Download OpenAPI specification:Download
Public API for external connectors
All API methods must include the access token used to authenticate and authorize calls in the request header. Specifying an access token in a URI is not supported. Not specifying an access token in these cases results in a returned 401 error code.
Security Scheme Type | HTTP |
---|---|
HTTP Authorization Scheme | bearer |
Bearer format | "JWT" |
Product information - Kaspersky Industrial CyberSecurity for Networks release version and list of installed components and their versions.
You can get product version and component info from Kaspersky Industrial CyberSecurity for Networks by using the about API methods.
version required | string |
{- "version": "4.0.0.343",
- "updateableComponents": [
- {
- "type": "Icr",
- "releaseTime": "2022-08-21T23:00:07"
}, - {
- "type": "Idsir",
- "releaseTime": "2022-08-21T23:00:07"
}
]
}
Provides the capability for a recipient system to query information about single or multiple address spaces.
Returns a specified number of address spaces starting from a certain offset (but not including address spaces with specified offset).
You can specify filtering and paging options for address spaces.
By default, address spaces are not sorted. You should use {sort} property from argument to specify sort order.
Fields that can be used for filtering:
version required | string |
Query argument. This lets you define the parameters for filtering and sorting, the offset and maximum number of address spaces in the returned results.
filter | object Nullable Filtering parameters.
Example of a set of conditions with a nested conditions group in which the conditions are merged by OR, while the top-level conditions are merged by AND: |
Array of objects (ColumnOrderDto) Nullable Sorting results.
| |
offset | integer <int32> [ 0 .. 2147483647 ] Nullable 0-based index of the item in the full list where the results must begin.
|
limit | integer <int32> [ 0 .. 1000 ] Nullable Maximum number of items in the results.
|
{- "filter": [
- {
- "field": "Id",
- "condition": ">",
- "value": 12370
}, - {
- "field": "ReadOnly",
- "condition": "=",
- "value": false
}
], - "sort": [
- {
- "column": "Id",
- "direction": "Asc",
- "nullsBehaviour": null
}
], - "offset": 200,
- "limit": 100
}
{- "offset": 200,
- "limit": 100,
- "values": [
- {
- "id": 123456,
- "name": "AddressSpace1",
- "description": "AddressSpace1 description",
- "readOnly": false,
- "rules": [
- {
- "id": 2323,
- "description": "AddressSpaceRule description",
- "vlanType": "SpecificVlans",
- "subnetType": "L2AndL3",
- "trafficSource": "MonitoringPoints",
- "subnets": [
- {
- "from": "192.168.0.1",
- "to": "192.168.0.100"
}, - {
- "from": "10.16.0.0/16",
- "to": null
}
], - "vlans": [
- {
- "from": 1,
- "to": 10
}
], - "monitoringPoints": [
- {
- "id": 1
}
], - "eppProxyNodes": null,
- "activePollingConnectors": null
}
]
}
]
}
id required | integer <int64> >= 0 ID of the requested address space. |
version required | string |
{- "id": 123456,
- "name": "string",
- "description": "string",
- "readOnly": true,
- "rules": [
- {
- "id": 123456,
- "description": "string",
- "vlanType": "AnyVlanOrNoVlanTagged",
- "subnetType": "L2Only",
- "trafficSource": "MonitoringPoints",
- "subnets": [
- {
- "from": "string",
- "to": "string"
}
], - "vlans": [
- {
- "from": 0,
- "to": 0
}
], - "monitoringPoints": [
- {
- "id": 123456
}
], - "eppProxyNodes": [
- {
- "eppProxyId": 0
}
], - "activePollingConnectors": [
- {
- "id": 0
}
]
}
]
}
Allowing rules can be of the following types:
id required | integer <int64> >= 1 ID of the requested allowing rule. |
version required | string |
{- "commands": "ADD; CHECKPOINT LOAD; CHECKPOINT LOAD FINISH; CHECKPOINT LOAD INIT - RESPONSE; CHECKPOINT LOAD STOP",
- "protocols": "Foxboro FCP280/FCP270 - device interaction",
- "isDpiDetectable": false,
- "addressType": "Ip",
- "timestampCreated": "2020-10-26T10:15:06",
- "timestampModified": "2020-10-26T11:15:06",
- "monitoringPoint": "",
- "monitoringPointTimestampDeleted": null,
- "id": 12369,
- "isActive": true,
- "ruleType": "Nic",
- "side1": {
- "macAddressRanges": [
- {
- "from": "ff:ff:ff:ff:ff:ff",
- "to": "ff:ff:ff:ff:ff:ff"
}
], - "ipAddressRanges": [
- {
- "from": "1.1.1.1",
- "to": "1.1.1.10"
}
], - "portAddressRanges": [
- {
- "from": 8000,
- "to": 8080
}
], - "ipAddressSpaceIds": [
- 123,
- 567,
- 892
], - "macAddressSpaceIds": [
- 233,
- 577
]
}, - "side2": {
- "macAddressRanges": [
- {
- "from": "00:50:56:ac:b5:32",
- "to": "00:50:56:ac:b5:45"
}
], - "ipAddressRanges": [
- {
- "from": "1.1.1.1",
- "to": "1.1.1.10"
}, - {
- "from": "1.1.12.1",
- "to": "1.1.12.10"
}
], - "portAddressRanges": [ ],
- "ipAddressSpaceIds": [
- 0
], - "macAddressSpaceIds": [
- 0
]
}, - "comment": "",
- "isAutoGenerated": true,
- "eventType": "",
- "eventTypeId": 0,
- "triggeredRule": ""
}
You can edit allowing rule data in Kaspersky Industrial CyberSecurity for Networks by using this API.
id required | integer <int64> >= 1 ID of the edited allowing rule. |
version required | string |
Parameters of the edited allowing rule:
isActive required | boolean State of activity of allowing rule. |
{- "isActive": true
}
Returns a specified number of allowing rules starting from a certain offset (but not including rules with specified offset).
