Managing accounts of application administrators and users

Kaspersky Anti Targeted Attack Platform provides accounts for servers with the following components:

• Sensor. Administrator account for working in the application administrator menu and in the server management console (in Technical Support Mode).

  The 'admin' account is used by default.

• Sandbox. Administrator account for working in the application administrator menu, in the server management console (in Technical Support Mode) and in the Sandbox web interface.

  The 'admin' account is used by default.

• Central Node. The following accounts:
  • Administrator account for working in the application administrator menu and in the server management console (in Technical Support Mode).

    The "admin" account that was created during application installation is used by default.

  • Local administrator account of the application web interface.

    The "Administrator" account that was created during application installation is used by default. You can create other administrator accounts for the application web interface after installation.

  • Administrator account of the application web interface.
  • Application web interface user accounts with the Security auditor, Security officer, and Senior security officer roles.

Data from each of these accounts is stored on the server hosting the application component to which the account belongs.

In

distributed solution

Two-level hierarchy of servers with Central Node components installed. This hierarchy allocates a primary control server (Primary Central Node (PCN)) and secondary servers (Secondary Central Nodes (SCN)).

Two-level hierarchy of servers with Central Node components installed. This hierarchy allocates a primary control server (Primary Central Node (PCN)) and secondary servers (Secondary Central Nodes (SCN)).

Two-level hierarchy of servers with Central Node components installed. This hierarchy allocates a primary control server (Primary Central Node (PCN)) and secondary servers (Secondary Central Nodes (SCN)).

multitenancy

Operation mode in which Kaspersky Anti Targeted Attack Platform is used to protect the infrastructure of multiple organizations or branch offices of the same organization simultaneously.

Operation mode in which Kaspersky Anti Targeted Attack Platform is used to protect the infrastructure of multiple organizations or branch offices of the same organization simultaneously.

Operation mode in which Kaspersky Anti Targeted Attack Platform is used to protect the infrastructure of multiple organizations or branch offices of the same organization simultaneously.

The administrator account used for working in the server management console has unlimited rights to manage the server hosting the application component to which the account belongs (superuser rights). Under this account, you can turn off or restart a server, or modify the settings of the application in Technical Support Mode in the server management console.

An administrator account for working in the management console of a server (admin) has unlimited access to data on that server. The password of the administrator account for working in the server management console must be strong. The administrator must take steps to ensure the security of the servers. The administrator bears responsibility for access to data stored on servers.

An account with the Administrator role can add, enable and disable application user accounts, and change the passwords of application administrator accounts and web interface user accounts. In distributed solution and multitenancy mode, user accounts are managed on the PCN.

The local administrator account of the application web interface is intended for employees of your organization who need to manage Kaspersky Anti Targeted Attack Platform. When signing in to the application under this account, you will see all sections of the web interface that are available to a user with the Administrator role.

The administrator account of the application web interface lets you manage the application, however, unlike the local administrator account of the application web interface, such accounts are not allowed to manage PCN and SCN servers or tenants in the Operation mode section.

An account with the Security auditor role can view all sections of the web interface available to the local administrator and security personnel. A user with the Security auditor role can view data but cannot edit this data.

The Senior security officer and Security officer roles are intended for employees of your organization whose job description involves managing events and tasks of Kaspersky Anti Targeted Attack Platform. When signing in to the application under accounts with these roles, you will see all sections of the web interface that are available to security officers. Users with the Senior security officer role have access to all operations. The restrictions for users with the Security officer role are listed in the table below.

Access restrictions for application users with the Security officer role

If you are using the distributed solution and multitenancy mode, access to tenants and the web interface of the SCN server can be allowed or denied for each account.

Creating an administrator account for the application web interface

The administrator account of the application web interface lets you manage the application, however, unlike the local administrator account of the application web interface, such accounts are not allowed to manage PCN and SCN servers or tenants in the Operation mode section.

To create an application web interface administrator account:

1. Log in to the web interface with the application administrator account.
2. In the window of the application web interface, select the Settings section, Users subsection.
3. Click Add.

   This opens the New user window.

4. To enable an account, turn on the Status toggle switch.

   By default, the account is enabled.

   If the user account is enabled, the user is allowed to gain access to the application web interface. If the user account is disabled, the user is prohibited from gaining access to the application web interface.

5. In the Role drop-down list, select Administrator.
6. Under Authentication type, select one of the following options:
   • KATA user account.

     In this case, to connect to the application web interface, the user must enter the user name and password that were configured when the account was created.

   • Domain user account.

     In this case, to connect to the application web interface, the user does not have to enter the user name and password; the user is authenticated with the domain account.

   The KATA user account and Domain user account fields are available if Active Directory integration is configured.

7. If you selected KATA user account:
   1. In the User name field, enter a user name for the account you want to create.

      The user name must meet the following requirements:

      • Must be unique in the list of user names (case-sensitive).
      • Must contain no more than 32 characters.
      • Can contain letters A–Z, a–z, digits 0–9, hyphens (-), and underscores (_).
      • Must begin with a letter (A–Z or a–z).
   2. In the New password field, enter a user password that will be used to access the web interface.

