Detection and Response solutions by Kaspersky are security systems designed to detect advanced threats and attack signs at various levels of the organization's infrastructure. Detection and Response solutions provide information about the detected threat and let you manage your response to detections.
Kaspersky Industrial CyberSecurity for Linux Nodes can interoperate with the following Kaspersky Detection and Response solutions:
If Kaspersky Industrial CyberSecurity for Linux Nodes is integrated with Kaspersky Managed Detection and Response, a large number of events can be written to the systemd log. If you want to disable the logging of audit events to the systemd log, disable the systemd-journald-audit socket and restart the operating system.
To disable the systemd-journald-audit socket, run the following commands:
systemctl stop systemd-journald-audit.socket
systemctl disable systemd-journald-audit.socket
systemctl mask systemd-journald-audit.socket
By default, on the SintezM-Client operating system, the auditd service configuration is protected from modification, that is, it is in enabled 2 mode. For correct operation of the Behavior Detection component when Kaspersky Industrial CyberSecurity for Linux Nodes is integrated with Kaspersky Managed Detection and Response, change the auditd mode in the configuration files to enabled 1 (no configuration blocking) and restart the operating system.