This chapter describes how to prepare Kaspersky CyberTrace for use.
For an overview of Kaspersky CyberTrace and how it works, see section "About Kaspersky CyberTrace", subsection "What is Kaspersky CyberTrace". For more information on the main parts of Kaspersky CyberTrace, see sections "Using Feed Service", "Using Feed Utility", and "Using Log Scanner".
To prepare Kaspersky CyberTrace for use:
If you already have Kaspersky Threat Feed Service for a SIEM solution installed, you can perform an upgrade to Kaspersky CyberTrace. Starting from Kaspersky CyberTrace version 3.1, this option is not available.
Before you begin
Make sure that the computer you plan to use for running Feed Service meets the hardware and software requirements.
For ArcSight products, ArcSight SmartConnector must be installed before the installation of Kaspersky CyberTrace. For more information, see Before you begin (ArcSight) and Integration guide (ArcSight).
Part 1. Installing Kaspersky CyberTrace
When you install Kaspersky CyberTrace, all the components required for working with feeds, such as Feed Service and Feed Utility, are installed and configured.
Kaspersky CyberTrace can be installed on any computer that can receive events from your chosen event source, such as a SIEM solution, a firewall, or a proxy server. By configuring Kaspersky CyberTrace during its installation you specify how it will receive and send events.
Make sure to install Kaspersky CyberTrace according to your chosen integration scheme. For example, if you must install Kaspersky CyberTrace and a SIEM solution on separate computers, check the available integration schemes for your SIEM solution and decide where to install Kaspersky CyberTrace.
Depending on your operating system, install Kaspersky CyberTrace as described in the following sections:
Part 2. Integrating Kaspersky CyberTrace with an event source
Kaspersky CyberTrace must be integrated with an event source. This event source can either be a standalone event source (for example, a firewall or a proxy server) or a SIEM solution. The event source then sends events to Feed Service, and Feed Service sends its own events to a SIEM or other application, as configured.
Kaspersky CyberTrace supports integration with the following SIEM solutions: