Creating connector in R-Vision SOAR

To create connector in R-Vision SOAR:

  1. In the R-Vision SOAR web interface, under SettingsIncident managementConnectors, click the plus icon.
  2. In the Type drop-down list, select REST.
  3. In the Name field, specify the connector name, such as KUMA.
  4. In the URL field type API request to close an alert in the format <KUMA Core server FQDN>:<Port used for API requests (7223 by default)>/api/v1/alerts/close.

    Example: https://kuma-example.com:7223/api/v1/alerts/close

  5. In the Authorization type drop-down list, select Token.
  6. In the Auth header field type Authorization.
  7. In the Auth value field enter the token of KUMA user with general administrator role in the following format:

    Bearer <KUMA General administrator token>

  8. In the Collector drop-down list select previously created collector.
  9. Click Save.

The connector has been created.

Connector in R-Vision SOAR version 4.0

Connector in R-Vision SOAR version 5.0

When connector is created you must configure sending API queries for closing alerts in KUMA.

To configure API queries in R-Vision SOAR:

  1. In the R-Vision SOAR web interface, under SettingsIncident managementConnectors, open for editing the newly created connector.
  2. In the request type drop-down list, select POST.
  3. In the Params field type API request to close an alert in the format <KUMA Core server FQDN>:<Port used for API requests (7223 by default)>/api/v1/alerts/close.

    Example: https://kuma-example.com:7223/api/v1/alerts/close

  4. On the HEADERS tab, add the following keys and values:
    • Key Content-Type; value: application/json.
    • Key Authorization; value: Bearer <KUMA general administrator token>.

      The token of the KUMA general administrator can be obtained in the KUMA web interface under SettingsUsers.

  5. On the BODYRaw tab, enter the contents of the API request body:

    {

        "id":"{{tag.ALERT_ID}}",

        "reason":"<Reason for closing the alert. Available values: "Incorrect Correlation Rule", "Incorrect Data", "Responded".> "

    }

  6. Click Save.

The connector is configured.

Connector in R-Vision SOAR version 4.0

Connector in R-Vision SOAR version 5.0

Page top