Support

Support for business applications

Kaspersky CyberTrace

Installation and integration guides

Part 2: Integrating Kaspersky CyberTrace with an event source

Integration with McAfee Enterprise Security Manager

Forwarding events from McAfee Enterprise Security Manager to Kaspersky CyberTrace
Kaspersky CyberTrace
Нет результатов
Online Help
FAQ System requirements Download Contact support Recovery tools Product videos

Forwarding events from McAfee Enterprise Security Manager to Kaspersky CyberTrace

April 11, 2024

ID 183376

This section describes how to forward Kaspersky CyberTrace events from McAfee Enterprise Security Manager to Kaspersky CyberTrace.

To configure forwarding events from McAfee Enterprise Security Manager to Kaspersky CyberTrace:

  1. Open the system properties of McAfee ESM, by clicking Menu (sandwich) icon. in the dashboard. In the system navigation tree, select McAfee ESM, and then click Properties.

    The System Properties dialog box appears.

  2. Click Event Forwarding.

    The settings related to event forwarding are displayed.

  3. Click Add.

    System Properties window in McAfee. Event Forwarding. Add button.

    System Properties dialog box

  4. In the Edit Event Forwarding Destination dialog box, enter the following data:
    • Name: CyberTrace
    • Enable: Selected
    • Use System Profile: Cleared
    • Format: Syslog (Common Event Format)
    • Destination IP: The IP address of the computer on which Kaspersky CyberTrace runs
    • Destination Port: The port that Kaspersky CyberTrace listens on for events

      The IP address and port are the same as those specified in the Settings > Service tab of Kaspersky CyberTrace Web.

    • Protocol: TCP
    • Facility: User
    • Severity: Informational
    • Time Format: Standard
    • Time Zone: Select the time zone you need
    • Obfuscate data: Cleared
    • Send Packet: Cleared
    • Mode: None

    Edit Event Forwarding Destination window in McAfee.

    Edit Event Forwarding Destination dialog box

  5. Click Event Filters.

    The Event Filters dialog box appears.

    Event Filters window in McAfee.

    Event Filters dialog box

    In the Event Filters dialog box, you can specify the event sources from which the events are forwarded to Kaspersky CyberTrace. For example, you can specify the following data:

    • The devices from which the events are forwarded
    • The types of devices from which the events are forwarded
  6. In the Event Filters dialog box, click OK.
  7. In the Edit Event Forwarding Destination dialog box, click OK.
  8. Make sure that the rule for forwarding events to Kaspersky CyberTrace appears in McAfee Enterprise Security Manager.

    Event Forwarding Destinations section in McAfee.

    The rule for forwarding events to Kaspersky CyberTrace

  9. Make sure that events arrive from McAfee Enterprise Security Manager. If events forwarding from McAfee Enterprise Security Manager to Kaspersky CyberTrace has been configured properly, the Dashboard tab of Kaspersky CyberTrace Web will display updated indicator statistics.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.