I have read several question-answer pages everywhere, kaspersky documentation and all other stuff, but unfortunately no clear - professional level explanation on how to perform it. Even Splunk itself does not provide any documentation about it (last time i checked).
I have:
- Kaspersky Security Center 11 - Full license.
- Kaspersky App for Splunk - downloaded and installed from Splunk Database.
- Splunk Enterprise.
I have done:
1) On Kaspersky Security Center Side - i have configured Event Manager to send CEF events to Splunk, with IP/PORT. I have also selected what to send inside the Policies.
2) I have deployed Kaspersky App into the Splunk by tar archive (general installation way) with all required software(add-on) also installed)
How to configure Splunk part? I know that i have to provide Data input and etc, however whatever i try, Kaspersky App does not show anything. I do not see on web interface any relative configurations for Kaspersky App. Are there?
Am i missing something? It looks like yes. Or maybe this is a os-network issue?
Thanks for support.
