This section describes how to configure Kaspersky CyberTrace for integration with AlienVault USM / OSSIM.
Kaspersky CyberTrace and the device whose events will be forwarded to Kaspersky CyberTrace must work on different computers. Forwarding rules are based on IP addresses. Therefore, the IP address of the computer where Kaspersky CyberTrace is installed must be different from the IP addresses of the devices whose events have to be forwarded to Kaspersky CyberTrace.
To configure Kaspersky CyberTrace for integration with AlienVault USM / OSSIM:
/opt/kaspersky/ktfs
.%CyberTrace_installDir%
.Specify the following Kaspersky CyberTrace settings:
514
These are the IP address and port on which Kaspersky CyberTrace sends detection events.
9999
)These are the IP address and port to which AlienVault USM / OSSIM sends events for checking. This is the port that Kaspersky CyberTrace listens on for incoming events.
alert=%Alert% context=%RecordContext%
category=%Category% detected=%MatchedIndicator% url=%RE_URL% src=%SRC_IP% ip=%RE_IP% hash=%RE_MD5% context=%RecordContext%
enabled
attribute of the OutputSettings > FinishedEventFormat
element to false
.