Kaspersky Unified Monitoring and Analysis Platform
- About Kaspersky Unified Monitoring and Analysis Platform
- Program architecture
- Installing and removing KUMA
- Program licensing
- About the End User License Agreement
- About the license
- About the License Certificate
- About the license key
- About the key file
- Adding a license key to the program web interface
- Viewing information about an added license key in the program web interface
- Removing a license key in the program web interface
- Integration with other solutions
- Integration with Kaspersky Security Center
- Configuring Kaspersky Security Center integration settings
- Adding a tenant to the list for Kaspersky Security Center integration
- Creating Kaspersky Security Center connection
- Editing Kaspersky Security Center connection
- Deleting Kaspersky Security Center connection
- Working with Kaspersky Security Center tasks
- Importing events from the Kaspersky Security Center database
- Kaspersky Endpoint Detection and Response integration
- Integration with Kaspersky CyberTrace
- Integration with Kaspersky Threat Intelligence Portal
- Integration with R-Vision Incident Response Platform
- Integration with Active Directory
- Connecting over LDAP
- Enabling and disabling LDAP integration
- Adding a tenant to the LDAP server integration list
- Creating an LDAP server connection
- Creating a copy of an LDAP server connection
- Changing an LDAP server connection
- Changing the data update frequency
- Changing the data storage period
- Starting account data update tasks
- Deleting an LDAP server connection
- Authorization with domain accounts
- Connecting over LDAP
- RuCERT integration
- Integration with Security Vision Incident Response Platform
- Kaspersky Industrial CyberSecurity for Networks integration
- Integration with Kaspersky Security Center
- KUMA resources
- KUMA services
- Analytics
- Working with tenants
- Working with incidents
- About the incidents table
- Saving and selecting incident filter configuration
- Deleting incident filter configurations
- Viewing information about an incident
- Incident creation
- Incident processing
- Changing incidents
- Automatic linking of alerts to incidents
- Categories and types of incidents
- Exporting incidents to RuCERT
- Sending incidents involving personal information leaks to RuCERT
- Working in hierarchy mode
- Working with alerts
- Working with events
- Retroscan
- Working with geographic data
- Transferring events from isolated network segments to KUMA
- Managing assets
- Asset categories
- Adding an asset category
- Configuring the table of assets
- Searching assets
- Viewing asset details
- Adding assets
- Assigning a category to an asset
- Editing the parameters of assets
- Deleting assets
- Updating third-party applications and fixing vulnerabilities on Kaspersky Security Center assets
- Moving assets to a selected administration group
- Asset audit
- Managing users
- Managing KUMA
- Contacting Technical Support
- REST API
- Creating a token
- Configuring permissions to access the API
- Authorizing API requests
- Standard error
- Operations
- Viewing a list of active lists on the correlator
- Import entries to an active list
- Searching alerts
- Closing alerts
- Searching assets
- Importing assets
- Deleting assets
- Searching events
- Viewing information about the cluster
- Resource search
- Loading resource file
- Viewing the contents of a resource file
- Importing resources
- Exporting resources
- Downloading the resource file
- Search for services
- Tenant search
- View token bearer information
- Dictionary updating in services
- Dictionary retrieval
- Appendices
- Commands for components manual starting and installing
- Integrity check of KUMA files
- Normalized event data model
- Alert data model
- Asset data model
- User account data model
- Audit event fields
- Event fields with general information
- User was successfully signed in or failed to sign in
- User login successfully changed
- User role was successfully changed
- Other data of the user was successfully changed
- User successfully logged out
- User password was successfully changed
- User was successfully created
- User access token was successfully changed
- Service was successfully created
- Service was successfully deleted
- Service was successfully reloaded
- Service was successfully restarted
- Service was successfully started
- Service was successfully paired
- Service status was changed
- Storage partition was deleted by user
- Storage partition was deleted automatically due to expiration
- Active list was successfully cleared or operation failed
- Active list item was successfully deleted or operation was unsuccessful
- Active list was successfully imported or operation failed
- Active list was exported successfully
- Resource was successfully added
- Resource was successfully deleted
- Resource was successfully updated
- Asset was successfully created
- Asset was successfully deleted
- Asset category was successfully added
- Asset category was deleted successfully
- Settings were updated successfully
- Information about third-party code
- Trademark notices
- Glossary
Integration with other solutions > RuCERT integration
RuCERT integration
RuCERT integration
In the KUMA web interface, you can create a connection to the National Computer Incident Response & Coordination Center Incidents (hereinafter referred to as "RuCERT"). This will let you export incidents registered by KUMA to RuCERT. Integration is configured under Settings → RuCERT in the KUMA web interface.
You can use the Disabled check box to enable or disable integration.
To create a connection to RuCERT:
- In the KUMA web interface, open Settings → RuCERT.
- In the URL field, enter the URL for accessing RuCERT. For example: https://example.cert.gov.ru/api/v2/
- In the Token settings block, create or select an existing secret resource with the API token that was issued to your organization for a connection to RuCERT:
- If you already have a secret, you can select it from the drop-down list.
- If you want to create a new secret:
- Click the
button and specify the following settings:- Name (required)—unique name of the service you are creating. The name must contain from 1 to 128 Unicode characters.
- Token (required)—token that was issued to your organization for a connection to RuCERT.
- Description—service description containing up to 256 Unicode characters.
- Click Save.
The secret containing the token for connecting to RuCERT will be created. It is saved under Resources → Secrets and is owned by the main tenant.
- Click the
The selected secret can be changed by clicking on the
button. - In the Affected system function drop-down list, select the area of activity of your organization.
Available company business sectors
- Nuclear energy
- Banking and other financial market sectors
- Mining
- Federal/municipal government
- Healthcare
- Metallurgy
- Science
- Defense industry
- Education
- Aerospace industry
- Communication
- Mass media
- Fuel and power
- Transportation
- Chemical industry
- Other
- In the Company field, indicate the name of your company. This data will be forwarded to RuCERT when incidents are exported.
- Use the Location drop-down list to specify where your company is located. This data will be forwarded to RuCERT when incidents are exported.
- If necessary, in the Proxy settings block, create or select an existing proxy server resource that should be used when connecting to RuCERT.
- Click Save.
KUMA is now integrated with RuCERT. Now you can export incidents to it.
Article ID: 221777, Last review: Mar 27, 2024