You can create notifications about issues with Kaspersky CyberTrace by configuring alert rules.
To create notifications about service events from Kaspersky CyberTrace in QRadar:
The Rules page
The Rule Wizard page opens.
The Rules Wizard window
when the event(s) were detected by one or more of these log sources
when the event matches this search filter
and
operator.when the event(s) were detected by one or more of these log sources
condition, specify Log Source that is equal to KL_Threat_Feed_Service_v2
. If this event source is absent, add Feed Service as a log source.when the event matches this search filter
condition, specify a filter for comparing Event Name with the value of the event source name by performing the following actions: If the necessary event is absent, add it to the QRadar Identifiers (QID) list.
The Rule Editor window
The Rule Editor page
The Rule Summary page
The rule will now be added to the Rules list.
The Rules list
The added rule generates a notification about an incoming service event. You can browse these notifications by clicking the Messages drop-down list. Also, notifications are displayed in QRadar Console as a pop-up message.
The Messages drop-down list
You can configure displaying of notifications on the Dashboard tab.
System notifications on the Dashboard tab
To configure displaying of notifications on the Dashboard tab:
Adding system notifications on the Dashboard tab