Service settings (General tenant)

February 27, 2024

ID 156531

You can manage the general service settings in the CyberTrace web user interface by selecting the Settings tab, and then the Service tab. Make sure that the General item is selected from the drop-down list that has all available tenants, in the upper-left area of the window.

The Service tab allows you to edit the settings stored in the kl_feed_util.conf and kl_feed_service_log.conf configuration files. You can perform the following actions by clicking the following links below the tab:

  • Restart the CyberTrace service
  • Export the configuration file

    You can export the kl_feed_service.conf and kl_feed_util.conf configuration files to a directory that you choose.

  • Run self-test

    Verifies that the Kaspersky Threat Data Feeds that you use works correctly.

    Please make sure you run the self-test before editing any filtering rules on the Settings > Feeds tab, in the Filtering rules for feeds section.

    If the verification test (self-test) yields incorrect results (that is, if a feed that is expected to produce detections produces none), see possible solutions for this problem in the general troubleshooting section. If the problem persists, contact your Technical Account Manager (TAM).

  • Reset statistics

    Clears the Dashboard of all the detection statistics. When you select the General tenant, Kaspersky CyberTrace clears the detection statistics for all tenants.

    It is recommended to perform this operation after successfully integrating CyberTrace with a SIEM solution: this way, the dashboard will not display any detection events generated during the verification test and will only contain real detection events, if there are any.

The Settings tab displays the Kaspersky CyberTrace Service status, which can be one of the following:

  • The CyberTrace service is running
  • The CyberTrace service is starting
  • The CyberTrace service has stopped

    This status specifies that indicators are loading into the database and indexing. Until all indicators processed, the Indicators tab may contain partially outdated information, and a search for data that is being updated may not be performed correctly. However, the process of matching incoming events is performed based on the actual data and the Kaspersky CyberTrace Web page with detailed information about indicators displays up-to-date data.

Connection settings

In the Connection settings section of the Service tab, you can specify the following settings:

  • IP address and port (on Linux, it can be also a UNIX socket) that Kaspersky CyberTrace Service listens on for incoming events

    These settings are stored in the InputSettings > ConnectionString element of the kl_feed_service.conf file.

  • IP address and port (on Linux, it can also be a UNIX socket) to which Kaspersky CyberTrace Service sends detection events and alert events

    These settings are stored in the OutputSettings > ConnectionString element of the kl_feed_service.conf file.

  • IP address or host name, and port (on Linux, it can also be a UNIX socket) to which Kaspersky CyberTrace Service sends alert events that inform the event target software of the state of the service

    These settings are stored in the OutputSettings > AlertConnectionString element of the kl_feed_service.conf file.

    You can enable or disable this setting by using Kaspersky CyberTrace Web. When this setting is enabled, Kaspersky CyberTrace does not send alert events to the IP address and port that are stored in the OutputSettings > ConnectionString element of the kl_feed_service.conf file.

  • IP address or host name of the proxy server for updating feeds

    This setting is stored in the Host element of the kl_feed_util.conf file.

  • Port of the proxy server for updating feeds

    This setting is stored in the Port element of the kl_feed_util.conf file.

    The preset value is 0. If you do not want to use a proxy server, leave this value unchanged.

  • Proxy user name

    This setting is stored encrypted in the User element of the kl_feed_util.conf file.

  • Proxy password

    This setting is stored encrypted in the Password element of the kl_feed_util.conf file.

You can use IPv6 addresses to receive incoming events and send outgoing events, as well as for the proxy server.

External address of the web interface

In the Web interface section of the Service tab, you can specify the IP address or host name to be used in Kaspersky CyberTrace events.

This setting is stored in the ResourcesIP element of the kl_feed_service.conf file.

The preset value is 127.0.0.1.

You can use an IPv6 address as an external address of the web interface.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.