About the single-instance integration scheme

By default, both Kaspersky CyberTrace Service and Kaspersky CyberTrace App use the following integration scheme. This scheme is the single-instance integration scheme.

About apps and services

The single instance integration scheme uses one app and one service:

Single-instance integration scheme

In the single-instance integration scheme, Splunk Apps and Kaspersky CyberTrace Service work on the same computer by default (IP address is 127.0.0.1). Kaspersky CyberTrace App receives input on port 3000 and forwards it to Kaspersky CyberTrace Service on port 9999. Kaspersky CyberTrace Service then returns matches to Kaspersky CyberTrace App on port 9998.

If you want to install Kaspersky CyberTrace Service on a separate computer, you must specify addresses and ports used by Kaspersky CyberTrace Service and Kaspersky CyberTrace App when installing Kaspersky CyberTrace.

Diagram of single-instance integration with Splunk.

Single-instance integration scheme

Event format

By default, Kaspersky CyberTrace App and Kaspersky CyberTrace Service receive events in a certain format:

Page top