Tenants settings

Kaspersky CyberTrace supports a multi-tenant architecture that allows you to manage tenants. A tenant is a client-specific set of configuration parameters. By default, Kaspersky CyberTrace uses a General tenant that provides the overall settings. You can create or edit the Kaspersky CyberTrace tenants in Kaspersky CyberTrace Web by selecting the Settings tab, and then the Tenants tab.

On the Tenants tab, you can view information about the tenants that are used in Kaspersky CyberTrace and perform the following actions:

• Add a new tenant
• Edit a tenant configuration
• Delete a tenant

Adding tenants

To add a tenant:

1. Click the Add new tenant link.

   The New tenant window opens.

2. Specify a name for the new tenant in the Tenant field.
3. Specify a description for this tenant in the Description field.
4. Select a SIEM.

   You can select a SIEM supported by Kaspersky CyberTrace or a custom one (a non-supported SIEM system).

   This SIEM will be used in the tenant for sending events to Kaspersky CyberTrace.

   Depending on the selected SIEM, Kaspersky CyberTrace will specify regular expressions, detection events, and service events that are used in integration with this solution.

   For the full list of supported SIEMs, see subsection "Supported SIEM systems" below.

5. Specify connection parameters specific for the tenant that Kaspersky CyberTrace will use for incoming events:
   • Select what type of connection you want to use.
   • In the IP address and Port fields, specify an IP address and port.
   • In the UNIX socket field, specify a UNIX socket.
6. Specify an IP address and port specific for the tenant that Kaspersky CyberTrace will use for outgoing events.
7. Click Save.

Editing a tenant configuration

To edit a tenant configuration:

1. Click the Edit button next to the tenant that you want to edit.
2. Edit the tenant configuration:
   • Tenant name

     You cannot change the tenant name for the General tenant.

   • Description
3. Click Save.

Deleting tenants

To delete a tenant:

1. Click Delete next to the tenant that you want to delete.
2. Confirm that you want to delete the tenant.

Supported SIEM systems

Kaspersky CyberTrace supports integration with several SIEM systems. Thus, Kaspersky CyberTrace uses a number of preset settings for each SIEM, such as settings for parsing events and event format settings (for detection and service events).

The following SIEM systems are supported:

• Splunk
• ArcSight ESM
• RSA NetWitness
• IBM QRadar
• LogRhythm
• Kaspersky Unified Monitoring and Analysis Platform

Page top