Managing users
It is possible for multiple users to have access to KUMA. Users are assigned user roles, which affect the tasks the users can perform. The same user may have different roles with different tenants.
You can create or edit user accounts under Settings → Users in the KUMA web interface. Users are also created automatically in the program if KUMA integration with Active Directory is enabled and the user is logging in to the KUMA web interface for the first time using their domain account.
The table of user accounts is displayed in the Users window of the KUMA web interface. You can use the Search field to look for users. You can sort the table based on the User information column by clicking the column header and selecting Ascending or Descending.
User accounts can be created, edited, or disabled. When editing user accounts (your own or the accounts of others), you can generate an API token for them.
By default, disabled user accounts are not displayed in the users table. However, they can be viewed by clicking the User information column and selecting the Disabled users check box.
To disable a user:
In the KUMA web interface, under Settings → Users, select the check box next to the relevant user and click Disable user.
User roles
KUMA users may have the following roles:
- General administrator—this role is designed for users who are responsible for the core functionality of KUMA systems. For example, they install system components, perform maintenance, work with services, create backups, and add users to the system. These users have full access to KUMA.
- Administrator—this role is for users responsible for the core functionality of KUMA systems owned by specific tenants.
- Analyst—this role is for users responsible for configuring the KUMA system to receive and process events of a specific tenant. They also create and tweak correlation rules.
- Operator—this role is for users dealing with immediate security threats of a specific tenant. A user with the operator role sees resources in a shared tenant through the REST API.
User roles rights
Web interface section and actions
General administrator
Administrator
Analyst
Operator
Comment
Reports
View and edit templates and reports
filled in
filled in
filled in
no
Analysts can:
View and edit templates and reports that they created themselves.
View reports sent to them by email.
View predefined templates.
Generate reports
filled in
filled in
filled in
no
Analysts can generate reports that they created themselves or that are predefined (from a template or report).
Analysts cannot generate reports sent to them by email.
Export generated reports
filled in
filled in
filled in
no
Analysts can export the following:
Reports that they created themselves.
Predefined reports.
Reports received by email.
Delete templates and generated reports
filled in
filled in
filled in
no
Analysts can delete the templates and reports that they generated themselves.
Analysts should not delete:
Predefined templates.
Reports received by email.
Only the general administrator can delete predefined templates and reports.
Edit the settings for generating reports
filled in
filled in
filled in
no
Analysts may change the settings for generating reports that they created themselves or that are predefined.
Duplicate report template
filled in
filled in
filled in
no
Analysts can duplicate predefined report templates and report templates that they created themselves.
Dashboard
View data on the dashboard and change layouts
filled in
filled in
filled in
filled in
Add layouts
filled in
filled in
filled in
no
This includes adding widgets to a layout.
Edit and rename layouts
filled in
filled in
filled in
no
This includes adding, editing, and deleting widgets.
Analysts may change/rename predefined layouts and layouts that were created using their account.
Delete layouts
filled in
filled in
filled in
no
Tenant administrators may delete layouts in the tenants available to them.
Analysts may delete layouts that were created using their account.
Only the general administrator can delete predefined layouts.
Resources → Services and Resources → Services → Active services
View the list of active services
filled in
filled in
filled in
no
Only the general administrator can view and delete storage spaces.
Access rights do not depend on the tenants selected in the menu.
View the contents of the active list
filled in
filled in
filled in
no
Import/export/clear the contents of the active list
filled in
filled in
filled in
no
Create a set of resources for services
filled in
filled in
filled in
no
Analysts cannot create storages.
Create a service under Resources → Services → Active services
filled in
filled in
no
no
Delete services
filled in
filled in
no
no
Restart services
filled in
filled in
no
no
Update the settings of services
filled in
filled in
filled in
no
Reset certificates
filled in
filled in
no
no
A user with the administrator role can reset the certificates of services only in the tenants that are accessible to the user.
Resources → Resources
View the list of resources
filled in
filled in
filled in
no*
Analysts cannot view the list of secret resources, but these resources are available to them when they create services.
Add resources
filled in
filled in
filled in
no
Analysts cannot add secret resources.
Edit resources
filled in
filled in
filled in
no
Analysts cannot change secret resources.
Create/edit/delete resources in a shared tenant
filled in
no
no
no
Delete resources
filled in
filled in
filled in
no
Analysts cannot delete secret resources.
Import resources
filled in
filled in
filled in
no
Only the general administrator can import resources to a shared tenant.
