When you configure your Kaspersky Security Center to send log data to USM Appliance, you can use the Kaspersky Security Center DataBase plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin.
Device | Details |
---|---|
Vendor | Kaspersky |
Device Type | Management platform |
Connection Type | Database |
Data Source Name | kaspersky-sc-db |
Data Source ID | 1737 |
Configuring the Kaspersky Security Center Database Plugin
Before configuring the plugin, you must first obtain the IP address, port number, and an authenticated user account of your database.
To configure communication with the Kaspersky Security Center database
-
Connect to the AlienVault Console through SSH and use your credentials to log in.
The AlienVault Setup menu displays.
-
On the AlienVault Setup main menu, select Jailbreak System to gain command line access.
Select Yes when prompted. You will be in the root directory.
- Create the file /etc/ossim/agent/plugins/kaspersky-sc-db.cfg.local.
-
In the .local file, add these lines, replacing the text (including the <>) with the correct information.
[config]
source_ip= <Kaspersky Security Center IP address>
source_port= <Kaspersky Security Center connection port, the default is 1433>
user= <username for the database>
password= <password for the user>
db= <Kaspersky Security Center database name>
- Save the file.
-
Restart all services for changes to apply:
alienvault-reconfig -c -v -d
Plugin Enablement
For plugin enablement information, see Enable Plugins.
If enabling the plugin on assets, you will find it listed as Kaspersky : Security Center : DataBase.
Additional Resources and Troubleshooting
For vendor documentation, visit the vendor's website and look for the Kaspersky Lab v10 Administrator's Guide.
For troubleshooting, refer to the vendor documentation: