Performing the verification test (other SIEM and non-SIEM solutions)

The Kaspersky CyberTrace distribution kit contains text files in the verification directory. You can use these files for testing whether Kaspersky CyberTrace is integrated correctly with the event target software.

To check the integration of Kaspersky CyberTrace with the event target software:

  1. Send the kl_verification_test_cef.txt file from the verification directory to Feed Service by using Log Scanner.

    In Linux:

    ./log_scanner -p ../verification/kl_verification_test_cef.txt

    In Windows:

    log_scanner.exe -p ..\verification\kl_verification_test_cef.txt

    Feed Service will check the data that is contained in the input file.

    If you specify the -r flag in this command, the test results are written to the Log Scanner report file. If you do not specify the -r flag, the test results are sent to the event target software by using the parameters for outbound events specified in the Service settings of Kaspersky CyberTrace.

  2. Make sure that the event target software has received events according to the table below.

Verification test results

The verification test results depends on the feeds you use. The following table summarizes target numbers for the verification test when all commercial feeds are used.

Verification test results (commercial feeds)

Feed used

eventName value

Detected objects

Malicious URL Data Feed

KL_Malicious_URL

http://fakess123.nu

http://badb86360457963b90faac9ae17578ed.com

Phishing URL Data Feed

KL_Phishing_URL

http://fakess123ap.nu

http://e77716a952f640b42e4371759a661663.com

Botnet CnC URL Data Feed

KL_BotnetCnC_URL

http://fakess123bn.nu

http://a7396d61caffe18a4cffbb3b428c9b60.com

IP Reputation Data Feed

KL_IP_Reputation

192.0.2.0

192.0.2.3

Malicious Hash Data Feed

KL_Malicious_Hash_MD5

FEAF2058298C1E174C2B79AFFC7CF4DF

44D88612FEA8A8F36DE82E1278ABB02F

C912705B4BBB14EC7E78FA8B370532C9

Mobile Malicious Hash Data Feed

KL_Mobile_Malicious_Hash_MD5

60300A92E1D0A55C7FDD360EE40A9DC1

Mobile Botnet CnC URL Data Feed

KL_Mobile_BotnetCnC_Hash_MD5

001F6251169E6916C455495050A3FB8D

Mobile Botnet CnC URL Data Feed

KL_Mobile_BotnetCnC_URL

http://sdfed7233dsfg93acvbhl.su/steallallsms.php

Ransomware URL Data Feed

KL_Ransomware_URL

http://fakess123r.nu

http://fa7830b4811fbef1b187913665e6733c.com

APT URL Data Feed

KL_APT_URL

http://b046f5b25458638f6705d53539c79f62.com

APT Hash Data Feed

KL_APT_Hash_MD5

7A2E65A0F70EE0615EC0CA34240CF082

APT IP Data Feed

KL_APT_IP

192.0.2.4

IoT URL Data Feed

KL_IoT_URL

http://e593461621ee0f9134c632d00bf108fd.com/.i

ICS Hash Data Feed

KL_ICS_Hash_MD5

7A8F30B40C6564EFF95E678F7C43346C

The following table summarizes target numbers for the verification test when only demo feeds are used.

Verification test results (demo feeds)

Feed used

eventName value

Detected objects

DEMO Botnet_CnC_URL_Data_Feed

KL_BotnetCnC_URL

http://5a015004f9fc05290d87e86d69c4b237.com

http://fakess123bn.nu

DEMO IP_Reputation_Data_Feed

KL_IP_Reputation

192.0.2.1

192.0.2.3

DEMO Malicious_Hash_Data_Feed

KL_Malicious_Hash_MD5

776735A8CA96DB15B422879DA599F474

FEAF2058298C1E174C2B79AFFC7CF4DF

44D88612FEA8A8F36DE82E1278ABB02F

Page top