In the KUMA web interface, you can create a connection to the National Computer Incident Response & Coordination Center Incidents (hereinafter referred to as "NCIRCC"). This will let you exportincidents registered by KUMA to NCIRCC. Integration is configured under Settings → NCIRCC in the KUMA web interface. All fields that you fill out in the settings section are automatically sent to the NCIRCC data submission form.
Data in KUMA and NCIRCC is synchronized every 5-10 minutes.
To create a connection to NCIRCC:
In the KUMA web interface, open the Settings → Integrations → NCIRCC section.
Use the Status toggle switch to enable the integration. The integration is disabled by default.
In the URL field, enter the URL for accessing NCIRCC.
In the Tenant drop-down list, select a tenant for messages from NCIRCC.
In the Token drop-down list, create or select an existing secret with the API token that was issued to your organization for connecting to NCIRCC:
If you already have a secret, you can select it from the drop-down list.
If you want to create a new secret:
Click Create and in the Create secret window, specify the following settings:
Name (required)—unique name of the resource you are creating. The name must contain 1 to 128 Unicode characters.
Token (required)—token that was issued to your organization for a connection to NCIRCC.
Description—service description: up to 256 Unicode characters.
If necessary, select the tags for the integration from the Tags drop-down list.
Click Create.
The secret containing the token for connecting to NCIRCC will be created. It is saved under Resources → Resources configuration → Secrets and is owned by the main tenant.
In the Company scope drop-down list, select the required value.
In the Company name field, specify the name of the company for which you are configuring the integration.
In the Location drop-down list, specify the location of your company.
In the Root CA drop-down list, create a secret or select an existing secret:
If you already have a secret, you can select it from the drop-down list.
If you want to create a new secret:
Click the Create button and specify the following settings:
Name is the unique name for the resource you are creating. The name must contain 1 to 128 Unicode characters.
Type is the type of the secret (certificate).
For the Certificate file, click the Upload certificate button and select the certificate of the intermediate certification authority that is uploaded and installed on the KUMA Core server.
To install and trust the certificate of the intermediate certification authority on the KUMA Core server:
Follow the NCIRCC account link. For example, https://lk.cert.gov.ru.
Right-click to call up the View site details context menu to the left of the link in the address bar.
If you are using an encrypted connection, in the context menu, select Connection is secure and in the drop-down list under Certificate is valid, click the Show certificate link.
If you are using an unencrypted connection, in the menu, click Certificate details.
Depending on your browser, the position of the menu and the order of items may differ.
In the displayed Certificate Viewer window, under Issued By, in the Common Name (CN) field you can find the name of the certificate that you need. For example, GlobalSign GCC R6 AlphaSSL CA 2023.
Remember the name of the certificate because you will need to download it at the next step.
Paste the displayed certificate strings into a file and add the file with the certificate strings as the secret in KUMA.
After installing the certificate, restart the KUMA Core server.
As a result, the certificate is installed and you can proceed with configuring the integration.
Tags—tags for the certificate.
Description—service description: up to 256 Unicode characters.
Click Create.
The secret with the certificate of the intermediate certification authority is created. It is saved under Resources → Resources configuration → Secrets and is owned by the main tenant.
If necessary, under Proxy, create or select an existing proxy server that must be used when connecting to NCIRCC.
Specify the NCIRCC response timeout in seconds.
If necessary, specify the tax ID (INN), operator address, and email address for sending notification information.
Click Save.
KUMA is now integrated with NCIRCC. Now you can export incidents to it. You can click the Test connection button to make sure that a connection with NCIRCC is established.
You can use the Disabled check box to enable or disable integration.
To install and trust the certificate of the intermediate certification authority on the KUMA Core server:
Follow the NCIRCC account link. For example, https://lk.cert.gov.ru.
Right-click to call up the View site details context menu to the left of the link in the address bar.
If you are using an encrypted connection, in the context menu, select Connection is secure and in the drop-down list under Certificate is valid, click the Show certificate link.
If you are using an unencrypted connection, in the menu, click Certificate details.
Depending on your browser, the position of the menu and the order of items may differ.
In the displayed Certificate Viewer window, under Issued By, in the Common Name (CN) field you can find the name of the certificate that you need. For example, GlobalSign GCC R6 AlphaSSL CA 2023.
Remember the name of the certificate because you will need to download it at the next step.