KATA: KEA tasks FAQ [KATA/KEDRE]

[Antipova Anna]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.

What is the default synchronization period between KEA and CN?
Sync period (which is every X minutes) for KEA is configurable in KEA policy. Default synchronization period is 300 sec (5 min). The same period applies to LENA.

What is the isolation workflow?

1. In KATA CN creates task for host isolation.
2. KEA receives an 'isolate' command from the Central Node during synchronization .
3. An agent turns on host isolation with exclusions configured in KEA policy.
4. At the next sync time (after X minutes) the agent sends the results of isolation to the Central Node .
5. When isolation is turned on isolated host connected to the Central Node, you can view the telemetry from this host and execute other tasks.

Is it OK that isolation takes up to 10 minutes?
Yes, see previous two sentences for explanation. It takes up to 5 minutes to sync a task with the host when default settings are applied. To sync the status back to CN we need another 5 minutes.

What will happen if the IOC scan didn't finish within Maximum scan duration. Will it resume next time or it will terminate?
IOC scan task starts as scheduled and then terminates upon reaching the Maximum scan duration even if it hasn'tt finished yet. The next scheduled time the scan task starts from the beginning.

How to determine whether the specified time is enough to complete the scan?
Experimentally.

The default scan is a full scan, are there any options to set a custom scan?
IOC scan task is not configurable in KATA, thus there is no way to set a custom scan.