As part of EDR Threat Response, the application creates special tasks in the Kaspersky Security Center console. Creating these tasks requires establishing a connection between the computer and Kaspersky Security Center. To achieve this, Kaspersky Security Center connection parameters must be specified in the request.
Kaspersky Security Center connection parameters
Parameter |
Type |
Description |
|---|---|---|
|
|
Kaspersky Security Center Administration Server Address. Required parameter. |
|
|
Administration Server connection port. Required parameter. |
|
|
Path to a certificate file for connecting to the Kaspersky Security Center Administration Server. By default, the parameter is set to |
|
|
User account name. Required parameter. |
|
|
User account password. Required parameter. |
Example
# KSC connection info
# reads Environment variables by default, change with corresponding values
# KSC host, string, required
kscHost = "kscHost"
# KSC port, required, default is "13299"
kscPort = "13299"
# KSC certificate file path, default is False
kscCert = False
# KSC user, string, required
kscUser = "kscUser"
# KSC password, string, required
kscPassword = "kscPassword"
server_url = 'https://' + kscHost + ':' + str(kscPort)
server = KlAkAdmServer.Create(
server_url, kscUser, kscPassword, verify=kscCert)
params = validate(args)
data = {"targetHost": <MyHost>,
"task": task,
"params": params,
"responseEventIncident": True,
"responseEventIncidentArea":"Kuma"}
oHostGroup = KlAkHostGroup(server)
incdnt = oHostGroup.AddIncident({"KLINCDT_SEVERITY": 2,
"KLINCDT_ADDED": paramDateTime(datetime.datetime.now()),
"KLINCDT_BODY": json.dumps(data),
"KLHST_WKS_HOSTNAME": args.targetHost}).RetVal()
oHostGroup.UpdateIncident(incdnt, {"KLINCDT_IS_HANDLED": False,
"KLHST_WKS_HOSTNAME": args.targetHost})
User account data is not protected, therefore you need to dedicate a separate user that will be used to perform only these actions.
Page top