Kaspersky Anti Targeted Attack Platform provides an API for external systems that provides access to information about events registered by the application.
To receive information only for events that satisfy certain conditions, you can specify filters in the request parameters.
The application does not automatically send information about new events based on prior requests. A new request must be sent to receive up-to-date information.
Information about new events can be retrieved for no more than two hours after these events appear in the Kaspersky Anti Targeted Attack Platform database.
Special considerations for operation in the distributed solution
If the application runs in distributed solution mode, you must separately configure the integration with the external system for each PCN and SCN server from which you want to receive events. This limitation is due to the fact that the web interface of the PCN server displays information about all events, but the events database stores only those events that have been registered on that specific server.
Page top