Feeds settings

You can manage the settings of feeds in the Kaspersky CyberTrace web user interface by selecting the Settings tab, and then the Feeds tab. When you change the settings, you will be asked whether to update the feeds. Depending on the item selected in the drop-down list with all available tenants in the upper-left area of the window, the changes will affect either the general feeds settings (if General is selected) or the feeds settings for a specific tenant (if a specific tenant is selected).

For all tenants, Kaspersky CyberTrace displays only the feeds that are enabled in the General tenant.

For the General tenant, the form allows you to:

• Import a certificate for Kaspersky Threat Data Feeds
• Specify the feeds update period
• Enable and disable feeds
• Select available fields for a feed
• Add actionable fields to a feed
• Specify filtering rules for a feed
• Truncate a feed
• Specifying a retention period for feed records
• Launch a feeds update manually
• Add custom or third-party feeds
• Configure a custom or third-party feed
• Manage false positives

For a specific tenant, the form allows you to:

• Enable and disable feeds
• Add actionable fields to a feed

Feed tabs

Feeds are listed on the following tabs:

• Kaspersky

  This tab contains Kaspersky Threat Data Feeds.

• <Vendor name>

  Custom and third-party threat data feeds are grouped into tabs by vendor.

  If no vendor name is provided for a feed, it is listed on the Custom feeds tab.

  If there are no custom and third-party feeds, these tabs are not displayed.

• OSINT

  This tab contains OSINT feeds.

• Internal TI

  This tab contains the Internal TI supplier, with indicators added to the database by users.

About the feed update notifications

If any feeds have become available or unavailable with your certificate during an update, a window opens and lists all newly available and unavailable feeds.

In each list of feeds:

• If a currently used feed becomes unavailable, the toggle button remains Feed is on, but a warning appears next to the feed. The warning states that this feed is no longer supported by your certificate and will no longer be updated. You can either continue using the last available copy of the unsupported feed, or set the toggle button to Feed is off and stop using the feed.
• For all feeds that become available, the toggle button becomes enabled.

  By default, the toggle button next to all newly available feeds is set to Feed is off. You have to manually set it to Feed is on for the feeds that you want to start using.