Kaspersky CyberTrace supports a multi-tenant architecture that allows you to manage tenants. A tenant is a client-specific set of configuration parameters. By default, Kaspersky CyberTrace uses a General tenant that provides the overall settings. You can create or edit the Kaspersky CyberTrace tenants in CyberTrace Web by selecting the Settings tab, and then the Tenants tab.
On the Tenants tab, you can view information about the tenants that are used in Kaspersky CyberTrace and perform the following actions:
Adding tenants
To add a tenant:
The New tenant window opens.
You can select a SIEM supported by Kaspersky CyberTrace or a custom one (a non-supported SIEM solution).
This SIEM will be used in the tenant for sending events to CyberTrace.
Depending on the selected SIEM, CyberTrace will specify regular expressions, detection events, and service events that are used in integration with this solution.
For the full list of supported SIEMs, see subsection "Supported SIEM solutions" below.
Editing a tenant configuration
To edit a tenant configuration:
You cannot change the tenant name for the General tenant.
Deleting tenants
To delete a tenant:
Supported SIEM solutions
Kaspersky CyberTrace supports integration with several SIEM solutions. Thus, CyberTrace uses a number of preset settings for each SIEM, such as settings for parsing events and event format settings (for detection and service events).
The following SIEM solutions are supported: