Skip to content

Kaspersky EDR Optimum

Before You Begin

  • Ensure you have an active Kaspersky EDR Optimum account with administrator privileges.
  • Kaspersky EDR Optimum login credentials.
  • Familiarity with REST API and token-based authentication.

Steps to Send Kaspersky EDR Optimum Logs to for Monitoring

Log in to Kaspersky EDR Optimum Console

Access the Kaspersky EDR Optimum Administration Console: Log in to the Kaspersky EDR Optimum web interface using an administrator account.

Generate API Token

Navigate to API Management: Follow the Kaspersky EDR Optimum documentation to generate an API token for accessing the REST API.

Configure API Access

API User and Permissions: Ensure the API user has appropriate permissions to access the required log data.

After completing the initial steps to set up API access in Kaspersky EDR, please provide the following information to our support team to configure Cribl for receiving and processing Kaspersky EDR logs:

API Access Details

API Token: The API token generated for accessing the Kaspersky EDR REST API. This token is required for authentication when fetching logs.

Kaspersky EDR Server Information

Kaspersky EDR Server URL: The base URL of your Kaspersky EDR server (e.g., https://kaspersky.example.com).

Log Data Information

Log Types: Specify the types of logs being sent (e.g., endpoint activity logs, security events, system logs).

Log Format: The format of the logs being sent (e.g., JSON).

Additional Configuration Details

Log Fetching Frequency: The desired frequency for fetching logs from Kaspersky EDR (e.g., every 5 minutes, hourly).

Any Specific Filters or Parameters: Any specific filters or parameters to apply when fetching logs (e.g., specific time ranges, event types).

Destination Configuration in Cribl

Desired Output Destination: Specify where the processed logs should be sent (e.g., a SIEM, data lake, or other logging infrastructure).

Destination Details: Provide details for the output destination, such as the endpoint URL, authentication credentials, and any specific configuration settings.

Please send the above details to our support team via an "Onboard Log source request in your SecurIST platform

Getting Help

If you encounter any issues or need assistance during this process, our support team is here to help. You can reach out to us through:

Support Portal: Submit a ticket via our support portal for detailed assistance. Documentation: Refer to our extensive documentation library for troubleshooting and additional guides.

By providing these details, we will be able to configure SecurIST to accept and process Bitdefender logs for your SIEM service.