Configuring export of Kaspersky Security Center events in CEF format

Kaspersky Security Center allows you to configure the settings for exporting events in the CEF format to a SIEM system.

The function of exporting Kaspersky Security Center events in the CEF format to SIEM systems is available with Kaspersky Endpoint Security for Business Advanced license or above.

To configure export of events from Kaspersky Security Center Administration Server to the KUMA SIEM system:

1. In Kaspersky Security Center console tree, select the Administration server node.
2. In the workspace of the node, select the Events tab.
3. Click the Configure notifications and event export link and select Configure export to SIEM system from the drop-down list.

   The Properties: Events window opens. By default the Events export section is displayed.

4. In the Events export section, select the Automatically export events to SIEM system database check box.
5. In the SIEM system drop-down list select ArcSight (CEF format).
6. In the corresponding fields, specify the address of the KUMA SIEM system server and the port for connecting to the server. Select TCP/IP as the protocol.

   You can click Export archive and specify the starting date from which pre-existing KUMA events are to be exported to the SIEM system database. By default, Kaspersky Security Center exports events starting from the current date.

7. Click OK.

As a result, the Kaspersky Security Center Administration Server automatically exports all events to the KUMA SIEM system.

Page top