Support

Support for business applications

Kaspersky CyberTrace

Installation and integration guides

Part 2: Integrating Kaspersky CyberTrace with an event source

Integration with FortiSIEM

Configuring event forwarding from FortiSIEM
Kaspersky CyberTrace
Нет результатов
Online Help
FAQ System requirements Download Contact support Recovery tools Product videos

Configuring event forwarding from FortiSIEM

April 11, 2024

ID 181634

This section describes how to configure event forwarding from FortiSIEM to Kaspersky CyberTrace.

To configure event forwarding from FortiSIEM to CyberTrace:

  1. Open the FortiSIEM web console.

    The FortiSIEM account you use must have administrator rights.

  2. Select Admin > General Settings > Event Handling > Forwarding > New.

    Settings window in FortiSIEM. Forwarding button.

    Creating a new forwarding rule

    The Event Forwarding Rule window opens.

  3. Specify the event forwarding settings:
    • In the Reporting Device field, specify the devices from which the events must be forwarded to Kaspersky CyberTrace. You can select All to indicate that events from every device must be forwarded to Kaspersky CyberTrace.
      • For more choices, click the down arrow to open the Event Dropping Rule > Select Reporting Devices window, and make selections in the Folders, Items, and Selections panes.

      The Reporting Device field must not be empty.

    • In the Event type field, specify the types of events that must be forwarded to Kaspersky CyberTrace. You can select All to indicate that events of every type must be forwarded to Kaspersky CyberTrace.
      • For more choices, click the down arrow to open the Event Forwarding Rule > Select Event Types window, and make selections in the Folders, Items, and Selections panes.

    Event Forwarding Rule > Select Reporting Devices window in FortiSIEM.

    Selecting event types

    The Event type field must not be empty.

    • In the Traffic Type field, select Syslog.
    • In the Source IP field, you can specify the value that must be present in all the forwarded events in the corresponding field.
    • In the Destination IP field, you can specify the value that must be present in all the forwarded events in the corresponding field.
    • In the Severity fields, you can specify the desired severity of events.
    • In the Regex Filter field, you can specify the regular expression to which must forwarded events match.
    • In the Forwarding Protocol field, select TCP.
    • In the Forwarding to IP field, specify the IP address of the computer on which Kaspersky CyberTrace runs.

      This IP address is specified in the InputSettings > ConnectionString element of the kl_feed_service.conf configuration file.

    • In the Forwarding to Port field, specify the port of the computer on which Kaspersky CyberTrace runs.

      This port is specified in the InputSettings > ConnectionString element of the kl_feed_service.conf configuration file.

    • In the Format field, select CEF.

    Event Forwarding Rule window in FortiSIEM.

    Event Forwarding Rule window

  4. Click Save.

    The Event Forwarding Rule window closes and the Forwarding window displays the new event forwarding rule.

  5. In the Forwarding window, select Enable for the new event forwarding rule.

    Settings window in FortiSIEM.

    Event Forwarding Rule window

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.