Skip to main content

Cyware Threat Intelligence eXchange

Kaspersky

Connector Category: API Feed Source

About Integration

CTIX integrates with Kaspersky to provide security teams with reliable, immediate intelligence about cyber threats, legitimate objects, their interconnections, and indicators, enriched with actionable context to inform your business or clients about the associated risks and implications. You can mitigate and respond to threats more effectively, and defend your system against attacks even before they are launched.

  • Configure Kaspersky as an API Feed Source: Fetch hash, URL, and IP data feeds from Kaspersky.

    Use Cases

    • Leverage threat data feeds from various sources, enabling faster detection, prioritization, and timely response to cyber threats.

    • Provides real-time visibility to a significant percentage of all internet traffic targeting your industrial and Internet-of-Things (IoT) network components.

    • Generate and monitor advanced persistent feeds using a high fault-tolerance infrastructure to ensure continuous availability.

    Benefits

    • Effectively and efficiently diagnose and analyze security incidents and patterns on hosts and network systems, and prioritize signals from systems against unknown threats.

    • Perform an extensive search of threat indicators to prioritize attacks and focus on mitigating the threats even before they hit your organization.

Configure Kaspersky as an API Feed Source

Configure Kaspersky as an API feed source in CTIX to fetch data feeds from Kaspersky. CTIX analyses these data feeds for cyber threats, prioritize security alerts, and respond to them by blocking them.

Before you Start

  • You must have the base URL and the .PEM file.

  • You must have View Feed Sources, Create Feed Sources, and View & Update Feed Sources permissions.

  • You must have View API Feed permissions.

Steps

  1. Navigate to Administration, select Integration Management, and select APIs under FEED SOURCES.

  2. Click Add API Source.

  3. Search for Kaspersky and click on the app.

  4. Click Add Instance.

  5. Enter a unique name to identify the instance. For example, Prod-Kaspersky.

  6. Enter the base URL to directly connect to the application's server. The base URL is the consistent part of the website's address. For example, https://sitename.com/directoryname/.

  7. Upload the .PEM file to store SSL certificates and their associated private keys.

  8. Select Verify SSL to verify and secure the connection between the CTIX and Kaspersky servers.

    If you disable this option, CTIX may configure an instance for an expired SSL certificate. This may not establish the connection properly and CTIX will not be able to notify you in case of a broken or improper connection. It is recommended to select this option.

  9. Click Save.

You can configure multiple instances of this integration by clicking Manage and Add More on the Manage Instance screen.

To successfully configure the integration between CTIX and Kaspersky, follow the steps mentioned in API Integrations.