You can use the CEF and LEEF formats to export to SIEM systems general events, as well as the events transferred by Kaspersky applications to the Administration Server. The set of export events is predefined, and you cannot select the events to be exported.
To export events over the CEF and LEEF protocols, the Integration with the SIEM systems feature must be activated in Administration Server by using an active license key or valid activation code.
Select the format of export on the basis of the SIEM system used. The table below shows SIEM systems and the corresponding formats of export.
Formats of event export to a SIEM system
SIEM system |
Format of export |
---|---|
QRadar |
LEEF |
ArcSight |
CEF |
Splunk |
CEF |
Automatic export means that Kaspersky Security Center sends general events to the SIEM system. Automatic export of events starts immediately after you enable it. This section explains in detail how to enable automatic event export.