About Kaspersky CyberTrace

Welcome to Kaspersky CyberTrace documentation.

What is Kaspersky CyberTrace

Kaspersky CyberTrace is a threat intelligence fusion and analysis tool that integrates threat data feeds with SIEM solutions so that users can immediately leverage threat intelligence for security monitoring and IR activities in their existing security operations workflow.

Kaspersky CyberTrace uses continuously updated threat data feeds to identify existing breaches or newly launched attacks, and to inform your business or clients about the risks and implications associated with the threat.

Kaspersky CyberTrace integrates with threat intelligence sources (threat intelligence feeds from Kaspersky, other vendors, OSINT, or even custom sources), SIEM solutions, and log sources. As indicators of compromise (IoC) from the threat intelligence feeds are found in your environment, Kaspersky CyberTrace automatically sends alerts to SIEM solutions for ongoing monitoring, validation, and discovery of additional contextual evidence for ongoing security incidents. Kaspersky CyberTrace provides analysts with a set of instruments for conducting alert triage and response through categorization and assessment of identified matches.

Kaspersky CyberTrace inside a corporate network

Kaspersky CyberTrace inside a corporate network

Features of Kaspersky CyberTrace:

The main parts of Kaspersky CyberTrace are Feed Service, Feed Utility, Log Scanner, and Kaspersky CyberTrace Web.

Main components of CyberTrace

Main components of Kaspersky CyberTrace

For more information about how Kaspersky CyberTrace works, watch the video below:

Documentation contents

This documentation is divided into several chapters:

Page top