AlienVault® USM Appliance™

Kaspersky Security Center

When you configure Kaspersky Security Center to send log data to USM Appliance, you can use the kaspersky-sc plugin to translate the raw log data into normalized events for analysis.

Device Details
Vendor Kaspersky
Device Type Management platform
Connection Type Syslog
Data Source Name kaspersky-sc
Data Source ID 1737

Integrating Kaspersky Security Center

Before you configure the Kaspersky Security Center integration, you must have the IP address of the USM Appliance Sensor.

To configure Kaspersky Security Center to forward log data over syslog to USM Appliance

  1. Log in to the Kaspersky Security Center.
  2. Configure event export using the syslog protocol. See Kaspersky Online Help on enabling automatic export for instructions.

  3. In the SIEM system server address field, enter the IP address of the USM Appliance Sensor.

    USM Appliance listens for syslog at UDP or TCP port 514.

Plugin Enablement

For plugin enablement information, see Enable Plugins.

Additional Resources and Troubleshooting

For vendor documentation, visit the vendor's website and look for the Kaspersky Lab v10 Administrator's Guide. 

For troubleshooting, refer to the vendor documentation:

http://support.kaspersky.com/ksc10/error.