Configuring integration between Kaspersky Endpoint Agent and KATA Central Node

This section provides information related to Kaspersky Endpoint Agent for Windows. This information may be partially or completely inapplicable to Kaspersky Endpoint Agent for Linux. For complete information about Kaspersky Endpoint Agent for Linux, please refer to the Help of the solution that includes the application: Kaspersky Anti Targeted Attack Platform or Kaspersky Managed Detection and Response.

This section contains information on how to configure integration between Kaspersky Endpoint Agent and the KATA Central Node component using the Kaspersky Security Center Administration Console.

Configuring data submission settings

This section provides information related to Kaspersky Endpoint Agent for Windows. This information may be partially or completely inapplicable to Kaspersky Endpoint Agent for Linux. For complete information about Kaspersky Endpoint Agent for Linux, please refer to the Help of the solution that includes the application: Kaspersky Anti Targeted Attack Platform or Kaspersky Managed Detection and Response.

To configure data submission settings:

1. Open Kaspersky Security Center Administration Console.
2. In the console tree, open the Policies folder.
3. Select Kaspersky Endpoint Agent policy and open its properties window in one of the following ways:
   • Double-click the policy name.
   • Select Properties in the policy context menu.
   • Select the Configure policy settings item in the right part of the window.
4. In the Telemetry collection servers section, select the General settings subsection.
5. In the Data submission settings group, do the following:
   • Specify the value in the Events transmission period (sec.) field.

     The default value is 30 seconds.

   • Specify the value in the Maximum number of events in a package field.

     The default value is 1024 events in a package.

6. In the upper right corner of the settings group, change the switch from Unaffected by policy to Under policy.
7. Click OK.

Configuring request throttling settings

This section provides information related to Kaspersky Endpoint Agent for Windows. This information may be partially or completely inapplicable to Kaspersky Endpoint Agent for Linux. For complete information about Kaspersky Endpoint Agent for Linux, please refer to the Help of the solution that includes the application: Kaspersky Anti Targeted Attack Platform or Kaspersky Managed Detection and Response.

The request throttling feature allows restricting the flow of events with low importance from Kaspersky Endpoint Agent to the Central Node component. Event importance is evaluated by the application.

To configure the request throttling settings:

1. Open Kaspersky Security Center Administration Console.
2. In the console tree, open the Policies folder.
3. Select Kaspersky Endpoint Agent policy and open its properties window in one of the following ways:
   • Double-click the policy name.
   • Select Properties in the policy context menu.
   • Select the Configure policy settings item in the right part of the window.
4. In the Telemetry collection servers section, select the General settings subsection.
5. In the Request throttling group of settings, you can perform the following actions:
   • Enable or disable the Enable request throttling setting.

     The setting is enabled by default.

   • Specify the number of events in the Maximum number of events per hour field.

     The application analyzes telemetry data flow and restricts transmission of events with low importance if the number of transmitted events tends to exceed the value specified in this field. The default value is 3000 events per hour.

   • Specify the threshold for the flow of events of the same type with low importance in the Percentage of event limit excess field.

     If the flow of events of the same type with low importance exceeds the threshold value specified in this field as a percentage of the total number of events, transmission of events of this type is restricted. You can specify a value from 5% to 100%. The default value is 15%.

6. In the upper right corner of the settings group, change the switch from Unaffected by policy to Under policy.

   The default switch position is Under policy.

7. Click OK.

Enabling and disabling integration with KATA Central Node

This section provides information related to Kaspersky Endpoint Agent for Windows. This information may be partially or completely inapplicable to Kaspersky Endpoint Agent for Linux. For complete information about Kaspersky Endpoint Agent for Linux, please refer to the Help of the solution that includes the application: Kaspersky Anti Targeted Attack Platform or Kaspersky Managed Detection and Response.

If you use Nginx as a proxy server between a device with Kaspersky Endpoint Agent installed and KATA server, configure the client_max_body_size setting. The value of the client_max_body_size setting must be equal to the maximum size of the object sent by Kaspersky Endpoint Agent to KATA for processing. Otherwise, Nginx will not send objects whose size exceeds the specified value. The default value is 1 MB.

To enable or disable integration with the KATA Central Node component:

1. Open Kaspersky Security Center Administration Console.
2. In the console tree, open the Policies folder.
3. Select Kaspersky Endpoint Agent policy and open its properties window in one of the following ways:
   • Double-click the policy name.
   • Select Properties in the policy context menu.
   • Select the Configure policy settings item in the right part of the window.
4. In the Telemetry collection servers section, select the Integration with KATA subsection.
5. In the Connection settings group, do one of the following:
   • To enable integration with KATA Central Node:
     1. Select the Enable KATA integration check box.
     2. In the List of KATA servers settings group, for one or more KATA servers, specify the IP address or full domain name of the KATA server, as well as the port for connecting to the server.

