Kaspersky Anti Targeted Attack Platform uses monitoring points to receive and process mirrored SPAN traffic. Monitoring points can be added and removed for the Central Node and Sensor components.
Each monitoring point must be associated with a network interface that receives a copy of traffic from a certain network segment. To add monitoring points, you can use network interfaces that satisfy the following conditions:
Monitoring points can be enabled or disabled. You can disable a monitoring point to temporarily stop monitoring a network segment from which a copy of the traffic is received on the network interface. When you need to resume monitoring, you can re-enable the monitoring point.
After disabling or removing a monitoring point, the application may log events involving this monitoring point for some time. This is due to a possible lag in processing incoming traffic when the Central Node component is under high load.
Monitoring point details are displayed in the card of the network interface to which this monitoring point is linked. If necessary, you can rename the monitoring point.