Configuring integration between Kaspersky Endpoint Agent and Kaspersky Managed Detection and Response

Before performing the following steps, get the MDR configuration file. It contains a configuration file (BLOB) required for integration.

If you want Kaspersky Endpoint Agent to process data about events generated by Kaspersky Industrial CyberSecurity for Networks and send this data to Kaspersky Managed Detection and Response, configure interaction with Kaspersky Security Center in the settings of Kaspersky Industrial CyberSecurity for Networks. For detailed information on configuring interaction between the applications, refer to Kaspersky Industrial CyberSecurity for Networks Help.

To configuring integration between Kaspersky Endpoint Agent and Kaspersky Managed Detection and Response using Kaspersky Security Center Web Console:

  1. Open Kaspersky Security Center Web Console.
  2. Open the DevicesPolicies and profiles tab.
  3. In the list of policies, select the name of Kaspersky Endpoint Agent policy that you want to configure.

    This opens the policy settings window.

  4. On the Application settings tab, select Managed Detection and Response.
  5. In the Managed Detection and Response settings group, do the following:
    1. Switch the toggle button to Managed Detection and Response enabled.
    2. Click the Upload configuration file (BLOB) button and select the BLOB configuration file to load.

      By downloading the Managed Detection and Response configuration file, you agree to automatically send the specified data from the device with Kaspersky Endpoint Agent installed to Kaspersky for processing. Do not download the configuration file, if you do not want the specified information to be processed.

    3. In the User ID field, enter an arbitrary value.
    4. In the upper right corner of the settings group, change the switch from Undefined to Enforce.
  6. Click Save to save the changes.

Integration between Kaspersky Endpoint Agent and Kaspersky Managed Detection and Response is configured.

MDR operation when using Kaspersky Endpoint Agent simultaneously with Kaspersky Endpoint Security

Kaspersky Endpoint Security 11 or later with the current database version supports interaction with MDR. In Kaspersky Endpoint Security 11.6.0 or later, interaction with MDR is available immediately after installation.

If you use Kaspersky Endpoint Agent to work with MDR and install Kaspersky Endpoint Security of the version that supports interaction with MDR or update Kaspersky Endpoint Security 11 or later databases to the current version, MDR stops working with Kaspersky Endpoint Agent and becomes available for work with Kaspersky Endpoint Security. At that:

Page top