Neurodat SIEM IM is an information security monitoring system.
You can configure the export of KUMA events to Neurodat SIEM IM. Based on incoming events and correlation rules, Neurodat SIEM IM automatically generates information security incidents.
To configure integration with Neurodat SIEM IM:
Connect to the Neurodat SIEM IM server over SSH using an account with administrative privileges.
Create a backup copy of the /opt/apache-tomcat-<server version>/conf/neurodat/soz_settings.properties configuration file.
In the /opt/apache-tomcat-<server version>/conf/neurodat/soz_settings.properties configuration file, edit the following settings as follows:
kuma.on=true
This setting is an attribute of Neurodat SIEM IM interaction with KUMA.
Run the following command to restart the tomcat service:
sudo systemctl restart tomcat
Obtain a token for the user in KUMA. To do so:
Open the KUMA web interface, click the name of your user account in the bottom-left corner of the window and click the Profile button in the opened menu.
This opens the User window with your user account settings.
Click the Generate token button.
The New token window opens.
If necessary, set the token expiration date:
Select the No expiration date check box.
In the Expiration date field, use the calendar to specify the date and time when the created token will expire.
Click the Generate token button.
The Token field with an automatically generated token is displayed in the user details area. Copy it.
When the window is closed, the token is no longer displayed. If you did not copy the token before closing the window, you will have to generate a new token.
Click Save.
Log in to Neurodat SIEM IM using the 'admin' account or another account that has the Administrator role for the organization you are configuring or the Administrator role for all organizations.
In the Administration → Organization structure menu item, select or create an organization that you want to receive incidents from KUMA.
On the organization form, do the following:
Select the Configure integration with KUMA check box.
In the KUMA IP address and port field, specify the KUMA API address, for example, https://192.168.58.27:7223/api/v1/.
In the KUMA API key field, specify the user token obtained at step 6.
Save the organization information.
Integration with KUMA is configured.
Neurodat SIEM IM tests access to KUMA and, if successful, displays a message about being ready to receive data from KUMA.