Creating an API connection in MDR Web Console

Expand all | Collapse all

A refresh token is a unique sequence of letters, digits, and symbols. Once created, a refresh token allows you to create an access token.

To create a refresh token:

1. In the MDR Web Console window, navigate to the Settings menu item.
2. Click the API tab.

   The All tokens list appears.

3. In the upper part of the window, click the Add button.

   The Generate token block appears.

4. Specify the following settings:
   • Connection name

     The name of a token.

     The name of a token can contain Latin letters, digits, and special characters. The name of a token is specified as author_name in REST API responses and displayed as the comment author on the Communication tab of an incident.

     If you activated Kaspersky Managed Detection and Response with the MDR Optimum or MDR Basic license, this is the only available field while creating a refresh token.

   • User role

     The user role to specify permissions that will be granted for performing actions via the HTTP API.

     The following user roles are available:

     • MDR Administrator

       The superuser who has access to all Kaspersky Managed Detection and Response functions granted by the license. The MDR Administrator can grant access to client data sources to other users. When you activate Kaspersky Managed Detection and Response, you become the MDR Administrator automatically, which is why we recommend using a corporate email address for the activation process instead of a personal email address. Having the MDR Administrator created with a personal email address can pose security risks, such as theft of the MDR Administrator account.

       In Kaspersky Security Center, this role corresponds to the following access rights:

       Functional area	Allow	Deny
       Incident access
       Auto-accept settings
       Response management
       Tenant management
       Incident summary scheduling
       REST API access

     • Senior Security Officer

       An employee who has access to the Kaspersky Managed Detection and Response functions granted by the license, but who does not have access to the REST API. The Senior Security Officer has the right to accept and reject responses.

       Incident response is a structured methodology for handling security incidents, breaches, and cyberthreats.

       In Kaspersky Security Center, this role corresponds to the following access rights:

       Functional area	Allow	Deny
       Incident access
       Auto-accept settings
       Response management
       Tenant management
       Incident summary scheduling
       REST API access

     • Security Officer

       An employee who has access to the Kaspersky Managed Detection and Response functions granted by the license, but who does not have access to the REST API. The Security Officer cannot accept and reject responses.

       In Kaspersky Security Center, this role corresponds to the following access rights:

       Functional area	Allow	Deny
       Incident access
       Auto-accept settings
       Response management
       Tenant management
       Incident summary scheduling
       REST API access

   • Tenant

     If necessary, select the value (or values) in the Tenant drop-down list.

     The tenants already existing in Console and the Root without tenants value are suggested.

     The user can view only the assets and incidents related to the specified tenants. If you have assets and incidents not assigned to any tenants, the user can view them if you select the Root without tenants value.

     You can select the Root without tenants value, in addition to specifying tenant names.

5. In the lower part of the block, click the Generate button.

   The Token info block replaces the Generate token block.

6. Click the Close button in the lower part of the Token info block.

   The refresh token that you have created appears in the All tokens list. Now, you can use this refresh token to create an access token.