Suporte

Suporte para Empresas

Kaspersky Security Center 14 Linux

Monitoramento e relatórios

Exporting events to SIEM systems

Marking of events for export to SIEM systems in Syslog format

Marking events of a Kaspersky application for export in the Syslog format

Kaspersky Security Center
Нет результатов
Нет результатов
Ajuda on-line
Perguntas frequentes Baixar Comprar Renovar Fórum Contatar suporte Ferramentas de recuperação Vídeos do produto

Marking events of a Kaspersky application for export in the Syslog format

23 de maio de 2024

ID 218295

Salvar como PDF

If you want to export events that occurred in a specific managed application installed on the managed devices, mark the events for export in the application policy. In this case, the marked events are exported from all of the devices included in the policy scope.

To mark events for export for a specific managed application:

  1. In the main menu, go to DISPOSITIVOSPOLÍTICAS E PERFIS.
  2. Click the policy of the application for which you want to mark events.

    The policy settings window opens.

  3. Go to the Configuração de eventos section.
  4. Select the check boxes next to the events that you want to export to a SIEM system.
  5. Click the Marcar exportação para o sistema SIEM usando o Syslog button.

    You can also mark an event for export to a SIEM system in the Registro de eventos section, which opens by clicking the link of the event.

  6. A check mark () appears in the Syslog column of the event or events that you marked for export to the SIEM system.
  7. Click the Salvar button.

The marked events from the managed application are ready to be exported to a SIEM system.

You can mark which events to export to a SIEM system for a specific managed device. If previously exported events were marked in an application policy, you will not be able to redefine the marked events for a managed device.

To mark events for export for a managed device:

  1. In the main menu, go to DISPOSITIVOSDISPOSITIVOS GERENCIADOS.

    The list of managed devices is displayed.

  2. Click the link with the name of the required device in the list of managed devices.

    The properties window of the selected device is displayed.

  3. Go to the Aplicativos section.
  4. Click the link with the name of the required application in the list of applications.
  5. Go to the Configuração de eventos section.
  6. Select the check boxes next to the events that you want to export to SIEM.
  7. Click the Marcar exportação para o sistema SIEM usando o Syslog button.

    Also, you can mark an event for export to a SIEM system in the Registro de eventos section, that opens by clicking the link of the event.

  8. A check mark () appears in the Syslog column of the event or events that you marked for export to the SIEM system.

From now on, Administration Server sends the marked events to the SIEM system if export to the SIEM system is configured.

See also:

About events in Kaspersky Security Center Linux

Kaspersky Endpoint Security for Linux: High protection without performance compromising
Detects and blocks advanced threats. Buy as part of Endpoint Security for Business Advanced.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Este artigo foi útil?
O que podemos melhorar?
Agradecemos o seu comentário! Ele nos ajuda a melhorar.
Agradecemos o seu comentário! Ele nos ajuda a melhorar.