You can specify filtering and paging options for rules.
By default, allowing rules are not sorted. You should use {sort} property from argument to specify sort order.
Fields that can be used for filtering:
version required | string |
Query argument. This lets you define the parameters for filtering and sorting, the offset and maximum number of allowing rules in the returned results.
filter | object Nullable Filtering parameters.
Example of a set of conditions with a nested conditions group in which the conditions are merged by OR, while the top-level conditions are merged by AND: |
Array of objects (ColumnOrderDto) Nullable Sorting results.
| |
offset | integer <int32> [ 0 .. 2147483647 ] Nullable 0-based index of the item in the full list where the results must begin.
|
limit | integer <int32> [ 0 .. 1000 ] Nullable Maximum number of items in the results.
|
{- "filter": [
- {
- "field": "Id",
- "condition": ">",
- "value": 12370
}, - {
- "field": "EventType",
- "condition": "=",
- "value": "Nic"
}
], - "sort": [
- {
- "column": "Id",
- "direction": "Asc",
- "nullsBehaviour": null
}
], - "offset": 200,
- "limit": 100
}
{- "offset": 200,
- "limit": 100,
- "values": [
- {
- "commands": "ADD; CHECKPOINT LOAD; CHECKPOINT LOAD FINISH; CHECKPOINT LOAD INIT - RESPONSE; CHECKPOINT LOAD STOP",
- "protocols": "Foxboro FCP280/FCP270 - device interaction",
- "isDpiDetectable": false,
- "addressType": "Ip",
- "timestampCreated": "2020-10-26T10:15:06",
- "timestampModified": "2020-10-26T11:15:06",
- "monitoringPoint": "",
- "monitoringPointTimestampDeleted": null,
- "id": 12371,
- "isActive": true,
- "ruleType": "Nic",
- "side1": {
- "macAddressRanges": [
- {
- "from": "ff:ff:ff:ff:ff:ff",
- "to": "ff:ff:ff:ff:ff:ff"
}
], - "ipAddressRanges": [
- {
- "from": "1.1.1.1",
- "to": "1.1.1.10"
}
], - "portAddressRanges": [
- {
- "from": 8000,
- "to": 8080
}
], - "ipAddressSpaceIds": [
- 123,
- 567,
- 892
], - "macAddressSpaceIds": [
- 233,
- 577
]
}, - "side2": {
- "macAddressRanges": [
- {
- "from": "00:50:56:ac:b5:32",
- "to": "00:50:56:ac:b5:45"
}
], - "ipAddressRanges": [
- {
- "from": "1.1.1.1",
- "to": "1.1.1.10"
}, - {
- "from": "1.1.12.1",
- "to": "1.1.12.10"
}
], - "portAddressRanges": [ ],
- "ipAddressSpaceIds": [
- 0
], - "macAddressSpaceIds": [
- 0
]
}, - "comment": "",
- "isAutoGenerated": true,
- "eventType": "",
- "eventTypeId": 0,
- "triggeredRule": ""
}
]
}
The application message log stores information about errors in application operation and about errors in operations performed by system processes of Kaspersky Industrial CyberSecurity for Networks.
You can get application messages from Kaspersky Industrial CyberSecurity for Networks by using the application messages API methods.
Returns a specified number of application messages starting from a certain offset (but not including application message with specified offset).
You can specify filtering and paging options for application messages.
By default, application messages are not sorted. You should use {sort} property from argument to specify sort order.
Fields that can be used for filtering:
version required | string |
Query argument. This lets you define the parameters for filtering and sorting, the offset and maximum number of events in the returned results.
filter | object Nullable Filtering parameters.
Example of a set of conditions with a nested conditions group in which the conditions are merged by OR, while the top-level conditions are merged by AND: |
Array of objects (ColumnOrderDto) Nullable Sorting results.
| |
offset | integer <int32> [ 0 .. 2147483647 ] Nullable 0-based index of the item in the full list where the results must begin.
|
limit | integer <int32> [ 0 .. 1000 ] Nullable Maximum number of items in the results.
|
{- "filter": [
- {
- "field": "Id",
- "condition": ">",
- "value": 12370
}, - {
- "field": "Status",
- "condition": "=",
- "value": "CriticalMalfunction"
}
], - "sort": [
- {
- "column": "Id",
- "direction": "Asc",
- "nullsBehaviour": null
}
], - "offset": 200,
- "limit": 100
}
{- "offset": 200,
- "limit": 100,
- "values": [
- {
- "id": 12345,
- "date": "2020-10-27T14:32:25Z",
- "status": "CriticalMalfunction",
- "node": "Server1",
- "systemProcess": "Filter",
- "descriptionId": 2324,
- "description": "Something happened"
}
]
}
Kaspersky Industrial CyberSecurity for Networks can save information about actions performed by users in the application.
Information is saved in the audit log if user activity audit is enabled.
You can get audit entries from Kaspersky Industrial CyberSecurity for Networks by using the audit messages API methods.
Returns a specified number of audit entries starting from a certain offset (but not including audit entry with specified offset).
You can specify filtering and paging options for audit entries.
By default, audit entries are not sorted. You should use {sort} property from argument to specify sort order.
Fields that can be used for filtering:
version required | string |
Query argument. This lets you define the parameters for filtering and sorting, the offset and maximum number of events in the returned results.
filter | object Nullable Filtering parameters.
