Changing feed settings after installing Kaspersky CyberTrace Service and Feed Utility on separate computers (DMZ scenario)
April 11, 2024
ID 268347
Since the DMZ host is only for feeds downloading, you can configure the below settings for the previously enabled feeds in CyberTrace on the local host. You can change the following feeds parameters:
- Feed
confidence
value (except for Kaspersky feeds) - Limit number of feed entries being processed
- Retention period (except for Kaspersky feeds)
- Available fields for a feed
- Filtering rules
- Actionable fields
You can also disable any feed that was previously enabled (in this case, the disabled feeds will continue to be downloaded on the DMZ host and transferred to the local host, until you disable them in %dmz_fu%/kl_feed_util.conf
).
You can configure the proxy server settings directly in the %dmz_fu%/kl_feed_util.conf
file on the DMZ host.
If necessary, you can add a new feed as described below.
If any feed was previously disabled on the local host, the actions below will stop the download of this feed on the DMZ host.
To add a new feed, do the following:
- On the local host:
- Export the current settings from CyberTrace by clicking the Export configuration files button on the Settings>Service page.
If custom feeds were previously configured in Kaspersky CyberTrace, also save the
httpsrv/etc/custom_feed_list.conf
file for further use. - Stop the CyberTrace service.
Run the
systemctl stop cybertrace.service
command.
- Export the current settings from CyberTrace by clicking the Export configuration files button on the Settings>Service page.
- On the DMZ host:
- Install the same CyberTrace version as on the local host.
If you did not remove CyberTrace on the DMZ host during initial setup, skip this step.
- Stop the CyberTrace service.
Run the
systemctl stop cybertrace.service
command. - Remove the
%service_dir%/bin/.need_run_wizard
file.If you did not remove CyberTrace on the DMZ host during initial setup, skip this step.
- Replace the
%service_dir%/etc/kl_feed_service.conf
and%service_dir%/etc/kl_feed_util.conf
files with the files exported from the local host in Step 1 above.If custom feeds were previously configured in Kaspersky CyberTrace, also replace or add (if the file was not present) the
httpsrv/etc/custom_feed_list.conf
file.Specify the proper
Configuration
>GUISettings
>HTTPServer
>ConnectionString
to open CyberTrace Web in a browser. - Start the CyberTrace service.
Run the
systemctl start cybertrace.service
command. - Add and configure new feeds using CyberTrace Web at the address specified in
Configuration/GUISettings/HTTPServer/ConnectionString
of the%service_dir%/etc/kl_feed_service.conf
file.Ensure that the feed is configured correctly by running a feeds update in CyberTrace at least once.
- Export the updated settings from CyberTrace by clicking the Export configuration files button on the Settings>Service page.
If custom feeds were previously configured in Kaspersky CyberTrace, also save the
httpsrv/etc/custom_feed_list.conf
file for further use. - Remove CyberTrace.
- Move (replace) the sections
Settings
>Feeds
andSettings
>ProxySettings
from thekl_feed_util.conf
exported file to the%dmz_fu%/kl_feed_util.conf
file.Do not remove the instance of the
kl_feed_util.conf
file exported from CyberTrace, as well as thekl_feed_service.conf
. These files will be also used on the local host.
- Install the same CyberTrace version as on the local host.
- On the local host:
- Replace the
%service_dir%/etc/kl_feed_service.conf
and%service_dir%/etc/kl_feed_util.conf
files with the files exported from the DMZ host.If custom feeds were previously configured in Kaspersky CyberTrace, also replace or add (if the file was not present) the
httpsrv/etc/custom_feed_list.conf
file.Specify a proper
Configuration
>GUISettings
>HTTPServer
>ConnectionString
to open CyberTrace Web in browser. - Start the CyberTrace service.
Run the
systemctl start cybertrace.service
command. - Using the address specified in
Configuration
>GUISettings
>HTTPServer
>ConnectionString
, open CyberTrace Web and make sure that the Settings>Feeds page contains the new feed, and its settings are similar to settings on the DMZ host. Also, make sure that all other feeds are configured correctly. - On the Settings>Feeds page, set
Never
in theUpdate frequency
parameter.
- Replace the