Defines settings for the Feed Service process.
Path
ServiceSettings
Attributes
This element has no attributes.
Nested elements
This element is a container for the following nested elements:
Specifies the path to the directory that contains feeds from Kaspersky. If a relative path is set, it is calculated relative to the directory that contains the service binary file.
The Bases element is mandatory.
Specifies the path to the directory that contains backup version of feeds from Kaspersky. If a relative path is set, it is calculated relative to the directory that contains the service binary file.
The BasesBackup element is mandatory.
Specifies the path to the directory that contains downloaded feeds from Kaspersky. If a relative path is set, it is calculated relative to the directory that contains the service binary file.
The BasesDownload element is mandatory.
The directory for temporary files.
The TemporaryDir element is optional. If it is omitted, the default value is used.
In Linux, the default value is /tmp.
In Windows, the default value is %TEMP% (the current Windows user's temporary folder).
The time interval in hours following the last feed update, after which a notification about an outdated feed is sent to the event target. To turn off notifications, set this parameter to 0. This setting is taken into account for every feed that has no outdated_alert_period attribute.
The OutdatedBasesAlertPeriod element is optional. If it is omitted, the default value 0 is used.
The number of scanners. Every scanner handles a single TCP connection.
If you want to run Feed Service in watchdog mode, specify one scanner in addition to the number of scanners needed for Feed Service itself. This must be done because the watchdog module uses an additional scanner.
The ScannersCount element is optional. If it is omitted, the default value 9 is used.
The number of threads per scanner.
The ScanningThreadsPerScanner element is optional. If it is omitted, the default value 8 is used.
Number of times Feed Service tries to resend a detection event to a SIEM solution if the first attempt at sending fails. If the value of EventSendingRetriesCount is 0, Feed Service sends each detection event one time and does not attempt to resend it.
Maximum possible value is 10. The preset value is 3.
The EventSendingRetriesCount element is mandatory.
Time interval between attempts made by Feed Service to resend a detection event to a SIEM solution, in seconds. Maximum possible value is 60.
The EventSendingRetriesTimеout element is mandatory.
The preset value is 10.
Specifies if feeds rollback is enabled or disabled.
If feeds rollback is enabled, feeds are rolled back when Kaspersky CyberTrace fails to upload new indicators into the Matching engine after feeds are updated. Kaspersky CyberTrace removes new indicators from the database and uses the previous feeds.
Possible values:
true — feeds rollback is enabled.false — feeds rollback is disabled.Kaspersky CyberTrace reads FeedsRollbackEnabled only during initialization and does not reread it after.
By default, there is no FeedsRollbackEnabled element in the configuration file. If this element is missing, feeds rollback is enabled.
Example
The following is an example of this element.
<ServiceSettings> <Bases>../feeds</Bases> <BasesBackup>../feeds/backup</BasesBackup> <BasesDownload>../feeds/download</BasesDownload> <TemporaryDir>/tmp</TemporaryDir> <OutdatedBasesAlertPeriod>120</OutdatedBasesAlertPeriod> <ScannersCount>9</ScannersCount> <ScanningThreadsPerScanner>8</ScanningThreadsPerScanner> <EventSendingRetriesCount>3</EventSendingRetriesCount> <EventSendingRetriesTimеout>10</EventSendingRetriesTimеout> <FeedsRollbackEnabled>true</FeedsRollbackEnabled> </ServiceSettings> |