Configuring Kaspersky Scan Engine to interact with a SIEM

To configure Kaspersky Scan Engine to interact with a SIEM solution:

  1. Open Kaspersky Scan Engine GUI.
  2. Go to Settings > Logging.
  3. Enable Syslog and set the following parameters:
    • Format: CEF.
    • Target: Remote host.
    • Events: Specify the types of events that Kaspersky Scan Engine must send to the SIEM solution. For more information on event types, see the description of the LoggedEvent element in section "Configuring logging in ICAP mode".
    • The SIEM solution IP address and port.

    Syslog enabled. Settings: Events = ScanResultClean, ScanResultDetect, ScanResultOther; Format = CEF; Target = Remote host; SIEM solution IP address and port.

    Kaspersky Scan Engine Syslog settings

  4. Save the settings.
Page top