What's new

This section describes new features and enhancements in the latest version of Kaspersky CyberTrace.

What's new in version 3.1

• Search history was added to improve the user experience during Incident Response activities. Analysts now have immediate access to full historical results of observables and log file checks.
• Multiuser mode was added. Now you can use role-based access features to control the operations that different users manage. For example, only users with the Administrator role can manage Kaspersky CyberTrace configuration and browse the search results of all analysts.
• Support for downloadable reports was added. The reports contain Kaspersky CyberTrace statistics that are valuable for measuring the effectiveness of Threat Intelligence to inform the management team about the value brought by each TI source.
• Event Sources management was improved:
  • Normalization for each source to support events from a broad range of sources in a single Kaspersky CyberTrace instance. For example, from different SIEMs like McAfee and QRadar.
  • Determining the source based on regular expressions to support event sources with events in the non-syslog format. The previous methods of determining event sources based on IP or syslog hostname are supported as well.
• New Kaspersky Data Feeds were added:
  • IoT URL Data Feed. A set of URLs with context that cover malicious links used to download malware that targets Internet of Things-enabled devices.
  • Vulnerability Data Feed. A set of file hashes of applications with vulnerabilities, supplemented with hashes of exploits that use those vulnerabilities, and related cyber threat intelligence context.
  • New version of Mobile Botnet CnC URL Data Feed with extra context. The feed contains URLs and masks for detecting C&C servers and web resources that are related to mobile botnets.
• Updated OSINT feed list:
  • ZeuS Tracker was removed due to its discontinuing.
  • Abuse.ch SSL Certificate Blacklist, BlockList.de, Cyber Crime Tracker OSINT feeds were added.
  • Several OSINT categories were renamed:
    • AbuseSh_Ransomware_Common_URL was renamed to AbuseCh_Ransomware_Common_URL.
    • AbuseSh_Ransomware_Block_URL was renamed to AbuseCh_Ransomware_Block_URL.
    • AbuseSh_Ransomware_Block_Domain was renamed to AbuseCh_Ransomware_Block_Domain.
    • AbuseSh_Ransomware_Block_IP was renamed to AbuseCh_Ransomware_Block_IP.
    • AbuseSh_Feodo_Block_IP was renamed to AbuseCh_Feodo_Block_IP.
    • EmergingThreats_Block_IP was renamed to EmergingThreats_BlockIP.
    • EmergingThreats_Compromised_IP was renamed to EmergingThreats_CompromisedIP.
• TAXII protocol support was improved.
• Licensing was added. The license limits the number of available indicators of compromise (IoCs) from Data Feeds, the number of incoming Events per second (EPS) for matching, and available features (multiuser mode, threat search, third-party feeds).
• Deprecated features were removed:
  • The mode without GUI was disabled.
  • The steps for specifying feed parameters were removed from the installers (DEB, RPM, MSI). This function is now performed from the Web UI.
  • The ability to run Kaspersky CyberTrace in the foreground on Linux was disabled. Kaspersky CyberTrace now always runs as a Linux-daemon.

• Integration with LogRhythm was added.

Page top