Integrating CyberTrace indicator search

To integrate CyberTrace indicator search:

  1. Configure CyberTrace to receive and process KUMA requests.

    You can configure the integration with KUMA immediately after installing CyberTrace in the Quick Start Wizard or later in the CyberTrace web interface.

  2. Create an event enrichment rule in KUMA.

    In the enrichment rule, you can specify which data from CyberTrace you want to enrich the event with. We recommend selecting cybertrace-http as the source kind.

  3. Create a collector to receive events that you want to enrich with CyberTrace data.
  4. Link the enrichment rule to the collector.
  5. Save and create the service:
    • If you linked the rule to a new collector, click Save and create, copy the collector ID in the opened window and use the copied ID to install the collector on the server using the command line interface.
    • If you linked the rule to an existing collector, click Save and restart services to apply the settings.

    The configuration of the integration of CyberTrace indicator search is complete and KUMA events will be enriched with CyberTrace data.

Example of testing CyberTrace data enrichment.

In this section

Configuring CyberTrace to receive and process requests

Creating event Enrichment rules

Page top