Support

Support for business applications

Kaspersky XDR Expert

Managing Kaspersky Unified Monitoring and Analysis Platform

Administrator's guide

Configuring event sources

Configuring receipt of KATA/EDR events

Configuring export of KATA/EDR events to KUMA

Kaspersky Next XDR Expert
Online Help
FAQ Forum Contact support Recovery tools

Configuring export of KATA/EDR events to KUMA

May 15, 2024

ID 264759

Get as PDF

To configure export of events from Kaspersky Anti Targeted Attack Platform to KUMA:

  1. In a browser on any computer with access to the Central Node server, enter the IP address of the server hosting the Central Node component.

    A window for entering Kaspersky Anti Targeted Attack Platform user credentials opens.

  2. In the user credentials entry window, select the Local administrator check box and enter the Administrator credentials.
  3. Go to the SettingsSIEM system section.
  4. Specify the following settings:
    1. Select the Activity log and Detections check boxes.
    2. In the Host/IP field, enter the IP address or host name of the KUMA collector.
    3. In the Port field, specify the port number to connect to the KUMA collector.
    4. In the Protocol field, select TCP or UDP from the list.
    5. In the Host ID field, specify the server host ID to be indicated in the SIEM systems log as a detection source.
    6. In the Alert frequency field, enter the interval for sending messages: from 1 to 59 minutes.
    7. Enable TLS encryption, if necessary.
    8. Click Apply.

Export of Kaspersky Anti Targeted Attack Platform events to KUMA is configured.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.