1.1. Scenario:
KATA/EDR CN is deployed on site, and there are some remote users that cannot connect to the internal network, and you want to receive the EDR telemetry from those endpoints and laptops when they are outside the network (considering that you don't have any VPN functionality).
You don't want to expose the CN on the internet, so you'd like to use the sensor to relay the telemetry to the CN and have visibility on the endpoints.
1.2. Pre-requisites and configuration step
The article is applicable to KEA 3.x (any cf) as part of [KATA+]EDR solution.
1.1. Problem
Some hosts (usually server, eg. Windows Server 2012 R2) will not appear in CN dashboard after being configured using correct settings, including a valid TLS certificate. In the known case, such Endpoint Agents were configured locally using the command line, not via policy; however, we were able to verify that the same configuration led to successful connection on most hosts.
During trou
Generally, NDR is a set of features for protecting the enterprise network by detecting attacks, suspicious activities and other risks.
Earlier versions of KATA Platform provided KATA functionality, which is intended to protect the perimeter of an organization by analyzing the external traffic for attacks, intrusions, and malicious objects/emails/URL links.
NDR expands the above functionality and allows you to protect the corporate LAN.
Specifically, KATA is more for north-south traff
