Kaspersky Security Center Cloud Console allows you to receive information about events that occur during the operation of Administration Server and Kaspersky applications installed on managed devices. Information about events is saved in the Administration Server database. You can export this information to external SIEM systems. Exporting event information to external SIEM systems enables administrators of SIEM systems to promptly respond to security system events that occur on managed devices or groups of devices.
Events by type
In Kaspersky Security Center Cloud Console, there are the following types of events:
Events by source
You can view the full list of the events that can be generated by an application on the Event configuration tab in the application policy. For Administration Server, you can additionally view the event list in the Administration Server properties.
Events can be generated by the following applications:
For details about the events generated by Kaspersky managed applications, please refer to the documentation of the corresponding application.
Events by importance level
Each event has its own importance level. Depending on the conditions of its occurrence, an event can be assigned various importance levels. There are four importance levels of events:
Each event has a defined storage term, during which you can view or modify it in Kaspersky Security Center Cloud Console. Some events are not saved in the Administration Server database by default because their defined storage term is zero. Only events that will be stored in the Administration Server database for at least one day can be exported to external systems.