Step 8 (optional). Creating alerts about incoming Kaspersky CyberTrace service events

You can create notifications about incoming Kaspersky CyberTrace service events by configuring alert rules.

To create notifications about service events from Kaspersky CyberTrace in LogRhythm:

  1. Run LogRhythm Console.
  2. Select Deployment Manager > Alarm Rules and click New.
  3. In the Create Global Rule confirmation window, click Yes if you want to give access to manage this rule for all users with the Global Admin role. Click No, if you want to manage this rule only by yourself.
  4. Perform the following actions for each tab at the bottom of the page:
    • On the Primary Criteria tab, do the following:
      1. Click New, and select the Common Event value in the Add New Field Filter drop-down list.

        Primary criteria

        Log message filter

      2. Click Edit values.

        The Field Filter Values window opens.

      3. In the Field Filter Values window, click Add Item.
      4. Select the name of the Kaspersky CyberTrace service event from the list. If such events are absent, add them as described in the "Adding Kaspersky CyberTrace events" section.

        Field filter values

      5. Click OK.
    • Leave the Include Filters, Exclude Filters and Day and Time Criteria tabs unchanged.
    • On the Log Source Criteria tab, check Include the Selected Log Sources and then click Add.

    Alarm rule

    The Alarm Rule window

    Log source criteria

    The Log Source Criteria Add window

    • Leave the Aggregation tab unchanged.
    • In the Settings tab, specify a period of time during which identical alerts that are associated with the occurrence of any new service events from Kaspersky CyberTrace have to be suppressed.

    Alarm rule

    Alert suppression settings

    • On the Notify tab, select a role or user you want to address notifications.

    Alarm rule3

    Choosing the roles to notificate

    • Leave the Actions tab unchanged.
    • On the Information tab, specify the name of the rule and its description.

    Alarm rule4

    Alarm Rule Name/Brief Description

  5. Click OK.
  6. On the Alarm Rules tab, right-click the new rule and select Actions > Enable.

    Alarm rules list

    Enabling a rule

  7. Configure display of the alerts in the LogRhythm web console as described in section "Displaying alert events in LogRhythm".
Page top