Configuring the Kaspersky Managed Detection and Response integration on the command line
In the command line, you can do the following:
- Enable or disable the Managed Detection and Response component.
- Upload or delete the BLOB configuration file required for the integration.
- Edit the start time of the Mdr_Autostart_Scan service task created automatically after Kaspersky Endpoint Security successfully integrates with Managed Detection and Response.
We recommend configuring the integration between Kaspersky Endpoint Security and Kaspersky Managed Detection and Response in the Administration Console or in the Web Console.
You can enable or disable the Managed Detection and Response component using the UseMDR
parameter in the general application settings. You can edit the setting using command line options or a configuration file that contains all general application settings.
UseMDR
accepts the following values:
Yes
to enable the Managed Detection and Response component.No
to disable the Managed Detection and Response component.
You can upload or delete the BLOB configuration file via the license key management commands.
To load the BLOB configuration file, execute the following command:
kesl-control --load-mdr-blob <
path to MDR BLOB configuration file
>
To remove the BLOB configuration file, execute the following command:
kesl-control --remove-mdr-blob
Enabling the integration creates a Mdr_Autostart_Scan service task that runs once per day. You can set the start time if needed. No other task settings or schedule options can be edited.