Kaspersky Anti Targeted Attack Platform
- Kaspersky Anti Targeted Attack Platform Help
- Kaspersky Anti Targeted Attack Platform
- About data provision
- Program licensing
- About the End User License Agreement
- About the license
- About the license certificate
- About the key
- About the key file
- Viewing information about the license and added keys
- Viewing the text of the End User License Agreement in the web interface of the Central Node
- Viewing the text of the Privacy Policy in the web interface of the Central Node
- Viewing information about the third-party code used in the program
- Viewing the text of the End User License Agreement in the web interface of the Sandbox
- Viewing the text of the End User License Agreement on the computer with the Endpoint Sensors component
- Adding a key
- Replacing a key
- Removing a key
- Program modes based on the license
- Program architecture
- Operation of the program
- Distributed solution and multitenancy mode
- Distributed mode and multitenancy transition scenario
- Modifications of program settings for distributed solution mode and multitenancy
- Assigning the PCN role to a server
- Assigning the SCN role to a server
- Processing SCN to PCN connection requests
- Viewing information about organizations, PCN and SCN servers
- Adding an organization to the PCN server
- Removing an organization from the PCN server
- Renaming an organization on the PCN server
- Disconnecting an SCN from PCN
- Modifications of program settings for disconnecting an SCN from PCN
- Decommissioning an SCN server
- Sizing Guide
- Installing and performing initial configuration of the solution
- Preparing for installing program components
- Preparing the IT infrastructure for program components installation
- Preparing the IT infrastructure for integration with a mail server used for receiving messages via POP3
- Preparing the IT infrastructure for integration with a mail server used for receiving messages via SMTP
- Preparing the virtual machine for installing the Sandbox component
- Procedure for installing and configuring program components
- Installation: Sandbox component
- Step 1. Viewing the End User License Agreement and Privacy Policy
- Step 2. Selecting a disk for installing the Sandbox component
- Step 3. Creating the Sandbox administrator account
- Step 4. Selecting the controlling network interface in the list
- Step 5. Assigning the address and network mask of the controlling interface
- Step 6. Configuring a static network route
- Installing and configuring the Central Node and Sensor components on the same server
- Step 1. Starting installation of the Central Node and Sensor components and selecting a server role
- Step 2. Viewing the End User License Agreement and Privacy Policy
- Step 3. Selecting a disk for installing the Central Node and Sensor components
- Step 4. Creating an account for working in the administrator menu and in the server management console
- Step 5. Assigning the host name
- Step 6. Enabling a network interface for the first time
- Step 7. Configuring the default network route
- Step 8. Configuring DNS settings
- Step 9. Configuring proxy server connection settings
- Step 10. Setting the time zone
- Step 11. Configuring time synchronization with an NTP server
- Step 12. Connecting to the server with the Sandbox component
- Step 13. Allocating the disk for the Targeted Attack Analyzer component's database
- Step 14. Creating a local administrator account for the web interface
- Step 15. Configuring receipt of mirrored traffic from SPAN ports
- Step 16. Configuring integration with a proxy server via ICAP
- Step 17. Configuring integration with a mail server via POP3
- Step 18. Configuring integration with a mail server via SMTP
- Installing and configuring the Sensor component on a separate server
- Step 1. Starting installation of the Sensor component and selecting a server role
- Step 2. Viewing the End User License Agreement and Privacy Policy
- Step 3. Selecting a disk for installing the Sensor component
- Step 4. Creating an account for working in the administrator menu and in the server management console
- Step 5. Assigning the host name
- Step 6. Enabling a network interface for the first time
- Step 7. Configuring the default network route
- Step 8. Configuring DNS settings
- Step 9. Configuring proxy server connection settings
- Step 10. Setting the time zone
- Step 11. Configuring time synchronization with an NTP server
- Step 12. Connecting to the server with the Central Node component
- Step 13. Selecting the Central Node server as the source of Sensor component database updates
- Step 14. Configuring receipt of mirrored traffic from SPAN ports
- Step 15. Configuring integration with a proxy server via ICAP
- Step 16. Configuring integration with a mail server via POP3
- Step 17. Configuring integration with a mail server via SMTP
- Installing and removing the Endpoint Sensors component
- Special considerations for installing the Endpoint Sensors component if the program is used together with KES
- Installing the Endpoint Sensors component
- Preparing an SSL connection for data exchange between the Endpoint Sensors and Central Node components
- Downloading an SSL certificate from the server with the Central Node component
- Creating an SSL certificate on the server with the Central Node component
- Uploading an independently prepared SSL certificate to the server with the Central Node component
- Preparing and uploading an SSL certificate to Active Directory
- Removing the Endpoint Sensors component
- Configuring traffic redirection from the Endpoint Sensors components to the Sensor component
- Managing Endpoint Sensors components in Kaspersky Security Center.
