Integration with Kaspersky Managed Detection and Response

Kaspersky Managed Detection and Response is a solution for automatically detecting and analyzing security incidents in your infrastructure using telemetry and advanced machine learning technologies. Information about the incident is sent to Kaspersky experts, who can then either process the incident themselves or provide recommendations on how to resolve it.

When interacting with Kaspersky Managed Detection and Response, Kaspersky Endpoint Security can carry out the following functions:

Integration of Kaspersky Endpoint Security with the Kaspersky Managed Detection and Response solution is facilitated by the Managed Detection and Response (MDR) component of the application.

To use the Kaspersky Managed Detection and Response functionality, you need to activate the MDR component in one of the following ways:

If the Kaspersky Security Network infrastructure is deployed within the corporate LAN (you use the Kaspersky Private Security Network infrastructure solution) or if you use tenants other than the root tenant, then to integrate with Kaspersky Managed Detection and Response, you need to upload the KPSN configuration file to the Kaspersky Security Center Administration Server. This file contains the necessary telemetry settings. The KPSN configuration file with the pkcs7 extension is located in the ZIP archive of the MDR configuration file. For details, refer to Kaspersky Managed Detection and Response Help.

You can upload the KPSN configuration file in the Web Console or the Administration Console.

Integration with Kaspersky Managed Detection and Response involves the following steps:

  1. Enabling required components of Kaspersky Endpoint Security

    Make sure that the following components of Kaspersky Endpoint Security are enabled and working:

    If these components are disabled, the device will have a red status in Kaspersky Managed Detection and Response.

    We also recommend enabling Web Threat Protection and Network Threat Protection. If these components are disabled, the device will have a yellow status in Kaspersky Managed Detection and Response.

    See the Kaspersky Managed Detection and Response Help for more information about device statuses.

  2. Enabling the use of Kaspersky Security Network in extended mode.

    The Kaspersky Managed Detection and Response functionality is not available if Kaspersky Security Network is disabled or being used in standard mode. You can configure the use of Kaspersky Security Network in the Web Console, the Administration Console, or on the command line.

  3. Activating the MDR component

    If you are using the MDR component under a license, make sure that one of the following conditions is satisfied:

    If you are activating the MDR component using an MDR BLOB file, you need to upload the BLOB file in the Web Console, the Administration Console, or on the command line.

  4. Uploading the KPSN configuration file

    If you are using the Kaspersky Private Security Network infrastructure solution, or you are using tenants other than the root tenant, you need to upload the KPSN configuration file to the Kaspersky Security Center Administration Server.

  5. Enabling the MDR component

    The MDR component is disabled by default. You can enable or disable the component:

    You can check the status of the MDR component:

In this section

Uploading the KPSN configuration file for integration with Kaspersky Managed Detection and Response

Configuring the Kaspersky Managed Detection and Response integration in the Web Console

Configuring the Kaspersky Managed Detection and Response integration in the Administration Console

Configuring the Kaspersky Managed Detection and Response integration on the command line

Page top