Kaspersky Machine Learning for Anomaly Detection

Configuring the WebSocket Connector

Kaspersky MLAD uses the WebSocket Connector to receive data and send messages about incident registration via the WebSocket protocol.

System administrators can configure the WebSocket Connector. The instructions in this section are provided for information purposes.

To configure the WebSocket Connector:

1. In the lower-left corner of the window, click .

   You will be taken to the administrator menu.

2. Select System parameters → WebSocket Connector.

   A list of options appears on the right.

3. In the WebSocket server URL address field, specify the web address of the WebSocket server that the WebSocket Connector will interact with.

   Enter the web address in the format: WebSocket protocol://address:port/.

4. If it is necessary to use a secure connection and a self-signed certificate is installed on the WebSocket server, add the root certificate for the WebSocket server using the Browse button under the CA certificate setting.

   To delete the certificate file, click the button. To save the certificate file on your computer, click the button.

5. If it is necessary to use a secure connection and client authentication is enabled on the WebSocket server, do the following:
   1. Add the WebSocket client application certificate by using the Browse button under the Client certificate setting.
   2. Add the key to the WebSocket client application certificate by using the Browse button under the Key to client certificate setting.

   It is recommended to use a certificate with a certificate key length of 4096 bits when using the RSA algorithm, or 256 bits when using the ECDH algorithm.

   To delete the certificate file or certificate key, click the button in the corresponding field. To save the certificate file or certificate key on your computer, click the button in the corresponding field.

6. In the Data format drop-down list, select the format to receive data from external systems and send messages about incidents.

   The following options are available: JSONBatch, Topic, SmartHome, KISG.

   The default value of this parameter is JSONBatch.

   If you are having difficulty selecting a data format, consult Kaspersky or a certified integrator.

   If none of the incident data and message formats suits you, you can contact Kaspersky Lab experts to add the required format.

7. If you have selected the Topic data format, add a configuration file containing the connector settings for this data format using the Browse button under the Connector configuration file setting.

   To delete the connector configuration file, click the button. To save the connector configuration file on your computer, click the button.

8. Toggle Scale obtained tag values switch to enable or disable the conversion of tag values according to the Bias and Multiplier settings that were set when creating the tag.

   Conversion of received tag values is disabled by default.

9. Toggle Submit incidents switch to enable or disable the forwarding of messages about incidents registered in Kaspersky MLAD to a WebSocket server.
10. If you are using a secure TLS connection, use the Use the recommended TLS connection settings toggle switch to enable or disable use of the recommended TLS connection settings.

    By default, use of the recommended TLS connection settings is enabled.

    When the toggle switch is on, a secure TLS connection is used via the TLS-1.2 or TLS-1.3 protocol with a cipher suite from the list of recommended ciphers.

11. Click the Save button.

Kaspersky MLAD will receive data and send messages about incident registration via the WebSocket protocol.