Support

Support for business applications

Kaspersky CyberTrace

User guides

Working with events in ArcSight

Active Channels
Kaspersky CyberTrace
Нет результатов
Online Help
FAQ System requirements Download Contact support Recovery tools Product videos

Active Channels

April 11, 2024

ID 171423

When the ARB package is imported to ArcSight, the following active channels become available:

  • CyberTrace alerts

    Displays service events from Kaspersky CyberTrace Service in real time.

    • The Reason field contains the identifier of the service event.
    • The Message field contains additional information about the event (if available).

    CyberTrace alerts active channel in ArcSight.

    CyberTrace alerts active channel

  • CyberTrace all matches

    Displays detection events from Kaspersky CyberTrace Service in real time.

    • The Reason field contains the category of the detected object.
    • The Detected indicator field contains the detected object.
    • The Request Url field contains the URL that was detected in the event that was sent from ArcSight to Kaspersky CyberTrace Service.
    • The File Hash field contains the hash that was detected in the event that was sent from ArcSight to Kaspersky CyberTrace Service.
    • The Source Service Name field contains the name of the device vendor that sent the event to ArcSight.
    • The Source Process Name field contains the name of the device that sent the event to ArcSight.
    • The Event Outcome field contains the identifier of the original event that arrived in ArcSight and was then sent to Kaspersky CyberTrace Service.
    • The Message field contains a brief description of the detection. The description is in the following format: "CyberTrace detected <name_of_the_feed_involved_in_the_detection_process>".
    • The Source User Name field contains the name of the user that was active on the endpoint device.
    • The Source Address field contains the IPv4 address that identifies the source to which the original event refers in an IP network.
    • The Destination Address field contains the destination IPv4 address that was detected in the event sent from ArcSight to Kaspersky CyberTrace Service.
    • The Device Action field contains the action taken by the device as specified in the original event.
    • The Popularity, Threat Score, Threat, and other fields are taken from the feed that was involved in the detection process.

    CyberTrace all matches active channel in ArcSight.

    CyberTrace all matches active channel

  • CyberTrace hash matches

    Displays hash detection events from Kaspersky CyberTrace Service in real time.

  • CyberTrace URL matches

    Displays URL detection events from Kaspersky CyberTrace Service in real time.

  • CyberTrace IP matches

    Displays IP detection events from Kaspersky CyberTrace Service in real time.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.