Configuring the KUMA connector

To connect to a SIEM system, you need to configure a connector. If you use the KUMA solution as your SIEM system, you can use the instruction in this article.

To create a KUMA connector:

1. Create a certificate for connecting Kaspersky NGFW to KUMA to send Syslog/CEF data with TLS encryption:
   1. Generate a certificate using the following command:

      openssl req -x509 -newkey rsa:4096 -keyout <key file name>.pem -out <certificate file name>.pem -sha256 -days 3650 -nodes -subj "/C=RU/ST=Moscow/L=Moscow/O=KL/OU=NGFW/CN=<IP address of the KUMA Collector host>"

   2. Convert the generated certificate to PFX format using the following command:

      openssl pkcs12 -export -in <file name of the created certificate>.pem -inkey <key file name>.pem -out <file name of the converted certificate>.pfx

2. Create a KUMA connector to receive data over a TLS connection:
   1. Open the KUMA Console.
   2. Go to the Resources → Resources configuration → Connectors menu.
   3. Click Create.
   4. On the Basic settings tab, specify the following settings:
      • The name of the connector in the Name field.
      • The tcp connection type in the Kind drop-down list.
      • Port for receiving data :5140 or :5140 (for a UDP connection) in the URL field.
   5. Select the Advanced settings tab.
   6. In the TLS mode drop-down list, select Custom PFX.
   7. In the Custom PFX with client authentication drop-down list, select Create new to add the certificate that you created earlier.
   8. Specify the parameters of the certificate:
      • The name of the certificate in the Name field.
      • The PFX file of the certificate by clicking the Upload PFX button.
      • The password that you used when exporting the certificate in the PFX password field.
   9. Click the Create new button to add the certificate.
   10. Click the Create new button to create the connector.

The KUMA connector is created.

Page top