Kaspersky Anti Targeted Attack Platform

Backing up and restoring data

You can create a backup copy and restore data from it in case of malfunctions or in case you need to reinstall Kaspersky Anti Targeted Attack Platform. You cannot restore data between Kaspersky Anti Targeted Attack Platform based on different operating systems. For example, you cannot restore data of Ubuntu-based Kaspersky Anti Targeted Attack Platform based in Astra Linux-based Kaspersky Anti Targeted Attack Platform, and vice versa.

To create a backup copy of a Central Node server, you can connect to the server over SSH or through a terminal.

The diagram of the process is shown in the figure below.

workflow

Backing up and restoring data

The version of the application in which data you want to restore data, must be the same as the version of the application on the server where the backup was performed. If the versions of the application do not match, an error message is displayed when restoration is initiated, and the restoration process is terminated.

In this Help section

Backing up and restoring the data of the Central Node server

Backing up and restoring the data of the Central Node server deployed as a cluster

Backing up and restoring the data of the Central Node server in distributed solution and multitenancy mode

Contents of exported data

Page top
[Topic 271018]

Backing up and restoring the data of the Central Node server

This scenario describes the procedure for creating and restoring data from backup on a Central Node server.

Backing up and restoring data on the Central Node server involves the following steps:

  1. Creating a backup copy

    You can create a backup copy using the administrator menu or in Technical Support Mode:

    How to create a backup copy in the administrator menu

    The backup copy of Kaspersky Anti Targeted Attack Platform contains databases (alerts database, VIP status details, the list of data excluded from the scan, notifications) and Central Node or PCN settings only.

    1. Sign in to the management console of the server which you want to back up over SSH or through a terminal.
    2. When prompted, enter the user name and password of the administrator account.

      The application component administrator menu is displayed.

    3. In the list of sections of the application administrator menu, select the System administration section.
    4. Press Enter.

      This opens the action selection window.

    5. In the list of actions, select Backup/Restore settings.
    6. Press Enter.

      This opens the Backup/Restore settings window.

    7. In the list of actions, select New.
    8. Press Enter.

      This opens the Backup settings window.

    9. Click Back up.

    The backup copy is created.

    How to create a backup copy in Technical Support Mode

    1. Sign in to the management console of the server which you want to back up over SSH or through a terminal.
    2. When prompted, enter the user name and password of the administrator account.

      The application component administrator menu is displayed.

    3. In the list of sections of the application administrator menu, select the Technical Support Mode section.
    4. Press Enter.

      This opens the Technical Support Mode confirmation window.

    5. Confirm that you want to manage the application in Technical Support Mode. To do so, select Yes and press Enter.
    6. Run the following command:

      sudo kata-run.sh kata-backup-restore backup

    You can also specify one or multiple parameters for this command (see the table below).

    You can use the -h command to receive tips on using parameters.

    Parameters for creating a backup copy

    Required parameter

    Parameter

    Description

    Yes

    -b <path>

    Create a backup copy at the specified path,

    where <path> is the absolute or relative path to the directory in which you want to create the backup copy.

    No

    -c

    Clear the directory before saving the backup copy.

    No

    -d <number of stored files>

    Specify the maximum number of backup files stored in the directory, where <number> is the number of files.

    No

    -e

    Save files in Storage.

    No

    -q

    Save files in quarantine.

    No

    -a

    Save files awaiting rescan.

    No

    -s

    Save Sandbox artifacts.

    No

    -n

    Save Central Node or PCN settings.

    No

    -l <filepath>

    Save the command execution result to a file, where <filepath> is the name of the event log file, including the absolute path or relative path to the file.

    If additional settings are not defined, the backup copy contains only databases (alerts database, VIP status details, the list of data excluded from the scan, notifications).

    Example:

    Command for creating a backup copy:

    sudo kata-run.sh kata-backup-restore backup -b <path> -c -d <number of stored files> -e -q -a -s -n -l <filepath>

  2. Saving the backup copy to the hard drive

    To save the backup copy on the hard drive of your computer, run the following command:

    scp <name of the account used for working in the administrator menu and in the server management console>@<IP address of the server>:<name of the backup file of the form: data_kata_<date and time of backup copy creation>.tar>

    Example:

    Command for downloading to the hard drive of your computer a backup copy created on a Central Node server with the IP address 10.0.0.10 under the 'admin' account on April 10, 2020 at 10 hours 00 minutes 00 seconds:

    scp admin@10.0.0.10:data_kata_2020_04_10T10_00_00.tar

    The backup copy is saved to the current directory on the hard drive of your computer.

