Kaspersky Endpoint Security 12.9 for Windows introduces support for EDR Threat Response actions (EDR responses) using an API. That is, you can, for example, create Python scripts to perform EDR Threat Response actions. You can use these scripts in SIEM solutions. Kaspersky Unified Monitoring and Analysis Platform, the Kaspersky SIEM solution, supports the EDR Threat Response API starting with version 3.4.1. For example scripts, please refer to KUMA documentation.
When responding to EDR threats, the application lets you perform the following actions:
To perform EDR Threat Response actions, you need to create a request and send it using KSC Open API (AddIncident). After the request is processed, a special task is created in the Kaspersky Security Center console.
To create tasks when responding to EDR threats, you must establish a background connection between the Administration Server and Kaspersky Security Center Web Console. The background connection service is available in Kaspersky Security Center Windows 14.2 or later and in Kaspersky Security Center Linux 15.2. Other consoles, including consoles of Kaspersky Detection and Response solutions, are not supported.