Periodic update of KSN configuration files

To ensure secure transmission of customer telemetry to Kaspersky Managed Detection and Response, Kaspersky periodically updates the encryption keys for MDR telemetry data. The public key is transmitted as part of the KSN configuration file.

If you are using MDR Plug-in for Kaspersky Security Center Cloud Console or on-premises Kaspersky Security Center, in some cases (please check the details in the table below) the KSN configuration file will be updated automatically. However, in many cases you have to replace the installed KSN configuration file manually.

If the KSN configuration file is not updated on your assets, telemetry data will stop being sent to Kaspersky Managed Detection and Response.

No later than one month before the expiration of the current KSN configuration file, Kaspersky will notify you about the imminent expiration of the KSN configuration file. There are two notification options:

• An incident will be created, notifying you about the upcoming expiration of the current KSN configuration file.
• A notification about the upcoming expiration of the current KSN configuration file will be published in MDR Web Console. Any user logging in MDR Web Console will see this notification.

  Actions required to update the KSN configuration file

  The solution you use to manage your assets	The interface your SOC analysts use	Actions required
  Kaspersky Security Center Cloud Console	MDR Plug-in installed in Kaspersky Security Center Cloud Console	Log in to Kaspersky Security Center Cloud Console. When you log in, MDR Plug-in tries to install the new KSN configuration file on Kaspersky Security Center Cloud Console. If MDR Plug-in successfully updates the file, you will get a notification about the change of the KSN configuration file. If MDR Plug-in fails to update the KSN configuration file, you will get a notification about the cause of the problem: Your account does not have sufficient access rights to update the file. An unexpected error occurred while updating the KSN configuration file.   If no notifications are displayed, it is likely that the KSN configuration file was successfully updated when another specialist connected to the Kaspersky Security Center Cloud Console. If you see a notification about insufficient access rights to update the KSN configuration file, contact your Kaspersky Security Center Cloud Console administrator (Main administrator role) for help: Ask the administrator to connect to Kaspersky Security Center Cloud Console. When the administrator connects, the KSN configuration file will be updated. You can check if the KSN configuration file is up to date at any time. To do so, in the MDR section of Kaspersky Security Center click the MDR Usage tab. Information about the current version of the KSN configuration file will be shown. If a new version of the KSN configuration file is available, you can use a button to update the KSN configuration file.  If an unexpected error occurs while updating, contact Kaspersky technical support.
  Kaspersky Security Center Cloud Console	MDR Web Console OR You use the API to download the incidents in order to process them in your own system	Log in to Kaspersky Security Center Cloud Console. Start the Initial Configuration Wizard to activate the MDR Plug-in. If your account does not have sufficient access rights to activate MDR Plug-in, contact your Kaspersky Security Center Cloud Console server administrator for help. Then, follow the instructions for the Kaspersky Security Center Cloud Console server and MDR Plug-in above. If an unexpected error occurs while updating, contact Kaspersky technical support.
  On-premises Kaspersky Security Center version 14 and later	MDR Plug-in installed in on-premises Kaspersky Security Center	Log in to Kaspersky Security Center. When you log in, MDR Plug-in tries to install the new KSN configuration file on the Kaspersky Security Center server. If MDR Plug-in successfully updates the file, you will get a notification about the change of the KSN configuration file. If MDR Plug-in fails to update the KSN configuration file, you will get a notification about the cause of the problem: Your account does not have sufficient access rights to update the file. An unexpected error occurred while updating the KSN configuration file.   If no notifications are displayed, it is likely that the KSN configuration file was successfully updated when another specialist connected to Kaspersky Security Center Cloud Console. If you see a notification about missing access rights to update the KSN configuration file, contact your Kaspersky Security Center server administrator for help. Ask the administrator to connect to the Kaspersky Security Center server. When the administrator connects, the KSN configuration file will be updated. If the administrator does not get the notification about the change of the KSN configuration file, the administrator should check the version of the installed MDR Plug-in, and update it to the current version if necessary (MDR Plug-in version 2.1.17 or later is required). You can check if the KSN configuration file is up to date at any time. To do so, in the MDR section of Kaspersky Security Center, click the MDR Usage tab. The information about the current version of the KSN configuration file will be shown. If a new version of the KSN configuration file is available, you can use a button to update the KSN configuration file.  If an unexpected error occurs while updating, contact Kaspersky technical support.
  On-premises Kaspersky Security Center version 14 and later	MDR Web Console (MDR Plug-in not installed in on-premises Kaspersky Security Center OR You use the API to download the incidents in order to process them in your own system	Ask the MDR Web Console administrator to: Download the MDR ZIP archive from the Getting started page. Extract the KSN configuration file from the ZIP archive. Send this file to the Kaspersky Security Center Administration server administrator.   Ask the Kaspersky Security Center server administrator to upload the KSN configuration file by clicking Administration Server properties → KSN proxy server settings → KSN proxy server settings file. If an unexpected error occurs while updating, contact Kaspersky technical support.
  On-premises Kaspersky Security Center version 13.* or earlier	MDR Plug-in installed in on-premises Kaspersky Security Center OR You use the API to download the incidents in order to process them in your own system

If there are multiple Kaspersky Security Center servers installed in your network, you have to update the KSN configuration file on each server.

Updating the KSN configuration file on KATA servers

If there are KATA servers that are connected to Kaspersky Managed Detection and Response in your network, you have to update the MDR configuration file on these KATA servers.

Please ask the MDR Web Console administrator to download the MDR configuration ZIP archive from the Getting started page: https://mdr.kaspersky.com/guide.

The Getting started page in MDR Web Console is available for logged-in users only.

When you get the MDR configuration ZIP archive, please ask the KATA server administrator to upload the MDR configuration file to the KATA servers. In case of problems during an MDR configuration file update, the KATA server administrator should contact Kaspersky Technical Support for instructions on how to update the MDR configuration file on the KATA server.