Retrospective scan settings
Kaspersky CyberTrace allows you to save events containing indicators that are not detected, and then perform a retrospective scan of these events. This section explains how to configure Kaspersky CyberTrace for using the retrospective scan.
The Retrospective scanning tab allows you to do the following:
- Enable or disable the retrospective scan.
- View the current size of saved events.
- Remove saved events.
Saved events cannot be removed when the retrospective scan is in progress. If you want to disable the retrospective scan and removed the saved events, you must wait until the current retroscan task is finished.
Retrospective scanning tab
- On the General settings tab, manage the following settings:
- Set the frequency of the scheduled retrospective scan task or disable the scan on schedule. If 1 month is selected, retrospective scan starts every 30 days.
- Enable or disable the size limit for events that must be saved for the retrospective scan.
- Set the maximum size of events (in gigabytes) that must be saved for the retrospective scan.
- Set how long (in days) the events used for the retrospective scan must be stored.
- Set how long (in days) the results of the retrospective scan must be stored.
General settings tab
- On the Feeds used in retroscan tab, enable or disable feeds that must be used in the retrospective scan.
Feeds used in retroscan tab
- On the Fields saved for retroscan tab, configure the following settings:
- Enable or disable saving events related to a specific tenant for use in the retrospective scan.
If you exclude a tenant from the retrospective scan, the regular expressions contained in this tenant become unavailable for selection.
- Select regular expressions contained in a tenant for use in the retrospective scan.
You must select at least one regular expression.
Fields saved for retroscan tab
- Enable or disable saving events related to a specific tenant for use in the retrospective scan.