Jump to content
Kaspersky Support Forum

Kaspersky Security Center Cloud (KSCCC) and Format Syslog

tsozcyber

By tsozcyber
in Kaspersky Security Center

 Share

Recommended Posts

tsozcyber

tsozcyber

Posted
Posted (edited)

Greetings community!
We use KSCCC, where we recently integrated it with our FortiSIEM to send alerts and events in general. However, we noticed that we received the following format pattern:
<14>1 2025-04-15T12:50:06.047Z  | - TEST_SIEM_CONNECTION [event@23668 et="TEST_SIEM_CONNECTION" etdn="Test Siem Connection"]

<14>1 2025-04-15T01:34:49.000Z xxx_hostedinst_xxxxx.openstacklocal 1093|1.0.0.0 - KLAUD_EV_SERVERCONNECT [event@23668 p2="x.x.x.x" p3="2x\\xx" p5="x.x.x.x" p9="::1" et="KLAUD_EV_SERVERCONNECT" etdn="Audit (connection to the Administration Server)" hdn="<xxxx>" hip="x.x.x.x" gn="Managed devices" kscfqdn="xxx.openstacklocal"] User "2xxx" has connected to the Administration Server from "x.x.x.x".

Among the format change options, only the "System log" option is available, as shown in the image below:


image.png.46dead6657c226b0931c17c813fadf0b.png

Apparently, either we are not enabled to send in CEF format, or we have made this change in a specific option. I would like to enable the CEF format.

Name of licensed application
Kaspersky Next EDR Optimum Brazilian Edition.

Edited by tsozcyber
More info
Tahmeed702

Tahmeed702

Posted
Posted
On 4/16/2025 at 8:30 PM, tsozcyber said:

Greetings community!
We use KSCCC, where we recently integrated it with our FortiSIEM to send alerts and events in general. However, we noticed that we received the following format pattern:
<14>1 2025-04-15T12:50:06.047Z  | - TEST_SIEM_CONNECTION [event@23668 et="TEST_SIEM_CONNECTION" etdn="Test Siem Connection"]

<14>1 2025-04-15T01:34:49.000Z xxx_hostedinst_xxxxx.openstacklocal 1093|1.0.0.0 - KLAUD_EV_SERVERCONNECT [event@23668 p2="x.x.x.x" p3="2x\\xx" p5="x.x.x.x" p9="::1" et="KLAUD_EV_SERVERCONNECT" etdn="Audit (connection to the Administration Server)" hdn="<xxxx>" hip="x.x.x.x" gn="Managed devices" kscfqdn="xxx.openstacklocal"] User "2xxx" has connected to the Administration Server from "x.x.x.x".

Among the format change options, only the "System log" option is available, as shown in the image below:


image.png.46dead6657c226b0931c17c813fadf0b.png

Apparently, either we are not enabled to send in CEF format, or we have made this change in a specific option. I would like to enable the CEF format.

Name of licensed application
Kaspersky Next EDR Optimum Brazilian Edition.

Events can be exported only by syslog format in KSC Cloud Console

https://support.kaspersky.com/ksc_cloudconsole/218223 

but in on-prem ksc you can export it to CEF and LEEF format

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing


×
×
  • Create New...