{ "info": { "_postman_id": "kata-8-0-api-v4", "name": "KATA 8.0 Public API v4", "description": "Коллекция запросов для Kaspersky Anti Targeted Attack Platform 8.0\n\n🔐 Аутентификация: сертификат коннектора + Bearer token\n📋 Версия API: v4\n🌐 Протокол: HTTPS", "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json" }, "item": [ { "name": "🔐 Authentication", "item": [ { "name": "Get Access Token (certificate)", "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": { "mode": "raw", "raw": "{}" }, "url": { "raw": "{{base_url}}/ndr/api/auth/v{{api_version}}/token?grant_type=certificate", "host": ["{{base_url}}"], "path": ["ndr","api","auth","v{{api_version}}","token"], "query": [{ "key": "grant_type", "value": "certificate" }] }, "description": "Получение access_token с использованием клиентского сертификата коннектора" }, "event": [ { "listen": "test", "script": { "exec": [ "if (pm.response.code === 200) {", " const resp = pm.response.json();", " if (resp.access_token) {", " pm.environment.set('access_token', resp.access_token);", " pm.environment.set('refresh_token', resp.refresh_token || '');", " pm.environment.set('token_expires', new Date().getTime() + (resp.expires_in * 1000));", " console.log('✅ Token received, expires at:', new Date(pm.environment.get('token_expires')));", " }", "}" ], "type": "text/javascript" } } ] }, { "name": "Refresh Access Token", "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": { "mode": "raw", "raw": "{}" }, "url": { "raw": "{{base_url}}/ndr/api/auth/v{{api_version}}/token?grant_type=refresh_token&refresh_token={{refresh_token}}", "host": ["{{base_url}}"], "path": ["ndr","api","auth","v{{api_version}}","token"], "query": [ { "key": "grant_type", "value": "refresh_token" }, { "key": "refresh_token", "value": "{{refresh_token}}" } ] } }, "event": [ { "listen": "test", "script": { "exec": [ "if (pm.response.code === 200) {", " const resp = pm.response.json();", " if (resp.access_token) {", " pm.environment.set('access_token', resp.access_token);", " pm.environment.set('refresh_token', resp.refresh_token || '');", " pm.environment.set('token_expires', new Date().getTime() + (resp.expires_in * 1000));", " }", "}" ], "type": "text/javascript" } } ] } ] }, { "name": "🖥️ Devices", "item": [ { "name": "Query Devices", "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Authorization", "value": "Bearer {{access_token}}" } ], "body": { "mode": "raw", "raw": "{\n \"filter\": [\n {\"field\": \"isActive\", \"condition\": \"=\", \"value\": true}\n ],\n \"sort\": [{\"column\": \"id\", \"direction\": \"Asc\"}],\n \"offset\": 0,\n \"limit\": 100\n}" }, "url": { "raw": "{{base_url}}/ndr/api/v{{api_version}}/devices/query", "host": ["{{base_url}}"], "path": ["ndr","api","v{{api_version}}","devices","query"] } } }, { "name": "Get Device by ID", "request": { "method": "GET", "header": [ { "key": "Authorization", "value": "Bearer {{access_token}}" } ], "url": { "raw": "{{base_url}}/ndr/api/v{{api_version}}/devices/{{device_id}}", "host": ["{{base_url}}"], "path": ["ndr","api","v{{api_version}}","devices","{{device_id}}"] } } }, { "name": "Create Device", "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Authorization", "value": "Bearer {{access_token}}" } ], "body": { "mode": "raw", "raw": "{\n \"name\": \"New-PLC-001\",\n \"description\": \"Industrial controller\",\n \"ipAddress\": \"192.168.1.100\",\n \"macAddress\": \"aa:bb:cc:dd:ee:ff\",\n \"deviceType\": \"PLC\",\n \"vendor\": \"Siemens\",\n \"model\": \"S7-1200\"\n}" }, "url": { "raw": "{{base_url}}/ndr/api/v{{api_version}}/devices", "host": ["{{base_url}}"], "path": ["ndr","api","v{{api_version}}","devices"] } } }, { "name": "Update Device", "request": { "method": "PUT", "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Authorization", "value": "Bearer {{access_token}}" } ], "body": { "mode": "raw", "raw": "{\n \"description\": \"Updated description\",\n \"isActive\": true\n}" }, "url": { "raw": "{{base_url}}/ndr/api/v{{api_version}}/devices/{{device_id}}", "host": ["{{base_url}}"], "path": ["ndr","api","v{{api_version}}","devices","{{device_id}}"] } } }, { "name": "Delete Device", "request": { "method": "DELETE", "header": [ { "key": "Authorization", "value": "Bearer {{access_token}}" } ], "url": { "raw": "{{base_url}}/ndr/api/v{{api_version}}/devices/{{device_id}}", "host": ["{{base_url}}"], "path": ["ndr","api","v{{api_version}}","devices","{{device_id}}"] } } } ] }, { "name": "⚠️ Events", "item": [ { "name": "Query Events", "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Authorization", "value": "Bearer {{access_token}}" } ], "body": { "mode": "raw", "raw": "{\n \"filter\": [\n {\"field\": \"severity\", \"condition\": \">=\", \"value\": 3},\n {\"field\": \"timestamp\", \"condition\": \">=\", \"value\": \"2024-01-01T00:00:00Z\"}\n ],\n \"sort\": [{\"column\": \"timestamp\", \"direction\": \"Desc\"}],\n \"offset\": 0,\n \"limit\": 50\n}" }, "url": { "raw": "{{base_url}}/ndr/api/v{{api_version}}/events/query", "host": ["{{base_url}}"], "path": ["ndr","api","v{{api_version}}","events","query"] } } }, { "name": "Create Event", "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Authorization", "value": "Bearer {{access_token}}" } ], "body": { "mode": "raw", "raw": "{\n \"eventTypeId\": 4000005400,\n \"title\": \"Suspicious network activity\",\n \"description\": \"Detected unusual traffic pattern\",\n \"severity\": 4,\n \"sourceIp\": \"192.168.1.50\",\n \"destinationIp\": \"10.0.0.100\",\n \"timestamp\": \"{{iso_timestamp}}\",\n \"deviceId\": {{device_id}}\n}" }, "url": { "raw": "{{base_url}}/ndr/api/v{{api_version}}/events", "host": ["{{base_url}}"], "path": ["ndr","api","v{{api_version}}","events"] } } }, { "name": "Query Event Traffic", "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Authorization", "value": "Bearer {{access_token}}" } ], "body": { "mode": "raw", "raw": "{\n \"eventIds\": [{{event_id}}],\n \"limit\": 1000\n}" }, "url": { "raw": "{{base_url}}/ndr/api/v{{api_version}}/events/traffic/query", "host": ["{{base_url}}"], "path": ["ndr","api","v{{api_version}}","events","traffic","query"] } } } ] }, { "name": "🛡️ AllowRules", "item": [ { "name": "Query Allow Rules", "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Authorization", "value": "Bearer {{access_token}}" } ], "body": { "mode": "raw", "raw": "{\n \"filter\": [\n {\"field\": \"ruleType\", \"condition\": \"=\", \"value\": \"Nic\"},\n {\"field\": \"isActive\", \"condition\": \"=\", \"value\": true}\n ],\n \"limit\": 100\n}" }, "url": { "raw": "{{base_url}}/ndr/api/v{{api_version}}/allow-rules/query", "host": ["{{base_url}}"], "path": ["ndr","api","v{{api_version}}","allow-rules","query"] } } }, { "name": "Update Allow Rule", "request": { "method": "PUT", "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Authorization", "value": "Bearer {{access_token}}" } ], "body": { "mode": "raw", "raw": "{\n \"isActive\": false\n}" }, "url": { "raw": "{{base_url}}/ndr/api/v{{api_version}}/allow-rules/{{rule_id}}", "host": ["{{base_url}}"], "path": ["ndr","api","v{{api_version}}","allow-rules","{{rule_id}}"] } } }, { "name": "Delete