You may want to obtain list of EDR agents ever connected to KATA.
Step-by-step guide
KATA 3.7+
Connect to Central Node via ssh, choose Technical support mode, become root:
$ sudo -i
Execute command:
sudo -u p
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
How to monitor KATA system health such as CPU, HDD, Memory usage, services status and etc? How to output this information?
Locally, monitoring product operation and component health can be done in KATA dashboard. CPU, memory or similar metrics can be viewed using built-in Linux tools in support mode. Available remote monitoring options are:
Using SNMP
Hearbeats in SIEM integration
KATA doesn't have auto removal for inactive agents, and also it doesn't have support for VDI scenarios yet.
So if you have many VDI clients in use, they will quickly fill up the license.
Step-by-step guide
KATA 3.7.2
You can set up cron task to remove clients periodically, for example, this code will remove clients older than 3 days
sudo -u kluser psql antiapt -c "delete from agent_status where last_packet_ti
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
We suggest free and lightweight client, part of Putty: pscp.
Step-by-step guide
You can download pscp.exe for Windows from official site.
Navigate to the folder with pscp.exe and start cmd or powershell there
To copy files to KATA, run the following command:
.\pscp.exe -scp <path to loc
Step-by-step guide
KATA 3.7.2
Connect to central node/sensor node which processing SPAN traffic via ssh;
Proceed to Technical support mode;
Become root with command:
Turn on wrapCopy as text
# sudo -i
Create file /etc/suricata/capture-filter.bpf with line containing traffic filtering conditions (syntax is the same as in tcpdump conditions), below you can see filter for example:
Exa
Problem
How to configure KEA exclusions required for KEA installed on AD controllers to prevent its slowdown and high hardware resources consumption.
Step-by-step guide
Add the following registry key to affected AD controller registry:
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\KasperskyLab\SOYUZ\4.0\Environment]
"EnablePorts"=dword:00000001
"EnableSignatureLevel"=dword:00000001
"ServerProfile"=dword:0000000a
This operation should be done as Local System account (eit
