Request to enable network isolation

Support

Support for business applications

Kaspersky Anti Targeted Attack (KATA) Platform

Interaction with external systems via API

API for managing Threat Response actions

Host network isolation management

Request to enable network isolation

8 November 2023

ID 227448

To enable network isolation for a selected host, you must add a network isolation rule. To create the request, the HTTP POST method is used.

Command settings are passed in the body of the request in JSON format.

Command syntax

curl -k --<path to TLS certificate file> --key <path to private key file> -X POST "<URL of Central Node server>:<port, 443 by default>/kata/response_api/v1/<external_system_id>/settings?sensor_id=<sensor_id>&settings_type=network_izolation" -H 'Content-Type: application/json' -d '

{

"settings": {

"autoTurnoffTimeoutInSec": <network isolation time period>}

}

'

If the request is processed successfully, the network isolation rule is added. Network isolation for the selected host becomes active at the moment when the rule is added.

After a period of time specified when the request is created, network isolation becomes inactive. The network isolation rule itself is not deleted. If necessary, you can delete the selected rule.

To disable network isolation, you must create a request to disable the selected rule.

Settings

Parameter	Type	Description
`external_system_id`	UUID	Unique ID of the external system used for authorization in Kaspersky Anti Targeted Attack Platform.
`sensor_id`	UUID	Unique ID of the host with the Endpoint Agent component
`autoTurnoffTimeoutInSec`	integer	Period of time during which the network isolation will be active. Allowed range - 1 to 9,999 hours. Network isolation time period is specified in seconds. For example, if you want to enable network isolation of a host for two hours, you must specify 7,200 seconds.

Parameter

Type

Description

external_system_id

UUID

Unique ID of the external system used for authorization in Kaspersky Anti Targeted Attack Platform.

sensor_id

UUID

Unique ID of the host with the Endpoint Agent component

autoTurnoffTimeoutInSec

integer

Period of time during which the network isolation will be active.

Allowed range - 1 to 9,999 hours. Network isolation time period is specified in seconds. For example, if you want to enable network isolation of a host for two hours, you must specify 7,200 seconds.

Example of entering a command with switches

curl -k --example.cert --example.key -X POST "https://10.10.0.22:443/kata/response_api/v1/15301050-0490-4A41-81EA-B0391CF21EF3/settings?sensor_id=DF64838B-B518-414B-B769-2B8BE341A2F0&settings_type=network_izolation" -H 'Content-Type: application/json' -d '

{

"settings": {

"autoTurnoffTimeoutInSec": 7200}

}

'

Returned value

Return code	Description
`200`	Operation completed successfully.
`400`	Incorrect parameters.
`401`	Authorization required.
`404`	Specified hosts with the Endpoint Agent component not found.
`500, 502, 503, 504`	Internal server error. Repeat the request later.

If you want to edit the settings of the created network isolation rule, you must create a new request to add the rule with the new settings.

Kaspersky Professional Services

Implementation services. Health check and security system configuration. Contact us if you need expert help.

Kaspersky Premium Support (MSA): High‑priority incident processing

Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.