KSC Open API: Siem export settings

KSC Open API

Kaspersky Security Center API description

Name	Type	Description
KLSRV_SIEM_EVENTS_ACTIVATED	paramBool	Enables export to SIEM
KLSRV_SIEM_EVENTS_PLATFORM	paramInt	SIEM platform to be used: 0 - IBM QRadar SIEM 1 - ArcSight 2 - Splunk 3 - System log 4 - Splunk HTTP Event Collector
KLSRV_SIEM_EVENTS_IPADDR	paramString	SIEM server IP address
KLSRV_SIEM_EVENTS_PORT	paramInt	SIEM server port
KLSRV_SIEM_EVENTS_FROMDATE	paramDateTime	Export start date
KLSRV_SIEM_EVENTS_MSG_SIZE	paramInt	Message size of events exported to SIEM
KLSRV_SIEM_EVENTS_PROTO	paramInt	Protocol to be used for event export to SIEM: 0 - UDP 1 - TCP 2 - TLS over TCP
KLSRV_SIEM_EVENTS_TLS_CA	paramBinary	List of CA certificates in PEM format. Used to verify SIEM server.
KLSRV_SIEM_EVENTS_TLS_SERVER_SUBJ	paramString	Optional comma-separated list of allowed values for 'Subject'/'SubjectAltNames' field in server certificate. If empty, KLSRV_SIEM_EVENTS_IPADDR will be used to verify certificate subject. E.g. "example.com,siem.example.com" Used to verify SIEM server.
KLSRV_SIEM_EVENTS_TLS_SRV_THUMBPRINTS	paramString	Comma-separated list of trusted certificates SHA1 fingerprints. If set and not empty, then KLSRV_SIEM_EVENTS_TLS_CA and KLSRV_SIEM_EVENTS_TLS_SERVER_SUBJ ignored. Fingerprints may be in forms: "sha-1:E1:2D:53:2B:7C:6B:8A:29:A2:76:C8:64:36:0B:08:4B:7A:F1:9E:9D" "sha-1:E12D532B7C6B8A29A276C864360B084B7AF19E9D" "E12D532B7C6B8A29A276C864360B084B7AF19E9D"
KLSRV_SIEM_EVENTS_TLS_CLIENT_CERT	paramString	Certificate and key for client authentication with SIEM server. See Common format for certificate parameters
KLSRV_SIEM_SPLUNK_HEC_AUTH_TOKEN	paramString	Spunk HEC authentication token

All Classes Functions

Generated on Fri Jul 1 2022 10:51:18 for KSC Open API by 1.7.5.1