Kaspersky Security Center

The Kaspersky Security Center connector allows you to retrieve protection and security data for endpoints managed by your Kaspersky infrastructure directly into OverSOC.

Objective

The Kaspersky Security Center connector retrieves the following information:

• Inventory of endpoints managed by Kaspersky Security Center
• Status of antivirus and security engine protections
• Security alerts, threats, and incidents detected

Prerequisites

• Administrator access to Kaspersky Security Center
• Sufficient permissions to access endpoint data
• Network connectivity to the Kaspersky Security Center server

Information to Provide in OverSOC

Procedure

Identify Connection Parameters

1. Access the Kaspersky Security Center console.
2. Note the Server URL or IP address (e.g., 192.168.1.50 or kaspersky.example.com).
3. Verify the API port is 13299 (default).

Create a Service Account

1. Sign in to Kaspersky Security Center with an administrator account.
2. Go to Users & Roles > Users > Add.
3. Create a new service account named "OverSOC".
4. Assign the following roles:
   • Administrator Server scope (for server access)
   • Managed Devices scope (for endpoint data access)
5. Note the username and password.

Configure the Connector in OverSOC

1. In OverSOC, go to Data Sources Settings > Sources.
2. Select Kaspersky Security Center and click Configure.
3. Fill in the required fields:
   • Server URL (IP address or FQDN)
   • Username
   • Password
   • Port (default 13299)
4. Click Save Configuration.

For detailed API documentation, see Kaspersky Security Center API Reference.

Required Permissions

The user account must have the following permissions:

• Read access to endpoint inventory (Device List)
• Read access to protection status
• Read access to security alerts and incidents
• Read access to security reports