Kandji EDR
  • 13 Mar 2025
  • 2 Minutes to read
  • Dark
    Light

Kandji EDR

  • Dark
    Light

Article summary

Kandji Endpoint Detection and Response (EDR) is designed to enhance endpoint protection and streamline device management, particularly for Apple devices. Kandji EDR combines real-time threat detection, automated response mechanisms, and robust analytics to safeguard organizations against evolving cyber threats. For detailed information, refer to Kandji EDR’s official documentation.

Integration Method: API

Table: Detection Finding (2004)

This integration supports the following events.

Events

Description

Threats

Captures detected threats, including malware and PUPs, with information on affected devices, file paths, threat status, and security actions taken.

This integration supports the following versions.

Kandji agent version Supported

4.6.7 (5238)

Kandji EDR API

v1

Prerequisites

  • The user should have access to the Kandji portal with an account that has admin access. 

  • The user should have access to the DataBee console.

Configuration Overview

  1. Create an API Token with required permissions to fetch the data.

  2. Create Kandji EDR data feed in the DataBee console with the required Client credentials.

DataBee Parameter

Kandji Parameter

API Base URL (< subdomain > ,< region >)

Organization’s API URL

Token

Token

Kandji EDR Configuration

Create a Token

  1. Login to the Kandji EDR console.
     

  2. Click on the Settings button.
     

  3. Click on the Access tab.
     

  4. Click on the Add Token button.
     

  5. Enter ‘Name’ and ‘Description’ of Token.
     

  6. Click on the Create button.
     

  7. Click on the Copy Token to copy the token to your clipboard. Ensure you store the token in a secure location, as you will not be able to view it again. Check the checkbox to confirm that the token has been copied.
     

    Note:

    Ensure you store the token in a secure location, as you will not be able to view it again.

  8. Click on the Next button.
     

  9. Click on the Configure button.
     

  10. Click on the Configure Permissions button.
     

  11. Select get Threat Details permission.

    1. Search for Threat Details.

    2. Select check box of Get Threat Details permission.

    3. Click on the Save button.

  1. Click on the Close button.
     

  2. Copy the Organization’s API URL, as it contains the subdomain and region, which are required during the DataBee configuration process. 

DataBee Configuration

  1. Login to the DataBee UI, navigate to Data > Data Feeds and click the Add New Data Feed button.
     Inserting image...

  2. Search for Kandji EDR and select it.
     

  3. Click on the API Ingest.
     Inserting image...

  4. Enter feed contact information and click Next.
     

  5. In the configuration page, enter the following:

    • API Base URL: replace < subdomain > and < region >with your subdomain and region according to your organization's API URL .

    • Authorization Method: Bearer Token

    • Token: paste the Token generated earlier in the Kandji EDR portal.

    • Event Types: preselected for all the event types that integration pulls.

Note:

The URL for the API endpoint that you use is based on your region. Here, we have used the URL for US region. You can change the URL as per subscription. Below is the list of URLs as per the subscription.

  1. Click Submit.

Troubleshooting Tips

  • If you encounter an Unauthorized error, it may indicate that the authentication token has expired or deleted. In this case, regenerate the token to restore access. To prevent potential issues, consider pasting the token into a text editor to verify that there are no extra spaces or unexpected characters before reconfiguring the DataBee feed.


Was this article helpful?

What's Next
Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
ESC

Eddy AI, facilitating knowledge discovery through conversational intelligence