Creating a new integration

You can create a new integration in the Kaspersky Security Integration with SIEM window.

SIEM_NewIntegration

Creating a new integration

To create a new integration with Splunk Enterprise:

  1. At the top of the Kaspersky Security Integration with SIEM window, click the name of the current integration.
  2. In the Integration settings window that opens, click the New integration button.

    A new Integration settings window opens. The fields for the connection settings are blank.

  3. Specify the values for the following settings of the integration:
    • SIEM system—Select the integration platform from the drop-down list. The list contains the names of all platforms that Kaspersky Business Hub can be integrated with. For integration with Splunk Enterprise, select Splunk (syslog).
    • Integration name—Name of the new integration. This field cannot be blank. By default, the integration name is Integration with Splunk (syslog). The integration name is displayed in the Kaspersky Security Integration with SIEM window as a link that allows you to view and access the integration properties.

      You can click the View integration ID link under the integration name to view the identifier of the integration. You may have to provide this ID to Kaspersky Technical Support for diagnostics and troubleshooting.

    • Server—Address (URL or IP address) of your Splunk server.
    • Port—Port number to connect to your Splunk server.
    • Server certificate—Certificate of your Splunk server. Do either of the following:
      • Click Load from the server to automatically get the certificate from the specified Splunk server.
      • Click Load from a file and specify a file with the certificate.
    • Client certificate—Your certificate that will allow you to connect to the Splunk server. It is needed only if your server uses client certificates to restrict the set of available clients.

      Click Load from a file and specify a file with the certificate.

  4. Click OK when you have finished specifying the integration settings.

The system validates the specified settings. If the settings you provide are correct, they are saved and then used by Kaspersky Security Integration with SIEM to gain access to your Splunk Enterprise system.

A new integration with Splunk Enterprise is created.

Page top