How to connect Kaspersky Security Center 11 to Kaspersky App in Splunk?

New Member

I have read several question-answer pages everywhere, kaspersky documentation and all other stuff, but unfortunately no clear - professional level explanation on how to perform it. Even Splunk itself does not provide any documentation about it (last time i checked).

I have:

  1. Kaspersky Security Center 11 - Full license.
  2. Kaspersky App for Splunk - downloaded and installed from Splunk Database.
  3. Splunk Enterprise.

I have done:

1) On Kaspersky Security Center Side - i have configured Event Manager to send CEF events to Splunk, with IP/PORT. I have also selected what to send inside the Policies.
2) I have deployed Kaspersky App into the Splunk by tar archive (general installation way) with all required software(add-on) also installed)

How to configure Splunk part? I know that i have to provide Data input and etc, however whatever i try, Kaspersky App does not show anything. I do not see on web interface any relative configurations for Kaspersky App. Are there?

Am i missing something? It looks like yes. Or maybe this is a os-network issue?

Thanks for support.

0 Karma
Speak Up for Splunk Careers!

We want to better understand the impact Splunk experience and expertise has has on individuals' careers, and help highlight the growing demand for Splunk skills.