Support

Support for business applications

Kaspersky CyberTrace

User guides

Working with events in RSA NetWitness

Browsing Kaspersky CyberTrace Service events
Kaspersky CyberTrace
Нет результатов
Online Help
FAQ System requirements Download Contact support Recovery tools Product videos

Browsing Kaspersky CyberTrace Service events

April 11, 2024

ID 167808

This section describes how you can browse in RSA NetWitness the events sent from Kaspersky CyberTrace Service.

To display in RSA NetWitness those events that are sent from Kaspersky CyberTrace Service:

  1. Make sure that the Navigate view is enabled in RSA NetWitness.

    By default, the Navigate view is disabled in RSA NetWitness version 11.6 and later. To enable the Navigate view:

    1. Go to RSA NetWitness admin icon. (Admin) > System > Investigation > Navigate.
    2. Select the Enable Navigate check box.
    3. Click the Apply button.
  2. On the RSA NetWitness menu, select Investigation > Navigate.

    The Investigate window opens.

  3. On the Services tab, select the Concentrator that stores events from Kaspersky CyberTrace Service (or the Log Decoder to which Kaspersky CyberTrace Service sends events) and click the Navigate button.

    Services tab in RSA NetWitness.

    Investigate window

  4. On the Navigate toolbar, select Query.

    Navigate toolbar in RSA NetWitness. Query button.

    Query toolbar button

    A window for creating a query opens (the Create window).

  5. Select Advanced and specify the following query:

    device.type='cybertrace'

    Advanced option in RSA NetWitness. Specifying device type.

    Specifying device type

  6. Click OK.

The Navigate view will display the events from Kaspersky CyberTrace Service.

Displaying events from Feed Service in RSA NetWitness.

Displaying events from Kaspersky CyberTrace Service

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.