Kaspersky Security Center
When you configure Kaspersky Security Center to send log data to USM Appliance, you can use the kaspersky-sc plugin to translate the raw log data into normalized events for analysis.
|Device Type||Management platform|
|Data Source Name||kaspersky-sc|
|Data Source ID||1737|
Integrating Kaspersky Security Center
Before you configure the Kaspersky Security Center integration, you must have the IP Address of the USM Appliance Sensor.
To configure Kaspersky Security Center to forward log data over Syslog to USM Appliance
- Log into the Kaspersky Security Center.
- In the Console Tree, expand the Reports and notifications folder.
- Right-click Event and select Properties.
- On the Events Properties page, select Automatically export events to SIEM system database in the Exporting events section.
In the SIEM system list, select the system to which you want to export events.
By default, the ArcSight system is selected.
- Type the IP address of the USM Appliance Sensor and port 514 in the corresponding fields.
(Optional) To export historical data to USM Appliance, click Export archive.
Note: By default, the Kaspersky Security Center forwards events starting from the current date.
- Click OK.
For plugin enablement information, see Enable Plugins.
Additional Resources and Troubleshooting
For troubleshooting, refer to the vendor documentation: