Kaspersky Security Cloud Integration Wazuh
50 views
Skip to first unread message
Bruno Cena
May 27, 2025, 10:40:25 AM5/27/25
to Wazuh | Mailing List
Hello!
I'm trying to configure the integration of Kaspersky Security Cloud with Wazuh to forward logs, but I haven't been successful yet. Kaspersky Security Cloud must use a Syslog connection with TLS. I've already tried to configure an rsyslog to receive it, but nothing has happened yet. Has anyone experienced a similar situation and can help me, please?
I'm trying to configure the integration of Kaspersky Security Cloud with Wazuh to forward logs, but I haven't been successful yet. Kaspersky Security Cloud must use a Syslog connection with TLS. I've already tried to configure an rsyslog to receive it, but nothing has happened yet. Has anyone experienced a similar situation and can help me, please?
Olamilekan Abdullateef Ajani
May 27, 2025, 2:18:42 PM5/27/25
to Wazuh | Mailing List
Hello,
I have reviewed your query and also check on the kaspersky cloud event export to siem configuration over TLS as described in this documentation here. What you need is the certificates signed by a trusted CA, upload the certificate and key to Kaspersky cloud which should also mimic what you have on the rsyslog server.
Please refer to the kaspersky documentation here and also rsyslog step by step guide as defined here.
You can make use of openssl to generate the certificates and upload, but if you have a CA, that also works.
Once you have initiated the connection, you can also leverage on this documentation to configure rsyslog to capture events from the kaspersky cloud.
Once you have the above setup, you can then install a wazuh agent on the rsyslog server so you are able to capture the logs and forward them to wazuh server for decoding.
Please let me know if you require further assistance on this.
Reply all
Reply to author
Forward
0 new messages