Kaspersky Anti Targeted Attack Platform

the kata connector facilitates the automation of critical security tasks related to threat detection and response, leveraging kaspersky's advanced anti targeted attack capabilities kaspersky anti targeted attack (kata) platform is a sophisticated threat detection and response solution designed to identify advanced cyber threats targeting enterprise networks this connector enables swimlane turbine users to automate the retrieval of scan results, manage network isolation, and access detailed alert information directly within their security workflows by integrating with kata, security teams can enhance their incident response capabilities, reduce manual intervention, and accelerate threat detection and remediation processes the connector's actions are designed to streamline operations and provide actionable insights, ensuring a robust defense against targeted attacks the kata connector allows for streamlined integration with kaspersky's security platform, enabling automated threat detection and response the kaspersky anti targeted attack platform is a sophisticated security solution designed to detect and analyze advanced threats and targeted attacks this connector enables swimlane turbine users to integrate with kaspersky's platform, allowing for the automation of critical security operations such as scanning for threats, managing network isolation, and retrieving detailed alert information by leveraging this connector, organizations can enhance their incident response capabilities, reduce manual workload, and improve their overall security posture with timely and accurate threat intelligence prerequisites to effectively utilize the kaspersky anti targeted attack platform connector with swimlane turbine, ensure you have the following prerequisites certificate based authentication with the following parameters url the endpoint url for the kata api tls certificate file base64 a base64 encoded string of the tls certificate file for secure communication private key file base64 a base64 encoded string of the private key file associated with the certificate capabilities this kaspersky anti targeted attack platform connector provides the following capabilities request for scan results request to disable network isolation request to display alert information request to enable network isolation asset setup to start working with the api, you need to integrate an external system with kaspersky anti targeted attack platform the external system must complete authorization on the kaspersky anti targeted attack platform server to integrate an external system with kaspersky anti targeted attack platform generate a unique identifier of the external system for authorization in kaspersky anti targeted attack platform – sensorid generate a certificate for the external system server create any request containing a sensorid from the external system in kaspersky anti targeted attack platform api documentation kaspersky anti targeted attack platform authentication link https //support kaspersky com/kata/6 1/en us/247806 htmkaspersky anti targeted attack platform api documentation https //support kaspersky com/kata/6 1/en us/181506 htm configurations kaspersky api authentication authenticates using certificate and private key file configuration parameters parameter description type required url a url to the target host string required tls certificate file b64 tls certificate file in base64 format string required private key file b64 private key file in base64 format string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions request for scan results initiates a request to retrieve scan results from kaspersky anti targeted attack platform using a specific sensorid endpoint url /kata/scanner/v1/sensors/{{sensorid}}/scans/state method get input argument name type required description sensorid string required unique id of the external system used for authorization in kaspersky anti targeted attack platform state array optional object scan status when this parameter is defined, the scan results will be filtered by status indicate one or more statuses separated by commas the following parameter values are available detect, not detected, processing, timeout, error sensorinstanceid string optional unique id of the external system instance servers combined into a cluster are also considered to be instances of an external system output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "mon, 2 sep 2024 20 37 23 gmt" }, "reason" "ok", "json body" \[ {} ] } ] request to disable network isolation create a request to disable network isolation for a host in kaspersky anti targeted attack platform using the external system id endpoint url /kata/response api/v1/{{external system id}}/settings method delete input argument name type required description external system id string required unique id of the external system used for authorization in kaspersky anti targeted attack platform sensor id string optional unique id of the host with the endpoint agent component settings type string optional type of the resource output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "mon, 2 sep 2024 20 37 23 gmt" }, "reason" "ok", "json body" {} } ] request to display alert information creates a request to display detailed information about alerts from kaspersky anti targeted attack platform using the sensorid endpoint url /kata/scanner/v1/sensors/{{sensorid}}/detects method get input argument name type required description sensorid string required unique id of the external system used for authorization in kaspersky anti targeted attack platform detect type array optional technology that was used to generate the alert you can specify a comma separated list of technologies possible values are am – anti malware engine, sb – sandbox, yara – yara, url reputation – url reputation, ids – intrusion detection system limit number optional number of objects for which information is provided in response to the request allowed values integers from 1 to 10,000 token string optional request id if this parameter is specified, a repeated request does not show alert information that was obtained by prior requests this helps avoid the duplication of information about the same alerts in case of repeated requests output parameter type description status code number http status code of the response reason string response reason phrase detects array output field detects token string output field token example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "mon, 2 sep 2024 20 37 23 gmt" }, "reason" "ok", "json body" { "detects" \[], "token" "" } } ] request to enable network isolation enables network isolation for a host by adding a rule in kaspersky anti targeted attack platform, requiring an external system id endpoint url /kata/response api/v1/{{external system id}}/settings method post input argument name type required description external system id string required unique id of the external system used for authorization in kaspersky anti targeted attack platform sensor id string optional unique id of the host with the endpoint agent component settings type string optional type of the resource settings object optional parameter for request to enable network isolation autoturnofftimeoutinsec number optional period of time during which the network isolation will be active allowed range 1 to 9999 hours network isolation time period is specified in seconds for example, if you want to enable network isolation of a host for two hours, you must specify 7,200 seconds output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "mon, 2 sep 2024 20 37 23 gmt" }, "reason" "ok", "json body" \[ {}, {} ] } ] response headers header description example content length the length of the response body in bytes 140 content type the media type of the resource application/json date the date and time at which the message was originated mon, 2 sep 2024 20 37 23 gmt