Configuring integration with Kaspersky Managed Detection and Response

To configure integration between Kaspersky Endpoint Security and Kaspersky Managed Detection and Response (MDR), perform the following actions:

• Make sure that the File Threat Protection and Behavior Detection components are enabled in the Kaspersky Endpoint Security policy.
• In the Kaspersky Endpoint Security policy, select use Extended KSN mode.
• In the Kaspersky Endpoint Security policy, enable integration with Managed Detection and Response and upload a BLOB configuration file, which is located in the ZIP archive of the MDR configuration file (see the instructions below).
• In the Administration Console, configure Kaspersky Private Security Network for sending telemetry using a Kaspersky Security Network configuration file, which is located in the ZIP archive of the MDR configuration file (see the instructions below).

To configure Kaspersky Private Security Network for integration with Kaspersky Managed Detection and Response in Kaspersky Security Center:

1. Open the Administration Console of Kaspersky Security Center.
2. In the Administration Console tree, select the Administration Server.
3. In the Administration Server context menu, select Properties.
4. In the Administration Server properties window, in the KSN proxy server section, select the KSN proxy server settings sub-section.
5. Select the Use Administration Server as a proxy server check box to enable the KSN proxy server service.
6. Select the Configure Private KSN check box.
7. In the window that opens and displays a warning about the specific aspects of using the KSN proxy server on the distribution points with the previous version of the Network Agent installed, click OK.
8. Click the File with KSN proxy server settings button.
9. Select the configuration file with the pkcs7 extension and click Open.

   This configuration file is included in Kaspersky Managed Detection and Response distribution kit.

   By downloading Kaspersky Managed Detection and Response configuration file, you agree to automatically transmit data from the device with Kaspersky Endpoint Security installed to Kaspersky for processing. Do not load the configuration file if you do not agree that the transmitted data will be processed. For detailed description of the transmitted data, refer to Kaspersky Managed Detection and Response documentation.

10. Click Apply.

To load the BLOB configuration file using Kaspersky Security Center:

1. Open the Administration Console of Kaspersky Security Center.
2. In the Managed devices folder, open the folder with the name of the required administration group for which you want to configure the policy settings.
3. In the workspace, select the Policies tab.
4. Select the required policy and open the policy properties window in one of the following ways:
   • Double click the policy name.
   • In the context menu of the policy, select Properties.
5. In the policy properties window, in the list on the left, select the Managed Detection and Response section in the General settings section.
6. Select the Enable Managed Detection and Response check box.
7. Click Download.
8. In the window that opens, select the BLOB configuration file and click the Open button.

   The BLOB configuration file is included in Kaspersky Managed Detection and Response distribution kit.

   By downloading Kaspersky Managed Detection and Response configuration file, you agree to automatically transmit data from the device with Kaspersky Endpoint Security installed to Kaspersky for processing. Do not load the configuration file if you do not agree that the transmitted data will be processed. For detailed description of the transmitted data, refer to Kaspersky Managed Detection and Response documentation.

9. Click Apply.