Up
Previous Next

Sheriff CSMâ„¢

Kaspersky Security Center

When you configure Kaspersky Security Center to send log data to Sheriff CSM, you can use the kaspersky-sc plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin:

Plugin Information
DeviceDetails
Vendor Kaspersky
Device Type Management platform
Connection Type Syslog
Data Source Name kaspersky-sc
Data Source ID 1737

Integrating Kaspersky Security Center

Before you configure the Kaspersky Security Center integration, you must have the IP address of the Sheriff CSM Sensor (Deputy).

To configure Kaspersky Security Center to forward log data over syslog to Sheriff CSM
  1. Log in to the Kaspersky Security Center.
  2. Configure event export using the Common Event Format (CEF) protocol. See Kaspersky Online Help on enabling automatic export for instructions.

    Note: The kaspersky-sc plugin supports syslog, Log Event Extended Format (LEEF), and CEF protocols. AT&T Cybersecurity recommends using CEF for better performance.

  3. In the SIEM system server address field, enter the IP address of the Sheriff CSM Sensor.

    Sheriff CSM listens for syslog at UDP or TCP port 514.

Plugin Enablement

For plugin enablement information, see Enable Plugins.

Additional Resources and Troubleshooting

For vendor documentation, visit the vendor's website and look for the Kaspersky Lab v10 Administrator's Guide.

For troubleshooting, refer to the vendor documentation:

http://support.kaspersky.com/ksc10/error
Topic revision: r6 - 29 Jun 2022, SheriffCyberSecurity
Copyright 2020 Sheriff Cyber Security, LLC. All rights reserved.