Integrating CyberTrace interface

You can integrate the CyberTrace web interface into the KUMA web interface. When this integration is enabled, the KUMA web interface will show a CyberTrace section that provides access to the CyberTrace web interface. Integration is configured under SettingsCyberTrace in the KUMA web interface.

To integrate the CyberTrace web interface in KUMA:

  1. In the KUMA web interface, open ResourcesSecrets.

    The list of available secrets will be displayed.

  2. Click the Add secret button to create a new secret. This resource is used to store credentials of the CyberTrace server.

    The secret window is displayed.

  3. Enter information about the secret:
    1. In the Name field, choose a name for the added secret. The name must contain from 1 to 128 Unicode characters.
    2. In the Tenant drop-down list, select the tenant that will own this resource.
    3. In the Type drop-down list, select credentials.
    4. In the User and Password fields, enter credentials for your CyberTrace server.
    5. If necessary, in the Description field, add up to 256 Unicode characters describing the resource.
  4. Click Save.

    The CyberTrace server credentials are now saved and can be used in other KUMA resources.

  5. In the KUMA web interface, open SettingsCyberTrace.

    The window with CyberTrace integration parameters opens.

  6. Make the necessary changes to the following parameters:
    • Disabled—clear this check box if you want to integrate the CyberTrace web interface into the KUMA web interface.
    • Host (required)—enter the URL of the CyberTrace server in hostname, IPv4, or IPv6 format.
    • Port (required)—enter the port of the CyberTrace server.
  7. In the Secret drop-down list select the Secret resource you created before.
  8. Click Save.

CyberTrace is now integrated with KUMA ,and the CyberTrace section is displayed in the KUMA web interface.

If you are using the Mozilla Firefox browser to work with the program web interface, data is not displayed in the CyberTrace section. You have to configure the display of data.

To configure data to be displayed in the CyberTrace section:

  1. In the browser's address bar, enter the URL of the KUMA web interface with port number 7222: https://kuma.example.com:7222.

    A window will open to warn you of a potential security threat.

  2. Click the Details button.
  3. In the lower part of the window, click the Accept risk and continue button.

    An exclusion will be created for the URL of the KUMA web interface.

  4. In the browser's address bar, enter the URL of the KUMA web interface with port number 7220.
  5. Go to the CyberTrace section.

Data will be displayed in this section.

Updating CyberTrace deny list (Internal TI)

When the CyberTrace web interface is integrated into the KUMA web interface, you can update the CyberTrace denylist or Internal TI with information from KUMA events.

To update CyberTrace Internal TI:

  1. Open the event details area from the events table, Alert window, or correlation event window and click the link on a domain, web address, IP address, or file hash.

    The context menu opens.

  2. Select Add to Internal TI CyberTrace.

The selected object is now added to the CyberTrace denylist.

Page top