FortiSIEM Discussions
IsuruTharanga
New Contributor

Kaspersky Security Center Integration

Hi,

I would like to know whether FortiSIEM supports Kaspersky Security Center Syslog collection. I haven't seen anything related to Kaspersky in External Systems Configuration Guide (FortiSIEM Documentation) but configured the syslog forwarding as mentioned in Kaspersky online help (https://help.kaspersky.com/KSC/11/en-US/151333.htm) since there was a parser,


But when I look into the parser it is referring to CEF or it is looking for 2 Keywords,


Moreover, in the Kaspersky Security Center it only shows these CEF Formats and Syslog format which I have configured with.

What would be the correct format to choose?

Regards,
Isuru



8 REPLIES 8
GabrielKaelin

Hi Isuru

FortiSIEM does not contain a parser for the syslog format as of now, only CEF is supported. I don't know what the difference between ArcSight CEF and Splunk CEF is.
Be aware that Kaspersky CEF log export requires an advanced license from Kaspersky (cf. https://media.kaspersky.com/en/business-security/kaspersky-endpoint-security-for-business-datasheet....). With the select license, Kaspersky will only send out in default "Syslog" format, i.e. non-CEF, and FortiSIEM won't be able to parse it.

Regards,
Gabriel
IsuruTharanga

Hi Gabriel,

Thanks for the insight. I will check on the license as well.

Regards,
Isuru-------------------------------------------
Original Message:
Sent: May 28, 2020 04:18 AM
From: Gabriel Kaelin
Subject: Kaspersky Security Center Integration

Hi Isuru

FortiSIEM does not contain a parser for the syslog format as of now, only CEF is supported. I don't know what the difference between ArcSight CEF and Splunk CEF is.
Be aware that Kaspersky CEF log export requires an advanced license from Kaspersky (cf. https://media.kaspersky.com/en/business-security/kaspersky-endpoint-security-for-business-datasheet....). With the select license, Kaspersky will only send out in default "Syslog" format, i.e. non-CEF, and FortiSIEM won't be able to parse it.

Regards,
Gabriel
DanielHanman
Staff
Staff

Hi Isru,

You should be able to send Kaspersky CEF format syslog to FortiSIEM.

The default parser should work, however, this is a slightly modified version and parsing some more fields. Clone the existing parser, paste this new one in. Then make sure you Apply it.

Let me know how you get on.

Thanks

Dan-------------------------------------------
Original Message:
Sent: May 28, 2020 03:13 AM
From: Isuru Tharanga
Subject: Kaspersky Security Center Integration

Hi,

I would like to know whether FortiSIEM supports Kaspersky Security Center Syslog collection. I haven't seen anything related to Kaspersky in External Systems Configuration Guide (FortiSIEM Documentation) but configured the syslog forwarding as mentioned in Kaspersky online help (https://help.kaspersky.com/KSC/11/en-US/151333.htm) since there was a parser,


But when I look into the parser it is referring to CEF or it is looking for 2 Keywords,


Moreover, in the Kaspersky Security Center it only shows these CEF Formats and Syslog format which I have configured with.

What would be the correct format to choose?

Regards,
Isuru



IsuruTharanga

Hi Daniel,

Thanks for the updated parser. I will check on this and let you know how it goes.

Regards,
Isuru-------------------------------------------
Original Message:
Sent: May 28, 2020 04:30 AM
From: Daniel Hanman
Subject: Kaspersky Security Center Integration

Hi Isru,

You should be able to send Kaspersky CEF format syslog to FortiSIEM.

The default parser should work, however, this is a slightly modified version and parsing some more fields. Clone the existing parser, paste this new one in. Then make sure you Apply it.

Let me know how you get on.

Thanks

Dan
Original Message:
Sent: May 28, 2020 03:13 AM
From: Isuru Tharanga
Subject: Kaspersky Security Center Integration

Hi,

I would like to know whether FortiSIEM supports Kaspersky Security Center Syslog collection. I haven't seen anything related to Kaspersky in External Systems Configuration Guide (FortiSIEM Documentation) but configured the syslog forwarding as mentioned in Kaspersky online help (https://help.kaspersky.com/KSC/11/en-US/151333.htm) since there was a parser,


But when I look into the parser it is referring to CEF or it is looking for 2 Keywords,


Moreover, in the Kaspersky Security Center it only shows these CEF Formats and Syslog format which I have configured with.

What would be the correct format to choose?

Regards,
Isuru



IsuruTharanga

Hi Daniel,

The parser is working. Thanks for the support.

