Kaspersky CyberTrace supports a multi-tenant architecture that allows you to manage tenants. A tenant is a client-specific set of configuration parameters. By default, Kaspersky CyberTrace uses a General tenant that provides the overall settings. You can create or edit the tenants in Kaspersky CyberTrace Web by selecting the Settings tab, and then the Tenants tab.
On the Tenants tab, you can view information about the tenants that are used in Kaspersky CyberTrace and perform the following actions:
Adding tenants
To add a tenant:
The New tenant window opens.
You can select a SIEM supported by Kaspersky CyberTrace or a custom one (a non-supported SIEM).
This SIEM will be used in the tenant for sending events to Kaspersky CyberTrace.
Depending on the selected SIEM, Kaspersky CyberTrace will specify the sets of regular expressions, detection alerts formats, and service alerts formats that are used in integration with this SIEM.
For the full list of supported SIEMs, see subsection "Supported SIEMs" below.
Editing a tenant configuration
To edit a tenant configuration:
You cannot change the tenant name for the General tenant.
Deleting tenants
To delete a tenant:
Supported SIEMs
Kaspersky CyberTrace supports integration with several SIEMs. Thus, Kaspersky CyberTrace uses a number of preset settings for each SIEM, such as settings for parsing events and event format settings (for detection and service alerts).
The following SIEM solutions are supported: