Hardware and software requirements

February 27, 2024

ID 162509

This section lists the system requirements of Kaspersky CyberTrace.

Supported operating systems

Kaspersky CyberTrace can run on the following operating systems:

  • Linux® x64

    The Linux distribution must include systemd.

  • Microsoft® Windows Server® 2019
  • Microsoft Windows Server 2012 x64
  • Microsoft Windows Server 2012 R2 x64

Dependencies for Linux

In Linux, Kaspersky CyberTrace has the following dependencies:

  • The more utility must be installed.

Software requirements for integrations with SIEM solutions

When integrating with SIEM solutions, Kaspersky CyberTrace has the following software requirements.

Software requirements for integrations with SIEM solutions

SIEM solution

Software requirements

Splunk

Splunk Enterprise 8.0.0 and later

The older versions are supported in Kaspersky CyberTrace 3.1.

ArcSight ESM

ArcSight ESM 6.8 to 7.0

ArcSight SmartConnector

ArcSight Forwarding Connector

QRadar

IBM QRadar v7.2.5 or later

RSA NetWitness

RSA NetWitness® 10.5, 10.6, or 11.2

LogRhythm

LogRhythm 7.1.7 or later

AlienVault OSSIM

AlienVault OSSIM 5.7.5

For more information, see https://support.kaspersky.com/15161.

USM Anywhere

USM Anywhere 5.7.5

For more information, see https://support.kaspersky.com/15161.

FortiSIEM

FortiSIEM 5.2 or later

For more information, see https://support.kaspersky.com/15146.

Apache Kafka

Apache Kafka 2.4.0 or later

Python 2.7 or 3

This integration requires a special plug-in. For more information, contact your Technical Account Manager (TAM).

ArcSight Event Broker

ArcSight Event Broker 2.2

Python 2.7 or 3

This integration requires a special plug-in. For more information, contact your Technical Account Manager (TAM).

Elastic Stack (Elasticsearch, Logstash, and Kibana)

Logstash 7.2 or later

Java 8 or 11

This integration requires Kaspersky CyberTrace Plug-in for Logstash, which you can download for free. For more information, see https://support.kaspersky.com/15474.

McAfee ESM

McAfee ESM 9.6 to 11

For more information, contact your Technical Account Manager (TAM).

Kaspersky Unified Monitoring and Analysis Platform (KUMA)

KUMA 1.0 and later

Integrations with other SIEM solutions are available. For more information, see https://support.kaspersky.com/datafeeds.

Supported browsers

Kaspersky CyberTrace Web can be used by using the following web browsers:

  • Microsoft Edge® 42 or later
  • Mozilla™ Firefox™ 61 or later
  • Safari 11 or later
  • Google Chrome™ 68 or later

CPU requirements

Kaspersky CyberTrace has the following CPU requirements:

  • Support of x86-64 instruction set.

It is recommended to use Kaspersky CyberTrace on high-end servers.

RAM and hard drive space requirements

System requirements depend on your use case and the feeds that you use.

The actual amount of hard drive space for each feed depends on the size of the original feed file. This size changes when feeds are updated. Over time, the size of the feed files may change, which can change the required amount of hard drive and memory space.

For more detail about the system requirements, contact your Technical Account Manager (TAM).

Hardware requirements for using demo Kaspersky Threat Data Feeds

Feeds used

HDD

RAM

All demo feeds

6 GB

16 GB

The values from the table above are applied only for Community Edition licensing type and when retrospective scanning is disabled.

You can reduce hard drive space requirements if you disable the saving of detection events. For more information, see the "Detections storage settings" section.

Kaspersky CyberTrace Web shows you a notification when the hard drive that Kaspersky CyberTrace is installed on is 90 percent full. The text of the notification is specified in the KL_ALERT_FreeSpaceEnds event. You can change this behavior by modifying the following settings in elasticsearch.yml:

  • cluster.routing.allocation.disk.watermark.high—Specifies the amount of the used hard drive space (in percents) that triggers the notification. The default value is 90 percent.
  • cluster.routing.allocation.disk.watermark.flood_stage—Specifies the amount of the hard drive space (in percents) that can be used before the disk is considered to be full. %FreeSpace% in text of the KL_ALERT_FreeSpaceEnds event is calculated relative to this value. The default value is 95 percent.

Network requirements

The computer on which Feed Utility runs must have access to the website https://wlinfo.kaspersky.com/.

The computer on which Kaspersky CyberTrace runs must have access to the computer with the SIEM solution.

The computers of users who want to gain access to Kaspersky CyberTrace Web must have access to the address and port that Kaspersky CyberTrace uses for the web UI.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.