Configuring authentication on the Administration Server for Autonomous IOC Scan tasks
November 17, 2023
ID 193080
If you want Kaspersky Endpoint Agent to create Autonomous IOC Scan tasks when responding to threats, configure authentication on the Administration Server.
The application uses a special Administration Server user account, which has limited permissions and is only intended for creating Autonomous IOC Scan tasks.
The special account can only be created in the Threat Response window in Kaspersky Endpoint Agent policy properties or in the application properties of an individual device. The special account must be created on the Administration Server only once and its password must be used to configure Threat Response settings in the properties of other devices or other policies of the same Administration Server.
It is not possible to change the password of the special account created for Autonomous IOC Scan tasks. If you forget the password of this account, delete it using standard Kaspersky Security Center tools and create it again in the Threat Response window.
To configure authentication on the Administration Server for Autonomous IOC Scan tasks:
- Expand the Managed devices node in the Kaspersky Security Center Administration Console tree.
- Select the administration group for which you want to configure application settings.
- Perform one of the following actions in the details pane of the selected administration group:
- To configure application settings for a group of protected devices, select the Policies tab and open the Properties: <Policy name> window.
- To configure the settings of a task or application for an individual protected device, select the Devices tab and go to the settings of a local task or the application settings.
- In the Kaspersky Sandbox integration section select the Threat Response subsection.
- To check for the availability of a special account for Autonomous IOC Scan tasks, or to create such an account:
- In the Authentication on Administration Server group of settings, click the Check if the user exists button.
The settings in the Authentication on Administration Server group are editable only if the Run IOC Scan on a managed group of devices option is selected in the Selected actions list.
- In the window that opens, in the Connection to the Administration Server group of settings, enter the data for connecting to the Administration Server, as well as the login and password of the Administration Server account with the permissions to create new users.
- Click the Connect and check if the special user exists button.
- In the pop-up window, review the information on special account availability and close it.
- If the account does not exist and you want to create it, in the Password field of the Creation of the Administration Server special user for Autonomous IOC Scan tasks group of settings, specify a password with a length of 8–16 characters and click the Create the Administration Server special user button.
The Creation of the Administration Server special user for Autonomous IOC Scan tasks group of settings becomes editable only after the existence of a special account has been checked.
- Click Exit to close the Administration Server special user for managing Autonomous IOC Scan tasks window.
- In the Authentication on Administration Server group of settings, click the Check if the user exists button.
- In the Administration Server login field of the Authentication on Administration Server group of settings, enter the password for the special account created for the Autonomous IOC Scan tasks.
- In the upper right corner of the settings group, change the switch from Policy not enforced to Under policy.
- Click OK.
Authentication on the Administration Server for Autonomous IOC Scan tasks has been configured.
