Scenario: Configuring event export to SIEM systems

This section provides a scenario for configuring the export of events from Administration Server to external SIEM systems. Exporting information about events to external SIEM systems enables administrators of SIEM systems to respond promptly to security system events that occur on a managed device or groups of devices.

Prerequisites

Before you start configuring the export of events in the Kaspersky Security Center Cloud Console:

• Learn more about the methods of event export.
• Make sure that you know the values of the system settings.

You can perform the steps of this scenario in any order.

Stages

The process of the export of events to a SIEM system consists of the following stages:

• Configuring the SIEM system to receive events from Kaspersky Security Center Cloud Console

  You have to configure receiving events from Kaspersky Security Center Cloud Console in the SIEM system.

• Marking events for export

  You have to mark which events you want to export to the SIEM system. First of all, mark the general events that occur in all managed Kaspersky applications. Additionally, you can mark the events for specific managed Kaspersky applications.

• Configuring Kaspersky Security Center Cloud Console for export of events to a SIEM system

  You have to configure Kaspersky Security Center Cloud Console to start export of events to a SIEM system.

Results

After configuring the export of events to a SIEM system, you can view the export results if you selected events that you want to export.

See also: Before you begin About events in Kaspersky Security Center Cloud Console About event export Configuring an event export in a SIEM system Marking of events for export to SIEM systems in Syslog format About exporting events using Syslog format Configuring Kaspersky Security Center Cloud Console for export of events to a SIEM system Viewing export results

Page top