Support

Support for business applications

Kaspersky Unified Monitoring and Analysis Platform

User guide

KUMA resources

Segmentation rules

Linking segmentation rules to correlation rules

Kaspersky Unified Monitoring and Analysis Platform
Нет результатов
Knowledge Base Online Help
FAQ Solution overview Forum Contact support Product videos

Linking segmentation rules to correlation rules

April 8, 2024

ID 243127

Get as PDF

Links between a segmentation rule and correlation rules are created separately for each tenant. They are displayed in the SettingsAlertsSegmentation section of the KUMA web interface in the table with the following columns:

  • Tenant—the name of the tenant that owns the segmentation rules.
  • Updated—date and time of the last update of the segmentation rules.
  • Disabled—this column displays a label if the segmentation rules are turned off.

To link an alert segmentation rule to the correlation rules:

  1. In the KUMA web interface, open the SettingsAlertsSegmentation section.
  2. Select the tenant for which you would like to create a segmentation rule:
    • If the tenant already has segmentation rules, select it in the table.
    • If the tenant has no segmentation rules, click Add settings for a new tenant and select the relevant tenant from the Tenant drop-down list.

    A table with the created links between segmentation and correlation rule is displayed.

  3. In the Segmentation rule links group of settings, click Add and specify the segmentation rule settings:
    • Name (required)—specify the segmentation rule name in this field. Must contain 1 to 128 Unicode characters.
    • Tenants and correlation rule (required)—in this drop-down list, select the tenant and its correlation rule to separate the events of this tenant into an individual alert. You can select several correlation rules.
    • Segmentation rule (required)—in this group of settings, select a previously created segmentation rule that defines the segmentation conditions.
    • Disabled—select this check box to disable the segmentation rule link.
  4. Click Save.

The segmentation rule is linked to the correlation rules. Correlation events created by the specified correlation rules are combined into a separate alert with the name defined in the segmentation rule.

To disable links between segmentation rules and correlation rules for a tenant:

  1. Open the SettingsAlerts section of the KUMA web interface and select the tenant whose segmentation rules you want to disable.
  2. Select the Disabled check box.
  3. Click Save.

Links between segmentation rules and correlation rules are disabled for the selected tenant.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.