Allow Rule", "request": { "method": "DELETE", "header": [ { "key": "Authorization", "value": "Bearer {{access_token}}" } ], "url": { "raw": "{{base_url}}/ndr/api/v{{api_version}}/allow-rules/{{rule_id}}", "host": ["{{base_url}}"], "path": ["ndr","api","v{{api_version}}","allow-rules","{{rule_id}}"] } } } ] }, { "name": "🎯 Risks", "item": [ { "name": "Query Risks", "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Authorization", "value": "Bearer {{access_token}}" } ], "body": { "mode": "raw", "raw": "{\n \"filter\": [\n {\"field\": \"state\", \"condition\": \"=\", \"value\": \"Active\"},\n {\"field\": \"score\", \"condition\": \">=\", \"value\": 7.0}\n ],\n \"sort\": [{\"column\": \"score\", \"direction\": \"Desc\"}],\n \"limit\": 50\n}" }, "url": { "raw": "{{base_url}}/ndr/api/v{{api_version}}/risks/query", "host": ["{{base_url}}"], "path": ["ndr","api","v{{api_version}}","risks","query"] } } }, { "name": "Create Risk", "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Authorization", "value": "Bearer {{access_token}}" } ], "body": { "mode": "raw", "raw": "{\n \"typeId\": 1,\n \"name\": \"Critical vulnerability detected\",\n \"description\": \"CVE-2024-1234 affects firmware\",\n \"baseScore\": 8.5,\n \"firstDetected\": \"{{iso_timestamp}}\",\n \"lastStateChanged\": \"{{iso_timestamp}}\",\n \"deviceId\": {{device_id}},\n \"sourceIp\": \"192.168.1.100\",\n \"cveId\": \"CVE-2024-1234\"\n}" }, "url": { "raw": "{{base_url}}/ndr/api/v{{api_version}}/risks", "host": ["{{base_url}}"], "path": ["ndr","api","v{{api_version}}","risks"] } } }, { "name": "Update Risk State", "request": { "method": "PUT", "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Authorization", "value": "Bearer {{access_token}}" } ], "body": { "mode": "raw", "raw": "\"Accepted\"" }, "url": { "raw": "{{base_url}}/ndr/api/v{{api_version}}/risks/{{risk_id}}/state", "host": ["{{base_url}}"], "path": ["ndr","api","v{{api_version}}","risks","{{risk_id}}","state"] } } }, { "name": "Add Risk Comment", "request": { "method": "PUT", "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Authorization", "value": "Bearer {{access_token}}" } ], "body": { "mode": "raw", "raw": "\"Mitigation applied: firmware updated to v2.1.5\"" }, "url": { "raw": "{{base_url}}/ndr/api/v{{api_version}}/risks/{{risk_id}}/comments", "host": ["{{base_url}}"], "path": ["ndr","api","v{{api_version}}","risks","{{risk_id}}","comments"] } } } ] }, { "name": "🌐 AddressSpaces", "item": [ { "name": "Query Address Spaces", "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Authorization", "value": "Bearer {{access_token}}" } ], "body": { "mode": "raw", "raw": "{\n \"filter\": [\n {\"field\": \"readOnly\", \"condition\": \"=\", \"value\": false}\n ],\n \"limit\": 50\n}" }, "url": { "raw": "{{base_url}}/ndr/api/v{{api_version}}/address-spaces/query", "host": ["{{base_url}}"], "path": ["ndr","api","v{{api_version}}","address-spaces","query"] } } } ] }, { "name": "📚 Reference Data", "item": [ { "name": "Get Event Types", "request": { "method": "GET", "header": [ { "key": "Authorization", "value": "Bearer {{access_token}}" } ], "url": { "raw": "{{base_url}}/ndr/api/v{{api_version}}/event-types", "host": ["{{base_url}}"], "path": ["ndr","api","v{{api_version}}","event-types"] } } }, { "name": "Get Monitoring Points", "request": { "method": "GET", "header": [ { "key": "Authorization", "value": "Bearer {{access_token}}" } ], "url": { "raw": "{{base_url}}/ndr/api/v{{api_version}}/monitoring-points", "host": ["{{base_url}}"], "path": ["ndr","api","v{{api_version}}","monitoring-points"] } } }, { "name": "Get