Enabling integration with a SIEM system

To enable integration with Kaspersky Industrial CyberSecurity for Networks:

  1. Do one of the following:
    • To configure the SIEM integration settings for a group of protected devices, open the application policy properties window.
    • To configure the SIEM integration settings for an individual protected device, open the application settings for the device.
  2. In the Telemetry collection servers section, select Integration with SIEM.

    The Integration with SIEM window opens.

  3. In the Connection settings section, use the corresponding check box to enable integration with a SIEM system.
  4. In the List of SIEM servers settings block, add the settings for connecting to one or more SIEM servers:
    1. Click the Add button.

      The SIEM server settings window opens.

    2. In the corresponding field, enter the domain name or IP address of the SIEM server.
    3. In the Port field, enter the port for connecting to the SIEM server.
    4. In the Protocol drop-down list, select the protocol used for data transfer between Kaspersky Endpoint Agent and the SIEM server.
    5. Click Add.

      The settings for connecting to the SIEM server will be displayed in the List of SIEM servers settings block.

    6. If necessary, repeat steps a – e to add settings for connecting to other SIEM servers.

    Kaspersky Endpoint Agent connects to the first SIEM server in the list. If the connection does not succeed, Kaspersky Endpoint Agent connects to the second SIEM server and so on down the list.

  5. In the upper right corner of the settings group, change the switch from Undefined to Enforce.

    The default switch position is Enforce.

  6. Click OK.

Integration with SIEM will be enabled immediately after the policy is applied.

See also

Integration with a SIEM system
Page top