Support

Support for business applications

Kaspersky CyberTrace

Installation and integration guides

Part 2: Integrating Kaspersky CyberTrace with an event source

Integration with ArcSight

Standard integration (ArcSight)

Integration schemes (ArcSight)
Kaspersky CyberTrace
Нет результатов
Online Help
FAQ System requirements Download Contact support Recovery tools Product videos

Integration schemes (ArcSight)

April 11, 2024

ID 167087

This section describes possible integration schemes of ArcSight products and Kaspersky CyberTrace.

About the components of the standard integration scheme

The following components are used in the integration schemes for ArcSight:

  • ArcSight ESM

    This SIEM solution is used in this integration.

    This component runs only on Linux.

  • Forwarding Connector

    This ArcSight component sends ArcSight events to Kaspersky CyberTrace Service.

    This component runs only on Linux.

  • Kaspersky CyberTrace Service

    This service matches ArcSight events against Kaspersky Threat Data Feeds.

  • SmartConnector

    This ArcSight component sends events generated by Kaspersky CyberTrace Service to ArcSight.

  • Security controls

    These are sources of the events for ArcSight, such as firewalls, proxies, intrusion detection systems, and other networking devices. Security controls can send events to ArcSight via any method supported by ArcSight.

ArcSight ESM, ArcSight Forwarding Connector, ArcSight SmartConnector, and Kaspersky CyberTrace Service can be installed on various servers according to the schemes described below. To reduce impact on performance, we recommend to install ArcSight ESM on a separate server without ArcSight Forwarding Connector, ArcSight SmartConnector, and Kaspersky CyberTrace Service".

The figures in the following sections show some of the possible integration schemes.

Two-computer installation (suggested integration)

The figure below depicts ArcSight ESM and Forwarding Connector installed on one computer; and Kaspersky CyberTrace Service and SmartConnector installed on another.

Two-computer installation scheme (suggested integration with ArcSight).

Two-computer installation (suggested integration)

Two-computer installation (second suggested integration)

The figure below depicts ArcSight ESM installed on one computer; and Forwarding Connector, Kaspersky CyberTrace Service, and SmartConnector installed on another. This scheme is applicable only if Kaspersky CyberTrace runs on Linux, otherwise, use another installation scheme.

Two-computer installation scheme (second suggested integration with ArcSight).

Two-computer installation (second suggested integration)

Two-computer installation (third suggested integration)

The figure below depicts Kaspersky CyberTrace Service installed on one computer; and SmartConnector, ArcSight ESM, and Forwarding Connector installed on another.

Two-computer installation scheme (third suggested integration with ArcSight).

Two-computer installation (third suggested integration)

Three-computer installation

The figure below depicts ArcSight ESM installed on one computer, Forwarding Connector installed on another, and Kaspersky CyberTrace Service and SmartConnector installed on still another.

Three-computer installation scheme (integration with ArcSight).

Three-computer installation

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.