Support

Support for business applications

Kaspersky CyberTrace

Installation and integration guides

Part 2: Integrating Kaspersky CyberTrace with an event source

Extra installation scenarios (using DMZ)

Separate installation of Kaspersky CyberTrace Service and Feed Utility (Linux, DMZ scenario)

Changing feed settings after installing Kaspersky CyberTrace Service and Feed Utility on separate computers (DMZ scenario)
Kaspersky CyberTrace
Нет результатов
Online Help
FAQ System requirements Download Contact support Recovery tools Product videos

Changing feed settings after installing Kaspersky CyberTrace Service and Feed Utility on separate computers (DMZ scenario)

April 11, 2024

ID 268347

Since the DMZ host is only for feeds downloading, you can configure the below settings for the previously enabled feeds in CyberTrace on the local host. You can change the following feeds parameters:

  • Feed confidence value (except for Kaspersky feeds)
  • Limit number of feed entries being processed
  • Retention period (except for Kaspersky feeds)
  • Available fields for a feed
  • Filtering rules
  • Actionable fields

You can also disable any feed that was previously enabled (in this case, the disabled feeds will continue to be downloaded on the DMZ host and transferred to the local host, until you disable them in %dmz_fu%/kl_feed_util.conf).

You can configure the proxy server settings directly in the %dmz_fu%/kl_feed_util.conf file on the DMZ host.

If necessary, you can add a new feed as described below.

If any feed was previously disabled on the local host, the actions below will stop the download of this feed on the DMZ host.

To add a new feed, do the following:

  1. On the local host:
    1. Export the current settings from CyberTrace by clicking the Export configuration files button on the Settings>Service page.

      If custom feeds were previously configured in Kaspersky CyberTrace, also save the httpsrv/etc/custom_feed_list.conf file for further use.

    2. Stop the CyberTrace service.

      Run the systemctl stop cybertrace.service command.

  2. On the DMZ host:
    1. Install the same CyberTrace version as on the local host.

      If you did not remove CyberTrace on the DMZ host during initial setup, skip this step.

    2. Stop the CyberTrace service.

      Run the systemctl stop cybertrace.service command.

    3. Remove the %service_dir%/bin/.need_run_wizard file.

      If you did not remove CyberTrace on the DMZ host during initial setup, skip this step.

    4. Replace the %service_dir%/etc/kl_feed_service.conf and %service_dir%/etc/kl_feed_util.conf files with the files exported from the local host in Step 1 above.

      If custom feeds were previously configured in Kaspersky CyberTrace, also replace or add (if the file was not present) the httpsrv/etc/custom_feed_list.conf file.

      Specify the proper Configuration>GUISettings>HTTPServer>ConnectionString to open CyberTrace Web in a browser.

    5. Start the CyberTrace service.

      Run the systemctl start cybertrace.service command.

    6. Add and configure new feeds using CyberTrace Web at the address specified in Configuration/GUISettings/HTTPServer/ConnectionString of the %service_dir%/etc/kl_feed_service.conf file.

      Ensure that the feed is configured correctly by running a feeds update in CyberTrace at least once.

    7. Export the updated settings from CyberTrace by clicking the Export configuration files button on the Settings>Service page.

      If custom feeds were previously configured in Kaspersky CyberTrace, also save the httpsrv/etc/custom_feed_list.conf file for further use.

    8. Remove CyberTrace.
    9. Move (replace) the sections Settings>Feeds and Settings>ProxySettings from the kl_feed_util.conf exported file to the %dmz_fu%/kl_feed_util.conf file.

      Do not remove the instance of the kl_feed_util.conf file exported from CyberTrace, as well as the kl_feed_service.conf. These files will be also used on the local host.

  3. On the local host:
    1. Replace the %service_dir%/etc/kl_feed_service.conf and %service_dir%/etc/kl_feed_util.conf files with the files exported from the DMZ host.

      If custom feeds were previously configured in Kaspersky CyberTrace, also replace or add (if the file was not present) the httpsrv/etc/custom_feed_list.conf file.

      Specify a proper Configuration>GUISettings>HTTPServer>ConnectionString to open CyberTrace Web in browser.

    2. Start the CyberTrace service.

      Run the systemctl start cybertrace.service command.

    3. Using the address specified in Configuration>GUISettings>HTTPServer>ConnectionString, open CyberTrace Web and make sure that the Settings>Feeds page contains the new feed, and its settings are similar to settings on the DMZ host. Also, make sure that all other feeds are configured correctly.
    4. On the Settings>Feeds page, set Never in the Update frequency parameter.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.