Step 9 (optional). Creating alerts about incoming Kaspersky CyberTrace service events

You can create notifications about incoming Kaspersky CyberTrace service events by configuring alert rules.

To create notifications about service events from Kaspersky CyberTrace in LogRhythm:

1. Run LogRhythm Console.
2. Select Deployment Manager > Alarm Rules and click New.
3. In the Create Global Rule confirmation window, click Yes if you want to give access to manage this rule for all users with the Global Admin role. Click No, if you want to manage this rule only by yourself.
4. Perform the following actions for each tab at the bottom of the page:
   • On the Primary Criteria tab, do the following:
     1. Click New, and select the Common Event value in the Add New Field Filter drop-down list.

        

        

     2. Click Edit values.

        The Field Filter Values window opens.

     3. In the Field Filter Values window, click Add Item.
     4. Select the name of the Kaspersky CyberTrace service event from the list. If such events are absent, add them as described in the "Adding Kaspersky CyberTrace events" section.

        

     5. Click OK.
   • Leave the Include Filters, Exclude Filters and Day and Time Criteria tabs unchanged.
   • On the Log Source Criteria tab, check Include the Selected Log Sources and then click Add.

   

   The Alarm Rule window

   • Select a source that corresponds to Kaspersky CyberTrace and click OK. For information on how to add Kaspersky CyberTrace event source, see section "Adding a log source to System Monitor Agent".

   

   The Log Source Criteria Add window

   • Leave the Aggregation tab unchanged.
   • In the Settings tab, specify a period of time during which identical alerts that are associated with the occurrence of any new service events from Kaspersky CyberTrace have to be suppressed.

   

   Alert suppression settings

   • On the Notify tab, select a role or user you want to address notifications.

   

   Choosing the roles to notify

   • Leave the Actions tab unchanged.
   • On the Information tab, specify the name of the rule and its description.

   

   Alarm Rule Name/Brief Description

5. Click OK.
6. On the Alarm Rules tab, right-click the new rule and select Actions > Enable.

   

   Enabling a rule

7. Configure display of the alerts in the LogRhythm web console as described in section "Step 10 (optional). Displaying alert events in LogRhythm".

Page top