The Kaspersky CyberTrace distribution kit contains the CyberTrace_Rules.zip file in the integration/rsa/additional_elements
directory. This file contains a set of rules, which you can use to create reports, alerts, and dashboards.
To import the Kaspersky CyberTrace Service rules to RSA NetWitness:
In RSA NetWitness 11, you select Monitor > Reports instead.
Importing rules
If you import the CyberTrace_Rules.zip file for the first time, you may leave these check boxes cleared.
Importing Kaspersky CyberTrace Service rules
The rules imported to RSA NetWitness are listed in the table below.
Rule |
Description |
CyberTrace Detect Botnet |
Selects those detection events from Kaspersky CyberTrace Service that have the Botnet category. The following fields are selected:
|
CyberTrace Detect Malware Hash |
Selects hash detection events from Kaspersky CyberTrace Service. The following fields are selected:
|
CyberTrace Detect Malware IP |
Selects IP address detection events from Kaspersky CyberTrace Service. The following fields are selected:
|
CyberTrace Detect Malware URL |
Selects URL detection events from Kaspersky CyberTrace Service. The following fields are selected:
|
CyberTrace Detect Stat |
Selects all the categories involved in the detection process. The following fields are selected:
|
CyberTrace Service events |
Selects service events from Kaspersky CyberTrace Service. The following fields are selected:
|
CyberTrace Top 10 IP |
Selects Top 10 detected IP addresses. The following fields are selected:
|
CyberTrace Top 10 URL |
Selects Top 10 detected URLs. The following fields are selected:
|
CyberTrace Top 10 Hash |
Selects Top 10 detected hashes. The following fields are selected:
|
CyberTrace Detected users |
Calculates the number of detection events per user. |