Welcome to Kaspersky CyberTrace documentation.
What is Kaspersky CyberTrace
Kaspersky CyberTrace is a threat intelligence fusion and analysis tool that integrates threat data feeds with SIEM solutions so that users can immediately leverage threat intelligence for security monitoring and IR activities in their existing security operations workflow.
Kaspersky CyberTrace uses continuously updated threat data feeds to identify existing breaches or newly launched attacks, and to inform your business or clients about the risks and implications associated with the threat.
Kaspersky CyberTrace integrates with threat intelligence sources (threat intelligence feeds from Kaspersky, other vendors, OSINT, or even custom sources), SIEM solutions, and log sources. As indicators of compromise (IoC) from the threat intelligence feeds are found in your environment, Kaspersky CyberTrace automatically sends alerts to SIEM solutions for ongoing monitoring, validation, and discovery of additional contextual evidence for ongoing security incidents. Kaspersky CyberTrace provides analysts with a set of instruments for conducting alert triage and response through categorization and assessment of identified matches.
Kaspersky CyberTrace inside a corporate network
Features of Kaspersky CyberTrace:
The main parts of Kaspersky CyberTrace are Feed Service, Feed Utility, Log Scanner, and Kaspersky CyberTrace Web.
Main components of Kaspersky CyberTrace
For more information about how Kaspersky CyberTrace works, watch the video below:
Documentation contents
This documentation is divided into several chapters:
This chapter provides guides about installing Kaspersky CyberTrace, integrating it with SIEM solutions and event sources, and configuring Kaspersky CyberTrace after the integration is completed.
For a starting point of the installation and integration process, see Getting started.
This chapter provides information about Kaspersky CyberTrace Web, which is a web interface of Kaspersky CyberTrace, about apps and dashboards that provide access to Kaspersky CyberTrace from a SIEM solution, and about miscellaneous command-line tools such as Feed Utility.
This chapter provides additional information about Kaspersky CyberTrace and covers advanced topics of Kaspersky CyberTrace usage. Descriptions of Kaspersky CyberTrace components and workflow of these components can also be found in this chapter.
This section provides solutions to common problems encountered while using Kaspersky CyberTrace.
This section provides guidelines for mitigating potential security risks when working with Kaspersky CyberTrace.