When configuring event types, you can specify the recipient systems to which the registered events will be relayed. These recipient systems are called recipients. Kaspersky Industrial CyberSecurity for Networks can relay event information to several recipients simultaneously.
Kaspersky Industrial CyberSecurity for Networks can relay event information to the following recipients:
To relay events to Kaspersky Security Center on the Kaspersky Industrial CyberSecurity for Networks Server, you must add the capability for application interaction with Kaspersky Security Center. You can add this functionality during installation or reinstallation of Kaspersky Industrial CyberSecurity for Networks.
To relay events to other recipient systems, you do not need to add the capability for application interaction with Kaspersky Security Center.
The following settings are available for recipients:
The contents and order of information about events relayed to SIEM server and Syslog server recipients may differ from the contents and order of information displayed in the events table.
A notification is an email message that contains events of Kaspersky Industrial CyberSecurity for Networks. The following settings are applied to notifications:
$events
variable, which is replaced by a list of lines containing information about events when the Server creates a notification. Each line corresponds to an event template with the current values of variables.The settings that determine the maximum number of relayed events are applied to events that are registered in Kaspersky Industrial CyberSecurity for Networks. If information about multiple network interactions is provided in a specific event, this event is converted into separate event records for a recipient (with one event for each network interaction). For this reason, the list of events for a recipient may contain more events than specified by the parameter that determines the maximum number of events.
Page top