Kaspersky Unified Monitoring and Analysis Platform

Response rules

Response rule resources are used to automatically send messages when certain conditions are met. Resources of this type are used in correlators.

Available Response rule resources parameters:

  • Name (required)—a unique name for this type of resource. Must contain from 1 to 128 Unicode characters.
  • Tenant (required)—name of the tenant that owns the resource.
  • Type (required)—available response types:
    • ksctasks—if KUMA is integrated with Kaspersky Security Center, you can configure response rules to start Kaspersky Security Center tasks related to assets. For example, you can run a virus scan or database update. You can start these tasks only for assets that were imported from Kaspersky Security Center.

      Settings of ksctasks responses

      If a response rule resource is owned by the shared tenant, the displayed Kaspersky Security Center tasks that are available for selection are from the Kaspersky Security Center server that the main tenant is connected to.

      If a response rule resource has a selected task that is absent from the Kaspersky Security Center server that the tenant is connected to, the task will not be performed for assets of this tenant. This situation could arise when two tenants are using a common correlator, for example.

    • script—used for running a sequence of instructions written to a file. The script file is stored on the server where the correlator service using the response resource is installed: /opt/kaspersky/kuma/correlator/<Correlator ID>/scripts. The kuma user of the operating system must be able to run the script.

      Settings of script responses

  • Description—you can add up to 256 Unicode characters describing the resource.
  • Workers—the number of response processes that can be run simultaneously.
  • Filter—used to define the conditions determining when events will be processed by the response rule resource. You can select an existing filter resource from the drop-down list, or select Create new to create a new filter.

    Creating a filter in resources