Kaspersky Data
App Installation
| App | Search Head | Indexer | Heavy Forwarder | UF / Deployment Server | Additional Details |
|---|---|---|---|---|---|
| Kaspersky Add-on for Splunk | Required | - | Required | - | Installation Guide |
Important sourcetypes to be collected
- kaspersky:leef
- kaspersky:klaud
- kaspersky:klprci
- kaspersky:klbl
- kaspersky:klsrv
- kaspersky:gnrl
- kaspersky:klnag
Note :
-
Create an index named kaspersky or update the cs_kaspersky macro definition from Cyences app configuration page (Cyences Settings > Cyences App Configuration > Products Setup).
-
Use QRadar (LEEF format) not Splunk (CEF format) when forwarding data from Kaspersky to Syslog.
Estimated Data Size
The Kaspersky data is not large in terms of license and storage usage but it depends on the number of hosts connected in Kaspersky.