Configuring integration with an SIEM system

Kaspersky Anti Targeted Attack Platform can publish information about user actions in the application web interface as well as alerts to your organization's SIEM system using the Syslog protocol.

You can use TLS encryption for data transmission.

If you have deployed the Central Node and Sensor components as a cluster, you can configure high availability integration with an external system using one of the following options:

• Using the Round Robin function.
• Configure the settings of the external system so that the external system switches between the IP addresses of the cluster servers if a network error occurs.

To configure high availability integration with an external system using the Round Robin function:

1. Configure Round Robin on the DNS server for the domain name corresponding to the Central Node cluster.
2. Specify this domain name in the mail server settings.

Integration with the external system is configured based on the domain name. The external system will communicate with a random server in the cluster. If this server fails, the external system will communicate with another healthy server in the cluster.

Watch a video tutorial on how to configure integration with a SIEM system. You can play the video on the Help page (see below) or follow the link https://youtu.be/VND6fRUzscw?si=wTj8zrI7r74cJ4uI.

Configuring Central Node to export KATA and KEDR Expert events to KUMA

In this section Enabling and disabling information logging to a remote log Configuring the main settings for SIEM system integration Uploading a TLS certificate Enabling and disabling TLS encryption of the connection with the SIEM system Content and properties of syslog messages about detections

Page top