We recommend that you integrate Kaspersky Threat Data Feeds with AlienVault USM / OSSIM by using Kaspersky CyberTrace.
Kaspersky CyberTrace for AlienVault USM / OSSIM (SIEM connector) allows you to check URLs, file hashes, and IP addresses contained in events that arrive in AlienVault USM / OSSIM. The URLs, file hashes, and IP addresses are checked against threat data feeds from Kaspersky Lab, or from other vendors or sources loaded to CyberTrace. During the matching process, Kaspersky CyberTrace determines the indicator category and generates an event supplemented with actionable context.
To integrate Kaspersky Threat Data Feeds using Kaspersky CyberTrace with AlienVault USM / OSSIM:
- Download and install Kaspersky CyberTrace for LogScanner.
- Configure Kaspersky CyberTrace for integration with AlienVault USM / OSSIM.
- Configure AlienVault USM / OSSIM to forward events to Kaspersky CyberTrace.
- Add Kaspersky CyberTrace event source to AlienVault USM / OSSIM.
After doing this, you can browse CyberTrace events that contain actionable information from Kaspersky Threat Data Feeds, as well as from other vendors or sources, in AlienVault USM / OSSIM. You can then use this information to identify existing breaches or newly launched attacks and inform your business or clients about the risks and implications associated with them.
Download this guide for detailed instructions on integrating Kaspersky Threat Data Feeds with AlienVault USM / OSSIM.
Download the integration materials: kaspersky_cyberTrace.zip
