You can use common values to substitute current values in Kaspersky Industrial CyberSecurity for Networks. You can use common variables in the following settings:
Start entering the name of the variable beginning with the $ character and choose the appropriate common variable in the list that appears.
Depending on their purpose, common variables can be used to substitute values in various settings (see the table below).
Variable
|
Purpose
|
Where it is used
|
$communications
|
Strings describing network interactions (one line for each network interaction) indicating the protocol and addresses of the network packet source and destination.
|
- User-defined settings for registering events.
- Settings for forwarding events through a connector.
|
$dst_address
|
Address of the network packet destination (depending on the data available in the protocol, this can be an IP address, port number, MAC address and/or other address data).
|
- User-defined settings for registering events.
|
$extra.<paramName>
|
Additional variable added using the AddEventParam function for an external system or Lua script.
|
- User-defined settings for registering events.
|
$rule_max_value
|
Assigned maximum value in the Process Control rule.
|
- User-defined settings for registering events.
|
$rule_min_value
|
Assigned minimum value in the Process Control rule.
|
- User-defined settings for registering events.
|
$monitoring_point
|
Name of the monitoring point whose traffic invoked registration of the event.
|
- User-defined settings for registering events.
- Settings for forwarding events through a connector.
|
$occurred
|
Date and time of registration.
|
- User-defined settings for registering events.
- Settings for forwarding events through a connector.
- Settings for forwarding application messages through a connector.
- Settings for forwarding audit entries through a connector.
|
$protocol
|
Name of the application-layer protocol that was being monitored when the event was registered.
|
- User-defined settings for registering events.
|
$src_address
|
Address of the network packet source (depending on the data available in the protocol, this can be an IP address, port number, MAC address and/or other address data).
|
- User-defined settings for registering events.
|
$tags
|
List of all names and values of tags indicated in the Process Control rule.
|
- User-defined settings for registering events.
|
$technology_rule
|
Name of the rule in the event.
|
- User-defined settings for registering events.
- Settings for forwarding events through a connector.
|
$top_level_protocol
|
Name of the top-level protocol.
|
- User-defined settings for registering events.
|
$type_id
|
Code of the event type, application message, or audit entry.
|
- User settings for registering events (the
$event_type_id variable may also be used). - Settings for forwarding events through a connector.
- Settings for forwarding application messages through a connector.
- Settings for forwarding audit entries through a connector.
|
$rule_values
|
List of values of the Process Control rule (authorized or unauthorized).
|
- User-defined settings for registering events.
|
$closed
|
Date and time when the Resolved status was assigned or the date and time of the event regeneration period (for events that are not incidents), or the date and time of registration of the last event included in the incident (for incidents).
|
- Settings for forwarding events through a connector.
|
$count
|
Number of times an event or incident was triggered.
|
- Settings for forwarding events through a connector.
|
$description
|
Description
|
- Settings for forwarding events through a connector.
- Settings for forwarding application messages through a connector.
- Settings for forwarding audit entries through a connector.
|
$id
|
Unique ID of the registered event, application message, or audit entry.
|
- Settings for forwarding events through a connector.
- Settings for forwarding application messages through a connector.
- Settings for forwarding audit entries through a connector.
|
$message_category
|
Category of transmitted data (event, application message, or audit entry).
|
- Settings for forwarding events through a connector.
- Settings for forwarding application messages through a connector.
- Settings for forwarding audit entries through a connector.
|
$message_count
|
Number of transmitted events, application messages or audit entries.
|
- Settings for forwarding events through a connector.
- Settings for forwarding application messages through a connector.
- Settings for forwarding audit entries through a connector.
|
$messages
|
Template that consists of a block containing a list of data.
|
- Settings for forwarding events through a connector.
- Settings for forwarding application messages through a connector.
- Settings for forwarding audit entries through a connector.
|
$node
|
Node with the installed application component that sent the data.
|
- Settings for forwarding application messages through a connector.
- Settings for forwarding audit entries through a connector.
|
$result
|
Operation result in the audit entry.
|
- Settings for forwarding audit entries through a connector.
|
$score
|
Event score value.
|
- Settings for forwarding events through a connector.
|
$severity
|
Event severity level.
|
- Settings for forwarding events through a connector.
|
$status
|
Application message status.
|
- Settings for forwarding application messages through a connector.
|
$system_process
|
Application process that invoked message registration.
|
- Settings for forwarding application messages through a connector.
|
$technology
|
Technology associated with the event.
|
- Settings for forwarding events through a connector.
|
$title
|
Event title, message text, or registered action.
|
- Settings for forwarding events through a connector.
- Settings for forwarding application messages through a connector.
- Settings for forwarding audit entries through a connector.
|
$user
|
Name of the user that performed the registered action.
|
- Settings for forwarding audit entries through a connector.
|