[OOTB] KUMA package - ENG
<html lang="en">
<body>
  
  <p>	
	The correlation rules package for monitoring Kaspersky Unified Monitoring and Analysis Platform (KUMA) events allows to identify potentially dangerous actions in the internal audit events.<br>
	Application events are used to detect anomalies in the behavior of privileged users, such as failed login attempts, connections from non-standard IP addresses and the use of previously unknown accounts. Critical changes in application settings are also monitored, including account management. These changes may indicate an attempt to gain unauthorized access or bypass security mechanisms for further attacks on the company's infrastructure. Additionally, the package contains rule for service monitoring.<br>
	<br>
	For the rules to function correctly, the audit settings must be verified to ensure the event logs contain a sufficient level of detail.
  </p>

</body>
</html>