KUMA | KUMA |
Kaspersky Unified Monitoring and Analysis Platform (KUMA) integrates Kaspersky Lab products with third-party solutions into a unified information security system. It’s a key component in implementing a comprehensive protection approach, securing corporate and industrial environments as well as the IT/OT system interface, which is the most common target for attackers, against modern cyber threats. | Kaspersky Unified Monitoring and Analysis Platform (KUMA) объединяет продукты «Лаборатории Касперского» и сторонних поставщиков в единую систему информационной безопасности и является ключевым компонентом на пути реализации комплексного защитного подхода, способного обезопасить от актуальных киберугроз корпоративную и индустриальную среду, а также наиболее эксплуатируемый злоумышленниками стык IT/OT-систем. |
Configuration details | Описание настроек |
To work with KUMA, you must enable the log-shipper module. | Для работы с KUMA должен быть обязательно включён модуль log-shipper. |
To send data to KUMA, configure the following resources in DKP: | Для отправки данных в KUMA необходимо настроить на стороне DKP следующие ресурсы: |
Make sure to configure the necessary resources in KUMA to enable event collection. | На стороне KUMA должны быть настроены необходимые ресурсы для приёма событий. |
The following are configuration examples for sending the audit file | Ниже приведены примеры конфигурации отправки файла аудита |
Sending logs in JSON via UDP | Отправка логов в формате JSON по UDP |
yaml apiVersion: deckhouse.io/v1alpha1 kind: ClusterLogDestination metadata: name: kuma-udp-json spec: type: Socket socket: address: IP_ADDRESS:PORT # Replace during the setup mode: UDP encoding: codec: “JSON” — apiVersion: deckhouse.io/v1alpha2 kind: ClusterLoggingConfig metadata: name: kubelet-audit-logs spec: type: File file: include:
| yaml apiVersion: deckhouse.io/v1alpha1 kind: ClusterLogDestination metadata: name: kuma-udp-json spec: type: Socket socket: address: IP_ADDRESS:PORT # Заменить при настройке mode: UDP encoding: codec: “JSON” — apiVersion: deckhouse.io/v1alpha2 kind: ClusterLoggingConfig metadata: name: kubelet-audit-logs spec: type: File file: include:
|
Sending logs in JSON via TCP | Отправка логов в формате JSON по TCP |
yaml apiVersion: deckhouse.io/v1alpha1 kind: ClusterLogDestination metadata: name: kuma-tcp-json spec: type: Socket socket: address: IP_ADDRESS:PORT # Replace during the setup mode: TCP tcp: verifyCertificate: false verifyHostname: false encoding: codec: “JSON” — apiVersion: deckhouse.io/v1alpha2 kind: ClusterLoggingConfig metadata: name: kubelet-audit-logs spec: type: File file: include:
| yaml apiVersion: deckhouse.io/v1alpha1 kind: ClusterLogDestination metadata: name: kuma-tcp-json spec: type: Socket socket: address: IP_ADDRESS:PORT # Заменить при настройке mode: TCP tcp: verifyCertificate: false verifyHostname: false encoding: codec: “JSON” — apiVersion: deckhouse.io/v1alpha2 kind: ClusterLoggingConfig metadata: name: kubelet-audit-logs spec: type: File file: include:
|
Sending logs in CEF via TCP | Отправка логов в формате CEF по TCP |
yaml apiVersion: deckhouse.io/v1alpha1 kind: ClusterLogDestination metadata: name: kuma-tcp-cef spec: type: Socket socket: extraLabels: cef.name: d8 cef.severity: “1” address: IP_ADDRESS:PORT # Replace during the setup mode: TCP tcp: verifyCertificate: false verifyHostname: false encoding: codec: “CEF” — apiVersion: deckhouse.io/v1alpha2 kind: ClusterLoggingConfig metadata: name: kubelet-audit-logs spec: type: File file: include:
| yaml apiVersion: deckhouse.io/v1alpha1 kind: ClusterLogDestination metadata: name: kuma-tcp-cef spec: type: Socket socket: extraLabels: cef.name: d8 cef.severity: “1” address: IP_ADDRESS:PORT # Заменить при настройке mode: TCP tcp: verifyCertificate: false verifyHostname: false encoding: codec: “CEF” — apiVersion: deckhouse.io/v1alpha2 kind: ClusterLoggingConfig metadata: name: kubelet-audit-logs spec: type: File file: include:
|
Sending logs in Syslog via TCP | Отправка логов в формате Syslog по TCP |
yaml apiVersion: deckhouse.io/v1alpha1 kind: ClusterLogDestination metadata: name: kuma-tcp-syslog spec: type: Socket socket: address: IP_ADDRESS:PORT # Replace during the setup mode: TCP tcp: verifyCertificate: false verifyHostname: false encoding: codec: “Syslog” — apiVersion: deckhouse.io/v1alpha2 kind: ClusterLoggingConfig metadata: name: kubelet-audit-logs spec: type: File file: include:
| yaml apiVersion: deckhouse.io/v1alpha1 kind: ClusterLogDestination metadata: name: kuma-tcp-syslog spec: type: Socket socket: address: IP_ADDRESS:PORT # Заменить при настройке mode: TCP tcp: verifyCertificate: false verifyHostname: false encoding: codec: “Syslog” — apiVersion: deckhouse.io/v1alpha2 kind: ClusterLoggingConfig metadata: name: kubelet-audit-logs spec: type: File file: include:
|
Sending logs in Apache Kafka | Отправка логов в Apache Kafka |
Ensure that Apache Kafka is configured to collect data. | При условии, что Apache Kafka настроена на приём данных. |
yaml apiVersion: deckhouse.io/v1alpha1 kind: ClusterLogDestination metadata: name: kuma-kafka spec: type: Kafka kafka: bootstrapServers:
| yaml apiVersion: deckhouse.io/v1alpha1 kind: ClusterLogDestination metadata: name: kuma-kafka spec: type: Kafka kafka: bootstrapServers:
|