Kaspersky CyberTrace
User guides > Working with events in ArcSight > Active Channels

Active Channels

When the ARB package is imported to ArcSight, the following active channels become available:

  • CyberTrace alerts

    Displays service events from Feed Service in real time.

    • The Reason field contains the identifier of the service event.
    • The Message field contains additional information about the event (if available).

    CyberTrace alerts active channel

  • CyberTrace all matches

    Displays detection events from Feed Service in real time.

    • The Reason field contains the category of the detected object.
    • The Detected indicator field contains the detected object.
    • The Request Url field contains the URL that was detected in the event that was sent from ArcSight to Feed Service.
    • The File Hash field contains the hash that was detected in the event that was sent from ArcSight to Feed Service.
    • The Source Service Name field contains the name of the device vendor that sent the event to ArcSight.
    • The Source Process Name field contains the name of the device that sent the event to ArcSight.
    • The Event Outcome field contains the identifier of the original event that arrived in ArcSight and was then sent to Feed Service.
    • The Message field contains a brief description of the detection. The description is in the following format: "CyberTrace detected <name_of_the_feed_involved_in_the_detection_process>".
    • The Source User Name field contains the name of the user that was active on the endpoint device.
    • The Source Address field contains the IPv4 address that identifies the source to which the original event refers in an IP network.
    • The Destination Address field contains the destination IPv4 address that was detected in the event sent from ArcSight to Feed Service.
    • The Device Action field contains the action taken by the device as specified in the original event.
    • The Popularity, Threat Score, Threat, and other fields are taken from the feed that was involved in the detection process.

    ArcSight29

    CyberTrace all matches active channel

  • CyberTrace hash matches

    Displays hash detection events from Feed Service in real time.

  • CyberTrace URL matches

    Displays URL detection events from Feed Service in real time.

  • CyberTrace IP matches

    Displays IP detection events from Feed Service in real time.

Article ID: 171423, Last review: Apr 14, 2021
Page top