Configuring the CEF Connector
Kaspersky MLAD uses the CEF Connector to receive data from external sources of events (Industrial Internet of Things, network devices and applications) and to return messages regarding incident registration.
To receive events from external sources using the CEF Connector, configure the Event Processor service.
Before configuring the CEF Connector settings in the Kaspersky MLAD web interface, the IP address and port number to be used for connecting to the external event source for receiving events must be specified in the .env file.
Configuration of the CEF Connector is performed by a Kaspersky employee or certified integrator.
To configure the CEF Connector:
- In the administrator menu, select System parameters → CEF Connector.
A list of options appears on the right.
- If necessary, move the Receive events for the Event Processor service toggle button to enable use of the CEF Connector for receiving events from an external system.
- To send messages about the incidents registered by the Anomaly Detector service to an external system, enable the Send registered incidents to SIEM system option.
- To send messages about the events registered by the Event Processor service to an external system, enable the Send registered events to SIEM system option.
- In the IP address for sending events and incidents to SIEM system field, specify the IP address for connecting to the external system and forwarding events processed by the Event Processor service and incidents registered by the Anomaly Detector service.
- In the Port for sending events and incidents to SIEM system field, specify the port number for connecting to the external system and forwarding events processed by the Event Processor service and incidents registered by the Anomaly Detector service.
- Click the Save button.
Kaspersky MLAD receives data from external sources of events (Industrial Internet of Things, network devices, and applications) and returns messages about the registration of events and incidents.