Kaspersky Next XDR Expert
1.2

Contents

Importing asset information from MaxPatrol VM

The KUMA distribution kit includes the kuma-ptvm utility, which consists of an executable file and a configuration file. The utility is supported on Windows and Linux operating systems. The utility allows you to connect to the MaxPatrol VM API to get data about devices and their attributes, including vulnerabilities, and also lets you edit asset data and import data using the KUMA API. Importing data is supported for MaxPatrol VM 2.6.

Configuring the import of asset information from MaxPatrol VM to KUMA proceeds in stages:

  1. Preparing KUMA and MaxPatrol VM.

    You must create user accounts and a KUMA token for API operations.

  2. Creating a configuration file with data export and import settings.
  3. Importing asset data into KUMA using the kuma-ptvm utility:
    1. The data is exported from MaxPatrol VM and saved in the directory of the utility. Information for each tenant is saved to a separate file in JSON format.

      If necessary, you can edit the received files.

    2. Information from files is imported into KUMA.

When re-importing existing assets, assets that already exist in KUMA are overwritten. In this way, fixed vulnerabilities are removed.

Known limitations

If the same IP address is specified for two assets with different FQDNs, KUMA imports such assets as two different assets; the assets are not combined.

If an asset has two softwares with the same data in the name, version, vendor fields, KUMA imports this data as one software, despite the different software installation paths in the asset.

If the FQDN of an asset contains a space or underscore ("_"), data for such assets is not imported into KUMA, and the log indicates that the assets were skipped during import.

If an error occurs during import, error details are logged and the import stops.

Preparatory actions

  1. Create a separate user account in KUMA and in MaxPatrol VM with the minimum necessary set of permissions to use API requests.
  2. Create user accounts for which you will lager generate an API token.

    Requirements imposed on accounts for which the API token is generated:

    • General administrator, Tenant administrator, Tier 2 analyst, or Tier 1 analyst role.
    • Access to the tenant into which the assets will be imported.
    • In the user account, under API access rights, the check box is selected for POST/api/v1/assets/import.
  3. Generate a token for access to the KUMA REST API.

Creating the configuration file

To create the configuration file:

  1. Go to the KUMA installer folder by executing the following command:

    cd kuma-ansible-installer

  2. Copy the kuma-ptvm-config-template.yaml template to create a configuration file named kuma-ptvm-config.yaml:

    cp kuma-ptvm-config-template.yaml kuma-ptvm-config.yaml

  3. Edit the settings in the kuma-ptvm-config.yaml configuration file.
  4. Save the changes to the file.

The configuration file will be created. Go to the Importing asset data step.

Importing asset data

To import asset information:

  1. If you want to import asset information from MaxPatrol VM into KUMA without intermediate verification of the exported data, run the kuma-ptvm utility with the following options:

    kuma-ptvm --config <path to the kuma-ptvm-config.yaml file> --download --upload

  2. If you want to check the correctness of data exported from MaxPatrol VM before importing it into KUMA:
    1. Run the kuma-ptvm utility with the following options:

      kuma-ptvm --config <path to the kuma-ptvm-config.yaml file> --download

      For each tenant specified in the configuration file, a separate file is created with a name of the form <KUMA tenant ID>.JSON. Also, during export, a 'tenants' file is created, containing a list of JSON files to be uploaded to KUMA. All files are saved in the utility's directory.

    2. Review the exported asset files and if necessary, make the following edits:
      • Assign assets to their corresponding tenants.
      • Manually transfer asset data from the 'default' tenant file to the files of the relevant tenants.
      • In the 'tenants' file, edit the list of tenants whose assets you want to import into KUMA.
    3. Import asset information into KUMA:

      kuma-ptvm --config <path to the kuma-ptvm-config.yaml file> --upload

    To view information about the available commands of the utility, run the --help command.

The asset information is imported from MaxPatrol VM to KUMA. The console displays information on the number of new and updated assets.

