Browsing Kaspersky CyberTrace Service events
Browsing Kaspersky CyberTrace Service events
April 11, 2024
ID 167808
This section describes how you can browse in RSA NetWitness the events sent from Kaspersky CyberTrace Service.
To display in RSA NetWitness those events that are sent from Kaspersky CyberTrace Service:
- Make sure that the Navigate view is enabled in RSA NetWitness.
By default, the Navigate view is disabled in RSA NetWitness version 11.6 and later. To enable the Navigate view:
- Go to (Admin) > System > Investigation > Navigate.
- Select the Enable Navigate check box.
- Click the Apply button.
- On the RSA NetWitness menu, select Investigation > Navigate.
The Investigate window opens.
- On the Services tab, select the Concentrator that stores events from Kaspersky CyberTrace Service (or the Log Decoder to which Kaspersky CyberTrace Service sends events) and click the Navigate button.
Investigate window
- On the Navigate toolbar, select Query.
Query toolbar button
A window for creating a query opens (the Create window).
- Select Advanced and specify the following query:
device.type='cybertrace'
Specifying device type
- Click OK.
The Navigate view will display the events from Kaspersky CyberTrace Service.
Displaying events from Kaspersky CyberTrace Service
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.