Creating Managed Detection and Response incidents from XDR incidents

You can create an MDR incident from an XDR incident if the Managed Detection and Response integration is enabled in Open Single Management Platform and the XDR incident's alerts meet the following conditions:

• The detection source is endpoint.
• At least one related asset is included in the alert.
• The detection technology is any of the following:
  • Kaspersky IOA rules
  • SB (Sandbox)
  • AM (Anti-Malware Engine)
  • IOC
  • YARA

We recommend that you activate the MDR solution on all managed assets to ensure continuous managed protection and automate threat detection, freeing up IT security employees to address tasks that require their involvement.

To export an XDR incident to MDR:

1. In the main menu of the OSMP Console interface, go to Monitoring → Incidents.
2. In the incident table, click the ID of the required incident. The window with incident details is displayed.
3. Click the three-dots icon on the toolbar and select Create MDR incident.
4. In the Create MDR incident panel, specify the incident name and description and click Create.

   If the incident is created successfully, an appropriate message is displayed. You can now access the incident in the MDR Web Console. The link to the incident is available in the Summary section of the XDR incident.

Page top