Scenario: configuring event export to SIEM systems
Oct 23, 2023
This section provides a scenario for configuring the export of events from Administration Server to external SIEM systems. Exporting information about events to external SIEM systems enables administrators of SIEM systems to respond promptly to security system events that occur on a managed device or groups of devices.
Before you start configuring the export of events in the Kaspersky Security Center Cloud Console:
- Learn more about the methods of event export.
- Make sure that you know the values of the system settings.
You can perform the steps of this scenario in any order.
The process of the export of events to a SIEM system consists of the following stages:
- Configuring the SIEM system to receive events from Kaspersky Security Center Cloud Console
You have to configure receiving events from Kaspersky Security Center Cloud Console in the SIEM system.
- Marking events for export
You have to mark which events you want to export to the SIEM system. First of all, mark the general events that occur in all managed Kaspersky applications. Additionally, you can mark the events for specific managed Kaspersky applications.
- Configuring Kaspersky Security Center Cloud Console for export of events to a SIEM system
You have to configure Kaspersky Security Center Cloud Console to start export of events to a SIEM system.
After configuring the export of events to a SIEM system, you can view the export results if you selected events that you want to export.