This section describes how to finish the integration of Kaspersky CyberTrace with QRadar after the upgrade of the Kaspersky CyberTrace files.
The upgrade process described in this section applies to Kaspersky CyberTrace versions 3.1.0 and above. If you have an older version of Kaspersky CyberTrace or Kaspersky Threat Feed Service, contact your Technical Account Manager (TAM).
Finishing the integration of Kaspersky CyberTrace with QRadar consists of the following actions:
In Kaspersky CyberTrace version 4.0, these categories are used instead of the following:
If QRadar automatically receives configuration updates (including configuration file changes, vulnerabilities, QID maps, supportability scripts, and security threat information updates), the following features are included:
Perform the procedure above manually only if it does not receive configuration updates automatically. To add these categories to QRadar, perform the actions described in sections "Importing QIDs to QRadar", "Sending a set of events to QRadar", and "Mapping events to QIDs". The categories mentioned above are included in the sample_initiallog.txt and sample_qid.txt files of the latest distribution kit of CyberTrace.
To finish the integration of Kaspersky CyberTrace with QRadar: