Jump to content

Recommended Posts

Posted

I'm trying Kaspersky Security Center with trial license and I'm trying to use function send event to SIEM system, but I realized this function is limited function. I'm also trying to search function list of Kaspersky Security Center is in scope of trial license, but I cannot find it. Can anyone help me, thank you very much.

Posted (edited)

Trial versions are not limited in functionality except for the time of use...

 

Tell me what product license you have. Basic, Advanced, Optimum, Total, etc.

and in what variation do you use it...

internal server - https://support.kaspersky.com/KSC/14.2/en-US/5022.htm

cloud - https://support.kaspersky.com/Cloud/1.0/en-US/187780.htm

or cloud console - https://support.kaspersky.com/KSC/CloudConsole/en-US/5022.htm

Edited by ElvinE5
  • Thanks 1
Posted

I use it for internal server, but I don't know the license is basic, advanced, optimum or total, I'm just get the license from my colleague. At first, I didn't think it has limited but when I'm trying with Windows Event Viewer, and I get this Error in the image below.

image.thumb.jpeg.dffa5336cc8e711c2e85affbbbfae78f.jpeg

Posted

ok a few steps...

1. You have added a license to the repository, look at its name...

Спойлер

image.thumb.png.4f54e1fc9788af7c7cee617a7d233b9b.png

 

2. if the license is different from Basic, to activate the functionality (management) in the properties of the administration server, add a server key... then SIEM integrations (CEF, LEEF) will become available to you

you need the key on the server (you must have two files), or if you activated with an activation code...specify it

Спойлер

image.thumb.png.235529efaaef37e7371894e9fbe6e3a1.png

 

3. If the license is still Basic, then integration with SIEM is still available to you... but only via the Syslog protocol

However, for this integration you will have to manually select ALL events that you want to send to SIEM

Спойлер

image.thumb.png.bc8fa9cc24192a75dbeadcd15e28fc89.png

 

  • Thanks 1
Posted

I'm trying your guide, but I get this notification, what is it mean, and which is my license type, do I need to get another license. Anyway, thanks for your support

image.thumb.png.743de6e96569e8320dfcc2e35a52cd97.png

Posted (edited)

judging by the picture you have Total, this is enough to use the management functionality...

however, you only have one key file...the one that activates the security solutions themselves on clients (KES, KSWS, etc.)

you need a second key file...for KSC ... they can be supplied together in an archive...

Спойлер

image.png.eaf3cb6636fa50394d11e32152093a3e.png

ask your colleague what else they gave him with the trial version... perhaps an activation code... then everything can be activated with it or get the keys from it on the manufacturer’s website...

https://keyfile.kaspersky.com

you must have many keys since the Total package includes many products that can be activated...

along with the keys there should be a text file describing which key can activate what... something like this

Спойлер

image.thumb.png.c09c1be8fc64a73745f06f4ff8d44853.png

 

Edited by ElvinE5
  • Thanks 1
Posted

Thanks for your help, I found the key file through the link you give but when I put it to Administrator Server, I get this notification, I don't know what should I do next, can you help me. Thank you very much.

image.thumb.png.97a83cc93654805a48f20767dd0932d0.png

Posted

 

It looks like you have again chosen a key to activate the devices; according to your picture, the number is different...

That's what I mean, when you add both files to the repository... then the one you need should be called something like this

Спойлер

image.thumb.png.34c82e83831dd56e53958470ab42e76e.png

if you don’t have such a key, contact your supplier, the one who provided you with trial licenses... I think he can help

  • Thanks 1
Posted

Hello Chaser,
trial Licenses could normally used once on a Device so if a Trial License was active on that Device you can't activate another after the trial time expired.

So the best way is to ask your Partner / Reseller for an NFR Key for testing for a short period.

 

 

  • Like 1
  • Thanks 1
Posted (edited)

Thanks guys was help me, Actually I still not clearly understand about THask answer, but I think I should request another trial license. This is my current license. Oh If someone know right way to get trial license please suggest me. Thank you so much

image.thumb.png.67fa17ccdc90bdaffb088b306f171af3.png

Edited by chaser25
Posted

Hello Chaser,

NFR License is a different License for Free use not Trial it is like a Testing License for a custom Period more than 30 days like the Trial is.

If you ask the Partner / Reseller they should know what this License is.

 

 

  • Thanks 1
Posted

Do you know any other way to get an NFR license without contacting a Partner/Reseller? Or is there any way to export Kaspersky Security Center's syslog to SIEM system without needing an extra license? Thanks so much

Posted

@ElvinE5 I'm tried following your link but the result still the same above, it cannot start sending events to the SIEM system, specific is Splunk, most likely it is license issue, and I don't know how to get Advance license

  • 3 weeks later...
Posted

Hi Chaser,

Sorry I was on Vacation and no there is no way to get an NFR Key without Contact your Reseller / Partner / Distributor. If you have a Contact from KL you can ask them too.

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...