for Windows and Linux
Kaspersky Endpoint Security supports the Kaspersky Unified Monitoring and Analysis Platform solution. Kaspersky Unified Monitoring and Analysis Platform (KUMA) is a security information and event management (SIEM) solution for the IT infrastructure of organizations. KUMA allows detecting, analyzing, and mitigating security threats before they can cause harm.
Kaspersky Endpoint Security is installed on individual computers on the corporate IT infrastructure and continuously monitors processes, open network connections, and files being modified. Information about events on the computer (telemetry) is sent to the Kaspersky Unified Monitoring and Analysis Platform (KUMA) server.
Kaspersky Endpoint Security does not provide all functionality of an agent for KUMA. The application only sends events to KUMA without markup. To access all KUMA functionality, you need to purchase a license and deploy the solution in accordance with the KUMA Administrator's guide.
KUMA component settings
|
Settings |
OS |
Description |
|---|---|---|
|
Server connection settings |
|
Server connection timeout. Maximum KUMA server response timeout. When the timeout runs out, Kaspersky Endpoint Security tries to connect to a different KUMA server. Server certificate. TLS certificate for establishing a trusted connection with the KUMA server. You can get a TLS certificate in the Kaspersky Unified Monitoring and Analysis Platform console (see instructions in Kaspersky Unified Monitoring and Analysis Platform). Use two-way authentication. Two-way authentication when establishing a secure connection between Kaspersky Endpoint Security and KUMA. To use two-way authentication, in the KUMA console, in tcp connector settings, you must select the Custom PFX TLS mode (see the settings for the tcp type connector in the Kaspersky Unified Monitoring and Analysis Platform Help). Then you must get a cryptocontainer and set a password to protect the cryptocontainer. A crypto-container is a PFX archive with a certificate and a private key. After configuring KUMA settings, you need to also enable two-way authentication in Kaspersky Endpoint Security settings and load a password-protected crypto-container. The crypto-container must be password-protected. It is not possible to add a crypto-container with a blank password. |
|
Maximum delay when sending events (sec) |
|
The application synchronizes with the server to send events after the synchronization interval expires. The default setting is 30 seconds. |
|
Use TLS encryption |
|
If this functionality is enabled, Kaspersky Endpoint Security uses a TLS certificate to establish a trusted connection with the KUMA server. |
|
Connection to KUMA servers |
|
KUMA server connection settings. Specify an IP address (IPv4 or IPv6), connection protocol, and a port for the connection to the server. You can add multiple KUMA server addresses. Kaspersky Endpoint Security connects to the first KUMA server in the list. If the connection fails, Kaspersky Endpoint Security connects to the second KUMA server in the list and so on. |