Example of a set of conditions with a nested conditions group in which the conditions are merged by OR, while the top-level conditions are merged by AND: |
Array of objects (ColumnOrderDto) Nullable Sorting results.
| |
offset | integer <int32> [ 0 .. 2147483647 ] Nullable 0-based index of the item in the full list where the results must begin.
|
limit | integer <int32> [ 0 .. 1000 ] Nullable Maximum number of items in the results.
|
{- "filter": [
- {
- "field": "Id",
- "condition": ">",
- "value": 12370
}, - {
- "field": "Result",
- "condition": "=",
- "value": "Success"
}
], - "sort": [
- {
- "column": "Id",
- "direction": "Asc",
- "nullsBehaviour": null
}
], - "offset": 200,
- "limit": 100
}
{- "offset": 200,
- "limit": 100,
- "values": [
- {
- "id": 12335,
- "date": "2020-10-27T14:32:25Z",
- "node": "Server1",
- "user": "Adam",
- "action": "Some user action",
- "result": "Success",
- "description": "Very long description text"
}
]
}
Kaspersky Industrial CyberSecurity for Networks provides the capability for a Connector to query its configuration.
You can get connector configuration information from Kaspersky Industrial CyberSecurity for Networks by using the configuration API methods.
{- "config": "- type: string\n name: address\n default: yes\n max_len: 1024\n- type: uint\n name: portNumber\n range: {from: 0, to: 65535}\n default: yes\n default_value: 0\n- type: string\n name: transportProtocol\n loc: yes\n values: [TCP, UDP]\n default: yes",
- "eventTypesToSend": [
- 3
], - "forwardAppMessages": true,
- "forwardAuditMessages": false
}
Devices, connected to the industrial network. Kaspersky Industrial CyberSecurity for Networks monitors their activity and updates information about them, making it easier for an administrator to make security-related decisions.
You can get a list of devices and their protocols from Kaspersky Industrial CyberSecurity for Networks by using devices API methods.
In addition to getting devices from Kaspersky Industrial CyberSecurity for Networks, you can create your own devices in Kaspersky Industrial CyberSecurity for Networks, edit and remove them.
Returns a specified number of devices starting from a certain offset (but not including device with specified offset).
You can specify filtering and paging options for devices.
By default, devices are not sorted. You should use {sort} property from argument to specify sort order.
Fields that can be used for filtering:
version required | string |
Query argument. This lets you define the parameters for filtering and sorting, the offset and maximum number of events in the returned results.
filter | object Nullable Filtering parameters.
Example of a set of conditions with a nested conditions group in which the conditions are merged by OR, while the top-level conditions are merged by AND: |
Array of objects (ColumnOrderDto) Nullable Sorting results.
| |
offset | integer <int32> [ 0 .. 2147483647 ] Nullable 0-based index of the item in the full list where the results must begin.
|
limit | integer <int32> [ 0 .. 1000 ] Nullable Maximum number of items in the results.
|
{- "filter": [
- {
- "field": "Id",
- "condition": ">",
- "value": 12370
}, - {
- "field": "Category",
- "condition": "=",
- "value": "Plc"
}
], - "sort": [
- {
- "column": "Id",
- "direction": "Asc",
- "nullsBehaviour": null
}
], - "offset": 200,
- "limit": 100
}
{- "offset": 200,
- "limit": 100,
- "values": [
- {
- "id": 123456,
- "name": "BoilerPlc",
- "description": "Very long description text",
- "status": "Recognized",
- "addressInformation": [
- {
- "networkInterfaceId": 32424,
- "networkInterfaceName": "ens32",
- "macAddress": "ff:aa:bb:cc:dd:ee",
- "macAddressSpaceId": 1,
- "ipAddresses": [
- {
- "id": 121212,
- "ip": "192.168.0.20",
- "addressSpaceId": 1
}, - {
- "id": 121213,
- "ip": "192.168.0.21",
- "addressSpaceId": 5
}
]
}, - {
- "networkInterfaceId": 32425,
- "networkInterfaceName": "Name",
- "macAddress": "ee:aa:bb:cc:dd:ee",
- "macAddressSpaceId": null,
- "ipAddresses": [
- {
- "id": 121214,
- "ip": "192.168.1.21",
- "addressSpaceId": 3
}
]
}
], - "category": "Plc",
- "categoryConfidence": 100,
- "group": "group1",
- "securityState": "Critical",
- "influence": "Normal",
- "lastSeen": "2020-12-15T11:17:12",
- "lastModified": "2020-11-14T10:16:11",
- "created": "2020-10-26T10:15:06",
- "os": "Linux",
- "osConfidence": 200,
- "networkName": "factory-net",
- "networkNameConfidence": 200,
- "hardwareVendor": "Siemens",
- "hardwareVendorConfidence": 200,
- "hardwareModel": "S7-1500",
- "hardwareModelConfidence": 200,
- "hardwareVersion": "3.51",
- "hardwareVersionConfidence": 200,
- "softwareVendor": "SomeCompany",
- "softwareVendorConfidence": 200,
- "softwareModel": "FirmwareOs1",
- "softwareModelConfidence": 200,
- "softwareVersion": "1.23",
- "softwareVersionConfidence": 200,
- "isRouter": false,
- "isRouterConfidence": 200,
- "labels": [
- "label1",
- "label2"
], - "risks": [
- {
- "id": 122334,
- "name": "Risk name 1",
- "category": "TechnologicalRisk",
- "state": "Accepted",
- "baseScore": 5.5,
- "score": 6.1,
- "typeId": null
}, - {
- "id": 122334,
