About events in Kaspersky Security Center

Kaspersky Security Center allows you to receive information about events that occur during the operation of Administration Server and Kaspersky applications installed on managed devices. Information about events is saved in the Administration Server database. You can export this information to external SIEM systems. Exporting event information to external SIEM systems enables administrators of SIEM systems to promptly respond to security system events that occur on managed devices or administration groups.

Event types

In Kaspersky Security Center, there are the following types of events:

• General events. These events occur in all managed Kaspersky applications. An example of a general event is Virus outbreak. General events have strictly defined syntax and semantics. General events are used, for instance, in reports and dashboards.
• Managed Kaspersky applications-specific events. Each managed Kaspersky application has its own set of events.

Event sources

Events can be generated by the following applications:

• Kaspersky Security Center components:
  • Administration Server
  • Network Agent
  • iOS MDM Server
  • Exchange Mobile Device Server
• Managed Kaspersky applications

  For details about the events generated by Kaspersky managed applications, refer to the documentation of the corresponding application.

You can view the full list of events that can be generated by an application on the Event configuration tab in the application policy. For Administration Server, you can additionally view the event list in the Administration Server properties.

Importance level of events

Each event has its own importance level. Depending on the conditions of its occurrence, an event can be assigned various importance levels. There are four importance levels of events:

• A critical event is an event that indicates the occurrence of a critical problem that may lead to data loss, an operational malfunction, or a critical error.
• A functional failure is an event that indicates the occurrence of a serious problem, error or malfunction that occurred during operation of the application or while performing a procedure.
• A warning is an event that is not necessarily serious, but nevertheless indicates a potential problem in the future. Most events are designated as warnings if the application can be restored without loss of data or functional capabilities after such events occur.
• An info event is an event that occurs for the purpose of informing about successful completion of an operation, proper functioning of the application, or completion of a procedure.

Each event has a defined storage term, during which you can view or modify it in Kaspersky Security Center. Some events are not saved in the Administration Server database by default because their defined storage term is zero. Only events that will be stored in the Administration Server database for at least one day can be exported to external systems.

See also: Event types Scenario: configuring event export to SIEM systems Marking events of a Kaspersky application for export in Syslog format Marking general events for export in Syslog format

Page top