Service settings (General tenant)

You can manage the general service settings in the CyberTrace web user interface by selecting the Settings tab, and then the Service tab. Make sure that the General item is selected from the drop-down list that has all available tenants, in the upper-left area of the window.

The Service tab allows you to edit settings stored in the kl_feed_util.conf and kl_feed_service_log.conf configuration files. You can perform the following actions by clicking the following links below the tab:

• Restart Feed Service
• Export the configuration file

  You can export the kl_feed_service.conf and kl_feed_util.conf configuration files to a directory that you choose.

• Run self-test

  Verifies that the Kaspersky Threat Data Feeds that you use work correctly.

  Please make sure you run the self-test before editing any filtering rules on the Settings > Feeds tab, in the Filtering rules for feeds section.

  If the verification test (self-test) yields incorrect results (that is, if a feed that is expected to produce detections produces none), see possible solutions for this problem in the general troubleshooting section. If the problem persists, contact your technical account manager (TAM).

• Reset statistics

  Clears the Dashboard of all the detection statistics. When you select the General tenant, Kaspersky CyberTrace clears the detection statistics for all tenants.

  It is recommended to perform this operation after successfully integrating CyberTrace with a SIEM solution: this way, the dashboard will not display any detection events generated during the verification test and will only contain real detection events, if there are any.

The Settings tab displays the Feed Service status, which can be one of the following:

• Feed Service is running
• Feed Service is starting
• Feed Service has stopped
• Feed Service is updating feeds

  This status specifies that indicators are loading into the database and indexing. Until all indicators processed, the Indicators tab may contain partially outdated information, and a search for data that is being updated may not be performed correctly. However, the process of matching incoming events is performed based on the actual data and the Kaspersky CyberTrace Web page with detailed information about indicators displays up-to-date data.

Connection settings

In the Connection settings section of the Service tab, you can specify the following settings:

• IP address and port (on Linux, it can be also a UNIX socket) that Feed Service listens on for incoming events

  These settings are stored in the InputSettings > ConnectionString element of the kl_feed_service.conf file.

• IP address and port (on Linux, it can also be a UNIX socket) to which Feed Service sends detection events and alert events

  These settings are stored in the OutputSettings > ConnectionString element of the kl_feed_service.conf file.

• IP address or hostname, and port (on Linux, it can also be a UNIX socket) to which Feed Service sends alert events that inform the event target software of the state of the service

  These settings are stored in the OutputSettings > AlertConnectionString element of the kl_feed_service.conf file.

  You can enable or disable this setting by using Kaspersky CyberTrace Web. When this setting is enabled, Kaspersky CyberTrace does not send alert events to the IP address and port that are stored in the OutputSettings > ConnectionString element of the kl_feed_service.conf file.

• IP address or hostname of the proxy server for updating feeds

  This setting is stored in the Host element of the kl_feed_util.conf file.

• Port of the proxy server for updating feeds

  This setting is stored in the Port element of the kl_feed_util.conf file.

  The preset value is 0. If you do not want to use a proxy server, leave this value unchanged.

• Proxy user name

  This setting is stored encrypted in the User element of the kl_feed_util.conf file.

• Proxy password

  This setting is stored encrypted in the Password element of the kl_feed_util.conf file.

External address of the web interface

In the Web interface section of the Service tab, you can specify the IP address or hostname to be used in Kaspersky CyberTrace events.

This setting is stored in the ResourcesIP element of the kl_feed_service.conf file.

The preset value is 127.0.0.1.

Using a proxy server

To configure CyberTrace to use a proxy server:

Specify proxy settings in the IP address or hostname, Port, User name, and Password fields.

To configure CyberTrace not to use a proxy server:

1. Enter 0 in the Port text field.
2. Clear the IP address or hostname, User name, and Password text fields.

About the disk space notification

When Kaspersky CyberTrace updates feeds, it checks the amount of remaining disk space. If the remaining disk space is low, Kaspersky CyberTrace displays a notification. The notification states how many MB of disk space is still available for the indicator database.

In addition, Kaspersky CyberTrace sends a KL_ALERT_FreeSpaceEnds event.

Page top