K-Trace
1. Document Purpose
K-Trace is the Karios security operations console. It brings the security events reported by your host and network sensors into one place, so you can review detections, open and work incident cases, follow each case’s event trace, and act on enrichment and threat intelligence. This guide is for security analysts and security operations center (SOC) operators.
2. Document Scope
Security operations dashboard
Detections explorer
Incident cases and their lifecycle
Case event trace, enrichment, evidence, comments, and SLA tracking
Threat-intelligence indicators
Sensor health and Analyzer jobs (on-demand enrichment)
Trace inspector and the dead-letter queue
3. What K-Trace Is
K-Trace is Karios’s built-in security operations console: the place where your team detects, investigates, and resolves security incidents from a single screen.
It works in three stages:
Detect. K-Trace continuously collects security events from the sensors across your environment and raises a detection whenever activity looks suspicious.
Investigate. Case-worthy detections open incident cases. For every case, K-Trace automatically gathers enrichment (such as geolocation, WHOIS, and threat-intelligence matches) and keeps an event trace, so you can reconstruct exactly what happened.
Respond. Your team triages each case and drives it through a defined incident lifecycle to closure, tracking response-time targets along the way.
Built-in threat intelligence, sensor-health monitoring, on-demand
enrichment jobs, and a dead-letter queue for events that failed processing
support this workflow. Open K-Trace from the K-Trace entry in the Karios left
navigation, then follow the end-to-end path in Full K-Trace Workflow.
4. Before You Begin
Open K-Trace by selecting
K-Tracein the Karios left navigation rail; its side menu (Dashboard, Detections, Cases, and more) then appears.Access to K-Trace is role-gated. You need the relevant SIEM (security information and event management) permissions to view, create, triage, and close cases, and to read threat intelligence. Roles and permissions are assigned in User Management; if a tab or action is missing, ask your administrator to grant the relevant SIEM role there.
An evaluation deployment runs under an NFR (Not For Resale) Evaluation License, shown in the banner at the top of every K-Trace page. The red banner is informational; its
Manage licensebutton is an administrator action, not part of the analyst workflow.
For the full step-by-step workflow, see Full K-Trace Workflow.