Kaspersky Machine Learning for Anomaly Detection

Configuring the MQTT Connector

Kaspersky MLAD uses the MQTT Connector to receive data and send messages about incident registration via the MQTT (Message Queuing Telemetry Transport) protocol.

System administrators can configure the MQTT Connector.

To configure the MQTT Connector:

1. In the lower-left corner of the window, click .

   You will be taken to the administrator menu.

2. Select System parameters → MQTT Connector.

   A list of options appears on the right.

3. Use the Use TLS connection toggle switch to enable or disable secure TLS connection.

   By default, use of a secure TLS connection is enabled.

   To avoid compromising the received and/or sent data, you are advised to keep the use of a secure TLS connection enabled.

4. If you are using a secure TLS connection, use the Use the recommended TLS connection settings toggle switch to enable or disable use of the recommended TLS connection settings.

   By default, use of the recommended TLS connection settings is enabled.

   When the toggle switch is on, a secure TLS connection is used via the TLS-1.2 or TLS-1.3 protocol with a cipher suite from the list of recommended ciphers.

5. In the MQTT broker (address:port) field, specify the host name and port of the external MQTT broker that the MQTT Connector will interact with.

   The default value of this parameter is mqtt_broker:1883.

6. In the User name for MQTT connection field, enter the user name to connect to the MQTT broker.
7. In Password for MQTT connection, enter the user password for connecting to the MQTT broker.
8. If you are using a secure TLS connection and a self-signed certificate is installed on the MQTT broker, add the root certificate for the MQTT broker by using the Browse button under the CA certificate setting.

   To delete the certificate file, click the button. To save the certificate file on your computer, click the button.

9. If you are using a secure TLS connection and client authentication is enabled on the MQTT broker, do the following:
   1. Add the client certificate by using the Browse button under the Client certificate setting.
   2. Add the key for the client certificate by using the Browse button under the Key to client certificate setting.

   It is recommended to use a certificate with a certificate key length of 4096 bits when using the RSA algorithm, or 256 bits when using the ECDH algorithm.
   Certificates and certificate keys can be uploaded only as files in DER or PEM format.

   To delete the certificate file or certificate key, click the button in the corresponding field. To save the certificate file or certificate key on your computer, click the button in the corresponding field.

10. In the List of MQTT subscriptions for receiving tags field, enter the name of the list of MQTT subscriptions from which the MQTT Connector will receive tag values.

    The default value of this parameter is tags.

11. In the MQTT topic for publishing messages field, specify the name of the topic where the MQTT Connector will publish messages about incident registration.

    If no value is defined for this setting, messages are not sent.

    This setting has no value by default.

12. In the Data format drop-down list, select the format to receive data from external systems and send messages about incidents.

    The following options are available: JSONBatch, Topic, SmartHome, KISG.

    The default value of this parameter is JSONBatch.

    If you are having difficulty selecting a data format, consult Kaspersky or a certified integrator.

    If none of the incident data and message formats suits you, you can contact Kaspersky Lab experts to add the required format.

13. If you have selected the Topic data format, add a configuration file containing the connector settings for this data format using the Browse button under the Connector configuration file setting.

    To delete the certificate file, click the button. To save the certificate file on your computer, click the button.

14. Toggle Scale obtained tag values switch to enable or disable the conversion of tag values according to the Bias and Multiplier settings that were set when creating the tag.

    Conversion of received tag values is disabled by default.

15. Click the Save button.

Kaspersky MLAD will receive data and send messages about incident registration via the MQTT protocol.