Configuring integration with Kaspersky Managed Detection and Response

To configure integration between Kaspersky Industrial CyberSecurity for Linux Nodes and Kaspersky Managed Detection and Response (MDR), do the following:

• Make sure that the File Threat Protection and Behavior Detection components are enabled in the Kaspersky Industrial CyberSecurity for Linux Nodes policy.
• In the Kaspersky Industrial CyberSecurity for Linux Nodes policy in the Web Console, select participation in Kaspersky Security Network with statistics.
• In the Kaspersky Industrial CyberSecurity for Linux Nodes policy in the Web Console, enable integration with Managed Detection and Response and upload a BLOB configuration file, which is located in the ZIP archive of the MDR configuration file (see the instructions below).
• In the Web Console, configure Private KSN for sending telemetry using a Kaspersky Security Network configuration file, which is located in the ZIP archive of the MDR configuration file (see the instructions below).

To configure Private KSN for integrating the application with Kaspersky Managed Detection and Response in the Web Console:

1. In the main Web Console window, click next to the name of the Administration Server.

   The Administration Server properties window opens.

2. In the list on the left, select the KSN proxy server settings section.
3. Switch on the Enable KSN proxy server on the Administration Server as a proxy server toggle button to enable the KSN proxy server service.
4. Switch the Use Kaspersky Private Security Network toggle button.
5. In the window that opens and displays a warning about the specific aspects of using the KSN proxy server on the distribution points with the previous version of the Network Agent installed, click OK.
6. Click the Select file with KSN proxy server settings button.
7. Select the configuration file with the pkcs7 extension and click Open.

   This configuration file is included in Kaspersky Managed Detection and Response distribution kit.

   By downloading Kaspersky Managed Detection and Response configuration file, you agree to automatically transmit data from the device with Kaspersky Industrial CyberSecurity for Linux Nodes installed to Kaspersky for processing. Do not load the configuration file if you do not agree that the transmitted data will be processed. For detailed description of the transmitted data, refer to Kaspersky Managed Detection and Response documentation.

8. Click Save.

To load the BLOB configuration file using the Web Console:

1. In the main window of the Web Console, select Devices → Policies and policy profiles.

   The list of policies opens.

2. In the list of policies, select the required policy and open the policy properties window by clicking the link with the policy name.
3. On the Application settings tab, in the list on the left, select the General settings section, and on the right, select the Managed Detection and Response section.
4. Enable the Managed Detection and Response toggle button.
5. Click Download.
6. In the window that opens, select the BLOB configuration file and click the Open button.

   The BLOB configuration file is included in Kaspersky Managed Detection and Response distribution kit.

   By downloading Kaspersky Managed Detection and Response configuration file, you agree to automatically transmit data from the device with Kaspersky Industrial CyberSecurity for Linux Nodes installed to Kaspersky for processing. Do not load the configuration file if you do not agree that the transmitted data will be processed. For detailed description of the transmitted data, refer to Kaspersky Managed Detection and Response documentation.

7. Click OK.