Upgrading Kaspersky CyberTrace integration (LogRhythm)

This section describes how to finish the integration of Kaspersky CyberTrace with LogRhythm after upgrading Kaspersky CyberTrace.

Finishing the integration of Kaspersky CyberTrace with LogRhythm consists of the following steps:

Adding new events

To add new events to LogRhythm:

Add the required categories and alert events automatically or manually (as described in sections "Step 3 (optional). Adding Kaspersky CyberTrace events" and "Step 4 (optional). Adding Kaspersky CyberTrace rules").

Removing obsolete events

To remove obsolete events from LogRhythm:

  1. Run LogRhythm Console.
  2. Select Deployment Manager > Tools > Knowledge > MPE Rule Builder.

    The Rule Builder form opens.

  3. Click the Open rule library (Open rule library button in LogRhythm.) button.
  4. For each obsolete event, perform the following:
    1. Double-click the rule you want to retire.

      A preview window for the rule opens.

    2. Click the Retire rule (Retire rule button (white cross on a red background).) button.
    3. In the Verify Retire window, click Yes.

    Verify Retire window in LogRhythm.

    Verify Retire window

Page top