Contents
- API Reference
- Services
- Messages
- ApplicationLayerAddress
- Asset
- AssetAddress
- AssetsUpdatedAfterRequest
- CommunicationData
- ConfigurationMetadata
- Cookie
- DeviceAddress
- DictionaryRequest
- Event
- EventDescriptor
- EventId
- Filter (events)
- Filter (tags)
- FixedNetworkAddress
- HashIdValue
- ItemsByIdRequest
- ItemsRequest
- KscConfiguration
- MessageParameter
- NewGenericEvent
- PlcConfiguration
- ProtocolConfiguration
- RequestStateResponse
- SubscriptionRequest
- Tag
- TagBriefInfo
- TagDescriptor
- TagEvent
- TagsRequest
- TimeSpan
- TransmissionWindow
- TransportAddress
- Version
- Enumerations
API Reference
This chapter covers the application programming interface (API) of Kaspersky Industrial CyberSecurity for Networks API.
Services
This section contains descriptions of services provided by Kaspersky Industrial CyberSecurity for Networks API.
AssetProvider
Kaspersky Industrial CyberSecurity for Networks asset provider service.
Defined in
This service is defined in the asset_provider_service.proto file.
Syntax
service AssetProvider
{
rpc GetAssetsUpdatedAfter(AssetsUpdatedAfterRequest) returns(stream Asset);
}
Service methods
The AssetProvider service has the following service methods.
AssetProvider service methods
Name |
Request message |
Response message |
Description |
|---|---|---|---|
|
|
Returns a list of assets registered in Kaspersky Industrial CyberSecurity for Networks and updated after the time, specified in AssetsUpdatedAfterRequest method. |
ConfigurationProvider
Kaspersky Industrial CyberSecurity for Networks configuration provider service.
Defined in
This service is defined in the configuration_provider_service.proto file.
Syntax
service ConfigurationProvider
{
rpc GetKscConfiguration(google.protobuf.Empty) returns(KscConfiguration);
rpc GetConfigurationMetadata(google.protobuf.Empty) returns(ConfigurationMetadata);
rpc GetPlcConfiguration(google.protobuf.Empty) returns(stream PlcConfiguration);
rpc GetProtocolConfiguration(HashIdValue) returns(stream ProtocolConfiguration);
rpc GetTagsForPlc(HashIdValue) returns(stream TagDescriptor);
rpc GetTagsForProtocol(HashIdValue) returns(stream TagDescriptor);
rpc GetEventDescriptors(google.protobuf.Empty) returns(stream EventDescriptor);
}
Service methods
The ConfigurationProvider service has the following service methods.
ConfigurationProvider service methods
Name |
Request message |
Response message |
Description |
|---|---|---|---|
|
|
Returns configuration for Kaspersky Security Center agent. |
|
|
|
Returns current Kaspersky Industrial CyberSecurity for Networks configuration metadata. |
|
|
|
|
Returns a list of PLCs and information about them. |
|
|
Returns configuration for protocols of the specified PLC. |
|
|
|
Returns tag descriptors for the specified PLC. |
|
|
|
Returns tag descriptors for the specified protocol. |
|
|
|
|
Returns descriptors for event types. |
Remarks
If no configuration is loaded into Kaspersky Industrial CyberSecurity for Networks, calling ConfigurationProvider service methods results in an error.
DictionaryProvider
Dictionary provider service. This service provides dictionary values used by Kaspersky Industrial CyberSecurity for Networks.
Defined in
This service is defined in the dictionary_provider_service.proto file.
Syntax
service DictionaryProvider
{
rpc GetDictionary(DictionaryRequest) returns(stream google.protobuf.StringValue);
}
Service methods
The DictionaryProvider service has the following service methods.
DictionaryProvider service methods
Name |
Request message |
Response message |
Description |
|---|---|---|---|
|
|
Returns a stream of values in a specified dictionary. |
EventProvider
Event provider service.
Defined in
This service is defined in the event_provider_service.proto file.
Syntax
service EventProvider
{
rpc GetItem(EventId) returns(Event);
rpc RequestItems(Filter) returns(Cookie);
rpc GetItems(ItemsRequest) returns(stream Event);
rpc GetRequestState(Cookie) returns(RequestStateResponse);
rpc CancelItemsRequest(Cookie) returns(google.protobuf.Empty);
rpc GetItemsById(ItemsByIdRequest) returns(stream Event);
}
Service methods
The EventProvider service has the following service methods.
