To verify that the correlator is ready to receive events:
If the events that are fed into the correlator contain events that meet the correlation rule filter conditions, the events tab will show events with the DeviceVendor=Kaspersky
and DeviceProduct=KUMA
parameters. The name of the triggered correlation rule will be displayed as the name of these correlation events.
If correlation events were not found
You can create a simpler version of your correlation rule to find possible errors. Use a simple correlation rule and a single Output action. It is recommended to create a filter to find events that are regularly received by KUMA.
When updating, adding, or removing a correlation rule, you must restart the correlator.
When you finish testing your correlation rules, you must remove all testing and temporary correlation rules from KUMA and restart the correlator.