Kaspersky Anti Targeted Attack Platform provides an API that lets external systems access information about all alerts of the application and not just to scan results for objects stored in these external systems.
In order to receive information only for alerts that satisfy certain conditions, you can specify filters in the request parameters.
The application does not automatically send information about new alerts based on prior requests. A new request must be sent to receive up-to-date information.
Special considerations for operation in the distributed solution
If the application runs in distributed solution mode, you must separately configure the integration with the external system for each PCN and SCN server from which you want to receive information about alerts. This limitation is due to the fact that the web interface of the PCN server displays information about all alerts, but the alerts database stores only those alerts that have been registered on that specific server.