How to integrate Kaspersky Threat Data Feeds with Elastic Stack (Elasticsearch, Logstash and Kibana)
Kaspersky CyberTrace Plugin for LogStash is an application that allows to use Kaspersky CyberTrace with Elastic Stack (Elasticsearch, Logstash and Kibana). The Plugin helps to integrate Kaspersky CyberTrace and ELK to enrich LogStash events with Threat Intelligence (Kaspersky Data Feeds, OSINT or 3rd-party) loaded into CyberTrace.
The Plugin is a file in GEM format that can be installed in Logstash. The Plugin works as follows:
- Sends an indicator from Logstash events to a CyberTrace instance for matching against Data Feeds.
- If a checked indicator matches a record in a feed loaded by CyberTrace, the Plugin enriches an original event with context from feeds.
To integrate Kaspersky Data Feeds with Elasticsearch, Logstash and Kibana (ELK) you need to:
- Download and install Kaspersky CyberTrace. For instructions, see this article.
- Download, install and configure Kaspersky CyberTrace plugin for Logstash.
You can find more details in the documentation.
Download the distribution kit (includes documentation) from this link (SHA256: 4970a28f30280d7ced7f7654a58eaf5aea7408b8f0eaa0e0b109d1cbecd72c9a).