Kaspersky Unified Monitoring and Analysis Platform
English
Integration with other solutions  >  Integration with R-Vision Incident Response Platform  >  Configuring integration in KUMA

Configuring integration in KUMA

This section describes integration of KUMA with R-Vision IRP from the KUMA side.

Integration in KUMA is configured in the SettingsR-Vision section of the KUMA web interface.

To configure integration with R-Vision IRP:

  1. In the KUMA web interface, open ResourcesSecrets.

    The list of available secrets will be displayed.

  2. Click the Add secret button to create a new secret. This resource is used to store token for R-Vision IRP API requests.

    The secret window is displayed.

  3. Enter information about the secret:
    1. In the Name field, enter a name for the added secret. Must contain from 1 to 128 Unicode characters.
    2. In the Tenant drop-down list, select the tenant that will own the created resource.
    3. In the Type drop-down list, select token.
    4. In the Token field, enter your R-Vision IRP API token.

      You can obtain the token in the R-Vision IRP web interface under SettingsGeneralAPI.

    5. If required, add the secret description in the Description field. The description must contain from 1 to 256 Unicode characters.
  4. Click Save.

    The R-Vision IRP API token is now saved and can be used in other KUMA resources.

  5. In the KUMA web interface, open SettingsR-Vision.

    The window containing R-Vision IRP integration settings opens.

  6. Make the necessary changes to the following parameters:
    • Disabled—select this check box if you want to disable R-Vision IRP integration with KUMA.
    • In the Secret drop-down list, select the previously created Secret resource.

      You can create a new secret by clicking the button with the plus sign. The created secret will be saved in the ResourcesSecrets section.

    • URL (required)—URL of the R-Vision IRP server host.
    • ID field (required)—name of the R-Vision IRP field where the ID of KUMA alert must be written.
    • URL field (required)—name of the R-Vision IRP field where the link for accessing the KUMA alert should be written.
    • Company—company name (when working with multiple customers).
    • Category (required)—category of R-Vision IRP incident that is created after KUMA alert is received.
    • Event columns (required)—a drop-down list for selecting KUMA event fields that should be sent to R-Vision IRP.
    • Priority group of settings (required)—used to map KUMA priority values to R-Vision IRP priority values.
  7. Click Save.

In KUMA integration with R-Vision IRP is now configured. If integration is also configured in R-Vision IRP, when alerts appear in KUMA, information about those alerts will be sent to R-Vision IRP to create an incident. The Details on alert section in the KUMA web interface displays a link to R-Vision IRP.

Article ID: 224436, Last review: Sep 2, 2022
Page top