Support

Support for business applications

Kaspersky CyberTrace

User guides

Application for Splunk

Indicators lookup
Kaspersky CyberTrace
Нет результатов
Online Help
FAQ System requirements Download Contact support Recovery tools Product videos

Indicators lookup

April 11, 2024

ID 197069

The Indicators lookup tab allows you to do the following actions:

  • To perform a lookup by a single indicator. The following formats can be used:
    • %INDICATOR%, if Kaspersky CyberTrace uses general regular expressions (regular expressions that are not associated with binding to a specific field).
    • %FIELDNAME%=%INDICATOR%, if Kaspersky CyberTrace uses regular expressions that expect the %INDICATOR% value to be specified in the %FIELDNAME% field.

Kaspersky CyberTrace lookup indicator section in Splunk.

Lookup by a single indicator

  • To configure a lookup by indicator. These settings will be applied to any indicator that is involved in the lookup process only if you perform a lookup by some indicator. These settings are also used for performing the Self-test in the Kaspersky CyberTrace Status tab. The settings will be placed in the Splunk storage.

    In this section, you can specify the IP address and port of Kaspersky CyberTrace.

CyberTrace connection settings in Splunk.

Kaspersky CyberTrace connection settings

  • To browse detailed information about the indicator.

    You can learn more about the indicator that you need by clicking the lookup result. The link redirects you to the Kaspersky Threat Intelligence Portal page that contains information about the object.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.