EventProvider service methods
Name |
Request message |
Response message |
Description |
|---|---|---|---|
|
Returns a single event according to its identifier. Receives the event identifier and returns an event with the specified identifier. |
||
|
Makes an asynchronous request for a specific number of events in a certain time span. Receives the parameters of an event request and returns a request cookie. |
||
|
|
Returns the results of an asynchronous request. Receives a request cookie and range parameters, and returns a stream of events. After the events are received, you must make a |
|
|
Returns the state of an asynchronous request. Receives a request cookie and returns the status of the request. |
||
|
|
Cancels the processing of an asynchronous request (if processing is not yet complete) and frees resources allocated for the request. Receives a request cookie. |
|
|
|
Returns a specified number of events starting from a certain event (but not including this event). Receives request parameters (filter, identifier of the starting event, and maximum number of events) and returns a stream of events. |
EventRegistrar
Service that registers events in Kaspersky Industrial CyberSecurity for Networks.
Defined in
This service is defined in the event_registrar_service.proto file.
Syntax
service EventRegistrar
{
rpc PostGenericEvents(stream NewGenericEvent) returns(google.protobuf.Empty);
}
Service methods
The EventRegistrar service has the following service methods.
EventRegistrar service methods
Name |
Request message |
Response message |
Description |
|---|---|---|---|
|
|
|
Registers one or more events. Receives a stream of events. |
ProductFacade
Kaspersky Industrial CyberSecurity for Networks version provider service.
Defined in
This service is defined in the product_facade_service.proto file.
Syntax
service ProductFacade
{
rpc GetVersion(google.protobuf.Empty) returns (Version);
}
Service methods
The ProductFacade service has the following service methods.
ProductFacade service methods
Name |
Request message |
Response message |
Description |
|---|---|---|---|
|
|
Returns version information. |
TagNotifier
Service that handles requests with tag change events from Kaspersky Industrial CyberSecurity for Networks. This service must be implemented on the client side.
Defined in
This service is defined in the tag_notifier_service.proto file.
Syntax
service TagNotifier
{
rpc OnNewTags(stream TagEvent) returns(google.protobuf.Empty);
}
Service methods
The TagNotifier service has the following service methods.
TagNotifier service methods
Name |
Request message |
Response message |
Description |
|---|---|---|---|
|
|
|
This method is called when a message with a tag change event is received. Receives a stream of tag events (tags and operation types). |
TagProvider
Service that provides information about tags and handles subscription to tag change events.
Defined in
This service is defined in the tag_provider_service.proto file.
Syntax
service TagProvider
{
rpc SubscribeTagNotifier(SubscriptionRequest) returns(Cookie);
rpc UnsubscribeNotifier(Cookie) returns(google.protobuf.Empty);
rpc GetTags(TagsRequest) returns(stream Tag);
}
Service methods
TagProvider service has the following service methods.
TagProvider service methods
Name |
Request message |
Response message |
Description |
|---|---|---|---|
|
Subscribes to tag change events. Receives subscription settings (address and filter) and returns the subscription cookie. |
||
|
|
Removes an existing subscription to tag change events. Receives a request cookie. |
|
|
|
Returns a collection of tags. Receives tag request and returns a continuous stream of tags. |
Messages
This section contains descriptions of messages provided by Kaspersky Industrial CyberSecurity for Networks API.
ApplicationLayerAddress
Application-level address.
Defined in
This message is defined in the event_provider.proto file.
Syntax
message ApplicationLayerAddress
{
string address = 1;
string protocol = 2;
string protocolStack = 3;
DirectionType direction = 4;
string addressName = 5;
}
Fields
This message has the following fields.
ApplicationLayerAddress message fields
Type |
Name |
Tag |
Description |
|---|---|---|---|
|
|
|
Application layer address. |
|
|
|
Protocol name. |
|
|
|
Protocol stack. |
|
|
Communication direction. |
|
|
|
|
Address name. |
Asset
Asset descriptor for the AssetProvider service.
Defined in
This message is defined in the asset_provider.proto file.
Syntax
message Asset
{
string name = 1;
uint64 assetId = 2;
AssetStatus status = 3;
repeated AssetAddress addresses = 4;
AssetCategory category = 5;
AssetSecurityStatus securityStatus = 7;
google.protobuf.Timestamp lastSeen = 8;
google.protobuf.Timestamp lastModified = 9;
google.protobuf.Timestamp creationDate = 10;
bool isRouter = 11;
string os = 12;
string vendor = 13;
string model = 14;
string networkName = 15;
repeated string labels = 16;
map<string, string> parameters = 17;
}
Fields
The Asset message has the following fields.
