Jump to content
Kaspersky Support Forum

How to integrate KATA and KWTS [KATA/KEDRE]

Antipova Anna
 Share

Recommended Posts

Antipova Anna

Antipova Anna

Posted
Posted

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.

You may have purchased both the KATA and KWTS(Kaspersky Web Traffic Security) products. Since KWTS has built-in KATA integration, you may want to integrate KATA and KWTS.

Problems after integration

Shortly after integration you may notice that on KWTS side, there is an error about sending objects to KATA, and dashboards look similar to this:

image.thumb.png.e3b5a2ae4c4849dcc24f234c83d3ad0a.png

image.thumb.png.6a8c3d87953683acc724f99e5bc29295.png

Resolution

Prerequisite for successful integration with KWTS is KATA version 3.6.1.752 or higher.

KATA side

To clean tasks, stuck in 'processing' state, do the following:

1) Find out KWTS ID:

sudo -u kluser psql antiapt -c "select id, sensor_type, sensor_name, ip from lms.client;"

On KATA4:

docker exec -it `docker ps | grep kedr_database| awk '{print $1}'` psql -U kluser antiapt -c "select id, sensor_type, sensor_name, ip from lms.client;"

Name and IP of KWTS will be the same as in Administrator Web UI, External Systems section.

Then, clean up tasks that may be stuck in 'processing state':

sudo -u kluser psql antiapt -c "update lms.task set state = 'error', has_error = True where client_id = <KWTS ID> and state = 'processing' and update_time < now() - interval '1 hour';"

On KATA4:

docker exec -it `docker ps | grep kedr_database| awk '{print $1}'` psql -U kluser antiapt -c "update lms.task set state = 'error', has_error = True where client_id = <KWTS ID> and state = 'processing' and update_time < now() - interval '1 hour';"

This command is safe to execute, it will do no harm even if there are no stuck tasks.

To view all active tasks from KSMG/KLMS/KWTS/Other external systems without modifying their states, run the command:

docker exec -it `docker ps | grep kedr_database| awk '{print $1}'` psql -U kluser antiapt -c "select count(*) from lms.task where client_id=<KSMG ID>;"

The two commands above can  be used to remove tasks stuck in processing from other types of external systems as well.

KWTS side

On KWTS side, it is important to exclude certain type of objects from being scanned in KATA:

In file /var/opt/kaspersky/kwts/kata-filters.json remove the lines, containing keywords:

ArchiveGzip
 
ArchiveCab
 
ExecutableJs

After applying changes, restart kwts service:

systemctl restarts kwts

After these changes, KWTS and KATA integration is expected to work normally further on.

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing


×
×
  • Create New...