Alert templates

Kaspersky CyberTrace App for Splunk comes with several alert templates that you can use and customize from the Alerts dashboard.

Alert templates and triggers

Following alert templates are available:

• Matches alert

  This alert is triggered if there were matches with Kaspersky Threat Data Feeds in the past 24 hours.

• No Matches alert

  This alert is triggered if there were no matches with Kaspersky Threat Data Feeds in the past 24 hours.

• Emergency alert

  This alert is triggered if there were 5000 matches with Kaspersky Threat Data Feeds in the course of 1 minute.

• Service Unavailable alert

  This alert is triggered if Feed Service is unavailable.

  This alert contains the date when the alert was generated followed by a timestamp in the UNIX time format.

• Service Started alert

  This alert is triggered when Feed Service is started.

  This alert contains the date when the alert was generated followed by a timestamp in the UNIX time format.

Alert actions

By default, the Add to Triggered Alerts action is defined for all alerts. As an option, you can add a Send email action so that Splunk will send an email message to the email address specified for the action.