Support

Support for business applications

Kaspersky Unified Monitoring and Analysis Platform

Administrator's guide

Integration with other solutions

Integration with R-Vision Security Orchestration, Automation and Response

Kaspersky Unified Monitoring and Analysis Platform
Нет результатов
Knowledge Base Online Help
FAQ Solution overview Forum Contact support Product videos

Integration with R-Vision Security Orchestration, Automation and Response

April 8, 2024

ID 217928

Get as PDF

R-Vision Security Orchestration, Automation and Response (hereinafter referred to as R-Vision SOAR) is a software platform used for automation of monitoring, processing, and responding to information security incidents. It aggregates cyberthreat data from various sources into a single database for further analysis and investigation to facilitate incident response capabilities.

R-Vision SOAR can be integrated with KUMA. When this integration is enabled, the creation of a KUMA alert triggers the creation of an incident in R-Vision SOAR. A KUMA alert and its R-Vision SOAR incident are interdependent. When the status of an incident in R-Vision SOAR is updated, the status of the corresponding KUMA alert is also changed.

Integration of R-Vision SOAR and KUMA is configured in both applications. In KUMA integration settings are available only for general administrators.

Mapping KUMA alert fields to R-Vision SOAR incident fields when transferring data via API

KUMA alert field

R-Vision SOAR incident field

FirstSeen

detection

priority

level

correlationRuleName

description

events

(as a JSON file)

files

In this section

Configuring integration in KUMA

Configuring integration in R-Vision SOAR

Managing alerts using R-Vision SOAR

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.