Enabling differential feeds
April 11, 2024
ID 214353
Kaspersky CyberTrace supports using differential versions of Kaspersky Threat Data Feeds. For more information about differential feeds and how they are downloaded, see subsection "Downloading differential feeds" of the "Working with feeds" section.
Differential versions are similar to regular feeds, but have different IDs. These IDs are stored in additional configuration files included in the distribution kit and are located in the following directories:
Location of additional configuration files
Configuration file | Location (Linux) | Location (Windows) |
---|---|---|
|
|
|
|
|
|
To enable downloading of differential feeds after installation, perform the following steps immediately after you install Kaspersky CyberTrace:
- Stop Kaspersky CyberTrace Service.
- Rename the
kl_feed_util.conf
file (for example, tokl_feed_util.conf.0
). - Rename the
kl_feed_info.conf
file (for example, tokl_feed_info.conf.0
). - Rename
kl_feed_util_diff.conf
tokl_feed_util.conf
. - Specify
accepted
in theSettings > EULA
section ofkl_feed_util.conf
. - Rename
kl_feed_info_diff.conf
tokl_feed_info.conf
. - Start Kaspersky CyberTrace Service.
- Perform the post-installation configuration.
To enable downloading of differential feeds after an update, perform the following steps immediately after you update Kaspersky CyberTrace:
- Stop Kaspersky CyberTrace Service.
- Make a copy of the
kl_feed_util.conf
file, and then rename the copy (for example, tokl_feed_util.conf.0
). - In the
Settings > Feeds > Feed
element of thekl_feed_util.conf
file, change the old Feed IDs to the new ones according to the table below. - Make a copy of the
kl_feed_info.conf
file, and then rename the copy (for example, tokl_feed_info.conf.0
). - In the
kl_feed_info.conf
file, change the old Feed IDs to the new ones according to the table below. - Start Kaspersky CyberTrace Service.
Feed IDs
Feed
Old ID (no diff)
New ID
Botnet C&C URL
65
152
Phishing URL
59
153
Malicious URL
64
154