      The password must satisfy the following requirements:

      • Must not be the same as the user name.
      • Must not contain dictionary words, popular combinations of letters, or examples of a keyboard layout (for example, Qwerty or passw0rd).
      • Must contain at least 8 characters.
      • Must contain at least three types of characters:
        • Uppercase character (A–Z).
        • Lowercase character (a–z).
        • Number.
        • Special character.
   3. In the Confirm password field, re-enter the user password that will be used to access the web interface.
8. If you selected Domain user account, in the User name field, enter the user's domain name.
9. Click Add.

This will create an administrator account for the application web interface.

If you are using the distributed solution and multitenancy mode, the administrator account of the PCN server web interface has access to the data of all organizations associated with that server.

Creating a user account for the application web interface

You can create user accounts with the Senior security officer, Security officer, and Security auditor roles.

To create a user account for the application web interface:

1. Log in to the web interface with the application administrator account.
2. In the window of the application web interface, select the Settings section, Users subsection.
3. Click Add.

   This opens the New user window.

4. If necessary, disable the user account using the Status toggle switch.

   By default, the account is enabled.

   If the user account is enabled, the user is allowed to gain access to the application web interface. If the user account is disabled, the user is prohibited from gaining access to the application web interface.

5. Under Authentication type, select one of the following options:
   • KATA user account.

     In this case, to connect to the application web interface, the user must enter the user name and password that were configured when the account was created.

   • Domain user account.

     In this case, to connect to the application web interface, the user does not have to enter the user name and password; the user is authenticated with the domain account.

     If you have selected the Domain user account authentication type, note that the user will not be able to log in to the application web interface with a different user account.

   The KATA user account and Domain user account fields are available if Active Directory integration is configured.

6. In the Role drop-down list, select one of the following roles:
   • Senior security officer
   • Security officer
   • Security auditor
7. If you select KATA user account:
   1. In the User name field, enter a user name for the account you want to create.

      The user name must meet the following requirements:

      • Must be unique in the list of user names (case-sensitive).
      • Must contain no more than 32 characters.
      • Can contain letters A–Z, a–z, digits 0–9, hyphens (-), and underscores (_).
      • Must begin with a letter (A–Z or a–z).
   2. In the New password field, enter a user password that will be used to access the web interface.

      The password must satisfy the following requirements:

      • Must not be the same as the user name.
      • Must not contain dictionary words, popular combinations of letters, or examples of a keyboard layout (for example, Qwerty or passw0rd).
      • Must contain at least 8 characters.
      • Must contain at least three types of characters:
        • Uppercase character (A–Z).
        • Lowercase character (a–z).
        • Number.
        • Special character.
   3. In the Confirm password field, re-enter the user password that will be used to access the web interface.
8. If you selected Domain user account, in the User name field, enter the user's domain name.
9. In the Access section, configure access rights:
   1. Turn on the SCN web interface toggle switch to allow the user to access not only the web interface of this PCN server, but also to web interfaces of all available SCN servers.
   2. To the right of the Tenants setting title, select check boxes for one or more tenants to whose web interfaces you want to grant access.

      You can use the Select all and Deselect all links to select or unselect all tenants.

10. Click Add.

Configuring user account table display

You can show or hide columns and change the order of columns in the table of user accounts.

To configure user account table display:

1. Log in to the web interface with the application administrator account.
2. In the window of the application web interface, select the Settings section, Users subsection.
3. In the heading part of the table, click .

   This opens the Customize table window.

4. If you want to show a column in the table, select the check box next to the name of the parameter that you want displayed in the table.

   If you want to hide a parameter in the table, clear the check box.

   At least one check box must be selected.

5. If you want to change the order of columns in the table, move the mouse cursor to the row with the relevant parameter, click and move the row to its new place.
6. If you want to restore default table display settings, click Default.
7. Click Apply.

User account table display is configured.

Viewing the user account table

The event table is displayed in the Settings section, Users subsection of the application web interface window. You can sort events in the table by the User name, Role, Tenants, and Status columns.

The table contains the following information:

1. User name is the user name configured when creating the account.
2. Authentication type is the authentication type of the user. Possible values:
   • KATA user account.

     In this authentication type is selected, to connect to the application web interface, the user must enter the user name and password that were configured when the account was created.

   • Domain user account.

     If this authentication type is selected, to connect to the application web interface, the user does not have to enter the user name and password; the user is authenticated with the domain account.

3. Role is the role assigned to the user.
4. Tenants is a list of tenants to which the user has access.

   This column is displayed only in distributed solution and multitenancy mode.

5. Status is the status of the account. Can have the following values:
   • Enabled

     If the user account is enabled, the user is allowed to gain access to the application web interface.

   • Disabled

     If the user account is disabled, the user is prohibited from gaining access to the application web interface.

