Which license do I need to send events from KSC to SIEM? [moved]

[novak]

Hello all, I have Kaspersky Security Center 10 installed with a Total Security for Business license (Trial), but it doesn't send any events to my SIEM. My scenario is the same as described in this thread: KASPERSKY EVENTS TO SIEM IBM QRADAR, and the thread linked from there, except that I have a different license (same setup, same event message). I thought this license I have encompassed all features. If not, which license do I need to send events to SIEM from KSC? Is there a different trial license that I can use to test this feature? Thanks in advance.

[KarDip]

HI,novak an welcome to te new Kaspersky Community. This is not an issue for you, so jjust need to do some new settings setup. Take a look at this Kaspersky online tutorial. https://support.kaspersky.com/us/9284 Thank you.

[novak]

Thanks KarDip. I compared my setup with the online tutorial, and everything seems ok (see below). I'm using Apache Metron as the SIEM, and I have Apache NiFi listening on port 9122 and setup to send these events to my SIEM, but KSC doesn't even connect to it. I tested it with netcat to make sure, but no data arrives. KSC shows me an event just like the one in the article I linked (but in portuguese, screencap below). For completeness, my licenses are also pictured below. Is there anything else I can check on my setup to diagnose the issue?

[KarDip]

Okay novak sorry about that. Take a look below URL. https://help.kaspersky.com/KSC/EventExport/en-US/142068.htm Thank you.

[KarDip]

Okay novak this might be helpful also. https://help.kaspersky.com/KSC/SP3/en-US/89277.htm Thank you.

[ak01]

You should also check the KES policy (events section). On every event, you can decide where to send it to (also SIEM -> this is not enabled by default).

[Vork Wandor]

Hello, We added a new license with Advanced European Edition, but still getting error Cannot start sending events to the SIEM system. Functionality in limited mode. Area: System Management. Do we need to do something else?

[Zeljko]

Did you enter Kaspersky Security Center license in properties of your ksc?

[Vork Wandor]

Yes that was the issue, figured it out. Thanks