General settings of a tenant

You can manage the general settings for a particular tenant in the Kaspersky CyberTrace web user interface on the SettingsGeneral page. To access this page, you need to switch to the Data management mode.

To edit the general settings of a tenant:

  1. Specify a name for the tenant in the Tenant name field.

    The tenant name must be 1 to 64 characters long. It can contain Latin letters, digits, special characters (" ', . @ # $ % & * № / \), or space characters.

    You cannot change the name of the General tenant.

  2. Specify a description for this tenant in the Description field.

    The tenant description must be 0 to 2048 characters long. It can contain Latin letters, digits, special characters (" ', . @ # $ % & * № / \), space characters, or line breaks.

  3. Under Tenant EPS limit, configure the events per second (EPS) limit of the tenant:
    1. Enable the toggle switch.
    2. In EPS limit, enter the required EPS limit value.

    When the EPS value is close to the threshold, a warning is displayed in the web interface, and generates a warning alert. When the limit is exceeded within a tenant, the traffic for this tenant is dropped in excess of the limit, a warning is also displayed, and generates a warning alert. If the tenant EPS is not limited, this may affect other tenants (if any).

  4. Under Incoming events, define the parameters of the socket specific for the tenant that Kaspersky CyberTrace will use to listen to incoming events:
    1. Select the type of connection that you want to use: IP address and port or UNIX socket.
    2. Depending on the type of connection, do one of the following:
      • In the IP address and Port fields, specify an IP address and port.
      • In the UNIX socket field, specify a UNIX™ socket.
  5. Under Detection alerts, specify an IP address and port specific for the tenant that Kaspersky CyberTrace will use for outgoing alerts about detections.
  6. Under Service alerts, define the settings of sending service alerts that inform another software (for example, a SIEM system) about the state of the tenant:
    1. Enable the toggle switch.
    2. In IP address and Port, specify the parameters of the server to which you want to send service alerts.

      By default, the IP address is set to 127.0.0.1 and the port is set to 9999.

      You can use an IPv6 address to send service alerts.

  7. Under API lookup, enable this function, if you want to save indicator-related detections and collect statistics on indicators received via public API lookup method.

    By default, this function is enabled.

  8. Click the Save button to save the changes.

Updates to the general settings of the tenant are saved.

Resetting statistics

This action clears the Dashboard of all the detection statistics related to a tenant. Only users with the Administrator role can perform this operation.

We recommend performing this operation after successfully integrating Kaspersky CyberTrace with a SIEM system. This means the dashboard will not display any detection alerts generated during the verification test and will only contain real detection alerts, if there are any.

To reset statistics of a tenant:

  1. Click the Arc with arrow icon. (Reset statistics) button on the SettingsGeneral page.
  2. In the confirmation window that opens, click the Reset button.

The statistics of the tenant are reset.

Page top