- Kaspersky CyberTrace Help
- About Kaspersky CyberTrace
- Installation and integration guides
- Installation and integration overview
- Hardware and software requirements
- Distribution kit contents
- Part 1: Installing Kaspersky CyberTrace
- Part 2: Integrating Kaspersky CyberTrace with an event source
- Integration with Kaspersky Unified Monitoring and Analysis Platform
- Integration with Splunk
- Integration schemes in general (Splunk)
- Single-instance integration (Splunk)
- About the single-instance integration scheme
- Step 1. Installing Kaspersky CyberTrace App (single-instance deployment)
- Step 2 (optional). Configuring Kaspersky CyberTrace App (single-instance deployment)
- Step 3 (optional). Configuring the lookup script (single-instance deployment)
- Step 4. Performing the verification test (Splunk, single-instance integration)
- Distributed integration scheme (Splunk)
- About the distributed integration scheme
- Step 1. Installing Forwarder and Search Head apps
- Step 2. Configuring Forwarder and Search Head apps (distributed deployment)
- Step 3 (optional). Configuring the lookup script (distributed deployment)
- Step 4. Performing the verification test (Splunk, distributed integration)
- Integration with ArcSight
- About integration in general (ArcSight)
- Before you begin (ArcSight)
- Standard integration (ArcSight)
- Integration schemes (ArcSight)
- Step 1. Importing the ARB package
- Step 2. Installing ArcSight Forwarding Connector
- Step 2 (alternative). Installing ArcSight Forwarding Connector by using the console
- Step 3. Configuring Kaspersky CyberTrace for interaction with ArcSight
- Step 4. Performing the verification test (ArcSight)
- Specifying custom ArcSight user in ArcSight Forwarding Connector settings
- Integration with QRadar
- Standard integration (QRadar)
- About the standard integration scheme (QRadar)
- Step 1. Configuring QRadar to receive latest updates
- Step 2. Sending a set of events to QRadar
- Step 3. Forwarding events from QRadar to Kaspersky CyberTrace Service
- Step 4. Performing the verification test (QRadar)
- Step 5. Retrieving custom event properties
- Step 6. Creating a search filter for Kaspersky CyberTrace events
- Step 7 (optional). Displaying events in a dashboard
- Step 8 (optional). Creating notifications about incoming service events
- Step 9 (optional). Installing Kaspersky CyberTrace App for QRadar
- Step 10 (optional). Enabling the indexes of the added custom event properties
- Step 11 (optional). Configuring Kaspersky CyberTrace App for QRadar
- Alternative integration (QRadar)
- Standard integration (QRadar)
- Integration with RSA NetWitness
- Integration steps (RSA NetWitness)
- Before you begin (RSA NetWitness)
- Standard integration (RSA NetWitness)
- About the standard integration scheme (RSA NetWitness)
- Step 1. Forwarding events from RSA NetWitness
- Step 2. Sending events from Kaspersky CyberTrace Service to RSA NetWitness
- Step 3 (optional). Importing a meta group for browsing fields filled by Kaspersky CyberTrace Service
- Step 4 (optional). Importing Kaspersky CyberTrace Service rules to RSA NetWitness
- Step 5 (optional). Importing a preconfigured report to RSA NetWitness
- Step 6 (optional). Importing preconfigured charts and a dashboard to RSA NetWitness
- Step 7. Performing the verification test (RSA NetWitness)
- Integration with LogRhythm
- Step 1. Adding a Custom Log Source type
- Step 2. Importing Kaspersky CyberTrace rules and events
- Step 3 (optional). Adding Kaspersky CyberTrace events
- Step 4 (optional). Adding Kaspersky CyberTrace rules
- Step 5. Adding Kaspersky CyberTrace policy
- Step 6. Adding a log source to System Monitor Agent
- Step 7. Configuring log forwarding to Kaspersky CyberTrace
- Step 8. Performing the verification test
- Step 9 (optional). Creating alerts about incoming Kaspersky CyberTrace service events
- Step 10 (optional). Displaying service alerts in LogRhythm
- Integrating with other solutions
- Extra integration scenarios
- User guides
- Using Kaspersky CyberTrace Web
- Application for Splunk
- Application for QRadar
- Working with events in ArcSight
- Working with events in RSA NetWitness
- Log Scanner Guide
- Administrator guides
- Managing Kaspersky CyberTrace Web
- Working with default credentials
- Service settings
- Feeds settings