Asset message fields
Rule Field |
Type |
Name |
Tag |
Description |
|---|---|---|---|---|
|
|
|
|
Name of the asset. |
|
|
|
|
Asset identifier. |
|
|
|
Current status of the asset. |
|
|
|
4 |
MAC and IP addresses of the asset. |
|
|
|
|
Device category of the asset. |
|
|
|
7 |
Current security status of the asset. |
|
|
|
|
8 |
Time when asset was last seen. |
|
|
|
9 |
Time when asset was last modified. |
|
|
|
10 |
Time when asset was added to the asset table. |
|
|
|
11 |
This parameter denotes whether the asset is a routing device. |
|
|
|
12 |
Name of the operating system of the asset. |
|
|
|
13 |
Name of the asset manufacturer. |
|
|
|
14 |
Name of the asset model and version information. |
|
|
|
15 |
Name used to represent the asset in the network. |
|
|
|
16 |
A list of labels assigned to the asset. |
|
|
|
17 |
Any additional parameters of the asset returned in pairs "Key, Value". |
AssetAddress
Asset address information.
Defined in
This message is defined in the asset_provider.proto file.
Syntax
message AssetAddress
{
string mac = 1;
repeated string ips = 2;
}
Fields
The AssetAddress message has the following fields.
AssetAddress message fields
Rule Field |
Type |
Name |
Tag |
Description |
|---|---|---|---|---|
|
|
|
|
MAC address of an asset. |
|
|
|
|
IP address or addresses of an asset. |
AssetsUpdatedAfterRequest
A message to define a time stamp for AssetProvider service in order to receive a list of assets, that were updated after specified time.
Defined in
This message is defined in the asset_provider.proto file.
Syntax
message AssetsUpdatedAfterRequest
{
google.protobuf.Timestamp updateTimestamp = 1;
}
Fields
The AssetsUpdatedAfterRequest message has the following fields.
AssetsUpdatedAfterRequest message fields
Type |
Name |
Tag |
Description |
|---|---|---|---|
|
|
Leave this field empty to get all available assets. |
CommunicationData
Network address descriptor.
Defined in
This message is defined in the event_provider.proto file.
Syntax
message CommunicationData
{
FixedNetworkAddress base = 1;
ApplicationLayerAddress application = 2;
}
Fields
This message has the following fields.
CommunicationData message fields
Type |
Name |
Tag |
Description |
|---|---|---|---|
|
|
Transport layer network address. |
|
|
|
Application layer address. |
ConfigurationMetadata
Kaspersky Industrial CyberSecurity for Networks configuration metadata.
Defined in
This message is defined in the configuration_provider.proto file.
Syntax
message ConfigurationMetadata
{
string configurationVersion = 1;
string projectName = 2;
google.protobuf.Timestamp timestamp = 3;
string productVersion = 4;
}
Fields
The ConfigurationMetadata message has the following fields.
ConfigurationMetadata message fields
Type |
Name |
Tag |
Description |
|---|---|---|---|
|
|
|
Current configuration version. |
|
|
|
Configuration project name. |
|
|
|
Time stamp of the last configuration change. |
|
|
|
Current version of Kaspersky Industrial CyberSecurity for Networks installation package. |
Cookie
Request and subscription cookie descriptor.
Defined in
This message is defined in the common.proto file.
Syntax
message Cookie
{
uint64 cookie = 1;
}
Fields
The Cookie message has the following fields.
Cookie message fields
Type |
Name |
Tag |
Description |
|---|---|---|---|
|
|
|
Cookie value. |
DeviceAddress
Device-specific address.
Defined in
This message is defined in the configuration_provider.proto file.
Syntax
message DeviceAddress
{
uint32 rack = 1;
uint32 slot = 2;
}
Fields
The DeviceAddress message has the following fields.
DeviceAddress message fields
Type |
Name |
Tag |
Description |
|---|---|---|---|
|
|
|
Rack number. |
|
|
|
Slot number. |
DictionaryRequest
Request for dictionary values.
Defined in
This message is defined in the dictionary_provider_service.proto file.
Syntax
message DictionaryRequest
{
DictionaryType type = 1;
string valuePrefix = 2;
uint32 maxCount = 3;
}
Fields
The DictionaryRequest message has the following fields.
DictionaryRequest message fields
Type |
Name |
Tag |
Description |
|---|---|---|---|
|
|
Type of the dictionary. |
|
|
|
|
Prefix for required values. |
|
|
|
Maximum number of returned records. |
Event
Descriptor of an event or an incident. The incident is an event with child events.
Defined in
This message is defined in the event_provider.proto file.
