Integration with KUMA

Kaspersky Endpoint Security for Windows supports the Kaspersky Unified Monitoring and Analysis Platform solution. Kaspersky Unified Monitoring and Analysis Platform (KUMA) is a security information and event management (SIEM) solution for the IT infrastructure of organizations. KUMA allows detecting, analyzing, and mitigating security threats before they can cause harm.

KUMA integration settings

Parameter	Description
Maximum delay when sending events (sec)	The application synchronizes with the server to send events after the synchronization interval expires. The default setting is 30 seconds.
Connection to KUMA servers	Timeout (sec). Maximum KUMA server response timeout. When the timeout runs out, Kaspersky Endpoint Security tries to connect to a different KUMA server. Server certificate. TLS certificate for establishing a trusted connection with the KUMA server. You can get a TLS certificate in the Kaspersky Unified Monitoring and Analysis Platform console (see instructions in Kaspersky Unified Monitoring and Analysis Platform). To establish a trusted connection, in the KUMA console, in tcp connector settings, you must select the With verification TLS mode (see the settings for the tcp type connector in the Kaspersky Unified Monitoring and Analysis Platform Help). Use two-way authentication. Two-way authentication when establishing a secure connection between Kaspersky Endpoint Security and KUMA. To use two-way authentication, in the KUMA console, in tcp connector settings, you must select the Custom PFX TLS mode (see the settings for the tcp type connector in the Kaspersky Unified Monitoring and Analysis Platform Help). Then you must get a cryptocontainer and set a password to protect the cryptocontainer. A crypto-container is a PFX archive with a certificate and a private key. After configuring KUMA settings, you need to also enable two-way authentication in Kaspersky Endpoint Security settings and load a password-protected crypto-container. The crypto-container must be password-protected. It is not possible to add a crypto-container with a blank password.
KUMA servers	Connection to Kaspersky Unified Monitoring and Analysis Platform servers settings. You can enter an IP address (IPv4 or IPv6). You can add multiple KUMA server addresses. Kaspersky Endpoint Security makes an attempt to connect to the server at the first IP address. If a connection cannot be established, Kaspersky Endpoint Security tries to connect at the second IP address in the list and so on.

Parameter

Description

Maximum delay when sending events (sec)

The application synchronizes with the server to send events after the synchronization interval expires. The default setting is 30 seconds.

Connection to KUMA servers

Timeout (sec). Maximum KUMA server response timeout. When the timeout runs out, Kaspersky Endpoint Security tries to connect to a different KUMA server.

Server certificate. TLS certificate for establishing a trusted connection with the KUMA server. You can get a TLS certificate in the Kaspersky Unified Monitoring and Analysis Platform console (see instructions in Kaspersky Unified Monitoring and Analysis Platform).

To establish a trusted connection, in the KUMA console, in tcp connector settings, you must select the With verification TLS mode (see the settings for the tcp type connector in the Kaspersky Unified Monitoring and Analysis Platform Help).

Use two-way authentication. Two-way authentication when establishing a secure connection between Kaspersky Endpoint Security and KUMA. To use two-way authentication, in the KUMA console, in tcp connector settings, you must select the Custom PFX TLS mode (see the settings for the tcp type connector in the Kaspersky Unified Monitoring and Analysis Platform Help). Then you must get a cryptocontainer and set a password to protect the cryptocontainer. A crypto-container is a PFX archive with a certificate and a private key. After configuring KUMA settings, you need to also enable two-way authentication in Kaspersky Endpoint Security settings and load a password-protected crypto-container.

The crypto-container must be password-protected. It is not possible to add a crypto-container with a blank password.

KUMA servers

Connection to Kaspersky Unified Monitoring and Analysis Platform servers settings. You can enter an IP address (IPv4 or IPv6).

You can add multiple KUMA server addresses. Kaspersky Endpoint Security makes an attempt to connect to the server at the first IP address. If a connection cannot be established, Kaspersky Endpoint Security tries to connect at the second IP address in the list and so on.

Page top