Changing feed settings after installing Kaspersky CyberTrace Service and Feed Utility on separate computers (DMZ scenario)
April 11, 2024
ID 268320
Since the DMZ host is only for downloading feeds, you can configure the settings below for the previously enabled feeds in CyberTrace on the local host. You can change the following feeds parameters:
- Feed
confidence
value (except for Kaspersky feeds) - Limit for number of feed entries being processed
- Retention period (except for Kaspersky feeds)
- Available fields for a feed
- Filtering rules
- Actionable fields
You can also disable any feed that had been enabled before (in this case, the disabled feeds will continue to be downloaded on the DMZ host and transferred to the local host, until you disable them in %dmz_fu%/kl_feed_util.conf
).
You can configure the proxy server settings directly in the %dmz_fu%\kl_feed_util.conf
file on the DMZ host.
If necessary, you can add a new feed as described below.
If any feed was previously disabled on the local host, the actions below will stop downloading this feed on the DMZ host.
To add a new feed, do the following:
- On the local host:
- Export the current settings from CyberTrace by clicking the Export configuration files button on the Settings>Service page.
If custom feeds were previously configured in Kaspersky CyberTrace, also save the
httpsrv\etc\custom_feed_list.conf
file for further use. - Stop the CyberTrace service.
Run the
sc stop cybertrace
command.
- Export the current settings from CyberTrace by clicking the Export configuration files button on the Settings>Service page.
- On the DMZ host:
- Install the same version of CyberTrace as on the local host.
If you did not remove CyberTrace on the DMZ host during initial setup, skip this step.
- Stop the CyberTrace service.
Run the
sc stop cybertrace
command. - Remove the
%service_dir%/bin/.need_run_wizard
file.If you did not remove CyberTrace on the DMZ host during initial setup, skip this step.
- Replace the
%service_dir%\bin\kl_feed_service.conf
and%service_dir%\bin\kl_feed_util.conf
files with the files exported from the local host in Step 1 above.If custom feeds were previously configured in Kaspersky CyberTrace, also replace or add (if the file was not present) the
httpsrv\etc\custom_feed_list.conf
file.Specify the proper
Configuration
>GUISettings
>HTTPServer
>ConnectionString
to open CyberTrace Web in a browser. - Start the CyberTrace service.
Run the
sc start cybertrace
command. - Add and configure new feeds by using CyberTrace Web at the address specified in
Configuration/GUISettings/HTTPServer/ConnectionString
of the%service_dir%\bin\kl_feed_service.conf
file.Ensure that the feeds are configured correctly by running a feeds update in CyberTrace at least once.
- Export the updated settings from CyberTrace by clicking the Export configuration files button on the Settings>Service page.
If custom feeds were previously configured in Kaspersky CyberTrace, also save the
httpsrv\etc\custom_feed_list.conf
file for further use. - Remove CyberTrace.
- Move (replace) the sections
Settings/Feeds
andSettings/ProxySettings
from thekl_feed_util.conf
exported file to the%dmz_fu%\kl_feed_util.conf
file.
Do not remove the instance of the
kl_feed_util.conf
file exported from CyberTrace, as well askl_feed_service.conf
. These files will be used on the local host. - Install the same version of CyberTrace as on the local host.
- On the local host:
- Replace the
%service_dir%\bin\kl_feed_service.conf
and%service_dir%\bin\kl_feed_util.conf
files with the files exported from the DMZ host.If custom feeds were previously configured in Kaspersky CyberTrace, also replace or add (if the file was not present) the
httpsrv\etc\custom_feed_list.conf
file.Specify the proper
Configuration
>GUISettings
>HTTPServer
>ConnectionString
to open CyberTrace Web in a browser. - Start the CyberTrace service.
Run the
sc start cybertrace
command. - Using the address specified in
Configuration
>GUISettings
>HTTPServer
>ConnectionString
, open CyberTrace Web and make sure that the Settings>Feeds page contains the newly added feed and that its settings are similar to the settings on the DMZ host. Also, make sure that all other feeds are configured correctly. - On the Settings>Feeds page, set
Never
in theUpdate frequency
parameter.
- Replace the