settings.
Custom
As for a standalone Central Node server.
Distributed solution and multitenancy mode.
All deployment methods.
Application databases on the PCN:
- Alerts and VIP statuses of alerts
- Task execution results
- Policies
- User-defined TAA (IOA) rules and exclusions
- User-defined IDS rules and exclusions
- IOC files
- List of data excluded from the scan
- Information about files in Storage
- Information about quarantined objects
- List of Kaspersky Endpoint Agent hosts
- Reports and report templates
- User account data
- Notifications
Default
Distributed solution and multitenancy mode.
All deployment methods.
Configuration files.
Yes
All modes.
All deployment methods.
Backup
Custom
All modes.
Non-high-availability version.
Sandbox artifacts.
Custom
All modes.
Non-high-availability version.
Files from alerts generated during a rescan.
Custom
All modes.
Non-high-availability version.
Events database.
None.
All modes.
All deployment methods.
Files that are in the scan queue when the backup copy of the application is created are not exported.
