Actions for Kaspersky Security Center #
- Send Data to Kaspersky Security Center. Sends a custom set of Lucidum data to Kaspersky Security Center.
Use Cases #
Below are the possible use cases for these actions:
-
If you want to run Lucidum “headless”, you can send relevant data to Kaspersky Security Center on a regular schedule.
- You can send normalized, enriched Lucidum data to Kaspersky Security Center to be indexed, searched, and analyzed.
Prerequisites #
To execute Kaspersky Security Center actions, you must:
- Configure a Kaspersky Security Center API connection beforehand. The required parameters are described in the instructions for creating a Kaspersky Security Center connector in Lucidum https://lucidum.io/docs/kaspersky-security-center/.
NOTE. The specified account should have read and write permissions.
Workflows #
- Creating a new Configuration and a new Action
- Cloning an Existing Action
- Creating a new Action from the Location Results page
- Editing a Configuration
- Editing an Action
- Viewing Information about an Action
Kaspersky Security Center Configuration #
To create a configuration for Kaspersky Security Center actions:
-
Configuration Name. Identifier for the Configuration. This name will appear in the Lucidum Action Center.
-
Host. The host name or IP address of the Kaspersky Security Center server.
-
Port. The port of the Kaspersky Security Center server. The default value is 13299.
-
Username. The user name for a user account that has permission to fetch assets and write assets. For details on creating an account in Kaspersky Security Center and assigning access rights, see https://support.kaspersky.com/ksc/cloudconsole/en-us/239398.htm and https://support.kaspersky.com/ksc/cloudconsole/en-us/256412.htm. For details on authenticating in the API, see the section on Authenticated Session > Basic Authentication in https://support.kaspersky.com/help/KSC/15.1/KSCAPI/index.html.
-
Password. The password for a user account that has permissions to fetch assets and write assets. For details on creating an account in Kaspersky Security Center and assigning access rights, see https://support.kaspersky.com/ksc/cloudconsole/en-us/239398.htm and https://support.kaspersky.com/ksc/cloudconsole/en-us/256412.htm. For details on authenticating in the API, see the section on Authenticated Session > Basic Authentication in https://support.kaspersky.com/help/KSC/15.1/KSCAPI/index.html.
-
Max # of Records per Payload. The maximum number of records to send to Kaspersky Security Center in each action. The default value is “50”.
Create a New Action #
To create an action for Kaspersky Security Center, contact Lucidum customer care.
