Importing events from the Kaspersky Security Center database

In KUMA, you can receive events directly from the Kaspersky Security Center SQL database. Events are received by using a collector, which utilizes the provided resources of the connector [Example] KSC SQL and normalizer [Example] KSC from SQL.

To create a collector to receive Kaspersky Security Center events:

  1. Start the Collector Installation Wizard in one of the following ways:
    • In the KUMA web interface, in the Resources section, click Add event source.
    • In the KUMA web interface in the ResourcesCollectors section click Add collector.
  2. At step 2 of the Installation Wizard, select the [Example] KSC SQL connector:
    • In the URL field, specify the server connection string in the following format:

      sqlserver://user:password@kscdb.example.com:1433/KAV

      where:

      • user—user account with public and db_datareader rights to the required database.
      • password—user account password.
      • kscdb.example.com:1433—address and port of the database server.
      • KAV—name of the database.
    • In the Query field, specify a database query based on the need to receive certain events.

      An example of a query to the Kaspersky Security Center SQL database

  3. At step 3 of the Installation Wizard, select the [Example] KSC from SQL normalizer.
  4. Specify other parameters in accordance with your collector requirements.

Upon completion of the Wizard, a collector service is created in the KUMA web interface. You can use this collector service to import events from the SQL database of Kaspersky Security Center.

Page top