This section describes how to finish the integration of Kaspersky CyberTrace with LogRhythm after the upgrade of the Kaspersky CyberTrace files.
Finishing the integration of Kaspersky CyberTrace with LogRhythm consists of the following steps:
Upgrading from Kaspersky CyberTrace 3.1
When upgrading from Kaspersky CyberTrace version 3.1, you must add the following categories and alert events to LogRhythm:
For more information on how to add categories and alert events to LogRhythm, see subsection "Adding new events" below.
You must also remove the following obsolete events:
For more information on how to remove obsolete events from LogRhythm, see subsection "Removing obsolete events" below.
Upgrading from Kaspersky CyberTrace 4.0
When upgrading from Kaspersky CyberTrace version 4.0, you must add the KL_ALERT_DetectsStorageExceeded alert event to LogRhythm.
For more information on how to add categories and alert events to LogRhythm, see subsection "Adding new events" below.
You must also remove the KL_psms_Hash_MD5 event, which is obsolete.
For more information on how to remove obsolete events from LogRhythm, see subsection "Removing obsolete events" below.
Adding new events
To add new events to LogRhythm:
Add the required categories and alert events automatically or manually (as described in sections "Step 3 (optional). Adding Kaspersky CyberTrace events" and "Step 4 (optional). Adding Kaspersky CyberTrace rules").
Removing obsolete events
To remove obsolete events from LogRhythm:
The Rule Builder form opens.
A preview window for the rule opens.
Verify Retire window