Managing connectors
This section contains information about managing connectors in Kaspersky Industrial CyberSecurity for Networks. Connectors are specialized application modules that facilitate the exchange of data with Kaspersky Industrial CyberSecurity for Networks and may provide capabilities to perform management tasks in the application directly or through use of the application.
Connectors expand application functionality for interaction with recipient systems, including with Kaspersky Security Center. Depending on their functional purpose, connectors can transmit data to recipient systems (for example, relay events, application messages and audit entries to a SIEM system) or receive data from recipient systems (for example, to register External events in the application). The application may also use connectors to conduct active polling of devices.
A specialized connector named Kaspersky Security Center Connector is used so that the application can interact with Kaspersky Security Center. This connector is created in the application by default and cannot be deleted. To ensure proper functioning of the connector, the capability for the application to interact with Kaspersky Security Center must be added to the Kaspersky Industrial CyberSecurity for Networks Server.
Computers running application modules of connectors are called connector deployment nodes. A connector deployment node can be any computer that has network access to the application Server computer (such as nodes that have application components installed, including the actual computer of the Server).
The functional capabilities of the connector depend on the selected connector type. You can select the relevant connector type when adding a connector to the application. The application has the following built-in connector types by default:
- Syslog – provides the capabilities for forwarding data to a Syslog server.
- SIEM – provides the capabilities for forwarding data to the server of a SIEM system.
- Generic – provides the capabilities for connecting applications that utilize the Kaspersky Industrial CyberSecurity for Networks API.
- Email – provides the capabilities for forwarding data in email messages.
- Active poll – provides the capabilities for active polling of devices.
- KUMA—if there are installed software modules, provides the capabilities of integration with Kaspersky Unified Monitoring and Analysis Platform (hereinafter also KUMA). Software modules for this type of connectors are supplied separately from Kaspersky Industrial CyberSecurity for Networks. Using this type of connector, you can send information about devices and risks to KUMA, as well as use the commands to change device statuses in KUMA. After adding the connector, configure the integration in KUMA (create a connection to Kaspersky Industrial CyberSecurity for Networks). Interaction between the KUMA connector and the Server is performed using the Kaspersky Industrial CyberSecurity for Networks API.
The KUMA connector provides integration by sending information about devices and risks and applying commands to change device statuses. To send events to KUMA, add a Syslog or SIEM connector to Kaspersky Industrial CyberSecurity for Networks and specify the data for connecting to the KUMA server for this connector. After adding a connector, configure the collector on the KUMA side.
If necessary, you can add other types of connectors that will facilitate data exchange or provide the capabilities for performing management tasks when the application interacts with other recipient systems.
Certain ports and protocols are used to connect the connectors to the Server.
A recipient system is connected through a connector on behalf of one of the application users. It is recommended to use a separate user account for each connector. This will make it more convenient to analyze the actions that are performed through connectors based on audit entries.
The connectors table and connector types table are displayed under Settings → Connectors in the application web interface. Only users with the Administrator role can manage connectors and connector types.
Maximum number of connectors in the application – 20. Maximum number of connector types – 100.
