Kaspersky Endpoint Detection and Response (hereinafter also referred to as KEDR) is a functional block of Kaspersky Anti Targeted Attack Platform (hereinafter also referred to as KATA) that protects assets in an enterprise LAN.
You can configure integration between Kaspersky Next XDR Expert and KATA/KEDR to manage threat response actions on assets connected to Kaspersky Endpoint Detection and Response servers. Commands to perform operations are received by the Kaspersky Endpoint Detection and Response server, which then relays those commands to Kaspersky Endpoint Agent installed on assets.
To configure integration between Kaspersky Next XDR Expert and KATA/KEDR:
The list of tenants is displayed on the screen.
The tenant's properties window opens.
You can edit the KATA/KEDR section, if you are assigned one of the following XDR roles: Main administrator, Tenant administrator or SOC administrator.
The window is closed.
If the connection is not added, an error message is displayed.
If the connection is added successfully, an appropriate message is displayed on the screen. An XDR ID, certificate, and private key are generated and displayed in the corresponding fields. If necessary, you can generate the new certificate and private key by clicking the Generate button.
To ensure that the connection is established successfully, click the Check connection button. The result is displayed in the Connection status parameter.
After you add the connection, you can edit or delete it by clicking the corresponding icons. You can also add another connection by performing steps 1–6.
If you want to receive information about Kaspersky Endpoint Detection and Response alerts, you need to configure integration between the KUMA component and KATA/KEDR.
Page top