ServiceSettings
April 11, 2024
ID 198898
Defines settings for the Kaspersky CyberTrace Service process.
Path
ServiceSettings
Attributes
This element has no attributes.
Nested elements
This element is a container for the following nested elements:
- Bases
Specifies the path to the directory that contains feeds from Kaspersky. If a relative path is set, it is calculated relative to the directory that contains the service binary file.
The Bases element is mandatory.
- BasesBackup
Specifies the path to the directory that contains backup version of feeds from Kaspersky. If a relative path is set, it is calculated relative to the directory that contains the service binary file.
The BasesBackup element is mandatory.
- BasesDownload
Specifies the path to the directory that contains downloaded feeds from Kaspersky. If a relative path is set, it is calculated relative to the directory that contains the service binary file.
The BasesDownload element is mandatory.
- TemporaryDir
The directory for temporary files.
The TemporaryDir element is optional. If it is omitted, the default value is used.
In Linux, the default value is
/tmp
.In Windows, the default value is
%TEMP%
(the current Windows user's temporary folder). - OutdatedBasesAlertPeriod
The time interval in hours following the last feed update, after which a notification about an outdated feed is sent to the event target. To turn off notifications, set this parameter to
0
. This setting is taken into account for every feed that has no outdated_alert_period attribute.The OutdatedBasesAlertPeriod element is optional. If it is omitted, the default value
0
is used. - ScannersCount
The number of scanners. Every scanner handles a single TCP connection.
When changing this configuration, specify one scanner in addition to the number of scanners needed for CyberTrace itself. This must be done for the health check mechanism.
The ScannersCount element is optional. If it is omitted, the default value
9
is used.We recommend that you use the default value. If required, you can increase the default value. The maximum possible value is
20
. - ScanningThreadsPerScanner
The number of threads per scanner.
The ScanningThreadsPerScanner element is optional. If it is omitted, the default value
8
is used. - EventSendingRetriesCount
Number of times Kaspersky CyberTrace Service tries to resend a detection event to a SIEM solution if the first attempt at sending fails. If the value of
EventSendingRetriesCount
is0
, Kaspersky CyberTrace Service sends each detection event one time and does not attempt to resend it.Maximum possible value is
10
. The preset value is3
.The EventSendingRetriesCount element is mandatory.
- EventSendingRetriesTimеout
Time interval between attempts made by Kaspersky CyberTrace Service to resend a detection event to a SIEM solution, in seconds. Maximum possible value is
60
.The EventSendingRetriesTimеout element is mandatory.
The preset value is
10
. - FeedsRollbackEnabled
Specifies if feeds rollback is enabled or disabled.
If feeds rollback is enabled, feeds are rolled back when Kaspersky CyberTrace fails to upload new indicators into the Matching engine after feeds are updated. Kaspersky CyberTrace removes new indicators from the database and uses the previous feeds.
Possible values:
true
— feeds rollback is enabled.false
— feeds rollback is disabled.
Kaspersky CyberTrace reads FeedsRollbackEnabled only during initialization and does not reread it after.
By default, there is no FeedsRollbackEnabled element in the configuration file. If this element is missing, feeds rollback is enabled.
Example
The following is an example of this element.
<ServiceSettings> <Bases>../feeds</Bases> <BasesBackup>../feeds/backup</BasesBackup> <BasesDownload>../feeds/download</BasesDownload> <TemporaryDir>/tmp</TemporaryDir> <OutdatedBasesAlertPeriod>120</OutdatedBasesAlertPeriod> <ScannersCount>9</ScannersCount> <ScanningThreadsPerScanner>8</ScanningThreadsPerScanner> <EventSendingRetriesCount>3</EventSendingRetriesCount> <EventSendingRetriesTimеout>10</EventSendingRetriesTimеout> <FeedsRollbackEnabled>true</FeedsRollbackEnabled> </ServiceSettings> |