Integration with Detection and Response solutions
Detection and Response solutions by Kaspersky are security systems designed to detect advanced threats and attack signs at various levels of the organization's infrastructure. Detection and Response solutions provide information about the detected threat and let you manage your response to detections.
Kaspersky Endpoint Security interoperates with the following Kaspersky Detection and Response solutions:
- Kaspersky Anti Targeted Attack Platform (Kaspersky Endpoint Detection and Response component). Integration with Kaspersky Endpoint Detection and Response (KATA) is facilitated by a Kaspersky Endpoint Security component: Endpoint Detection and Response (KATA) (EDR (KATA)).
- Kaspersky Endpoint Detection and Response Optimum. Integration is facilitated by a Kaspersky Endpoint Security component: Endpoint Detection and Response Optimum (EDR Optimum).
- Kaspersky Managed Detection and Response. Integration is facilitated by a Kaspersky Endpoint Security component: Managed Detection and Response (MDR).
If Kaspersky Endpoint Security is integrated with Kaspersky Managed Detection and Response and Kaspersky Anti Targeted Attack Platform, a large number of events can be written to the systemd log. If you want to disable the logging of audit events to the systemd log, disable the systemd-journald-audit socket and restart the operating system.
To disable the systemd-journald-audit socket, run the following commands:
systemctl stop systemd-journald-audit.socket
systemctl disable systemd-journald-audit.socket
systemctl mask systemd-journald-audit.socket
By default, on the SintezM-Client operating system, the auditd service configuration is protected from modification, that is, it is in enabled 2
mode. For correct operation of the Behavior Detection component when Kaspersky Endpoint Security is integrated with Kaspersky Managed Detection and Response and Kaspersky Anti Targeted Attack Platform solutions, change the auditd mode in the configuration files to enabled 1
(no configuration blocking) and restart the operating system.