Configuring integration between Kaspersky Endpoint Agent and Kaspersky Managed Detection and Response
August 27, 2024
ID 206173
Before performing the following steps, get the MDR configuration file. It contains a configuration file (BLOB) required for integration.
If you want Kaspersky Endpoint Agent to process data about events generated by Kaspersky Industrial CyberSecurity for Networks and send this data to Kaspersky Managed Detection and Response, configure interaction with Kaspersky Security Center in the settings of Kaspersky Industrial CyberSecurity for Networks. For detailed information on configuring interaction between the applications, refer to the Kaspersky Industrial CyberSecurity for Networks Help.
Integration with Kaspersky Managed Detection and Response is only available for Kaspersky Endpoint Agent Management plug-in versions 3.9.2 and later.
In order to configure integration between Kaspersky Endpoint Agent and Kaspersky Managed Detection and Response using the Kaspersky Security Center Administration Console:
- Open Kaspersky Security Center Administration Console.
- In the console tree, open the Policies folder.
- Select Kaspersky Endpoint Agent policy and open its properties window in one of the following ways:
- Double-click the policy name.
- Select Properties in the policy context menu.
- Select the Configure policy settings item in the right part of the window.
- Select the Managed Detection and Response section.
- In the Managed Detection and Response settings group, do the following:
- Select the Enable Managed Detection and Response check box.
- Click the Upload configuration file (BLOB) button and select the BLOB configuration file to load.
By downloading the Managed Detection and Response configuration file, you agree to automatically send the specified data from the device with Kaspersky Endpoint Agent installed to Kaspersky for processing. Do not download the configuration file if you do not want the specified information to be processed.
- In the User ID field, enter an arbitrary value.
- In the policy properties window, click OK.
Integration between Kaspersky Endpoint Agent and Kaspersky Managed Detection and Response is configured.
MDR operation when using Kaspersky Endpoint Agent simultaneously with Kaspersky Endpoint Security
Kaspersky Endpoint Security 11 or later with the current database version supports interaction with MDR. In Kaspersky Endpoint Security 11.6.0 or later, interaction with MDR is available immediately after installation.
If you use Kaspersky Endpoint Agent to work with MDR and install Kaspersky Endpoint Security of the version that supports interaction with MDR or update Kaspersky Endpoint Security 11 or later databases to the current version, MDR stops working with Kaspersky Endpoint Agent and becomes available for work with Kaspersky Endpoint Security. At that:
- Switching between Kaspersky Endpoint Agent and Kaspersky Endpoint Security is performed in quiet mode.
- Kaspersky Endpoint Agent allows for configuring settings for interaction with MDR, but these settings are not applied on the device.
- If Kaspersky Endpoint Security is not available (for example, you uninstalled the application), MDR can start working with Kaspersky Endpoint Agent if you restart the Kaspersky Endpoint Agent service.
- The Managed Detection and Response component remains in the Running status in Kaspersky Endpoint Agent settings on the device, since Kaspersky Endpoint Agent continues to communicate with MDR (for example, to resume working with the solution if necessary).