About the default integration scheme
By default, Feed Service and Kaspersky Threat Feed App are configured to use the following integration scheme. This scheme is called the default integration scheme.
Default integration scheme
In the default integration scheme, Splunk and Feed Service are located on the same computer (IP address is 127.0.0.1). Kaspersky Threat Feed App takes input on port 3000 and forwards it to Feed Service on port 9999. Feed Service then returns matches to Kaspersky Threat Feed App on port 9998.
By default, all configuration files for Feed Service and Kaspersky Threat Feed App already contain parameters for the default integration scheme. For more information about changing the default integration scheme, see Changing the default integration scheme.
Default event format
By default, Kaspersky Threat Feed App and Feed Service are configured to receive events in a certain format:
- Feed Service parses events with regular expressions defined in its configuration file. These regular expressions are created for a specific format of inbound data. For example, the regular expression for URLs will match a string starting with
"url=". - The lookup script that comes with Kaspersky Threat Feed App sends events to Feed Service in a format that matches the regular expressions used by Feed Service.
For more information about changing the default event format, see Changing the default integration scheme.