Receiving events from Kaspersky CyberTrace in FortiSIEM

This section describes how to configure Kaspersky CyberTrace and FortiSIEM so that FortiSIEM will receive events from Kaspersky CyberTrace.

To receive events from Kaspersky CyberTrace in FortiSIEM:

1. Add Kaspersky CyberTrace to FortiSIEM as an event source.
2. In FortiSIEM, add the Device IP Address field and the Detected indicator field.
3. In FortiSIEM, add rules for parsing events from Kaspersky CyberTrace.
4. Optionally, in FortiSIEM add descriptions of events from Kaspersky CyberTrace.

Page top