Export resources
filled in
filled in
filled in
no
This includes resources from a shared tenant.
View/edit collector or correlator drafts
filled in
filled in
filled in
no
The user may only access their own drafts, regardless of the selected tenant. The list of drafts is generated based on those that belong to the user.
Sources status → List of event sources
View sources of events
filled in
filled in
filled in
filled in
Change sources of events
filled in
filled in
filled in
no
Edit source name, assign monitoring policy, disable monitoring policy.
Delete sources of events
filled in
filled in
filled in
no
Sources status → Monitoring policies
View monitoring policies
filled in
filled in
filled in
filled in
Create monitoring policies
filled in
filled in
filled in
no
Edit monitoring policies
filled in
filled in
filled in
no
Only the general administrator can edit the predefined monitoring policies.
Delete monitoring policies
filled in
filled in
filled in
no
Predefined policies cannot be removed.
Assets
View assets and asset categories
filled in
filled in
filled in
filled in
This includes shared tenant categories.
Add/edit/delete asset categories
filled in
filled in
filled in
no
Within the tenant available to the user.
Add asset categories in a shared tenant
filled in
no
no
no
This includes editing and deleting shared tenant categories.
Link assets to an asset category of the shared tenant
filled in
filled in
filled in
no
Add assets
filled in
filled in
filled in
no
Edit assets
filled in
filled in
filled in
no
Delete assets
filled in
filled in
filled in
no
Import assets from Kaspersky Security Center
filled in
filled in
filled in
no
Start tasks on assets in Kaspersky Security Center
filled in
filled in
filled in
no
Run tasks on Kaspersky Endpoint Detection and Response assets
filled in
filled in
filled in
no
Alerts
View the list of alerts
filled in
filled in
filled in
filled in
Change the severity of alerts
filled in
filled in
filled in
filled in
Open the details of alerts
filled in
filled in
filled in
filled in
Assign responsible users
filled in
filled in
filled in
filled in
Close alerts
filled in
filled in
filled in
filled in
Add comments to alerts
filled in
filled in
filled in
filled in
Attach an event to alerts
filled in
filled in
filled in
filled in
Detach an event from alerts
filled in
filled in
filled in
filled in
Edit and delete someone else's filters
filled in
filled in
no
no
Incidents
View the list of incidents
filled in
filled in
filled in
filled in
Create blank incidents
filled in
filled in
filled in
filled in
Manually create incidents from alerts
filled in
filled in
filled in
filled in
Change the severity of incidents
filled in
filled in
filled in
filled in
Open the details of incidents
filled in
filled in
filled in
filled in
Incident details display data from only those tenants to which the user has access.
Assign executors
filled in
filled in
filled in
filled in
Close incidents
filled in
filled in
filled in
filled in
Add comments to incidents
filled in
filled in
filled in
filled in
Attach alerts to incidents
filled in
filled in
filled in
filled in
Detach alerts from incidents
filled in
filled in
filled in
filled in
Edit and delete someone else's filters
filled in
filled in
no
no
Export incidents to RuCERT
filled in
filled in
filled in
filled in
Events
View the list of events
filled in
filled in
filled in
filled in
Search events
filled in
filled in
filled in
filled in
Open the details of events
filled in
filled in
filled in
filled in
Open statistics
filled in
filled in
filled in
filled in
Conduct a retroscan
filled in
filled in
filled in
no
Export events to a TSV file
filled in
filled in
filled in
filled in
Edit and delete someone else's filters
filled in
filled in
no
no
Start ktl enrichment
filled in
filled in
filled in
no
Run tasks on Kaspersky Endpoint Detection and Response assets in event details
filled in
filled in
filled in
no
Settings → Users
This section is available only to the general administrator.
View the list of users
filled in
no
no
no
Add a user
filled in
no
no
no
Edit a user
filled in
no
no
no
View the data of their own profile
filled in
filled in
filled in
filled in
Edit the data of their own profile
filled in
filled in
filled in
filled in
The user role is not available for change.
Settings → LDAP server
View the LDAP connection settings
filled in
filled in
no
no
Edit the LDAP connection settings
filled in
filled in
no
no
Settings → Tenants
This section is available only to the general administrator.
View the list of tenants
filled in
no
no
no
Add tenants
filled in
no
no
no
Change tenants
filled in
no
no
no
Disable tenants
filled in
no
no
no
Settings → Domain authorization
This section is available only to the general administrator.
