Support

Support for business applications

Kaspersky CyberTrace

Installation and integration guides

Part 2: Integrating Kaspersky CyberTrace with an event source

Extra installation scenarios (using DMZ)

Separate installation of Kaspersky CyberTrace Service and Feed Utility (Windows, DMZ scenario)

Changing feed settings after installing Kaspersky CyberTrace Service and Feed Utility on separate computers (DMZ scenario)
Kaspersky CyberTrace
Нет результатов
Online Help
FAQ System requirements Download Contact support Recovery tools Product videos

Changing feed settings after installing Kaspersky CyberTrace Service and Feed Utility on separate computers (DMZ scenario)

April 11, 2024

ID 268320

Since the DMZ host is only for downloading feeds, you can configure the settings below for the previously enabled feeds in CyberTrace on the local host. You can change the following feeds parameters:

  • Feed confidence value (except for Kaspersky feeds)
  • Limit for number of feed entries being processed
  • Retention period (except for Kaspersky feeds)
  • Available fields for a feed
  • Filtering rules
  • Actionable fields

You can also disable any feed that had been enabled before (in this case, the disabled feeds will continue to be downloaded on the DMZ host and transferred to the local host, until you disable them in %dmz_fu%/kl_feed_util.conf).

You can configure the proxy server settings directly in the %dmz_fu%\kl_feed_util.conf file on the DMZ host.

If necessary, you can add a new feed as described below.

If any feed was previously disabled on the local host, the actions below will stop downloading this feed on the DMZ host.

To add a new feed, do the following:

  1. On the local host:
    1. Export the current settings from CyberTrace by clicking the Export configuration files button on the Settings>Service page.

      If custom feeds were previously configured in Kaspersky CyberTrace, also save the httpsrv\etc\custom_feed_list.conf file for further use.

    2. Stop the CyberTrace service.

      Run the sc stop cybertrace command.

  2. On the DMZ host:
    1. Install the same version of CyberTrace as on the local host.

      If you did not remove CyberTrace on the DMZ host during initial setup, skip this step.

    2. Stop the CyberTrace service.

      Run the sc stop cybertrace command.

    3. Remove the %service_dir%/bin/.need_run_wizard file.

      If you did not remove CyberTrace on the DMZ host during initial setup, skip this step.

    4. Replace the %service_dir%\bin\kl_feed_service.conf and %service_dir%\bin\kl_feed_util.conf files with the files exported from the local host in Step 1 above.

      If custom feeds were previously configured in Kaspersky CyberTrace, also replace or add (if the file was not present) the httpsrv\etc\custom_feed_list.conf file.

      Specify the proper Configuration>GUISettings>HTTPServer>ConnectionString to open CyberTrace Web in a browser.

    5. Start the CyberTrace service.

      Run the sc start cybertrace command.

    6. Add and configure new feeds by using CyberTrace Web at the address specified in Configuration/GUISettings/HTTPServer/ConnectionString of the %service_dir%\bin\kl_feed_service.conf file.

      Ensure that the feeds are configured correctly by running a feeds update in CyberTrace at least once.

    7. Export the updated settings from CyberTrace by clicking the Export configuration files button on the Settings>Service page.

      If custom feeds were previously configured in Kaspersky CyberTrace, also save the httpsrv\etc\custom_feed_list.conf file for further use.

    8. Remove CyberTrace.
    9. Move (replace) the sections Settings/Feeds and Settings/ProxySettings from the kl_feed_util.conf exported file to the %dmz_fu%\kl_feed_util.conf file.

    Do not remove the instance of the kl_feed_util.conf file exported from CyberTrace, as well as kl_feed_service.conf. These files will be used on the local host.

  3. On the local host:
    1. Replace the %service_dir%\bin\kl_feed_service.conf and %service_dir%\bin\kl_feed_util.conf files with the files exported from the DMZ host.

      If custom feeds were previously configured in Kaspersky CyberTrace, also replace or add (if the file was not present) the httpsrv\etc\custom_feed_list.conf file.

      Specify the proper Configuration>GUISettings>HTTPServer>ConnectionString to open CyberTrace Web in a browser.

    2. Start the CyberTrace service.

      Run the sc start cybertrace command.

    3. Using the address specified in Configuration>GUISettings>HTTPServer>ConnectionString, open CyberTrace Web and make sure that the Settings>Feeds page contains the newly added feed and that its settings are similar to the settings on the DMZ host. Also, make sure that all other feeds are configured correctly.
    4. On the Settings>Feeds page, set Never in the Update frequency parameter.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.