Viewing the table of hosts with the Endpoint Agent component

The table of hosts with the Endpoint Agent component is located in the Endpoint Agents section of the application web interface window.

If you are using the distributed solution and multitenancy mode, the table contains information about hosts with the Endpoint Agent component connected to the PCN and all SCN servers.

Operation mode in which Kaspersky Anti Targeted Attack Platform is used to protect the infrastructure of multiple organizations or branch offices of the same organization simultaneously.

Two-level hierarchy of servers with Central Node components installed. This hierarchy allocates a primary control server (Primary Central Node (PCN)) and secondary servers (Secondary Central Nodes (SCN)).

The table can display the following data:

• Number of hosts and activity indicators of the Endpoint Agent component:
  • Critical inactivity is the number of hosts from which latest data was received a very long time ago.
  • Warning is the number hosts from which latest data was received a long time ago.
  • Normal activity is the number of hosts from which latest data was recently received.
• Host—Name of the host with the Endpoint Agent component.
• Server is the name of the server to which the host with the Endpoint Agent component is connected.

  This column is displayed if you are using the distributed solution and multitenancy mode.

• IP is the IP address of the host where the Endpoint Agent component is installed.
• OS is the version of the operating system that is installed on the computer with the Endpoint Agent application.
• Version—Version of the Endpoint Agent component installed.
• Activity is the activity indicator of the Endpoint Agent application.
  • Normal activity for hosts from which latest data was recently received.
  • Warning for hosts from which latest data was received a long time ago.
  • Critical inactivity for hosts from which latest data was received an extremely long time ago.

Clicking the link with the host name opens a list in which you can select one of the following actions:

• Filter by this value.
• Exclude from filter.
• Run the following tasks:
  • Kill process.
  • Delete file.
  • Kill by unique PID.
  • Get file.
  • Get forensics.
  • Quarantine file.
  • Run application.
• New prevention rule.
• Isolate from network.
• Find events.
• Find alerts.
• Copy value to clipboard.

The list of available actions depends on the Endpoint Agent component type (for Windows or Linux), version, and activity indicator.

Clicking the link with the IP opens a list in which you can select one of the following actions:

• Filter by this value.
• Exclude from filter.
• Find alerts.
• Copy value to clipboard.

Clicking a link in any other column of the table opens a list in which you can select one of the following actions:

• Filter by this value.
• Exclude from filter.
• Copy value to clipboard.