Configuring receipt of Kaspersky Single Management Platform events in CEF format

KUMA allows you to receive and export events in the CEF format from Kaspersky Single Management Platform Administration Server to the KUMA SIEM system.

Configuring the receipt of Kaspersky Single Management Platform events in the CEF format involves the following steps:

1. Configuring the forwarding of Kaspersky Single Management Platform events.
2. Configuring the KUMA Collector.
3. Installing the KUMA collector in the network infrastructure.
4. Verifying receipt of Kaspersky Single Management Platform events in the CEF format in the KUMA collector

   You can verify if the events from Kaspersky Single Management Platform Administration Server in the CEF format were correctly exported to the KUMA SIEM system by using the KUMA console to search for related events.

   To display Kaspersky Single Management Platform events in CEF format in the table, enter the following search expression:

   SELECT * FROM `events` WHERE DeviceProduct = 'KSMP' ORDER BY Timestamp DESC LIMIT 250

In this section Configuring export of Kaspersky Single Management Platform events in CEF format Configuring KUMA collector for collecting Kaspersky Single Management Platform events Installing a KUMA collector for collecting Kaspersky Single Management Platform events

Page top