- Creating an Endpoint Sensors installation package
- Remotely installing the Endpoint Sensors component
- Remotely changing the settings of the Endpoint Sensors component
- Remotely uninstalling the Endpoint Sensors component
- Remotely starting and stopping the Endpoint Sensors component
- Creating a policy for remote management of the Endpoint Sensors component
- Reconfiguring a policy for remote management of the Endpoint Sensors component
- Receiving data from the Endpoint Sensors component in the Kaspersky Security Center Administration Console
- Preparing for installing program components
- Getting started with the program
- Managing accounts of program administrators and users
- Creating an administrator account for the program web interface
- Creating a user account for the program web interface
- Changing access rights of a program web interface user account
- Enabling and disabling an administrator account or user account of the program web interface
- Changing the password of a program administrator or user account
- Changing the password of your account
- Participation in Kaspersky Security Network and use of Kaspersky Private Security Network
- Managing the Sandbox component through the web interface
- Updating the Sandbox component databases
- Configuring connection between the Sandbox and Central Node components
- Configuring the Sandbox component network interfaces
- Updating the Sandbox system
- Setting the Sandbox system date and time
- Installing and configuring images of operating systems and software required for the operation of the Sandbox component
- Downloading ISO images of operating systems and software required for the operation of the Sandbox component
- Creating virtual machines with images of operating systems and software required for the operation of the Sandbox component
- Installing virtual machines with images of operating systems and software required for the operation of the Sandbox component
- Deleting all pending virtual machines
- Setting the maximum number of simultaneously running virtual machines
- Downloading the Sandbox system log to the hard drive
- Exporting the Sandbox parameters
- Importing the Sandbox parameters
- Restarting the Sandbox server
- Shutdown of the Sandbox server
- Changing the Sandbox administrator account password
- For an administrator: Getting started with the program web interface
- Kaspersky Anti Targeted Attack Platform Interface
- Monitoring program operation
- About widgets and layouts
- Selecting an organization and a server to manage in the Dashboard section
- Adding a widget to the current layout
- Moving a widget in the current layout
- Removing a widget from the current layout
- Saving a layout to PDF
- Configuring the period for displaying data in widgets
- Monitoring the receipt and processing of incoming data
- Monitoring the queues for data processing by program modules and components
- Monitoring the processing of data by the Sandbox component
- Viewing information about failures of program modules and components
- Managing Central Node, PCN, or SCN servers using the program web interface
- Configuring the date and time on the server
- Powering off and restarting the server
- Replacing the server certificate
- Saving a server certificate file on a computer
- Assigning a server DNS name
- Configuring DNS settings
- Enabling and disabling the network interface
- Configuring settings of the network interface
- Configuring the default network route
- Configuring proxy server connection settings
- Managing the Sensor component
- Processing a connection request from the Sensor component
- Viewing the table of servers with the Sensor component
- Configuring the maximum size of a scanned file
- Configuring receipt of mirrored traffic from SPAN ports
- Configuring integration with a mail server via SMTP
- Configuring TLS encryption of connections with a mail server via SMTP
- Enabling integration with a proxy server via ICAP
- Configuring integration with a mail server via POP3
- Managing the Endpoint Sensors component
- Selecting an organization to manage in the Endpoint Sensors section
- Viewing the Endpoint Sensors table on a standalone Central Node server
- Viewing the Endpoint Sensors table on a standalone Central Node server with KSC integration
- Viewing the Endpoint Sensors table in distributed solution and multitenancy mode
- Viewing information about a host