Syntax
message Event
{
uint64 eventId = 1;
google.protobuf.Timestamp occurred = 3;
Technology technology = 5;
Severity severity = 6;
string title = 7;
string description = 8;
uint32 userMark = 13;
repeated MessageParameter extraParams = 14;
string monitoringPoint = 15;
string triggeredRuleId = 16;
Origin origin = 17;
uint64 eventTypeId = 18;
repeated CommunicationData communicationData = 22;
UserState userState = 23;
uint32 aggregateCount = 24;
google.protobuf.Timestamp closed = 25;
google.protobuf.Timestamp lastSeen = 26;
repeated uint64 children = 27;
}
Fields
The Event message has the following fields.
Event message fields
Rule Field |
Type |
Name |
Tag |
Description |
|---|---|---|---|---|
|
|
|
|
Event identifier. |
|
|
|
|
Time stamp when the event occurred. |
|
|
|
Analysis technology type associated with the event. |
|
|
|
|
Event severity. |
|
|
|
|
|
Event title. |
|
|
|
|
Event description. |
|
|
|
|
User mark. |
|
|
|
Extra parameters. |
|
|
|
|
|
Monitoring point that generated the event. |
|
|
|
|
Identifier of the rule that triggered the event. |
|
|
|
Event origin. |
|
|
|
|
|
Event type identifier. |
|
|
|
Stacks of protocols and network addresses associated with the event. |
|
|
|
|
Event status. |
|
|
|
|
|
Number of times the event was triggered. |
|
|
|
|
Time stamp when either the event received Resolved status or its timer stopped being regenerated. |
|
|
|
|
Time stamp when the event was last triggered. |
|
|
|
|
Child events added to an event (incident). |
EventDescriptor
Event type descriptor for configuration provider service.
Defined in
This message is defined in the configuration_provider.proto file.
Syntax
message EventDescriptor
{
uint64 eventTypeId = 1;
string eventTitle = 2;
string eventDescription = 3;
Severity severity = 4;
event_provider.Technology technology = 5;
}
Fields
The EventDescriptor message has the following fields.
EventDescriptor message fields
Type |
Name |
Tag |
Description |
|---|---|---|---|
|
|
|
Event type identifier. |
|
|
|
Title for events of this type. |
|
|
|
Description for events of this type. |
|
|
Severity for events of this type. |
|
|
|
Analysis technology type associated with events of this type. |
EventId
Request for an event by identifier.
Defined in
This message is defined in the common.proto file.
Syntax
message EventId
{
uint64 eventId = 1;
}
Fields
The EventId message has the following fields.
EventId message fields
Type |
Name |
Tag |
Description |
|---|---|---|---|
|
|
|
Identifier of an event. |
Filter (events)
Parameters of an asynchronous event request.
Defined in
This message is defined in the event_provider_service.proto file.
Syntax
message Filter
{
string filter = 1;
TimeSpan timeSpan = 2;
}
Fields
The Filter message has the following fields.
Filter message fields
Type |
Name |
Tag |
Description |
|---|---|---|---|
|
|
|
Filter for events. |
|
|
Time interval for requested events. |
Filter (tags)
Filter for tag subscription request.
Defined in
This message is defined in the tag_provider_service.proto file.
Syntax
message Filter
{
repeated uint64 tagIds = 1;
}
Fields
The Filter message has the following fields.
Filter message fields
Rule Field |
Type |
Name |
Tag |
Description |
|---|---|---|---|---|
|
uint64 |
|
|
Tag identifiers. |
FixedNetworkAddress
Transport layer network address descriptor.
Defined in
This message is defined in the event_provider.proto file.
Syntax
message FixedNetworkAddress
{
string srcMac = 1;
string srcPort = 2;
string srcIp = 3;
string dstMac = 4;
string dstPort = 5;
string dstIp = 6;
EthernetProtocolType etherType = 7;
Ipv4ProtocolType ipv4Type = 8;
string vlanId = 9;
}
Fields
This message has the following fields.
FixedNetworkAddress message fields
Type |
Name |
Tag |
Description |
|---|---|---|---|
|
|
|
Source MAC address. |
|
|
|
Source port. |
|
|
|
Source IP address. |
|
|
|
Destination MAC address. |
|
|
|
Destination port. |
|
|
|
Destination IP address. |
|
|
Ethernet protocol type. |
|
|
|
IPv4 protocol type. |
|
|
|
|
Virtual LAN (VLAN) identifier. |
HashIdValue
Descriptor of a request made by using a hash identifier.
Defined in
This message is defined in the configuration_provider_service.proto file.
Syntax
message HashIdValue
{
uint64 hashId = 1;
}
Fields
The HashIdValue message has the following fields.
HashIdValue message fields
Type |
Name |
Tag |
Description |
|---|---|---|---|
|
|
|
Hash identifier value. |
ItemsByIdRequest
Request of items by identifier.
Defined in
This message is defined in the common.proto file.