  3. Reinstalling the application

    Remove and reinstall Kaspersky Anti Targeted Attack Platform.

  4. Uploading a backup copy to the server

    Upload your backup copy to the Central Node server by running the following command:

    scp <name of the backup file of the form: data_kata_<date and time of backup copy creation>.tar> <name of the account used for working in the administrator menu and in the server management console>@<IP address of the server>:

    Example:

    Command for uploading a backup copy created on April 10, 2020 at 10 hours 00 minutes 00 seconds to the Central Node server with the IP address 10.0.0.10 under the 'admin' account:

    scp data_kata_2020_04_10T10_00_00.tar admin@10.0.0.10:

    The backup copy is uploaded to the current directory on the Central Node server.

  5. Restoring data from a backup copy

    You can restore data from a backup copy on the Central Node server using the administrator menu or in Technical Support Mode:

    How to restore data in the administrator menu

    1. Sign in to the management console of the server whose data you want to restore over SSH or through a terminal.
    2. When prompted, enter the user name and password of the administrator account.

      The application component administrator menu is displayed.

    3. In the list of sections of the application administrator menu, select the System administration section.
    4. Press Enter.

      This opens the action selection window.

    5. In the list of actions, select Backup/Restore settings.
    6. Press Enter.

      This opens the Backup/Restore settings window.

    7. In the list of files containing backup copies of the application, select the file from which you want to restore the server data.

      If the necessary file is not listed, upload the file containing the backup copy to the server.

    8. Press Enter.

      This opens the action selection window.

    9. In the list of actions, select Restore <name of the backup file of the form: data_kata_<creation date and time of the backup copy>.tar>
    10. Press Enter.

      This opens the action confirmation window.

    11. Click Restore.

      The process of restoring the server data from the backup copy starts.

    Server data are restored from the selected file.

    The settings for receiving mirrored traffic from SPAN ports are restored automatically if the names of network interfaces are the same on the server where the backup copy was created and on the server where data is being restored from the backup copy.

    If the names of the network interfaces do not match, after performing step 11 of the instructions above, you will be prompted to select the network interfaces for receiving mirrored traffic from SPAN ports.

    How to recover data in Technical Support Mode

    1. Sign in to the management console of the server whose data you want to restore over SSH or through a terminal.
    2. When prompted, enter the user name and password of the administrator account.

      The application component administrator menu is displayed.

    3. In the list of sections of the application administrator menu, select the Technical Support Mode section.
    4. Press Enter.

      This opens the Technical Support Mode confirmation window.

    5. Confirm that you want to manage the application in Technical Support Mode. To do so, select Yes and press Enter.
    6. Run the following command:

    sudo kata-run.sh kata-backup-restore restore

    You can also specify one or multiple parameters for this command (see the table below).

    You can use the -h command to receive tips on using parameters.

    Data restoration parameters

    Required parameter

    Parameter

    Command description

    Yes

    -r <path>

    Restore data from a file containing a backup copy,

    where <path> is the full path to the backup file.

    No

    -l <filepath>

    Save the command execution result to a file, where <filepath> is the name of the event log file, including the absolute path or relative path to the file.

    Example:

    Command for restoring the data from a backup copy:

    sudo kata-run.sh kata-backup-restore restore -r <path> -l <filepath>

    The settings for receiving mirrored traffic from SPAN ports are restored automatically if the names of network interfaces are the same on the server where the backup copy was created and on the server where data is being restored from the backup copy.

    If the names of the network interfaces do not match, after performing step 6 of the instructions above, you will be prompted to select the network interfaces for receiving mirrored traffic from SPAN ports.

The backup copy of server settings does not contain PCAP files of recorded mirrored network traffic. You can save and restore PCAP files on your own by copying them from the /data/volumes/dumps directory of the connected storage. After restoring data, you must connect your external storage.

If the hardware configuration of the Central Node server on which the backup copy was created differs from the hardware configuration of the server on which you are planning to restore the server settings, you need to reconfigure the application scaling settings after restoring.

Page top
[Topic 271112]

Backing up and restoring the data of the Central Node server deployed as a cluster

This scenario describes the procedure for backing up and restoring data on a Central Node server deployed as a cluster.

This procedure must be carried out on a server with the 'manager' role in the Docker swarm. To view the role, use the $ docker node ls command. In the MANAGER STATUS field, a server with the manager role has Leader or Reachable.

