Detections storage settings

Kaspersky CyberTrace allows you to save detection events for further analysis and investigation. This section explains how to configure the settings of detection events storage.

You can manage the settings of detection events storage by selecting the Settings > Detections tab.

The Detections tab allows you to perform the following:

• View the size of saved detection events.
• Delete saved detection events.
• Enable or disable detection events saving.
• Set the maximum size (in gigabytes) of saved detection events.

  

  The Settings > Detections tab

You can view the current size (in gigabytes) of saved detection events at the top of the Detections tab.

To delete saved detection events:

1. Click Delete saved detections.
2. Click Yes in the confirmation window that opens.

To disable saving detection events:

1. Click the Save detections toggle button in the General settings section of the Settings > Detections tab.
2. Click Save at the bottom of the page.

By disabling the saving of detection events, you can reduce hard drive space requirements for the computer on which Kaspersky CyberTrace is installed. This can be done if all detection events are saved in the SIEM and you investigate security incidents there.

If you disable saving of detection events while applying filtering criteria for sending events to SIEM, the detection events containing the indicators that do not comply with the specified criteria will be lost.

To set the maximum size of saved detection events:

1. In the General settings section of the Settings > Detections tab, select the Limit the maximum size of saved events (Gb) checkbox.
2. Specify the maximum size of saved detection events, in gigabytes.
3. Click Save at the bottom of the page.

When the limit on the size of saved detection events is exceeded, Kaspersky CyberTrace generates a KL_ALERT_DetectsStorageExceeded event.

Since the size of saved detection events is checked every hour, it may exceed the limit occasionally.

Page top