Service alerts settings
Service alerts are outgoing alerts that inform the event target software (for example, the SIEM system) about the status of Kaspersky CyberTrace Service.
You can manage the settings of service alerts in the Kaspersky CyberTrace web user interface Settings → Service alerts page. To access this page, you need to switch to the System management mode. This mode is accessible only to users with the Administrator role.
The Settings → Service alerts page
On the Service alerts page, you can specify the formats of service alerts and record context.
We do not recommend changing the format of alerts manually. Instead, select the check boxes with the patterns that you want to use in the alerts, and Kaspersky CyberTrace will update the format automatically.
This page has the following text fields:
- Format of service alerts—Specify the format for outgoing alerts.
- Format of records context—Specify the format in which the names and values of the feed fields are inserted into outgoing alerts.
Setting event and alert formats for specific SIEM systems
The correct format of events and detection alerts depends on your SIEM system. If you change the format of events or alerts in Kaspersky CyberTrace, you may also need to update your integration with the SIEM system.
- For ArcSight, you may need to update the event formats and actionable fields.
- For QRadar, you may need to add parsing for new fields.
- For RSA NetWitness, you may need to specify how new fields are parsed (see also RSA NetWitness troubleshooting).
- For LogRhythm, you may need to specify how new fields are parsed.