Kaspersky Endpoint Detection and Response Expert
- Kaspersky Endpoint Detection and Response Expert Help
- About Kaspersky Endpoint Detection and Response Expert
- Licensing of Kaspersky Endpoint Detection and Response Expert
- Data provision
- Getting started
- User management
- Alerts
- Incidents
- Threat hunting
- About threat hunting
- Building and running queries for threat hunting
- About syntax in threat hunting queries
- Creating IOA rules from queries
- Viewing and configuring the event list
- Configuring the event table
- Viewing event details
- Viewing a tree of events
- Viewing information about related events in a tree of events
- Custom rules
- About custom rules
- Viewing and configuring custom rules list
- Viewing custom rule details
- About custom rule details
- Configuring custom rules table
- Creating custom IOA rules
- Creating exclusions from Kaspersky IOA rules
- Editing custom rules
- Enabling and disabling custom rules
- Deleting IOA custom rules
- Deleting exclusions
- Response actions
- About network isolation
- About moving file to quarantine
- Viewing a list of quarantined files
- Specifying settings for storing files in the Quarantine
- About deleting files
- About running critical areas scan
- About IOC scan
- About execution prevention
- About process start task
- About terminating process task
- About getting file task
- Monitoring and reporting
- Contact Customer Service
- Termination of the Kaspersky Endpoint Detection and Response Expert solution usage
- Sources of information about the application
- Glossary
- Known issues
- Information about third-party code
- Trademark notices
About user roles
Kaspersky Endpoint Detection and Response Expert users can have different roles, with a different set of rights available for each role. The following pre-defined roles are present in Kaspersky EDR Expert:
- Main Administrator
A superuser who is in charge of installation, configuration and performance of the solution. You must be the Main Administrator to activate Kaspersky Endpoint Detection and Response Expert. The Main Administrator has access to all Kaspersky EDR Expert functions. In contrast to the Senior Security Analyst role, the Main Administrator has permissions to do the following:
- Manage user accounts.
- Manage roles and user access rights.
- Add, change, or delete activation keys.
This page provides more information about the Main Administrator role in Kaspersky Security Center Cloud Console.
- Senior Security Analyst
An IT Security specialist who investigates incidents and manages custom IOA rules which define IT security alerts. The Senior Security Analyst role gives the right to manage responses and tasks.
The Senior Security Analyst has full access to Kaspersky EDR Expert functions including alerts, incidents, custom IOA rules, and threat hunting. User management and role management are unavailable.
If the pre-defined roles do not meet the specific needs of your organization, you can create your own custom roles.