R-Vision Incident Response Platform (hereinafter referred to as R-Vision IRP) is a software platform used for automation of monitoring, processing, and responding to information security incidents. It aggregates cyberthreat data from various sources into a single database for further analysis and investigation to facilitate incident response capabilities.
R-Vision IRP can be integrated with KUMA. When this integration is enabled, the creation of a KUMA alert triggers the creation of an incident in R-Vision IRP. A KUMA alert and its R-Vision IRP incident are interdependent. When the status of an incident in R-Vision IRP is updated, the status of the corresponding KUMA alert is also changed.
Integration of R-Vision IRP and KUMA is configured in both applications. In KUMA integration settings are available only for general administrators.
Mapping KUMA alert fields to R-Vision IRP incident fields when transferring data via API
KUMA alert field |
R-Vision IRP incident field |
|
|
|
|
|
|
(as a JSON file) |
|