Dears,
i have configured Kaspersky to send CEF log to Splunk destination from Kaspersky console but when I have used CEF add on to parse this data into Splunk it's not parsed correctly , so may I know how to get his data parsed and CIM compatabile for Splunk ES
Please reference a recent answers post that may provide what you need.
Hi,
What do you mean by "not parsed correctly"?
I am also trying to get events to CIM compliant. I'm looking for documentation about Kaspersky Security Center log types...
Regards,
Istvan
i mean data is parsed by no keys populated to this values , the values must be parsed with CIM compliant values