Common variables for substituting values in Kaspersky Industrial CyberSecurity for Networks

You can use common values to substitute current values in Kaspersky Industrial CyberSecurity for Networks. You can use common variables in the following settings:

To insert a common variable into the entry field:

Start entering the name of the variable beginning with the $ character and choose the appropriate common variable in the list that appears.

Depending on their purpose, common variables can be used to substitute values in various settings (see the table below).

Common variables for value substitution

Variable

Purpose

Where it is used

$communications

Strings describing network interactions (one line for each network interaction) indicating the protocol and addresses of the network packet source and destination.

  • User settings for registering events.
  • Settings for forwarding events through a connector.

$dst_address

Address of the network packet destination (depending on the data available in the protocol, this can be an IP address, port number, MAC address and/or other address data).

  • User settings for registering events.

$extra.<paramName>

Additional variable added using the AddEventParam function for an external system or Lua script.

  • User settings for registering events.

$rule_max_value

Assigned maximum value in the Process Control rule.

  • User settings for registering events.

$rule_min_value

Assigned minimum value in the Process Control rule.

  • User settings for registering events.

$monitoring_point

Name of the monitoring point whose traffic invoked registration of the event.

  • User settings for registering events.
  • Settings for forwarding events through a connector.

$occurred

Date and time of registration.

  • User settings for registering events.
  • Settings for forwarding events through a connector.
  • Settings for forwarding application messages through a connector.
  • Settings for forwarding audit entries through a connector.

$protocol

Name of the application-layer protocol that was being monitored when the event was registered.

  • User settings for registering events.

$src_address

Address of the network packet source (depending on the data available in the protocol, this can be an IP address, port number, MAC address and/or other address data).

  • User settings for registering events.

$tags

List of all names and values of tags indicated in the Process Control rule.

  • User settings for registering events.

$technology_rule

Name of the rule in the event.

  • User settings for registering events.
  • Settings for forwarding events through a connector.

$top_level_protocol

Name of the top-level protocol.

  • User settings for registering events.

$type_id

Code of the event type, application message, or audit entry.

  • User settings for registering events (the $event_type_id variable may also be used).
  • Settings for forwarding events through a connector.
  • Settings for forwarding application messages through a connector.
  • Settings for forwarding audit entries through a connector.

$rule_values

List of values of the Process Control rule (authorized or unauthorized).

  • User settings for registering events.

$closed

Date and time when the Resolved status was assigned or the date and time of the event regeneration period (for events that are not incidents), or the date and time of registration of the last event included in the incident (for incidents).

  • Settings for forwarding events through a connector.

$count

Number of times an event or incident was triggered.

  • Settings for forwarding events through a connector.

$description

Description

  • Settings for forwarding events through a connector.
  • Settings for forwarding application messages through a connector.
  • Settings for forwarding audit entries through a connector.

$id

Unique ID of the registered event, application message, or audit entry.

  • Settings for forwarding events through a connector.
  • Settings for forwarding application messages through a connector.
  • Settings for forwarding audit entries through a connector.

$message_category

Category of transmitted data (event, application message, or audit entry).

  • Settings for forwarding events through a connector.
  • Settings for forwarding application messages through a connector.
  • Settings for forwarding audit entries through a connector.

$message_count

Number of transmitted events, application messages or audit entries.

  • Settings for forwarding events through a connector.
  • Settings for forwarding application messages through a connector.
  • Settings for forwarding audit entries through a connector.

$messages

Template that consists of a block containing a list of data.

  • Settings for forwarding events through a connector.
  • Settings for forwarding application messages through a connector.
  • Settings for forwarding audit entries through a connector.

$node

Node with the installed application component that sent the data.

  • Settings for forwarding application messages through a connector.
  • Settings for forwarding audit entries through a connector.

$result

Operation result in the audit entry.

  • Settings for forwarding audit entries through a connector.

$severity

Event severity level.

  • Settings for forwarding events through a connector.

$status

Application message status.

  • Settings for forwarding application messages through a connector.

$system_process

Application process that invoked message registration.

  • Settings for forwarding application messages through a connector.

$technology

Technology associated with the event.

  • Settings for forwarding events through a connector.

$title

Event title, message text, or registered action.

  • Settings for forwarding events through a connector.
  • Settings for forwarding application messages through a connector.
  • Settings for forwarding audit entries through a connector.

$user

Name of the user that performed the registered action.

  • Settings for forwarding audit entries through a connector.

Page top