- "name": "Risk name 2",
- "category": "Vulnerability",
- "state": "Active",
- "baseScore": 7.1,
- "score": 8,
- "typeId": null
}
], - "processControlSettings": {
- "deviceType": "Siemens Simatic S-1500",
- "protocols": [
- {
- "id": 123123,
- "name": "S7CommOverTcp",
- "protocolStackId": 2,
- "systemCommands": {
- "total": 23,
- "monitored": 7
}, - "addresses2": [
- {
- "addressConfig": "{ \"ip\": \"192.168.0.20\", \"port\": 102, \"rack\": 0, \"slot\": 2 }",
- "ipAddressSpaceId": 1,
- "macAddressSpaceId": 1
}
]
}, - {
- "id": 123123,
- "name": "IndustrialEthernet",
- "protocolStackId": 12,
- "systemCommands": {
- "total": 25,
- "monitored": 9
}, - "addresses2": [
- {
- "addressConfig": "{ \"mac\": \"ff:aa:bb:cc:dd:ee\", \"rack\": 0, \"slot\": 2 }",
- "ipAddressSpaceId": 2,
- "macAddressSpaceId": 2
}
]
}
]
}, - "attributes": [
- {
- "name": "name1",
- "value": "value1",
- "isAutoupdated": false,
- "confidence": 1
}, - {
- "name": "name2",
- "value": "value2",
- "isAutoupdated": true,
- "confidence": 2
}
], - "userAttributes": [
- {
- "name": "nameU1",
- "value": "valueU1"
}, - {
- "name": "nameU2",
- "value": "valueU2"
}
], - "epp": {
- "name": "KICS",
- "lastSync": "2021-08-01T00:00:01",
- "rtpState": "Running",
- "keaVersion": "1.2",
- "version": "3.4.5",
- "licenses": [
- {
- "serialNumber": "xx.yy.zz",
- "status": "Active",
- "expirationDate": "2022-01-01T00:00:00"
}, - {
- "serialNumber": "ww.ww.ww",
- "status": "Reserved",
- "expirationDate": "2023-01-01T00:00:00"
}
], - "basesVersion": "2021-07-01T10:11:12"
}
}
]
}
id required | integer <int64> >= 1 ID of the requested event. |
version required | string |
{- "id": 123456,
- "name": "BoilerPlc",
- "description": "Very long description text",
- "status": "Recognized",
- "addressInformation": [
- {
- "networkInterfaceId": 32424,
- "networkInterfaceName": "ens32",
- "macAddress": "ff:aa:bb:cc:dd:ee",
- "macAddressSpaceId": 1,
- "ipAddresses": [
- {
- "id": 121212,
- "ip": "192.168.0.20",
- "addressSpaceId": 1
}, - {
- "id": 121213,
- "ip": "192.168.0.21",
- "addressSpaceId": 2
}
]
}, - {
- "networkInterfaceId": 32425,
- "networkInterfaceName": "Name",
- "macAddress": "ee:aa:bb:cc:dd:ee",
- "macAddressSpaceId": 1,
- "ipAddresses": [
- {
- "id": 121214,
- "ip": "192.168.1.21",
- "addressSpaceId": 1
}
]
}
], - "category": "Plc",
- "categoryConfidence": 100,
- "group": "group1",
- "securityState": "Critical",
- "influence": 0,
- "lastSeen": "2020-12-15T11:17:12",
- "lastModified": "2020-11-14T10:16:11",
- "created": "2020-10-26T10:15:06",
- "os": "Linux",
- "osConfidence": 200,
- "networkName": "factory-net",
- "networkNameConfidence": 200,
- "hardwareVendor": "Siemens",
- "hardwareVendorConfidence": 200,
- "hardwareModel": "S7-1500",
- "hardwareModelConfidence": 200,
- "hardwareVersion": "3.51",
- "hardwareVersionConfidence": 200,
- "softwareVendor": "SomeCompany",
- "softwareVendorConfidence": 200,
- "softwareModel": "FirmwareOs1",
- "softwareModelConfidence": 200,
- "softwareVersion": "1.23",
- "softwareVersionConfidence": 200,
- "isRouter": false,
- "isRouterConfidence": 200,
- "labels": [
- "label1",
- "label2"
], - "risks": [
- {
- "id": 122334,
- "name": "Risk name 1",
- "category": "TechnologicalRisk",
- "state": "Accepted",
- "baseScore": 5.5,
- "score": 6.1,
- "typeId": null
}, - {
- "id": 122334,
- "name": "Risk name 2",
- "category": "Vulnerability",
- "state": "Active",
- "baseScore": 7.1,
- "score": 8,
- "typeId": null
}
], - "processControlSettings": {
- "deviceType": "Siemens Simatic S-1500",
- "protocols": [
- {
- "id": 123123,
- "name": "S7CommOverTcp",
- "protocolStackId": 2,
- "systemCommands": {
- "total": 23,
- "monitored": 7
}, - "addresses2": [
- {
- "addressConfig": "{ \"ip\": \"192.168.0.20\", \"port\": 102, \"rack\": 0, \"slot\": 2 }",
- "ipAddressSpaceId": 1,
- "macAddressSpaceId": 1
}
]
}, - {
- "id": 123123,
- "name": "IndustrialEthernet",
- "protocolStackId": 12,
- "systemCommands": {
- "total": 25,
- "monitored": 9
}, - "addresses2": [
- {
- "addressConfig": "{ \"mac\": \"ff:aa:bb:cc:dd:ee\", \"rack\": 0, \"slot\": 2 }",
- "ipAddressSpaceId": 2,
- "macAddressSpaceId": 2
}
]
}
]
}, - "attributes": [
- {
- "name": "name1",
- "value": "value1",
- "isAutoupdated": false,
- "confidence": 1
}, - {
- "name": "name2",
- "value": "value2",
- "isAutoupdated": true,
- "confidence": 2
}
], - "userAttributes": [
- {
- "name": "nameU1",
- "value": "valueU1"
}, - {
- "name": "nameU2",
- "value": "valueU2"
}
], - "epp": {
- "name": "KICS",
- "lastSync": "2021-08-01T00:00:01",
- "rtpState": "Running",
- "keaVersion": "1.2",
- "version": "3.4.5",
- "licenses": [
- {
- "serialNumber": "xx.yy.zz",
- "status": "Active",
- "expirationDate": "2022-01-01T00:00:00"
}, - {
- "serialNumber": "ww.ww.ww",
- "status": "Reserved",
- "expirationDate": "2023-01-01T00:00:00"
}
], - "basesVersion": "2021-07-01T10:11:12"
}
}
id required | integer <int64> >= 1 ID of the device. |
version required | string |
dontBreakOnFailure | boolean Default: false Continue other operations if one of them failed. |
sourceId | integer <int64> External source identifier. |
Field operations.
