Kaspersky Managed Detection and Response
- Kaspersky Managed Detection and Response Help
- What's new
- About Kaspersky Managed Detection and Response
- Hardware and software requirements
- Architecture of Kaspersky Managed Detection and Response
- Interfaces of Kaspersky Managed Detection and Response
- MDR section in Kaspersky Security Center
- Setting up MDR Plug-in in Kaspersky Security Center
- Configuring MDR Plug-in
- Setting access rights in Kaspersky Security Center
- Viewing and editing the MDR settings in Kaspersky Security Center
- Using MDR Plug-in functions on a virtual Administration Server
- Using MDR functions in Kaspersky Security Center through a proxy server
- Changing the certificates to use MDR functions in Kaspersky Security Center with a proxy server or anti-virus software
- Hiding and showing the MDR features in Kaspersky Security Center
- Setting up MDR Plug-in in Kaspersky Security Center
- MDR Web Console
- Switching the interface language in Kaspersky Security Center
- Switching the language for notifications and reports in Kaspersky Security Center
- Switching the interface language in MDR Web Console
- MDR section in Kaspersky Security Center
- Activating Kaspersky Managed Detection and Response
- Deactivating Kaspersky Managed Detection and Response
- Deployment of Kaspersky Managed Detection and Response
- About the MDR configuration file
- Licensing
- Data provision
- About Kaspersky Security Network
- Monitoring dashboards in MDR Web Console
- Receiving summary information
- Receiving notifications
- Managing users
- Managing assets
- Managing incidents
- About the incidents
- Viewing and searching incidents in MDR Web Console
- Filtering incidents in MDR Web Console
- Creating custom incidents in MDR Web Console
- Viewing detailed information about incidents in MDR Web Console
- Response types
- Processing responses to incidents in MDR Web Console
- Auto-accepting responses in MDR Web Console
- Auto-accepting responses in Kaspersky Security Center
- Closing incidents in MDR Web Console
- Using Kaspersky Endpoint Detection and Response Optimum features
- Multitenancy
- Managing the solution through the REST API
- Scenario: performing token-based authorization
- Creating an API connection in Kaspersky Security Center
- Creating an API connection in MDR Web Console
- Editing an API connection in Kaspersky Security Center
- Editing an API connection in MDR Web Console
- Creating an access token in Kaspersky Security Center
- Creating an access token in MDR Web Console
- Working with the REST API
- Revoking a refresh token in Kaspersky Security Center
- Deleting an API connection in Kaspersky Security Center
- Deleting an API connection in MDR Web Console
- Known issues
- Contact Technical Support
- Sources of information about the solution
- Glossary
- Information about third-party code
- Trademark notices
Managing users
Kaspersky Managed Detection and Response users can have different roles, with a different functionality available for each role. The role model is a set of rules that specify user roles.
The following roles are present in Kaspersky Managed Detection and Response:
- MDR Administrator
The superuser who has access to all Kaspersky Managed Detection and Response functions granted by the license. The MDR Administrator can grant access to client data sources to other users. When you activate Kaspersky Managed Detection and Response, you become the MDR Administrator automatically, which is why we recommend using a corporate email address for the activation process instead of a personal email address. Having the MDR Administrator created with a personal email address can pose security risks, such as theft of the MDR Administrator account.
In Kaspersky Security Center, this role corresponds to the following access rights:
Functional area
Allow
Deny
Incident access
Auto-accept settings
Response management
Tenant management
Incident summary scheduling
REST API access
- Senior Security Officer
An employee who has access to the Kaspersky Managed Detection and Response functions granted by the license, but who does not have access to the REST API. The Senior Security Officer has the right to accept and reject
responses.Incident response is a structured methodology for handling security incidents, breaches, and cyberthreats.
In Kaspersky Security Center, this role corresponds to the following access rights:
Functional area
Allow
Deny
Incident access
Auto-accept settings
Response management
Tenant management
Incident summary scheduling
REST API access
- Security Officer
An employee who has access to the Kaspersky Managed Detection and Response functions granted by the license, but who does not have access to the REST API. The Security Officer cannot accept and reject responses.
In Kaspersky Security Center, this role corresponds to the following access rights:
Functional area
Allow
Deny
Incident access
Auto-accept settings
Response management
Tenant management
Incident summary scheduling
REST API access
|
See also: |
In this section Inviting new users in MDR Web Console Changing user roles in MDR Web Console |