This section provides a scenario for configuring the export of events from Administration Server to external SIEM systems. Exporting information about events to external SIEM systems enables administrators of SIEM systems to respond promptly to security system events that occur on a managed device or groups of devices.
Prerequisites
Before you start configuring the export of events in the Kaspersky Security Center Cloud Console:
You can perform the steps of this scenario in any order.
Stages
The process of the export of events to a SIEM system consists of the following stages:
You have to configure receiving events from Kaspersky Security Center Cloud Console in the SIEM system.
You have to mark which events you want to export to the SIEM system. First of all, mark the general events that occur in all managed Kaspersky applications. Additionally, you can mark the events for specific managed Kaspersky applications.
You have to configure Kaspersky Security Center Cloud Console to start export of events to a SIEM system.
Results
After configuring the export of events to a SIEM system, you can view the export results if you selected events that you want to export.