Kaspersky CyberTrace Matches dashboard

February 27, 2024

ID 171416

The Kaspersky CyberTrace Matches dashboard provides information about URLs, IP addresses, and hashes from events that match Kaspersky Threat Data Feeds, together with statistical information and a log of matches.

Kaspersky CyberTrace Matches dashboard in Splunk.

Kaspersky CyberTrace Matches dashboard

Top 10 panels in Kaspersky CyberTrace Matches dashboard in Splunk.

Top 10 panels

Match log panel in Splunk.

Match log panel

There is a time range picker and several panels on this dashboard:

  • Time range picker

    You can use it to select a time range for the displayed information.

  • Total number of matches

    This panel displays a chart of the total number of detections per all feeds used by Kaspersky CyberTrace Service.

  • Matches by the eventName field

    This panel displays a table with the number of threats for each category.

  • Top 10 matched hashes

    This panel displays a bar chart of 10 hashes most frequently encountered in detections.

  • Top 10 matched IPs / URLs

    This panel displays bar charts of 10 IP addresses and URLs most frequently encountered in detections.

  • Top 10 matched TOR / malware / spam IPs

    This panel displays the list of 10 malicious IP addresses, IP addresses of Tor® exit nodes, and spam IP addresses that are most frequently encountered in detections.

  • Location of matched IPs

    This panel displays a map with the locations of detected IP addresses.

  • Match log

    This panel displays a table with a log of all detections, including actionable context for each detection. The actionable context fields below will be displayed. These are fields that you can add to outgoing events separately from the context of feed records.

    • First_seen
    • Last_seen
    • Popularity
    • Threat
    • Publication name
    • Industry
    • Threat_score
    • File_size
    • Behavior

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.