Backing up and restoring data on the Central Node server deployed as a cluster involves the following steps:

  1. Creating a backup copy

    You can create a backup copy using the administrator menu or in Technical Support Mode:

    How to create a backup copy in the administrator menu

    The backup copy of Kaspersky Anti Targeted Attack Platform contains databases (alerts database, VIP status details, the list of data excluded from the scan, notifications) and Central Node or PCN settings only.

    1. Sign in to the management console of the server which you want to back up over SSH or through a terminal.
    2. When prompted, enter the user name and password of the administrator account.

      The application component administrator menu is displayed.

    3. In the list of sections of the application administrator menu, select the System administration section.
    4. Press Enter.

      This opens the action selection window.

    5. In the list of actions, select Backup/Restore settings.
    6. Press Enter.

      This opens the Backup/Restore settings window.

    7. In the list of actions, select New.
    8. Press Enter.

      This opens the Backup settings window.

    9. Click Back up.

    The backup copy is created.

    How to create a backup copy in Technical Support Mode

    1. Sign in to the management console of the server which you want to back up over SSH or through a terminal.
    2. When prompted, enter the user name and password of the administrator account.

      The application component administrator menu is displayed.

    3. In the list of sections of the application administrator menu, select the Technical Support Mode section.
    4. Press Enter.

      This opens the Technical Support Mode confirmation window.

    5. Confirm that you want to manage the application in Technical Support Mode. To do so, select Yes and press Enter.
    6. Run the following command:

      sudo kata-run.sh kata-backup-restore backup

    You can also specify one or multiple parameters for this command (see the table below).

    You can use the -h command to receive tips on using parameters.

    Parameters for creating a backup copy

    Required parameter

    Parameter

    Description

    Yes

    -b <path>

    Create a backup copy at the specified path,

    where <path> is the absolute or relative path to the directory in which you want to create the backup copy.

    No

    -c

    Clear the directory before saving the backup file.

    No

    -d <number of stored files>

    Specify the maximum number of files stored in the directory, where <number> is the number of files.

    No

    -n

    Save Central Node or PCN settings.

    No

    -l <filepath>

    Save the command execution result to a file, where <filepath> is the name of the event log file, including the absolute path or relative path to the file.

    If additional settings are not defined, the backup copy contains only databases (alerts database, VIP status details, the list of data excluded from the scan, notifications).

    Example:

    Command for creating a backup copy:

    sudo kata-run.sh kata-backup-restore backup -b <path> -c -d <number of stored files> -e -q -a -s -n -l <filepath>

  2. Saving the backup copy to the hard drive

    To save the backup copy on the hard drive of your computer, run the following command:

    scp <name of the account used for working in the administrator menu and in the server management console>@<IP address of the server>:<name of the backup file of the form: data_kata_<date and time of backup copy creation>.tar>

    Example:

    Command for downloading to the hard drive of your computer a backup copy created on a Central Node server with the IP address 10.0.0.10 under the 'admin' account on April 10, 2020 at 10 hours 00 minutes 00 seconds:

    scp admin@10.0.0.10:data_kata_2020_04_10T10_00_00.tar

    The backup copy is saved to the current directory on the hard drive of your computer.

  3. Reinstalling the application

    Remove and reinstall Kaspersky Anti Targeted Attack Platform.

  4. Uploading a backup copy to the server

    Upload your backup copy to the Central Node server by running the following command:

    scp <name of the backup file of the form: data_kata_<date and time of backup copy creation>.tar> <name of the account used for working in the administrator menu and in the server management console>@<IP address of the server>:

    Example:

    Command for uploading a backup copy created on April 10, 2020 at 10 hours 00 minutes 00 seconds to the Central Node server with the IP address 10.0.0.10 under the 'admin' account:

    scp data_kata_2020_04_10T10_00_00.tar admin@10.0.0.10:

    The backup copy is uploaded to the current directory on the Central Node server.

  5. Restoring data from a backup copy

    You can restore data from a backup copy on the Central Node server using the administrator menu or in Technical Support Mode:

    How to restore data in the administrator menu

    1. Sign in to the management console of the server whose data you want to restore over SSH or through a terminal.
    2. When prompted, enter the user name and password of the administrator account.

      The application component administrator menu is displayed.

    3. In the list of sections of the application administrator menu, select the System administration section.
    4. Press Enter.

      This opens the action selection window.

    5. In the list of actions, select Backup/Restore settings.
    6. Press Enter.

      This opens the Backup/Restore settings window.

