Jump to content

Recommended Posts

Elyar Roozikhah
Posted

I am using KATA EDR 5.0 and I have activated EDR Expert functionality. But the only alerts that I received is the alerts related to TAA Technologie and although there are many malwares are detected in Endpoints, nothing is shown in EDR dashboard or alert menu. What is wrong ? 

Posted

Perhaps there is no mistake here...

all events that occur on the client device are processed by the EPP solution (malware, mail protection, etc.) ...

telemetry that is collected around the event is transmitted to KATA so you can see it as a TAA event ...

to find out more about the event you can view the TAA detection card...

 

KATA Platform - consists of two parts (if you can call it that).

NTA - network traffic analyzer (KATA)

EDR - detection and response (KEDR)

both components can be activated separately...

1. Make sure you have activated the KATA component with the appropriate license.

2. you have configured the transmission of mirrored SPAN traffic from your equipment to the central KATA node

3. You have enabled and configured receiving and processing SPAN traffic on the central KATA node

Analyzing raw traffic, the system will detect anomalies in it and mark the traffic accordingly according to technical... AM, IDS, URL, etc. including detections in SB (SandBox)

https://support.kaspersky.ru/KATA/6.0/en-US/247533.htm

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...