Kaspersky Managed Detection and Response Integration

Integration between Kaspersky Industrial CyberSecurity for Linux Nodes and Kaspersky Managed Detection and Response (MDR) enables continuous search, detection and elimination of threats aimed at your organization.

When interacting with Kaspersky Managed Detection and Response, Kaspersky Industrial CyberSecurity for Linux Nodes allows you to perform the following actions:

To configure integration between Kaspersky Industrial CyberSecurity for Linux Nodes and Kaspersky Managed Detection and Response, perform the following actions:

You can also configure integration between Kaspersky Industrial CyberSecurity for Linux Nodes and Kaspersky Managed Detection and Response and upload a BLOB configuration file from the command line.

To enable integration with Kaspersky Managed Detection and Response, execute the following command:

kics-control --set-app-settings UseMDR=Yes

To disable integration with Kaspersky Managed Detection and Response, execute the following command:

kics-control --set-app-settings UseMDR=No

To load the BLOB configuration file, execute the following command:

kics-control --load-mdr-blob <path to MDR BLOB configuration file MDR BLOB>

To remove the BLOB configuration file, execute the following command:

kics-control --remove-mdr-blob

If Kaspersky Industrial CyberSecurity for Linux Nodes is integrated with Kaspersky Managed Detection and Response, a large number of events can be written to the systemd log. If you want to disable the logging of audit events to the systemd log, disable the systemd-journald-audit socket.

To disable the systemd-journald-audit socket, run the following commands:

systemctl stop systemd-journald-audit.socket

systemctl disable systemd-journald-audit.socket

systemctl mask systemd-journald-audit.socket

Page top