Getting started with the program

This section contains information about how to begin working with the program in the web interface, in the administrator menu, and in Technical Support Mode.

Getting started with the web interface for sizing management

The Kaspersky Anti Targeted Attack Platform web interface for sizing management is protected against CSRF attacks and operates only if the program web interface user's browser provides the Referrer header of an HTTP POST request. Make sure that the browser that you are using to work with the Kaspersky Anti Targeted Attack Platform web interface does not modify the Referrer header of an HTTP POST request. If the connection with the web interface of Kaspersky Anti Targeted Attack Platform is established through a proxy server of your organization, make sure that the proxy server does not modify the Referrer header of an HTTP POST request.

In the web interface for sizing management, you can do the following:

• Manage the servers of the Central Node cluster.
• Configure servers hosting the Central Node component.

To get started in the web interface for sizing management:

1. In a browser on any computer on which access to the Central Node server has been allowed, enter the IP address of the server with the Central Node component into the browser's address bar.

   If you are using the fault-tolerant version of the program, you can enter the IP address of any server of the Central Node cluster or the fully qualified domain name (FQDN) of the cluster.

   To ensure uninterrupted access to the program web interface, you can configure the Round Robin function on the DNS server. To do this, log in to the web interface of the first healthy server of the Central Node cluster.

   An input window for account credentials of the Kaspersky Anti Targeted Attack Platform user opens.

2. Enter the administrator user name "admin" and the password that was specified during installation of the program.
3. Select the Local administrator check box.
4. Click Log in.

You can now start working in the web interface for sizing management.

For the fault-tolerant version of the program, the web interface displays the Cluster and Server configuration sections.

If you are using the non fault-tolerant version of the program, only the Server configuration section is displayed in the web interface.

For each user account, the number of simultaneous program management sessions is limited to one IP address. If the same user name is used to sign in to the program from a different IP address, the earlier session is terminated.

Getting started with the application web interface with a local administrator account

The web interface of Kaspersky Anti Targeted Attack Platform is protected against CSRF attacks and operates only if the program web interface user's browser provides the Referrer header of an HTTP POST request. Make sure that the browser that you are using to work with the Kaspersky Anti Targeted Attack Platform web interface does not modify the Referrer header of an HTTP POST request. If the connection with the web interface of Kaspersky Anti Targeted Attack Platform is established through a proxy server of your organization, make sure that the proxy server does not modify the Referrer header of an HTTP POST request.

After installing Kaspersky Anti Targeted Attack Platform, you must configure the sizing settings of the application in the web interface for sizing management.

If the sizing settings of Kaspersky Anti Targeted Attack Platform are not configured, it is not possible to log in to the web interface with a local administrator account.

To get started with the application web interface with a local administrator account:

1. In a browser on any computer on which access to the Central Node server has been allowed, enter the IP address of the server with the Central Node component into the browser's address bar.

   If you are using the fault-tolerant version of the program, you can enter the IP address of any server of the Central Node cluster or the fully qualified domain name (FQDN) of the cluster.

   To ensure uninterrupted access to the program web interface, you can configure the Round Robin function on the DNS server. To do this, log in to the web interface of the first healthy server of the Central Node cluster.

   An input window for account credentials of the Kaspersky Anti Targeted Attack Platform user opens.

2. Enter 'Administrator' as the account name and 'Administrator' as the password.

   The 'Administrator' password is used by default. We strongly recommend changing the password for this account after logging in to the application web interface.

3. Select the Local administrator check box.
4. Click Log in.

   The Dashboard page of the program web interface opens.

You can start using the application with a local administrator account.

For each user account, the number of simultaneous program management sessions is limited to one IP address. If the same user name is used to sign in to the program from a different IP address, the earlier session is terminated.

Getting started with the program administrator menu

You can work with the settings of each of the program's Sensor, Central Node and Sandbox components in the administrator menu in the management console of each server on which the program component is installed.

Make sure that access to Kaspersky Anti Targeted Attack Platform administrator menu and server management console is possible only from computers to which you have granted such access.

Make sure the computers to which you grant access are inside the secure perimeter of your network.

You can configure access to Kaspersky Anti Targeted Attack Platform administrator menu and server management console from certain computers using the iptables command-line utility. For detailed information about managing iptables, see the iptables documentation.

To start working in the Sandbox, Sensor or Central Node component administrator menu in the server management hosting the needed component:

1. Sign in to the management console of the server whose settings you want to change via the SSH protocol or through a terminal.

   The program component administrator menu is displayed.

2. When the system prompts you, enter the administrator user name and the password that was specified during installation of the program.

   The program component administrator menu is displayed.

You can begin working in the application administrator menu.

Getting started with the program in Technical Support Mode

Any actions in Technical Support Mode that are not approved and/or not recommended by Technical Support staff are prohibited and are grounds for withdrawing technical support.

You can work with the Sensor, Central Node and Sandbox components of the program in Technical Support Mode.

Technical Support Mode provides the Kaspersky Anti Targeted Attack Platform administrator with unrestricted access rights (root) to the program and all of its stored data (including personal information).

Working with Kaspersky Anti Targeted Attack Platform from the management console in Technical Support Mode with superuser account rights enables you to:

• Manage program operation settings using configuration files.

  You can also modify the settings for data encryption when data is transferred between program nodes, and the settings for storing and processing objects being scanned.

  In this case, data is transmitted in unencrypted form. The Kaspersky Anti Targeted Attack Platform administrator must use this data independently to ensure protection of servers. The Kaspersky Anti Targeted Attack Platform administrator is responsible for modifying the configuration files of the program.

• Manage
  trace log

  The program is run in debugging mode; after each command is executed, the program is stopped and the result of this step is displayed.

  settings.

  Trace files may contain confidential data of the user. Such files are retained indefinitely and can be manually deleted by the administrator of Kaspersky Anti Targeted Attack Platform. The path for trace files is specified by the administrator of Kaspersky Anti Targeted Attack Platform.

To start working with the Sandbox, Sensor or Central Node component in Technical Support Mode:

1. Sign in to the management console of the server whose settings you want to change via the SSH protocol or through a terminal.
2. When the system prompts you, enter the administrator user name and the password that was specified during installation of the component.

   The program component administrator menu is displayed.

3. In the program administrator menu, select Technical Support Mode.
4. Press ENTER.

   This opens the Technical Support Mode confirmation window.

5. Confirm that you want to operate the program in Technical Support Mode. To do so, select Yes and press ENTER.

You can now start working in Technical Support Mode.