AlienVault® USM Anywhere™

Kaspersky Security Center

When you configure Kaspersky Security Center to send log data to USM Anywhere, you can use the Kaspersky Security Center or Kaspersky Security Center CEF plugin to translate the raw log data into normalized events for analysis.

Device Details
Vendor Kaspersky
Device Type Management platform
Connection Type syslog

Integrating Kaspersky Security Center

Before you configure the Kaspersky Security Center integration, you must have the IP address of the USM Anywhere Sensor.

To configure Kaspersky Security Center to forward log data over syslog to USM Anywhere

  1. Log in to the Kaspersky Security Center.
  2. Configure event export depending on which USM Anywhere plugin you want to use:

  3. In the SIEM system server address field, enter the IP address of the USM Anywhere Sensor.

    USM Anywhere listens for syslog at UDP port 514, TCP port 601, or TLS/TCP port 6514.

    If using TLS, you need to download the certificate from USM Anywhere or upload your own certificate to USM Anywhere. See Configure Syslog on Your Data Sources for instructions.

Plugin Enablement

The Kaspersky Security Center plugin automatically processes all messages whose syslog tag matches one of the following values:

  • klactprx
  • kladminserver
  • kldumper
  • klnagent
  • klsecuritycenter
  • klwebsrv

The Kaspersky Security Center CEF plugin automatically processes all messages whose syslog tag matches one of the following values:

  • KasperskyLab
  • SecurityCenter

Available Plugin Fields

The following plugin fields are important attributes extracted from the syslog message. The USM Anywhere reports use these fields, and you can also reference them when creating custom reports. In addition to reporting, the USM Anywhere correlation rules make use of these fields.