Detection and Response solutions by Kaspersky are security systems designed to detect advanced threats and attack signs at various levels of the organization's infrastructure. Detection and Response solutions provide information about the detected threat and let you manage your response to detections.
Kaspersky Endpoint Security interoperates with the following Kaspersky Detection and Response solutions:
If Kaspersky Endpoint Security is integrated with Kaspersky Managed Detection and Response and Kaspersky Anti Targeted Attack Platform, a large number of events can be written to the systemd log. If you want to disable the logging of audit events to the systemd log, disable the systemd-journald-audit socket and restart the operating system.
To disable the systemd-journald-audit socket, run the following commands:
systemctl stop systemd-journald-audit.socket
systemctl disable systemd-journald-audit.socket
systemctl mask systemd-journald-audit.socket
By default, on the SintezM-Client operating system, the auditd service configuration is protected from modification, that is, it is in enabled 2 mode. For correct operation of the Behavior Detection component when Kaspersky Endpoint Security is integrated with Kaspersky Managed Detection and Response and Kaspersky Anti Targeted Attack Platform solutions, change the auditd mode in the configuration files to enabled 1 (no configuration blocking) and restart the operating system.