Kaspersky CyberTrace

About the standard integration scheme (RSA NetWitness)

27 February 2024

ID 173828

This section describes the standard integration scheme for RSA NetWitness and Kaspersky CyberTrace.

About the components of the standard integration scheme

The following components are used in the standard integration scheme for RSA NetWitness:

  • Kaspersky CyberTrace Service

    This service matches RSA NetWitness events against Kaspersky Threat Data Feeds.

  • RSA NetWitness

    The SIEM solution used in this integration.

  • Security controls

    These are sources of events for RSA NetWitness such as firewalls, proxies, intrusion detection systems, and other networking devices.

    Security controls can send events to RSA NetWitness by any method supported by RSA NetWitness.

Standard integration scheme

In the standard integration scheme, Kaspersky CyberTrace Service by default is configured to listen for incoming events from RSA NetWitness on 127.0.0.1:9999.

Kaspersky CyberTrace Service sends detection events to IP address 127.0.0.1 and port 514 of the interface defined in RSA configuration. The address of this interface is specified when you install Kaspersky CyberTrace. Security controls also send events to port 514 of the interface defined in the RSA NetWitness configuration.

Diagram of standard integration with RSA NetWitness.

Standard integration scheme for RSA NetWitness

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.