Publishing program events to a SIEM system

Kaspersky Secure Mail Gateway can use the Syslog protocol to publish application events to a SIEM system that is already in use in your organization.

A SIEM system (Security Information and Event Management) is a solution for managing information and events within an organization's security system.

Information about each program event is relayed as a separate syslog message in CEF format (hereinafter also referred to as a CEF message).

A CEF message containing event information is relayed immediately after the event occurs. Exceptions to this rule are classes of ScanLogic group events; CEF messages of these classes are relayed after email messages are processed by the ScanLogic module.

By default, export of CEF messages in the program is disabled.

In this Help section

Extracting settings from Kaspersky Secure Mail Gateway to an XML file

Enabling export of events in CEF format

Content and properties of syslog messages in CEF format

Values of fields in the body of CEF messages for classes of Settings group events

Values of fields in the body of CEF messages for classes of Tasks group events

Values of fields in the body of CEF messages for classes of Import / Export Settings group events

Values of fields in the body of CEF messages for classes of Backup group events

Values of fields in the body of CEF messages for classes of Report group events

Values of fields in the body of CEF messages for classes of License group events

Values of fields in the body of CEF messages for classes of Rules group events