KSC Open API
Kaspersky Security Center API description
Siem export settings


NameTypeDescription
KLSRV_SIEM_EVENTS_ACTIVATEDparamBoolEnables export to SIEM
KLSRV_SIEM_EVENTS_PLATFORMparamIntSIEM platform to be used:
  • 0 - IBM QRadar SIEM
  • 1 - ArcSight
  • 2 - Splunk
  • 3 - System log
  • 4 - Splunk HTTP Event Collector
KLSRV_SIEM_EVENTS_IPADDRparamStringSIEM server IP address
KLSRV_SIEM_EVENTS_PORTparamIntSIEM server port
KLSRV_SIEM_EVENTS_FROMDATEparamDateTimeExport start date
KLSRV_SIEM_EVENTS_MSG_SIZEparamIntMessage size of events exported to SIEM
KLSRV_SIEM_EVENTS_PROTOparamIntProtocol to be used for event export to SIEM:
  • 0 - UDP
  • 1 - TCP
  • 2 - TLS over TCP
KLSRV_SIEM_EVENTS_TLS_CAparamBinary

List of CA certificates in PEM format. Used to verify SIEM server.

KLSRV_SIEM_EVENTS_TLS_SERVER_SUBJparamString

Optional comma-separated list of allowed values for 'Subject'/'SubjectAltNames' field in server certificate. If empty, KLSRV_SIEM_EVENTS_IPADDR will be used to verify certificate subject. E.g. "example.com,siem.example.com" Used to verify SIEM server.

KLSRV_SIEM_EVENTS_TLS_SRV_THUMBPRINTSparamString

Comma-separated list of trusted certificates SHA1 fingerprints. If set and not empty, then KLSRV_SIEM_EVENTS_TLS_CA and KLSRV_SIEM_EVENTS_TLS_SERVER_SUBJ ignored. Fingerprints may be in forms: "sha-1:E1:2D:53:2B:7C:6B:8A:29:A2:76:C8:64:36:0B:08:4B:7A:F1:9E:9D" "sha-1:E12D532B7C6B8A29A276C864360B084B7AF19E9D" "E12D532B7C6B8A29A276C864360B084B7AF19E9D"

KLSRV_SIEM_EVENTS_TLS_CLIENT_CERTparamStringCertificate and key for client authentication with SIEM server. See Common format for certificate parameters
KLSRV_SIEM_SPLUNK_HEC_AUTH_TOKENparamStringSpunk HEC authentication token