Syntax
message ItemsByIdRequest
{
string filter = 1;
uint64 startId = 2;
int32 maxCount = 3;
}
Fields
The ItemsByIdRequest message has the following fields.
ItemsByIdRequest message fields
Type |
Name |
Tag |
Description |
|---|---|---|---|
|
|
|
Filter for items. |
|
|
|
Identifier of the starting item (this item is not included). If this value is |
|
|
|
Maximum number of items that must be retrieved. |
ItemsRequest
Parameters for retrieving the results of an asynchronous events request.
Defined in
This message is defined in the event_provider_service.proto file.
Syntax
message ItemsRequest
{
Cookie cookie = 1;
TransmissionWindow window = 2;
}
Fields
The ItemsRequest message has the following fields.
ItemsRequest message fields
Type |
Name |
Tag |
Description |
|---|---|---|---|
|
|
Cookie of the request. |
|
|
|
Range of events to retrieve. |
KscConfiguration
Kaspersky Security Center agent configuration.
Defined in
This message is defined in the configuration_provider.proto file.
Syntax
message KscConfiguration
{
string filter = 1;
uint32 maxEventsPerDay = 2;
}
Fields
The KscConfiguration message has the following fields.
KscConfiguration message fields
Type |
Name |
Tag |
Description |
|---|---|---|---|
|
|
|
Filter for events. |
|
|
|
Maximum number of events to send to Kaspersky Security Center per day. |
MessageParameter
Named message parameter descriptor.
Defined in
This message is defined in the common.proto file.
Syntax
message MessageParameter
{
string name = 1;
oneof value
{
int64 int64Val = 2;
double doubleVal = 3;
string stringVal = 4;
bytes binaryVal = 5;
bool boolVal = 6;
}
}
Fields
The MessageParameter message has the following fields.
MessageParameter message fields
Rule Field |
Type |
Name |
Tag |
Description |
|---|---|---|---|---|
|
string |
|
|
Parameter name. |
|
|
|
|
Value of the parameter. |
|
|
|
|
Int64 value. |
|
|
|
|
Double value. |
|
|
|
|
String value. |
|
|
|
|
Binary value. |
|
|
|
|
Boolean value. |
NewGenericEvent
Generic event descriptor for event registrar service.
Defined in
This message is defined in the event_registrar.proto file.
Syntax
message NewGenericEvent
{
uint64 eventTypeId = 1;
google.protobuf.Timestamp occurred = 2;
string triggeredRule = 4;
repeated MessageParameter extraParams = 5;
}
Fields
The NewGenericEvent message has the following fields.
NewGenericEvent message fields
Rule Field |
Type |
Name |
Tag |
Description |
|---|---|---|---|---|
|
|
|
|
Identifier of the event type. |
|
|
|
|
Time stamp when the event occurred. |
|
|
|
|
Name of the triggered rule (if any). |
|
|
|
Optional message parameters. |
PlcConfiguration
Programmable logic controller (PLC) configuration.
Defined in
This message is defined in the configuration_provider.proto file.
Syntax
message PlcConfiguration
{
uint64 hashId = 1;
string plcType = 2;
string plcName = 3;
repeated uint64 plcProtos = 4;
}
Fields
The PlcConfiguration message has the following fields.
PlcConfiguration message fields
Rule Field |
Type |
Name |
Tag |
Description |
|---|---|---|---|---|
|
|
|
|
Unique identifier of the PLC. |
|
|
|
|
Type of the PLC. |
|
|
|
|
Name of the PLC. |
|
|
|
|
List of hash identifiers of the protocols configured for this PLC. |
ProtocolConfiguration
Protocol configuration descriptor.
Defined in
This message is defined in the configuration_provider.proto file.
Syntax
message ProtocolConfiguration
{
uint64 hashId = 1;
string protocolType = 2;
string protocolName = 3;
repeated TransportAddress transportAddresses = 4;
DeviceAddress deviceAddress = 5;
}
Fields
The ProtocolConfiguration message has the following fields.
ProtocolConfiguration message fields
Rule Field |
Type |
Name |
Tag |
Description |
|---|---|---|---|---|
|
|
|
|
Hash identifier of the protocol. |
|
|
|
|
Protocol type. |
|
|
|
|
Protocol name. |
|
|
|
Transport address of the protocol. |
|
|
|
|
Device-specific address of the protocol. |
RequestStateResponse
Status of an asynchronous event request.
Defined in
This message is defined in the event_provider_service.proto file.
Syntax
message RequestStateResponse
{
RequestState state = 2;
}
Fields
The RequestStateResponse message has the following fields.
RequestStateResponse message fields
Type |
Name |
Tag |
Description |
|---|---|---|---|
|
|
Request status. |
SubscriptionRequest
Tag subscription request parameters.
