Support

Support for business applications

Kaspersky Unified Monitoring and Analysis Platform

Administrator's guide

Integration with other solutions

Integration with R-Vision Security Orchestration, Automation and Response

Configuring integration in R-Vision SOAR

Creating rule for closing KUMA alert when R-Vision SOAR incident is closed

Kaspersky Unified Monitoring and Analysis Platform
Нет результатов
Knowledge Base Online Help
FAQ Solution overview Forum Contact support Product videos

Creating rule for closing KUMA alert when R-Vision SOAR incident is closed

April 8, 2024

ID 225579

Get as PDF

To create a rule for sending an alert closing request to KUMA when an R-Vision SOAR incident is closed:

  1. In the R-Vision SOAR web interface, under SettingsIncident managementResponse playbooks, click the plus icon.
  2. In the Name field, type the name of the rule, for example, Close alert.
  3. In the Group drop-down list select All playbooks.
  4. In the Autostart criteria settings block, click Add and enter the conditions for triggering the rule in the opened window:
    1. In the Type drop-down list, select Field value.
    2. In the Field drop-down list, select Incident status.
    3. Select the Closed status.
    4. Click Add.

    Rule trigger conditions are added. The rule will trigger when an incident is closed.

  5. In the Incident Response Actions settings block, click Add Run connector. In the opened window, select the connector that should be run when the rule is triggered:
    1. In the Connector drop-down list select previously created connector.
    2. Click Add.

    Connector added to the rule.

  6. Click Add.

A rule is created for sending a KUMA alert closing request when an R-Vision SOAR incident is closed.

R-Vision IRP version 4.0 playbook rule

R-Vision SOAR version 5.0 playbook rule

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.