Configuring Kaspersky Security Center for export of events to a SIEM system
You can enable automatic event export in Kaspersky Security Center.
Only general events can be exported from managed applications over the CEF and LEEF formats. Application-specific events cannot be exported from managed applications over the CEF and LEEF formats. If you need to export events of managed applications or a custom set of events that has been configured using the policies of managed applications, you have to export the events in the Syslog format.
To enable automatic export of events:
- In the Kaspersky Security Center console tree, select the Administration Server whose events you want to export.
- In the workspace of the selected Administration Server, select the Events tab.
- Click the drop-down arrow next to the Configure notifications and event export link and select Configure export to SIEM system in the drop-down list.
The events properties window opens, displaying the Event export section.
- In the Event export section, specify the following export settings:
Event export section of the event properties window
- Automatically export events to SIEM system database
- SIEM system
- SIEM system server address
- SIEM system server port
- Protocol
If you select Syslog format, you must specify:
- If you want to export to the SIEM system database the events that occurred after a specified date in the past, click the Export archive button and specify the start date for event export. By default, the event export starts immediately after you enable it.
- Click OK.
Automatic export of events is enabled.
After enabling automatic export of events, you must select which events will be exported to the SIEM system.