Make sure this user has access to the API and can make POST/events requests.
In the MDR Console, generate an API token by following these steps:
In the MDR Console window, select the Settings menu item.
Select the API tab.
In the upper part of the window, click the Add button.
Specify the following settings:
Connection name.
The connection name can contain Latin letters, numerals, and special characters. This name is used as the user name when creating incidents, comments, and attachments because the access token is not tied to a specific user.
Access rights.
Select the access rights that must be granted to perform actions using the HTTP API.
Tenant.
Select one or more tenants, if necessary.
If there is no value in the Tenant drop-down list for incidents created in the MDR Console, specify Root without tenants to let the script discover such incidents when connecting.
In the lower part of the section, click the Create button. After that, the values of the following parameters are displayed:
JWT token (refresh_token) is the token that is used to get an access_token that is needed for authorization when working with the API.
ClientID (client_id) is an ID that must be sent when making API requests.
Click the following link to download the kuma_mdr_integration.tar.gz archive:
Click the padlock icon in the address bar next to the URL of the website.
Select Connection is secure and click Certificate is valid.
Select the Details tab.
For each item in the certificate hierarchy (starting with the lowest, *.mdr.kaspersky.com, and ending with the root, DigiCert Global Root G2), click the Export button.
Add the saved certificates to a .PEM file (for example, mdr.pem). The certificates must be placed in order from the lowest to the root.