Scenario: Configuring event export to SIEM systems

Kaspersky Security Center Linux allows configuring event export to SIEM systems by one of the following methods: export to any SIEM system that uses Syslog format or export of events to SIEM systems directly from the Kaspersky Security Center database. When you complete this scenario, Administration Server sends events to a SIEM system automatically.

Prerequisites

Before you start configuration export of events in the Kaspersky Security Center Linux:

Learn more about the methods of event export.
Make sure that you have the values of system settings.

You can perform the steps of this scenario in any order.

The process of export of events to a SIEM system consists of the following steps:

Configuring the SIEM system to receive events from Kaspersky Security Center Linux
How-to instructions: Configuring event export in a SIEM system
Selecting the events that you want to export to the SIEM system
Mark which events you want to export to the SIEM system. First, mark the general events that occur in all managed Kaspersky applications. Then, you can mark the events for specific managed Kaspersky applications.
Configuring export of events to the SIEM system
You can export events by using one of the following methods:
- Using TCP/IP, UDP or TLS over TCP protocols
- Using export of events directly from the Kaspersky Security Center database (a set of public views is provided in the Kaspersky Security Center database; you can find the description of these public views in the klakdb.chm document)

Results

After configuring export of events to a SIEM system you can view export results if you selected events which you want to export.