Filtering user accounts

To filter or search for user accounts by required criteria:

1. Log in to the web interface with the application administrator account.
2. In the window of the application web interface, select the Settings section, Users subsection.
3. Depending on the filtering criterion, do the following:
   • By user name
     1. Click the User name link to open the filtering menu.
     2. In the drop-down list, select one of the following filtering operators:
        • Contain
        • Not contain
     3. In the text box, type the user name or a sequence of characters from the user name.
     4. Click Apply.
   • By authentication type
     1. Click the Authentication type link to open the filtering menu.
     2. Select the check box next to the account that you want to include in filtering criteria:
        • KATA user account.
        • Domain user account.
     3. Click Apply.
   • By role
     1. Click the Role link to open the filtering menu.
     2. Select check boxes corresponding to roles that you want to add to filter criteria.
        • Administrator
        • Senior security officer
        • Security officer
        • Security auditor

        You can select multiple check boxes.

     3. Click Apply.
   • By names of tenants that the user has access to
     1. Click the Tenants link to open the filtering menu.
     2. Select check boxes corresponding to tenants that you want to add to filter criteria.

        You can select multiple check boxes.

     3. Click Apply.
   • By status
     1. Click Status to expand the filter settings list.
     2. Select one of the following options:
        • All
        • Enabled
        • Disabled

The table displays accounts that correspond to configured filter criteria.

You can use multiple filters at the same time.

Clearing the account filter

To clear the YARA rule filter for one or more filtering criteria:

1. In the window of the application web interface, select the Custom rules section, YARA subsection.

   This opens the YARA rule table.

2. Click to the right of that column heading of the rule table for which you want to clear filtering criteria.

   If you want to clear several filter conditions, perform the necessary actions to clear each filter condition.

The selected filters are cleared.

The table displays only rules that match the specified criteria.

Changing access rights of an application web interface user account

You can change access rights of users with Senior security officer and Security officer roles to data of PCN and SCN servers as well as tenants to which those servers belong.

To change access rights of an application web interface user account, do the following in the web interface of the PCN:

1. Log in to the web interface with the application administrator account.
2. In the application web interface window, select the Settings section, Users subsection. Select the account whose access rights you want to change.

   This opens the Edit account window.

3. If you want to enable or disable an account, move the Status toggle switch.
4. In the Access section, move the SCN web interface toggle switch as necessary:
   • Set the toggle switch to Enabled if you want to grant the user access to web interfaces of all available SCN servers in addition to the web interface of this PCN server.
   • Set the toggle switch to Disabled if you want to grant the user access only to the web interface of this PCN server.
5. To the right of the Tenants setting name, select or clear check boxes of one or more tenants for which you want to change the access rights of server web interfaces.

   You can use the Select all and Deselect all links to select or unselect all tenants.

6. Click Save.

The access rights of the account are changed.

Enabling and disabling an administrator account or user account of the application web interface

To enable or disable an administrator account or user account for the application web interface, do the following in the web interface of the PCN:

1. Log in to the web interface with the application administrator account.
2. In the window of the application web interface, select the Settings section, Users subsection.
3. In the list of accounts, select the user account that you want to enable or disable.
4. In the Status column, do one of the following:
   • Turn on the toggle switch next to the name of an account if you want to enable the account.
   • Turn off the toggle switch next to the name of an account if you want to disable the account.

   The action confirmation window is displayed.

5. Click Yes.

The state of the account is modified.

Changing the password of an application administrator or user account

Only users with the KATA user account authentication type can change the password of their user account.

To change the password of an application administrator account or user account, do the following in the web interface of the PCN:

1. Log in to the web interface with the application administrator account.
2. In the application web interface window, select the Settings section, Users subsection. In the list of accounts, select the user account whose password you want to change.

   This opens the Edit account window.

3. In the New password field, enter a new password for the application web interface.

   The password must satisfy the following requirements:

   • Must not be the same as the user name.
   • Must not contain dictionary words, popular combinations of letters, or examples of a keyboard layout (for example, Qwerty or passw0rd).
   • Must contain at least 8 characters.
   • Must contain at least three types of characters:
     • Uppercase character (A–Z).
     • Lowercase character (a–z).
     • Number.
     • Special character.
4. In the Confirm password field, enter the new password again.
5. Click Save.

The password of the application administrator account or user account is changed.

Changing the password of your account

Only users with the KATA user account authentication type can change the password of their user account.

To change the password of your user account:

1. Sign in to the web interface with your account.
2. In the lower part of the program web interface window, click the link with the name of your account to expand the action list.
3. Select the Change password action.

   This opens the Change password window.

4. In the Old password field, enter the current password for the application web interface.
5. In the New password field, enter a new password for the application web interface.

   The password must satisfy the following requirements:

   • Must not be the same as the user name.
   • Must not contain dictionary words, popular combinations of letters, or examples of a keyboard layout (for example, Qwerty or passw0rd).
   • Must contain at least 8 characters.
   • Must contain at least three types of characters:
     • Uppercase character (A–Z).
     • Lowercase character (a–z).
     • Number.
     • Special character.
6. In the Confirm password field, enter the new password again.
7. Click Change password.

The user account password for accessing the application web interface is changed.