How to add Kaspersky Threat Intelligence as threat feed manager in EventLog Analyzer
Objective
It's essential to have multiple threat feed managers integrated with a SIEM solution to detect threats in the production environment. This article shows you how to add Kaspersky Threat Intelligence as a threat feed manager in EventLog Analyzer.
Prerequisites
- Access to EventLog Analyzer console as an administrator or with the Manage Threat Feeds custom role.
- Ensure the EventLog Analyzer server allows the threat feed manager's endpoint root URL and any other API roots offered by the vendor.
Steps to follow
Step 1: Log in to EventLog Analyzer.
Step 2: Navigate to Settings > Admin settings > Threat Feeds > + Add New Server.
Step 3: In the Add Server window, use the Select Server drow-down to select Kaspersky Threat Intelligence and update the Username and Token.
Step 4: Click Test Connection to check the connectivity.
Step 5: For threat feed configuration, check with the vendor. Learn more about Kaspersky Threat Data Feeds.
Step 6: Use the Poll From drop-down to specify the start date from when the feeds should be collected.
Step 7: In the Schedule drop-down, select the schedule frequency and the time for syncing data from the TAXII server.
Step 8: To save the server configuration, click Add Server.
Tips
- Contact Kapersky for configuration steps and to get the list of URLs to be allowlisted for the air gap environment.
- You can enable Advanced Threat Analytics as an added privilege for scaling the threat detection mechanism.
Related topics and articles
New to ADSelfService Plus?
Related Articles
How to add Cyware Threat Intelligence Platform as a threat feed manager in EventLog Analyzer
Objective It is essential to have multiple threat feed managers integrated with a SIEM solution to detect threats in the production environment. This article focuses on how to add Cyware Threat Intelligence Platform as a threat feed manager in ...How to add Sectrio Threat Intelligence as threat feed manager in EventLog Analyzer?
Objective It is essential to have multiple threat feed managers integrated with a SIEM solution to detect the threats in the production environment. This article focuses on how to add Sectrio Threat Intelligence as a threat feed manager in EventLog ...How to add Pulsedive Threat Intelligence as a threat feed manager in EventLog Analyzer
Objective It's essential to have multiple threat feed managers integrated with a SIEM solution to detect threats in the production environment. This article shows you how to add Pulsedive Threat Intelligence as a threat feed manager in EventLog ...How to add the SecAlliance ThreatMatch Intelligence Portal as a threat feed manager in EventLog Analyzer In this article:
Objective It is essential to have multiple threat feed managers integrated with a SIEM solution to detect threats in the production environment. This article focuses on how to add the SecAlliance ThreatMatch Intelligence Portal as a threat feed ...How to add IBM X-Force as a threat feed manager in EventLog Analyzer
Objective It is essential to have multiple threat feed managers integrated with a SIEM solution to detect threats in the production environment. This article focuses on how to add IBM X-Force as a threat feed manager in EventLog Analyzer. ...