Step 1. Adding a Custom Log Source type

This section describes how you can add the Kaspersky CyberTrace log source type to LogRhythm.

To add the Kaspersky CyberTrace log source type to LogRhythm:

  1. Run LogRhythm Console.
  2. Select Deployment Manager > Tools > Knowledge > Log Source Type Manager.

    The Log Source Type Manager window opens.

    01

    Log Source Type Manager window

  3. Click the New button ().
  4. In the Log Source Type Properties window that opens, enter the following data:

    Field

    Data

    Name

    Kaspersky CyberTrace

    Full Name

    Kaspersky CyberTrace

    Abbreviation

    CyberTrace

    Log Format

    Syslog

    Brief Description

    Kaspersky CyberTrace is an application set that allows you to check URLs, IP addresses, and hashes of files contained in events that arrive in a SIEM.

    Log Source Type Properties window

    We also recommend specifying a source name in the Name field, as described in the table above. Otherwise, importing Kaspersky CyberTrace rules and events will be performed incorrectly. In this case, you must add Kaspersky CyberTrace events and corresponding MPE rules manually, as described in step 3 and step 4 (make sure to specify the log source name similar to the name that you entered in the Log Source Type Properties window).

  5. Click OK.

    The new log source type will appear in the Log Source Type Manager window.

  6. Make a note of the value in the Log Source Type ID column. You will need it further in step 2 for importing Kaspersky CyberTrace rules and events.

    logrhythm_log_source_type_CT

    Kaspersky CyberTrace log source type

Page top