Configuring KUMA collector for collecting Kaspersky Security Center events

After configuring the export of events in the CEF format from Kaspersky Security Center Administration Server, configure the collector in the KUMA web interface.

To configure the KUMA Collector for Kaspersky Security Center events:

1. In the KUMA web interface, select Resources → Collectors.
2. In the list of collectors, find the collector with the [OOTB] KSC normalizer and open it for editing.
3. At the Transport step, in the URL field, specify the port to be used by the collector to receive Kaspersky Security Center events.

   The port must match the port of the KUMA SIEM system server.

4. At the Event parsing step, make sure that the [OOTB] KSC normalizer is selected.
5. At the Routing step, make sure that the following destinations are added to the collector resource set:
   • Storage. To send processed events to the storage.
   • Correlator. To send processed events to the correlator.

   If the Storage and Correlator destinations were not added, create them.

6. At the Setup validation tab, click Create and save service.
7. Copy the command for installing the KUMA collector that appears.