Documentation Center
AlienVault® USM Appliance™

Kaspersky Security Center

When you configure Kaspersky Security Center to send log data to USM Appliance, you can use the kaspersky-sc plugin to translate the raw log data into normalized events for analysis.

Device Details
Vendor Kaspersky
Device Type Management platform
Connection Type Syslog
Data Source Name kaspersky-sc
Data Source ID 1737

Integrating Kaspersky Security Center

Before you configure the Kaspersky Security Center integration, you must have the IP Address of the USM Appliance Sensor.

To configure Kaspersky Security Center to forward log data over Syslog to USM Appliance

  1. Log into the Kaspersky Security Center.
  2. In the Console Tree, expand the Reports and notifications folder.
  3. Right-click Event and select Properties.
  4. On the Events Properties page, select Automatically export events to SIEM system database in the Exporting events section.
  5. In the SIEM system list, select the system to which you want to export events.

    By default, the ArcSight system is selected.

  6. Type the IP address of the USM Appliance Sensor and port 514 in the corresponding fields.
  7. (Optional) To export historical data to USM Appliance, click Export archive.

    Note: By default, the Kaspersky Security Center forwards events starting from the current date.

  8. Click OK.

Plugin Enablement

For plugin enablement information, see Enable Plugins.

Additional Resources and Troubleshooting

For vendor documentation, visit the vendor's website and look for the Kaspersky Lab v10 Administrator's Guide. 

For troubleshooting, refer to the vendor documentation:

http://support.kaspersky.com/ksc10/error.