To set up integration with Kaspersky Managed Detection and Response, you must enable the Managed Detection and Response component and configure Kaspersky Endpoint Security.
You must enable the following components for Managed Detection and Response to work:
Enabling these components is non-optional. Otherwise Kaspersky Managed Detection and Response cannot function because it does not receive required telemetry data.
In addition, Kaspersky Managed Detection and Response uses data received from other application components. Enabling those components is optional. Components that provide additional data include:
For Kaspersky Managed Detection and Response to work with Administration Server via Kaspersky Security Center Web Console, you must also establish a new secure connection, a background connection. Kaspersky Managed Detection and Response prompts you to establish a background connection when you deploy the solution. Make sure the background connection is established. For details about the integration of Kaspersky Security Center with other Kaspersky solutions, refer to the Kaspersky Security Center Help.
Integration with Kaspersky Managed Detection and Response consists of the following steps:
Skip this step if you are using Kaspersky Security Center Cloud Console. Kaspersky Security Center Cloud Console automatically configures Local Kaspersky Security Network when installing the MDR plug-in.
Private KSN supports data exchange between computers and Kaspersky Security Network dedicated servers, but not Global KSN.
Upload the Kaspersky Security Network configuration file in the Administration Server properties. The Kaspersky Security Network configuration file is located within the ZIP archive of the MDR configuration file. You can obtain the ZIP archive in the Kaspersky Managed Detection and Response Console. For details on configuring Private Kaspersky Security Network, please refer to the Kaspersky Security Center Help. You can also upload a Kaspersky Security Network configuration file to the computer from the command line (see the instructions below).
How to configure Private Kaspersky Security Network from the command line
As a result, Kaspersky Endpoint Security will use Private KSN to determine the reputation of files, applications, and websites. Kaspersky Security Network section of the policy settings will display the following operating status: KSN provider: Private KSN.
You must enable extended KSN mode for Managed Detection and Response to work.
Load the BLOB configuration file in the Kaspersky Endpoint Security policy (see the instructions below). The BLOB file contains the client ID and information about the license for Kaspersky Managed Detection and Response. The BLOB file is located inside the ZIP archive of the MDR configuration file. You can obtain the ZIP archive in the Kaspersky Managed Detection and Response Console. For detailed information about a BLOB file, please refer to the Kaspersky Managed Detection and Response Help.
How to enable Managed Detection and Response component in the Administration Console (MMC)
How to enable Managed Detection and Response component in the Web Console and Cloud Console
How to enable Managed Detection and Response component from the command line
As a result, Kaspersky Endpoint Security will verify the BLOB file. BLOB file verification includes checking the digital signature and the license term. If the BLOB file is successfully verified, Kaspersky Endpoint Security will upload the file and send the file to the computer during the next synchronization with Kaspersky Security Center. Check the operating status of the component by viewing the Application components status report. You can also view the operating status of a component in reports in the local interface of Kaspersky Endpoint Security. The Managed Detection and Response component will be added to the list of Kaspersky Endpoint Security components.