Kaspersky Security Center

Version: Kaspersky Security Center v10.0 or later.

Kaspersky Security Center offers consumer security products, such as anti-virus, anti-malware and firewall applications. Besides, to the security systems designed for small businesses, corporations, and large enterprises.

Kaspersky Security Center can be integrated with Netsurion Open XDR via syslog. Netsurion can fetch the device management, object management, virus detected, vulnerabilities detected events on endpoints.

Dashboards provide a view of unmanaged endpoints, inactive endpoints and threat detected on the endpoint.

By using a detailed report, we can understand which endpoint is infected by malware, endpoints which are inactive for more than seven days and provide information about the unmanaged endpoint in the environment. Alerts are triggered whenever malware is detected, device blocked on endpoints, etc.

  • Security – Malware found, device connection blocked, unmanaged devices, vulnerabilities detected, inactive devices.
  • Operations – Application management, user accessed admin server.
  • Compliance – Endpoint license status, device management.

Once Kaspersky Security Center is configured to deliver events to Netsurion Open XDR Manager; alerts, dashboards and reports can be configured into Netsurion Open XDR.

The following are the key Data Source Integration available in Netsurion Open XDR.

Alerts

Type Name Description
Security Kaspersky Security Center – Malware detected This alert is triggered when a mail attachment has malware files.
Security Kaspersky Security Center – Device connection blocked This alert is generated when removable disks connected on endpoints.
Security Kaspersky Security Center – Inactive device This alert is generated when an endpoint is not responding for more than seven days.

Reports

Type Name Description
Security Kaspersky Security Center – Malware found This report provides information suspicious object deleted, disinfection not possible, and blocked object name, the action was taken on the object, file path, etc.
Security Kaspersky Security Center – Unmanaged endpoints This report provides information related to an endpoint not manageable by Kaspersky Security Center for some reason.
Security Kaspersky Security Center – Device connection blocked This report provides information related to removable disks connected to endpoints and connections blocked by Kaspersky Security Center, removable disk names, endpoint names, endpoint IP address, etc.
Security Kaspersky Security Center – Inactive endpoints This report provides information related to endpoint inactive for more than seven days.
Security Kaspersky Security Center – Vulnerabilities detected and fixed with updates This report provides the information related to the vulnerabilities detected on endpoints and fixing them installing with new updates.
Operations Kaspersky Security Center – User connected admin server This report provides information related to the user accessed administration server, user name, IP address, etc.
Operations Kaspersky Security Center – Application management This report provides information related to what is the application installed and uninstalled on endpoints, application names, destination hostname, etc.
Compliance Kaspersky Security Center – Endpoint management This report provides information related to endpoint added and removed, destination hostname, message, endpoint added to the admin group, endpoint removed from the admin group, endpoint name, endpoint IP address, etc.
Compliance Kaspersky Security Center – Endpoint license status This report provides information related to endpoint license status, endpoint names, endpoint IP address, etc.

Documentation

The configuration details are consistent with Netsurion Open XDR 9.x and later, Kaspersky Security Center.

Download Integration Guide and How-to Guide for configuration instructions and more information.