Kaspersky Endpoint Security for Linux

Data provided when integrating with Kaspersky Unified Monitoring and Analysis Platform

When integrating Kaspersky Endpoint Security with Kaspersky Unified Monitoring and Analysis Platform, Kaspersky Endpoint Security stores the following information, which may contain personal and confidential data:

  • KUMA server addresses
  • Public key of the server certificate for integration with Kaspersky Unified Monitoring and Analysis Platform (except when the UDP protocol is used to connect to the KUMA server)
  • Client certificate for integration with Kaspersky Unified Monitoring and Analysis Platform
  • Credentials for authenticating on the proxy server
  • Settings for the frequency of synchronization with the KUMA server, and settings for transferring data to the KUMA server
  • KUMA server connection status and information about errors related to the client certificate and server certificate

When integrating Kaspersky Endpoint Security with Kaspersky Unified Monitoring and Analysis Platform, the Kaspersky Endpoint Security application saves and transmits the following data to the KUMA server in telemetry packets:

  • Information about file modifications:
    • Unique ID of the file before the modification
    • Unique ID of the modified file
    • Unique ID of the process that made the changes
    • Type and flag of the file operation
    • Date and time the file was modified
  • Information about running and terminating processes:
    • Process file ID
    • Process UID and PID
    • Command line options that the process was started with
    • Session ID
    • Date and time when the process was started
    • Information (name and ID) about the user and group that started the process
  • Information about events in the event log:
    • Date and time of event
    • UID of the process associated with the event
    • Type and description of the event
    • Result of performing the operation