Kaspersky Next XDR Expert
1.2

Contents

Configuring a KUMA collector for receiving and processing CommuniGate Pro events

To configure a KUMA collector for receiving CommuniGate Pro events:

  1. Import the [OOTB] CommuniGate Pro package from the KUMA repository. The package is available for KUMA 3.0 and newer versions.
  2. Create a new collector, and in the Collector Installation Wizard, configure the following:
    1. At the Transport step, in the Type field, select the tcp type, and in the URL field, specify the FQDN or IP address and port of the collector.
    2. At the Event parsing step, click Add event parsing, and in the displayed Basic event parsing window, in the Normalizer drop-down list, select the [OOTB] CommuniGate Pro normalizer.
    3. At the Event aggregation step, click Add aggregation rule, and in the displayed Event aggregation window, in the Aggregation rule drop-down list, select [OOTB] CommuniGate Pro. Aggregation rule.
    4. At the Routing step, click Add and in the displayed Create destination window, create three destination points one by one—the same collector with the name "Loop", a storage, and a correlator.
      1. Create a destination named "Loop" with the following parameters:
        • On the Basic settings tab, in the Type drop-down list, select the tcp transport type; in the URL field, specify the FQDN or IP address and port of the collector that you specified before at step 2.1 of these instructions.
        • On the Advanced settings tab, in the Filter drop-down list, select the [OOTB] CommuniGate Pro. Filter for event aggregation filter.

        This configuration is necessary to send the aggregated event to the same collector for subsequent normalization.

      2. Create a correlator destination:
        • On the Basic settings tab, in the Type drop-down list, select correlator and fill in the URL field.
        • On the Advanced settings tab, in the Filter drop-down list, select the [OOTB] CommuniGate Pro. Aggregated events to storage and correlator filter.
      3. Create a storage destination:
        • On the Basic settings tab, in the Type drop-down list, select storage and fill in the URL field.
        • On the Advanced settings tab, in the Filter drop-down list, select the [OOTB] CommuniGate Pro. Aggregated events to storage and correlator filter.

        This configuration is necessary to send the aggregated normalized event to storage and the correlator.

  3. Click the Create button.

    The collector service is created with the settings specified in the KUMA Console. The command for installing the service on the server is displayed.

  4. Copy the collector installation command and run it on the relevant server.

The collector is configured to receive and process CommuniGate Pro events.

Page top
[Topic 290158]