Support

Support for business applications

Kaspersky Scan Engine

Integration with SIEM solutions

Integration with KUMA

Configuring KUMA
Kaspersky Scan Engine
Нет результатов
Knowledge Base Online Help
FAQ System requirements Forum Contact support Recovery tools Product videos

Configuring KUMA

March 5, 2024

ID 220785

For KUMA to receive events from Kaspersky Scan Engine, add a new Collector in KUMA.

Configure the new Collector as follows:

  • In the Transport settings, set the Kind parameter to tcp.

    Transport basic settings: Connector - ScanEngine, Kind = tcp, Tenant = General, URL = :9991.

    Transport settings

  • In the Event parsing settings, set the Parsing method parameter to cef.

    Event parsing settings. Normalization scheme: Normalizer = [Example] CEF, Name = [Example] CEF, Tenant = General, Parsing method = cef, Store extra fields = Only errors.

    Event parsing settings

The parameters above are essential for the integration of Kaspersky Scan Engine and KUMA. Configure other parameters according to the KUMA documentation.

After KUMA configuration is complete, you can configure Kaspersky Scan Engine.

Kaspersky Professional Services
Implementation services. Health check and security system configuration. Contact us if you need expert help.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.