Creating a Kaspersky Business Hub integration with Splunk Enterprise

After you connect to Kaspersky Business Hub, the integration settings window opens, where you can create an integration between Splunk Enterprise and Kaspersky Business Hub, by means of Kaspersky Security Integration with SIEM.

Creating an integration between Splunk Enterprise and Kaspersky Business Hub is required only when you launch Kaspersky Security Integration with SIEM for the first time.

SIEM_integration_FirstTime

Specifying Splunk Enterprise integration settings

To create an integration with Splunk Enterprise:

  1. In the integration settings window that opens after you connect to Kaspersky Business Hub, specify the following settings for the newly created integration:
    • Select SIEM system—Select the integration platform from the drop-down list. The list contains the names of all platforms that Kaspersky Business Hub can be integrated with. For integration with Splunk Enterprise, select Splunk (syslog).
    • Integration name—Name of the new integration. This field cannot be blank. By default, the integration name is Integration with Splunk (syslog). The integration name is displayed in the Kaspersky Security Integration with SIEM window as a link that allows you to view and access the integration properties.
    • Server—Address (URL or IP address) of your Splunk server.
    • Port—Port number to connect to your Splunk server.
    • Server certificate—Certificate of your Splunk server. Do either of the following:
      • Click Load from the server to automatically get the certificate from the specified Splunk server.
      • Click Load from a file and specify a file with the certificate.
    • Client certificate—Your certificate that will allow you to connect to the Splunk server. It is needed only if your server uses client certificates to restrict the set of available clients.

      Click Load from a file and specify a file with the certificate.

  2. Click the Proceed button when you have finished specifying the integration settings.

The system validates the specified settings. If the settings you provide are correct, they are saved and then used by Kaspersky Security Integration with SIEM to gain access to your Splunk Enterprise system.

Kaspersky Business Hub is now integrated with Splunk Enterprise.

Page top