Kaspersky CyberTrace App for Splunk comes with several alert templates that you can use and customize from the Alerts dashboard.
Alert templates and triggers
Following alert templates are available:
This alert is triggered if there were matches with Kaspersky Threat Data Feeds in the past 24 hours.
This alert is triggered if there were no matches with Kaspersky Threat Data Feeds in the past 24 hours.
This alert is triggered if there were 5000 matches with Kaspersky Threat Data Feeds in the course of 1 minute.
This alert is triggered if Feed Service is unavailable.
This alert contains the date when the alert was generated followed by a timestamp in the UNIX time format.
This alert is triggered when Feed Service is started.
This alert contains the date when the alert was generated followed by a timestamp in the UNIX time format.
Alert actions
By default, the Add to Triggered Alerts action is defined for all alerts. As an option, you can add a Send email action so that Splunk will send an email message to the email address specified for the action.