This section describes service alerts that can be generated by Kaspersky CyberTrace.
KL_ALERT_ConfigurationUpdated
This alert is generated if Kaspersky CyberTrace Service has reloaded the configuration file.
This alert has no context fields.
KL_ALERT_FeedBecameAvailable
This alert is generated if a feed that can be used with the current certificate has become available.
This alert has the following field:
Feed name.
KL_ALERT_FeedBecameUnavailable
This alert is generated if a feed that is being used with the current certificate has become unavailable.
This alert has the following context field:
Feed name.
KL_ALERT_OutdatedFeed
This alert is generated if a feed has not been updated during the specified period.
This alert has the following context field:
Feed name.
KL_ALERT_ServiceUnavailable
This alert is generated when the watchdog module has detected that Kaspersky CyberTrace Service has crashed or frozen.
This alert has no context fields.
KL_ALERT_ServiceStopped
This alert is generated when Kaspersky CyberTrace Service is stopped successfully.
This alert has no context fields.
KL_ALERT_ServiceStarted
This alert is generated when Kaspersky CyberTrace Service is started successfully.
This alert has no context fields.
KL_ALERT_UpdatedFeed
This alert is generated when a feed is updated and loaded by Kaspersky CyberTrace Service. This means that new indicators from the feed can be used in the matching process. Please note that the indicators may be added to the database later, as they are loaded asynchronously.
This alert has the following context fields:
Feed name.
The number of records loaded from the feed.
KL_ALERT_FailedToUpdateFeed
This alert is generated when Kaspersky CyberTrace Service fails to load a new feed (for example, due to the limitation on the number of indicators that are imposed by the license key) and continues using an old feed.
This alert has the following context fields:
Feed name.
Error message from Feed Utility or the text "Error while applying feed <FeedName>".
KL_ALERT_LicenseExpires
This alert is generated to inform you that the license key that is being used will soon expire.
If the license key was added via a key file, the alert informs you that the license key will expire in less than 30 days; if the license key was added via an activation code, the alert informs you that the license key will expire in 10 days.
This alert has the following context fields:
Name of the license key.
Expiration date of the license key.
KL_ALERT_LicenseExpired
This alert is generated when a current license key has expired.
This alert has the following context fields:
Name of the license key.
Expiration date of the license key.
KL_ALERT_EPSLimitExceeded
This alert is generated when the hourly system EPS exceeds the system EPS limit.
This alert is sent only when the commercial license key is used. This alert is not generated for the Community Edition licensing level.
The alert is sent no more than once in 60 minutes.
After the alert is generated, Kaspersky CyberTrace continues to receive and process events.
This alert has the following context fields:
Average system EPS at the moment when the limit has been exceeded.
System EPS limit.
KL_ALERT_EPSHardLimit
This alert is generated when the hourly system EPS has exceeded the system EPS limit more than 30 percent of the time over the last 7 days.
After the alert is generated, Kaspersky CyberTrace receives the events that are beyond the system EPS limit, but does not process them.
This alert has the following context fields:
System EPS limit.
KL_ALERT_LicenseChanged
This alert is generated when Kaspersky CyberTrace starts using another license key or licensing level.
This alert has the following context fields:
Name of the license key.
Expiration date of the license key.
KL_ALERT_RetroScanCompleted
This alert is generated when the retrospective scan task succeeded.
This alert has the following context fields:
Number of scanned indicators.
Number of detected indicators.
Link to the result of the retrospective scan.
This field is absent if the value of the iocs_detected field is 0.
KL_ALERT_RetroScanError
This alert is generated when the retrospective scan task failed.
This alert has the following context field:
Short text error description.
KL_ALERT_RetroScanStorageExceeded
This alert is generated when the limit on the size of the saved events has been exceeded.
This alert has the following context field:
Limit on the size of the saved events, in megabytes.
KL_ALERT_FreeSpaceEnds
This alert is generated when the available disk space becomes low.
This alert has the following context field:
Amount of disk space that is still available for the indicator database.
The alert has the following format: "Free space left: %FreeSpace% Mb", where %FreeSpace% is the remaining number of MB available for the indicator database.
KL_ALERT_IndicatorsStoreLimitExceeded
This alert is generated when the limit on the size of the saved indicators has been exceeded.
This alert has the following context fields:
Current number of indicators.
Limit on the number of indicators that is imposed by the license key.
KL_ALERT_DetectsStorageExceeded
This alert is generated when the limit on the size of the saved detection alerts has been exceeded.
This alert has the following context field:
Limit on the size of the saved detection alerts, in megabytes.
KL_ALERT_IndicatorsStoreHardLimit
This alert is generated when Kaspersky CyberTrace limits adding and updating of indicators.
This alert has the following context fields:
Limit on the number of indicators that are imposed by the license key.
Message that new indicators cannot be added to the database due to the limitation on the number of indicators that is imposed by the license key.