To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | kaspersky |
| product | endpoint_security |
| format | text-plain | cef | leef |
Note that the device can be configured to send plain syslog text, LEEF, or CEF-formatted output.
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | index |
|---|---|
| kaspersky:cef | epav |
| kaspersky:es | epav |
| kaspersky:gnrl | epav |
| kaspersky:klau | epav |
| kaspersky:klbl | epav |
| kaspersky:klmo | epav |
| kaspersky:klna | epav |
| kaspersky:klpr | epav |
| kaspersky:klsr | epav |
| kaspersky:leef | epav |
| kaspersky:sysl | epav |