Support

Support for business applications

Kaspersky Unified Monitoring and Analysis Platform

Program architecture

Kaspersky Unified Monitoring and Analysis Platform
Нет результатов
Knowledge Base Online Help
FAQ Solution overview Forum Contact support Product videos

Program architecture

April 8, 2024

ID 217958

Get as PDF

The standard program installation includes the following components:

  • The Core that includes a graphical interface to monitor and manage the settings of system components.
  • One or more Collectors that receive messages from event sources and parse, normalize, and, if required, filter and/or aggregate them.
  • A Correlator that analyzes normalized events received from Collectors, performs the necessary actions with active lists, and creates alerts in accordance with the correlation rules.
  • The Storage, which contains normalized events and registered incidents.

Events are transmitted between components over optionally encrypted, reliable transport protocols. You can configure load balancing to distribute load between service instances, and it is possible to enable automatic switching to the backup component if the primary one is unavailable. If all components are unavailable, events are saved to the hard disk buffer and sent later. The size of the buffer in the file system for temporary storage of events can be changed.

kuma-arch

KUMA architecture

In this Help topic

Core

Collector

Correlator

Storage

Basic entities

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.