View the Active Directory connection settings
filled in
no
no
no
Edit the Active Directory connection settings
filled in
no
no
no
Add filters based on roles for tenants
filled in
no
no
no
Settings → General
This section is available only to the general administrator.
View the SMTP connection settings
filled in
no
no
no
Edit the SMTP connection settings
filled in
no
no
no
Settings → License
This section is available only to the general administrator.
View the list of added license keys
filled in
no
no
no
Add license keys
filled in
no
no
no
Delete license keys
filled in
no
no
no
Settings → Kaspersky Security Center
View the list of successfully integrated Kaspersky Security Center servers
filled in
filled in
no
no
Add Kaspersky Security Center connections
filled in
filled in
no
no
Delete Kaspersky Security Center connections
filled in
filled in
no
no
Settings → Kaspersky CyberTrace
This section is available only to the general administrator.
View the CyberTrace integration settings
filled in
no
no
no
Edit the CyberTrace integration settings
filled in
no
no
no
Settings → IRP / SOAR
This section is available only to the general administrator.
View the settings for integration with IRP / SOAR
filled in
no
no
no
Edit the settings for integration with IRP / SOAR
filled in
no
no
no
Settings → Kaspersky Threat Lookup
This section is available only to the general administrator.
View the Threat Lookup integration settings
filled in
no
no
no
Edit the Threat Lookup integration settings
filled in
no
no
no
Settings → Alerts
View the parameters
filled in
filled in
filled in
no
Edit the parameters
filled in
filled in
filled in
no
Settings → Incidents → Automatic linking of alerts to incidents
See the settings
filled in
no
no
no
Edit the settings
filled in
no
no
no
Settings → Incidents → Incident types
View the categories reference
filled in
filled in
no
no
View the categories charts
filled in
filled in
no
no
Add categories
filled in
filled in
no
no
Available if the user has the administrator role in at least one tenant.
Edit categories
filled in
filled in
no
no
Available if the user has the administrator role in at least one tenant.
Delete categories
filled in
filled in
no
no
Available if the user has the administrator role in at least one tenant.
Settings → RuCERT
View the parameters
filled in
no
no
no
Edit the parameters
filled in
no
no
no
Settings → Hierarchy
View the parameters
filled in
no
no
no
Edit the parameters
filled in
no
no
no
View incidents from child nodes
filled in
filled in
filled in
filled in
Metrics
Open metrics
filled in
no
no
no
Task manager
View a list of your own tasks
filled in
filled in
filled in
filled in
The section and tasks are not tied to a tenant. The tasks are available only to the user who created them.
Finish your own tasks
filled in
filled in
filled in
filled in
Restart your own tasks
filled in
filled in
filled in
filled in
View a list of all tasks
filled in
no
no
no
Finish any task
filled in
no
no
no
Restart any task
filled in
no
no
no
CyberTrace
This section is not displayed in the web interface unless CyberTrace integration is configured under Settings → CyberTrace.
Open the section
filled in
no
no
no
Access to the data of tenants
Access to tenants
filled in
filled in
filled in
filled in
A user has access to the tenant if its name is indicated in the settings blocks of the roles assigned to the user account. The access level depends on which role is indicated for the tenant.
Shared tenant
filled in
filled in
filled in
filled in
A shared tenant is used to store shared resources that must be available to all tenants.
Although services cannot be owned by the shared tenant, these services may utilize resources that are owned by the shared tenant. These services are still owned by their respective tenants.
Events, alerts and incidents cannot be shared.
Permissions to access the shared tenant:
- Read/write—only the general administrator.
- Read—all other users, including users that have permissions to access the main tenant.
Main tenant
filled in
filled in
filled in
filled in
A user has access to the main tenant if its name is indicated in the settings blocks of the roles assigned to the user account. The access level depends on which role is indicated for the tenant.
Permissions to access the main tenant do not grant access to other tenants.
Creating a user
To create a user account:
- In the KUMA web interface, open Settings → Users.
In the right part of the Settings section the Users table will be displayed.
- Click the Add user button and set the parameters as described below.
- Name (required)—enter the user name. Must contain from 1 to 128 Unicode characters.
- Login(required) – enter a unique user name for the user account. Must contain from 3 to 64 characters (only a–z, A–Z, 0–9, . \ - _).
- Email (required)—enter the unique email address of the user. Must be a valid email address.
- New password (required)—enter the password to the user account. Password requirements:
- 8 to 128 characters long.
- At least one lowercase character.
- At least one uppercase character.
- At lease one numeral.
- At least one of the following special characters: !, @, #, %, ^, &, *.
