Kaspersky Unified Monitoring and Analysis Platform (034.2.1)

 

Who should attend

The course is aimed at technical support and presale engineers.

Prerequisites

Attendees must possess:

  • Basic understanding of networking technologies, such as TCP/IP, DNS, email, web
  • Basic Windows and Linux administering skills
  • Basic knowledge of information security principles
  • General understanding of regular expressions

Course Objectives

Kaspersky Unified Monitoring and Analysis Platform (KUMA) is a SIEM solution designed to collect, store, process, correlate and visualize a wide variety of data from different sources.

This course explains the architecture of the solution, introduces its capabilities and demonstrates how to install and configure it using examples.

Our course consists of theoretical materials that describe the principles of operation and configuration and hands-on labs that help provide practical experience.

Upon successful completion of the course, participants will be able to:

  • Deploy Kaspersky Unified Monitoring and Analysis Platform to demonstrate the solution
  • Configure receiving of events from different sources and in various formats
  • Fine-tune event normalization, aggregation and enrichment to meet customer requirements
  • Configure correlation rules to detect incidents
  • Configure integration with external systems to enrich events and respond to incidents
  • Handle incidents and analyze events
  • Configure notifications and generate reports

Course Content

1. Introduction to SIEM
2. KUMA architecture and operation principles
3. Deployment

  • Installation options: all-in-one, distributed, high availability

4. Collecting events

  • Collector operation principles, configuring connection and connector, receiving of events.

5. Normalization

  • KUMA data model, normalizer settings, data mutation, extra normalizers

6. Collector: event processing

  • Filtering, aggregation, enrichment.

7. Integrations

  • Integration with Kaspersky Security Center and working with assets
  • integration with LDAP and working with accounts
  • integration with Kaspersky Threat Lookup
  • Kaspersky CyberTrace
  • Kaspersky Endpoint Detection and Response

8. Working with events 9. Correlation

  • Correlation rule types, variables, active lists and retroscanning.

10. Working with alerts 11. Response

  • Response by running a script, Kaspersky Security Center task, or Kaspersky Endpoint Detection and Response task.

12. Reporting

  • Dashboard, reports, MITRE ATT&CK coverage, metrics

Prices & Delivery methods

Online Training

Duration
3 days

Price
  • on request
Book now
Enquire a date
Classroom Training

Duration
3 days

Price
  • on request
Book now
Enquire a date

Schedule

Currently there are no training dates scheduled for this course.

Enquire a date