op | string (PatchOperationType) Enum: "Add" "Remove" "Replace" "Test" |
path required | string^(\/\w+)*(\/-)?$ |
value | object Nullable |
[- {
- "op": "Add",
- "path": "string",
- "value": { }
}
]
[- {
- "result": "Succeeded",
- "op": "Add",
- "path": "string",
- "value": { }
}
]
You can edit device data in Kaspersky Industrial CyberSecurity for Networks by using this API.
id required | integer <int64> >= 1 ID of the edited device. |
version required | string |
Parameters of the edited device.
allowProcessControlSettingsUpdate required | boolean Allow editing of industrial configuration. |
name required | string <= 8192 characters Unique name of the device. |
required | Array of objects (DeviceAddressInformation) non-empty MAC and IP addresses of the device. |
description | string <= 65536 characters Nullable Description of the device. |
status | string (AssetStatus) Enum: "Unauthorized" "Recognized" "Archived" |
category | string (AssetType) Enum: "ScadaHmi" "Rpa" "Server" "Workstation" "Plc" "EngineeringStation" "MobileDevice" "NetworkDevice" "Other" "Laptop" "HmiPanel" "Printer" "UPS" "NetworkCamera" "Gateway" "StorageSystem" "Firewall" "Switch" "VirtualSwitch" "Router" "VirtualRouter" "WiFi" "Historian" |
os | string <= 65536 characters Nullable Name of the operating system of the device. |
hardwareVendor | string <= 65536 characters Nullable Name of the device manufacturer. |
hardwareModel | string <= 65536 characters Nullable Device hardware model. |
hardwareVersion | string <= 65536 characters Nullable Device hardware version. |
softwareVendor | string <= 65536 characters Nullable Device software vendor. |
softwareModel | string <= 65536 characters Nullable Device software model. |
softwareVersion | string <= 65536 characters Nullable Device software version. |
networkName | string <= 65536 characters Nullable Name used to represent the device in the network. |
isRouter | boolean This parameter denotes whether the device is a routing device. |
influence | string (DeviceInfluenceType) Enum: "BusinessCritical" "Important" "Normal" |
labels | Array of strings Nullable A list of labels assigned to the device. |
Array of objects (DeviceUserAttributeData) Nullable Any user additional parameters of the device returned in pairs "Name, Value". |
{- "allowProcessControlSettingsUpdate": true,
- "name": "BoilerPlc",
- "addressInformation": [
- {
- "networkInterfaceId": 123409,
- "networkInterfaceName": null,
- "macAddress": "11:22:33:44:55:66",
- "macAddressSpaceId": null,
- "ipAddresses": [
- {
- "id": 101,
- "ip": "1.2.3.4",
- "addressSpaceId": null
}, - {
- "id": 102,
- "ip": "1.2.3.5",
- "addressSpaceId": null
}
]
}
], - "description": "Very long description text",
- "status": "Recognized",
- "category": "NetworkDevice",
- "os": "Linux",
- "hardwareVendor": "Siemens",
- "hardwareModel": "S7-1500",
- "hardwareVersion": "3.51",
- "softwareVendor": "SomeCompany",
- "softwareModel": "FirmwareOs1",
- "softwareVersion": "1.23",
- "networkName": "factory-net",
- "isRouter": false,
- "influence": 0,
- "labels": [
- "label1",
- "label2"
], - "userAttributes": [
- {
- "name": "name1",
- "value": "value1"
}, - {
- "name": "name2",
- "value": "value2"
}
]
}
{- "status": "Error",
- "errors": [
- {
- "field": "ip",
- "path": "addressInformation/ipAddresses[0]",
- "errorMessage": "Wrong ip address format"
}
]
}
id required | integer <int64> >= 1 ID of the device. |
version required | string |
mode required | string (AssignIndustrialConfigMode) Enum: "Replace" "Merge" Mode of assignment industrial configuration. |
config required | string <binary> |
{- "addedTags": 10,
- "tagErrors": 0,
- "removedTags": 5,
- "replacedTags": 5,
- "removedRules": 1
}
id required | integer <int64> >= 1 ID of the device whose protocols are being queried. |
version required | string |
[- {
- "id": 12345,
- "name": "ModbusTcp",
- "protocolStackId": 1,
- "systemCommands": {
- "total": 15,
- "monitored": 3
}, - "addresses2": [
- {
- "addressConfig": "{ \"ip\": \"192.168.0.7\", \"port\": 502, \"unit\": 0 }",
- "ipAddressSpaceId": 1,
- "macAddressSpaceId": 1
}, - {
- "addressConfig": "{ \"ip\": \"192.168.0.8\", \"port\": 502, \"unit\": 0 }",
- "ipAddressSpaceId": 2,
- "macAddressSpaceId": 2
}
]
}
]
You can create devices in Kaspersky Industrial CyberSecurity for Networks by using this API.
version required | string |
Parameters of the created device.