- Confirm password (required)—enter the password again for confirmation.
- Disabled—select this check box if you want to disable a user account. By default, this check box is cleared.
- In the Tenants for roles settings block, use the Add field buttons to specify which roles the user will perform on which tenants. Although a user can have different roles on different tenants, the user can have only one role on the same tenant.
- Receive email notifications—select this check box if you want the user to receive SMTP notifications from KUMA.
- Select the Can interact with RuCERT check box if you want the user to be able to export incidents to RuCERT. Only a user with the General Administrator role can select this check box.
- Select the General administrators group check box if you want to assign the general administrator role to the user. Users with the general administrator role can change the settings of other user accounts. By default, this check box is cleared.
- Click Save.
The user account will be created and displayed in the Users table.
Page topEditing user
To edit a user:
- In the KUMA web interface, open Settings → Users.
In the right part of the Settings section the Users table will be displayed.
- Select the relevant user and change the necessary settings in the user details area that opens on the right.
- Name (required)—edit the user name. Must contain from 1 to 128 Unicode characters.
- Login(required) – enter a unique user name for the user account. Must contain from 3 to 64 characters (only a–z, A–Z, 0–9, . \ - _).
- Email (required)—enter the unique email address of the user. Must be a valid email address.
- Disabled—select this check box if you want to disable a user account. By default, this check box is cleared.
- In the Tenants for roles settings block, use the Add field buttons to specify which roles the user will perform on which tenants. Although a user can have different roles on different tenants, the user can have only one role on the same tenant.
- Receive email notifications—select this check box if you want the user to receive SMTP notifications from KUMA.
- Select the Can interact with RuCERT check box if you want the user to be able to export incidents to RuCERT. Only a user with the General Administrator role can select this check box.
- Select the General administrators group check box if you want to assign the general administrator role to the user. Users with the general administrator role can change the settings of other user accounts. By default, this check box is cleared.
- If you need to change the password, click the Change password button and fill in the fields described below in the opened window. When finished, click OK.
- Current password (required)—enter the current password of your user account. The field is available if you change your account password.
- New password (required)—enter a new password to the user account. Password requirements:
- 8 to 128 characters long.
- At least one lowercase character.
- At least one uppercase character.
- At lease one numeral.
- At least one of the following special characters: !, @, #, %, ^, &, *.
- Confirm password (required)—enter the password again for confirmation.
- If necessary, use the Generate token button to generate an API token. Clicking this button displays the token creation window.
- If necessary, configure the operations available to the user via the REST API by using the API access rights button.
- Click Save.
The user account will be changed.
Page topEditing your user account
To edit your user account:
- Open the KUMA web interface, click the name of your user account in the bottom-left corner of the window and click the Profile button in the opened menu.
The User window with your user account parameters opens.
- Make the necessary changes to the parameters:
- Name (required)—enter the user name. Must contain from 1 to 128 Unicode characters.
- Login(required) – enter a unique user name for the user account. Must contain from 3 to 64 characters (only a–z, A–Z, 0–9, . \ - _).
Email (required)—enter the unique email address of the user. Must be a valid email address.
- Receive email notifications—select this check box if you want to receive SMTP notifications from KUMA.
- Display non-printable characters—select this check box if you want the KUMA web interface to display non-printing characters such as spaces, tab characters, and line breaks.
Spaces and tab characters are displayed in all input fields (except Description), in normalizers, correlation rules, filters and connectors, and in SQL queries for searching events in the Events section.
Spaces are displayed as dots.
A tab character is displayed as a dash in normalizers, correlation rules, filters and connectors. In other fields, a tab character is displayed as one or two dots.
Line break characters are displayed in all input fields that support multi-line input, such as the event search field.
If the Display non-printable characters check box is selected, you can press Ctrl/Command+* to enable and disable the display of non-printing characters.
- If you need to change the password, click the Change password button and fill in the fields described below in the opened window. When finished, click OK.
- Current password (required)—enter the current password of your user account.
- New password (required)—enter a new password to your account. Password requirements:
- 8 to 128 characters long.
- At least one lowercase character.
- At least one uppercase character.
- At lease one numeral.
- At least one of the following special characters: !, @, #, %, ^, &, *.
- Confirm password (required)—enter the password again for confirmation.
- If necessary, use the Generate token button to generate an API token. Clicking this button displays the token creation window.
- If necessary, configure the operations that are available via the REST API by using the API access rights button.
- Click Save.
Your user account is changed.
Page top