Port number used to establish a connection between Kaspersky Security Center and your SIEM system server. You specify this value in the Kaspersky Security Center settings and in the receiver settings of your SIEM system.
Select the protocol to be used for transferring messages to the SIEM system. You can select either the TCP/IP, UDP, or TLS over TCP protocol.
Specify the following TLS settings if you select the TLS over TCP protocol:
Server authentication
In the Server authentication field, you can select the Trusted certificates or SHA fingerprints values:
Trusted certificates. You can receive a complete certificate chain (including the root certificate) from a trusted certification authority (CA) and upload the file to Kaspersky Security Center. Kaspersky Security Center checks whether the certificate chain of the SIEM system server is also signed by a trusted CA or not.
To add a trusted certificate, click the Browse for CA certificates file button, and then upload the certificate.
SHA fingerprints. You can specify SHA1 thumbprints of the complete certificate chain of the SIEM system (including the root certificate) in Kaspersky Security Center. To add a SHA1 thumbprint, enter it in the Thumbprints field, and then click the Add button.
By using the Add client authentication setting, you can generate a certificate to authenticate Kaspersky Security Center. Thus, you will use a self-signed certificate issued by Kaspersky Security Center. In this case, you can use both a trusted certificate and a SHA fingerprint to authenticate the SIEM system server.
Add Subject name/Subject alternative name
Subject name is a domain name for which the certificate is received. Kaspersky Security Center cannot connect to the SIEM system server if the domain name of the SIEM system server does not match the subject name of the SIEM system server certificate. However, the SIEM system server can change its domain name if the name has changed in the certificate. In this case, you can specify subject names in the Add Subject name/Subject alternative name field. If any of the specified subject names matches the subject name of the SIEM system certificate, Kaspersky Security Center validates the SIEM system server certificate.
Add client authentication
For client authentication, you can insert your certificate or generate it in Kaspersky Security Center.
Insert certificate. You can use a certificate that you received from any source, for example, from any trusted CA. You must specify the certificate and its private key by using one of the following certificate types:
X.509 certificate PEM. Upload a file with a certificate in the File with certificate field, and a file with a private key in the File with key field. Both files do not depend on each other and the order of loading the files is not significant. When both files are uploaded, specify the password for decoding the private key in the Password or certificate verification field. The password can have an empty value if the private key is not encoded.
X.509 certificate PKCS12. Upload a single file that contains a certificate and its private key in the File with certificate field. When the file is uploaded, specify the password for decoding the private key in the Password or certificate verification field. The password can have an empty value if the private key is not encoded.
Generate key. You can generate a self-signed certificate in Kaspersky Security Center. As a result, Kaspersky Security Center stores the generated self-signed certificate, and you can pass the public part of the certificate or SHA1-fingerprint to the SIEM system.
Specify the maximum size (in bytes) of one message relayed to the SIEM system. Each event is relayed in one message. If the actual length of a message exceeds the specified value, the message is truncated and data may be lost. The default size is 2048 bytes. This field is available only if you selected the System log format in the Protocol field.
Switch the option to the Automatically export events to SIEM system database Enabled position.