Managed Detection and Response

Kaspersky Managed Detection and Response solution enables continuous search, detection and elimination of threats aimed at your organization. When interacting with Kaspersky Managed Detection and Response, Kaspersky Security performs the following functions:

For detailed information on how the solution works, as well as instructions on how to deploy the solution, refer to the Kaspersky Managed Detection and Response help.

Kaspersky Security can interact with Kaspersky Managed Detection and Response only if the following conditions are met:

For optimal use of Kaspersky Managed Detection and Response in Kaspersky Security operation, it is recommended to enable the following Light Agent functional components on the virtual machine:

Enabling these components is not a prerequisite for using Kaspersky Managed Detection and Response. If these components are disabled on the virtual machine, only limited set of telemetry data is sent to Kaspersky Managed Detection and Response from the Light Agent for Windows installed on this virtual machine.

To use Kaspersky Managed Detection and Response for Kaspersky Security operation, enable interaction with Kaspersky Managed Detection and Response and download the MDR configuration file in Light Agent for Windows policy. The configuration file is provided as a ZIP archive and has the P7 or P7B extension.

Information from the configuration file is passed to the protected virtual machines during the next synchronization with Kaspersky Security Center. After applying the policy on the protected virtual machine, which is configured to use Managed Detection and Response, and updating Kaspersky Security application databases, Light Agent for Windows installed on the virtual machine starts sending telemetry to Kaspersky Managed Detection and Response and can execute commands from Kaspersky Managed Detection and Response.

To enable or disable the use of Managed Detection and Response in Kaspersky Security operation:

  1. Open Kaspersky Security Center Administration Console.
  2. In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
  3. In the workspace, select the Policies tab.
  4. Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
  5. In the policy properties window, select the Managed Detection and Response section in the list on the left.

    Settings for interaction with Kaspersky Managed Detection and Response are displayed in the right part of the window.

  6. Do one of the following:
    • Select the Managed Detection and Response check box if you want to enable the use of Managed Detection and Response in Kaspersky Security operation.
    • Clear the Managed Detection and Response check box if you want to disable the use of Managed Detection and Response in Kaspersky Security operation.
  7. If you enabled the use of Managed Detection and Response, click the Upload button and select the MDR configuration file with the P7 or P7B extension.

    If you want to delete a previously downloaded configuration file, click the Delete button.

  8. Click the Apply button.

Information about whether Managed Detection and Response is used in Kaspersky Security operation on a virtual machine can be viewed in Kaspersky Security Center in the list of Light Agent functional components displayed in the properties of Kaspersky Security installed on the virtual machine with Light Agent for Windows, or in the report on the application components status.

Page top