Defined in
This message is defined in the tag_provider_service.proto file.
Syntax
message SubscriptionRequest
{
string address = 1;
Filter filter = 2;
}
Fields
The SubscriptionRequest message has the following fields.
SubscriptionRequest message fields
Type |
Name |
Tag |
Description |
|---|---|---|---|
|
|
|
Address and port of the remote subscriber. |
|
|
Filter for tags (tag identifiers). If this field is empty, all tags are included in the subscription. |
Tag
Tag descriptor for the TagProvider service.
Defined in
This message is defined in the tag_provider.proto file.
Syntax
message Tag
{
uint64 id = 1;
google.protobuf.Timestamp timestamp = 2;
TagBriefInfo briefInfo = 3;
oneof value
{
bool boolVal = 20;
int64 int64Val = 21;
double doubleVal = 23;
string stringVal = 24;
bytes binaryVal = 25;
}
}
Fields
The Tag message has the following fields.
Tag message fields
Rule Field |
Type |
Name |
Tag |
Description |
|---|---|---|---|---|
|
uint64 |
|
|
Tag identifier. |
|
|
|
|
Time stamp when the tag was last encountered in the traffic. |
|
|
|
Information about the tag. Available only for the GetTags method of the TagProvider service. |
|
|
|
|
|
Value of the tag. |
|
|
|
|
Boolean value. |
|
|
|
|
Int64 value. |
|
|
|
|
Double value. |
|
|
|
|
String value. |
|
|
|
|
Binary value. |
TagBriefInfo
Information about a tag.
Defined in
This message is defined in the tag_provider.proto file.
Syntax
message TagBriefInfo
{
string name = 1;
string description = 2;
}
Fields
The TagBriefInfo message has the following fields.
TagBriefInfo message fields
Type |
Name |
Tag |
Description |
|---|---|---|---|
|
|
|
Tag name. |
|
|
|
Tag description. |
TagDescriptor
Tag descriptor for the ConfigurationProvider service.
Defined in
This message is defined in the configuration_provider.proto file.
Syntax
message TagDescriptor
{
uint64 tagId = 1;
string tagName = 2;
string tagDescription = 3;
string tagType = 4;
string measurementUnits = 5;
}
Fields
The TagDescriptor message has the following fields.
TagDescriptor message fields
Type |
Name |
Tag |
Description |
|---|---|---|---|
|
|
|
Tag identifier. |
|
|
|
Tag name. |
|
|
|
Tag description. |
|
|
|
Tag type. |
|
|
|
Measurement units for tag value. |
TagEvent
Descriptor of a tag event.
Defined in
This message is defined in the tag_notifier_service.proto file.
Syntax
message TagEvent
{
repeated Tag tags = 1;
Operation operation = 2;
google.protobuf.Timestamp timestamp = 3;
string monitoringPoint = 4;
}
Fields
The TagEvent message has the following fields.
TagEvent message fields
Rule Field |
Type |
Name |
Tag |
Description |
|---|---|---|---|---|
|
|
|
Tags associated with the tag event. |
|
|
|
|
Operation type of the tag event. |
|
|
|
|
|
Time stamp when the tags were last encountered in the traffic. |
|
|
|
|
Monitoring point where the tags were encountered in the traffic. |
TagsRequest
Request for tags.
Defined in
This message is defined in the tag_provider_service.proto file.
Syntax
message TagsRequest
{
string filter = 1;
}
Fields
The TagsRequest message has the following fields.
TagsRequest message fields
Type |
Name |
Tag |
Description |
|---|---|---|---|
|
|
|
Filter for tags. |
TimeSpan
Time interval for requested events.
Defined in
This message is defined in the event_provider_service.proto file.
Syntax
message TimeSpan
{
google.protobuf.Timestamp from = 1;
google.protobuf.Timestamp to = 2;
}
Fields
The TimeSpan message has the following fields.
TimeSpan message fields
Type |
Name |
Tag |
Description |
|---|---|---|---|
|
|
|
Time stamp of the start of the interval. The specified value is included in the interval. |
|
|
|
Time stamp of the end of the interval. The specified value is included in the interval. |
TransmissionWindow
Range of events for an asynchronous events request.
Defined in
This message is defined in the common.proto file.
Syntax
message TransmissionWindow
{
uint64 startIndex = 1;
uint32 maxCount = 2;
}
Fields
The TransmissionWindow message has the following fields.
TransmissionWindow message fields
Type |
Name |
Tag |
Description |
|---|---|---|---|
|
|
|
Index of the first item. |
|
|
|
Maximum count of items to retrieve. |
TransportAddress
Transport address descriptor.
