Configuring Kaspersky Security Center for export of events to a SIEM system

Expand all | Collapse all

To export events to a SIEM system, you have to configure the process of export in the Kaspersky Security Center Web Console.

To configure export to SIEM systems in the Kaspersky Security Center Web Console:

  1. In the main menu, click the settings icon () next to the name of the required Administration Server.

    The Administration Server properties window opens.

  2. On the General tab, select the Export to SIEM section.
  3. Click the Settings link.

    The Export settings section opens.

  4. Specify the settings in the Export settings section:
    • SIEM system server address
    • SIEM system port
    • Protocol
    • Data format

    If you select the System log data format, you must specify:

    • Maximum message size, in bytes
  5. If you want, you can export archived events from the Administration Server database and set the start date from which you want to start the export of archived events:
    1. Click the Set the export start date link.
    2. In the section that opens, specify the start date in the Start date of system events export field.
    3. Click the OK button.
  6. Switch the option to the Automatically export events to SIEM system database Enabled position.
  7. To check that the SIEM system connection is successfully configured, click the Check connection button.

    The connection status will be displayed.

  8. Click the Save button.

Export to SIEM system is configured.

See also:

Scenario: Configuring event export to SIEM systems

Page top