- Filtering and searching Endpoint Sensors by host name
- Filtering and searching Endpoint Sensors that have been isolated from the network
- Filtering and searching Endpoint Sensors by PCN and SCN server names
- Filtering and searching Endpoint Sensors by computer IP address
- Filtering and searching Endpoint Sensors by operating system version on the computer
- Filtering and searching Endpoint Sensors based on the Endpoint Sensor component version
- Filtering and searching Endpoint Sensors based on their activity
- Quickly creating a filter for computers with the Endpoint Sensors component
- Clearing the Endpoint Sensors filter
- Configuring Endpoint Sensors activity indicators
- Creating a task for restarting the Endpoint Sensors components in KSC
- Configuring integration with the Sandbox component
- Configuring integration with external systems
- Configuring integration with an SIEM system
- Enabling and disabling event logging to a local log
- Enabling and disabling event logging to a remote log
- Configuring the main settings for SIEM system integration
- Enabling and disabling TLS encryption of the connection with the SIEM system
- Loading a TLS certificate
- Content and properties of syslog messages about alerts
- Configuring integration with Kaspersky Security Center
- Configuring server settings for delivery of notifications
- About database updates
- Creating a list of passwords for archives
- For a security officer: Getting started with the program web interface
- Kaspersky Anti Targeted Attack Platform Interface
- Selecting an organization to manage in the web interface of the program
- Monitoring program operation
- About widgets and layouts
- Adding a widget to the current layout
- Moving a widget in the current layout
- Removing a widget from the current layout
- Saving a layout to PDF
- Configuring the period for displaying data in widgets
- Configuring the widget display size
- Main principles of working with "Alerts" widgets
- Table of alerts
- Filtering and searching alerts
- Filtering alerts by VIP status
- Filtering and searching alerts by time
- Filtering alerts by level of importance
- Filtering and searching alerts by categories of objects detected
- Filtering and searching alerts by obtained information
- Filtering and searching alerts by source address
- Filtering and searching alerts by destination address
- Filtering and searching alerts by server name
- Filtering and searching alerts based on names of program modules and components
- Filtering and searching alerts by the status of their processing by the user
- Quickly creating an alert filter
- Clearing an alert filter
- Viewing alerts
- Viewing information about an alert
- General information about an alert
- Information in the Object information section
- Information in the Alert information section
- Information in the Scan results section
- Information in the Network event section
- Information in the Sandbox scan results section
- Information in the Remote hosts section
- Information in the Hosts section
- Information about network activity of the computer in the Processes section
- Information in the User account details section
- Information in the Modules loaded into the process section
- Information in the Change log section
- Sending alert data
- User actions performed on alerts
- Events database threat hunting
- Event information
- Viewing the table of events
- Viewing information about an event
- Information about process startup
- Information about module loading
- Information about a remote connection
- Information about prevention rule triggering
- Information about document blocking
- Information about file creation
- Information about an event in the Windows log
- Information about changes in the registry
- Information about port listening
- Information about driver loading
- Information about changing a host name
- Information about the alert
- Information about alert processing results
- Managing the Endpoint Sensors component
- Viewing the Endpoint Sensors table on a standalone Central Node server
- Viewing the Endpoint Sensors table on a standalone Central Node server with KSC integration
- Viewing the Endpoint Sensors table in distributed solution and multitenancy mode
- Viewing information about a host
- Filtering and searching Endpoint Sensors by host name
- Filtering and searching Endpoint Sensors that have been isolated from the network
