Selecting events in a policy

If you want to export events that occurred in all applications managed by a specific policy, select the events to export in the policy. In this case, you cannot select events for an individual application.

To select events to export in a policy:

  1. In the Kaspersky Security Center console tree, select the Policies node.

    Policies node

    Policies

  2. Right-click to open the context menu of the relevant policy and select Properties.
  3. In the opened policy properties window, select the Event configuration section.

    Event notification section

    Administration Server policy properties window

  4. In the list of events that appears, select one or several events that need to be exported to the SIEM system, and click the Properties button.

    If you need to select all events, click the Select all button.

  5. In the event properties window that appears, select the Export to SIEM system via Syslog check box to enable export for the selected events.

    Enabling export for selected events

    Administration Server event properties window

  6. Click OK to save the changes.
  7. In the policy properties window, click OK.

The selected events will be sent to the SIEM system over the Syslog protocol. The export will begin immediately after you enable automatic export and select the events to export. Configure the SIEM system to ensure that it can receive events from Kaspersky Security Center.

Page top