Configuring delivery of MQTT notifications through the Kaspersky Security Center 13.2 Web Console
Kaspersky IoT Secure Gateway 1000 can send notifications about security events and audit events over the MQTT protocol. You can configure delivery of MQTT notifications through the Kaspersky Security Center 13.2 Web Console.
To enable forwarding of MQTT notifications through the Kaspersky Security Center 13.2 Web Console:
In the main window of the Web Console, select Devices → Managed devices.
Click the name of the device where Kaspersky IoT Secure Gateway 1000 is running. If the device name is not on the list, add it to the Managed devices group.
In the device properties window that opens, select the Applications tab.
Press Kaspersky IoT Secure Gateway.
This opens a window containing information about Kaspersky IoT Secure Gateway 1000.
Select the Application settings tab.
Select Notifications → MQTT notifications.
Set the toggle button to MQTT notifications enabled.
In the Server address field, enter the IP address of the utilized MQTT server.
In the Port field, enter the port number used for the connection with the MQTT server.
You can use ports 1883 and 8883 to connect Kaspersky IoT Secure Gateway 1000 to an MQTT server residing in the internal network.
You can use port 8883 to connect Kaspersky IoT Secure Gateway 1000 to an MQTT server residing in an external network.
In the MQTT topic name field, specify the name of the MQTT topic for sending notifications.
If you need to send notifications about audit events from a specific user, set the Use authentication toggle button to the enabled position and fill in the User name and Password fields. You can contact the administrator of the utilized MQTT server to find out the account credentials of the user that will serve as the source of the sent notifications.
Sending notifications from a specific user is disabled by default.
If you need to use a secure SSL connection, set the Use secure SSL connection toggle button to the enabled position and do the following:
Upload a certificate issued by a Certificate Authority. To do so, click the Upload certificate button and select a certificate file on the local device.
Information about the uploaded certificate from a Certificate Authority will be displayed on the page.
Loading widely known Certification Authority certificates is not recommended, as all servers that use certificates signed by these Certification Authority certificates will be trusted. This situation will lead to Kaspersky IoT Secure Gateway 1000 being compromised.
Upload the client certificate. To do so, click the Upload client certificate button and select a certificate file on the local device.
Information about the uploaded client certificate will be displayed on the page.
Upload a key for the client certificate. To do so, click the Upload key button and select a key file on the local device.
Use of a secure SSL connection is disabled by default.
Click Save in the lower part of the page to save the changes.
Kaspersky IoT Secure Gateway 1000 will send notifications about security events and audit events over the MQTT protocol.