Step 1. Adding a Custom Log Source type
This section describes how you can add the Kaspersky CyberTrace log source type to LogRhythm.
To add the Kaspersky CyberTrace log source type to LogRhythm:
- Run LogRhythm Console.
- Select Deployment Manager > Tools > Knowledge > Log Source Type Manager.
The Log Source Type Manager window opens.
Log Source Type Manager window
- Click the New button (
). - In the Log Source Type Properties window that opens, enter the following data:
Field
Data
Name
Kaspersky CyberTrace
Full Name
Kaspersky CyberTrace
Abbreviation
CyberTrace
Log Format
Syslog
Brief Description
Kaspersky CyberTrace is an application set that allows you to check URLs, IP addresses, and hashes of files contained in events that arrive in a SIEM.
Log Source Type Properties window
We also recommend specifying a source name in the Name field, as described in the table above. Otherwise, importing Kaspersky CyberTrace rules and events will be performed incorrectly. In this case, you must add Kaspersky CyberTrace events and corresponding MPE rules manually, as described in step 3 and step 4 (make sure to specify the log source name similar to the name that you entered in the Log Source Type Properties window).
- Click OK.
The new log source type will appear in the Log Source Type Manager window.
- Make a note of the value in the Log Source Type ID column. You will need it further in step 2 for importing Kaspersky CyberTrace rules and events.
Kaspersky CyberTrace log source type