Kaspersky CyberTrace

Adding actionable fields to a feed

27 February 2024

ID 195471

This section explains how to add extra fields to the outgoing events sent by Kaspersky CyberTrace. These settings are applied to the tenant that is selected in the drop-down list with all available tenants, in the upper-left area of the window.

About the actionable fields

Actionable fields are extra fields that you can insert into outgoing events apart from the context of feed records. You can use actionable fields to extract specific information from the context and pass it in separate fields.

Adding actionable fields

Actionable fields section in CyberTrace.

Managing actionable fields

To add actionable fields for a feed:

  1. Navigate to the Settings page.
  2. Open the Feeds tab.
  3. In the Filtering rules for feeds section, select the tab that contains the feed you need to configure.
  4. Locate a feed that you want to configure, and then expand its section.
  5. In the settings section for the individual feed, locate the Actionable fields section.
  6. Click the Add new field button to add a new actionable field.
  7. In the Field name text box, specify the name of a field in the original feed.

    If a feed record contains several equally named fields, and their name is mentioned in the actionable fields list, the outgoing event will contain all of the values, delimited by a semicolon in one field.

  8. In the Output text box, specify the name of the field, as it will be inserted into outgoing events.

    If the Output text box is empty, the field name in the outgoing event will be the same as the field name specified in the feed.

  9. Scroll to the bottom of the Feeds tab, and then click the Save button.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.