Wazuh Integration with Kaspersky Security Cloud – Need Assistance

21 views
Skip to first unread message

Shady Mohamed

unread,
Jun 29, 2026, 3:53:54 AM (4 days ago) Jun 29
to Wazuh | Mailing List
Hello,

I'm trying to integrate Kaspersky Security Cloud with Wazuh to forward logs, but I haven't been able to get it working. Has anyone successfully configured this integration before? If so, I'd really appreciate any guidance or advice on the setup and troubleshooting steps. Thanks in advance!

Md. Nazmur Sakib

unread,
Jun 29, 2026, 4:46:43 AM (4 days ago) Jun 29
to Wazuh | Mailing List
Hi Shady,

You can forward logs from Kaspersky Security Cloud to any syslog server.
https://support.kaspersky.com/iot-secure-gateway-1000/2.0/194359

Using this logic, you can forward the log to an agent or Wazuh manager where you have rsyslog installed.
Kaspersky Cloud event export to SIEM configuration over TLS as described in this documentation here. What you need is the certificates signed by a trusted CA. Upload the certificate and key to the Kaspersky cloud, which should also mimic what you have on the rsyslog server.

Please refer to the Kaspersky documentation here and also the rsyslog step-by-step guide as defined here.
You can make use of OpenSSL to generate the certificates and upload, but if you have a CA, that also works.
Once you have initiated the connection, you can also leverage this documentation to configure rsyslog to capture events from the Kaspersky Cloud.
Once you have the above setup, you can then install a Wazuh agent on the rsyslog server so you are able to capture the logs and forward them to the Wazuh server for decoding.

Ref:
https://support.kaspersky.com/ksc/cloudconsole/en-us/216090.htm
https://www.rsyslog.com/doc/tutorials/tls.html
https://documentation.wazuh.com/current/cloud-service/your-environment/send-syslog-data.html

Please let me know if you require further assistance on this.
Reply all
Reply to author
Forward
0 new messages