Configuring integration with Kaspersky Managed Detection and Response

To configure integration between Kaspersky Endpoint Security and Kaspersky Managed Detection and Response (MDR), perform the following actions:

• Make sure that the File Threat Protection and Behavior Detection components are enabled in the Kaspersky Endpoint Security policy.
• In the Kaspersky Endpoint Security policy in the Web Console, select the use of Kaspersky Security Network with statistics.
• In the Kaspersky Endpoint Security policy in the Web Console, enable integration with Managed Detection and Response and upload a BLOB configuration file, which is located in the ZIP archive of the MDR configuration file (see the instructions below).
• In the Web Console, configure Private KSN for sending telemetry using a Kaspersky Security Network configuration file, which is located in the ZIP archive of the MDR configuration file (see the instructions below).

To configure Private KSN for integrating the application with Kaspersky Managed Detection and Response in the Web Console:

1. In the main Web Console window, click next to the name of the Administration Server.

   The Administration Server properties window opens.

2. In the list on the left, select the KSN proxy server settings section.
3. Switch on the Enable KSN proxy server on the Administration Server as a proxy server toggle button to enable the KSN proxy server service.
4. Switch the Use Kaspersky Private Security Network toggle button.
5. In the window that opens and displays a warning about the specific aspects of using the KSN proxy server on distribution points with the previous version of Network Agent installed, click OK.
6. Click the File with KSN proxy server settings button.
7. Select the configuration file with the pkcs7 extension and click Open.

   This configuration file is included in Kaspersky Managed Detection and Response distribution kit.

   By downloading Kaspersky Managed Detection and Response configuration file, you agree to automatically transmit data from the device with Kaspersky Endpoint Security installed to Kaspersky for processing. Do not load the configuration file if you do not agree that the transmitted data will be processed. For detailed description of the transmitted data, refer to Kaspersky Managed Detection and Response documentation.

8. Click Save.

To load the BLOB configuration file using the Web Console:

1. In the main window of the Web Console, select Devices → Policies and policy profiles.

   The list of policies opens.

2. In the list, select the required policy and click the link with the policy name to open the policy properties window.
3. In the Application settings tab in the list on the left, select the General settings section.
4. In the right section of the window, select the Managed Detection and Response section.
5. In the window that opens, enable Managed Detection and Response.
6. Click Download.
7. In the window that opens, select the BLOB configuration file and click the Open button.

   The BLOB configuration file is included in Kaspersky Managed Detection and Response distribution kit.

   By downloading Kaspersky Managed Detection and Response configuration file, you agree to automatically transmit data from the device with Kaspersky Endpoint Security installed to Kaspersky for processing. Do not load the configuration file if you do not agree that the transmitted data will be processed. For detailed description of the transmitted data, refer to Kaspersky Managed Detection and Response documentation.

8. Click OK.
9. Click Save.