NCIRCC integration

Support

Support for business applications

Kaspersky Unified Monitoring and Analysis Platform

Administrator's guide

Integration with other solutions

NCIRCC integration

February 28, 2024

ID 221777

Get as PDF

In the KUMA web interface, you can create a connection to the National Computer Incident Response & Coordination Center Incidents (hereinafter referred to as "NCIRCC"). This will let you export incidents registered by KUMA to NCIRCC. Integration is configured under Settings → NCIRCC in the KUMA web interface.

Data in KUMA and NCIRCC is synchronized every 5-10 minutes.

To create a connection to NCIRCC:

In the KUMA web interface, open Settings → NCIRCC.
In the URL field, enter the URL for accessing NCIRCC.
In the Token settings block, create or select an existing secret with the API token that was issued to your organization for a connection to NCIRCC:
- If you already have a secret, you can select it from the drop-down list.
- If you want to create a new secret:
  1. Click the button and specify the following settings:
    - Name (required)—unique name of the service you are creating. The name must contain 1 to 128 Unicode characters.
    - Token (required)—token that was issued to your organization for a connection to NCIRCC.
    - Description—service description: up to 256 Unicode characters.
  2. Click Save.
  The secret containing the token for connecting to NCIRCC will be created. It is saved under Resources → Secrets and is owned by the main tenant.
The selected secret can be changed by clicking on the button.
In the Affected system function drop-down list, select the area of activity of your organization.
Available company business sectors
- Nuclear energy
- Banking and other financial market sectors
- Mining
- Federal/municipal government
- Healthcare
- Metallurgy
- Science
- Defense industry
- Education
- Aerospace industry
- Communication
- Mass media
- Fuel and power
- Transportation
- Chemical industry
- Other
In the Company field, indicate the name of your company. This data will be forwarded to NCIRCC when incidents are exported.
Use the Location drop-down list to specify where your company is located. This data will be forwarded to NCIRCC when incidents are exported.
If necessary, under Proxy, create or select an existing proxy server that must be used when connecting to NCIRCC.
Click Save.

KUMA is now integrated with NCIRCC. Now you can export incidents to it. You can click the Test connection button to make sure that a connection with NCIRCC is established.

You can use the Disabled check box to enable or disable integration.

Possible errors

If the "https://lk.cert.gov.ru/api/v2/incidents? x509: certificate signed by unknown authority" error is returned when you configure integration with NCIRCC, install and trust the certificate of the intermediate certification authority to the KUMA Core server:

Click the https://support.globalsign.com/ca-certificates/intermediate-certificates/alphassl-intermediate-certificates link, find the "AlphaSSL SHA256 G4 Intermediate Certificate", and click "View as BASE64".
Paste the displayed certificate strings into a file and add the file with the certificate strings as the secret in KUMA.
After installing the certificate, restart the Core server.

As a result, the certificate is installed and you can proceed with configuring the integration.