Archive2
Highlighted

How to connect Kaspersky Security Center 11 to Kaspersky App in Splunk?

New Member

I have read several question-answer pages everywhere, kaspersky documentation and all other stuff, but unfortunately no clear - professional level explanation on how to perform it. Even Splunk itself does not provide any documentation about it (last time i checked).

I have:

  1. Kaspersky Security Center 11 - Full license.
  2. Kaspersky App for Splunk - downloaded and installed from Splunk Database.
  3. Splunk Enterprise.

I have done:

1) On Kaspersky Security Center Side - i have configured Event Manager to send CEF events to Splunk, with IP/PORT. I have also selected what to send inside the Policies.
2) I have deployed Kaspersky App into the Splunk by tar archive (general installation way) with all required software(add-on) also installed)

How to configure Splunk part? I know that i have to provide Data input and etc, however whatever i try, Kaspersky App does not show anything. I do not see on web interface any relative configurations for Kaspersky App. Are there?

Am i missing something? It looks like yes. Or maybe this is a os-network issue?

Thanks for support.

0 Karma
Reply