Viewing information about KASAP users and changing learning groups

After configuring the integration between KASAP and KUMA, the following information from KASAP is available in OSMP Console when you view data about users associated with alerts or incidents:

You can view data about the KASAP user. To do this, you have to open a user details in one of the following ways:

To open a user details:

  1. In the main menu, go to the Monitoring & reporting section, and then select the Alerts or Incidents section.

    If you want to open a user details from a telemetry event, select the Alerts section.

    If you want to open a user details from an investigation graph, select the Incidents section.

  2. Click the ID of the required alert or incident.
  3. In the window that opens, do one of the following:
    • If you want to open a user details from a telemetry event, go to the Details tab, and either click the name of the required event, and select the user; or click the Find in Threat hunting button to go to the Threat Hunting section, and then select the required user.
    • If you want to open a user details from alert or incident details, go to the Assets tab, and then click the name of the required user.
    • If you want to open a user details from investigation graph, click the View on graph button. In the investigation graph that opens, click the name of the required user.

    The Account details window opens on the right side of the screen.

  4. Select the Cybersecurity courses tab.

    The window displays information about the KASAP user.

You can change the learning group of a KASAP user in one of the following ways:

You can also configure the response action to run automatically when creating or editing a playbook. In this case, if you move a user to the group for which the learning is not started, the user is not able to start learning.

To perform the response action, you must have one of the following XDR roles: Main administrator, Tenant administrator, Junior analyst, Tier 1 analyst, Tier 2 analyst.

To change the KASAP user learning group:

  1. In the main menu, go to the Monitoring & reporting section, and then select the Alerts or Incidents section.

    If you want to change the KASAP user learning group from a telemetry event, select the Alerts section.

    If you want to change the KASAP user learning group from an investigation graph, select the Incidents section.

  2. Click the ID of the required alert or incident.
  3. In the window that opens, do one of the following:
    • If you want to respond through a telemetry event, go to the Details tab, and either click the name of the required event, and then select the user; or click the Find in Threat hunting button to go to the Threat hunting section, and then select the required user.
    • If you want to respond through a user details, go to the Assets tab, and then click the name of the user.
    • If you want to respond through an investigation graph, click the View on graph button. In the investigation graph that opens, click the name of the user.

    The Account details window opens on the right side of the screen.

  4. In the Assign KASAP group drop-down list, select the KASAP learning group to which you want to assign the user.

    Recalculation of the KASAP user training plan may take up to 30 minutes. It is not advisable to change the KASAP learning group during this period.

The user is moved to the selected KASAP group. The KASAP company administrator receives a notification about the change in the learning group, and the study plan is recalculated for the selected learning group.

For details about learning groups and how to get started, refer to the KASAP documentation.

Page top