Security events

When Kaspersky NGFW is working and security rules with enabled profiles security engine profiles are triggered, security events of various types are generated. You can enable the logging of such events and configure the export of such events to the SIEM system for further processing, analysis, and generation of reports and widgets.

The export of events to external SIEM systems allows administrators of SIEM systems to rapidly respond to security events logged by Kaspersky NGFW.

Security events can also be viewed in the Kaspersky Unified Monitoring and Analysis Platform (KUMA) module, which is included in the OSMP Console.

If you configure event export, the following events are sent to the SIEM system:

• System security events logged on the Kaspersky NGFW device and sent via the syslog protocol.
• Security events logged on Kaspersky NGFW and sent in CEF format.
• Kaspersky NGFW plug-in events.
• Audit events for user actions logged in the Open Single Management Platform.

In this section Configuring the export of events to a SIEM system Configuring audit events Configuring local storage of security events Security event logs Default widgets Automatic response to security events

Page top