Scenario: Configuring event export to SIEM systems

Kaspersky Security Center allows configuring by one of the following methods: export to any SIEM system that use Syslog format, export to QRadar, Splunk, ArcSight SIEM systems that use LEEF and CEF formats or export of events to SIEM systems directly from the Kaspersky Security Center database. When you complete this scenario, Administration Server sends events to SIEM system automatically.

Prerequisites

Before you start configuration export of events in the Kaspersky Security Center:

You can perform the steps of this scenario in any order.

The process of export of events to SIEM system consists of the following steps:

Results

After configuring export of events to SIEM system you can view export results if you selected events which you want to export.

See also:

About event export

Before you begin

About events in Kaspersky Security Center

About configuring event export in a SIEM system

Marking events of a Kaspersky application for export in the Syslog format

Marking general events for export in Syslog format

Configuring Kaspersky Security Center for export of events to a SIEM system

Exporting events directly from the database

Viewing export results

Page top