Kaspersky event logs
I want to ask some questions if anyone who has collected and done some use cases with Kaspersky event logs before.
- Do we have to change any configuration in Kaspersky Management Interface?
- Althought information such as client hostname is visible in Kaspersky event logs, when events come into ESM, it (client hostname) does not appear in any field.
- Could you share some use cases for Kaspersky? I have created some, but they do not run because of valualess resource data.
I'm experiencing exactly the same problem with Kaspersky event logs. Information is available in Kaspersky Management, but events in ArcSight are incomplete (Device Address is always 0.0.0.0, Device Hostname is completely missing etc.).
Did you already find a solution for the problem?