RuCERT integration
In the KUMA web interface, you can create a connection to the National Computer Incident Response & Coordination Center Incidents (hereinafter referred to as "RuCERT"). This will let you export incidents registered by KUMA to RuCERT. Integration is configured under Settings → RuCERT in the KUMA web interface.
Data in KUMA and RuCERT is synchronized every 5-10 minutes.
To create a connection to RuCERT:
- In the KUMA web interface, open Settings → RuCERT.
- In the URL field, enter the URL for accessing RuCERT.
- In the Token settings block, create or select an existing secret with the API token that was issued to your organization for a connection to RuCERT:
- If you already have a secret, you can select it from the drop-down list.
- If you want to create a new secret:
- Click the button and specify the following settings:
- Name (required)—unique name of the service you are creating. The name must contain 1 to 128 Unicode characters.
- Token (required)—token that was issued to your organization for a connection to RuCERT.
- Description—service description: up to 256 Unicode characters.
- Click Save.
The secret containing the token for connecting to RuCERT will be created. It is saved under Resources → Secrets and is owned by the main tenant.
- Click the button and specify the following settings:
The selected secret can be changed by clicking on the button.
- In the Affected system function drop-down list, select the area of activity of your organization.
- In the Company field, indicate the name of your company. This data will be forwarded to RuCERT when incidents are exported.
- Use the Location drop-down list to specify where your company is located. This data will be forwarded to RuCERT when incidents are exported.
- If necessary, under Proxy, create or select an existing proxy server that must be used when connecting to RuCERT.
- Click Save.
KUMA is now integrated with RuCERT. Now you can export incidents to it. You can click the Test connection button to make sure that a connection with RuCERT is established.
You can use the Disabled check box to enable or disable integration.
Possible errors
If the "https://lk.cert.gov.ru/api/v2/incidents? x509: certificate signed by unknown authority" error is returned when you configure integration with RuCERT, use commands of your operating system to install and trust the following certificates of intermediate certification authorities to the KUMA Core server:
- The ISRG Root X1 certificate can be downloaded from https://letsencrypt.org/certs/isrgrootx1.der
- The R3 certificate can be downloaded from https://letsencrypt.org/certs/lets-encrypt-r3.der
For details on installing certificates, refer to the vendor documentation for your operating system.
After installing the certificate, restart the Core server and continue configuring the integration with RuCERT.