Kaspersky CyberTrace App for Splunk provides the following features:
• Displays information about URLs, IP addresses, and file hashes contained in the events matched in Kaspersky CyberTrace on Splunk dashboards
• Supports alert templates that include information about trigger conditions.
• Quick integration of Kaspersky CyberTrace with your Splunk instance
• On-demand indicator lookup in Kaspersky CyberTrace from your Splunk instance
Please note that Kaspersky CyberTrace App for Splunk does not work without Kaspersky CyberTrace installed in your environment.
You can download Kaspersky CyberTrace from the following link
Note: Kaspersky CyberTrace contains a certificate for the demo version of Kaspersky Threat Data Feeds. These feeds do not require a commercial certificate. Demo feeds provide lower detection rates in comparison with their corresponding commercial versions. To obtain a certificate for the commercial versions of Kaspersky Threat Data Feeds, contact the Kaspersky Cybersecurity Service team (email@example.com).
Kaspersky CyberTrace allows you to check URLs, file hashes, and IP addresses contained in events that arrive in Splunk. The URLs, file hashes, and IP addresses are checked against threat data feeds from Kaspersky Lab, or feeds from other vendors or sources used by Kaspersky CyberTrace. During the matching process, Kaspersky CyberTrace determines the indicator category and generates an event enriched with actionable context.
Kaspersky CyberTrace key features are:
• CyberTrace is flexible and can be easily integrated into the existing infrastructure which allows you to avoid the challenges of integrating threat intelligence feeds with Splunk. CyberTrace integrates with any threat intelligence feed you might want to use (threat intelligence feeds from Kaspersky, other vendors, OSINT or your custom feeds) and uses all these feeds together.
• CyberTrace does not reduce the performance of the existing security controls and does not miss detections. The process of parsing and matching of the incoming data happens inside CyberTrace. This reduces the load on the existing SIEM solution. Kaspersky CyberTrace parses the incoming logs and events, matches the resulting data to feeds, and generates its own alerts on threat detection.
• CyberTrace helps to choose the better intelligence sources. CyberTrace helps to evaluate the effectiveness of the integrated threat intelligence feeds by providing detailed statistics on detections and allowing analysts to compare different threat intelligence sources in terms of their relevance to the company.
• CyberTrace helps to reduce the impact of false positives. By using CyberTrace, analysts can fight false positives by whitelisting certain IoCs and filtering threat intelligence feeds according to configurable filtering rules.
Watch the video to see how Kaspersky CyberTrace works.
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.