Browsing events from Kaspersky CyberTrace in AlienVault USM / OSSIM
April 11, 2024
ID 183923
This section describes how to browse events from Kaspersky CyberTrace in AlienVault USM / OSSIM.
To browse events from Kaspersky CyberTrace in the AlienVault USM / OSSIM web interface:
- In a browser, open the AlienVault USM / OSSIM web interface.
- Select Analysis > Security events (SIEM).
- In the Data Sources drop-down list, select Kaspersky CyberTrace.
AlienVault USM / OSSIM displays events received from Kaspersky CyberTrace.
Events received from Kaspersky CyberTrace
AlienVault USM / OSSIM displays Kaspersky CyberTrace events of two types, which are designated in the Event Name column of the event list:
- Service events
Click the button in the last column of the table (). For service events, the following data is displayed (as shown in the figure below):
- The Userdata1 field contains the service event itself.
- The Userdata2 field contains the context of the event, if any.
- Detection events
Click the button in the last column of the table (). For detection events, the following data is displayed (as shown in the figure below):
- The Userdata1 field contains the feed that is involved in the detection process.
- The Userdata2 field contains the detected indicator.
- The Userdata3 field contains the context of the feed record that is involved in the detection process.
The Userdata3 field contains up to 1024 symbols, so it may not contain the whole context. The whole event (including the context) is contained in the RAW LOG field.
Detection event data