    7. In the list of files containing backup copies of the application, select the file from which you want to restore the server data.

      If the necessary file is not listed, upload the file containing the backup copy to the server.

    8. Press Enter.

      This opens the action selection window.

    9. In the list of actions, select Restore <name of the backup file of the form: data_kata_<creation date and time of the backup copy>.tar>
    10. Press Enter.

      This opens the action confirmation window.

    11. Click Restore.

      The process of restoring the server data from the backup copy starts.

    Server data are restored from the selected file.

    The settings for receiving mirrored traffic from SPAN ports are restored automatically if the names of network interfaces are the same on the server where the backup copy was created and on the server where data is being restored from the backup copy.

    If the names of the network interfaces do not match, after performing step 11 of the instructions above, you will be prompted to select the network interfaces for receiving mirrored traffic from SPAN ports.

    How to recover data in Technical Support Mode

    1. Sign in to the management console of the server whose data you want to restore over SSH or through a terminal.
    2. When prompted, enter the user name and password of the administrator account.

      The application component administrator menu is displayed.

    3. In the list of sections of the application administrator menu, select the Technical Support Mode section.
    4. Press Enter.

      This opens the Technical Support Mode confirmation window.

    5. Confirm that you want to manage the application in Technical Support Mode. To do so, select Yes and press Enter.
    6. Run the following command:

    sudo kata-run.sh kata-backup-restore restore

    You can also specify one or multiple parameters for this command (see the table below).

    You can use the -h command to receive tips on using parameters.

    Data restoration parameters

    Required parameter

    Parameter

    Command description

    Yes

    -r <path>

    Restore data from a file containing a backup copy,

    where <path> is the full path to the backup file.

    No

    -l <filepath>

    Save the command execution result to a file, where <filepath> is the name of the event log file, including the absolute path or relative path to the file.

    Example:

    Command for restoring the data from a backup copy:

    sudo kata-run.sh kata-backup-restore restore -r <path> -l <filepath>

    The settings for receiving mirrored traffic from SPAN ports are restored automatically if the names of network interfaces are the same on the server where the backup copy was created and on the server where data is being restored from the backup copy.

    If the names of the network interfaces do not match, after performing step 6 of the instructions above, you will be prompted to select the network interfaces for receiving mirrored traffic from SPAN ports.

The backup copy of server settings does not contain PCAP files of recorded mirrored network traffic. You can save and restore PCAP files on your own by copying them from the /data/volumes/dumps directory of the connected external storage. After restoring data, you must connect your external storage.

If the hardware configuration of the Central Node server on which the backup copy was created differs from the hardware configuration of the server on which you are planning to restore the server settings, you need to reconfigure the application scaling settings after restoring.

Page top
[Topic 271113]

Backing up and restoring the data of the Central Node server in distributed solution and multitenancy mode

This scenario describes the procedure for backing up and restoring data on Central Node servers deployed in distributed solution or multitenancy mode.

To back up and restore data when using the distributed solution and multitenancy mode, you must connect to each Central Node server in the hierarchy and follow the steps of the instructions below. When restoring data from backup on a server with the SCN role, its role changes to a standalone Central Node server.

Backing up and restoring data on Central Node servers deployed in distributed solution or multitenancy mode involves the following steps:

  1. Creating a backup copy

    You can create a backup copy using the administrator menu or in Technical Support Mode:

    How to create a backup copy in the administrator menu

    The backup copy of Kaspersky Anti Targeted Attack Platform contains databases (alerts database, VIP status details, the list of data excluded from the scan, notifications) and Central Node or PCN settings only.

    1. Sign in to the management console of the server which you want to back up over SSH or through a terminal.
    2. When prompted, enter the user name and password of the administrator account.

      The application component administrator menu is displayed.

    3. In the list of sections of the application administrator menu, select the System administration section.
    4. Press Enter.

      This opens the action selection window.

    5. In the list of actions, select Backup/Restore settings.
    6. Press Enter.

      This opens the Backup/Restore settings window.

    7. In the list of actions, select New.
    8. Press Enter.

      This opens the Backup settings window.

    9. Click Back up.

    The backup copy is created.

    How to create a backup copy in Technical Support Mode

    1. Sign in to the management console of the server which you want to back up over SSH or through a terminal.
    2. When prompted, enter the user name and password of the administrator account.

      The application component administrator menu is displayed.

    3. In the list of sections of the application administrator menu, select the Technical Support Mode section.
    4. Press Enter.

