Detections settings

Kaspersky CyberTrace allows you to save initial alerts with threats for further analysis and investigation. This section explains how to configure the settings of detection alerts storage.

You can manage the settings of detection alerts storage on the SettingsDetections page. To access this page, you need to switch to the System management mode. This mode is accessible only to users with the Administrator role.

The Detections page allows you to perform the following:

You can view the current size (in gigabytes) of saved detection alerts at the top of the Detections page.

To delete saved detection alerts:

  1. Click the Trash can icon. (Delete saved detections) icon.
  2. Click Delete in the confirmation window that opens.

To disable saving detection alerts:

  1. Disable the Save detections toggle switch.
  2. Click Save at the bottom of the page.

By disabling the saving of detection alerts, you can reduce the hard drive space requirements for the computer on which Kaspersky CyberTrace is installed. This can be done if all detection alerts are saved in the SIEM system and you investigate security incidents there.

If you disable the saving of detection alerts while applying filtering criteria for sending alerts to a SIEM system, the detection alerts containing the indicators that do not comply with the specified criteria will be lost.

To set the maximum size of saved detection alerts:

  1. Enable the toggle switch under Limit the size of saved detections.
  2. Specify the maximum size of saved detection alerts, in gigabytes.
  3. Click Save at the bottom of the page.

When the limit on the size of saved detection alerts is exceeded, Kaspersky CyberTrace generates a KL_ALERT_DetectsStorageExceeded alert.

Since the size of saved detection alerts is checked every hour, it may exceed the limit occasionally.

See also:

Detection alerts settings of a tenant
Page top