icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Kaspersky CyberTrace App for Splunk
SHA256 checksum (kaspersky-cybertrace-app-for-splunk_101.tgz) e3c172e9d9eaa76d0d4991ed3653da132596e4f54c247b04e8b7e4fd10fa791e
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

Kaspersky CyberTrace App for Splunk

Splunk AppInspect Passed
Kaspersky CyberTrace App for Splunk integrates Kaspersky CyberTrace into the Splunk environment. The app enables you to immediately leverage threat intelligence for security monitoring and IR activities in the existing security operations workflow of your company. Kaspersky CyberTrace allows to easily integrate any threat intelligence feeds you might want to use (threat intelligence feeds from Kaspersky Lab, other vendors, OSINT feeds or your custom feeds) with Splunk. As a result, you get the real-time awareness needed for highlighting risks and implications associated with security breaches. Also you can effectively mitigat cyber threats and defend against attacks even before they are launched.

About Kaspersky CyberTrace App for Splunk

Kaspersky CyberTrace App for Splunk provides the following features:
• Displays information about URLs, IP addresses, and file hashes contained in the events matched in Kaspersky CyberTrace on Splunk dashboards
• Supports alert templates that include information about trigger conditions.
• Quick integration of Kaspersky CyberTrace with your Splunk instance
• On-demand indicator lookup in Kaspersky CyberTrace from your Splunk instance

Please note that Kaspersky CyberTrace App for Splunk does not work without Kaspersky CyberTrace installed in your environment.

Kaspersky CyberTrace distribution kit

You can download Kaspersky CyberTrace from the following link

Note: Kaspersky CyberTrace contains a certificate for the demo version of Kaspersky Threat Data Feeds. These feeds do not require a commercial certificate. Demo feeds provide lower detection rates in comparison with their corresponding commercial versions. To obtain a certificate for the commercial versions of Kaspersky Threat Data Feeds, contact the Kaspersky Cybersecurity Service team (intelligence@kaspersky.com).

Kaspersky CyberTrace documentation

Kaspersky CyberTrace on-line documentation

Kaspersky CyberTrace key features

Kaspersky CyberTrace allows you to check URLs, file hashes, and IP addresses contained in events that arrive in Splunk. The URLs, file hashes, and IP addresses are checked against threat data feeds from Kaspersky Lab, or feeds from other vendors or sources used by Kaspersky CyberTrace. During the matching process, Kaspersky CyberTrace determines the indicator category and generates an event enriched with actionable context.

Kaspersky CyberTrace key features are:
• CyberTrace is flexible and can be easily integrated into the existing infrastructure which allows you to avoid the challenges of integrating threat intelligence feeds with Splunk. CyberTrace integrates with any threat intelligence feed you might want to use (threat intelligence feeds from Kaspersky, other vendors, OSINT or your custom feeds) and uses all these feeds together.

• CyberTrace does not reduce the performance of the existing security controls and does not miss detections. The process of parsing and matching of the incoming data happens inside CyberTrace. This reduces the load on the existing SIEM solution. Kaspersky CyberTrace parses the incoming logs and events, matches the resulting data to feeds, and generates its own alerts on threat detection.

• CyberTrace helps to choose the better intelligence sources. CyberTrace helps to evaluate the effectiveness of the integrated threat intelligence feeds by providing detailed statistics on detections and allowing analysts to compare different threat intelligence sources in terms of their relevance to the company.

• CyberTrace helps to reduce the impact of false positives. By using CyberTrace, analysts can fight false positives by whitelisting certain IoCs and filtering threat intelligence feeds according to configurable filtering rules.

Watch the video to see how Kaspersky CyberTrace works.

Release Notes

Version 1.0.1
May 14, 2019


Subscribe Share

AppInspect Tooling

Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
© 2005-2019 Splunk Inc. All rights reserved.
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.