whatIfDuplicate required | string (DuplicateAction) Enum: "Skip" "Overwrite" |
allowProcessControlSettingsLoss required | boolean Allow loss of industrial configuration. |
name required | string <= 8192 characters Unique name of the device. |
required | Array of objects (DeviceAddressInformation) non-empty MAC and IP addresses of the device. |
description | string <= 65536 characters Nullable Description of the device. |
status | string (AssetStatus) Enum: "Unauthorized" "Recognized" "Archived" |
category | string (AssetType) Enum: "ScadaHmi" "Rpa" "Server" "Workstation" "Plc" "EngineeringStation" "MobileDevice" "NetworkDevice" "Other" "Laptop" "HmiPanel" "Printer" "UPS" "NetworkCamera" "Gateway" "StorageSystem" "Firewall" "Switch" "VirtualSwitch" "Router" "VirtualRouter" "WiFi" "Historian" |
os | string <= 65536 characters Nullable Name of the operating system of the device. |
hardwareVendor | string <= 65536 characters Nullable Name of the device manufacturer. |
hardwareModel | string <= 65536 characters Nullable Device hardware model. |
hardwareVersion | string <= 65536 characters Nullable Device hardware version. |
softwareVendor | string <= 65536 characters Nullable Device software vendor. |
softwareModel | string <= 65536 characters Nullable Device software model. |
softwareVersion | string <= 65536 characters Nullable Device software version. |
networkName | string <= 65536 characters Nullable Name used to represent the device in the network. |
isRouter | boolean This parameter denotes whether the device is a routing device. |
influence | string (DeviceInfluenceType) Enum: "BusinessCritical" "Important" "Normal" |
labels | Array of strings Nullable A list of labels assigned to the device. |
Array of objects (DeviceUserAttributeData) Nullable Any user additional parameters of the device returned in pairs "Name, Value". |
{- "whatIfDuplicate": "Skip",
- "allowProcessControlSettingsLoss": true,
- "name": "BoilerPlc",
- "addressInformation": [
- {
- "networkInterfaceId": 0,
- "networkInterfaceName": null,
- "macAddress": "11:22:33:44:55:66",
- "macAddressSpaceId": null,
- "ipAddresses": [
- {
- "id": 0,
- "ip": "1.2.3.4",
- "addressSpaceId": null
}, - {
- "id": 0,
- "ip": "1.2.3.5",
- "addressSpaceId": null
}
]
}
], - "description": "Very long description text",
- "status": "Recognized",
- "category": "NetworkDevice",
- "os": "Linux",
- "hardwareVendor": "Siemens",
- "hardwareModel": "S7-1500",
- "hardwareVersion": "3.51",
- "softwareVendor": "SomeCompany",
- "softwareModel": "FirmwareOs1",
- "softwareVersion": "1.23",
- "networkName": "factory-net",
- "isRouter": false,
- "influence": 0,
- "labels": [
- "label1",
- "label2"
], - "userAttributes": [
- {
- "name": "name1",
- "value": "value1"
}, - {
- "name": "name2",
- "value": "value2"
}
]
}
{- "status": "Created",
- "deviceId": 12345
}
Events are messages generated by Kaspersky Industrial CyberSecurity for Networks in response to suspicious industrial network traffic, detected attacks, and other security-related data. You can get events from Kaspersky Industrial CyberSecurity for Networks by using the events API methods. In addition to getting events from Kaspersky Industrial CyberSecurity for Networks, you can register your own events in Kaspersky Industrial CyberSecurity for Networks. Kaspersky Industrial CyberSecurity for Networks handles these events as it does any other events.
Returns a specified number of events starting from a certain offset (but not including event with specified offset).
You can specify filtering and paging options for events.
By default, events are not sorted. You should use {sort} property from argument to specify sort order.
Fields that can be used for filtering:
version required | string |
Query argument. This lets you define the parameters for filtering and sorting, the offset and maximum number of events in the returned results.
filter | object Nullable Filtering parameters.
Example of a set of conditions with a nested conditions group in which the conditions are merged by OR, while the top-level conditions are merged by AND: |
Array of objects (ColumnOrderDto) Nullable Sorting results.
| |
offset | integer <int32> [ 0 .. 2147483647 ] Nullable 0-based index of the item in the full list where the results must begin.
|
limit | integer <int32> [ 0 .. 1000 ] Nullable Maximum number of items in the results.
|
{- "filter": [
- {
- "field": "Id",
- "condition": ">",
- "value": 12370
}, - {
- "field": "Technology",
- "condition": "=",
- "value": "Dpi"
}
], - "sort": [
- {
- "column": "Id",
- "direction": "Asc",
- "nullsBehaviour": null
}
], - "offset": 200,
- "limit": 100
}
{- "offset": 200,
- "limit": 100,
- "values": [
- {
- "id": 123456,
- "eventType": 123123,
- "title": "Something happened",
- "score": 5.3,
- "startTime": "2020-10-27T14:32:25Z",
- "lastSeenTime": "2020-10-27T14:32:26Z",
- "endTime": "2020-10-27T14:32:26Z",
- "protocol": "Modbus",
- "communications": [
- {
- "sourceIp": "192.168.0.1",
- "sourceIpAddressSpaceId": 0,
- "sourcePort": 20,
- "sourceMac": "ff:aa:bb:cc:dd:ee",
- "sourceMacAddressSpaceId": 0,
- "sourceApplication": "slot=10",
- "destinationIp": "192.168.0.1",
- "destinationIpAddressSpaceId": 1,
- "destinationPort": 30,
- "destinationMac": "ff:aa:bb:cc:dd:ee",
- "destinationMacAddressSpaceId": 1,
