Publishing program events to a SIEM system
21 August 2023
Kaspersky Security 8 for Linux Mail Server can publish program events to a SIEM system that is already in use in your organization over the Syslog protocol.
A SIEM system (Security Information and Event Management) is a solution for managing information and events within an organization's security system.
Information about each program event is relayed as a separate syslog message in CEF format (hereinafter also referred to as a CEF message).
A CEF message containing event information is relayed immediately after the event occurs. Exceptions to this rule are classes of ScanLogic group events; CEF messages of these classes are relayed after email messages are processed by the ScanLogic module.
By default, export of CEF messages in the program is disabled.