Which license do I need to send events from KSC to SIEM? [moved]

  • 11 April 2019
Hello all,

I have Kaspersky Security Center 10 installed with a Total Security for Business license (Trial), but it doesn't send any events to my SIEM. My scenario is the same as described in this thread: KASPERSKY EVENTS TO SIEM IBM QRADAR, and the thread linked from there, except that I have a different license (same setup, same event message).

I thought this license I have encompassed all features. If not, which license do I need to send events to SIEM from KSC? Is there a different trial license that I can use to test this feature?

Thanks in advance.

HI,@novak an welcome to te new Kaspersky Community.
This is not an issue for you, so jjust need to do some new settings setup.
Take a look at this Kaspersky online tutorial.
Thank you.
Thanks @KarDip.

I compared my setup with the online tutorial, and everything seems ok (see below). I'm using Apache Metron as the SIEM, and I have Apache NiFi listening on port 9122 and setup to send these events to my SIEM, but KSC doesn't even connect to it. I tested it with netcat to make sure, but no data arrives. KSC shows me an event just like the one in the article I linked (but in portuguese, screencap below). For completeness, my licenses are also pictured below.

Is there anything else I can check on my setup to diagnose the issue?

Okay @novak sorry about that.
Take a look below URL.
Thank you.
Okay @novak this might be helpful also.
Thank you.
You should also check the KES policy (events section). On every event, you can decide where to send it to (also SIEM -> this is not enabled by default).

We added a new license with Advanced European Edition, but still getting error

Cannot start sending events to the SIEM system. Functionality in limited mode. Area: System Management.

Do we need to do something else?
Did you enter Kaspersky Security Center license in properties of your ksc?
Yes that was the issue, figured it out.