Integration with Kaspersky Unified Monitoring and Analysis Platform

Kaspersky Endpoint Security is compatible with the Kaspersky Unified Monitoring and Analysis Platform solution (hereinafter also KUMA).

Kaspersky Unified Monitoring and Analysis Platform is a comprehensive software solution that provides the following functionality:

• Receiving, processing, and storing information security events (telemetry).
• Analysis and correlation of incoming data.
• Search within the obtained events.
• Creation of notifications upon detecting symptoms of information security threats.

For more information about the solution, see the Kaspersky Unified Monitoring and Analysis Platform Help.

When integrated with Kaspersky Unified Monitoring and Analysis Platform, devices running Kaspersky Endpoint Security establish encrypted connections with the KUMA server. To ensure a secure connection, the following certificates issued by the KUMA server are used:

• KUMA server certificate. The connection is encrypted using the server's TLS certificate. You can elevate the security of the connection by verifying the server certificate on the Kaspersky Endpoint Security side. To do this, add the KUMA server certificate before enabling the Kaspersky Unified Monitoring and Analysis Platform Integration.
• Client certificate. This certificate is used for additional protection of the connection using two-way authentication (scanning devices with Kaspersky Endpoint Security KUMA server). The same client certificate can be used by multiple devices. By default, the KUMA server does not check client certificates, but two-way authentication can be enabled on the Kaspersky Unified Monitoring and Analysis Platform side. In this case, you need to enable two-way authentication in the Kaspersky Unified Monitoring and Analysis Platform integration settings and add the client certificate (cryptocontainer with certificate and private key).

The certificates for securing the connection to the KUMA server are provided by the administrator of Kaspersky Unified Monitoring and Analysis Platform.

A proxy server is used to connect to the KUMA server if use of a proxy server is configured in the general application settings of Kaspersky Endpoint Security.

By default, Kaspersky Unified Monitoring and Analysis Platform integration is disabled. You can enable or disable the integration, and configure the following integration settings via the command line, Web Console, and Administration Console:

• Configure general KUMA server connection settings.
• Add or remove KUMA server certificates.
• Configure two-way authentication when connecting to KUMA servers and add client certificates.
• Manage event transfer settings.

Before enabling integration with Kaspersky Unified Monitoring and Analysis Platform, make sure one of the following conditions is satisfied:

• You are using Kaspersky Endpoint Security under a license that covers the Kaspersky Unified Monitoring and Analysis Platform functionality.
• You have purchased a separate license for the Kaspersky Unified Monitoring and Analysis Platform functionality and added the license key for the additional functionality (KUMA key) to the application.

If Kaspersky Endpoint Security is used in Light Agent mode to protect virtual environments, activation is performed on the Protection Server (a component of Kaspersky Hybrid Cloud Security for Virtualization Light Agent) by adding license keys to SVMs.

In this section Configuring the KUMA integration in the Web Console Configuring the KUMA integration in the Administration Console Configuring the MDR integration on the command line

Page top