we are integrated Kaspersky antimalware via SQL pull method and its successfully added. But we are not getting any logs on ESM dashboards.
So someone help us to resolve this issue. Is there any guide to troubleshoot SQL pull method issue?
I had the same problem and it was because of the user's permissions in the DB, these permissions are from the schemas, so you enter the BD of the epo then to security, you enter the user's properties for the SIEM and habilias db_datareader (for example, I tmb enable db_datawriter) and I also did it in memership
I speak Spanish but not very good English, I hope to help you.
I have not seen so far on internet who did this task siccessfully.
However, do you guys need such thing?
Hint: Use SQL pull method
Hi Syed Irfan Naseer.
Could you please help me with the integration of the Kaspersky with mcAfee ESM ?!
i know what i need to do in the McAfee, but no idea what to configure in the Kaspersky side.
Could you provide a screenshot of the Kaspersky Settings ?!
Thank you very much!!!
Firstly, Kaspersky Administration Console or KSC nothing has to do with SIEM for integration process.
Secondly, It is only Database of Kaspersky which is integrated with SIEM.
Lastly, are you sure the account you are using for Pull method has DB access rights of KSC? if yes then how are you sure?
Hi Syed Irfan Naseer
first of all, Thanks' on the Quick Response!
i still didn't get from the customer the User Account name and password.
Becuse the IT company that's handeling the Kaspersky dosn't whant to provide me that,
They Claim that they need to send it via Syslog, the problem is i dont get the syslog, besides that it means i will need to write a lot of Parsing REGEX rules.....
It would be very kind of you, if you could provide for me a screenshot of the configurations on the Kaspersky side, then i will be able to get them configure it properlly.