- Filtering and searching Endpoint Sensors by PCN and SCN server names
- Filtering and searching Endpoint Sensors by computer IP address
- Filtering and searching Endpoint Sensors by operating system version on the computer
- Filtering and searching Endpoint Sensors based on the Endpoint Sensor component version
- Filtering and searching Endpoint Sensors based on their activity
- Filtering and searching Endpoint Sensors by operating errors of the component
- Quickly creating a filter for computers with the Endpoint Sensors component
- Clearing the Endpoint Sensors filter
- Configuring Endpoint Sensors activity indicators
- Supported interpreters and processes
- Network isolation of hosts with the Endpoint Sensors component
- Managing tasks
- Viewing the task table
- Viewing information about a task
- Creating a process termination task
- Creating a program execution task
- Creating a file download task
- Creating a file deletion task
- Creating a file quarantine task
- Creating a quarantined file recovery task
- Creating a copy of a task
- Deleting a task
- Filtering tasks by creation time
- Filtering tasks by type
- Filtering tasks by name
- Filtering tasks by file name and path
- Filtering tasks by description
- Filtering tasks by server name
- Filtering tasks based on the name of the user that created the task
- Filtering tasks by processing status
- Clearing a task filter
- Managing policies (prevention rules)
- Viewing the prevention rule table
- Viewing a prevention rule
- Creating a prevention rule
- Enabling and disabling a prevention
- Deleting a prevention rule
- Filtering preventions by name
- Filtering prevention rules by type
- Filtering preventions by file hash
- Filtering preventions by server name
- Clearing a prevention rule filter
- Managing indicators of compromise and attack
- IOC scan of events
- Viewing the table of IOC files
- Viewing information about an IOC file
- Uploading an IOC file
- Downloading an IOC file to a computer
- Enabling and disabling the automatic use of an IOC file when scanning events
- Deleting an IOC file
- Searching IOC scan results
- Filtering and searching IOC files
- Clearing an IOC file filter
- Configuring an IOC scan schedule
- Supported OpenIOC Indicators of Compromise
- IOA analysis of events
- Viewing the IOA rule table
- Viewing information about an IOA rule
- Enabling or disabling an IOA rule
- Adding an IOA rule
- Editing an IOA rule
- Deleting an IOA rule
- Viewing an IOA white list
- Viewing information about an IOA rule in the white list
- Adding an IOA rule to the white list
- Removing an IOA rule from the white list
- Viewing the IOA analysis results
- Filtering and searching IOA rules
- Clearing an IOA rules filter
- IOC scan of events
- Managing objects in Backup
- Viewing the table of objects that were placed in Backup
- Viewing information about an object in Backup
- Downloading objects from Backup
- Uploading objects to Backup
- Scanning objects from Backup
- Deleting objects from Backup
- Filtering objects in Backup by object type
- Filtering objects in Backup by object description
- Filtering objects in Backup based on scan results
- Filtering objects in Backup based on the name of Central Node, PCN, or SCN server
- Filtering objects in Backup by object source
- Filtering objects based on the time they were placed in Backup
- Clearing a Backup objects filter
- Viewing space usage in Backup and Quarantine
- Managing reports
- Creating a template
- Creating a report based on a template
- Viewing the table of templates and reports
- Viewing a report
- Downloading a report to a local computer
- Editing a template
- Filtering templates by name
- Filtering templates based on the name of the user that created the template
- Filtering templates by creation time
- Clearing a template filter
- Deleting a template
- Filtering reports by creation time
- Filtering reports by name
- Filtering reports by the name of the server with the Central Node component
- Filtering reports based on the name of the user that created the report
- Clearing a report filter
- Deleting a report
- Sending notifications
- Viewing the table of rules for sending notifications
- Creating a rule for sending notifications about alerts
- Creating a rule for sending notifications about the operation of program components
- Enabling and disabling a rule for sending notifications
- Modifying a rule for sending notifications
