This section lists parameters of events that Kaspersky Security Integration with SIEM exports from Kaspersky Security for Microsoft Office 365 to Splunk Enterprise.
PRI
—A value is calculated from the system that generates the event (email system) and the event severity.VERSION
—Version number of the syslog protocol standard. Currently, this parameter is always set to "1".TIMESTAMP
—Date and time when the event is exported to Splunk Enterprise.HOSTNAME
—Name of the Kaspersky Security for Microsoft Office 365 server that sends the event.APP-NAME
—Name of the device or application that generates the event. The value is always "KS365".PROCID
—The process name or process identifier of the application that sends the event. The value is always "-".MSGID
—event identifier. For more details, see later in this section.STRUCTURED-DATA
—Structured data that contains the Kaspersky identifier ("event@23668"), event identifier, and the event title, as sent from Kaspersky Security for Microsoft Office 365.MSG
—The event title and description, as sent from Kaspersky Security for Microsoft Office 365.Kaspersky Security for Microsoft Office 365 can export events with the following identifiers.