Configuring a secure connection with a SIEM server

Support

Support for business applications

Kaspersky Endpoint Agent

Managing Kaspersky Endpoint Agent using Kaspersky Security Center Administration Console

Configuring Kaspersky Endpoint Agent settings

Configuring integration between Kaspersky Endpoint Agent and a SIEM system.

Configuring a secure connection with a SIEM server

November 17, 2023

ID 265773

To configure a trusted connection with a SIEM server:

Expand the Managed devices node in the Kaspersky Security Center Administration Console tree.
Select the administration group for which you want to configure application settings.
Perform one of the following actions in the details pane of the selected administration group:
- To configure application settings for a group of protected devices, select the Policies tab and open the Properties: <Policy name> window.
  1. In the tree of Kaspersky Security Center Administration Console, expand the Managed devices node.
  2. Expand the administration group whose policy settings you want to configure, and select the Policies tab in the results pane.
  3. Select the policy you want to configure.
  4. Open the Properties: <Policy name> window in one of the following ways:
    - Select the Properties option in the context menu of the policy.
    - Click the Configure policy settings link in the results pane of the selected policy.
    - Double-click the required policy.
    The Properties: <Policy name> window opens.
- To configure the settings of a task or application for an individual protected device, select the Devices tab and go to the settings of a local task or the application settings.
In the Telemetry collection servers section, select the SIEM integration subsection.
In the Connection settings block, select the Use TLS encryption check box to encrypt data transfer between Kaspersky Endpoint Agent and the SIEM server.
If you want to configure additional connection protection using a pinned TLS certificate:
1. Select the Use pinned certificate to secure connection check box.
2. Add a TLS certificate:
  1. Click the Add new TLS certificate button.
    The Adding TLS certificate window will open.
  2. Do one of the following:
    - Click Browse, and in the window that opens, select the certificate file and click Open.
    - Copy and paste the contents of the certificate file to the TLS certificate data field.
  3. Click Add.
  Information about the added TLS certificate is shown in the TLS certificate data group of settings.
If you want to configure additional connection protection using a user certificate:
1. Click the Add client certificate button.
  The Secure with client certificate window opens.
2. Select the Secure connection with client certificate check box.
3. Click the Upload button.
4. In the window that opens, select the PFX file that stores the client certificate in encrypted form.
5. Click Open.
6. In the Cryptocontainer password field, enter the password for the PFX file.
7. Click OK.
In the upper right corner of the settings group, change the switch from Policy not enforced to Under policy.
Click OK.

A secure connection with the SIEM server is configured.