Configuring the Kaspersky Managed Detection and Response integration on the command line

In the command line, you can do the following:

• Enable or disable the Managed Detection and Response component.
• Upload or delete the BLOB file required for the integration.
• Edit the start time of the Mdr_Autostart_Scan service task created automatically after Kaspersky Industrial CyberSecurity for Linux Nodes successfully integrates with Managed Detection and Response.

We recommend configuring integration between Kaspersky Industrial CyberSecurity for Linux Nodes and Kaspersky Managed Detection and Response in the Administration Console or the Web Console.

You can enable or disable the Managed Detection and Response component using the UseMDR parameter in the general application settings. You can edit the option via command line switches or a configuration file that contains all general application settings.

UseMDR accepts the following values:

• Yes to enable the Managed Detection and Response component.
• No to disable the Managed Detection and Response component.

You can upload or delete the BLOB file using the license key management commands. You can find the BLOB file in the ZIP archive of the MDR configuration file.

To upload the BLOB file, execute the following command:

kics-control --load-mdr-blob <path to the MDR BLOB file>

To remove the BLOB file, execute the following command:

kics-control --remove-mdr-blob

Enabling the integration creates a Mdr_Autostart_Scan service task that runs once per day. You can set the start time if needed. No other task settings or schedule options can be edited.

Page top