Performing the verification test (other SIEM and non-SIEM solutions)
April 11, 2024
ID 171415
The Kaspersky CyberTrace distribution kit contains text files in the verification directory. You can use these files for testing whether Kaspersky CyberTrace is integrated correctly with the event target software.
To check the integration of Kaspersky CyberTrace with the event target software:
- Send the
kl_verification_test_cef.txtfile from theverificationdirectory to Kaspersky CyberTrace Service by using Log Scanner.In Linux:
./log_scanner -p ../verification/kl_verification_test_cef.txtIn Windows:
log_scanner.exe -p ..\verification\kl_verification_test_cef.txtKaspersky CyberTrace Service will check the data that is contained in the input file.
If you specify the
-rflag in this command, the test results are written to the Log Scanner report file. If you do not specify the-rflag, the test results are sent to the event target software by using the parameters for outbound events specified in the Service settings of Kaspersky CyberTrace. - Make sure that the event target software has received events according to the table below.
Verification test results
The verification test results depends on the feeds you use. The following table summarizes target numbers for the verification test when all commercial feeds are used.
Verification test results (commercial feeds)
Feed used | eventName value | Detected objects |
Malicious URL Data Feed | KL_Malicious_URL | http://fakess123.nu http://badb86360457963b90faac9ae17578ed.com |
Phishing URL Data Feed | KL_Phishing_URL | http://fakess123ap.nu http://e77716a952f640b42e4371759a661663.com |
Botnet C&C URL Data Feed | KL_BotnetCnC_URL | http://fakess123bn.nu http://a7396d61caffe18a4cffbb3b428c9b60.com |
IP Reputation Data Feed | KL_IP_Reputation | 192.0.2.0 192.0.2.3 |
Malicious Hash Data Feed | KL_Malicious_Hash_MD5 | FEAF2058298C1E174C2B79AFFC7CF4DF 44D88612FEA8A8F36DE82E1278ABB02F C912705B4BBB14EC7E78FA8B370532C9 |
Mobile Malicious Hash Data Feed | KL_Mobile_Malicious_Hash_MD5 | 60300A92E1D0A55C7FDD360EE40A9DC1 |
Mobile Botnet C&C URL Data Feed | KL_Mobile_BotnetCnC_Hash_MD5 | 001F6251169E6916C455495050A3FB8D |
Mobile Botnet C&C URL Data Feed | KL_Mobile_BotnetCnC_URL | http://sdfed7233dsfg93acvbhl.su/steallallsms.php |
Ransomware URL Data Feed | KL_Ransomware_URL | http://fakess123r.nu http://fa7830b4811fbef1b187913665e6733c.com |
APT URL Data Feed | KL_APT_URL | http://b046f5b25458638f6705d53539c79f62.com |
APT Hash Data Feed | KL_APT_Hash_MD5 | 7A2E65A0F70EE0615EC0CA34240CF082 |
APT IP Data Feed | KL_APT_IP | 192.0.2.4 |
IoT URL Data Feed | KL_IoT_URL | http://e593461621ee0f9134c632d00bf108fd.com/.i |
ICS Hash Data Feed | KL_ICS_Hash_MD5 | 7A8F30B40C6564EFF95E678F7C43346C |
The following table summarizes target numbers for the verification test when only demo feeds are used.
Verification test results (demo feeds)
Feed used | eventName value | Detected objects |
DEMO Botnet_CnC_URL_Data_Feed | KL_BotnetCnC_URL | http://5a015004f9fc05290d87e86d69c4b237.com http://fakess123bn.nu |
DEMO IP_Reputation_Data_Feed | KL_IP_Reputation | 192.0.2.1 192.0.2.3 |
DEMO Malicious_Hash_Data_Feed | KL_Malicious_Hash_MD5 | 776735A8CA96DB15B422879DA599F474 FEAF2058298C1E174C2B79AFFC7CF4DF 44D88612FEA8A8F36DE82E1278ABB02F |
