Kaspersky Anti-Virus

Kaspersky Antivirus is an endpoint protection platform that protects your assets from viruses.

Before You Begin

You must configure Kaspersky Antivirus to send its logs to a syslog server.

To configure Kaspersky to send Syslog to InsightIDR:

1. Follow the steps of the SIEM integration guide here: https://support.kaspersky.com/9284
2. For Step 4 of the guide, choose Syslog as your SIEM system.
3. Enter the IP Address of the InsightIDR Collector in the “SIEM system server address” field.
4. Enter the port of the InsightIDR Collector in the “SIEM system server port” field.
5. Choose a protocol for sending messages over Syslog from the “Protocol” dropdown.
6. Click OK to save the configuration.

For more information about Kaspersky and Threat Data Feeds, visit this link: https://support.kaspersky.com/13851.

How to Configure This Event Source

1. From your dashboard, select Data Collection on the left hand menu.
2. When the Data Collection page appears, click the Setup Event Source dropdown and choose Add Event Source.
3. From the “Security Data” section, click the Virus Scan icon. The “Add Event Source” panel appears.
4. Choose your collector and event source. You can also name your event source if you want.
5. Choose the timezone that matches the location of your event source logs.
6. Optionally choose to send unfiltered logs.
7. Configure your default domain or add a new one.
8. Select Listen for Syslog and specify the port and protocol you configured in the Kaspersky interface.
   • Optionally choose to encrypt the event source if choosing TCP by downloading the Rapid7 Certificate.
9. Click Save.