Defined in
This message is defined in the configuration_provider.proto file.
Syntax
message TransportAddress
{
string mac = 1;
string ip = 3;
string port = 4;
string domainId = 5;
}
Fields
The TransportAddress message has the following fields.
TransportAddress message fields
Type |
Name |
Tag |
Description |
|---|---|---|---|
|
|
|
MAC address |
|
|
|
IP address |
|
|
|
Port |
|
|
|
Domain identifier |
Version
Information about the Kaspersky Industrial CyberSecurity for Networks version.
Defined in
This message is defined in the version.proto file.
Syntax
message Version
{
uint32 versionMajor = 1;
uint32 versionMinor = 2;
uint32 versionRelease = 3;
uint32 versionBuild = 4;
}
Fields
The Version message has the following fields.
Version message fields
Type |
Name |
Tag |
Description |
|---|---|---|---|
|
|
|
Major version number. |
|
|
|
Minor version number. |
|
|
|
Release version flag. |
|
|
|
Build number. |
Enumerations
This section contains descriptions of enumerations provided by Kaspersky Industrial CyberSecurity for Networks API.
AssetCategory
Asset category types.
Defined in
This enumeration is defined in the asset_provider.proto file.
Syntax
enum AssetCategory
{
Unused = 0;
ScadaHmi = 17;
Rpa = 18;
Server = 19;
Workstation = 20;
Plc = 21;
EngineeringStation = 22;
MobileDevice = 23;
NetworkDevice = 24;
Other = 25;
}
Fields
This enumeration defines the following values.
AssetCategory message fields
Name |
Value |
Description |
|---|---|---|
|
0 |
This value is returned when an asset doesn't have a specified category. |
|
17 |
Computers with installed software for human-machine interface (HMI) systems or SCADA systems. |
|
18 |
Intelligent electronic device (IED). |
|
19 |
Devices with server software installed. |
|
20 |
Desktop personal computers or operator workstations. |
|
21 |
Programmable logic controllers. |
|
22 |
Computers with installed software to be used by ICS engineers. |
|
23 |
Portable electronic devices with computer functionality. |
|
24 |
Network equipment (for example, routers, switches). |
|
25 |
Devices that do not fall into the categories described above. |
AssetSecurityStatus
Security types, assigned to an asset depending on the events associated with it.
Defined in
This enumeration is defined in the asset_provider.proto file.
Syntax
enum AssetSecurityStatus
{
UnknownAssetSecurityStatus = 0;
Ok = 1;
Warning = 2;
Critical = 3;
}
Fields
This enumeration defines the following values.
AssetSecurityStatus message fields
Name |
Value |
Description |
|---|---|---|
|
0 |
Security status of the asset is unknown. |
|
1 |
There are no unprocessed events associated with the asset or there are only events with the |
|
2 |
There are unprocessed events associated with the asset with the |
|
3 |
There are unprocessed events associated with the asset with the |
AssetStatus
Asset status types.
Defined in
This enumeration is defined in the asset_provider.proto file.
Syntax
enum AssetStatus
{
UnknownAssetStatus = 0;
Unauthorized = 1;
Recognized = 2;
Archived = 3;
}
Fields
This enumeration defines the following values.
AssetStatus message fields
Name |
Value |
Description |
|---|---|---|
|
0 |
Asset status is unknown. |
|
1 |
Asset has Unauthorized status. |
|
2 |
Asset has Recognized status. |
|
3 |
Asset has Archived status. |
DictionaryType
Kaspersky Industrial CyberSecurity for Networks dictionary types.
Defined in
This enumeration is defined in the dictionary_provider_service.proto file.
Syntax
enum DictionaryType
{
Protocols = 0;
Rules = 1;
MonitoringPoints = 2;
}
Values
This enumeration defines the following values.
DictionaryType enumeration values
Name |
Value |
Description |
|---|---|---|
|
|
Protocols dictionary. |
|
|
Rules dictionary. |
|
|
Monitoring points dictionary. |
DirectionType
Direction that communication takes.
Defined in
This enumeration is defined in the event_provider.proto file.
Syntax
enum DirectionType
{
Source = 0;
Destination = 1;
}
Values
This enumeration defines the following values.
DirectionType enumeration values
Name |
Value |
Description |
|---|---|---|
|
|
Source of the communication. |
|
|
Destination of the communication. |
EthernetProtocolType
Ethernet protocol types.
Defined in
This enumeration is defined in the event_provider.proto file.
