API for managing Threat Response actions

Kaspersky Anti Targeted Attack Platform provides an API for performing Threat Response actions. Commands to carry out operations are received at the Central Node server and then relayed to the Endpoint Agent component.

You can use external systems to perform the following operations on hosts with the Endpoint Agent component:

• Manage network isolation of hosts
• Manage prevention rules
• Run applications

All of the above operations are available on hosts that use Kaspersky Endpoint Agent for Windows or Kaspersky Endpoint Security for Windows in the role of the Endpoint Agent component. On hosts with Kaspersky Endpoint Agent for Linux and Kaspersky Endpoint Security for Linux, the only available operation is running applications.

In this Help section Request for getting the list of hosts with the Endpoint Agent component Request for information about network isolation and the existence of prevention rules for hosts with the Kaspersky Endpoint Agent component Host network isolation management Managing prevention rules Managing the application run task

Page top