        Kaspersky Endpoint Agent connects to the first server in the list. If the connection does not succeed, Kaspersky Endpoint Agent connects to the second server and so on down the list.

   • To disable integration with KATA Central Node, clear the Enable KATA integration check box.
6. In the Connection settings group, enable or disable the Connect using the proxy server if specified in the general settings option.

   This option is disabled by default. The application connects to the KATA server only directly and does not use the general proxy server connection settings. You can enable this option if you want the application to use the general proxy server connection settings when connecting to the KATA server.

7. In the upper right corner of the settings group, change the switch from Unaffected by policy to Under policy.
8. Click OK.

Integration with KATA Central Node is enabled or disabled.

Configuring trusted connection with KATA Central Node

This section provides information related to Kaspersky Endpoint Agent for Windows. This information may be partially or completely inapplicable to Kaspersky Endpoint Agent for Linux. For complete information about Kaspersky Endpoint Agent for Linux, please refer to the Help of the solution that includes the application: Kaspersky Anti Targeted Attack Platform or Kaspersky Managed Detection and Response.

To configure trusted connection between Kaspersky Endpoint Agent and KATA Central Node, perform the following actions on Kaspersky Endpoint Agent side:

1. Open Kaspersky Security Center Administration Console.
2. In the console tree, open the Policies folder.
3. Select Kaspersky Endpoint Agent policy and open its properties window in one of the following ways:
   • Double-click the policy name.
   • Select Properties in the policy context menu.
   • Select the Configure policy settings item in the right part of the window.
4. In the Telemetry collection servers section, select the Integration with KATA subsection.
5. In the Connection settings group, select the Use pinned certificate to protect connection check box.
6. Click the Add new TLS certificate button.

   The Adding new TLS certificate window opens.

7. Perform one of the following actions to add a TLS certificate:
   • Add a certificate file. Click Browse, and in the window that opens, select the certificate file and click Open.
   • Copy and paste the contents of the certificate file to the Paste TLS certificate data field.

   Kaspersky Endpoint Agent may have only one KATA server TLS certificate. If you have added a TLS certificate before and then add a TLS certificate once again, only the last added certificate is valid.

8. Click the Add button.

   Information about the added TLS certificate is shown in the TLS certificate data group of settings.

9. If you want to configure additional connection protection by a user certificate, click the Add client certificate button.
10. In the Add client certificate window that opens, do the following:
    1. Select the Secure connection with the client certificate check box.
    2. Click the Upload button and in the window that opens select the PFX archive and click Open.
    3. Enter the password for the PFX archive.
    4. Click OK.
11. In the upper right corner of the settings group, change the switch from Unaffected by policy to Under policy.
12. Click OK.

The trusted connection to KATA server is now configured.

Configuring synchronization settings between Kaspersky Endpoint Agent and KATA Central Node

This section provides information related to Kaspersky Endpoint Agent for Windows. This information may be partially or completely inapplicable to Kaspersky Endpoint Agent for Linux. For complete information about Kaspersky Endpoint Agent for Linux, please refer to the Help of the solution that includes the application: Kaspersky Anti Targeted Attack Platform or Kaspersky Managed Detection and Response.

To configure synchronization settings between Kaspersky Endpoint Agent and KATA Central Node:

1. Open Kaspersky Security Center Administration Console.
2. In the console tree, open the Policies folder.
3. Select Kaspersky Endpoint Agent policy and open its properties window in one of the following ways:
   • Double-click the policy name.
   • Select Properties in the policy context menu.
   • Select the Configure policy settings item in the right part of the window.
4. In the Telemetry collection servers section, select the Integration with KATA subsection.
5. In the Connection settings group, configure the following settings:
   • Timeout (sec.). Specify the maximum KATA server response timeout. The default value is 10 seconds.
   • Send synchronization request to KATA server every (min.). Specify the time interval for sending requests for synchronization Kaspersky Endpoint Agent settings and tasks with KATA Central Node. You can specify a value from 1 to 60 minutes. The default value is 5 minutes.
   • Select or clear the Use TTL period when sending events check box. The check box is cleared by default.

     If the check box is selected, Kaspersky Endpoint Agent does not send information about the processes that are started again to the KATA server. Kaspersky Endpoint Agent does not consider the launch of the process as repeated if the process is started after the end of the TTL period.

   • If you select the Use TTL period when sending events check box, specify the time in the TTL period (min.) field. The default value is 1440 minutes.
6. In the upper right corner of the settings group, change the switch from Unaffected by policy to Under policy.
7. Click OK.