Configuring receipt of VMware vCenter events

You can configure the receipt of VMware vCenter events in the KUMA SIEM system.

Configuring event receiving consists of the following steps:

1. Configuring the connection to VMware vCenter.
2. Creating a KUMA collector for receiving VMware vCenter events.

   To receive VMware vCenter events, in the collector installation wizard, at the Transport step, select the vmware connector type. Specify the required settings:

   • The URL at which the VMware API is available, for example, https://vmware-server.com:6440.
   • VMware credentials — a secret that specifies the username and password for connecting to the VMware API.

   At the Event parsing step, select the [OOTB] VMware vCenter API normalizer.

3. Installing a KUMA collector for receiving VMware vCenter events.
4. Verifying receipt of VMware vCenter events in the KUMA collector.

   You can verify that the VMware vCenter event source server is correctly configured in the Searching for related events section of the KUMA Console.

Configuring the connection to VMware vCenter

To configure a connection to VMware vCenter to receive events:

1. Connect to the VMware vCenter web interface under a user account that has administrative privileges.
2. Go to the Security&Users section and select Users.
3. Create a user account.
4. Go to the Roles section and assign the "Read-only: See details of objects role, but not make changes" role to the created account.

   You will use the credentials of this user account in the secret of the collector.

   For details about creating user accounts, refer to the VMware vCenter documentation.

The connection to VMware vCenter for receiving events is configured.