Resources are KUMA components that contain parameters for implementing various functions: for example, establishing a connection with a given web address or converting data according to certain rules. Like parts of an erector set, these components are assembled into resource sets for services that are then used as the basis for creating KUMA services.
Resources are contained in the Resources section, Resources block of KUMA web interface. The following resource types are available:
Correlation rules—resources of this type contain rules for identifying event patterns that indicate threats. If the conditions specified in these resources are met, a correlation event is generated.
Normalizers—resources of this type contain rules for converting incoming events into the format used by KUMA. After processing in the normalizer, the "raw" event becomes normalized and can be processed by other KUMA resources and services.
Connectors—resources of this type contain settings for establishing network connections.
Aggregation rules—resources of this type contain rules for combining several basic events of the same type into one aggregation event.
Enrichment rules—resources of this type contain rules for supplementing events with information from third-party sources.
Destinations—resources of this type contain settings for forwarding events to a destination for further processing or storage.
Filters—resources of this type contain conditions for rejecting or selecting individual events from the stream of events.
Response rules—resources of this type are used in correlators to, for example, execute scripts or launch Kaspersky Security Center tasks when certain conditions are met.
Active lists—resources of this type are used by correlators for dynamic data processing when analyzing events according to correlation rules.
Dictionaries—resources of this type are used to store keys and their values, which may be required by other KUMA resources and services.
Proxies—resources of this type contain settings for using proxy servers.
Secrets—resources of this type are used to securely store confidential information (such as credentials) that KUMA needs to interact with external services.
When you click on a resource type, a window opens displaying a table with the available resources of this type. The resource table contains the following columns:
Name—the name of a resource. Can be used to search for resources and sort them.
Updated—the date and time of the last update of a resource. Can be used to sort resources.
Created by—the name of the user who created a resource.
Description—the description of a resource.
Resources can be organized into folders. On the left side of each window, the folder structure is displayed, where the number and names of the root folders correspond to the tenants created in KUMA. When a folder is selected, the resources it contains are displayed as a table in the right pane of the window.