Integration with Kaspersky Managed Detection and Response

Kaspersky Managed Detection and Response is a solution for automatically detecting and analyzing security incidents in your infrastructure using telemetry and advanced machine learning technologies. Information about the incident is sent to Kaspersky experts, who can then either process the incident themselves or provide recommendations on how to resolve it.

Integration of Kaspersky Industrial CyberSecurity for Linux Nodes with the Kaspersky Managed Detection and Response solution is facilitated by the Managed Detection and Response (MDR) component of the application.

To use the Kaspersky Managed Detection and Response functionality, you need to activate the MDR component by uploading an MDR BLOB file with Kaspersky Managed Detection and Response license information to the device. You can find the BLOB file in the ZIP archive of the MDR configuration file. You can upload the BLOB file in the Web Console, the Administration Console, or on the command line.

To configure integration with Kaspersky Managed Detection and Response, you need to upload the KPSN configuration file to the Kaspersky Security Center Administration Server. This file contains the necessary telemetry settings. The KPSN configuration file with the pkcs7 extension is located in the ZIP archive of the MDR configuration file. For details, refer to Kaspersky Managed Detection and Response Help.

You can upload the KPSN configuration file in the Web Console or the Administration Console.

Integration with Kaspersky Managed Detection and Response involves the following steps:

1. Enabling the required components of Kaspersky Industrial CyberSecurity for Linux Nodes

   Make sure that the following Kaspersky Industrial CyberSecurity for Linux Nodes components are enabled and running:

   • File Threat Protection.
   • Behavior Detection.

   If these components are disabled, the device will have a red status in Kaspersky Managed Detection and Response.

   We also recommend enabling Web Threat Protection and Network Threat Protection. If these components are disabled, the device will have a yellow status in Kaspersky Managed Detection and Response.

   See the Kaspersky Managed Detection and Response Help for more information about device statuses.

2. Enabling the use of Kaspersky Security Network in extended mode.

   The Kaspersky Managed Detection and Response functionality is not available if Kaspersky Security Network is disabled or being used in standard mode. You can configure the use of Kaspersky Security Network in the Web Console, the Administration Console, or on the command line.

3. Activating the MDR component

   Upload the BLOB file to the device using the Web Console, Administration Console, or the command line.

4. Uploading the KPSN configuration file

   Upload the KPSN configuration file to the Kaspersky Security Center Administration Server. You can upload the KPSN configuration file using the Web Console or the Administration Console.

5. Enabling the MDR component

   The MDR component is disabled by default. You can enable or disable the component:

   • Using the Web Console.
   • Using the Administration Console.
   • Using the command line.

   You can check the status of the MDR component:

   • In the device properties in the Web Console or the Administration Console.
   • Using the command line.

In this section Uploading the KPSN configuration file for integration with Kaspersky Managed Detection and Response Configuring the Kaspersky Managed Detection and Response integration in the Web Console Configuring the Kaspersky Managed Detection and Response integration in the Administration Console Configuring the Kaspersky Managed Detection and Response integration on the command line

Page top