Protocol Stacks", "request": { "method": "GET", "header": [ { "key": "Authorization", "value": "Bearer {{access_token}}" } ], "url": { "raw": "{{base_url}}/ndr/api/v{{api_version}}/protocol-stacks", "host": ["{{base_url}}"], "path": ["ndr","api","v{{api_version}}","protocol-stacks"] } } }, { "name": "Get About", "request": { "method": "GET", "header": [ { "key": "Authorization", "value": "Bearer {{access_token}}" } ], "url": { "raw": "{{base_url}}/ndr/api/v{{api_version}}/about", "host": ["{{base_url}}"], "path": ["ndr","api","v{{api_version}}","about"] } } }, { "name": "Get License Info", "request": { "method": "GET", "header": [ { "key": "Authorization", "value": "Bearer {{access_token}}" } ], "url": { "raw": "{{base_url}}/ndr/api/v{{api_version}}/license", "host": ["{{base_url}}"], "path": ["ndr","api","v{{api_version}}","license"] } } } ] }, { "name": "⚙️ Advanced", "item": [ { "name": "Send Network Topology", "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Authorization", "value": "Bearer {{access_token}}" } ], "body": { "mode": "raw", "raw": "{\n \"nodes\": [\n {\"id\": \"node1\", \"ip\": \"192.168.1.1\", \"type\": \"switch\"},\n {\"id\": \"node2\", \"ip\": \"192.168.1.100\", \"type\": \"plc\"}\n ],\n \"links\": [\n {\"source\": \"node1\", \"target\": \"node2\", \"protocol\": \"ModbusTCP\"}\n ]\n}" }, "url": { "raw": "{{base_url}}/ndr/api/v{{api_version}}/network-topology-map", "host": ["{{base_url}}"], "path": ["ndr","api","v{{api_version}}","network-topology-map"] } } }, { "name": "Retrospective Analysis (PCAP)", "request": { "method": "POST", "header": [ { "key": "Authorization", "value": "Bearer {{access_token}}" } ], "body": { "mode": "formdata", "formdata": [ { "key": "file", "type": "file", "src": "/path/to/capture.pcap" } ] }, "url": { "raw": "{{base_url}}/ndr/api/v{{api_version}}/retrospective", "host": ["{{base_url}}"], "path": ["ndr","api","v{{api_version}}","retrospective"] } } } ] } ], "event": [ { "listen": "prerequest", "script": { "type": "text/javascript", "exec": [ "// Автоматическая генерация ISO-timestamp если переменная не задана", "if (!pm.variables.get('iso_timestamp')) {", " pm.variables.set('iso_timestamp', new Date().toISOString());", "}", "", "// Проверка срока действия токена перед запросом", "const tokenExpires = pm.environment.get('token_expires');", "if (tokenExpires && new Date().getTime() > tokenExpires - 300000) {", " console.log('⚠️ Token expires soon or expired - consider refreshing');", "}" ] } }, { "listen": "test", "script": { "type": "text/javascript", "exec": [ "// Обработка 401 - подсказка пользователю", "if (pm.response.code === 401) {", " console.warn('❌ 401 Unauthorized: Token expired or invalid');", " console.warn('👉 Run \"Get Access Token\" request to refresh');", "}", "", "// Логирование времени ответа", "console.log(`⏱ Response time: ${pm.response.responseTime}ms`);" ] } } ], "variable": [ { "key": "base_url", "value": "https://kata-server.local", "type": "string" }, { "key": "api_version", "value": "4", "type": "string" }, { "key": "access_token", "value": "", "type": "string" }, { "key": "refresh_token", "value": "", "type": "string" }, { "key": "token_expires", "value": "", "type": "string" }, { "key": "device_id", "value": "", "type": "string" }, { "key": "event_id", "value": "", "type": "string" }, { "key": "risk_id", "value": "", "type": "string" }, { "key": "rule_id", "value": "", "type": "string" }, { "key": "iso_timestamp", "value": "", "type": "string" } ] }