The application allows you to export events—registered during the operation of Administration Server and other Kaspersky Lab applications that are installed on client devices—to a Security Information and Event Management (SIEM) system.
To configure events export to a SIEM system:
The events properties window opens, displaying the Exporting events section.
Events can be exported to SIEM systems, such as QRadar® (LEEF format), ArcSight (CEF format), Splunk® (CEF format), and Syslog format (RFC 5424). The ArcSight (CEF format) system is selected by default.
Clicking the Export archive button causes the application to export newly created events to the database of the SIEM system starting from the specified date. By default, the application exports events starting from the current date.
After you select the Automatically export events to SIEM system database check box and configure connection with the server, the application will automatically export all events to the SIEM system when they are registered during the operation of Administration Server and other Kaspersky Lab applications.
For more details of event export, please see section "Exporting events to SIEM systems".Page top