Contents
Getting started with the application
This section contains information about how to begin managing the application in the web interface, in the administrator menu, and in Technical Support Mode.
Getting started with the application web interface with an administrator account
The web interface of Kaspersky Anti Targeted Attack Platform is protected against CSRF attacks and operates only if the browser used for managing the application web interface provides the Referrer header of an HTTP POST request. Make sure that the browser that you are using to work with the Kaspersky Anti Targeted Attack Platform web interface does not modify the Referrer header of an HTTP POST request. If the connection with the web interface of Kaspersky Anti Targeted Attack Platform is established through a proxy server of your organization, make sure that the proxy server does not modify the Referrer header of an HTTP POST request.
After installing Kaspersky Anti Targeted Attack Platform, you must manage the sizing settings of the application.
If the sizing settings of Kaspersky Anti Targeted Attack Platform are not configured, logging in to the application web interface is not possible.
To get started with the application web interface with an administrator account:
- In a browser on any computer on which access to the Central Node server has been allowed, enter the IP address of the server with the Central Node component into the browser's address bar.
If you are using the high availability version of the application, you can enter the IP address of any server of the Central Node cluster or the fully qualified domain name (FQDN) of the cluster.
An input window for account credentials of the Kaspersky Anti Targeted Attack Platform user opens.
- Enter the username, "admin", and the password that was set when deploying the Central Node component.
- Click Log in.
The Dashboard page of the application web interface is displayed.
You can start using the application with the administrator account.
For each user account, the number of simultaneous application management sessions is limited to one IP address. If the same user name is used to sign in to the application from a different IP address, the earlier session is terminated.
Getting started with the application administrator menu
You can manage the settings of each of the application's Sensor, Central Node, and Sandbox components in the administrator menu in the management console of each server on which the application component is installed.
Make sure that access to Kaspersky Anti Targeted Attack Platform administrator menu and server management console is possible only from computers to which you have granted such access.
Make sure the computers to which you grant access are inside the secure perimeter of your network.
You can configure access to Kaspersky Anti Targeted Attack Platform administrator menu and server management console from certain computers using the iptables command-line utility. For detailed information about managing iptables, see the iptables documentation.
To start working in the Sandbox, Sensor or Central Node component administrator menu in the server management hosting the needed component:
- Sign in to the management console of the server whose settings you want to change via the SSH protocol or through a terminal.
The application component administrator menu is displayed.
- When the system prompts you, enter the administrator user name and the password that was set during the installation of the application.
The application component administrator menu is displayed.
You can begin working in the Sensor or Sandbox component administrator menu.
Getting started with the application in Technical Support Mode
Any actions in Technical Support Mode that are not approved and/or not recommended by Technical Support staff are prohibited and are grounds for withdrawing technical support.
You can manage the Sensor, Central Node and Sandbox components of the application in Technical Support Mode.
Technical Support Mode provides the Kaspersky Anti Targeted Attack Platform administrator with unrestricted access rights (root) to the application and all of its stored data (including personal information).
Working with Kaspersky Anti Targeted Attack Platform from the management console in Technical Support Mode with superuser account rights enables you to:
- Manage application operation settings using configuration files.
You can also modify the settings for data encryption when data is transferred between application nodes, and the settings for storing and processing objects being scanned.
In this case, data is transmitted in unencrypted form. The Kaspersky Anti Targeted Attack Platform administrator must use this data independently to ensure protection of servers. The Kaspersky Anti Targeted Attack Platform administrator is responsible for modifying the configuration files of the application.
- Manage settings.
Trace files may contain confidential data of the user. Such files are retained indefinitely and can be manually deleted by the administrator of Kaspersky Anti Targeted Attack Platform. The path for trace files is specified by the administrator of Kaspersky Anti Targeted Attack Platform.
To start working with the Sandbox, Sensor or Central Node component in Technical Support Mode:
- Sign in to the management console of the server whose settings you want to change via the SSH protocol or through a terminal.
- When the system prompts you, enter the administrator user name and the password that was specified during installation of the component.
The application component administrator menu is displayed.
- In the application administrator menu, select Technical Support Mode.
- Press ENTER.
This opens the Technical Support Mode confirmation window.
- Confirm that you want to manage the application in Technical Support Mode. To do so, select Yes and press ENTER.
You can proceed to manage the Central Node, Sensor, or Sandbox component in Technical Support Mode.