This article is about Kaspersky Security Center for Windows (KSC for Windows)

Step-by-step guide

Make sure that System Management license is installed, otherwise KSC events won't be exported to SIEM. For more information please refer to SIEM integration: the most frequent error.
 

1. Specify Splunk Server address and port;
   
   
   
    
2. Login into Splunk Management console;
   
   
   
    
3. Press Settings → Configure data inputs;
   
   
   
    
4. In the opened Add Data window 
   - select TCP;
   - Specify Port you are planning to use. And a Source (KSC server address or DNS-name).
   
   
   
    
5. Configure Source type: choose Select and pick syslog from drop down menu. Configure Host: set IP for Method 
   
   
   
    
6. Check the settings on a result screen;
   
   
   
    
7. Open Splunk home page and press Search & Reporting;
   
   
   
    
8. Make sure that KSC event were indexed by Splunk correctly as expected;
   
   
   
    
9. Right now you are able to see raw KSC events.