OutputSettings

Contains output settings for the General tenant.

Defines the address and port of the event target software to send the outgoing events to, and the format of the outgoing events.

Path

OutputSettings

Attributes

This element has no attributes.

Nested elements

This element is a container for the following nested elements:

OutputSettings > ConnectionString

Specifies the IP address (or host) and port to which the service will send service alerts.

The string is formatted as <ip_address>:<port> (if an IP address and port are used) or as \\.\pipe\<pipe_name> (if a Windows-named pipe is used). The IP address must consist of four decimal octets, each separated by a dot. The value in each octet must be less than 256.

OutputSettings > AlertConnectionString

Specifies the IP address (or host) and port to which the service will send service alerts.

The value of this element is formatted as <ip_address>:<port> (if an IP address and port are used) or as \\.\pipe\<pipe_name> (if a Windows-named pipe is used). The IP address must consist of four decimal octets, each separated by a dot. The value in each octet must be less than 256.

The AlertConnectionString element is optional. If the element is omitted, the enabled attribute with the false value is used for this element.

This element has the following attributes:

AlertConnectionString element attributes

Attribute

Description

enabled

Defines whether Feed Service sends alert events to the specified IP address and port.

Possible values: true, false.

If the value is true, Feed Service will send alert events to the IP address and port that are specified in this element.

If the value is false, Feed Service will send alert events to the IP address and port that are specified in the OutputSettings > ConnectionString element.

OutputSettings > FinishedEventFormat

Specifies the format of the informational event that is generated after an event is processed.

If this parameter is enabled, Kaspersky CyberTrace will generate an informational event for each event that it processes. An informational event is generated even if there were no detections.

The FinishedEventFormat element is mandatory.

The value of this element specifies the event format. You can use the %RecordContext% pattern and regular expression names in the format. For more information about patterns, see About event formats and patterns.

The %RecordContext% pattern will provide the following fields, if used:

This element has the following attributes:

FinishedEventFormat element attributes

Attribute

Description

enabled

Defines whether special informational events are generated.

Possible values: true, false.

If the value is true, Feed Service will generate special informational events.

If the value is false, or this attribute is omitted, Feed Service will not generate special informational events.

This attribute is optional.

Example

The following is an example of this element.

<OutputSettings>

<RecordFieldContextFormat><![CDATA[ %ParamName%=%ParamValue%]]></RecordFieldContextFormat>

<AlertFormat>%Date% alert=%Alert%%RecordContext%</AlertFormat>

<EventFormat>%RE_DATE% category=%Category% matchedIndicator=%MatchedIndicator% url=%RE_URL% src=%SRC_IP% ip=%RE_IP% md5=%RE_MD5% sha1=%RE_SHA1% sha256=%RE_SHA256% usrName=%RE_USERNAME%%RecordContext%</EventFormat>

<FinishedEventFormat enabled="true">LookupFinished %RecordContext%</FinishedEventFormat>

<ActionableFieldContextFormat><![CDATA[ %ParamName%:%ParamValue%]]></ActionableFieldContextFormat>

<ConnectionString>127.0.0.1:9998</ConnectionString>

<AlertConnectionString>192.0.2.145:9998</AlertConnectionString>

</OutputSettings>

Page top