Service settings

You can manage the general service settings in the Kaspersky CyberTrace web user interface on the Settings → Service page. To access this page, you need to switch to the System management mode. This mode is accessible only to users with the Administrator role.

The Service page displays the Kaspersky CyberTrace Service status. This page allows you to edit the settings stored in the kl_feed_util.conf and kl_feed_service_log.conf configuration files. You can also perform a number of actions.

Kaspersky CyberTrace Service status

The Kaspersky CyberTrace Service status, which can be one of the following:

• Kaspersky CyberTrace Service is running
• Kaspersky CyberTrace Service is starting
• Kaspersky CyberTrace Service has stopped

  This status specifies that indicators are loading into the database and being indexed. Until all indicators are processed, the Indicators tab may contain partially outdated information, and a search for data that is being updated may not be performed correctly. However, the process of matching incoming events is performed based on the actual data and the Kaspersky CyberTrace Web page with detailed information about indicators displays up-to-date data.

Connection settings

On the Connection tab of the Service page, define the following settings:

1. Under System EPS limit, configure the overall events per second (EPS) limit of the system:
   1. Enable the toggle switch.
   2. In EPS limit, enter the required EPS limit value.

   If the system EPS limit is defined in the license, it cannot be modified in Kaspersky CyberTrace Web.

   If the overall EPS is not limited, this may cause unexpected performance degradation of the system.

2. Under Service alerts, define the settings of sending service alerts that inform another software (for example, a SIEM system) about the state of Kaspersky CyberTrace Service by doing the following:
   1. Enable the toggle switch.
   2. In IP address and Port, specify the parameters of the server to which you want to send service alerts.

      By default, the IP address is set to 127.0.0.1 and the port is set to 9999.

      You can use an IPv6 address to send service alerts.

   These settings are stored in the OutputSettings > AlertConnectionString element of the kl_feed_service.conf file.

3. Under Web interface, specify the IP address or host name that you use to connect to Kaspersky CyberTrace Web. This is the IP address or host name of the server where Kaspersky CyberTrace is installed and is used, for example, to download indicators export reports.

   You can use an IPv6 address as a web interface address.

   This setting is stored in the ResourcesIP element of the kl_feed_service.conf file.

   By default, the value is 127.0.0.1.

Proxy settings

On the Proxy server tab of the Service page, define the following settings:

1. Enable the Use proxy server toggle switch.
2. In the IP address or host name field, specify a proxy server IP address or host name.

   This setting is stored in the Host element of the kl_feed_util.conf file.

3. In the Port field, specify a proxy server port.

   This setting is stored in the Port element of the kl_feed_util.conf file.

4. If gaining access to the proxy server requires credentials, do the following:
   1. Enable the Use proxy credentials toggle switch.
   2. In the User name field, specify a user name to access the proxy server.

      This setting is stored encrypted in the User element of the kl_feed_util.conf file.

   3. In the Password field, specify a password to access the proxy server.

      This setting is stored encrypted in the Password element of the kl_feed_util.conf file.

   You can use an IPv6 address for a proxy server.

Available actions

On the Service page, you can do the following:

• Restart service
• Export configuration files

  You can export the kl_feed_service.conf and kl_feed_util.conf configuration files to a directory that you choose.

• Run self-test

  You can verify that the Kaspersky Threat Data Feeds that you use works correctly.

  Run the self-test before editing any filtering rules for a feed, via the Settings → Feeds page.

  If the verification test (self-test) yields incorrect results (that is, if a feed that is expected to produce detections produces none), see possible solutions for this problem in the general troubleshooting section. If the problem persists, contact intelligence@kaspersky.com.

• Reset statistics

  Clears the Dashboard of all the statistics.

  It is recommended to perform this operation after successfully integrating Kaspersky CyberTrace with a SIEM system. In doing so, the dashboard will not display any detection alerts generated during the verification test and will only contain real detection alerts, if there are any.

Page top