Kaspersky CyberTrace App for Splunk comes with several alert templates that you can use and customize from the Alerts dashboard.
Alert templates and triggers
Following alert templates are available:
This alert is triggered if there were threats detected in the past 24 hours when matching with Kaspersky Threat Data Feeds.
This alert is triggered if there were no threats detected in the past 24 hours when matching with Kaspersky Threat Data Feeds.
This alert is triggered if there were 5000 threats detected in the course of 1 minute when matching with Kaspersky Threat Data Feeds.
This alert is triggered if Kaspersky CyberTrace Service is unavailable.
This alert contains the date when the alert was generated followed by a timestamp in the UNIX time format.
This alert is triggered when Kaspersky CyberTrace Service is started.
This alert contains the date when the alert was generated followed by a timestamp in the UNIX time format.
Alert actions
By default, the Add to Triggered Alerts
action is defined for all alerts. As an option, you can add a "Send email" action so that Splunk will send an email message to the email address specified for the action.