Support

Support for business applications

Kaspersky Unified Monitoring and Analysis Platform

Administrator's guide

Integration with other solutions

Integration with the Security Orchestration Automation and Response Platform (SOAR)

Kaspersky Unified Monitoring and Analysis Platform
Нет результатов
Knowledge Base Online Help
FAQ Solution overview Forum Contact support Product videos

Integration with the Security Orchestration Automation and Response Platform (SOAR)

June 18, 2024

ID 232020

Get as PDF

Security Orchestration, Automation and Response Platform (hereinafter referred to as SOAR) is a software platform used for automation of monitoring, processing, and responding to information security incidents. It aggregates cyberthreat data from various sources into a single database for further analysis and investigation to facilitate incident response capabilities.

SOAR can be integrated with KUMA. After configuring integration, you can perform the following tasks in SOAR:

  • Request information about alerts from KUMA. In SOAR, incidents are created based on received data.
  • Send requests to KUMA to close alerts.

Integration is implemented by using the KUMA REST API. On the Security Vision IRP side, integration is carried out by using the preconfigured Kaspersky KUMA connector. Contact your SOAR vendor to learn more about the methods and conditions for obtaining a Kaspersky KUMA connector.

Managing SOAR incidents

SOAR incidents generated from KUMA alert data can be viewed in SOAR under IncidentsIncidents (2 lines)All incidents (2 lines). Events related to KUMA alerts are logged in each SOAR incident. Imported events can be viewed on the Response tab.

KUMA alert imported into SOAR as an incident

In this section

Configuring integration in KUMA

Configuring integration in SOAR

See also:

About alerts

About events

REST API

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.