You can create notifications about incoming Kaspersky CyberTrace service events by configuring alert rules.
To create notifications about service events from Kaspersky CyberTrace in ArcSight ESM:
The Rules tree view
You can specify any name.
Device Product = Kaspersky CyberTrace for ArcSight
Reason = %ServiceEventCode%
Where %ServiceEventCode%
is a code of a service event that is used for generating notifications.
Event conditions
This setting must contain the action that will be performed when a service event that is specified on the Conditions tab is received. For example, Send Notification.
Adding actions