How to forward Kaspersky onprem and cloud logs to Wazuh – Need complete step-by-step guide

[Malik D Bandara]

Hi everyone,

I’m trying to integrate Kaspersky security logs into Wazuh SIEM and I’m looking for a complete step-by-step guide for both Kaspersky On Prem and Kaspersky Cloud Console. I want to collect endpoint security events such as malware detections, ransomware alerts, policy violations, and other security logs and forward them to Wazuh for centralized monitoring. I’d really appreciate guidance on the best log export method exact configuration steps on both the Kaspersky and Wazuh sides, supported log formats, recommended Wazuh decoders/rules, and any limitations or pitfalls. For the Cloud console, I’m especially interested in whether logs can be pulled via API, what permissions are required, and how others are normalizing these logs for Wazuh. Any official documentation, scripts, GitHub repos, or real-world experience would be extremely helpful. Thanks in advance!