This section describes how you can import preconfigured charts and a dashboard to RSA NetWitness.
This step requires importing Feed Service rules (Step 4). For more information, see Integration steps.
Importing preconfigured charts
The distribution kit contains the CyberTrace_Charts.zip file. The CyberTrace_Charts.zip file contains preconfigured charts. These charts are used in a preconfigured dashboard.
You can import the CyberTrace_Charts.zip file in the same way as CyberTrace_Rules.zip, which contains rules.
After the CyberTrace_Charts.zip file is imported, specify the data source for each chart (specify either the Concentrator that receives events from Feed Service or the Log Decoder that stores events from Feed Service). To do this, for each chart click the Actions split button () and select Edit. Then in the Data Source field specify the data source and click Save.
Also, enable each chart: select the check boxes next to the chart names (or you can select the check box next to the Enabled column heading) and then click the Enable button ().
Enabling charts
Importing the Kaspersky CyberTrace dashboard
The distribution kit also contains the Kaspersky+CyberTrace.cfg file. This file contains a preconfigured dashboard, Kaspersky CyberTrace
. For more information about this dashboard, see section "About the Kaspersky CyberTrace dashboard".
You can import the Kaspersky+CyberTrace.cfg file by clicking the Settings split button () in the Dashboard form and selecting Import. A dashlet form appears in the Dashboard form. After the CFG file is imported, configure the following dashlets: CyberTrace Detects Statistic
, CyberTrace Top 10 URL
, CyberTrace Top 10 Hash
, and CyberTrace Top 10 IP
.
The import instructions above are relevant for RSA NetWitness version 10.6. To import the Kaspersky CyberTrace.zip file in RSA NetWitness version 11.0, click the Import dashboard button ().
Page top