How to download the SIEM connector for Elastic Stack (Elasticsearch, Logstash, and Kibana)

 

Kaspersky Threat Data Feeds

 
 
 
 

How to download the SIEM connector for Elastic Stack (Elasticsearch, Logstash, and Kibana)

Back to article list
Latest update: April 22, 2020 ID: 15474
 
 
 
 

Kaspersky CyberTrace Plugin for LogStash is an application that allows to use Kaspersky CyberTrace with Elastic Stack (Elasticsearch, Logstash, and Kibana). The Plugin helps to integrate Kaspersky CyberTrace and ELK to enrich LogStash events with Threat Intelligence (Kaspersky Data Feeds, OSINT or 3rd-party) loaded into CyberTrace. 

The Plugin is a file in GEM format that can be installed in Logstash. The Plugin works as follows:

  • Sends an indicator from Logstash events to a CyberTrace instance for matching against Data Feeds.
  • If a checked indicator matches a record in a feed loaded by CyberTrace, the Plugin enriches an original event with context from feeds.

To integrate Kaspersky Data Feeds with Elasticsearch, Logstash, and Kibana (ELK) you need to:

  • Download and install Kaspersky CyberTrace for LogScanner. For instructions, see this article.
  • Download, install and configure Kaspersky CyberTrace plugin for Logstash.
    You can find more details in the documentation.

Download distribution kit (includes documentation): Kaspersky_CyberTrace_Plugin_for_Logstash_v1.0.0.zip.

 
 
 
 
Was this information helpful?
Yes No
Thank you
 
 
 

 
 

How can we improve this article?

Your feedback will be used for content improvement purposes only. If you need assistance, please contact technical support.

Submit Submit

Thank you for your feedback!

Your suggestions will help improve this article.

OK