Detection and Response solutions by Kaspersky are security systems designed to detect advanced threats and attack signs at various levels of the organization's infrastructure. Detection and Response solutions provide information about the detected threat and let you manage your response to detections.
Kaspersky Endpoint Security interoperates with the following Kaspersky Detection and Response solutions:
If you are using Kaspersky Endpoint Security in the Endpoint Detection and Response Agent mode, integration is supported only with Kaspersky Endpoint Detection and Response Expert (on-premise) on the Open Single Management Platform (OSMP) and with Kaspersky Endpoint Detection and Response and Kaspersky Network Detection and Response components on the Kaspersky Anti Targeted Attack Platform.
If Kaspersky Endpoint Security is integrated with Kaspersky Managed Detection and Response and Kaspersky Anti Targeted Attack Platform, a large number of events can be written to the systemd log. If you want to disable the logging of audit events to the systemd log, disable the systemd-journald-audit socket and restart the operating system.
To disable the systemd-journald-audit socket, run the following commands:
systemctl stop systemd-journald-audit.socket
systemctl disable systemd-journald-audit.socket
systemctl mask systemd-journald-audit.socket
In the SintezM-Client operating system, the auditd service configuration is protected from modification by default, that is, it is in enabled 2 mode. For correct operation of the Behavior Detection component when Kaspersky Endpoint Security is integrated with Kaspersky Managed Detection and Response and Kaspersky Anti Targeted Attack Platform solutions, change the auditd mode in the configuration files to enabled 1 (no configuration blocking) and restart the operating system.