Device Integration: K7 EDR/Antivirus

Table of Contents

• Overview
• Prerequisites
• Configuration Steps in K7 Antivirus
• Verification (MSSP Only)
  • On ADR CCE (CLI)
  • On ADR SIEM UI

Overview

This guide explains how to integrate K7 Antivirus with ADR SIEM (aiSIEM/aiXDR). Logs from K7 Antivirus endpoints or servers are forwarded via Syslog to the CCE (Collection and Control Engine), which then sends them to the APE (Analytics and Policy Engine) for centralized visibility, malware detection, and proactive threat management.

Prerequisites

Before configuring integration, ensure:

• Administrative access to the K7 Security Management Console (or K7 endpoint if configured individually).

• Administrative access to the ADR SIEM UI.

• ADR CCE server IP address.

• Firewall rules allow UDP 514 (Syslog) from K7 Antivirus to the CCE.

Configuration Steps in K7 Antivirus

1. Log in to the K7 Security Management Console.

2. Navigate to: Settings → Log Forwarding / Syslog Settings.
   (Path may vary depending on K7 version.)

3. Enable Syslog Forwarding.

4. Enter the following details:

   • Syslog Server (CCE IP) → e.g., 10.10.10.5

   • Port → 514

   • Protocol → UDP

   • Format → CEF or default Syslog format

5. Save and apply the configuration.

Verification (MSSP Only)

On ADR CCE (CLI)

Run:

sudo tcpdump -i any port 514 and host <K7_Server_IP> -AAA

• Confirms Syslog packets are being received from the K7 Antivirus server.

On ADR SIEM UI

1. Log in to ADR SIEM UI with admin rights.
2. Navigate to: System → Logs and Flows Collection Status.
3. Check if the K7 Antivirus server IP appears under Source Device IP.