Hardware and software requirements

This section lists the system requirements of Kaspersky CyberTrace.

Supported operating systems

Kaspersky CyberTrace can run on the following operating systems:

Dependencies for Linux

In Linux, Kaspersky CyberTrace has the following dependencies:

Software requirements for integrations with SIEM systems

When integrating with SIEM systems, Kaspersky CyberTrace has the following software requirements.

Software requirements for integrations with SIEM systems

SIEM system

Software requirements

Splunk

Splunk Enterprise 8.0.0 and later

The older versions are supported in Kaspersky CyberTrace 3.1.

ArcSight ESM

ArcSight ESM 6.8 to 7.0

ArcSight SmartConnector

ArcSight Forwarding Connector

QRadar

IBM QRadar v7.2.5 or later

RSA NetWitness

RSA NetWitness® 10.5, 10.6, 11.2, or 11.6.0

LogRhythm

LogRhythm 7.1.7 or later

AlienVault OSSIM

AlienVault OSSIM 5.7.5

For more information, see https://support.kaspersky.com/15161.

USM Anywhere

USM Anywhere 5.7.5

For more information, see https://support.kaspersky.com/15161.

FortiSIEM

FortiSIEM 5.2 or later

For more information, see https://support.kaspersky.com/15146.

Apache Kafka

Apache Kafka 2.4.0 or later

Python 2.7 or 3

This integration requires a special plug-in. For more information, contact intelligence@kaspersky.com.

ArcSight Event Broker

ArcSight Event Broker 2.2

Python 2.7 or 3

This integration requires a special plug-in. For more information, contact intelligence@kaspersky.com.

Elastic Stack (Elasticsearch, Logstash, and Kibana)

Logstash 7.2 or later

Java 8 or 11

This integration requires Kaspersky CyberTrace Plug-in for Logstash, which you can download for free. For more information, see https://support.kaspersky.com/15474.

McAfee ESM

McAfee ESM 9.6 to 11

For more information, contact intelligence@kaspersky.com.

Kaspersky Unified Monitoring and Analysis Platform (KUMA)

KUMA 1.0 and later

Integrations with other SIEM systems are available. For more information, see https://support.kaspersky.com/datafeeds.

Supported browsers

Kaspersky CyberTrace Web can be accessed by using the following web browsers (the latest versions):

CPU requirements

Requirements depend on your use case and the feeds that you use.

For example, when evaluating Kaspersky CyberTrace under a Community Edition license and with retrospective scan enabled, you need a quad-core processor.

For more information about requirements, please refer to the sizing guide.

Screen resolution requirements

Display that supports the following screen resolutions:

RAM and hard drive space requirements

Requirements depend on your use case and the feeds that you use.

For example, when evaluating Kaspersky CyberTrace under a Community Edition license and with retrospective scan enabled, you need 16 GB of RAM and about 470 GB of free disk space.

For more information about requirements, please refer to the sizing guide.

You can reduce hard drive space requirements if you disable the saving of detections alerts.

Kaspersky CyberTrace Web shows you a notification when the hard drive that Kaspersky CyberTrace is installed on is 90 percent full. The text of the notification is specified in the KL_ALERT_FreeSpaceEnds event. You can change this behavior by modifying the following settings in elasticsearch.yml:

Network requirements

Access

The computer on which Feed Utility runs must have access to the website https://wlinfo.kaspersky.com/.

The computer on which Kaspersky CyberTrace runs must have access to the computer with the SIEM system.

The computers of users who want to gain access to Kaspersky CyberTrace Web must have access to the address and port that Kaspersky CyberTrace uses for the web UI.

Bandwidth

Requirements depend on your use case and the feeds that you use.

For example, when evaluating Kaspersky CyberTrace under a Community Edition license and with retrospective scan enabled, you need a 1 Gbps network.

For more information about requirements, please refer to the sizing guide.

Page top