Support

Support for business applications

Kaspersky Unified Monitoring and Analysis Platform

User guide

KUMA resources

Connectors

Connector settings

etw type

Kaspersky Unified Monitoring and Analysis Platform
Нет результатов
Knowledge Base Online Help
FAQ Solution overview Forum Contact support Product videos

etw type

June 18, 2024

ID 275982

Save as PDF

When creating this type of connector, you need to define values for the following settings:

  • Basic settings tab:
    • Name (required)—a unique name for this type of resource. Must contain 1 to 128 Unicode characters.
    • Tenant (required)—name of the tenant that owns the resource.
    • Type (required)—connector type, etw.
    • URL (required)—valid URL of the DNS server.
    • Session name (required)—you can specify only one session name, which corresponds to the Microsoft-Windows-DNSServer ETW provider {EB79061A-A566-4698-9119-3ED2807060E7}
    • Extract event information—if the toggle switch is turned off, the minimum set of event information is extracted that can be obtained without having to download third-party metadata from the disk. This method helps conserve CPU resources on the computer with the agent. The default is Active, which means all data about the event is extracted.
    • Extract event properties—if the toggle switch is turned off, event properties are not extracted, and this helps conserve CPU usage on the computer with the agent. The default value is Active, which means event properties are extracted. If the Extract event information toggle switch is turned off, is inactive, event properties are also not extracted, regardless of the position of the Extract event properties toggle switch.
    • Description—resource description: up to 4,000 Unicode characters.
  • Advanced settings tab:
    • Debug—a toggle switch that lets you specify whether resource logging must be enabled. By default, this toggle switch is in the Disabled position.
    • Character encoding—used to specify the source encoding in UTF-8. We recommend editing this setting only if garbled characters are displayed in the fields of the normalized event. By default, no value is set.
    • TLS mode—TLS encryption mode using certificates in PEM x509 format:
      • Disabled (default)—do not use TLS encryption.
      • Enabled means encryption is used, but certificates are not verified.
      • With verification—use encryption with verification that the certificate was signed with the KUMA root certificate. The root certificate and key of KUMA are created automatically during program installation and are stored on the KUMA Core server in the /opt/kaspersky/kuma/core/certificates/ folder.
    • Compression—you can use Snappy compression. By default, compression is disabled.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.