- "destinationApplication": "slot=5",
- "applicationProtocol": null,
- "vlanId": 0,
- "protocolStack": [
- "TCP",
- "Modbus"
], - "protocolStackId": 1232,
- "protocolStackPath": "TCP/Modbus",
- "systemCommandId": 12312,
- "systemCommandName": "STOP_PLC"
}
], - "technology": "Dpi",
- "totalAppearances": 10,
- "status": "Proposed",
- "description": "Very long description text",
- "triggeredRule": "Rule name",
- "triggeredRuleId": 123,
- "monitoringPoint": "Mpoint 1",
- "monitoringPointId": 1,
- "monitoringPointDeletedTime": "2020-10-26T10:15:06",
- "mark": 0,
- "origin": "System",
- "childrenCount": 6,
- "assets": [
- {
- "id": 12312
}
], - "params": [
- {
- "name": "param1",
- "value": "value 1"
}, - {
- "name": "param2",
- "value": "value 2"
}
], - "risks": [
- {
- "id": 21213
}
], - "applications": [
- {
- "eppApplication": {
- "applicationId": 1,
- "applicationName": "Microsoft® Windows® Operating System",
- "productName": "Microsoft® Windows® Operating System",
- "productVersion": "10.0.19041.964",
- "productVendor": "Microsoft Corporation",
- "imagePath": "C:\\\\WINDOWS\\\\System32\\\\smss.exe",
- "osName": "Microsoft Windows 10 Pro",
- "isServer": true,
- "signatureCheckResult": true,
- "md5": "2c3f91bb4c0994a7b36ed0b6b14ec9c7",
- "sha256": "56afe5133fdc5806ec6b19436f7b55f1499cfc94619740c171424fbcf7808fd3",
- "communicationIndex": 0,
- "communicationIsSource": true
}, - "eppUser": {
- "userId": 202,
- "userName": "Administrator",
- "logonType": "Interactive",
- "accountType": "Admin"
}
}, - {
- "eppApplication": {
- "applicationId": 1,
- "applicationName": "Microsoft® Windows® Operating System",
- "productName": "Microsoft® Windows® Operating System",
- "productVersion": "10.0.19041.964",
- "productVendor": "Microsoft Corporation",
- "imagePath": "C:\\\\WINDOWS\\\\System32\\\\smss.exe",
- "osName": "Microsoft Windows 10 Pro",
- "isServer": true,
- "signatureCheckResult": true,
- "md5": "2c3f91bb4c0994a7b36ed0b6b14ec9c7",
- "sha256": "56afe5133fdc5806ec6b19436f7b55f1499cfc94619740c171424fbcf7808fd3",
- "communicationIndex": 0,
- "communicationIsSource": true
}, - "eppUser": null
}
]
}
]
}
id required | integer <int64> >= 1 ID of the requested event. |
version required | string |
{- "id": 123456,
- "eventType": 123123,
- "title": "Something happened",
- "score": 5.3,
- "startTime": "2020-10-27T14:32:25Z",
- "lastSeenTime": "2020-10-27T14:32:26Z",
- "endTime": "2020-10-27T14:32:26Z",
- "protocol": "Modbus",
- "communications": [
- {
- "sourceIp": "192.168.0.1",
- "sourceIpAddressSpaceId": 0,
- "sourcePort": 20,
- "sourceMac": "ff:aa:bb:cc:dd:ee",
- "sourceMacAddressSpaceId": 0,
- "sourceApplication": "slot=10",
- "destinationIp": "192.168.0.1",
- "destinationIpAddressSpaceId": 1,
- "destinationPort": 30,
- "destinationMac": "ff:aa:bb:cc:dd:ee",
- "destinationMacAddressSpaceId": 1,
- "destinationApplication": "slot=5",
- "applicationProtocol": null,
- "vlanId": 0,
- "protocolStack": [
- "TCP",
- "Modbus"
], - "protocolStackId": 1232,
- "protocolStackPath": "TCP/Modbus",
- "systemCommandId": 12312,
- "systemCommandName": "STOP_PLC"
}
], - "technology": "Dpi",
- "totalAppearances": 10,
- "status": "Proposed",
- "description": "Very long description text",
- "triggeredRule": "Rule name",
- "triggeredRuleId": 123,
- "monitoringPoint": "Mpoint 1",
- "monitoringPointId": 1,
- "monitoringPointDeletedTime": "2020-10-26T10:15:06",
- "mark": 0,
- "origin": "System",
- "childrenCount": 6,
- "assets": [
- {
- "id": 12312
}
], - "params": [
- {
- "name": "param1",
- "value": "value 1"
}, - {
- "name": "param2",
- "value": "value 2"
}
], - "risks": [
- {
- "id": 21213
}
], - "applications": [
- {
- "eppApplication": {
- "applicationId": 1,
- "applicationName": "Microsoft® Windows® Operating System",
- "productName": "Microsoft® Windows® Operating System",
- "productVersion": "10.0.19041.964",
- "productVendor": "Microsoft Corporation",
- "imagePath": "C:\\\\WINDOWS\\\\System32\\\\smss.exe",
- "osName": "Microsoft Windows 10 Pro",
- "isServer": true,
- "signatureCheckResult": true,
- "md5": "2c3f91bb4c0994a7b36ed0b6b14ec9c7",
- "sha256": "56afe5133fdc5806ec6b19436f7b55f1499cfc94619740c171424fbcf7808fd3",
- "communicationIndex": 0,
- "communicationIsSource": true
}, - "eppUser": {
- "userId": 202,
- "userName": "Administrator",
- "logonType": "Interactive",
- "accountType": "Admin"
}
}
]
}
You can edit event data in Kaspersky Industrial CyberSecurity for Networks by using this API.
id required | integer <int64> >= 1 ID of the edited event. |
version required | string |
Parameters of the edited event:
status | string (EventUserState) Enum: "Proposed" "Active" "Resolved" |
mark | integer <int32> Nullable A numeric value from 0 to 7. This value represents a selection of icons that can be set for any event or incident to find events and incidents based on criteria that is not in the table. |
{- "status": "Proposed",
- "mark": 0
}
"string"
Returns a zip-file with traffic associated with several events. Filtering and sorting is done in a similar way to the QueryEvents() method.
version required | string |
Query argument. This lets you define the parameters for filtering and sorting, the offset and maximum number of events in the returned results.
filter | object Nullable Filtering parameters.
