Kaspersky
Question

Which license do I need to send events from KSC to SIEM? [moved]

  • 11 April 2019
  • 8 replies
  • 917 views

Hello all,

I have Kaspersky Security Center 10 installed with a Total Security for Business license (Trial), but it doesn't send any events to my SIEM. My scenario is the same as described in this thread: KASPERSKY EVENTS TO SIEM IBM QRADAR, and the thread linked from there, except that I have a different license (same setup, same event message).

I thought this license I have encompassed all features. If not, which license do I need to send events to SIEM from KSC? Is there a different trial license that I can use to test this feature?

Thanks in advance.

8 replies

Yes that was the issue, figured it out.

Thanks
Did you enter Kaspersky Security Center license in properties of your ksc?
Hello,

We added a new license with Advanced European Edition, but still getting error

Cannot start sending events to the SIEM system. Functionality in limited mode. Area: System Management.

Do we need to do something else?
Userlevel 3
Badge +1
You should also check the KES policy (events section). On every event, you can decide where to send it to (also SIEM -> this is not enabled by default).
Userlevel 7
Badge +2
Okay @novak this might be helpful also.
https://help.kaspersky.com/KSC/SP3/en-US/89277.htm
Thank you.
Userlevel 7
Badge +2
Okay @novak sorry about that.
Take a look below URL.
https://help.kaspersky.com/KSC/EventExport/en-US/142068.htm
Thank you.
Thanks @KarDip.

I compared my setup with the online tutorial, and everything seems ok (see below). I'm using Apache Metron as the SIEM, and I have Apache NiFi listening on port 9122 and setup to send these events to my SIEM, but KSC doesn't even connect to it. I tested it with netcat to make sure, but no data arrives. KSC shows me an event just like the one in the article I linked (but in portuguese, screencap below). For completeness, my licenses are also pictured below.

Is there anything else I can check on my setup to diagnose the issue?

Userlevel 7
Badge +2
HI,@novak an welcome to te new Kaspersky Community.
This is not an issue for you, so jjust need to do some new settings setup.
Take a look at this Kaspersky online tutorial.
https://support.kaspersky.com/us/9284
Thank you.

Reply