How to integrate Kaspersky Threat Data Feeds with FortiSIEM
Kaspersky CyberTrace for FortiSIEM (SIEM connector) allows you to check URLs, file hashes, and IP addresses contained in events that arrive in FortiSIEM. The URLs, file hashes, and IP addresses are checked against threat data feeds from Kaspersky Lab, or from other vendors or sources loaded to CyberTrace. During the matching process, Kaspersky CyberTrace determines the indicator category and generates an event supplemented with actionable context.
To integrate Kaspersky Threat Data Feeds using Kaspersky CyberTrace with FortiSIEM:
- Download and install Kaspersky CyberTrace for LogScanner. For details, see this article.
- Configure Kaspersky CyberTrace for integration with FortiSIEM.
- Configure forwarding events from FortiSIEM to Kaspersky CyberTrace.
- Configure sending events from Kaspersky CyberTrace and receiving them in FortiSIEM.
After this, you can browse CyberTrace events, that contains actionable information from Kaspersky Threat Data Feeds as well as from other vendors or sources, in FortiSIEM to identify existing breaches or newly launched attacks, and inform your business or clients about the risks and implications associated with the threat.
To download the guide which contains detailed instructions for integrating Kaspersky Threat Data Feeds with FortiSIEM, click the link that corresponds to your version: