Integration with a SIEM system
August 27, 2024
ID 265848
To configure the integration of Kaspersky Endpoint Agent with a SIEM system and send telemetry to SIEM servers, an active Kaspersky Endpoint Agent license key with the XDR Telemetry license object is required.
A SIEM system is for managing security information and security events in an organization's IT infrastructure. A SIEM system allows you to detect, analyze, and eliminate security threats before they harm an organization.
Integration with a SIEM system implies that Kaspersky Endpoint Agent, installed on computers running Windows operating systems that are part of an organization's IT infrastructure, continuously monitors processes, open network connections, and modified files and sends data about events on computers to the SIEM server. This includes data that Kaspersky Endpoint Agent receives from Kaspersky Industrial CyberSecurity for Nodes.
You can configure integration between Kaspersky Endpoint Agent and a SIEM system in Kaspersky Security Center Administration Console, in Kaspersky Security Center Web Console, or using the command line interface locally on the device.