      This opens the Technical Support Mode confirmation window.

    5. Confirm that you want to manage the application in Technical Support Mode. To do so, select Yes and press Enter.
    6. Run the following command:

      sudo kata-run.sh kata-backup-restore backup

    You can also specify one or multiple parameters for this command (see the table below).

    You can use the -h command to receive tips on using parameters.

    Parameters for creating a backup copy

    Required parameter

    Parameter

    Description

    Yes

    -b <path>

    Create a backup copy at the specified path,

    where <path> is the absolute or relative path to the directory in which you want to create the backup copy.

    No

    -c

    Clear the directory before saving the backup copy.

    No

    -d <number of stored files>

    Specify the maximum number of backup files stored in the directory, where <number> is the number of files.

    No

    -e

    Save files in Storage.

    No

    -q

    Save files in quarantine.

    No

    -a

    Save files awaiting rescan.

    No

    -s

    Save Sandbox artifacts.

    No

    -n

    Save Central Node or PCN settings.

    No

    -l <filepath>

    Save the command execution result to a file, where <filepath> is the name of the event log file, including the absolute path or relative path to the file.

    If additional settings are not defined, the backup copy contains only databases (alerts database, VIP status details, the list of data excluded from the scan, notifications).

    Example:

    Command for creating a backup copy:

    sudo kata-run.sh kata-backup-restore backup -b <path> -c -d <number of stored files> -e -q -a -s -n -l <filepath>

  2. Saving the backup copy to the hard drive

    To save the backup copy on the hard drive of your computer, run the following command:

    scp <name of the account used for working in the administrator menu and in the server management console>@<IP address of the server>:<name of the backup file of the form: data_kata_<date and time of backup copy creation>.tar>

    Example:

    Command for downloading to the hard drive of your computer a backup copy created on a Central Node server with the IP address 10.0.0.10 under the 'admin' account on April 10, 2020 at 10 hours 00 minutes 00 seconds:

    scp admin@10.0.0.10:data_kata_2020_04_10T10_00_00.tar

    The backup copy is saved to the current directory on the hard drive of your computer.

  3. Reinstalling the application

    Remove and reinstall Kaspersky Anti Targeted Attack Platform.

  4. Uploading a backup copy to the server

    Upload your backup copy to the Central Node server by running the following command:

    scp <name of the backup file of the form: data_kata_<date and time of backup copy creation>.tar> <name of the account used for working in the administrator menu and in the server management console>@<IP address of the server>:

    Example:

    Command for uploading a backup copy created on April 10, 2020 at 10 hours 00 minutes 00 seconds to the Central Node server with the IP address 10.0.0.10 under the 'admin' account:

    scp data_kata_2020_04_10T10_00_00.tar admin@10.0.0.10:

    The backup copy is uploaded to the current directory on the Central Node server.

  5. Restoring data from a backup copy

    You can restore data from a backup copy on the Central Node server using the administrator menu or in Technical Support Mode:

    How to restore data in the administrator menu

    1. Sign in to the management console of the server whose data you want to restore over SSH or through a terminal.
    2. When prompted, enter the user name and password of the administrator account.

      The application component administrator menu is displayed.

    3. In the list of sections of the application administrator menu, select the System administration section.
    4. Press Enter.

      This opens the action selection window.

    5. In the list of actions, select Backup/Restore settings.
    6. Press Enter.

      This opens the Backup/Restore settings window.

    7. In the list of files containing backup copies of the application, select the file from which you want to restore the server data.

      If the necessary file is not listed, upload the file containing the backup copy to the server.

    8. Press Enter.

      This opens the action selection window.

    9. In the list of actions, select Restore <name of the backup file of the form: data_kata_<creation date and time of the backup copy>.tar>
    10. Press Enter.

      This opens the action confirmation window.

    11. Click Restore.

      The process of restoring the server data from the backup copy starts.

    Server data are restored from the selected file.

    The settings for receiving mirrored traffic from SPAN ports are restored automatically if the names of network interfaces are the same on the server where the backup copy was created and on the server where data is being restored from the backup copy.

    If the names of the network interfaces do not match, after performing step 11 of the instructions above, you will be prompted to select the network interfaces for receiving mirrored traffic from SPAN ports.

    How to recover data in Technical Support Mode

    1. Sign in to the management console of the server whose data you want to restore over SSH or through a terminal.
    2. When prompted, enter the user name and password of the administrator account.

      The application component administrator menu is displayed.

