Table of Contents:
Requirements
- Admin access to Kaspersky Console
Device Configuration
Enable automatic export of general events.
- Automatic event export using the CEF protocols can be enabled in Kaspersky Security Center.
- Only general events can be exported from managed applications over the CEF protocols. Application-specific events cannot be exported from managed applications over the CEF protocols. If you need to export events of managed applications or a custom set of events that has been configured using the policies of managed applications, export the events over the Syslog protocol.
To enable automatic export of events using the CEF:
- In the Kaspersky Security Center console tree, select the Administration Server to which events you want to export.
- In the Administration Server workspace, click the Events tab.
- Click the drop-down arrow next to the Configure notifications and event export link and select Configure export to SIEM system in the drop-down list.
- The events properties window opens, displaying the Event export section.
- In the Event export section, specify the following export settings:
- SIEM system server address: <Forwarder IP Address>
- SIEM system server port: 11695
- Click OK.
Automatic export of events will be enabled. The general events will automatically be exported to the external SIEM system.
Comments
0 comments
Please sign in to leave a comment.