Configuring events of Kaspersky Sandbox

To configure Kaspersky Sandbox events:

1. In the main window of Web Console, select the Devices → Policies & profiles section.
2. Click KSB.
3. This opens a window; in this window, select the Event settings tab.

   Events are grouped in sections in accordance with severity levels:

   • Critical
   • Functional failure
   • Warning
   • Informational message

   Each section displays a list of event types. By default, the storage duration of events on the Administration Server is specified in days.

4. Select the event that you want to configure.
5. This opens the event properties window; in that window, configure the following:
   1. Under Event logging, enter the expiration time of stored events in days and select one or more event storage types:
      • Store in the Administration Server database for (days).
      • Export to the SIEM system over the Syslog protocol.
      • Store in the OS event log on the client device.
      • Store in the OS event log on the Administration Server.
   2. Under Event notifications, select one or more event notification methods:
      • Notify by email.
      • Notify by SMS.
      • Notify by launching an executable file or script.
      • Notify by SNMP.

        For details about configuring event notifications, see Kaspersky Security Center Online Help.

Event configuration is complete.

See also Installing the Kaspersky Sandbox management web plug-in Configuring Kaspersky Sandbox device status display Getting started with Kaspersky Sandbox in Kaspersky Security Center Web Console Viewing information about Kaspersky Sandbox and the database update status Going to the Kaspersky Sandbox web interface Viewing Kaspersky Sandbox license information Displaying information about the Kaspersky Sandbox management web plug-in Viewing the threat report Monitoring the processing of objects received from Kaspersky Endpoint Security

Page top