Possible errors

When running the kuma-ptvm utility, the "tls: failed to verify certificate: x509: certificate is valid for localhost" error may be returned.

Solution.

  • Issue a certificate in accordance with the MaxPatrol documentation. We recommend resolving the error in this way.
  • Disable certificate validation.

    To disable certificate validation, add the following line to the configuration file in the 'MaxPatrol settings' section:

    ignore_server_cert: true

As a result, the utility is started without errors.

Page top
[Topic 265427]

Settings of the kuma-ptvm-config.yaml configuration file

The table lists the settings that you can specify in the kuma-ptvm-config.yaml file.

Description of settings in the kuma-ptvm-config.yaml configuration file

Setting

Description

Values

log_level

An optional setting in the 'General settings' group.

Logging level.

Available values:

  • trace
  • info
  • warning
  • error

Default setting: info.

period

An optional setting in the 'General settings' group.

Data for assets that have changed during the specified period is exported from MaxPatrol.

No limitations apply.

Default setting: 30d.

strict_import

Optional setting in the 'General settings' group.

When exporting assets from MaxPatrol, check if the required fields for KUMA are filled. Do not export unverified assets from MaxPatrol.

Available values:

  • true to check for the presence of fields that are required for KUMA.
  • false to skip the check for the presence of fields that are required for KUMA.

Default setting: false.

We recommend specifying true when exporting assets from MaxPatrol, this lets you detect and fix possible errors in JSON files before you import assets into KUMA.

endpoint

Required setting in the 'KUMA settings' group.

URL of the KUMA API server. For example, kuma-example.com:7223

-

token

Required setting in the 'KUMA settings' group.

KUMA API token.

-

ignore_server_cert

Optional setting in the 'KUMA settings' group.

Validation of the KUMA certificate.

Available values:

  • true to disable KUMA certificate validation.
  • false to enable KUMA certificate validation.

This setting is not included in the configuration file template. You can manually add this setting with a true value, which will prevent the kuma-ptvm utility from validating the certificate at startup.

endpoint

Required setting in the 'MaxPatrol VM' group.

URL of the MaxPatrol API server.

-

user

Required setting in the 'MaxPatrol VM' group.

MaxPatrol API user name.

-

password

Required setting in the 'MaxPatrol VM' group.

MaxPatrol API user password.

-

secret

Required setting in the 'MaxPatrol VM settings' group.

MaxPatrol API secret.

-

ignore_server_cert

Optional setting in the 'MaxPatrol VM settings' group.

Validation of the MaxPatrol certificate.

Available values:

  • true to disable the validation of the MaxPatrol certificate.
  • true to enable MaxPatrol certificate validation.

This setting is not included in the configuration file template. You can manually add this setting with a true value if the "tls: failed to verify certificate: x509: certificate is valid for localhost" error occurs. In that case, the kuma-ptvm utility does not validate the certificate when it is started.

We recommend issuing a certificate in accordance with the MaxPatrol documentation as the preferred way of resolving the error.

only_exploitable

Optional setting in the 'Vulnerability filter' group.

Export from MaxPatrol only assets with vulnerabilities for which exploits are known.

Available values:

  • true to export only assets with vulnerabilities for which exploits are known.
  • false to export all assets.

Default setting: false.

min_severity

Optional setting in the 'Vulnerability filter' group.

Import only vulnerabilities of the specified level or higher.

Available values:

  • low
  • medium
  • high
  • critical

Default value: low.

id

Required setting in the 'Tenant map' group.

Tenant ID in KUMA.

Assets are assigned to tenants in the order in which tenants are specified in the configuration file: the higher a tenant is in the list, the higher its priority. This means you can specify overlapping subnets.

-

fqdn

Optional setting in the 'Tenant map' group.

Regular expression for searching the FQDN of an asset.

-

networks

Optional setting in the 'Tenant map' group.

One or more subnets.

-

default_tenant

Optional setting.

The default KUMA tenant for data about assets that could not be allocated to tenants specified in the 'Tenants' group of settings.

-

Page top
[Topic 267952]