Removing Kaspersky CyberTrace objects (ArcSight)

This section describes how to remove objects related to Kaspersky CyberTrace from ArcSight after Kaspersky CyberTrace is uninstalled. Note that after you have removed these objects, events from Kaspersky CyberTrace persist in ArcSight.

To remove objects related to Kaspersky CyberTrace from ArcSight:

1. Remove the ARB package from ArcSight.

   To do this, in ArcSight Console, remove the /All Packages/Public/Kaspersky CyberTrace Connector package.

2. Uninstall the ArcSight SmartConnector service that was used to receive events from Kaspersky CyberTrace Service.

   In Linux, you do this as follows:

   1. Stop the ArcSight SmartConnector service by running the following command:

      /etc/init.d/arc_%service_name% stop

      Here, %service_name% is the name of the ArcSight SmartConnector service specified during its installation.

   2. Run the following command to uninstall the ArcSight SmartConnector:

      %ConnectorInstallDir%/UninstallerData/Uninstall_ArcSightAgents

      Here, %ConnectorInstallDir% is the directory to which the ArcSight SmartConnector was installed.

   3. Remove the %ConnectorInstallDir% directory.

   In Windows, you uninstall the ArcSight SmartConnector service by running the ArcSight SmartConnector uninstallation program.

3. Uninstall the ArcSight Forwarding Connector that was used to send events to Kaspersky CyberTrace Service.

   Do this as follows:

   1. Stop the ArcSight Forwarding Connector service by running the following command:

      /etc/init.d/arc_%FORWARDING% stop

      Here, %FORWARDING% is the name of the ArcSight Forwarding Connector service specified during its installation.

   2. Run the following command to uninstall the ArcSight Forwarding Connector:

      %ConnectorInstallDir%/UninstallerData/Uninstall_ArcSightAgents

      Here, %ConnectorInstallDir% is the directory to which the ArcSight Forwarding Connector was installed.

   3. Remove the %ConnectorInstallDir% directory.