Post-installation configuration (Initial Setup Wizard)

This section explains how to configure Kaspersky CyberTrace by using the Initial Setup Wizard.

The Initial Setup Wizard is a sequence of web interface pages where you configure Kaspersky CyberTrace after it is installed. Once the wizard is completed, other pages of the web interface become available.

The wizard has the following pages:

• SIEM selection

  On this page, you must select your SIEM. The choice of a SIEM solution at this step affects the format of the Kaspersky CyberTrace configuration files, since these files are customized for integration with a particular SIEM solution.

  For the full list of supported SIEMs, see subsection "Supported SIEM solutions" of the "Tenants settings" section.

• Connection settings

  On this page, you must specify connection parameters for your SIEM.

• Proxy server configuration

  On this page, you can specify proxy settings. This step is optional.

• Licensing configuration

  On this page, you can specify paths to the license key file and the certificate file. This step is optional.

• Feeds selection

  On this page, you must specify the required feeds.

Navigating to the Initial Setup Wizard

To navigate to the Initial Setup Wizard:

1. Open Kaspersky CyberTrace Web in your browser at https://127.0.0.1.
2. Log in to Kaspersky CyberTrace Web by using the default credentials.

Selecting a SIEM

To select your SIEM:

1. Choose a SIEM.

   The default parameters for this SIEM will be displayed on the page.

2. Click Next to proceed to the next page.

Configuring connection parameters

To specify connection parameters for your SIEM:

1. Specify the connection parameters that Kaspersky CyberTrace will use for incoming events:
   • Select what type of connection you want to use.
   • In the IP address and Port fields, specify an IP address and port.
   • In the UNIX socket field, specify a UNIX socket.
2. Specify an IP address and port that Kaspersky CyberTrace will use for outgoing events.
3. Specify an IP address or hostname to be used in Kaspersky CyberTrace events as the external address of the web interface.
4. Click Next to proceed to the next page.

You can use IPv6 addresses to receive incoming events and send outgoing events, as well as for the web interface.

Configuring a proxy server

To specify proxy server parameters:

1. Select Use proxy server.
2. In the IP address or hostname field, specify a proxy server IP address or host.
3. In the Proxy port field, specify a proxy server port.
4. If needed, select Use proxy credentials.
5. If you choose to use proxy credentials, specify the following:
   • In the User name field, specify a user name to access the proxy server
   • In the Password field, specify a password to access the proxy server
6. Click Next to proceed to the next page.

You can use an IPv6 address for a proxy server.

Configuring licensing

To import the license key and the certificate:

1. In the Kaspersky CyberTrace license key field, specify a path to the license key file.

   This field is optional.

2. In the Kaspersky Threat Data Feeds certificate field, specify a path to the certificate file.

   This field is optional.

3. Click Next to proceed to the next page.

Selecting feeds

To specify the required feeds:

1. Select the feeds that you want to use.
2. Click Next.

When the initial setup is complete, you will be asked to refer to the Kaspersky CyberTrace documentation. The displayed links are intended to be used for the following actions:

• Integrate Kaspersky CyberTrace with your SIEM solution
• Configure additional tenants
• Explore the Administrator guides section

To finish the initial setup wizard, click Close.

Page top