This section provides information to help you solve problems you might encounter when using Kaspersky CyberTrace with QRadar.
If you encounter a problem while using Kaspersky CyberTrace, the specialists at Kaspersky can assist you. Contact your technical account manager (TAM) for more information about solutions to problems.
Problem: QRadar does not display the events from Feed Service or displays them incorrectly
To solve this problem, try the following actions:
Problem: Feed Service does not receive events from QRadar
To solve this problem, try the following actions:
You can use the ping
utility for this purpose.
You can use the netcat
utility for this purpose.
Problem: After Kaspersky Threat Feed App is installed and custom event properties are added, some of these event properties are incorrectly extracted from the detection event context
To solve this problem, try the following actions:
The Custom Event Property Definition window opens.
%property%=([^=]*)(?:\s[^=]+=)
to %property%=\[(.*)\]
, where %property%
is the property name.Problem: After Kaspersky Threat Feed App is installed, no chart is displayed
To solve this problem, try the following actions:
Do the same when you change the log source name in the Kaspersky Threat Feed App settings.
Problem: A search cannot be made using Kaspersky Threat Feed App, or the self-test of Kaspersky Threat Feed App fails
To solve this problem, try the following actions:
Feed Service Connection String
setting of Kaspersky Threat Feed App. Problem: When you add a new regular expression to the event output format, QRadar extracts the incorrect corresponding value from Kaspersky CyberTrace detection events
To solve this problem, make sure that event fields in a row are separated by a tab character, as required by the LEEF standard.
Page top