Integrating CyberTrace interface

You can integrate the CyberTrace web interface with the KUMA console. When this integration is enabled, the KUMA console includes a CyberTrace section that provides access to the CyberTrace web interface. You can configure the integration in the Settings → Kaspersky CyberTrace section of the KUMA console.

To integrate the CyberTrace web interface in KUMA:

1. In the KUMA console, open the Resources → Secrets section.

   The list of available secrets will be displayed.

2. Click the Add secret button to create a new secret. This resource is used to store credentials of the CyberTrace server.

   The secret window is displayed.

3. Enter information about the secret:
   1. In the Name field, choose a name for the added secret. The name must contain 1 to 128 Unicode characters.
   2. In the Tenant drop-down list, select the tenant that will own this resource.
   3. In the Type drop-down list, select credentials.
   4. In the User and Password fields, enter credentials for your CyberTrace server.
   5. If necessary, in the Description field, add up to 4,000 Unicode characters describing the resource.
4. Click Save.

   The CyberTrace server credentials are now saved and can be used in other KUMA resources.

5. In the KUMA console, open the Settings → Kaspersky CyberTrace section.

   The window with CyberTrace integration parameters opens.

6. Make the necessary changes to the following parameters:
   • Disabled—clear this check box if you want to integrate the CyberTrace web interface into the KUMA console.
   • Host (required)—enter the address of the CyberTrace server.
   • Port (required)—enter the port of the CyberTrace server; the default port for managing the web interface is 443.
7. In the Secret drop-down list, select the secret you created before.
8. You can configure access to the CyberTrace web interface in the following ways:
   • Use hostname or IP when logging into the KUMA console.

     To do this, in the Allow hosts section, click Add host and in the field that is displayed, enter the IP or hostname of the device

     on which the KUMA web interface is deployed.

   • Use FQDN when logging into the KUMA console.

     If you are using the Mozilla Firefox browser to manage the console, the CyberTrace section may fail to display data. In this case, configure the data display (see below).

9. Click Save.

CyberTrace is now integrated with KUMA, and the CyberTrace section is displayed in the KUMA console.

To configure the data display in the CyberTrace section when using the FQDN to log in to KUMA in Mozilla Firefox:

1. Clear your browser cache.
2. In the browser's address bar, enter the FQDN of the KUMA console with port number 7222 as follows: https://kuma.example.com:7222.

   A window will open to warn you of a potential security threat.

3. Click the Details button.
4. In the lower part of the window, click the Accept risk and continue button.

   An exclusion is created for the URL of the KUMA console.

5. In the browser's address bar, enter the URL of the KUMA console with port number 7220.
6. Go to the CyberTrace section.

Data will be displayed in this section.

Updating CyberTrace deny list (Internal TI)

When the CyberTrace web interface is integrated into the KUMA console, you can update the CyberTrace denylist or Internal TI with information from KUMA events.

To update CyberTrace Internal TI:

1. Open the event details area from the events table, Alert window, or correlation event window and click the link on a domain, web address, IP address, or file hash.

   The context menu opens.

2. Select Add to Internal TI of CyberTrace.

The selected object is now added to the CyberTrace denylist.