Kaspersky Security Center
When you configure Kaspersky Security Center to send log data to USM Appliance, you can use the kaspersky-sc plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin.
|Device Type||Management platform|
|Data Source Name||kaspersky-sc|
|Data Source ID||1737|
Integrating Kaspersky Security Center
Before you configure the Kaspersky Security Center integration, you must have the IP address of the USM Appliance Sensor.
To configure Kaspersky Security Center to forward log data over syslog to USM Appliance
- Log in to the Kaspersky Security Center.
Configure event export using the Common Event Format (CEF) protocol. See Kaspersky Online Help on enabling automatic export for instructions.
Note: The kaspersky-sc plugin supports syslog, Log Event Extended Format (LEEF), and CEF protocols. AT&T Cybersecurity recommends using CEF for better performance.
In the SIEM system server address field, enter the IP address of the USM Appliance Sensor.
USM Appliance listens for syslog at UDP or TCP port 514.
For plugin enablement information, see Enable Plugins.
Additional Resources and Troubleshooting
For vendor documentation, visit the vendor's website and look for the Kaspersky Lab v10 Administrator's Guide.
For troubleshooting, refer to the vendor documentation: