Step 5. Adding Kaspersky CyberTrace policy
This section describes how you can add a Kaspersky CyberTrace policy to LogRhythm.
To add a Kaspersky CyberTrace policy to LogRhythm:
- Run LogRhythm Console.
- Select Deployment Manager > Log Processing Policies.
- Click the New button (
).The Log Source Type Selector window opens.
Log Source Type Selector window
- In the Log Source Type list, select Kaspersky CyberTrace.
- Click OK.
- In the MPE Policy Editor window that opens, in the Name field, type the policy name (
CyberTrace Policy).
MPE Policy Editor window
- On the Rules tab, edit the properties of the Kaspersky CyberTrace events:
- Select all the check boxes for every event.
- Right-click in the table and select Properties.
The MPE Policy Rule Editor window opens.
MPE Policy Rule Editor window
- In the MPE Policy Rule Editor window, select the Enabled check box but make no changes to the other check boxes.
- Click OK.