Kaspersky Antivirus is an endpoint protection platform that protects your assets from viruses.
Before You Begin
You must configure Kaspersky Antivirus to send its logs to a syslog server.
To configure Kaspersky to send Syslog to InsightIDR:
- Follow the steps of the SIEM integration guide here: https://support.kaspersky.com/9284
- For Step 4 of the guide, choose Syslog as your SIEM system.
- Enter the IP Address of the InsightIDR Collector in the “SIEM system server address” field.
- Enter the port of the InsightIDR Collector in the “SIEM system server port” field.
- Choose a protocol for sending messages over Syslog from the “Protocol” dropdown.
- Click OK to save the configuration.
For more information about Kaspersky and Threat Data Feeds, visit this link: https://support.kaspersky.com/13851.
How to Configure This Event Source
- From your dashboard, select Data Collection on the left hand menu.
- When the Data Collection page appears, click the Setup Event Source dropdown and choose Add Event Source.
- From the “Security Data” section, click the Virus Scan icon. The “Add Event Source” panel appears.
- Choose your collector and event source. You can also name your event source if you want.
- Choose the timezone that matches the location of your event source logs.
- Optionally choose to send unparsed logs.
- Configure your default domain or add a new one.
- Select Listen on Network Port and specify the port and protocol you configured in the Kaspersky interface.
- Optionally choose to encrypt the event source if choosing TCP by downloading the Rapid7 Certificate.
- Click Save.