Configuring Kaspersky Scan Engine to interact with a SIEM
To configure Kaspersky Scan Engine to interact with a SIEM solution:
Open Kaspersky Scan Engine GUI.
Go to Settings > Logging.
Enable Syslog and set the following parameters:
Format: CEF.
Target: Remote host.
Events: Specify the types of events that Kaspersky Scan Engine must send to the SIEM solution. For more information on event types, see the description of the LoggedEvent element in section "Configuring logging in ICAP mode".