Kaspersky Endpoint Detection and Response Optimum Integration

Kaspersky Endpoint Detection and Response Optimum is a solution for protecting an organization's IT infrastructure from threats such as exploits, ransomware, fileless attacks, and legitimate system tools used by attackers to compromise devices or data.

Kaspersky Endpoint Detection and Response Optimum monitors and analyzes the evolution of threats, and provides information about a potential attack to a security officer or administrator, helping them perform response actions in a timely manner.

Integration of Kaspersky Industrial CyberSecurity for Linux Nodes with the Kaspersky Endpoint Detection and Response Optimum solution is provided by a Kaspersky Industrial CyberSecurity for Linux Nodes component, Endpoint Detection and Response Optimum (hereinafter also referred to as EDR Optimum).

Kaspersky Industrial CyberSecurity for Linux Nodes 1.5 is compatible with Kaspersky Endpoint Detection and Response Optimum version 3.0.

Versions of Kaspersky Industrial CyberSecurity for Linux Nodes earlier than 1.5 do not include the EDR Optimum component.

Kaspersky Endpoint Detection and Response Optimum uses the following Threat Intelligence tools:

When interacting with Kaspersky Endpoint Detection and Response Optimum, Kaspersky Industrial CyberSecurity for Linux Nodes can perform the following functions:

Integration with Kaspersky Endpoint Detection and Response Optimum involves the following steps:

  1. Enabling the required components of Kaspersky Industrial CyberSecurity for Linux Nodes

    Make sure that the following components of Kaspersky Industrial CyberSecurity for Linux Nodes are enabled and running:

  2. Enabling threat analysis tools

    Make sure that Kaspersky Security Network is enabled in standard or extended mode.

    For the most effective operation of Kaspersky Endpoint Detection and Response Optimum, we recommend the extended Kaspersky Security Network mode.

  3. Activating the EDR Optimum component

    Make sure one of the following conditions is satisfied:

    • You are using Kaspersky Industrial CyberSecurity for Linux Nodes under a license that includes the Kaspersky Endpoint Detection and Response Optimum functionality.
    • You have purchased a separate license for using the Kaspersky Endpoint Detection and Response Optimum functionality and also added the EDR Optimum license key to the application.
  4. Installing the Kaspersky Endpoint Detection and Response Optimum administration plug-in

    The Kaspersky Endpoint Detection and Response Optimum management plug-in is a unified plug-in for managing agents on Windows, Mac, and Linux operating systems; the plug-in is necessary to display and view alert details.

  5. Enabling the Kaspersky Endpoint Detection and Response Optimum Integration

    By default, the integration of Kaspersky Endpoint Detection and Response Optimum with Kaspersky Endpoint Detection and Response Optimum is disabled: You can enable, disable, or configure the integration:

    You can check the status of the EDR Optimum component:

  6. Enabling data transfer to the Administration Server

    To use all functionality of Kaspersky Endpoint Detection and Response Optimum, you must enable the following settings:

    • Notification about files in Backup is enabled/disabled.

      You can enable this setting in the policy properties under Application settingsGeneral settingsStorage settings.

      By enabling this setting, you allow information about files that Kaspersky Industrial CyberSecurity for Linux Nodes has moved to Backup on the device to be sent to Kaspersky Security Center.

    • Show EDR alerts.

      You can enable this setting in the main window of Kaspersky Security Center Web Console under SettingsInterface settings.

      By enabling this setting, you allow the list of alerts to be displayed.

      The Show EDR alerts setting not available in a Web Console version earlier than 15.1.

In this section

About response actions for commands

Enabling or disabling Kaspersky Endpoint Detection and Response Optimum integration

Viewing the Kaspersky Endpoint Detection and Response Optimum integration status

Viewing information about a detected threat and response actions

Searching for indicators of compromise

Requirements for IOC files

Enabling or disabling device network isolation

Configuring network isolation exclusions

Start process

Terminate process

Receive file from device

Delete file from device

Page top