Configuring risk types

Risk types define the settings that are used when registering risks in Kaspersky Anti Targeted Attack Platform: names, categories, and base scores for risks. You can view the settings of risk types and, if necessary, change the base scores for some risk types.

After the installation, the application uses the original list of risk types. You can update and add supported risk types by installing updates.

Viewing the table of risk types

The table of risk types is displayed in the Settings section, [Risk types]] subsection of the application web interface.

Risk type settings are displayed in the following columns of the table:

• Code.

  Unique number of the risk type. In the table of registered risks, the number of the risk type is displayed in the details area of the selected risk.

• Name.

  Name of the risk type displayed in the table of risk types. When registering a risk, its name may not completely match the name of the risk type used. The names of some risk types may be completely replaced with other names for registered risks. For instance, risk types with such names include risks of the Risk from external system types. If a risk of this type is registered, the application keeps the name of the risk specified in the source of information about the risk (for example, in an external system that uses the Kaspersky Anti Targeted Attack Platform API NDR).

• Category.

  The name of the risk category.

• Base score

  Baseline for calculating the score of the registered risk. The configured base scores are applied when registering all risks, except for risks from external systems. Risk types named Risk from external system have base scores of zero. Base scores for such risks must be specified in external systems that register risks using the Kaspersky Anti Targeted Attack Platform API NDR.

When viewing the table of risk types, you can use the configuration, filtering, searching, and sorting functionality.

Changing the base score for a risk type

Base scores cannot be changed for risk types named Risk from external system. If a risk of this type is registered, the base score of this risk must be provided by the source of information about the risk (for example, an external system that uses the Kaspersky Anti Targeted Attack Platform API NDR).

To change the base score for a risk type:

1. In the window of the application web interface, select the Settings section, Risk types subsection.
2. In the table of risk types, select the risk type for which you want to change the base score.

   The details area is displayed in the right part of the web interface window.

3. Click Edit.
4. Enter the new base score.
5. Click Save.

Managing the settings for storing risks

You can change the maximum total size limit for stored risks.

To change the risk storage settings:

1. Log in to the web interface with the application administrator account.
2. Select the Sensor servers section.
3. Select the card of the Central Node server.

   The details area is displayed in the right part of the web interface window.

4. Click Edit.

   In the details area, tabs are displayed, on which you can manage the settings of the server.

5. On the General tab, go to Risks tab and use the Max volume setting to set the size limit for storing risks.

   You can select the unit of measure for the size limit: MB or GB.

   When editing the value, you also need to take into account that the sum total of all size limits may not exceed the specified maximum storage capacity for the node.

6. If necessary, use the Storage time (days) setting to enable a minimum storage time for risks, and specify the minimum number of days.
7. Click Save.