Configuring integration between Kaspersky Endpoint Agent and Kaspersky Managed Detection and Response

This section provides information related to Kaspersky Endpoint Agent for Windows. This information may be partially or completely inapplicable to Kaspersky Endpoint Agent for Linux. For complete information about Kaspersky Endpoint Agent for Linux, please refer to the Help of the solution that includes the application: Kaspersky Anti Targeted Attack Platform or Kaspersky Managed Detection and Response.

Before performing the following steps, get the MDR configuration file. It contains a configuration file (BLOB) required for integration.

By downloading the Kaspersky Managed Detection and Response configuration file, you agree to automatically send the data from the device with Kaspersky Endpoint Security installed to Kaspersky for processing. Do not download the configuration file if you do not want the transmitted data to be processed.

If you want Kaspersky Endpoint Agent to process data about events generated by Kaspersky Industrial CyberSecurity for Networks and send this data to Kaspersky Managed Detection and Response, configure interaction with Kaspersky Security Center in the settings of Kaspersky Industrial CyberSecurity for Networks. For detailed information on configuring interaction between the applications, refer to the Kaspersky Industrial CyberSecurity for Networks documentation.

To configure integration between Kaspersky Endpoint Agent and Kaspersky Managed Detection and Response using the Kaspersky Security Center Web Console:

1. Open the Kaspersky Security Center Web Console.
2. Open the Devices → Policies and profiles tab.
3. In the list of policies, select the name of Kaspersky Endpoint Agent policy that you want to configure.

   This opens the policy settings window.

4. Enable KSN Usage.

   Open the main window of the Kaspersky Security Center Web Console.

5. In the Administration Console tree, configure the Private KSN settings (for information on configuring Kaspersky Security Network proxy server settings, refer to Kaspersky Security Center Help).

   Download the Kaspersky Managed Detection and Response configuration file with the pkcs7 extension that is included in the mdr_config.zip archive.

6. To continue configuring integration between Kaspersky Endpoint Agent and Kaspersky Managed Detection and Response, open the main window of the Kaspersky Security Center Web Console.
7. Open the Devices → Policies and profiles tab.
8. In the list of policies, select the name of Kaspersky Endpoint Agent policy that you want to configure.

   This opens the policy settings window.

9. On the Application settings tab, select Managed Detection and Response.
10. In the Managed Detection and Response settings group, do the following:
    1. Switch the toggle button to Managed Detection and Response enabled.
    2. Click the Upload configuration file (BLOB) button and select the BLOB configuration file to load.
    3. In the User ID field, enter an arbitrary value.
    4. In the upper right corner of the settings group, change the switch from Undefined to Enforce.
11. Click Save to save the changes.

Integration between Kaspersky Endpoint Agent and Kaspersky Managed Detection and Response is configured.

MDR operation when using Kaspersky Endpoint Agent simultaneously with Kaspersky Endpoint Security

Kaspersky Endpoint Security 11 or later with the current database version supports interaction with MDR. In Kaspersky Endpoint Security 11.6.0 or later, interaction with MDR is available immediately after installation.

If you use Kaspersky Endpoint Agent to work with MDR and install Kaspersky Endpoint Security of the version that supports interaction with MDR or update Kaspersky Endpoint Security 11 or later databases to the current version, MDR stops working with Kaspersky Endpoint Agent and becomes available for work with Kaspersky Endpoint Security. At that:

• Switching between Kaspersky Endpoint Agent and Kaspersky Endpoint Security is performed in quiet mode.
• Kaspersky Endpoint Agent allows for configuring settings for interaction with MDR, but these settings are not applied on the device.
• If Kaspersky Endpoint Security is not available (for example, you uninstalled the application), MDR can start working with Kaspersky Endpoint Agent if you restart the Kaspersky Endpoint Agent service.
• The Managed Detection and Response component remains in the Running status in Kaspersky Endpoint Agent settings on the device, since Kaspersky Endpoint Agent continues to communicate with MDR (for example, to resume working with the solution if necessary).

Page top