Kaspersky EDR Optimum
Before You Begin
- Ensure you have an active Kaspersky EDR Optimum account with administrator privileges.
- Kaspersky EDR Optimum login credentials.
- Familiarity with REST API and token-based authentication.
Steps to Send Kaspersky EDR Optimum Logs to for Monitoring
Log in to Kaspersky EDR Optimum Console
Access the Kaspersky EDR Optimum Administration Console: Log in to the Kaspersky EDR Optimum web interface using an administrator account.
Generate API Token
Navigate to API Management: Follow the Kaspersky EDR Optimum documentation to generate an API token for accessing the REST API.
Configure API Access
API User and Permissions: Ensure the API user has appropriate permissions to access the required log data.
After completing the initial steps to set up API access in Kaspersky EDR, please provide the following information to our support team to configure Cribl for receiving and processing Kaspersky EDR logs:
API Access Details
API Token: The API token generated for accessing the Kaspersky EDR REST API. This token is required for authentication when fetching logs.
Kaspersky EDR Server Information
Kaspersky EDR Server URL:
The base URL of your Kaspersky EDR server (e.g., https://kaspersky.example.com
).
Log Data Information
Log Types: Specify the types of logs being sent (e.g., endpoint activity logs, security events, system logs).
Log Format: The format of the logs being sent (e.g., JSON).
Additional Configuration Details
Log Fetching Frequency: The desired frequency for fetching logs from Kaspersky EDR (e.g., every 5 minutes, hourly).
Any Specific Filters or Parameters: Any specific filters or parameters to apply when fetching logs (e.g., specific time ranges, event types).
Destination Configuration in Cribl
Desired Output Destination: Specify where the processed logs should be sent (e.g., a SIEM, data lake, or other logging infrastructure).
Destination Details: Provide details for the output destination, such as the endpoint URL, authentication credentials, and any specific configuration settings.
Please send the above details to our support team via an "Onboard Log source request in your SecurIST platform
Getting Help
If you encounter any issues or need assistance during this process, our support team is here to help. You can reach out to us through:
Support Portal: Submit a ticket via our support portal for detailed assistance. Documentation: Refer to our extensive documentation library for troubleshooting and additional guides.
By providing these details, we will be able to configure SecurIST to accept and process Bitdefender logs for your SIEM service.