Kaspersky CyberTrace

About Kaspersky CyberTrace App for Splunk

Kaspersky CyberTrace App for Splunk is a Splunk app. It does the following:

  • Displays information about URLs, IP addresses, and hashes from events that match Kaspersky Threat Data Feeds in the Kaspersky CyberTrace Matches dashboard.
  • Displays information about Kaspersky CyberTrace status in the Kaspersky CyberTrace Status dashboard.
  • Matches individual URLs, IP addresses, and hashes to Kaspersky Threat Data Feeds by performing a lookup on the Indicators lookup tab.
  • Performs Self-test and displays the feeds in use.

Additionally, Kaspersky CyberTrace App for Splunk comes with alert templates that demonstrate the basic trigger conditions that can be used with Kaspersky CyberTrace.

About Kaspersky CyberTrace App dashboards

Kaspersky CyberTrace App uses the following dashboards:

  • Kaspersky CyberTrace Matches

    This dashboard provides information about URLs, IP addresses, and hashes from events that matched Kaspersky Threat Data Feeds, together with statistical information and a log of matches.

  • Kaspersky CyberTrace Status

    This dashboard provides match statistics for Feed Service and a log of alerts received from it. The dashboard can also be used to run the Self-test of Kaspersky CyberTrace App for Splunk.

  • Indicators lookup

    This tab allows you to configure and perform a lookup by indicator.

  • Alerts

    This is a standard Alerts dashboard. Kaspersky CyberTrace App for Splunk comes with several alert templates that you can use and customize from this dashboard.

  • Kaspersky CyberTrace online documentation

    Link to the online documentation for Kaspersky CyberTrace.