This section describes how to finish the integration of Kaspersky CyberTrace with Splunk after the files of Kaspersky Threat Feed App for Splunk were upgraded to the files of Kaspersky CyberTrace.
To integrate Kaspersky CyberTrace with Splunk after Kaspersky Threat Feed App for Splunk files were upgraded to Kaspersky CyberTrace files:
Use the same integration scheme that you used in an earlier Kaspersky CyberTrace version (Kaspersky Threat Feed Service).
Kaspersky Threat Feed App for Splunk has following CONF files:
%SPLUNK_DIRECTORY%/etc/apps/Kaspersky-Threat-Feed-App-for-Splunk/default/inputs.conf%SPLUNK_DIRECTORY%/etc/apps/Kaspersky-Threat-Feed-App-for-Splunk/default/outputs.conf%SPLUNK_DIRECTORY%/etc/apps/Kaspersky-Threat-Feed-App-for-Splunk/default/props.conf%SPLUNK_DIRECTORY%/etc/apps/Kaspersky-Threat-Feed-App-for-Splunk/default/savedsearches.confThis file contains an alert template where you can type a valid email address if you want to receive system notifications.
%SPLUNK_DIRECTORY%/etc/apps/Kaspersky-Threat-Feed-App-for-Splunk/bin/config.json%SPLUNK_DIRECTORY%/etc/apps/Kaspersky-Threat-Feed-App-for-Splunk/ directory in which Kaspersky Threat Feed App for Splunk is installed.The kl_detect index file will be removed together with this directory. Thus, the detection events generated by Kaspersky Threat Feed App for Splunk will be removed as well.