Kaspersky CyberTrace allows you to save detection events for further analysis and investigation. This section explains how to configure the settings of detection events storage.
You can manage the settings of detection events storage by selecting the Settings > Detections tab.
The Detections tab allows you to perform the following:
The Settings > Detections tab
You can view the current size (in gigabytes) of saved detection events at the top of the Detections tab.
To delete saved detection events:
To disable saving detection events:
By disabling the saving of detection events, you can reduce hard drive space requirements for the computer on which Kaspersky CyberTrace is installed. This can be done if all detection events are saved in the SIEM and you investigate security incidents there.
If you disable saving of detection events while applying filtering criteria for sending events to SIEM, the detection events containing the indicators that do not comply with the specified criteria will be lost.
To set the maximum size of saved detection events:
When the limit on the size of saved detection events is exceeded, Kaspersky CyberTrace generates a KL_ALERT_DetectsStorageExceeded event.
Since the size of saved detection events is checked every hour, it may exceed the limit occasionally.
Page top