About Kaspersky CyberTrace App for Splunk

Kaspersky CyberTrace App for Splunk is a Splunk app. It does the following:

• Displays information about URLs, IP addresses, and hashes from events that match Kaspersky Threat Data Feeds in the Kaspersky CyberTrace Matches dashboard.
• Displays information about Kaspersky CyberTrace status in the Kaspersky CyberTrace Status dashboard.
• Matches individual URLs, IP addresses, and hashes to Kaspersky Threat Data Feeds using the lookup script from the Search dashboard.
• Performs Self-test and displays the feeds in use.

Additionally, Kaspersky CyberTrace App for Splunk comes with alert templates that demonstrate the basic trigger conditions that can be used with Kaspersky CyberTrace.

About Kaspersky CyberTrace App dashboards

Kaspersky CyberTrace App uses the following dashboards:

• Kaspersky CyberTrace Matches

  This dashboard provides information about URLs, IP addresses, and hashes from events that matched Kaspersky Threat Data Feeds, together with statistical information and a log of matches.

• Kaspersky CyberTrace Status

  This dashboard provides match statistics for Feed Service and a log of alerts received from it. The dashboard can also be used to run the Self-test of Kaspersky CyberTrace App for Splunk.

• Search

  This is a standard Search dashboard. You can use it to match individual URLs, IP addresses, and hashes to Kaspersky Threat Data Feeds by means of the lookup script.

• Alerts

  This is a standard Alerts dashboard. Kaspersky CyberTrace App for Splunk comes with several alert templates that you can use and customize from this dashboard.

Page top