Kaspersky Managed Detection and Response solution enables continuous search, detection and elimination of threats aimed at your organization. When interacting with Kaspersky Managed Detection and Response, Kaspersky Security performs the following functions:
For detailed information on how the solution works, as well as instructions on how to deploy the solution, refer to the Kaspersky Managed Detection and Response help.
Kaspersky Security can interact with Kaspersky Managed Detection and Response only if the following conditions are met:
Usage of Private KSN when interacting with Kaspersky Managed Detection and Response ensures that telemetry is sent to the dedicated servers that meet the requirements of the General Data Protection Regulation (GDPR). If Private KSN is not used, telemetry can be sent to Global KSN, which may be violation of the laws of your country.
For optimal use of Kaspersky Managed Detection and Response in Kaspersky Security operation, it is recommended to enable the following Light Agent functional components on the virtual machine:
Enabling these components is not a prerequisite for using Kaspersky Managed Detection and Response. If these components are disabled on the virtual machine, only limited set of telemetry data is sent to Kaspersky Managed Detection and Response from the Light Agent for Windows installed on this virtual machine.
To use Kaspersky Managed Detection and Response for Kaspersky Security operation, enable interaction with Kaspersky Managed Detection and Response and download the MDR configuration file in Light Agent for Windows policy. The configuration file is provided as a ZIP archive and has the P7 or P7B extension.
Information from the configuration file is passed to the protected virtual machines during the next synchronization with Kaspersky Security Center. After applying the policy on the protected virtual machine, which is configured to use Managed Detection and Response, and updating Kaspersky Security application databases, Light Agent for Windows installed on the virtual machine starts sending telemetry to Kaspersky Managed Detection and Response and can execute commands from Kaspersky Managed Detection and Response.
To enable or disable the use of Managed Detection and Response in Kaspersky Security operation:
Settings for interaction with Kaspersky Managed Detection and Response are displayed in the right part of the window.
If you want to delete a previously downloaded configuration file, click the Delete button.
Information about whether Managed Detection and Response is used in Kaspersky Security operation on a virtual machine can be viewed in Kaspersky Security Center in the list of Light Agent functional components displayed in the properties of Kaspersky Security installed on the virtual machine with Light Agent for Windows, or in the report on the application components status.
Page top