This section lists the system requirements of Kaspersky CyberTrace.
Supported operating systems
Kaspersky CyberTrace can run on the following operating systems:
The Linux distribution must include systemd.
Dependencies for Linux
In Linux, Kaspersky CyberTrace has the following dependencies:
more
utility must be installed.Software requirements for integrations with SIEM solutions
When integrating with SIEM solutions, Kaspersky CyberTrace has the following software requirements.
Software requirements for integrations with SIEM solutions
SIEM solution |
Software requirements |
Splunk |
Splunk Enterprise 8.0.0 and later The older versions are supported in Kaspersky CyberTrace 3.1. |
ArcSight ESM |
ArcSight ESM 6.8 to 7.0 ArcSight SmartConnector ArcSight Forwarding Connector |
QRadar |
IBM® QRadar® v7.2.5 or later |
RSA NetWitness |
RSA NetWitness® 10.5, 10.6, or 11.2 |
LogRhythm |
LogRhythm® 7.1.7 or later |
AlienVault OSSIM |
AlienVault OSSIM 5.7.5 For more information, see https://support.kaspersky.com/15161. |
USM Anywhere |
USM Anywhere 5.7.5 For more information, see https://support.kaspersky.com/15161. |
FortiSIEM |
FortiSIEM 5.2 or later For more information, see https://support.kaspersky.com/15474. |
Apache Kafka |
Apache Kafka 2.4.0 or later Python 2.7 or 3 This integration requires a special plug-in. For more information, contact your Technical Account Manager (TAM). |
ArcSight Event Broker |
ArcSight Event Broker 2.2 Python 2.7 or 3 This integration requires a special plug-in. For more information, contact your Technical Account Manager (TAM). |
Elastic Stack (Elasticsearch, Logstash, and Kibana) |
Logstash 7.2 or later Java 8 or 11 This integration requires Kaspersky CyberTrace Plug-in for Logstash, which you can download for free. For more information, see https://support.kaspersky.com/15474. |
McAfee ESM |
McAfee ESM 9.6 to 11 For more information, contact your Technical Account Manager (TAM). |
Kaspersky Unified Monitoring and Analysis Platform (KUMA) |
KUMA 1.0 and later |
Integrations with other SIEM solutions are available. For more information, see https://support.kaspersky.com/datafeeds.
Supported browsers
Kaspersky CyberTrace Web can be used by using the following web browsers:
CPU requirements
Kaspersky CyberTrace has the following CPU requirements:
It is recommended to use Kaspersky CyberTrace on high-end servers.
RAM and hard drive space requirements
System requirements depend on your use case and the feeds that you use. For more detail about the system requirements, contact your Technical Account Manager (TAM).
The actual amount of hard drive space for each feed depends on the size of the original feed file. This size changes when feeds are updated. Over time, the size of the feed files may change significantly, which can change the required amount of hard drive and memory space.
By default, Kaspersky CyberTrace Web shows you a notification when the hard drive that Kaspersky CyberTrace is installed on is 90 percent full. The text of the notification is specified in the KL_ALERT_FreeSpaceEnds
event. You can change this behavior by modifying the following settings in elasticsearch.yml:
cluster.routing.allocation.disk.watermark.high
—Specifies the amount of the used hard drive space (in percents) that triggers the notification. The default value is 90 percent.cluster.routing.allocation.disk.watermark.flood_stage
—Specifies the amount of the hard drive space (in percents) that can be used before the disk is considered to be full. %FreeSpace%
in text of the KL_ALERT_FreeSpaceEnds
event is calculated relative to this value. The default value is 95 percent.The RAM and hard drive space requirements listed in the two tables below apply only to Kaspersky Threat Data Feeds. Using third-party feeds requires additional disk and memory resources.
The table below lists the RAM and hard-disk space requirements for using only demo feeds and for using all commercial feeds on Linux-based systems.
Hardware requirements for using different feeds on Linux
Feeds used |
HDD |
RAM |
All demo feeds |
600 MB |
2 GB |
All commercial feeds |
4 GB |
16 GB |
The table below lists the RAM and hard drive space requirements for using only demo feeds and for using all commercial feeds on Windows-based systems.
Hardware requirements for using different feeds on Windows
Feeds used |
HDD |
RAM |
All demo feeds |
500 MB |
2 GB |
All commercial feeds |
6 GB |
16 GB |
You can reduce hard drive space requirements if you disable the saving of detection events. For more information, see the "Detections storage settings" section.
Network requirements
The computer on which Feed Utility runs must have access to the website https://wlinfo.kaspersky.com/.
The computer on which Kaspersky CyberTrace runs must have access to the computer with the SIEM solution.
The computers of users who want to gain access to Kaspersky CyberTrace Web must have access to the address and port that Kaspersky CyberTrace uses for the web UI.
Page top