Indicators lookup

Indicators lookup

The Indicators lookup tab allows you to do the following actions:

To perform a lookup by a single indicator.The following formats can be used:
- %INDICATOR%, if Kaspersky CyberTrace uses general regular expressions (regular expressions that are not associated with binding to a specific field).
- %FIELDNAME%=%INDICATOR%, if Kaspersky CyberTrace uses regular expressions that expect the %INDICATOR% value to be specified in the %FIELDNAME% field.

Indicator lookup

Lookup by a single indicator

To configure a lookup by indicator. These settings will be applied to any indicator that is involved in the lookup process only if you perform a lookup by some indicator. These settings are also used for performing the Self-test in the Kaspersky CyberTrace Status tab. The settings will be placed in the Splunk storage.
In this section, you can specify the IP address and port of Kaspersky CyberTrace.

Connection settings

Kaspersky CyberTrace connection settings

To browse detailed information about the indicator.
You can learn more about the indicator that you need by clicking the lookup result. The link redirects you to the Kaspersky Threat Intelligence Portal page that contains information about the object.