Contents
Configuring the receipt of KICS for Networks events
You can configure the receipt of events from Kaspersky Industrial CyberSecurity for Networks (KICS for Networks) 4.2 in KUMA.
Configuring event receiving consists of the following steps:
- Creating a KICS for Networks connector for sending events to KUMA.
- Configuring export of KICS for Networks events to KUMA.
- Creating and installing a KUMA collector to receive KICS for Networks events.
- Verifying receipt of KICS for Networks events in the KUMA collector.
You can verify that KICS for Networks event export is correctly configured in the Searching for related events section of the KUMA Console.
Creating a KICS for Networks connector for sending events to KUMA
To create a connector for sending events in the web interface of KICS for Networks:
- Log in to the KICS for Networks web interface using an administrator account.
- Go to the Settings → Connectors section.
- Click the Add connector button.
- Specify the following settings:
- In the Connector type drop-down list, select SIEM.
- In the Connector name field, specify a name for the connector.
- In the Server address field, enter the IP address of the KICS for Networks Server.
- In the Connector deployment node drop-down list, select the node on which you are installing the connector.
You can specify any name.
- In the User name field, specify the user name for KUMA to use for connecting to the application through the connector. You must specify the name of one of the KICS for Networks users.
- In the SIEM server address field, enter the IP address of the KUMA collector server.
- In the Port number field, enter the port number of the KUMA collector.
- In the Transport protocol drop-down list, select TCP or UDP.
- Select the Allow sending audit entries check box.
- Select the Allow sending application entries check box.
- Click the Save button.
The connector is created. It is displayed in the table of KICS for Networks connectors with the Running status.
The KICS for Networks connector for sending events to KUMA is ready for use.
Page topConfiguring export of KICS for Networks events to KUMA
To configure the sending of security events from KICS for Networks to KUMA:
- Log in to the KICS for Networks web interface using an administrator account.
- Go to the Settings → Event types section.
- Select the check boxes for the types of events that you want to send to KUMA.
- Click Select connectors.
- This opens a window; in that window, select the connector that you created for sending events to KUMA.
- Click OK.
Events of selected types will be sent to KUMA. In the Event types table, such events are marked with a check box in the column with the connector name.
Page topCreating a KUMA collector to receive KICS for Networks events
After configuring the event export settings, you must create a collector for KICS for Networks events in the KUMA Console.
For details on creating a KUMA collector, refer to Creating a collector.
When creating a collector in the KUMA Console, you must:
- At the Transport step, select the transport protocol type matching the type you selected when you created the connector in KICS for Networks at step 4i (TCP or UDP) and the port number matching the port number you specified at step 4h.
- At the Event parsing step, select the [OOTB] KICS4Net v3.х normalizer.
- At the Routing step, make sure that the following destinations are added to the collector resource set:
- storage—used to transmit data to the storage.
- correlator—used to transmit data to the correlator.
If destinations have not been added to the collector, you must create them.
- At the last step of the wizard, a command is displayed in the lower part of the window, which you can use to install the service on the server that you want to receive events. Copy this command and use it when installing the second part of the collector.