Tenants settings

February 27, 2024

ID 200076

Kaspersky CyberTrace supports a multi-tenant architecture that allows you to manage tenants. A tenant is a client-specific set of configuration parameters. By default, Kaspersky CyberTrace uses a General tenant that provides the overall settings. You can create or edit the tenants in CyberTrace Web by selecting the Settings tab, and then the Tenants tab.

On the Tenants tab, you can view information about the tenants that are used in Kaspersky CyberTrace and perform the following actions:

  • Add a new tenant
  • Edit a tenant configuration
  • Delete a tenant

Adding tenants

To add a tenant:

  1. Click the Add new tenant link.

    The New tenant window opens.

  2. Specify a name for the new tenant in the Tenant field.
  3. Specify a description for this tenant in the Description field.
  4. Select a SIEM.

    You can select a SIEM supported by Kaspersky CyberTrace or a custom one (a non-supported SIEM).

    This SIEM will be used in the tenant for sending events to CyberTrace.

    Depending on the selected SIEM, Kaspersky CyberTrace will specify the sets of regular expressions, detection alerts formats, and service alerts formats that are used in integration with this SIEM.

    For the full list of supported SIEMs, see subsection "Supported SIEMs" below.

  5. Specify connection parameters specific for the tenant that Kaspersky CyberTrace will use for incoming events:
    • Select what type of connection you want to use.
    • In the IP address and Port fields, specify an IP address and port.
    • In the UNIX socket field, specify a UNIX socket.
  6. Specify an IP address and port specific for the tenant that Kaspersky CyberTrace will use for outgoing events.
  7. Click Save.

Editing a tenant configuration

To edit a tenant configuration:

  1. Click the Edit button next to the tenant that you want to edit.
  2. Edit the tenant configuration:
    • Tenant name

      You cannot change the tenant name for the General tenant.

    • Description
  3. Click Save.

Deleting tenants

To delete a tenant:

  1. Click Delete next to the tenant that you want to delete.
  2. Confirm that you want to delete the tenant.

Supported SIEMs

Kaspersky CyberTrace supports integration with several SIEMs. Thus, CyberTrace uses a number of preset settings for each SIEM, such as settings for parsing events and event format settings (for detection and service alerts).

The following SIEM solutions are supported:

  • Kaspersky Unified Monitoring and Analysis Platform
  • Splunk
  • ArcSight ESM
  • RSA NetWitness
  • IBM QRadar
  • LogRhythm

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.