This section contains information about managing connectors in Kaspersky Industrial CyberSecurity for Networks. Connectors are specialized application modules that facilitate the exchange of data with Kaspersky Industrial CyberSecurity for Networks and may provide capabilities to perform management tasks in the application directly or through use of the application.
Connectors expand application functionality for interaction with recipient systems, including with Kaspersky Security Center. Depending on their functional purpose, connectors can transmit data to recipient systems (for example, relay events, application messages and audit entries to a SIEM system) or receive data from recipient systems (for example, to register External events in the application). The application may also use connectors to conduct active polling of devices.
A specialized connector named Kaspersky Security Center Connector is used so that the application can interact with Kaspersky Security Center. This connector is created in the application by default and cannot be deleted. To ensure proper functioning of the connector, the capability for the application to interact with Kaspersky Security Center must be added to the Kaspersky Industrial CyberSecurity for Networks Server.
Computers running application modules of connectors are called connector deployment nodes. A connector deployment node can be any computer that has network access to the application Server computer (such as nodes that have application components installed, including the actual computer of the Server).
The functional capabilities of the connector depend on the selected connector type. You can select the relevant connector type when adding a connector to the application. The application has the following built-in connector types by default:
This connector type enables data forwarding to a Syslog server.
When adding a Syslog connector or changing its settings, configure both the general settings of the connector, and the additional settings under Details:
This connector type enables data forwarding to a SIEM system.
When adding a SIEM connector or changing its settings, configure both the general settings of the connector, and the additional settings under Details:
This connector type provides the capabilities for connecting applications that utilize the Kaspersky Industrial CyberSecurity for Networks API.
This connector type provides the capabilities for forwarding data by email.
When adding an Email connector or changing its settings, configure both the general settings of the connector, and the additional settings under Details:
This connector type provides the capabilities for active device polling with configuration control and active polling jobs.
When adding an Active poll connector or changing its settings, configure both the general settings of the connector, and the additional settings under Details:
0.0.0.0
corresponds to all possible IP addresses. If an address is included in the range of both allowed and denied IP addresses, Kaspersky Industrial CyberSecurity for Networks treats it as a denied IP address.If you select an address space that differs from the Default one, add a new rule for this address space (or change the existing rule). The rule must specify the connector for which this address space is selected. The rules settings are configured when the address space is changed.
This connector type provides integration with Kaspersky Unified Monitoring and Analysis Platform (KUMA). Software modules for this type of connectors are supplied separately from Kaspersky Industrial CyberSecurity for Networks. Using this type of connector, you can send information about devices and risks to KUMA, as well as use the commands to change device statuses in KUMA. After adding the connector, configure the integration in KUMA (create a connection to Kaspersky Industrial CyberSecurity for Networks). Interaction between the KUMA connector and the Server is performed using the Kaspersky Industrial CyberSecurity for Networks API.
The KUMA connector provides integration by sending information about devices and risks and applying commands to change device statuses. To send events to KUMA, add a Syslog or SIEM connector to Kaspersky Industrial CyberSecurity for Networks and specify the data for connecting to the KUMA server for this connector. After adding a connector, configure the collector on the KUMA side.
This connector type provides support for automatic network access control for devices via Cisco network switches.
When adding a Cisco Switch connector or changing its settings, configure both the general settings of the connector, and the additional settings under Details:
To use the method of disabling Ethernet ports, configure the switch connections to prevent multiple devices from being connected to one port. Otherwise, disabling an Ethernet port to block one device will also block network access for all devices that connect to the network using that port.
If necessary, you can add other connector types that will facilitate data exchange or provide the capabilities for performing management tasks when the application interacts with other recipient systems.
Certain ports and protocols are used to connect the connectors to the Server.
A recipient system is connected through a connector on behalf of one of the application users. It is recommended to use a separate user account for each connector. This will make it more convenient to analyze the actions that are performed through connectors based on audit entries.
The connectors table and connector types table are displayed under Settings → Connectors in the application web interface. Only users with the Administrator role can manage connectors and connector types.
Maximum number of connectors in the application – 20. Maximum number of connector types – 100.