This section describes how to finish the integration of Kaspersky CyberTrace with RSA NetWitness after the upgrade of the Kaspersky CyberTrace files.
When upgrading the integration of Kaspersky CyberTrace with RSA NetWitness to the latest version, import the cybertrace.ini
and v20_cybertracemsg.xml
files from the %service_dir%/integration/rsa/cybertrace
directory to Log Decoder. After the import, restart Log Decoder.
If you update the v20_cybertracemsg.xml
file, make sure that the actionable fields are specified for all feeds in use. For the full list of such fields, see section "Step 2. Sending events from Feed Service to RSA NetWitness".