This section describes how to create an event search.
To create an event search:
New search
MD5 (custom)
, SHA1 (custom)
, SHA256 (custom)
, URL (custom)
, IP (custom)
from the Available Columns to the Columns list.
Defining columns
KL_Threat_Feed_Service_v2
as the log source:Log Source [Indexed]
.Equals
.KL_Threat_Feed_Service_v2
.The selection KL_Threat_Feed_Service_v2
is the log source name that is set in the OutputSettings > EventFormat
element and the OutputSettings > AlertFormat
element of the Feed Service configuration file (you can also set them by using Kaspersky CyberTrace Web).
The Log Source is KL_Threat_Feed_Service_v2
string will be added to the Current Filters list.
Setting the log source
Save Criteria button
Saving criteria