Jump to content
Kaspersky Support Forum

Connecting KSC to Wazuh (SIEM)

fergg

By fergg
in Kaspersky Security Center

 Share

Recommended Posts

fergg

fergg

Posted
Posted

Hi!
I'm trying to connect event export from ksc to wazuh, all necessary checkboxes are checked, event export is configured, in wazuh ossec.conf the necessary port/protocol is specified and logging is enabled.

What can be wrong?

Renan Corassa

Renan Corassa

Posted
Posted

Run a lab using https://www.fastvue.co/syslog/ and validate that notifications in policies are being sent to the SIEM.

Have you already specified in the policy > event settings which should be forwarded to the SIEM?

fergg

fergg

Posted
  • Author
Posted
On 12/6/2024 at 3:03 PM, Renan Corassa said:

Run a lab using https: //www . fastvue . co/syslog/ and validate that notifications in policies are being sent to the SIEM.

Have you already specified in the policy > event settings which should be forwarded to the SIEM?

Yes, I specified the types of events required and specified that the events should be exported to SIEM.

JL - KL DACH

JL - KL DACH

Posted
Posted

Hello,

thx for the info.
If your SIEM system is ntot in the supported list you cannot use it with us. 
But to make sure this is correct and to prevent misunderstandings you should open a support ticket to troubleshoot and discuss this with technical support.

Thank you in advance

Best Regards

 

fergg

fergg

Posted
  • Author
Posted
9 минут назад, JL - KL DACH сказал:

Hello,

thx for the info.
If your SIEM system is ntot in the supported list you cannot use it with us. 
But to make sure this is correct and to prevent misunderstandings you should open a support ticket to troubleshoot and discuss this with technical support.

Thank you in advance

Best Regards

 

Hi!
I have found guides on how to set up KSC interaction with Wazuh (for example - https://medium.com/@yury.xisto/integrating-kaspersky-security-center-withwazuh-6f4468292e24). So it should be supported.

JL - KL DACH

JL - KL DACH

Posted
Posted

Hello,
many thx for the information and the solution.

However this does not indicate that the Siem system specified is tested and officially supported.
As long as the documentation do not contain it as supported SIEM System it is not supported.
This is the reason to open a technical support request to discuss it.
The description from the link, correct one is https://medium.com/p/6f4468292e24
show how to configure KSC with your Siem system. This is the normal procedure how to do it with each Siem System.
How to confirgure Wazuh side is not part of our descriptions.
 

Thank you in advance

Best Regards

 

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing


×
×
  • Create New...