Resources are KUMA components that contain parameters for implementing various functions: for example, establishing a connection with a given web address or converting data according to certain rules. These components, like parts of a constructor set, are assembled into resource sets for services, based on which, in turn, KUMA services are created.
Resources are contained in the Resources section, Resources block of KUMA web interface. The following resource types are available:
Correlation rules—resources of this type contain rules for identifying event patterns that indicate threats. If the conditions specified in these resources are met, a correlation event is generated.
Normalizers—resources of this type contain rules for converting incoming events into the format used by KUMA. After processing in the normalizer, the "raw" event is normalized and can be processed by other KUMA resources and services.
Connectors—resources of this type contain settings for establishing network connections.
Aggregation rules—resources of this type contain rules for combining several base events of the same type into one aggregation event.
Enrichment rules—resources of this type contain rules for supplementing events with information from third-party sources.
Destinations—resources of this type contain settings for forwarding events to a destination for further processing or storage.
Filters—resources of this type contain conditions for rejecting or selecting individual events from the stream of events.
Response—resources of this type are used in correlators to run scripts or start Kaspersky Security Center tasks when certain conditions are met.
Active lists—resources of this type are used by correlators for dynamic data processing when analyzing events according to correlation rules.
Dictionaries—resources of this type are used to store keys and their values that may be required by other KUMA resources and services.
Proxies—resources of this type contain settings for using proxy servers.
Secrets—resources of this type are used to securely store confidential information (such as account credentials) that KUMA needs for interaction with external services.
When you click on a resource type, a window opens displaying a table with the available resources of this type. The resource table contains the following columns:
Name—the name of a resource. Can be used to search for resources and sort them.
Time updated—the date and time of the last update of a resource. Can be used to sort resources.
Created by—the name of the user who created a resource.
Description—the description of a resource.
Resources can be organized into folders. On the left side of each window, the folder structure is displayed, where the number and names of the root folders correspond to the tenants created in KUMA. When a folder is selected, the resources it contains are displayed as a table in the right pane of the window.