Retrospective scan settings
Kaspersky CyberTrace allows you to save events potentially containing undetected indicators, perform a retrospective scan of these events according to the indicators from the updated feeds, and then view retrospective scan results. This section explains how to configure Kaspersky CyberTrace for using the retrospective scan.
The Retrospective scanning tab allows you to do the following:
- Enable or disable the retrospective scan.
- View the current size of saved events.
- Remove saved events.
Saved events cannot be removed when the retrospective scan is in progress. If you want to disable the retrospective scan and removed the saved events, you must wait until the current retroscan task is finished.
Retrospective scanning tab
- On the General settings tab, manage the following settings:
- Set the frequency of the scheduled retrospective scan task or disable the scan on schedule. If 1 month is selected, retrospective scan starts every 30 days.
- Enable or disable the size limit for events that must be saved for the retrospective scan.
- Set the maximum size of events (in gigabytes) that must be saved for the retrospective scan.
- Set how long (in days) the events used for the retrospective scan must be stored.
- Set how long (in days) the results of the retrospective scan must be stored.
General settings tab
- On the Feeds used in retroscan tab, enable or disable feeds that must be used in the retrospective scan.
Feeds used in retroscan tab
- On the Fields saved for retroscan tab, configure the following settings:
- Enable or disable saving events related to a specific tenant for use in the retrospective scan.
If you exclude a tenant from the retrospective scan, the regular expressions contained in this tenant become unavailable for selection.
- Select regular expressions contained in a tenant for use in the retrospective scan.
You must select at least one regular expression.
Fields saved for retroscan tab
- Enable or disable saving events related to a specific tenant for use in the retrospective scan.
Service alerts related to retrospective scanning
Kaspersky CyberTrace generates the following service alerts to inform you about retrospective scan process:
KL_ALERT_RetroScanCompletedKL_ALERT_RetroScanErrorKL_ALERT_RetroScanStorageExceeded
For details about the above alerts, see the "Alert events sent by Kaspersky CyberTrace" section.
Page top