Kaspersky Security Center
Version: Kaspersky Security Center v10.0 or later.
Kaspersky Security Center offers consumer security products, such as anti-virus, anti-malware and firewall applications. Besides, to the security systems designed for small businesses, corporations, and large enterprises.
Kaspersky Security Center can be integrated with Netsurion Open XDR via syslog. Netsurion can fetch the device management, object management, virus detected, vulnerabilities detected events on endpoints.
Dashboards provide a view of unmanaged endpoints, inactive endpoints and threat detected on the endpoint.
By using a detailed report, we can understand which endpoint is infected by malware, endpoints which are inactive for more than seven days and provide information about the unmanaged endpoint in the environment. Alerts are triggered whenever malware is detected, device blocked on endpoints, etc.
- Security – Malware found, device connection blocked, unmanaged devices, vulnerabilities detected, inactive devices.
- Operations – Application management, user accessed admin server.
- Compliance – Endpoint license status, device management.
Once Kaspersky Security Center is configured to deliver events to Netsurion Open XDR Manager; alerts, dashboards and reports can be configured into Netsurion Open XDR.
The following are the key Data Source Integration available in Netsurion Open XDR.
|Security||Kaspersky Security Center – Malware detected||This alert is triggered when a mail attachment has malware files.|
|Security||Kaspersky Security Center – Device connection blocked||This alert is generated when removable disks connected on endpoints.|
|Security||Kaspersky Security Center – Inactive device||This alert is generated when an endpoint is not responding for more than seven days.|
|Security||Kaspersky Security Center – Malware found||This report provides information suspicious object deleted, disinfection not possible, and blocked object name, the action was taken on the object, file path, etc.|
|Security||Kaspersky Security Center – Unmanaged endpoints||This report provides information related to an endpoint not manageable by Kaspersky Security Center for some reason.|
|Security||Kaspersky Security Center – Device connection blocked||This report provides information related to removable disks connected to endpoints and connections blocked by Kaspersky Security Center, removable disk names, endpoint names, endpoint IP address, etc.|
|Security||Kaspersky Security Center – Inactive endpoints||This report provides information related to endpoint inactive for more than seven days.|
|Security||Kaspersky Security Center – Vulnerabilities detected and fixed with updates||This report provides the information related to the vulnerabilities detected on endpoints and fixing them installing with new updates.|
|Operations||Kaspersky Security Center – User connected admin server||This report provides information related to the user accessed administration server, user name, IP address, etc.|
|Operations||Kaspersky Security Center – Application management||This report provides information related to what is the application installed and uninstalled on endpoints, application names, destination hostname, etc.|
|Compliance||Kaspersky Security Center – Endpoint management||This report provides information related to endpoint added and removed, destination hostname, message, endpoint added to the admin group, endpoint removed from the admin group, endpoint name, endpoint IP address, etc.|
|Compliance||Kaspersky Security Center – Endpoint license status||This report provides information related to endpoint license status, endpoint names, endpoint IP address, etc.|
The configuration details are consistent with Netsurion Open XDR 9.x and later, Kaspersky Security Center.