Alert events sent by Kaspersky CyberTrace
April 11, 2024
ID 198337
This section describes service alerts that can be generated by Kaspersky CyberTrace.
KL_ALERT_ConfigurationUpdated
This alert is generated if Kaspersky CyberTrace Service has reloaded the configuration file.
This alert has no context fields.
KL_ALERT_FeedBecameAvailable
This alert is generated if a feed that can be used with the current certificate has become available.
This alert has the following field:
- feed
Feed name.
KL_ALERT_FeedBecameUnavailable
This alert is generated if a feed that is being used with the current certificate has become unavailable.
This alert has the following context field:
- feed
Feed name.
KL_ALERT_OutdatedFeed
This alert is generated if a feed has not been updated during the specified period.
This alert has the following context field:
- feed
Feed name.
KL_ALERT_ServiceUnavailable
This alert is generated when the watchdog module has detected that Kaspersky CyberTrace Service has crashed or frozen.
This alert has no context fields.
KL_ALERT_ServiceStopped
This alert is generated when Kaspersky CyberTrace Service is stopped successfully.
This alert has no context fields.
KL_ALERT_ServiceStarted
This alert is generated when Kaspersky CyberTrace Service is started successfully.
This alert has no context fields.
KL_ALERT_UpdatedFeed
This alert is generated when a feed is updated and loaded by Kaspersky CyberTrace Service. This means that new indicators from the feed can be used in the matching process. Please note that the indicators may be added to the database later, as they are loaded asynchronously.
This alert has the following context fields:
- feed
Feed name.
- records
The number of records loaded from the feed.
KL_ALERT_FailedToUpdateFeed
This alert is generated when Kaspersky CyberTrace Service fails to load a new feed (for example, due to the limitation on the number of indicators that are imposed by the license key) and continues using an old feed.
This alert has the following context fields:
- feed
Feed name.
- error
Error message from Feed Utility or the text "
Error while applying feed <FeedName>".
KL_ALERT_LicenseExpires
This alert is generated to inform you that the license key that is being used will expire in less than 30 days.
This alert has the following context fields:
- license_name
Name of the license key.
- expiration_date
Expiration date of the license key.
KL_ALERT_LicenseExpired
This alert is generated when a current license key has expired.
This alert has the following context fields:
- license_name
Name of the license key.
- expiration_date
Expiration date of the license key.
KL_ALERT_EPSLimitExceeded
This alert is generated when the limit on the number of processed events per second (EPS) imposed by the licensed key or licensing level has been exceeded.
This alert has the following context fields:
- current_eps
Actual number of EPS that arrive in Kaspersky CyberTrace Service.
- license_limit_eps
Limit on the number of EPS that is imposed by the license key or licensing level.
KL_ALERT_EPSHardLimit
This alert is generated when Kaspersky CyberTrace Service limits the number of events processed per second to the maximum number of events for the current license key or licensing level. The limit applies regardless of the number of incoming events.
This alert has the following context fields:
- license_limit_eps
Limit on the number of EPS that is imposed by the license key or licensing level.
KL_ALERT_LicenseChanged
This alert is generated when Kaspersky CyberTrace starts to use another license key or licensing level.
This alert has the following context fields:
- license_name
Name of the license key.
If no license key is used, this context field is not included.
- expiration_date
Expiration date of the license key.
If no license key is used, this context field is not included.
- licensing_level
Licensing level of the key, if a license key is used.
Licensing level, if a license key is not used.
KL_ALERT_RetroScanCompleted
This alert is generated when the retrospective scan task succeeded.
This alert has the following context fields:
- iocs_rescanned
Number of scanned indicators.
- iocs_detected
Number of detected indicators.
- retroscan_report
Link to the result of the retrospective scan.
This field is absent if the value of the iocs_detected field is 0.
KL_ALERT_RetroScanError
This alert is generated when the retrospective scan task failed.
This alert has the following context field:
- error
Short text error description.
KL_ALERT_RetroScanStorageExceeded
This alert is generated when the limit on the size of the saved events has been exceeded.
This alert has the following context field:
- storage_size_limit
Limit on the size of the saved events, in megabytes.
KL_ALERT_FreeSpaceEnds
This alert is generated when the available disk space becomes low.
This alert has the following context field:
- msg
Amount of disk space that is still available for the indicator database.
The alert has the following format: "Free space left: %FreeSpace% Mb", where %FreeSpace% is the remaining number of MB available for the indicator database.
KL_ALERT_IndicatorsStoreLimitExceeded
This alert is generated when the limit on the size of the saved indicators has been exceeded.
This alert has the following context fields:
- current_indicators_count
Current number of indicators.
- license_limit_indicators
Limit on the number of indicators that is imposed by the license key.
KL_ALERT_DetectsStorageExceeded
This alert is generated when the limit on the size of the saved detection events has been exceeded.
This alert has the following context field:
- storage_size_limit
Limit on the size of the saved detection events, in megabytes.
KL_ALERT_IndicatorsStoreHardLimit
This alert is generated when Kaspersky CyberTrace limits adding and updating of indicators.
This alert has the following context fields:
- license_limit_indicators
Limit on the number of indicators that are imposed by the license key.
- msg
Message that new indicators cannot be added to the database due to the limitation on the number of indicators that is imposed by the license key.
