Configuring integration with external systems

You can configure integration of Kaspersky Anti Targeted Attack Platform with external systems to scan files stored in those systems. Their scan results will be displayed in the alerts table.

The role of an external system can be served by a mail sensor, such as Kaspersky Secure Mail Gateway or Kaspersky Security for Linux Mail Server. The mail sensor sends email messages to Kaspersky Anti Targeted Attack Platform for processing. Based on the results of processing of email messages in Kaspersky Anti Targeted Attack Platform, the mail sensor may block the transfer of messages.

Integration of Kaspersky Anti Targeted Attack Platform with external systems involves the following procedure:

1. Enter the integration settings and create an integration request from the external system.

   For more details about entering integration settings for the mail sensor, please refer to the Kaspersky Secure Mail Gateway Help or the Kaspersky Security for Linux Mail Server Help.

   To integrate other external systems, use the REST API.

2. Confirm integration for Kaspersky Anti Targeted Attack Platform

   External systems may use identical IDs and certificates for authorization on the server with the Central Node component. If this is the case, a single integration request will be displayed in the interface of Kaspersky Anti Targeted Attack Platform.

3. Check the connection between the external system and Kaspersky Anti Targeted Attack Platform

Viewing the table of external systems

The table of external systems is in the External systems section of the program web interface window. The table contains the following information:

• Sensor—IP address or domain name of the external system server.
• Type—Type of external system (mail sensor or other system).
• Name—Name of the integrated external system that is not a mail sensor.

  A dash is displayed in this column for a mail sensor.

• ID—ID of the external system.
• Certificate fingerprint—Fingerprint of the TLS certificate of the server with the external system used to establish an encrypted connection with the server hosting the Central Node component.

  The certificate fingerprint of the server with the Central Node component is displayed in the upper part of the window in the Certificate fingerprint field.

• State—State of the integration request.

Processing a request from an external system

To process an integration request from an external system:

1. Select the External systems section in the window of the program web interface.

   The Server list table displays the already connected external systems, and requests for integration with Kaspersky Anti Targeted Attack Platform from external systems.

2. In the line containing the integration request, perform one of the following actions:
   • If you want to configure integration with the external system, click the Accept button.
   • If you do not want to configure integration with the external system, click the Reject button.
3. In the confirmation window, click Yes.

The integration request from the external system will be processed.

Removing an external system from the list of those allowed to integrate

After you have accepted an integration request from an external system, you can remove it from the list of those allowed to integrate. If this is the case, the connection between Kaspersky Anti Targeted Attack Platform and the external system will be terminated.

To remove an external system from the list of systems allowed to integrate:

1. Select the External systems section in the window of the program web interface.

   The Server list displays the already added external systems and the requests to integrate with Kaspersky Anti Targeted Attack Platform from external systems.

2. Click the Delete button in the line containing the integration request from the external system that you want to remove.
3. In the confirmation window, click Yes.

The external system will be removed from the list of those allowed to integrate.

Configuring the priority for processing traffic from mail sensors

You can enable or disable the maximum priority for processing traffic from mail sensors.

To enable or disable the maximum priority for processing traffic from mail sensors:

1. Select the External systems section in the window of the program web interface.
2. Do one of the following:
   • Turn on the toggle switch next to the name of the Maximum scan priority parameter if you want to enable the maximum priority for processing traffic from mail sensors.
   • Turn off the toggle switch next to the name of the Maximum scan priority parameter if you want to disable the maximum priority for processing traffic from mail sensors.

The priority for processing traffic from mail sensors will be configured.