Searching for Kaspersky Scan Engine events in ArcSight ESM
April 24, 2024
ID 220898
Searching for events from Kaspersky Scan Engine version 2.0
To search ArcSight ESM for events sent by Kaspersky Scan Engine version 2.0,
Specify the parameters of the search query as follows:
- If Kaspersky Scan Engine works in ICAP mode:
DeviceVendor = Kaspersky Lab
AND
DeviceProduct = Kaspersky ICAP Server
Defining parameters of the search query
- If Kaspersky Scan Engine works in HTTP mode:
DeviceVendor = Kaspersky Lab
AND
DeviceProduct = Kaspersky HTTP Service
Searching for events from Kaspersky Scan Engine version 2.1
To search ArcSight ESM for events sent by Kaspersky Scan Engine version 2.1,
Specify the parameters of the search query as follows:
- If Kaspersky Scan Engine works in ICAP mode:
DeviceVendor = Kaspersky
AND
DeviceProduct = Scan Engine ICAP Service
- If Kaspersky Scan Engine works in HTTP mode:
DeviceVendor = Kaspersky
AND
DeviceProduct = Scan Engine HTTP Service