Kaspersky CyberTrace

Limitations on Kaspersky CyberTrace Service incoming events

27 February 2024

ID 178566

Kaspersky CyberTrace Service processes events that are no larger than 64 kilobytes (KB). If an incoming event exceeds 64 KB, Kaspersky CyberTrace Service splits it into several events and processes them separately. Thus, an indicator can be split in two, and may not be extracted and checked.

We recommend that you configure the event source (the SIEM software) or the normalization rules, or both, so that incoming events will not exceed 64 KB in size.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.