Support

Support for business applications

Kaspersky Scan Engine

Integration with SIEM solutions

Configuring Kaspersky Scan Engine to interact with a SIEM
Kaspersky Scan Engine
Нет результатов
Knowledge Base Online Help
FAQ System requirements Forum Contact support Recovery tools Product videos

Configuring Kaspersky Scan Engine to interact with a SIEM

March 5, 2024

ID 220786

To configure Kaspersky Scan Engine to interact with a SIEM solution:

  1. Open Kaspersky Scan Engine GUI.
  2. Go to Settings > Logging.
  3. Enable Syslog and set the following parameters:
    • Format: CEF.
    • Target: Remote host.
    • Events: Specify the types of events that Kaspersky Scan Engine must send to the SIEM solution. For more information on event types, see the description of the LoggedEvent element in section "Configuring logging in ICAP mode".
    • The SIEM solution IP address and port.

    Syslog enabled. Settings: Events = ScanResultClean, ScanResultDetect, ScanResultOther; Format = CEF; Target = Remote host; SIEM solution IP address and port.

    Kaspersky Scan Engine Syslog settings

  4. Save the settings.

Kaspersky Professional Services
Implementation services. Health check and security system configuration. Contact us if you need expert help.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.