Configuring a secure connection with a SIEM server

Support

Support for business applications

Kaspersky Endpoint Agent

Managing the application using Kaspersky Security Center Web Console and Kaspersky Security Center Cloud Console

Configuring Kaspersky Endpoint Agent settings

Configuring integration between Kaspersky Endpoint Agent and a SIEM system.

Configuring a secure connection with a SIEM server

November 17, 2023

ID 265774

To configure a secure connection between Kaspersky Endpoint Agent and a SIEM server:

Do one of the following:
- To configure the SIEM integration settings for a group of protected devices, open the application policy properties window.
  1. In the main Kaspersky Security Center Web Console window select Devices → Policies and profiles.
  2. Select the policy you want to configure.
  3. In the <Policy name> window that opens, select the Application settings tab.
- To configure the SIEM integration settings for an individual protected device, open the application settings for the device.
  1. In the main Kaspersky Security Center Web Console window select Devices → Managed devices.
  2. Select the device for which you want to configure application settings.
  3. In the <Device name> window that opens, select the Applications tab.
  4. Select Kaspersky Endpoint Agent.
  5. In the Kaspersky Endpoint Agent window that opens, select the Application settings tab.
In the Telemetry collection servers section, select SIEM integration.
The SIEM integration window opens.
In the Connection settings block, select the Use TLS encryption check box to encrypt data transfer between Kaspersky Endpoint Agent and the SIEM server.
If you want to configure additional connection protection using a pinned TLS certificate:
1. Select the Use pinned certificate to secure connection check box.
2. Add a TLS certificate:
  1. Click the Add new TLS certificate button.
  2. In the window that opens, do one of the following:
    - Click Browse, and in the window that opens, select the certificate file and click Open.
    - Copy and paste the contents of the certificate file to the TLS certificate data field.
  3. Click OK.
  Information about the added TLS certificate is shown in the TLS certificate data group of settings.
If you want to configure additional connection protection using a user certificate:
1. In the Advanced connection security section, select the Secure connection with client certificate check box.
2. Click the Upload a cryptocontainer button.
3. In the window that opens, select the PFX file that stores the client certificate in encrypted form.
4. Click Open.
5. In the Cryptocontainer password field, enter the password for the PFX file.
Click OK.
In the upper right corner of the settings group, change the switch from Undefined to Enforce.
The default switch position is Enforce.
Click OK.

A secure connection with the SIEM server is configured.