Enabling and configuring advanced telemetry collection

By default, Kaspersky Endpoint Agent collects network traffic coming to the computer's network interfaces and intended for the computer on which the application is installed. In SPAN port mode, the mode of promiscuous reception of network traffic from all available subnets is enabled for the network interfaces of the computer with the installed application. The application generates extended telemetry based on the collected network traffic.

To enable and configure advanced telemetry collection:

Do one of the following:
- Open the application properties window for an individual device.
  1. In the main Kaspersky Security Center Web Console window select Devices → Managed devices.
  2. Select the device.
  3. In the <Device name> window that opens, select the Applications tab.
  4. Select Kaspersky Endpoint Agent.
  5. In the window that opens, select the Application settings tab.
- Open the policy properties window.
  1. In the main Kaspersky Security Center Web Console window select Devices → Policies and profiles.
  2. Select the policy you want to configure.
  3. In the <Policy name> window that opens, select the Application settings tab.
In the EDR-telemetry section select Advanced telemetry collection.
The Advanced telemetry collection window opens.
Select the Enable SPAN port mode for the program and host network interfaces check box if you want the promiscuous mode of receiving network traffic from all available subnets for all network interfaces of the computer with the application installed.
Select the Use in SPAN port mode only host network interfaces configured for the specified subnets check box if you want the promiscuous mode of receiving network traffic from all available subnets for network interfaces of the computer with the application installed, configured for the subnets from the list below.
If necessary, create a list of subnets:
1. Click the Add button.
2. In the Subnet settings window that opens, enter the name, address, and subnet mask in the fields of the same name.
3. Use the Enabled / Disabled toggle switch to enable or disable collection of telemetry from network interfaces configured for the specified subnet, from all subnets to which these network interfaces are configured.
4. Click OK.
  The subnet will appear in the list.
5. Follow steps a-d for each subnet you add.
6. If you need to change a subnet from the list, select the subnet and click the Edit button.
7. If you need to delete an exclusion from the list, select the exclusion and click the Delete button.
If you are configuring the policy settings, make sure that the switch in the upper right corner of the group of settings is turned on.
Click OK to save the changes.

Page top