Searching for Kaspersky Scan Engine events in ArcSight ESM
Searching for Kaspersky Scan Engine events in ArcSight ESM
March 5, 2024
ID 220898
Searching for events from Kaspersky Scan Engine version 2.0
To search ArcSight ESM for events sent by Kaspersky Scan Engine version 2.0,
Specify the parameters of the search query as follows:
- If Kaspersky Scan Engine works in ICAP mode:
DeviceVendor = Kaspersky Lab
AND
DeviceProduct = Kaspersky ICAP Server
Defining parameters of the search query
- If Kaspersky Scan Engine works in HTTP mode:
DeviceVendor = Kaspersky Lab
AND
DeviceProduct = Kaspersky HTTP Service
Searching for events from Kaspersky Scan Engine version 2.1
To search ArcSight ESM for events sent by Kaspersky Scan Engine version 2.1,
Specify the parameters of the search query as follows:
- If Kaspersky Scan Engine works in ICAP mode:
DeviceVendor = Kaspersky
AND
DeviceProduct = Scan Engine ICAP Service
- If Kaspersky Scan Engine works in HTTP mode:
DeviceVendor = Kaspersky
AND
DeviceProduct = Scan Engine HTTP Service
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.
