Operating principle of Kaspersky Managed Detection and Response
Kaspersky Managed Detection and Response analyzes telemetry data from the EPP applications and generates security events that can be classified as incidents by the detection technology.
MDR Web Console is used to process incidents. Alternatively, you can integrate Kaspersky Managed Detection and Response with a third-party solution, as described in the Managing the solution through the REST API article.
The Kaspersky Managed Detection and Response solution may resolve an incident automatically or request a user response to a potential security threat. Refer to the Response types article for details. To ensure prompt response to potential security threats, the Kaspersky Managed Detection and Response solution may request a clarification from you for a suspicious event. You should process such requests in time.
Detailed incident investigation (such as establishing preceding events, circumstances, and detailed mechanism of the attack) is handled by the Kaspersky Incident Response component that is not included in the Kaspersky Managed Detection and Response and must be purchased separately.
Kaspersky Managed Detection and Response usage involves you processing incidents with support of Kaspersky experts. Refer to the following topic for details: Areas of responsibility.