You can manage the following advanced settings for the collection of telemetry sent to Detection and Response solutions when integrated with such:
Configuring in the Web Console
In the Web Console, you can manage advanced telemetry settings in the policy properties (Application settings → General Settings → OS interaction settings).
Configuring in the Administration Console
In the Administration Console, you can manage advanced telemetry settings in the policy properties (General settings → OS interaction settings, Advanced telemetry settings section).
Telemetry additional settings
|
Setting |
Description |
|---|---|
|
Telemetry source |
The source that Kaspersky Endpoint Security uses to collect telemetry:
|
|
Using auditd |
The mode of the auditd service:
This setting is applied only if Telemetry source is set to Use eBPF and auditd. |
Configuring in the command line
On the command line, you can manage advanced telemetry settings using the TelemetrySource and UseTelemetryMonopolyMode settings of the Behavior Detection (Behavior_Detection) predefined task.
You can change the settings using the kesl-control --set-settings 20 command, by editing the configuration file that contains all the settings of the task, or using the command line options in the <setting name> = <value> format.
The TelemetrySource setting lets you specify the telemetry source. This setting can take the following values:
Default (default) means the eBPF technology and auditd service are used to collect telemetry.OnlyEBPF means that only the eBPF technology is used to collect telemetry. The UseTelemetryMonopolyMode setting lets you specify the usage mode of the auditd service if it is used for telemetry collection. This setting can take the following values:
True (default) means Kaspersky Endpoint Security uses the auditd service in exclusive mode.False means the auditd service is used in multicast mode. The UseTelemetryMonopolyMode setting is applied only if TelemetrySource is set to Default.