Support

Support for business applications

Kaspersky Unified Monitoring and Analysis Platform

Administrator's guide

Integration with other solutions

Integration with Kaspersky Secure Mail Gateway

Configuring a response rule for integration with KSMG

Kaspersky Unified Monitoring and Analysis Platform
Нет результатов
Knowledge Base Online Help
FAQ Solution overview Forum Contact support Product videos

Configuring a response rule for integration with KSMG

April 8, 2024

ID 259356

Get as PDF

To configure a response rule:

  1. Create a response rule:
    1. In the KUMA web interface, select the ResourcesResponse rules section and click Add response rule.
    2. This opens the Create response rule window; in that window, in the Name field, enter the name of the rule.
    3. In the Tenant drop-down list, select the tenant that owns the resource.
    4. In the Type drop-down list, select Run script.
    5. In the Script name field, enter the name of the script, ksmg.py.
    6. In the Script arguments field, specify:
      • --host — address of the KSMG server.
      • --username — name of the user account created in KSMG.

        You can specify the Administrator account.

      • --password — KSMG user account password.
      • --rule_id — ID of the rule created in KSMG.
      • Specify one of the options depending on the type of the object being blocked:
        • --email — specify the field of the KUMA event from which you want to obtain the URL, for example, {{.SourceUserName}}.
        • --ip — specify the field of the KUMA event from which you want to obtain the IP address, for example, {{.SourceAddress}}.
      • --ntlm — specify this option if the KSMG user was created with NTLM authentication.

        Example:

        --host <address> --username <user> --password <pass> --ntlm --rule_id <id> --email {{.SourceUserName}}
    7. In the Conditions section, add conditions corresponding to the correlation rules that when triggered require blocking the IP address or email address of the message sender in KSMG.
    8. Click Save.
  2. Add the response rule to the correlator:
    1. In the ResourcesCorrelators section, select the correlator that must respond and in whose directory you placed the script.
    2. In the steps tree, select Response rules.
    3. Click Add.
    4. In the Response rule drop-down list, select the rule added at step 1 of these instructions.
    5. In the steps tree, select Setup validation.
    6. Click Save and reload services.
    7. Click the Save button.

The response rule is linked to the correlator and ready to use.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.