Kaspersky Security Center allows configuring by one of the following methods: export to any SIEM system that use Syslog format, export to QRadar, Splunk, ArcSight SIEM systems that use LEEF and CEF formats or export of events to SIEM systems directly from the Kaspersky Security Center database. When you complete this scenario, Administration Server sends events to SIEM system automatically.
Prerequisites
Before you start configuration export of events in the Kaspersky Security Center:
You can perform the steps of this scenario in any order.
The process of export of events to SIEM system consists of the following steps:
How-to instructions: Configuring event export in a SIEM system
How-to instructions:
How-to instructions:
Results
After configuring export of events to SIEM system you can view export results if you selected events which you want to export.