Regards,
Isuru-------------------------------------------
Original Message:
Sent: May 28, 2020 08:33 PM
From: Isuru Tharanga
Subject: Kaspersky Security Center Integration

Hi Daniel,

Thanks for the updated parser. I will check on this and let you know how it goes.

Regards,
Isuru
Original Message:
Sent: May 28, 2020 04:30 AM
From: Daniel Hanman
Subject: Kaspersky Security Center Integration

Hi Isru,

You should be able to send Kaspersky CEF format syslog to FortiSIEM.

The default parser should work, however, this is a slightly modified version and parsing some more fields. Clone the existing parser, paste this new one in. Then make sure you Apply it.

Let me know how you get on.

Thanks

Dan
Original Message:
Sent: May 28, 2020 03:13 AM
From: Isuru Tharanga
Subject: Kaspersky Security Center Integration

Hi,

I would like to know whether FortiSIEM supports Kaspersky Security Center Syslog collection. I haven't seen anything related to Kaspersky in External Systems Configuration Guide (FortiSIEM Documentation) but configured the syslog forwarding as mentioned in Kaspersky online help (https://help.kaspersky.com/KSC/11/en-US/151333.htm) since there was a parser,


But when I look into the parser it is referring to CEF or it is looking for 2 Keywords,


Moreover, in the Kaspersky Security Center it only shows these CEF Formats and Syslog format which I have configured with.

What would be the correct format to choose?

Regards,
Isuru



AlaaAlatrash

Hi Daniel,
Can you please share the parser again, I cannot access the attached
Thanks-------------------------------------------
Original Message:
Sent: May 28, 2020 04:30 AM
From: Daniel Hanman
Subject: Kaspersky Security Center Integration

Hi Isru,

You should be able to send Kaspersky CEF format syslog to FortiSIEM.

The default parser should work, however, this is a slightly modified version and parsing some more fields. Clone the existing parser, paste this new one in. Then make sure you Apply it.

Let me know how you get on.

Thanks

Dan
Original Message:
Sent: May 28, 2020 03:13 AM
From: Isuru Tharanga
Subject: Kaspersky Security Center Integration

Hi,

I would like to know whether FortiSIEM supports Kaspersky Security Center Syslog collection. I haven't seen anything related to Kaspersky in External Systems Configuration Guide (FortiSIEM Documentation) but configured the syslog forwarding as mentioned in Kaspersky online help (https://help.kaspersky.com/KSC/11/en-US/151333.htm) since there was a parser,


But when I look into the parser it is referring to CEF or it is looking for 2 Keywords,


Moreover, in the Kaspersky Security Center it only shows these CEF Formats and Syslog format which I have configured with.

What would be the correct format to choose?

Regards,
Isuru



DanielHanman

Hi Alaa, I just downloaded it again from here, it does open in the browser which means you may need to view the page source as it is XML.

Let me know if you are still having issues and I will send you a separate link.

Thanks

Dan

------------------------------
Daniel
------------------------------
-------------------------------------------
Original Message:
Sent: Aug 03, 2020 11:48 PM
From: Alaa Alatrash
Subject: Kaspersky Security Center Integration

Hi Daniel,
Can you please share the parser again, I cannot access the attached
Thanks
Original Message:
Sent: May 28, 2020 04:30 AM
From: Daniel Hanman
Subject: Kaspersky Security Center Integration

Hi Isru,

You should be able to send Kaspersky CEF format syslog to FortiSIEM.

The default parser should work, however, this is a slightly modified version and parsing some more fields. Clone the existing parser, paste this new one in. Then make sure you Apply it.

Let me know how you get on.

Thanks

Dan
Original Message:
Sent: May 28, 2020 03:13 AM
From: Isuru Tharanga
Subject: Kaspersky Security Center Integration

Hi,

I would like to know whether FortiSIEM supports Kaspersky Security Center Syslog collection. I haven't seen anything related to Kaspersky in External Systems Configuration Guide (FortiSIEM Documentation) but configured the syslog forwarding as mentioned in Kaspersky online help (https://help.kaspersky.com/KSC/11/en-US/151333.htm) since there was a parser,


But when I look into the parser it is referring to CEF or it is looking for 2 Keywords,


Moreover, in the Kaspersky Security Center it only shows these CEF Formats and Syslog format which I have configured with.

What would be the correct format to choose?

Regards,
Isuru



Michaelsaba

 

Hello Daniel,

 

Can you please share again the parser, can't find it.

Thankyou.

Best Regard,