Kaspersky Managed Detection and Response
- Kaspersky Managed Detection and Response Help
- What's new
- About Kaspersky Managed Detection and Response
- Hardware and software requirements
- Architecture of Kaspersky Managed Detection and Response
- Interfaces of Kaspersky Managed Detection and Response
- MDR section in Kaspersky Security Center
- Setting up MDR Plug-in in Kaspersky Security Center
- Configuring MDR Plug-in
- Setting access rights in Kaspersky Security Center
- Viewing and editing the MDR settings in Kaspersky Security Center
- Using MDR Plug-in functions on a virtual Administration Server
- Using MDR functions in Kaspersky Security Center through a proxy server
- Changing the certificates to use MDR functions in Kaspersky Security Center with a proxy server or anti-virus software
- Hiding and showing the MDR features in Kaspersky Security Center
- Setting up MDR Plug-in in Kaspersky Security Center
- MDR Web Console
- Switching the interface language in Kaspersky Security Center
- Switching the language for notifications and reports in Kaspersky Security Center
- Switching the interface language in MDR Web Console
- MDR section in Kaspersky Security Center
- Activating Kaspersky Managed Detection and Response
- Deactivating Kaspersky Managed Detection and Response
- Deployment of Kaspersky Managed Detection and Response
- About the MDR configuration file
- Licensing
- Data provision
- About Kaspersky Security Network
- Monitoring dashboards in MDR Web Console
- Receiving summary information
- Receiving notifications
- Managing users
- Managing assets
- Managing incidents
- About the incidents
- Viewing and searching incidents in MDR Web Console
- Filtering incidents in MDR Web Console
- Creating custom incidents in MDR Web Console
- Viewing detailed information about incidents in MDR Web Console
- Response types
- Processing responses to incidents in MDR Web Console
- Auto-accepting responses in MDR Web Console
- Auto-accepting responses in Kaspersky Security Center
- Closing incidents in MDR Web Console
- Using Kaspersky Endpoint Detection and Response Optimum features
- Multitenancy
- Managing the solution through the REST API
- Scenario: performing token-based authorization
- Creating an API connection in Kaspersky Security Center
- Creating an API connection in MDR Web Console
- Editing an API connection in Kaspersky Security Center
- Editing an API connection in MDR Web Console
- Creating an access token in Kaspersky Security Center
- Creating an access token in MDR Web Console
- Working with the REST API
- Revoking a refresh token in Kaspersky Security Center
- Deleting an API connection in Kaspersky Security Center
- Deleting an API connection in MDR Web Console
- Known issues
- Contact Technical Support
- Sources of information about the solution
- Glossary
- Information about third-party code
- Trademark notices
Creating an API connection in Kaspersky Security Center
When you create a new API connection, a refresh token is generated. A refresh token is a unique sequence of letters, digits, and symbols. Once created, a refresh token allows you to create an access token.
To create an API connection:
- In the MDR section of Kaspersky Security Center, click the API tab.
The API connections list appears.
- In the upper part of the window, click the plus sign icon (
).The Add a new API connection block appears.
- Specify the following settings:
- Connection name
A connection name can contain Latin letters, digits, and special characters. A connection name is specified as
author_namein REST API responses and displayed as the comment author on the Communication tab of an incident. - Access rights
Select which access rights to grant for performing actions via the HTTP API:
- Full access + API and tenants
Access rights of the MDR Administrator role. An MDR Administrator is a superuser who has access to all Kaspersky Managed Detection and Response functions granted by the license. The MDR Administrator can grant access to client data sources to other users. When you activate Kaspersky Managed Detection and Response, you become the MDR Administrator automatically, which is why we recommend using a corporate email address for the activation process instead of a personal email address. Having the MDR Administrator created with a personal email address can pose security risks, such as stealing the MDR Administrator account.
In Kaspersky Security Center, this role corresponds to the following access rights:
Functional area
Allow
Deny
Incident access
Auto-accept settings
Response management
Tenant management
Incident summary scheduling
REST API access
- Incident access, response management, and auto-accept settings
Access rights of the Senior Security Officer role. A Senior Security Officer is an employee who has access to the Kaspersky Managed Detection and Response functions granted by the license, but does not have access to the REST API. The Senior Security Officer has the right to accept and reject
responses.Incident response is a structured methodology for handling security incidents, breaches, and cyberthreats.
In Kaspersky Security Center, this role corresponds to the following access rights:
Functional area
Allow
Deny
Incident access
Auto-accept settings
Response management
Tenant management
Incident summary scheduling
REST API access
- Incident access
Access rights of the Security Officer role. A Security Officer is an employee who has access to the Kaspersky Managed Detection and Response functions granted by the license, but does not have access to the REST API. The Security Officer cannot accept and reject responses.
In Kaspersky Security Center, this role corresponds to the following access rights:
Functional area
Allow
Deny
Incident access
Auto-accept settings
Response management
Tenant management
Incident summary scheduling
REST API access
- Full access + API and tenants
- Tenant
If necessary, select the value (or values) in the Tenant drop-down list.
The user can view only the assets and incidents related to the specified tenants.
- Connection name
- Click the Generate button.
The JWT token field appears.
- Click the Close button.
The new API connection appears in the API connections list. Now, you can use the refresh token to create an access token.
You can also create API connections in MDR Web Console.
|
See also: |