- Importing a certificate for Kaspersky Threat Data Feeds
- Specifying the feeds update period
- Enabling and disabling feeds
- Selecting available fields for a feed
- Adding actionable fields to a feed
- Specifying filtering rules for a feed
- Truncating a feed
- Specifying a retention period for feed records
- Launching a feeds update manually
- About custom, third-party, and Kaspersky feeds
- Adding a custom or third-party feed
- Configuring a custom or third-party feed
- Managing false positives
- Managing tags
- Matching process settings
- Detections storage settings
- Event format settings
- User settings
- Logging settings
- Licensing settings
- Tenants settings
- Indicators export settings
- Retrospective scan settings
- Kaspersky CyberTrace Web notifications
- Kaspersky CyberTrace Service Guide
- About Kaspersky CyberTrace Service
- Managing Kaspersky CyberTrace Service
- Kaspersky CyberTrace Service configuration reference
- Enabling differential feeds
- Kaspersky CyberTrace Service logging
- About resending detection alerts
- Kaspersky CyberTrace Service in ReplyBack mode
- Features of event processing by Kaspersky CyberTrace Service
- Limitations on Kaspersky CyberTrace Service incoming events
- Extending detection categories
- Feed Utility guide
- Using Kaspersky CyberTrace in High Availability mode
- Using Password Utility
- Choosing the best feeds for your environment
- Upgrading and managing the installation
- Managing the installation on Linux systems
- Managing the installation on Windows systems
- Upgrading Kaspersky CyberTrace from a previous version
- About the upgrade process
- Upgrading automatically on Linux
- Upgrading automatically on Windows
- Upgrading Kaspersky CyberTrace integration (QRadar)
- Upgrading Kaspersky CyberTrace integration (Splunk)
- Upgrading Kaspersky CyberTrace integration (ArcSight)
- Upgrading Kaspersky CyberTrace integration (RSA)
- Upgrading Kaspersky CyberTrace integration (LogRhythm)
- Uninstalling Kaspersky CyberTrace
- Adding self-signed SSL certificates for Kaspersky CyberTrace Web
- Kaspersky Threat Intelligence Portal access token
- VirusTotal plug-in access token
- Testing the connection with Kaspersky CyberTrace Service and the availability of feeds
- Managing Kaspersky CyberTrace Web
- Developer guides
- REST API reference
- Troubleshooting
- Risk mitigation
- How to get technical support
- Information about third-party code
- Trademark notices
User guides > Using Kaspersky CyberTrace Web > Working with indicators > Browsing detailed information about indicators
Browsing detailed information about indicators
Browsing detailed information about indicators
You can learn more about the indicators from the table by clicking the indicator that you want. You will go to a page that will provide you with the following information:
- Type of the requested indicator
The indicator can be one of several types (for example, IP and URL).
- Value of the requested indicator
- List of event sources that are associated with the requested indicator
- Mark indicating whether the requested indicator belongs to the FalsePositive supplier
- Date and time when the requested indicator was added
- Date and time of the latest indicator update
- Link to information about the indicator on Kaspersky Threat Intelligence Portal
- Link to the Kaspersky CyberTrace Web page that displays detection events
You can find the list of detection categories in the "Viewing detections" section.
- List of tags assigned to the indicator
On this page you can perform the following actions:
- Delete the indicator
- Add information related to the InternalTI supplier, including adding or changing context information and summary
An indicator can be one of several types. In this case, you will be asked which type of indicator to add to the Internal TI list.
- Mark the indicator as a false positive or delete the indicator from the list of false positives
An indicator can be one of several types. In this case, you will be asked which type of indicator to mark as a false positive or delete from the list of false positives.
- Enable or disable a flag that indicates whether to generate detection events when the matching process is complete
- Assign or remove tags
- Add or delete comments related to the indicator
Article ID: 203347, Last review: Feb 20, 2025