Integration steps (ArcSight)

This chapter describes how to integrate Kaspersky CyberTrace with ArcSight products.

About the integration schemes

Kaspersky CyberTrace can be integrated with ArcSight in several integration schemes. For more information about the integration schemes for ArcSight, see Integration schemes (ArcSight).

How to integrate with ArcSight

To integrate Kaspersky CyberTrace with ArcSight:

1. Before you install Kaspersky CyberTrace, make sure that ArcSight SmartConnector is installed.

   If ArcSight SmartConnector is not installed, a warning will be issued during the installation of CyberTrace and the connection to ArcSight SmartConnector will not be checked.

   For more information, see section "Before you begin (ArcSight)".

2. Make sure that you have installed Kaspersky CyberTrace (see Part 1: Installing Kaspersky CyberTrace).
3. Import the Kaspersky_CyberTrace_Connector.arb package.
4. Install ArcSight Forwarding Connector using one of two options:
   • Install ArcSight Forwarding Connector using ArcSight interface.
   • Install ArcSight Forwarding Connector by using the console.
5. Configure Feed Service for interaction with ArcSight.
6. Perform the verification test.

   Please make sure you perform the verification test before editing any filtering rules in the Feed Utility configuration file.

Page top