Event format settings

You can manage the settings for formats of events in the CyberTrace web user interface by selecting the Settings tab and then the Events format tab. Depending on the item selected in the drop-down list with all available tenants in the upper-left area of the window, you edit either the general event format settings (if General is selected) or the event format settings for a particular settings tenant (if a particular settings tenant is selected).

Event formats

Kaspersky CyberTrace events formats

On the Events format tab, you can specify the formats of detection events, alert events, record context, and actionable fields context.

We do not recommend changing the format of events format manually. Select the check boxes with the patterns that you want to use in outgoing events and Kaspersky CyberTrace will update the format automatically.

Some event sources may require that you change the event format, depending on your integration. For more information, see the section "Setting event formats for specific event sources" below.

For more information about formats and patterns that you can specify, see About event formats and patterns.

This tab has the following text fields:

Setting event formats for specific SIEM solutions

The correct format of alert and detection events depends on your SIEM solution. If you change the format of events in CyberTrace, you may also need to update your integration with the SIEM solution.

For ArcSight:

For Qradar:

For RSA NetWitness:

For LogRhythm:

Page top