Support

Support for business applications

Kaspersky XDR Expert

Managing Kaspersky Unified Monitoring and Analysis Platform

Administrator's guide

Configuring event sources

Configuring receipt of VipNet TIAS events

Configuring export of ViPNet TIAS events to KUMA

Kaspersky Next XDR Expert
Online Help
FAQ Forum Contact support Recovery tools

Configuring export of ViPNet TIAS events to KUMA

May 15, 2024

ID 264862

Get as PDF

To configure the export of ViPNet TIAS events to KUMA via the syslog protocol:

  1. Connect to the ViPNet TIAS web interface under a user account with administrator rights.
  2. Go to the ManagementIntegrations section.
  3. On the Integration page, go to the Syslog tab.
  4. In the toolbar of the list of receiving servers, click New server.
  5. This opens the new server card; in that card:
    1. In the Server address field, enter the IP address or domain name of the KUMA collector.

      For example, 10.1.2.3 or syslog.siem.ru

    2. In the Port field, specify the inbound port of the KUMA collector. The default port number is 514.
    3. In the Protocol list, select the transport layer protocol that the KUMA collector is listening on. UDP is selected by default.
    4. In the Organization list, use the check boxes to select the organizations of the ViPNet TIAS infrastructure.

      Messages are sent only for incidents detected based on events received from sensors of selected organizations of the infrastructure.

    5. In the Status list, use check boxes to select incident statuses.

      Messages are sent only when selected statuses are assigned to incidents.

    6. In the Severity level list, use check boxes to select the severity levels of the incidents.

      Messages are sent only about incidents with the selected severity levels. By default, only the high severity level is selected in the list.

    7. In the UI language list, select the language in which you want to receive information about incidents in messages. Russian is selected by default.
  6. Click Add.
  7. In the toolbar of the list, set the Do not send incident information in CEF format toggle switch to enabled.

    As a result, when new incidents are detected or the statuses of previously detected incidents change, depending on the statuses selected during configuration, the corresponding information is sent to the specified addresses of receiving servers via the syslog protocol in CEF format.

  8. Click Save changes.

Export of events to the KUMA collector is configured.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.