Step 5. Adding Kaspersky CyberTrace policy

This section describes how you can add a Kaspersky CyberTrace policy to LogRhythm.

To add a Kaspersky CyberTrace policy to LogRhythm:

  1. Run LogRhythm Console.
  2. Select Deployment Manager > Log Processing Policies.
  3. Click the New button (Create a new rule (plus) icon in LogRhythm.).

    The Log Source Type Selector window opens.

    Log Source Type Selector window in LogRhythm.

    Log Source Type Selector window

  4. In the Log Source Type list, select Kaspersky CyberTrace.
  5. Click OK.
  6. In the MPE Policy Editor window that opens, in the Name field, type the policy name (CyberTrace Policy).

    MPE Policy Editor window in LogRhythm.

    MPE Policy Editor window

  7. On the Rules tab, edit the properties of the Kaspersky CyberTrace events:
    1. Select all the check boxes for every event.
    2. Right-click in the table and select Properties.

    The MPE Policy Rule Editor window opens.

    MPE Policy Rule Editor window in LogRhythm.

    MPE Policy Rule Editor window

  8. In the MPE Policy Rule Editor window, select the Enabled check box but make no changes to the other check boxes.
  9. Click OK.
Page top