Syntax
enum EthernetProtocolType
{
UnknownEthernetProtocolType = 0;
Ip = 1;
Arp = 2;
RevArp = 3;
At = 4;
AArp = 5;
Vlan = 6;
Ipx = 7;
IpV6 = 8;
Loopback = 9;
GooseEtherType = 10;
SampledValuesEtherType = 11;
ProfinetEtherType = 12;
OldVlan = 13;
Lldp = 14;
ProsoftSystemsDeviceDiscovery = 15;
}
Values
This enumeration defines the following values.
EthernetProtocolType enumeration values
Name |
Value |
Description |
|---|---|---|
|
|
Unknown ethernet protocol type. |
|
|
IP protocol. |
|
|
Address Resolution Protocol (ARP). |
|
|
Reverse ARP. |
|
|
AppleTalk protocol. |
|
|
AppleTalk ARP. |
|
|
IEEE 802.1Q VLAN tagging. |
|
|
IPX protocol. |
|
|
IP protocol version 6. |
|
|
Loopback. |
|
|
Goose. |
|
|
Sampled values. |
|
|
Profinet. |
|
|
VLAN protocol types. |
|
|
LLDP protocol type. |
|
|
Protocol type for discovering ProSoft devices. |
Ipv4ProtocolType
IP protocol types.
Defined in
This enumeration is defined in the event_provider.proto file.
Syntax
enum Ipv4ProtocolType
{
UnknownIpv4ProtocolType = 0;
Udp = 1;
Tcp = 2;
}
Values
This enumeration defines the following values.
IpProtocolType enumeration values
Name |
Value |
Description |
|---|---|---|
|
|
Unknown IPv4 protocol type. |
|
|
UDP protocol. |
|
|
TCP protocol. |
Operation
Operations associated with tags.
Defined in
This enumeration is defined in the tag_notifier_service.proto file.
Syntax
enum Operation
{
Read = 0;
Write = 1;
}
Values
This enumeration defines the following values.
Operation enumeration values
Name |
Value |
Description |
|---|---|---|
|
|
Read operation. |
|
|
Write operation. |
Origin
Event origins.
Defined in
This enumeration is defined in the event_provider.proto file.
Syntax
enum Origin
{
UnknownOrigin = 0;
System = 1;
User = 2;
}
Values
This enumeration defines the following values.
Origin enumeration values
Name |
Value |
Description |
|---|---|---|
|
|
Event has unknown origin. |
|
|
System origin. |
|
|
User origin. |
RequestState
Asynchronous request states.
Defined in
This enumeration is defined in the common.proto file.
Syntax
enum RequestState
{
InProgress = 0;
Completed = 1;
Cancelled = 2;
Failed = 3;
DataNotFound = 4;
}
Values
This enumeration defines the following values.
RequestState enumeration values
Name |
Value |
Description |
|---|---|---|
|
|
Request is in progress. |
|
|
Request was successfully completed. |
|
|
Request was canceled. |
|
|
Request failed. |
|
|
Request was successfully completed, but data was not found. |
Severity
Event severity types.
Defined in
This enumeration is defined in the common.proto file.
Syntax
enum Severity
{
Info = 0;
Warning = 1;
Critical = 2;
}
Values
This enumeration defines the following values.
Severity enumeration values
Name |
Value |
Description |
|---|---|---|
|
|
Information event. |
|
|
Warning event. |
|
|
Critical event. |
Technology
Analysis technology types associated with events.
Defined in
This enumeration is defined in the event_provider.proto file.
Syntax
enum Technology
{
Dpi = 0;
Nic = 1;
Ids = 2;
External = 3;
Cc = 4;
Am = 5;
}
Values
This enumeration defines the following values.
Technology enumeration values
Name |
Value |
Description |
|---|---|---|
|
|
Event was generated as a result of analysis with DPI technology (Deep Packet Inspection). |
|
|
Event was generated as a result of analysis with NIC technology (Network Integrity Control). |
|
|
Event was generated as a result of analysis with IDS technology (Intrusion Detection System). |
|
|
Event was generated as a result of analysis with External technology (EXT, external systems). |
|
|
Event was generated as a result of analysis with CC technology (Command Control). |
|
|
Event was generated as a result of analysis with AM technology (Asset Management). |
UserState
Status of an event.
Defined in
This enumeration is defined in the event_provider.proto file.
Syntax
enum UserState
{
Proposed = 0;
Active = 1;
Resolved = 2;
}
Values
This enumeration defines the following values.
UserState enumeration values
Name |
Value |
Description |
|---|---|---|
|
|
Corresponds to the New event status. It is automatically assigned to all events when they are registered in Kaspersky Industrial CyberSecurity for Networks. |
|
|
Corresponds to the In progress event status. It is assigned by a user to the events that are being processed. |
|
|
Corresponds to the Resolved event status. It is assigned by a user to the events that were processed. |