Support

Support for business applications

Kaspersky XDR Expert

Integration with other solutions

Integration with KATA/KEDR

Kaspersky Next XDR Expert
Online Help
FAQ Forum Contact support Recovery tools

Integration with KATA/KEDR

May 15, 2024

ID 264314

Get as PDF

Kaspersky Endpoint Detection and Response (hereinafter also referred to as KEDR) is a functional block of Kaspersky Anti Targeted Attack Platform (hereinafter also referred to as KATA) that protects assets in an enterprise LAN.

You can configure integration between Kaspersky Next XDR Expert and KATA/KEDR to manage threat response actions on assets connected to Kaspersky Endpoint Detection and Response servers. Commands to perform operations are received by the Kaspersky Endpoint Detection and Response server, which then relays those commands to Kaspersky Endpoint Agent installed on assets.

To configure integration between Kaspersky Next XDR Expert and KATA/KEDR:

  1. In the main menu, go to SettingsTenants.

    The list of tenants is displayed on the screen.

  2. Click the name of the required tenant.

    The tenant's properties window opens.

  3. Go to the Settings tab, and then select the KATA/KEDR section.

    You can edit the KATA/KEDR section, if you are assigned one of the following XDR roles: Main administrator, Tenant administrator or SOC administrator.

  4. Turn on the KATA integration toggle button.
  5. Click the Add connection button, and then in the window that opens do the following:
    1. In the IP address or host name field, enter one of the following:
      • hostname
      • IPv4
      • IPv6
    2. In the Port field, set a port.
    3. Click the Save button.

    The window is closed.

    If the connection is not added, an error message is displayed.

    If the connection is added successfully, an appropriate message is displayed on the screen. An XDR ID, certificate, and private key are generated and displayed in the corresponding fields. If necessary, you can generate the new certificate and private key by clicking the Generate button.

    To ensure that the connection is established successfully, click the Check connection button. The result is displayed in the Connection status parameter.

  6. Click the Save button to save the settings.

    After you add the connection, you can edit or delete it by clicking the corresponding icons. You can also add another connection by performing steps 1–6.

If you want to receive information about Kaspersky Endpoint Detection and Response alerts, you need to configure integration between the KUMA component and KATA/KEDR.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.