How to integrate Kaspersky Threat Data Feels with Splunk
Kaspersky CyberTrace allows you to check URLs, file hashes, and IP addresses contained in events that arrive in Splunk. The URLs, file hashes, and IP addresses are checked against threat data feeds from Kaspersky Lab, or from other vendors or sources loaded to CyberTrace. During the matching process, Kaspersky CyberTrace determines the indicator category and generates an event supplemented with actionable context.
To install SIEM connector for Splunk:
- Download Kaspersky CyberTrace. Find the download files for Kaspersky CyberTrace in this article.
- Follow the instructions in the product documentation to install the package.
Please note that SIEM connector for Splunk has been tested with Splunk 8.0 and later.