Kaspersky Unified Monitoring and Analysis Platform
- About Kaspersky Unified Monitoring and Analysis Platform
- Program architecture
- Installing and removing KUMA
- Program licensing
- About the End User License Agreement
- About the license
- About the license certificate
- About the license key
- About the key file
- Adding a license key to the program web interface
- Viewing information about an added license key in the program web interface
- Removing a license key in the program web interface
- Integration with other solutions
- Integration with Kaspersky Security Center
- Integration with Kaspersky CyberTrace
- Integration with Kaspersky Threat Intelligence Portal
- Integration with R-Vision Incident Response Platform
- Integration with Active Directory
- Integration with RuCERT
- KUMA resources
- KUMA services
- Analytics
- Working with tenants
- Working with incidents
- About the incidents table
- Saving and selecting incident filter configuration
- Deleting incident filter configurations
- Viewing detailed incident data
- Incident creation
- Incident processing
- Changing incidents
- Automatic linking of alerts to incidents
- Categories and types of incidents
- Exporting incidents to RuCERT
- Working with alerts
- Working with events
- Retroscan
- Managing assets
- Managing KUMA
- Contacting Technical Support
- REST API
- REST API authorization
- Standard error
- Operations
- View list of active lists on the correlator
- Import entries to an active list
- Searching alerts
- Closing alerts
- Searching assets
- Import assets
- Deleting assets
- Searching events
- Viewing information about the cluster
- Resource search
- Loading resource file
- Viewing the contents of a resource file
- Import of resources
- Export resources
- Downloading the resource file
- Search for services
- Tenant search
- View token bearer information
- Appendices
- Commands for components manual starting and installing
- Normalized event data model
- Correlation event fields
- Audit event fields
- Event fields with general information
- User was successfully logged in or failed to log in
- User login successfully changed
- User role was successfully changed
- Other data of the user was successfully changed
- User successfully logged out
- User password was successfully changed
- User was successfully created
- User access token was successfully changed
- Service was successfully created
- Service was successfully deleted
- Service was successfully reloaded
- Service was successfully restarted
- Service was successfully started
- Service was successfully paired
- Service status was changed
- Storage index was deleted by user
- Storage partition was deleted automatically due to expiration
- Active list was successfully cleared or operation failed
- Active list item was successfully deleted or operation was unsuccessful
- Active list was successfully imported or operation failed
- Active list was exported successfully
- Resource was successfully added
- Resource was successfully deleted
- Resource was successfully updated
- Asset was successfully created
- Asset was deleted successfully
- Asset category was successfully added
- Asset category was deleted successfully
- Settings were successfully updated
- Information about third-party code
- Trademark notices
Editing assets
In KUMA, you can edit asset parameters. All the parameters of manually added assets can be edited. For assets imported from Kaspersky Security Center, you can only change the name of the asset and its category.
To change the asset parameters:
- In the Assets section of the KUMA web interface, click the asset that you want to edit.
The Asset details area opens in the right part of the window.
- Click the Edit button.
The Edit asset window opens.
- Make the changes you need in the available fields:
- Asset name (required. This is the only field available to edit if the asset was imported from Kaspersky Security Center.)
- IP address and/or FQDN (required)
- MAC address
- Owner
- Software info:
- Operating system name
- Operating system build
- Hardware info:
You can add information about asset hardware to the Hardware info section:
Available fields for describing asset CPU:
- CPU name
- CPU frequency
- CPU core count
You can add CPUs to the asset by using the Add CPU link.
Available fields for describing asset disk:
- Disk free bytes
- Disk volume
You can add disks to the asset by using the Add Disk link.
Available fields for describing asset RAM:
- RAM frequency
- RAM total bytes
Available fields for describing asset network card:
- Network card name
- Network card manufacture
- Network card driver version
You can add network cards to the asset by using the Add network card link.
- Assign or change the category of the asset:
- Click the button with the
icon.Select categories window opens.
- Select check boxes next to the categories that should be assigned to the asset.
- Click Save.
The selected categories appear in the Categories fields.
You can also select the asset and then drag and drop it into the required category. This category will be added to the list of asset categories.
Do not link assets to the
Categorized assetscategory. - Click the button with the
- If required, add information about the operating system installed on the asset in the Software section.
- If required, add information about the asset hardware in the Hardware info section.
- Click the Save button.
The asset parameters will be modified.