Accenture MDR Quick Start Guide for Kaspersky™ Security Center

Owned by KM (Unlicensed)
Last updated: May 02, 2021
3 min read

This quick start guide will help Accenture MDR customers configure Kaspersky™ Security Center to allow log collection from the Log Collection Platform (LCP).

 

The document includes the following topics:

Supported Versions

A list of supported versions is available in the Accenture MDR Supported Products List document (Accenture_MDR_Supported_Products_List.xlsx) which can be found in

Accenture MDR Portal - https://mss.accenture.com/PortalNextGen/Reports/Documents

Port Requirements

Table 1-1: Port requirements for LCP communication.

Source 

Destination

Port

Description

LCP

Kaspersky Database

1433 (TCP)

Default database port

Configuring Kaspersky Security Center

To configure Kaspersky Security with Microsoft SQL database for the LCP to collect logs, follow the steps below.

Based on Kaspersky DB architecture, you can configure the DB with:

 

Creating a database user account for Microsoft SQL

To create a database user account as an Admin user:

  1. Open Microsoft SQL Server Management Studio and connect to the Microsoft SQL Server 2008 R2 machine containing the database as an admin user.

  2. In the Object Explorer that appears on the left-hand pane of SQL Server Management Studio, right-click Security and go to New > Login.

  3. In the Login – New window, do the following in the same sequence:

  • Select the General page.

  • Type a login name for the new user.

  • Select SQL Server authentication, create a password for the user and confirm the password.

  • Uncheck the User must change password at next login check box.

  • Under Default database, select the database to be read by the user.

  • Select the Server Roles page.

  • Under Server roles, select public.

  • Select the User Mapping page.

  • Under Users mapped to this login, make sure that the database to be read is selected.

  • Under Database role membership for <database_name>, select the following:

a. public

b. db_datareader

  • Click OK.

Connecting to MS-SQL server as a non-admin user

  1. Open Microsoft SQL Server Management Studio.

  2. In the Object Explorer that appears on the left-hand pane of SQL Server Management Studio, click the Connect icon.

  3. In the Login window, do the following:

    1. Select Server Type as Database Engine.

    2. Enter the Server Name as selected during installation.

    3. Select the Authentication Type as SQL Server Authentication.

    4. Enter the login name and password, and click Connect.

 Note: After you are connected, you can run queries, as required, to view the logs.

 

Creating a database user account for MySQL

You must create a database user account for MySQL to view logs in the MySQL database.

  1. Open MySQL program.

  2. Enter the username and password and click Connect to connect to the server as a root user.

  3. After connecting to the server as a root user, create a new read-only user with the required privileges by executing the following commands:

CREATE USER '<username>'@'<hostname>' IDENTIFIED BY '<password>';

GRANT SELECT on <database_name>.* to 'read-only_user_name'@'hostname ' IDENTIFIED BY 'password';

 Note: In the command line, you must replace username, hostname, database name, read-only user name, and password with actual values.

4. After you have finalized the permissions that you want to set up for new users, always be sure to reload all the privileges by executing the following command:

a. FLUSH PRIVILEGES;

5. Type quit to exit SQL shell.

LCP Configuration Parameters

Table 1-2: The Kaspersky Security Center event collector(DB-3730) properties to be configured by MDR are shown in the table.

Property

Default Value

Description

Database URL

For MS SQL:

jtds:jdbc:sqlserver://<hostname>:1433;

DatabaseName=<databasename>

jtds:jdbc:sqlserver://<hostname>

\instance_name=<instancename>:1433;DatabaseName=<dbname>

For MySQL:

jdbc:mysql://<IPaddress>:3306/

<databasename>

The database URL string that needs to be configured on the collector by MDR.

Hostname - Hostname or IP address of the database. 

Databasename - The name of the database in which the Kaspersky Security Center events are stored.

Instancename - The name of the instance within the specified database.

1433 (TCP port) - The default port number for DB connectivity.

Note: If the database is configured to use a different port number, please advise the MDR onboarding team. 

User Name

Custom Value

The username for the database account mentioned in the Pre-Installation Questionnaire (PIQ).

Password 

Custom Value

The password for the database account mentioned in the PIQ.

 

Legal Notice

Copyright © 2021 Accenture. All rights reserved.

Accenture, the Accenture Logo, and DeepSight Intelligence are trademarks or registered trademarks of Accenture in the U.S. and other countries. Other names may be trademarks of their respective owners.

The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Accenture and its licensors, if any.

THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. ACCENTURE SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, et seq. "Commercial Computer Software and Commercial Computer Software Documentation," as applicable, and any successor regulations, whether delivered by Accenture as on premises or hosted services. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement.