KUMA services

Services are the main components of KUMA that work with events: receiving, processing, analyzing, and storing them. Each service consists of two parts that work together:

• One part of the service is created inside the KUMA web interface based on set of resources for services
• The second part of the service is installed in the network infrastructure where the KUMA system is deployed as one of its components. The server part of a service can consist of several instances: for example, services of the same agent or storage can be installed on several computers at once.

  On the server side, KUMA services are located in the /opt/kaspersky/kumadirectory.

Parts of services are connected to each other by using the IDs of services.

Service types:

• Collectors are used to receive events and convert them to KUMA format.
• Correlators are used to analyze events and search for defined patterns.
• Storages are used to save events.
• Agents are used to receive events from Windows assets.

In the KUMA web interface, services are displayed in the Resources → Active services section in table format. The table of services can be updated using the Refresh button and sorted by columns by clicking on the active headers.

Available table columns:

• Type—type of service: agent, collector, correlator, or storage.
• Name—name of the service. Clicking on the name of the service opens its settings.
• Version—service version.
• Tenant—the name of the tenant that owns the service.
• FQDN—fully qualified domain name of the service server.
• IP address—IP address of the server where the service is installed.
• API Port—Remote Procedure Call port number.
• Status—service status:
  • Green means that the service is running.
  • Red means that the service is not running.
  • Yellow means that there is no connection with ClickHouse nodes (this status is applied only to storage services). The reason for this is indicated in the service log if logging was enabled.
• Uptime—the time showing how long the service has been running.

Using the Add service button, you can create new services based on existing resource sets for services. In this window, you can restart a service or delete its certificate, copy the service identifier, or delete the service. In this section you can also view storage partitions and active correlator lists

Services can be edited by clicking on them under Resources → Active services. This opens a window containing the set of resources that were used to create the service. A service is edited by changing the settings of the resource set. Changes are saved by clicking the Save button and will take effect after the service is restarted.

In this Help topic Services tools Service resource sets Creating a collector Creating a correlator Creating an agent Creating a storage

Page top