- Deleting a rule for sending notifications
- Filtering and searching notification forwarding rules by rule type
- Filtering and searching notification forwarding rules based on the notification subject
- Filtering and searching notification forwarding rules by email address
- Filtering and searching notification forwarding rules based on their status
- Clearing a notification forwarding rule filter
- Managing rules for assigning the VIP status to alerts
- Adding a VIP status assignment rule
- Deleting a VIP status assignment rule
- Modifying a VIP status assignment rule
- Importing a list of VIP status assignment rules
- Exporting a list of VIP status assignment rules
- Filtering and searching by type of VIP status assignment rule
- Filtering and searching by value of VIP status assignment rule
- Filtering and searching by description of VIP status assignment rule
- Clearing a VIP status assignment rule filter
- Managing YARA rules
- Managing a white list
- Adding a record to the white list
- Removing a record from the white list
- Modifying a record in the white list
- Importing a white list
- Exporting a white list
- Filtering and searching records in the white list based on the type of rule
- Filtering and searching records in the white list based on a value of rules
- Clearing a white list record filter
- Creating a list of passwords for archives
- Creating a backup copy and restoring the program from backup
- Creating a backup copy of the program from the program administrator menu
- Downloading a file containing a backup copy of the program from the Central Node or PCN server to the hard drive of the computer
- Uploading a file containing a backup copy of the program from your computer to the Central Node server
- Restoring the program from a backup copy through the program administrator menu
- Creating a backup copy of the program in Technical Support Mode
- Restoring the program from a backup copy in Technical Support Mode
- Upgrading Kaspersky Anti Targeted Attack Platform
- Interaction with external systems via API
- Contacting the Technical Support Service
- Sources of information about the program
- Glossary
- Advanced persistent threat (APT)
- Alternate data stream
- Anti-Malware Engine
- Backdoor program
- Central Node
- Communication channel bandwidth
- CSRF attack
- Distributed solution
- Dump
- End User License Agreement
- Endpoint Sensors
- ICAP data
- Intrusion Detection System
- IOA
- IOA rule
- IOC
- IOC file
- Kaspersky Anti Targeted Attack Platform
- Kaspersky Private Security Network
- Kaspersky Secure Mail Gateway
- Kaspersky Security Network (KSN)
- KATA
- KEDR
- Local reputation database of KPSN
- Malicious web addresses
- Mirrored traffic
- MITM attack
- MITRE technique
- Multitenancy
- New generation threats
- NTP server
- Open IOC
- Phishing URL addresses
- Sandbox
- Sensor
- SIEM system
- Signature
- SPAN
- Syslog
- Targeted attack
- Targeted Attack Analyzer
- TLS encryption
- Tracing
- VIP status
- YARA
- YARA Rules
- Zero-day attack
- Zero-day vulnerability
- AO Kaspersky Lab
- Information about third-party code
- Trademark notices
Interaction with external systems via API > API for scanning objects of external systems > Request to display object scan restrictions
Request to display object scan restrictions
Request to display object scan restrictions
To create a request to display the program’s restrictions on scanning objects (for example, by size), the HTTP GET method is used. You can create a request by using the cURL command-line utility, for example.
Command syntax
curl --cert <path to the TLS certificate file> --key <path to the private key file> -X GET "<URL of the server with the Central Node component>:<default port 443>/kata/scanner/v1/sensors/<sensorId>/scans/filters"
If the request is processed successfully, the program’s object scan restrictions will be displayed. For example, the maxObjectSize restriction is the maximum allowed size of an object that you can submit for scanning.
Parameters
Parameter |
Type |
Description |
|---|---|---|
|
string |
Unique ID of the external system used for authorization in Kaspersky Anti Targeted Attack Platform. |
Returned value
Return code |
Description |
|---|---|
|
Scan completed successfully. |
|
Authorization required. |
|
Internal server error. Repeat the request later. |
Command input example
|
Article ID: 176834, Last review: Jan 20, 2020