Hardware and software requirements

This section lists the system requirements of Kaspersky CyberTrace.

Supported operating systems

Kaspersky CyberTrace can run on the following operating systems:

Dependencies for Linux

In Linux, Kaspersky CyberTrace has the following dependencies:

Software requirements for integrations with SIEM solutions

When integrating with SIEM solutions, Kaspersky CyberTrace has the following software requirements.

Software requirements for integrations with SIEM solutions

SIEM solution

Software requirements

Splunk

Splunk Enterprise 8.0.0 and later

The older versions are supported in Kaspersky CyberTrace 3.1.

ArcSight ESM

ArcSight ESM 6.8 to 7.0

ArcSight SmartConnector

ArcSight Forwarding Connector

QRadar

IBM® QRadar® v7.2.5 or later

RSA NetWitness

RSA NetWitness® 10.5, 10.6, or 11.2

LogRhythm

LogRhythm® 7.1.7 or later

AlienVault OSSIM

AlienVault OSSIM 5.7.5

For more information, see https://support.kaspersky.com/15161.

USM Anywhere

USM Anywhere 5.7.5

For more information, see https://support.kaspersky.com/15161.

FortiSIEM

FortiSIEM 5.2 or later

For more information, see https://support.kaspersky.com/15474.

Apache Kafka

Apache Kafka 2.4.0 or later

Python 2.7 or 3

This integration requires a special plug-in. For more information, contact your Technical Account Manager (TAM).

ArcSight Event Broker

ArcSight Event Broker 2.2

Python 2.7 or 3

This integration requires a special plug-in. For more information, contact your Technical Account Manager (TAM).

Elastic Stack (Elasticsearch, Logstash, and Kibana)

Logstash 7.2 or later

Java 8 or 11

This integration requires Kaspersky CyberTrace Plug-in for Logstash, which you can download for free. For more information, see https://support.kaspersky.com/15474.

McAfee ESM

McAfee ESM 9.6 to 11

For more information, contact your Technical Account Manager (TAM).

Kaspersky Unified Monitoring and Analysis Platform (KUMA)

KUMA 1.0 and later

Integrations with other SIEM solutions are available. For more information, see https://support.kaspersky.com/datafeeds.

Supported browsers

Kaspersky CyberTrace Web can be used by using the following web browsers:

CPU requirements

Kaspersky CyberTrace has the following CPU requirements:

It is recommended to use Kaspersky CyberTrace on high-end servers.

RAM and hard drive space requirements

System requirements depend on your use case and the feeds that you use. For more detail about the system requirements, contact your Technical Account Manager (TAM).

The actual amount of hard drive space for each feed depends on the size of the original feed file. This size changes when feeds are updated. Over time, the size of the feed files may change significantly, which can change the required amount of hard drive and memory space.

By default, Kaspersky CyberTrace Web shows you a notification when the hard drive that Kaspersky CyberTrace is installed on is 90 percent full. The text of the notification is specified in the KL_ALERT_FreeSpaceEnds event. You can change this behavior by modifying the following settings in elasticsearch.yml:

The RAM and hard drive space requirements listed in the two tables below apply only to Kaspersky Threat Data Feeds. Using third-party feeds requires additional disk and memory resources.

The table below lists the RAM and hard-disk space requirements for using only demo feeds and for using all commercial feeds on Linux-based systems.

Hardware requirements for using different feeds on Linux

Feeds used

HDD

RAM

All demo feeds

600 MB

2 GB

All commercial feeds

4 GB

16 GB

The table below lists the RAM and hard drive space requirements for using only demo feeds and for using all commercial feeds on Windows-based systems.

Hardware requirements for using different feeds on Windows

Feeds used

HDD

RAM

All demo feeds

500 MB

2 GB

All commercial feeds

6 GB

16 GB

You can reduce hard drive space requirements if you disable the saving of detection events. For more information, see the "Detections storage settings" section.

Network requirements

The computer on which Feed Utility runs must have access to the website https://wlinfo.kaspersky.com/.

The computer on which Kaspersky CyberTrace runs must have access to the computer with the SIEM solution.

The computers of users who want to gain access to Kaspersky CyberTrace Web must have access to the address and port that Kaspersky CyberTrace uses for the web UI.

Page top