Support

Support for business applications

Kaspersky XDR Expert

Architecture of Kaspersky Next XDR Expert

Kaspersky Next XDR Expert
Online Help
FAQ Forum Contact support Recovery tools

Architecture of Kaspersky Next XDR Expert

May 15, 2024

ID 247191

Get as PDF

This section provides a description of the components of Kaspersky Next XDR Expert and their interaction.

Kaspersky XDR Expert analyzes the events from the applications installed on the assets, detects alerts, and allows you to investigate the alerts and response to the threats.

Kaspersky Next XDR Expert architecture

Kaspersky Next XDR Expert comprises the following main components:

  • Open Single Management Platform (OSMP). The technology basis on which Kaspersky Next XDR Expert is built. OSMP integrates all of the solution components and provides interaction between the components. OSMP is scalable and supports integration with both Kaspersky applications and third-party solutions.
  • OSMP Console. Provides a web interface for OSMP.
  • KUMA Console. Provides a web interface for Kaspersky Unified Monitoring and Analysis Platform (KUMA).
  • KUMA Core. The central component of KUMA. KUMA receives, processes, and stores information security events and then analyzes the events by using correlation rules. As a result of the analysis, if the conditions of a correlation rule are met, KUMA creates an alert and sends it to Incident Response Platform.
  • Incident Response Platform. A Kaspersky Next XDR Expert component that allows you to create incidents automatically or manually, manage alert and incident life cycle, assign alerts and incidents to SOC analysts, and respond to the incidents automatically or manually, including responses through playbooks.
  • Administration Server (also referred to as Server). The key component of endpoint protection of a client organization. Administration Server provides centralized deployment and management of endpoint protection through EPP-applications, and allows you to monitor the endpoint protection status.
  • Data sources. Information security hardware and software that generates the events. After you integrate Kaspersky Next XDR Expert with the required data sources, KUMA receives the events to store and analyze them.
  • Integrations. Kaspersky applications and third-party solutions integrated with OSMP. Through integrated solutions, an SOC analyst can enrich the data required for incident investigation, and then respond to incidents.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.