    3. In the list of sections of the application administrator menu, select the Technical Support Mode section.
    4. Press Enter.

      This opens the Technical Support Mode confirmation window.

    5. Confirm that you want to manage the application in Technical Support Mode. To do so, select Yes and press Enter.
    6. Run the following command:

    sudo kata-run.sh kata-backup-restore restore

    You can also specify one or multiple parameters for this command (see the table below).

    You can use the -h command to receive tips on using parameters.

    Data restoration parameters

    Required parameter

    Parameter

    Command description

    Yes

    -r <path>

    Restore data from a file containing a backup copy,

    where <path> is the full path to the backup file.

    No

    -l <filepath>

    Save the command execution result to a file, where <filepath> is the name of the event log file, including the absolute path or relative path to the file.

    Example:

    Command for restoring the data from a backup copy:

    sudo kata-run.sh kata-backup-restore restore -r <path> -l <filepath>

    The settings for receiving mirrored traffic from SPAN ports are restored automatically if the names of network interfaces are the same on the server where the backup copy was created and on the server where data is being restored from the backup copy.

    If the names of the network interfaces do not match, after performing step 6 of the instructions above, you will be prompted to select the network interfaces for receiving mirrored traffic from SPAN ports.

The backup copy of server settings does not contain PCAP files of recorded mirrored traffic. You can save and restore PCAP files on your own by copying them from the /data/volumes/dumps directory of the connected storage. After restoring data, you must connect your external storage.

If the hardware configuration of the Central Node server on which the backup copy was created differs from the hardware configuration of the server on which you are planning to restore the server settings, you need to reconfigure the application scaling settings after restoring.

Page top
[Topic 271114]

Contents of exported data

Kaspersky Anti Targeted Attack Platform may contain user data and other confidential information. The Kaspersky Anti Targeted Attack Platform administrator must take steps to ensure the security of this data when creating a backup copy, when replacing equipment on which the application is installed, or in other cases when it may be necessary to permanently delete data. The Kaspersky Anti Targeted Attack Platform administrator bears responsibility for access to data stored on application servers.

You can create a backup copy of the following data:

  • The application database.
  • Objects in Storage.
  • Files from alerts generated during a rescan.
  • Sandbox artifacts.
  • Configuration files.
  • Central Node or PCN settings:

You can clear the directory before creating a backup copy of the application.

Before restoring data from backup, the following is cleared on the Central Node or PCN server on which the application is being restored:

  • The application database.
  • Objects in Storage.
  • Files from alerts generated during a rescan.
  • Sandbox artifacts.
  • Configuration files.
  • Central Node or PCN settings.

    Contents and amount of data exported to create a backup copy

    Data type

    Exported data

    Application operation mode

    Deployment method

    • Central Node settings.
    • The application database on Central Node:
      • Alerts and VIP statuses of alerts
      • Tasks and task execution results
      • Policies
      • User-defined TAA (IOA) rules and exclusions
      • User-defined IDS rules and exclusions
      • IOC files
      • Scan exclusion rules
      • Information about files in Storage
      • Information about quarantined objects
      • List of computers with Endpoint Agent
      • Reports and report templates
      • User account data
      • Notifications

    Central Node settings, if selected.

    Application databases, by default.

    Standalone Central Node server.

    All deployment methods.

    PCN settings.

    Custom

    Distributed solution and multitenancy mode.

     

    All deployment methods.

    SCN settings.

    Custom

    As for a standalone Central Node server.

    Distributed solution and multitenancy mode.

    All deployment methods.

    Application databases on the PCN:

    • Alerts and VIP statuses of alerts
    • Task execution results
    • Policies
    • User-defined TAA (IOA) rules and exclusions
    • User-defined IDS rules and exclusions
    • IOC files
    • List of data excluded from the scan
    • Information about files in Storage
    • Information about quarantined objects
    • List of Kaspersky Endpoint Agent hosts
    • Reports and report templates
    • User account data
    • Notifications

    Default

    Distributed solution and multitenancy mode.

    All deployment methods.

    Configuration files.

    Yes

    All modes.

    All deployment methods.

    Backup

    Custom

    All modes.

    Non-high-availability version.

    Sandbox artifacts.

    Custom

    All modes.

    Non-high-availability version.

    Files from alerts generated during a rescan.

    Custom

    All modes.

    Non-high-availability version.

    Events database.

    None.

    All modes.

    All deployment methods.

Files that are in the scan queue when the backup copy of the application is created are not exported.

Page top
[Topic 271365]