You can use common values to substitute current values in Kaspersky Industrial CyberSecurity for Networks. You can use common variables in the following settings:
To insert a common variable into the entry field:
Start entering the name of the variable beginning with the $ character and choose the appropriate common variable in the list that appears.
Depending on their purpose, common variables can be used to substitute values in various settings (see the table below).
Common variables for value substitution
Variable |
Purpose |
Where it is used |
|
Strings describing network interactions (one line for each network interaction) indicating the protocol and addresses of the network packet source and destination. |
|
|
Address of the network packet destination (depending on the data available in the protocol, this can be an IP address, port number, MAC address and/or other address data). |
|
|
Additional variable added using the |
|
|
Assigned maximum value in the Process Control rule. |
|
|
Assigned minimum value in the Process Control rule. |
|
|
Name of the monitoring point whose traffic invoked registration of the event. |
|
|
Date and time of registration. |
|
|
Name of the application-layer protocol that was being monitored when the event was registered. |
|
|
Address of the network packet source (depending on the data available in the protocol, this can be an IP address, port number, MAC address and/or other address data). |
|
|
List of all names and values of tags indicated in the Process Control rule. |
|
|
Name of the rule in the event. |
|
|
Name of the top-level protocol. |
|
|
Code of the event type, application message, or audit entry. |
|
|
List of values of the Process Control rule (authorized or unauthorized). |
|
|
Date and time when the Resolved status was assigned or the date and time of the event regeneration period (for events that are not incidents), or the date and time of registration of the last event included in the incident (for incidents). |
|
|
Number of times an event or incident was triggered. |
|
|
Description |
|
|
Unique ID of the registered event, application message, or audit entry. |
|
|
Category of transmitted data (event, application message, or audit entry). |
|
|
Number of transmitted events, application messages or audit entries. |
|
|
Template that consists of a block containing a list of data. |
|
|
Node with the installed application component that sent the data. |
|
|
Operation result in the audit entry. |
|
|
Event severity level. |
|
|
Application message status. |
|
|
Application process that invoked message registration. |
|
|
Technology associated with the event. |
|
|
Event title, message text, or registered action. |
|
|
Name of the user that performed the registered action. |
|