ServiceSettings

February 27, 2024

ID 198898

Defines settings for the Kaspersky CyberTrace Service process.

Path

ServiceSettings

Attributes

This element has no attributes.

Nested elements

This element is a container for the following nested elements:

  • Bases

    Specifies the path to the directory that contains feeds from Kaspersky. If a relative path is set, it is calculated relative to the directory that contains the service binary file.

    The Bases element is mandatory.

  • BasesBackup

    Specifies the path to the directory that contains backup version of feeds from Kaspersky. If a relative path is set, it is calculated relative to the directory that contains the service binary file.

    The BasesBackup element is mandatory.

  • BasesDownload

    Specifies the path to the directory that contains downloaded feeds from Kaspersky. If a relative path is set, it is calculated relative to the directory that contains the service binary file.

    The BasesDownload element is mandatory.

  • TemporaryDir

    The directory for temporary files.

    The TemporaryDir element is optional. If it is omitted, the default value is used.

    In Linux, the default value is /tmp.

    In Windows, the default value is %TEMP% (the current Windows user's temporary folder).

  • OutdatedBasesAlertPeriod

    The time interval in hours following the last feed update, after which a notification about an outdated feed is sent to the event target. To turn off notifications, set this parameter to 0. This setting is taken into account for every feed that has no outdated_alert_period attribute.

    The OutdatedBasesAlertPeriod element is optional. If it is omitted, the default value 0 is used.

  • ScannersCount

    The number of scanners. Every scanner handles a single TCP connection.

    When changing this configuration, specify one scanner in addition to the number of scanners needed for CyberTrace itself. This must be done for the health check mechanism.

    The ScannersCount element is optional. If it is omitted, the default value 9 is used.

    We recommend that you use the default value. If required, you can increase the default value. The maximum possible value is 20.

  • ScanningThreadsPerScanner

    The number of threads per scanner.

    The ScanningThreadsPerScanner element is optional. If it is omitted, the default value 8 is used.

  • EventSendingRetriesCount

    Number of times Kaspersky CyberTrace Service tries to resend a detection event to a SIEM solution if the first attempt at sending fails. If the value of EventSendingRetriesCount is 0, Kaspersky CyberTrace Service sends each detection event one time and does not attempt to resend it.

    Maximum possible value is 10. The preset value is 3.

    The EventSendingRetriesCount element is mandatory.

  • EventSendingRetriesTimеout

    Time interval between attempts made by Kaspersky CyberTrace Service to resend a detection event to a SIEM solution, in seconds. Maximum possible value is 60.

    The EventSendingRetriesTimеout element is mandatory.

    The preset value is 10.

  • FeedsRollbackEnabled

    Specifies if feeds rollback is enabled or disabled.

    If feeds rollback is enabled, feeds are rolled back when Kaspersky CyberTrace fails to upload new indicators into the Matching engine after feeds are updated. Kaspersky CyberTrace removes new indicators from the database and uses the previous feeds.

    Possible values:

    • true — feeds rollback is enabled.
    • false — feeds rollback is disabled.

    Kaspersky CyberTrace reads FeedsRollbackEnabled only during initialization and does not reread it after.

    By default, there is no FeedsRollbackEnabled element in the configuration file. If this element is missing, feeds rollback is enabled.

Example

The following is an example of this element.

<ServiceSettings>

<Bases>../feeds</Bases>

<BasesBackup>../feeds/backup</BasesBackup>

<BasesDownload>../feeds/download</BasesDownload>

<TemporaryDir>/tmp</TemporaryDir>

<OutdatedBasesAlertPeriod>120</OutdatedBasesAlertPeriod>

<ScannersCount>9</ScannersCount>

<ScanningThreadsPerScanner>8</ScanningThreadsPerScanner>

<EventSendingRetriesCount>3</EventSendingRetriesCount>

<EventSendingRetriesTimеout>10</EventSendingRetriesTimеout>

<FeedsRollbackEnabled>true</FeedsRollbackEnabled>

</ServiceSettings>

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.