AhnLab V3 Endpoint Integration
Overview
This integration collects malware detection, behavioral analysis, quarantine events, and agent status logs from AhnLab V3 Endpoint Security and AhnLab EPP via the AhnLab Policy Center.
Supported products: AhnLab V3 Endpoint Security, AhnLab EPP, AhnLab EDR
Prerequisites
- A KYRA MDR Collector installed and running (Installation Guide)
- AhnLab Policy Center (EPP Center) with admin access
- Network connectivity from the Policy Center to the collector on port 514
Note: Individual V3 clients cannot send syslog directly. The Policy Center aggregates logs from all endpoints and forwards them.
Configuration
Syslog Setup via Policy Center
- Log in to the AhnLab Policy Center (EPP Center)
- Navigate to 외부연동 > Syslog 서버 설정
- Add the KYRA Collector as a syslog destination:
| Setting | Value |
|---|---|
| Server IP | Your KYRA Collector IP |
| Port | 514 |
| Protocol | TCP (recommended) |
- Select the event types to forward (malware, behavioral, quarantine, agent status)
- Apply the configuration
Sample Log Format
<14>date=20260320 time=103000 product=V3ES hostname=DESKTOP-ABC event=malware_detected name=Trojan/Win.Generic action=quarantineCollected Log Types
| Log Type | Security Use | Priority |
|---|---|---|
| Malware detection | Virus/trojan/ransomware identification | Critical |
| Behavioral detection | Suspicious process behavior analysis | High |
| Quarantine events | Incident response tracking | High |
| Real-time scan | Endpoint protection status | Medium |
| Network protection | Network-level threat blocking | Medium |
| Exploit prevention | Exploit attempt detection | High |
| Agent status | Endpoint health monitoring | Medium |
| Engine/pattern updates | Signature freshness tracking | Low |
Troubleshooting
No Logs Received
- Verify the Policy Center syslog settings point to the correct collector IP
- Ensure port 514 is open between the Policy Center and the collector
- Confirm that V3 agents are reporting to the Policy Center
Missing Endpoint Events
- Check that the target endpoints have active V3 agents connected to the Policy Center
- Verify the selected event types include all desired categories
For additional help, contact kyra@seekerslab.com.