Integrating EDR Agent with KATA (NDR)

EDR Agent is installed on workstations and servers in the IT infrastructure of the organization. On these computers, EDR Agent continuously monitors processes, open network connections, and files being modified, and sends monitoring data to the server with the Central Node component.

To integrate with NDR (KATA), you must enable the Network Detection and Response (KATA) component and configure EDR Agent.

The following conditions must be fulfilled for Network Detection and Response (KATA) to work:

Integration with Network Detection and Response (KATA) involves the following steps:

  1. Activating Network Detection and Response (KATA)

    You need to purchase a separate license for NDR (KATA) (Kaspersky Network Detection and Response (KATA) Add-on).

    The feature will be available after you add a separate key for Kaspersky Network Detection and Response (KATA). Licensing for the stand-alone Network Detection and Response (KATA) functionality is the same as the licensing of Kaspersky Endpoint Security.

    Make sure that the NDR (KATA) functionality is included in the license and is running in the local interface of the application.

  2. Connecting to Central Node

    Kaspersky Anti Targeted Attack Platform requires establishing a trusted connection between Kaspersky Endpoint Security and the Central Node component. To configure a trusted connection, you must use a TLS certificate. You can get a TLS certificate in the Kaspersky Anti Targeted Attack Platform console (see instructions in the Kaspersky Anti Targeted Attack Platform Help). Then you must add the TLS certificate to Kaspersky Endpoint Security (see instructions below).

    Adding a TLS certificate to Kaspersky Endpoint Security

    By default, Kaspersky Endpoint Security only checks the TLS certificate of Central Node. To make the connection more secure, you can additionally enable the verification of the computer on Central Node (two-way authentication). To enable this verification, you must turn on two-way authentication in Central Node and Kaspersky Endpoint Security settings. To use two-way authentication, you will also need a crypto-container. A crypto-container is a PFX archive with a certificate and a private key. You can get a crypto-container in the Kaspersky Anti Targeted Attack Platform console (see instructions in the Kaspersky Anti Targeted Attack Platform Help).

    How to connect a Kaspersky Endpoint Security computer to Central Node using the Administration Console (MMC)

    How to connect a Kaspersky Endpoint Security computer to Central Node using the Web Console

    As a result, the computer is added on the Kaspersky Anti Targeted Attack Platform console. Check the operating status of the component by viewing the Application components status report. You can also view the operating status of a component in reports in the local interface of Kaspersky Endpoint Security. The Network Detection and Response (KATA) component will be added to the list of Kaspersky Endpoint Security components.

Page top