Kaspersky Unified Monitoring and Analysis Platform
- About Kaspersky Unified Monitoring and Analysis Platform
- Program architecture
- Installing and removing KUMA
- Program licensing
- About the End User License Agreement
- About the license
- About the License Certificate
- About the license key
- About the key file
- Adding a license key to the program web interface
- Viewing information about an added license key in the program web interface
- Removing a license key in the program web interface
- Integration with other solutions
- Integration with Kaspersky Security Center
- Integration with Kaspersky CyberTrace
- Integration with Kaspersky Threat Intelligence Portal
- Integration with R-Vision Incident Response Platform
- Integration with Active Directory
- Integration with RuCERT
- Integration with Security Vision Incident Response Platform
- KUMA resources
- KUMA services
- Analytics
- Working with tenants
- Working with incidents
- About the incidents table
- Saving and selecting incident filter configuration
- Deleting incident filter configurations
- Viewing detailed incident data
- Incident creation
- Incident processing
- Changing incidents
- Automatic linking of alerts to incidents
- Categories and types of incidents
- Exporting incidents to RuCERT
- Working in hierarchy mode
- Working with alerts
- Working with events
- Retroscan
- Managing assets
- Managing KUMA
- Contacting Technical Support
- REST API
- Creating a token
- Authorizing API requests
- Standard error
- Operations
- Viewing a list of active lists on the correlator
- Import entries to an active list
- Searching alerts
- Closing alerts
- Searching assets
- Importing assets
- Deleting assets
- Searching events
- Viewing information about the cluster
- Resource search
- Loading resource file
- Viewing the contents of a resource file
- Importing resources
- Exporting resources
- Downloading the resource file
- Search for services
- Tenant search
- View token bearer information
- Appendices
- Commands for components manual starting and installing
- Normalized event data model
- Correlation event fields
- Audit event fields
- Event fields with general information
- User was successfully signed in or failed to sign in
- User login successfully changed
- User role was successfully changed
- Other data of the user was successfully changed
- User successfully logged out
- User password was successfully changed
- User was successfully created
- User access token was successfully changed
- Service was successfully created
- Service was successfully deleted
- Service was successfully reloaded
- Service was successfully restarted
- Service was successfully started
- Service was successfully paired
- Service status was changed
- Storage index was deleted by user
- Storage partition was deleted automatically due to expiration
- Active list was successfully cleared or operation failed
- Active list item was successfully deleted or operation was unsuccessful
- Active list was successfully imported or operation failed
- Active list was exported successfully
- Resource was successfully added
- Resource was successfully deleted
- Resource was successfully updated
- Asset was successfully created
- Asset was successfully deleted
- Asset category was successfully added
- Asset category was deleted successfully
- Settings were updated successfully
- Information about third-party code
- Trademark notices
- Glossary
Creating Kaspersky Security Center connection
To create a new Kaspersky Security Center connection:
- Open the KUMA web interface and select Settings → Kaspersky Security Center.
The Connections to Kaspersky Security Center table will appear on the right in the Settings section.
- Select the tenant for which you want to create a connection to Kaspersky Security Center.
The Kaspersky Security Center connection table will appear on the right in the Settings section.
- Click the Add KSC connection button and set the parameters as described below:
- Name (required)—enter the unique name of the Kaspersky Security Center connection. Must contain from 1 to 128 Unicode characters.
- URL (required)—enter the URL of the Kaspersky Security Center server in the hostname:port or IPv4:port format.
- Disabled—clear this check box if you want to use this Kaspersky Security Center connection. By default, this check box is cleared.
- In the Secret drop-down list select the Secret resource with the credentials of the Kaspersky Security Center you need or create a new Secret resource using the plus button.
Creating resource with Kaspersky Security Center credentials
Credentials for the Kaspersky Security Center server are stored in the Secret resources.
To create the Secret resource with Kaspersky Security Center server credentials:
- In the Resources section of the KUMA web interface, select Secrets.
The list of available secrets will be displayed.
- On the left in the Secrets window select the tenant in which the connection to Kaspersky Security Center with these credentials will be used.
- If required, select the folder where you want to create the secret.
- Click the Add secret button to create a new secret. This resource is used to store credentials of the Kaspersky Security Center server.
The secret window is displayed.
- Enter information about the secret:
- In the Name field, choose a name for the added secret.
- In the Tenant drop-down list, select the tenant that will own the Kaspersky Security Center account credentials.
- In the Type drop-down list, select credentials.
- In the User and Password fields, enter credentials for your Kaspersky Security Center server.
- If you want, enter a Description of the secret.
- Click Save.
The Kaspersky Security Center server credentials are now saved and can be used in other KUMA resources.
- In the Resources section of the KUMA web interface, select Secrets.
- Click Save.
The Kaspersky Security Center connection has been created. It can be used to import information about assets from Kaspersky Security Center to KUMA and to create asset-related tasks in Kaspersky Security Center from KUMA.