This chapter describes how to integrate Kaspersky CyberTrace with QRadar.
About the integration schemes
Kaspersky CyberTrace can be integrated with QRadar in two integration schemes:
Use this scenario if it is possible to get QRadar updates. For more information about the standard integration scheme, see About the standard integration scheme (QRadar).
This is an additional scenario for a case when it is not possible to get QRadar updates. The procedure is outlined in Integration with QRadar when QRadar cannot get updates.
How to integrate Kaspersky CyberTrace with QRadar
Make sure that you have installed Kaspersky CyberTrace (see Part 1: Installing Kaspersky CyberTrace).
To integrate Kaspersky CyberTrace with QRadar in the standard integration scenario:
Please make sure you perform the verification test before editing any filtering rules in the Feed Utility configuration file.
After you have successfully integrated Kaspersky CyberTrace with QRadar, install Kaspersky Threat Feed App: