Involvement of a controlled resource in malicious software infrastructure
Slowed operation of the resource due to a DDoS attack
Malware infection
Network traffic interception
Use of a controlled resource for phishing
Compromised user account
Unauthorized data modification
Unauthorized disclosure of information
Publication of illegal information on the resource
Distribution of spam messages from the controlled resource
Successful exploitation of a vulnerability
Notification about a computer attack
DDoS attack
Unsuccessful authorization attempts
Malware injection attempts
Attempts to exploit a vulnerability
Publication of fraudulent information
Network scanning
Social engineering
Notification about a detected vulnerability
Vulnerable resource
The categories of incidents can be viewed or changed under Settings → Incidents → Types, in which they are displayed as a table. By clicking on the column headers, you can change the table sorting options. The resource table contains the following columns:
Category—a common characteristic of an incident or cyberattack. The table can be filtered by the values in this column.
Type—the class of the incident or cyberattack.
RuCERT category—incident type according to RuCERT nomenclature. Incidents that have been assigned custom types and categories cannot be exported to RuCERT. The table can be filtered by the values in this column.
Vulnerability—specifies whether the incident type indicates a vulnerability.
Created—the date the incident type was created.
Updated—the date the incident type was modified.
To add an incident type:
In the KUMA web interface, under Settings → Incidents → Types, click Add.
The incident type creation window will open.
Fill in the Type and Category fields.
If the created incident type matches the RuCERT nomenclature, select the RuCERT category check box.
If the incident type indicates a vulnerability, check Vulnerability.