Limitations of Kaspersky Security Integration with SIEM
Kaspersky Security Integration with SIEM has the following limitations:
One Kaspersky Security for Microsoft Office 365 workspace can be simultaneously integrated either with Splunk Enterprise or with Autotask/ConnectWise Manage.
Out of different SIEM systems, the application supports only Splunk Enterprise.
After configuring an integration, you cannot remove either a client certificate or a server certificate.
The application does not support Kaspersky Business Hub accounts that have two-step verification enabled. Therefore, before connecting Kaspersky Security Integration with SIEM to Kaspersky Business Hub, you must disable two-step verification in the settings of your account on Kaspersky Business Hub. After the integration is configured, you can enable two-step verification again.
When a problem that resulted in sending an event is resolved, Splunk Enterprise is not notified about this.