I've made a quick lab on the integration between the Kaspersky security solution and the Extreme Networks solution using the Distributed IPS connect module present on the EMC server.
I share with you my lab results and settings.
For my lab environment I've used:
Extreme Management Center (EMC) version 184.108.40.206
ExtremeControl version 220.127.116.11
Kaspersky Security Center (KSC) version 10.4.343
Kaspersky Endpoint Security (KES) 10 SP2 for Windows version 10.3.0.6294
First of all we need to configure our Kaspersky Security Center in manner to export via syslog the relevant security events to EMC server.
To do this, in the Events section of KSC we need to configure the export events section, as the following
(Thanks to Leo Lam of Extreme Networks for his help on the regular expressions)
we can manage in the proper way these events too
In similar manner is possible to manage every type of events of other software of the Kaspersky Security solution, and react with EMC to these.