Creating an API connection in Kaspersky Security Center

Expand all | Collapse all

When you create a new API connection, a refresh token is generated. A refresh token is a unique sequence of letters, digits, and symbols. Once created, a refresh token allows you to create an access token.

To create an API connection:

1. In the MDR section of Kaspersky Security Center, click the API tab.

   The API connections list appears.

2. In the upper part of the window, click the plus sign icon ().

   The Add a new API connection block appears.

3. Specify the following settings:
   • Connection name

     A connection name can contain Latin letters, digits, and special characters. A connection name is specified as author_name in REST API responses and displayed as the comment author on the Communication tab of an incident.

   • Access rights

     Select which access rights to grant for performing actions via the HTTP API:

     • Full access + API and tenants

       Access rights of the MDR Administrator role. An MDR Administrator is a superuser who has access to all Kaspersky Managed Detection and Response functions granted by the license. The MDR Administrator can grant access to client data sources to other users. When you activate Kaspersky Managed Detection and Response, you become the MDR Administrator automatically, which is why we recommend using a corporate email address for the activation process instead of a personal email address. Having the MDR Administrator created with a personal email address can pose security risks, such as stealing the MDR Administrator account.

       In Kaspersky Security Center, this role corresponds to the following access rights:

       Functional area	Allow	Deny
       Incident access
       Auto-accept settings
       Response management
       Tenant management
       Incident summary scheduling
       REST API access

     • Incident access, response management, and auto-accept settings

       Access rights of the Senior Security Officer role. A Senior Security Officer is an employee who has access to the Kaspersky Managed Detection and Response functions granted by the license, but does not have access to the REST API. The Senior Security Officer has the right to accept and reject responses.

       Incident response is a structured methodology for handling security incidents, breaches, and cyberthreats.

       In Kaspersky Security Center, this role corresponds to the following access rights:

       Functional area	Allow	Deny
       Incident access
       Auto-accept settings
       Response management
       Tenant management
       Incident summary scheduling
       REST API access

     • Incident access

       Access rights of the Security Officer role. A Security Officer is an employee who has access to the Kaspersky Managed Detection and Response functions granted by the license, but does not have access to the REST API. The Security Officer cannot accept and reject responses.

       In Kaspersky Security Center, this role corresponds to the following access rights:

       Functional area	Allow	Deny
       Incident access
       Auto-accept settings
       Response management
       Tenant management
       Incident summary scheduling
       REST API access

   • Tenant

     If necessary, select the value (or values) in the Tenant drop-down list.

     The user can view only the assets and incidents related to the specified tenants.

4. Click the Generate button.

   The JWT token field appears.

5. Click the Close button.

   The new API connection appears in the API connections list. Now, you can use the refresh token to create an access token.

You can also create API connections in MDR Web Console.