Support

Support for business applications

Kaspersky CyberTrace

Installation and integration guides

Part 2: Integrating Kaspersky CyberTrace with an event source

Integration with LogRhythm

Step 9 (optional). Creating alerts about incoming Kaspersky CyberTrace service events
Kaspersky CyberTrace
Нет результатов
Online Help
FAQ System requirements Download Contact support Recovery tools Product videos

Step 9 (optional). Creating alerts about incoming Kaspersky CyberTrace service events

April 11, 2024

ID 196831

You can create notifications about incoming Kaspersky CyberTrace service events by configuring alert rules.

To create notifications about service events from Kaspersky CyberTrace in LogRhythm:

  1. Run LogRhythm Console.
  2. Select Deployment Manager > Alarm Rules and click New.
  3. In the Create Global Rule confirmation window, click Yes if you want to give access to manage this rule for all users with the Global Admin role. Click No, if you want to manage this rule only by yourself.
  4. Perform the following actions for each tab at the bottom of the page:
    • On the Primary Criteria tab, do the following:
      1. Click New, and select the Common Event value in the Add New Field Filter drop-down list.

        Alarm Rule window in LogRhythm. Primary Criteria Filters.

        Log Message Filter window in LogRhythm.

      2. Click Edit values.

        The Field Filter Values window opens.

      3. In the Field Filter Values window, click Add Item.
      4. Select the name of the Kaspersky CyberTrace service event from the list. If such events are absent, add them as described in the "Adding Kaspersky CyberTrace events" section.

        Field Filter Values window in LogRhythm.

      5. Click OK.
    • Leave the Include Filters, Exclude Filters and Day and Time Criteria tabs unchanged.
    • On the Log Source Criteria tab, check Include the Selected Log Sources and then click Add.

    Alarm Rule window → Log Source Criteria in LogRhythm.

    The Alarm Rule window

    Log Source Criteria Add window in LogRhythm.

    The Log Source Criteria Add window

    • Leave the Aggregation tab unchanged.
    • In the Settings tab, specify a period of time during which identical alerts that are associated with the occurrence of any new service events from Kaspersky CyberTrace have to be suppressed.

    Alarm Rule window → Settings tab in LogRhythm.

    Alert suppression settings

    • On the Notify tab, select a role or user you want to address notifications.

    Alarm Rule window → Notify tab in LogRhythm.

    Choosing the roles to notify

    • Leave the Actions tab unchanged.
    • On the Information tab, specify the name of the rule and its description.

    Alarm Rule window → Information tab in LogRhythm.

    Alarm Rule Name/Brief Description

  5. Click OK.
  6. On the Alarm Rules tab, right-click the new rule and select Actions > Enable.

    Alarm Rules list in LogRhythm.

    Enabling a rule

  7. Configure display of the alerts in the LogRhythm web console as described in section "Step 10 (optional). Displaying alert events in LogRhythm".

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.