Integration with Kaspersky Managed Detection and Response
The Kaspersky Managed Detection and Response service continuously searches for, detects, and eliminates threats aimed at your organization. Integration with the Kaspersky Managed Detection and Response solution is facilitated by a Kaspersky Endpoint Security component: Managed Detection and Response (MDR).
When interacting with Kaspersky Managed Detection and Response, Kaspersky Endpoint Security can carry out the following functions:
- Send telemetry data to Kaspersky Managed Detection and Response for threat detection.
- Execute Kaspersky Managed Detection and Response commands for providing security features.
To configure integration between Kaspersky Endpoint Security and Kaspersky Managed Detection and Response, perform the following actions:
- Make sure that File Threat Protection and Behavior Detection are enabled. If these components are disabled, the device will have a red status in Kaspersky Managed Detection and Response.
We also recommend enabling Web Threat Protection and Network Threat Protection. If these components are disabled, the device will have a yellow status in Kaspersky Managed Detection and Response.
See the Kaspersky Managed Detection and Response Help for more information about device statuses.
- Enable the use of Kaspersky Security Network in the extended mode.
You can enable Kaspersky Security Network in the command line, in the Web Console, or in the Administration Console.
- Configure Kaspersky Private Security Network. KPSN is required for sending telemetry.
You can configure Kaspersky Private Security Network only in the Web Console or in the Administration Console.
There is no way to configure KPSN with Kaspersky Endpoint Security commands.
- Enable the Kaspersky Managed Detection and Response component and upload a BLOB configuration file, which is located in the ZIP archive of the MDR configuration file.
You can enable the Managed Detection and Response component and upload the BLOB configuration file in the command line, in the Web Console, or in the Administration Console.