Support

Support for business applications

Kaspersky XDR Expert

Managing Kaspersky Unified Monitoring and Analysis Platform

User guide

KUMA resources

Connectors

Connector settings

Snmp-trap type

Kaspersky Next XDR Expert
Online Help
FAQ Forum Contact support Recovery tools

Snmp-trap type

May 15, 2024

ID 265199

Get as PDF

The snmp-trap connector is used in agents and collectors to passively receive SNMP trap messages. The connector receives and prepares messages for normalization by mapping the SNMP object IDs to the temporary keys. Then the message is passed to the JSON normalizer, where the temporary keys are mapped to the KUMA fields and an event is generated.

To process events received via SNMP, you must use json normalizer.

It is available for Windows and Linux Agents. Supported protocol versions:

  • snmpV1
  • snmpV2

When creating this type of connector, you need to define values for the following settings:

  • Basic settings tab:
    • Name (required)—a unique name for this type of resource. Must contain 1 to 128 Unicode characters.
    • Tenant (required)—name of the tenant that owns the resource.
    • Type (required)—connector type, snmp-trap.
    • SNMP version (required)—in this drop-down list, select the version of the protocol to be used: snmpV1 or snmpV2.

      For example, Windows uses the snmpV2 version by default.

    • URL (required) – URL where SNMP Trap messages will be expected. Available formats: hostname:port, IPv4:port, IPv6:port, :port.

    The SNMP version and URL parameters define one connection used to receive SNMP Traps. You can create several such connections in one connector by adding new ones using the SNMP resource button. You can delete connections by using the search_del button.

    • In the Source data table, specify the rules for naming the received data, according to which OIDs (object identifiers) are converted to the keys with which the normalizer can interact.

      You can click Apply OIDs for WinEventLog to populate the table with mappings for OID values ​​that arrive in WinEventLog logs. If more data needs to be determined and normalized in the incoming events, add to the table rows containing OID objects and their keys.

      Available table columns:

      • Parameter name —an arbitrary name for the data type. For example, "Site name" or "Site uptime".
      • OID (required)—a unique identifier that determines where to look for the required data at the event source. For example, 1.3.6.1.2.1.1.1.
      • Key (required)—a unique identifier returned in response to a request to the asset with the value of the requested setting. For example, sysDescr. This key can be accessed when normalizing data.

      Data is processed according to the allow list principle: objects that are not specified in the table are not sent to the normalizer for further processing.

    • Description—resource description: up to 4,000 Unicode characters.
  • Advanced settings tab:
    • Character encoding setting specifies character encoding. The default value is UTF-8. When receiving snmp-trap events from Windows with Russian localization, if you encounter invalid characters in the event, we recommend changing the character encoding in the snmp-trap connector to Windows 1251.
    • Debug—a toggle switch that lets you specify whether resource logging must be enabled. By default, this toggle switch is in the Disabled position.

In this section

Configuring the source of SNMP trap messages for Windows

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.