Combining several messages of the same type from the event source into a single event.
A group of servers on which the KUMA program has been installed and that have been clustered together for centralized management using the program's web interface.
A KUMA service that receives events from event sources, converts them, and transmits them to other program components for further processing.
A KUMA resource that ensures transport for receiving data from external systems.
The conversion of the textual representation of an event using dictionaries, constants, calls to the DNS service, and other tools.
An instance of security-related activity of network devices and services that can be seen and recorded. For example, events include violations of the information security policy, the disabling of security measures, the occurrence of an unprecedented situation, etc.
The set of conditions the program uses to select events for further processing.
A KUMA service that provides a user interface to configure and track KUMA operations.
A TCP and UDP protocol setting that defines the destination of IP-format data packets that are transmitted to a host over a network and allows various programs running on the same host to receive the data independently of each other. Each program processes the data sent to a specific port (sometimes it is said that the program listens to this port number).
It's standard practice to assign standard port numbers to certain common network protocols (for example, web servers usually receive data over HTTP on TCP port 80), although in general a program can use any protocol on any port. Possible values: from 1 to 65535.
A process that formats data received from an event in accordance with the fields of the KUMA event data model. During normalization, certain rules for changing the data may be executed (for example, changing upper case characters to lower case, replacing characters, etc.).
A set of access privileges established to grant the KUMA web interface user the authority to perform tasks.
A system for controlling process access to operating system resources based on the use of security policies.
Security Information and Event Management system. A solution for managing information and events in a company's security system.
Text exchange protocol enhancement that lets you create an encrypted connection (TLS or SSL) directly over an ordinary TCP connection instead of opening a separate port for the encrypted connection.
UserPrincipalName (UPN)—user name in email address format, such as username@domain.com.
The UPN must match the actual email address of the user. In this example, username is the user name in the Active Directory domain (user logon name), and domain.com is the UPN suffix. They are separated by the @ character. The DNS name of the Active Directory domain is used as the default UPN suffix in Active Directory.