NCIRCC integration
In the KUMA web interface, you can create a connection to the National Computer Incident Response & Coordination Center Incidents (hereinafter referred to as "NCIRCC"). This will let you export incidents registered by KUMA to NCIRCC. Integration is configured under Settings → NCIRCC in the KUMA web interface.
Data in KUMA and NCIRCC is synchronized every 5-10 minutes.
To create a connection to NCIRCC:
- In the KUMA web interface, open Settings → NCIRCC.
- In the URL field, enter the URL for accessing NCIRCC.
- In the Token settings block, create or select an existing secret with the API token that was issued to your organization for a connection to NCIRCC:
- If you already have a secret, you can select it from the drop-down list.
- If you want to create a new secret:
- Click the button and specify the following settings:
- Name (required)—unique name of the service you are creating. The name must contain 1 to 128 Unicode characters.
- Token (required)—token that was issued to your organization for a connection to NCIRCC.
- Description—service description: up to 256 Unicode characters.
- Click Save.
The secret containing the token for connecting to NCIRCC will be created. It is saved under Resources → Secrets and is owned by the main tenant.
- Click the button and specify the following settings:
The selected secret can be changed by clicking on the button.
- In the Affected system function drop-down list, select the area of activity of your organization.
- In the Company field, indicate the name of your company. This data will be forwarded to NCIRCC when incidents are exported.
- Use the Location drop-down list to specify where your company is located. This data will be forwarded to NCIRCC when incidents are exported.
- If necessary, under Proxy, create or select an existing proxy server that must be used when connecting to NCIRCC.
- Click Save.
KUMA is now integrated with NCIRCC. Now you can export incidents to it. You can click the Test connection button to make sure that a connection with NCIRCC is established.
You can use the Disabled check box to enable or disable integration.
Possible errors
If the "https://lk.cert.gov.ru/api/v2/incidents? x509: certificate signed by unknown authority" error is returned when you configure integration with NCIRCC, install and trust the certificate of the intermediate certification authority to the KUMA Core server:
- Click the https://support.globalsign.com/ca-certificates/intermediate-certificates/alphassl-intermediate-certificates link, find the "AlphaSSL SHA256 G4 Intermediate Certificate", and click "View as BASE64".
- Paste the displayed certificate strings into a file and add the file with the certificate strings as the secret in KUMA.
- After installing the certificate, restart the Core server.
As a result, the certificate is installed and you can proceed with configuring the integration.