About Kaspersky Security Centre
Kaspersky Security Center is a scalable, unified management console that supports growing businesses with changing security needs, and facilitates comprehensive systems and security management, with a separation of administrator responsibilities. It makes it easy to manage and secure both physical and virtual endpoints from a single,
The integration with SIRP allows automated interactions with a Kaspersky Security Center by using playbooks. Security professionals can perform automated operations on Kaspersky Security Center through SIRP.
Supported Actions
SIRP’s Kaspersky Security Center integration app allows you to execute the following actions:
S.no | Action | Description |
1 | Get host applications | Retrieve software applications for a host. |
2 | Get host details | Retrieve host details. |
3 | List groups | Retrieve a list of all groups |
4 | List virtual machines | Retrieve a list of virtual machines |
5
| Get host group static info | Retrieve a host group static Info. |
6 | Block IP | Block IP Address on Kaspersky |
7 | Block DOMAIN | Block Domain on Kaspersky |
8 | Block URL | Block URL on Kaspersky |
9 | Block HASH | Block Hashes on Kaspersky |
10 | Unblock IP | Unblock IP Address on Kaspersky |
11 | Unblock DOMAIN | Unblock Domain on Kaspersky |
12 | Unblock URL | Unblock URL on Kaspersky |
13 | Unblock HASH | Unblock Hashes on Kaspersky |
Enable and Kaspersky Security Centre
Create a new user on the Kaspersky Security Centre
Open Kaspersky Security Console.
Create a custom role with the following access rights
3. Create a New user and assign the custom role4. Also, assign a minimum operator role to this new user.
Enable the Kaspersky Security Centre app in SIRP
First, log in to SIRP, then go to Apps from the left navigation bar.
Locate the app named Kaspersky Security Centre.
Enable the Email Security app by clicking on the toggle button under the Status Column.
Once you enable the App, click the configure option to integrate SIRP with Kaspersky Security Centre.
Add the following details and click Save:
URL: <URL from the Kaspersky Security Centre console>:13299
Username: <User created on Kaspersky Security Centre>
Password: <Password assigned to user>
Policy-ID :< ID of the Policy >
Category-Name :< Name of the Category created in Application Category for Hash Blocking >
Network-Rule: <Name of the Rule Created in Network Packet Rule for IP Blocking >
Rule-List :< Name of Rule created in Web control for URL and Domains Blocking >
Policy -ID
Click on the Policy you created for Windows Users.
You will find the policy ID above in the Link
exp:1007
Category-Name
Go to Application Management >Application Category
In the Application Category create a new Category SIRP_Hashes
Note: Add any dummy hashes in Condition and Exclusion also
Network-Rule
Select the Policy where the IP will be blocked.
Go to Essential Threat Protection > Firewall > Settings>Network packet rules
In Network Packet Rules create a new rule sirp
Rule-List
Select the Policy where you will Block URLs and Domains
Go to Security Controls > Web Controls
In Web Controls add a new rule name sirp
