Kaspersky CyberTrace

Step 6 (optional). Importing preconfigured charts and a dashboard to RSA NetWitness

27 February 2024

ID 167818

This section describes how you can import preconfigured charts and a dashboard to RSA NetWitness.

This step requires importing Kaspersky CyberTrace Service rules step to be completed.

Importing preconfigured charts

The distribution kit contains the CyberTrace_Charts.zip file. The CyberTrace_Charts.zip file contains preconfigured charts. These charts are used in a preconfigured dashboard.

You can import the CyberTrace_Charts.zip file in the same way as CyberTrace_Rules.zip, which contains rules.

After the CyberTrace_Charts.zip file is imported, specify the data source for each chart (specify either the Concentrator that receives events from Kaspersky CyberTrace Service or the Log Decoder that stores events from Kaspersky CyberTrace Service). To do this, for each chart click the Actions split button (Settings split button in RSA NetWitness.) and select Edit. Then in the Data Source field specify the data source and click Save.

Also, enable each chart: select the check boxes next to the chart names (or you can select the check box next to the Enabled column heading) and then click the Enable button (Enable window in RSA NetWitness (green circle on a grey background).).

Enabling charts in RSA NetWitness.

Enabling charts

Importing the Kaspersky CyberTrace dashboard

The distribution kit also contains the Kaspersky+CyberTrace.cfg file. This file contains a preconfigured dashboard, Kaspersky CyberTrace.

You can import the Kaspersky+CyberTrace.cfg file by clicking the Settings split button (Settings split button in RSA NetWitness.) in the Dashboard form and selecting Import. A dashlet form appears in the Dashboard form. After the CFG file is imported, configure the following dashlets: CyberTrace Detects Statistic, CyberTrace Top 10 URL, CyberTrace Top 10 Hash, and CyberTrace Top 10 IP.

The import instructions above are relevant for RSA NetWitness version 10.6. To import the Kaspersky CyberTrace.zip file in RSA NetWitness version 11.0, click the Import dashboard button (Importing dashboard button in RSA NetWitness.).

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.