Integration with LogRhythm

This chapter describes how to integrate Kaspersky CyberTrace with LogRhythm.

The actions described in these sections must be performed in LogRhythm Console under a user account that has administrator privileges.

To integrate LogRhythm with Kaspersky CyberTrace:

1. Add the Kaspersky CyberTrace log source type to LogRhythm.
2. Import files with Kaspersky CyberTrace rules.
3. Optionally, add Kaspersky CyberTrace events to LogRhythm.
4. Optionally, add Kaspersky CyberTrace rules to LogRhythm.
5. Add a Kaspersky CyberTrace policy to LogRhythm.
6. Accept the Kaspersky CyberTrace log source in LogRhythm.
7. Configure LogRhythm to forward logs to Kaspersky CyberTrace.
8. Optionally, perform the verification test.
9. Optionally, create alerts about incoming Kaspersky CyberTrace service events.
10. Optionally, configure LogRhythm to display alert events.

In this section Step 1. Adding a Custom Log Source type Step 2. Importing Kaspersky CyberTrace rules and events Step 3 (optional). Adding Kaspersky CyberTrace events Step 4 (optional). Adding Kaspersky CyberTrace rules Step 5. Adding Kaspersky CyberTrace policy Step 6. Adding a log source to System Monitor Agent Step 7. Configuring log forwarding to Kaspersky CyberTrace Step 8 (optional). Performing the verification test Step 9 (optional). Creating alerts about incoming Kaspersky CyberTrace service events Step 10 (optional). Displaying alert events in LogRhythm

Page top