Various types of events occur during the operation of Kaspersky Security solution components. They can be either formal or critical. For example, the solution component can use events to notify about a successful update of the solution's databases and application modules, or to inform about an error in the operation of the solution component that must be eliminated.
The Kaspersky Security Center Administration Server can receive information about events of Kaspersky applications installed on client devices. A Network Agent installed on a client device transmits information about events to the Administration Server. Information about events is saved in the database of the Administration Server. You can configure the export of events from Kaspersky Security Center to external SIEM systems.
Events of the following Kaspersky Security components can be sent to the Kaspersky Security Center Administration Server:
The volume of events logged on the Integration Server depends on the license with which you activated the solution and the value of the EnableAdvancedFunctionality parameter in the Server section of the /var/opt/kaspersky/viis/common/appsettings.json configuration file. If you are using the solution under an Enterprise license, the Integration Server can log a greater variety of events. To enable this, you need to set EnableAdvancedFunctionality=true.
A list of all solution component events is displayed in Kaspersky Security Center Administration Console and in Kaspersky Security Center Web Console.
You can manage the settings of events and event notifications in the policies of Kaspersky Security components. A notification is a message with information about an event that has occurred on a client device. Notifications keep you informed about events of solution components.
You can generate various reports based on events of Kaspersky Security solution components.
You can use Kaspersky Security Center reports to, for example, receive information about infected files, modifications to protection settings, and the use of keys and application databases. You can generate and view Kaspersky Security Center reports in the Administration Console and in the Web Console.
For details about events and managing Kaspersky Security Center reports, refer to the Kaspersky Security Center Help of the relevant version.
Page top