Support

Support for business applications

Kaspersky XDR Expert

Managing Kaspersky Unified Monitoring and Analysis Platform

Administrator's guide

Integration with other solutions

Integration with Neurodat SIEM IM

Kaspersky Next XDR Expert
Online Help
FAQ Forum Contact support Recovery tools

Integration with Neurodat SIEM IM

May 15, 2024

ID 265002

Get as PDF

Neurodat SIEM IM is an information security monitoring system.

You can configure the export of KUMA events to Neurodat SIEM IM. Based on incoming events and correlation rules, Neurodat SIEM IM automatically generates information security incidents.

To configure integration with Neurodat SIEM IM:

  1. Connect to the Neurodat SIEM IM server over SSH using an account with administrative privileges.
  2. Create a backup copy of the /opt/apache-tomcat-<server version>/conf/neurodat/soz_settings.properties configuration file.
  3. In the /opt/apache-tomcat-<server version>/conf/neurodat/soz_settings.properties configuration file, edit the following settings as follows:
    • kuma.on=true

      This setting is an attribute of Neurodat SIEM IM interaction with KUMA.

    • job_kuma=com.cbi.soz.server.utils.scheduler.KumaIncidentsJob
    • jobDelay_kuma=5000
    • jobPeriod_kuma=60000
  4. Save changes of the configuration file.
  5. Run the following command to restart the tomcat service:

    sudo systemctl restart tomcat

  6. Obtain a token for the user in KUMA. To do so:
    1. Open the KUMA console and click the user account name in the lower-left corner of the window and in the menu that is displayed, click Profile.

      This opens the User window with your user account settings.

    2. Click the Generate token button.

      The New token window opens.

    3. If necessary, set the token expiration date:
      • Select the No expiration date check box.
      • In the Expiration date field, use the calendar to specify the date and time when the created token will expire.
    4. Click the Generate token button.

      The Token field with an automatically generated token is displayed in the user details area. Copy it.

      When the window is closed, the token is no longer displayed. If you did not copy the token before closing the window, you will have to generate a new token.

    5. Click Save.
  7. Log in to Neurodat SIEM IM using the 'admin' account or another account that has the Administrator role for the organization you are configuring or the Administrator role for all organizations.
  8. In the AdministrationOrganization structure menu item, select or create an organization that you want to receive incidents from KUMA.
  9. On the organization form, do the following:
    1. Select the Configure integration with KUMA check box.
    2. In the KUMA IP address and port field, specify the KUMA API address, for example, https://192.168.58.27:7223/api/v1/.
    3. In the KUMA API key field, specify the user token obtained at step 6.
    4. Save the organization information.

Integration with KUMA is configured.

Neurodat SIEM IM tests access to KUMA and, if successful, displays a message about being ready to receive data from KUMA.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.