Kaspersky Integration
15 views
Skip to first unread message
Nawaf alhassoun
4:00 AM (8 hours ago) 4:00 AM
to Wazuh | Mailing List
Dear Wazuh
I hope this message finds you well.
I am writing to inquire about the process of integrating Kaspersky Center 14.2 with Wazuh and the subsequent forwarding of logs from Kaspersky to Wazuh.
Jorge Eduardo Molas
7:07 AM (5 hours ago) 7:07 AM
to Wazuh | Mailing List
Hello, I will work on your use case. Please allow me a few moments to gather the information, and I'll be back shortly.
Regards!
Jorge Eduardo Molas
7:53 AM (4 hours ago) 7:53 AM
to Wazuh | Mailing List
Unfortunately, we do not have an official integration with Kaspersky. However, Kaspersky Center enables sending via syslog, allowing Wazuh to ingest the data, as per its documentation.
To retrieve syslog events in the Wazuh manager, follow these steps:
https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/syslog.html
Taking a look at the Kaspersky Security Center documentation, I was able to find the instructions for integrating with SIEMs:
https://support.kaspersky.com/MSP/4.0/en-US/207199.htm
Finally, you might have to create and incorporate custom decoders and rules. The following documentation explains this process.
Let me know it is useful for you!
To retrieve syslog events in the Wazuh manager, follow these steps:
https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/syslog.html
Taking a look at the Kaspersky Security Center documentation, I was able to find the instructions for integrating with SIEMs:
https://support.kaspersky.com/MSP/4.0/en-US/207199.htm
Finally, you might have to create and incorporate custom decoders and rules. The following documentation explains this process.
Let me know it is useful for you!
Regards!
Reply all
Reply to author
Forward
0 new messages