This article provides additional details to the Online Help article.
Modern web servers use gzip compression for transferred web pages. Such compressed web pages should not be sent to KATA API as these files will create unnecessary load on Sandbox.
Content-Type - Optional parameter
objectType - must always be a file (other types are not supported)
content - object to send
scanId - ID of the object sent to KATA (must be unique)
sensorId - ID of the system sending
Sometimes, KATA Sandbox may suddenly stop functioning normally and throw a self-diagnostic error. This may be caused by snapshots corruption: as one of the troubleshooting steps, you may remove the latest VM snapshots, this is harmless procedure.
Step-by-step guide
Login to Sandbox via SSH and execute the following command:
ls -l /vm/qemu/vms/
total 36
drwxr
This article is applicable to both KATA and Kaspersky Sandbox 1. It's not applicable to KSB2.
In certain cases (i.e. slow connection to Datacenter from Administrator workplace) it may be troublesome to upload VM images to fresh installed KATA Sandbox server. In such cases, you may prefer to transfer VM images to Sandbox via tools like WinSCP, and then install images via command line tools.
Step-by-step guide
Images should be transferred to Sandbox. Files should be located in /va
For KATA 3.7.2
You can force run Sandbox Healthcheck instead of waiting for 30 minutes' timeout.
Step-by-step guide
Log into Sandbox Server via ssh.
To run checker, first you need to delete /var/tmp/sbtest file:
rm /var/tmp/sbtest
Then run checker and wait until it finishes:
Security officers may need raw alerts data from KATA for further processing in Excel/etc.
Here's how to export all alerts from KATA database to .csv file:
KATA 3.7.2
sudo -u postgres bash -c "psql -d antiapt -c \"COPY (SELECT * FROM all_alerts) TO '/tmp/kata_alerts.csv' (format csv, delimiter ';', header, encoding 'UTF8');\""
Instead of simply copying all alerts
Sometimes, you may need to check KSN servers availability and operation on KATA CN.
This method is not applicable to KATA 6.0. The tool is still present, but it returns error 0x80000001 (Interface not supported).
For KSN issues, there's a way to check specific hash for reputation:
Become root
sudo -i
Check specific hash for reputation by running the following command:
for KATA 4.+ and 5.0:
docker exec -it "$(do
