UserGate integration

This integration is an example and may require additional configuration depending on the versions used and the specifics of the infrastructure.
The terms and conditions of premium technical support do not apply to this integration; support requests are processed without a guaranteed response time.

UserGate is a network infrastructure security solution that protects personal information from the risks of external intrusions, unauthorized access, viruses, and malware.

Integration with UserGate allows automatically blocking threats by IP address, URL, or domain name whenever KUMA response rules are triggered.

Configuring the integration involves the following steps:

1. Configuring integration in UserGate
2. Preparing a script for the response rule
3. Configuring the KUMA response rule

Configuring integration in UserGate

To configure integration in UserGate:

1. Connect to the UserGate web interface under an administrator account.
2. Go to UserGate → Administrators → Administrator profiles, and click Add.
3. In the Profile settings window, specify the profile name, for example, API.
4. On the API Permissions tab, add read and write permissions for the following objects:
   • content
   • core
   • firewall
   • nlists
5. Click Save.
6. In the UserGate → Administrators section, click Add → Add local administrator.
7. In the Administrator properties window, specify the login and password of the administrator.

   In the Administrator profile field, select the profile created at step 3.

8. Click Save.
9. In the address bar of your browser, after the address and port of UserGate, add ?features=zone-xml-rpc and press ENTER.
10. Go to the Network → Zones section and for the zone of the interface that you want to use for API interaction, go to the Access Control tab and select the check box next to the XML-RPC for management service.

    If necessary, you can add the IP address of the KUMA correlator whose correlation rules must trigger blocking in UserGate, to the list of allowed addresses.

11. Click Save.

Preparing a script for integration with UserGate

To prepare a script for use:

1. Copy the ID of the correlator whose correlation rules you want to trigger blocking of URL, IP address, or domain name in UserGate:
   1. In the KUMA Console, go to the Resources → Active services.
   2. Select the check box next to the correlator whose ID you want to obtain, and click Copy ID.

      The correlator ID is copied to the clipboard.

2. Download the script:

   https://box.kaspersky.com/d/2dfd1d677c7547a7ac1e/

3. Open the script file and in the Enter UserGate Parameters section, in the login and password parameters, specify the credentials of the UserGate administrator account that was created at step 7 of configuring the integration in UserGate.
4. Place the downloaded script on the KUMA correlator server at the following path: /opt/kaspersky/kuma/correlator/<correlator ID from step 1>/scripts/.
5. Connect to the correlator server via SSH and go to the path from step 4:

   cd /opt/kaspersky/kuma/correlator/<correlator ID from step 1>/scripts/

6. Run the following command:

   chmod +x ug.py && chown kuma:kuma ug.py

The script is ready to use.

Configuring a response rule for integration with UserGate

To configure a response rule:

1. Create a response rule:
   1. In the KUMA Console, select the Resources → Response rules section and click Add response rule.
   2. This opens the Create response rule window; in that window, in the Name field, enter the name of the rule.
   3. In the Tenant drop-down list, select the tenant that owns the resource.
   4. In the Type drop-down list, select Run script.
   5. In the Script name field, enter the name of the script. ug.py.
   6. In the Script arguments field, specify:
      • one of the operations depending on the type of the object being blocked:
        • blockurl to block access by URL
        • blockip to block access by IP address
        • blockdomain to block access by domain name
      • -i {{<KUMA field from which the value of the blocked object must be taken, depending on the operation>}}

        Example: blockurl -i {{.RequetstUrl}}

   7. In the Conditions section, add conditions corresponding to correlation rules that require blocking in UserGate when triggered.
   8. Click Save.
2. Add the response rule to the correlator:
   1. In the Resources → Correlators section, select the correlator that must respond and in whose directory you placed the script.
   2. In the steps tree, select Response rules.
   3. Click Add.
   4. In the Response rule drop-down list, select the rule added at step 1 of these instructions.
   5. In the steps tree, select Setup validation.
   6. Click Save and reload services.
   7. Click the Save button.

The response rule is linked to the correlator and ready to use.