You can respond to alerts and incidents through UserGate if you previously configured integration between Kaspersky XDR Expert and script launch service. UserGate includes features of unified threat management solutions and provides the following means of protection for your local network:
UserGate UTM API 7 version is supported.
The login and password to access UserGate are stored in the scripts for integration with UserGate. You can download the scripts by clicking this link.
Python 3.10 is required to run the scripts.
To perform a response action through UserGate, you must have one of the following XDR roles: Main administrator, Tenant administrator, Junior analyst, Tier 1 analyst, Tier 2 analyst.
To perform a response action through UserGate:
In the window that opens, you can go to the Observables tab to view the IP addresses, URL and domain names that you can block through UserGate.
In the window that opens, select one of the following pre-installed playbooks for responding through UserGate:
If you select this playbook, UserGate will block IP addresses, URL and domain names as a result of the playbook launch.
UserGate uses IP addresses, URL and domain names that are displayed in the Observables tab.
If you select this playbook, all users that are logged in to UserGate will be logged out as a result of the playbook launch.
The selected playbook launches the script for integration with UserGate.
If the operation is completed successfully, an appropriate message is displayed on the screen. Otherwise, an error message is displayed.
The result of the playbook launch is available in the alert or incident details, on the History tab.
Page top