Example of a set of conditions with a nested conditions group in which the conditions are merged by OR, while the top-level conditions are merged by AND: |
Array of objects (ColumnOrderDto) Nullable Sorting results.
| |
offset | integer <int32> [ 0 .. 2147483647 ] Nullable 0-based index of the item in the full list where the results must begin.
|
limit | integer <int32> [ 0 .. 1000 ] Nullable Maximum number of items in the results.
|
{- "filter": [
- {
- "field": "Id",
- "condition": ">",
- "value": 12370
}, - {
- "field": "Technology",
- "condition": "=",
- "value": "Dpi"
}
], - "sort": [
- {
- "column": "Id",
- "direction": "Asc",
- "nullsBehaviour": null
}
], - "offset": 200,
- "limit": 100
}
"string"
You can register events in Kaspersky Industrial CyberSecurity for Networks by using this API.
version required | string |
Parameters of the registered event.
title required | string [ 1 .. 4096 ] characters A title defined for the event type. |
score required | number <float> [ 0 .. 10 ] Score of an event or incident. |
startTime required | string <date-time> For an event that is not an incident - the date and time of the event was registered. For an incident - date and time of registration of the first event included in the incident. |
lastSeenTime | string <date-time> Nullable For an event that is not an incident - the date and time when the event last occurred. It may contain the date and time of the event registration, or the date and time when the event regenerate counter value increased if the conditions for the event registration were repeated during the event regenerate timeout. |
endTime required | string <date-time> For an event that is not an incident - the date and time when the Resolved status was assigned, or the date and time of the event regenerate timeout. For an incident - the latest date and time of the end of events that are part of the incident. |
totalAppearances | integer <int32> [ 1 .. 2147483647 ] Nullable For an event that is not an incident - the value of the regenerate counter after the event is registered within the event regenerate timeout. |
description | string [ 0 .. 32000 ] characters Nullable The description specified for the event type. |
triggeredRuleName | string [ 0 .. 4096 ] characters Nullable For an event that is not an incident - the name of the Process Control rule or Intrusion Detection rule whose triggering caused the registration of the event. For an incident - the name of the correlation rule whose triggering caused the registration of the incident. |
monitoringPointId | integer <int32> [ 0 .. 65535 ] Identifier of the monitoring point whose traffic invoked registration of the event. |
mark | integer <int32> [ 0 .. 7 ] A numerical value from 0 to 7, which represents a selection of icons that one can set for any event or incident to find events and incidents based on a criteria that is not in the table. |
origin required | string (EventOrigin) Enum: "Unknown" "System" "User" |
object Nullable An array of the name-value pairs of the event's additional parameters. | |
Array of objects (CreateEventCommunication) Nullable An array of the event communications. | |
Array of objects (CreateEventApplication) Nullable An array of the event applications and the user sessions. |
{- "title": "Something happened",
- "score": 7.7,
- "startTime": "2020-10-27T14:32:25Z",
- "lastSeenTime": "2020-10-27T14:32:26Z",
- "endTime": "2020-10-27T14:32:26Z",
- "totalAppearances": 10,
- "description": "Very long description text",
- "triggeredRuleName": "Rule name",
- "monitoringPointId": 1,
- "mark": 0,
- "origin": "User",
- "params": {
- "param1": "value 1",
- "param2": "value 2"
}, - "communications": [
- {
- "sourceIp": "192.168.0.1",
- "sourceIpAddressSpaceId": 1234,
- "sourcePort": 20,
- "sourceMac": "ff:aa:bb:cc:dd:ee",
- "sourceMacAddressSpaceId": 1234,
- "destinationIp": "192.168.0.1",
- "destinationIpAddressSpaceId": 1234,
- "destinationPort": 30,
- "destinationMac": "ff:aa:bb:cc:dd:ee",
- "destinationMacAddressSpaceId": 1234,
- "vlanId": 0,
- "protocolStackId": 1232
}
], - "applications": [
- {
- "eppApplication": {
- "applicationName": "Microsoft® Windows® Operating System",
- "osName": "Microsoft Windows 10 Pro",
- "productName": "Microsoft® Windows® Operating System",
- "productVersion": "10.0.19041.746",
- "productVendor": "Microsoft Corporation",
- "imagePath": "C:\\Windows\\System32\\mspaint.exe",
- "isServer": false,
- "communicationIndex": 0,
- "communicationIsSource": true
}, - "eppUser": {
- "userName": "Administrator",
- "accountType": "Admin",
- "logonType": "Interactive"
}
}, - {
- "eppApplication": {
- "applicationName": "Microsoft® Windows® Operating System",
- "osName": "Microsoft Windows 10 Pro",
- "productName": "Microsoft® Windows® Operating System",
- "productVersion": "10.0.19041.964",
- "productVendor": "Microsoft Corporation",
- "imagePath": "C:\\WINDOWS\\System32\\smss.exe",
- "isServer": false,
- "communicationIndex": 2,
- "communicationIsSource": false
}, - "eppUser": {
- "userName": "TEMPLATE-FOR-KS\\autotester",
- "accountType": "Admin",
- "logonType": "Interactive"
}
}
]
}
{- "errorMessage": "string"
}
Defined set of parameters for registering events in Kaspersky Industrial CyberSecurity for Networks. A unique number (event type code) is assigned to each event type. You can get event types from Kaspersky Industrial CyberSecurity for Networks by using the event types API methods.
[- {
- "eventTypeId": 1,
- "title": "Incident",
- "description": "A sequence of events corresponding to the incident was detected.",
- "severity": "Critical",
- "technology": "Dpi",
- "eventRegenerateTimeout": 3000,
- "trafficKeeping": {
- "keep": true,
- "packetsBefore": 1024,
- "packetsAfter": 2048,
- "timeBefore": 120,
- "timeAfter": 60
}
}, - {
- "eventTypeId": 2,
- "title": "Event from external system",
- "description": "Long description",
- "severity": "Warning",
- "technology": "External",
- "eventRegenerateTimeout": 1000,
- "trafficKeeping": {
- "keep": false,
- "packetsBefore": 0,
- "packetsAfter": 0,
- "timeBefore": 0,
- "timeAfter": 0
}
}
]
id required | integer <int64> >= 1 Event type ID. |
version required | string |
{- "eventTypeId": 1,
- "title": "Incident",
- "description": "A sequence of events corresponding to the incident was detected.",
- "severity": "Critical",
- "technology": "External",
- "eventRegenerateTimeout": 3000,
- "trafficKeeping": {
- "keep": true,
- "packetsBefore": 1024,
- "packetsAfter": 2048,
- "timeBefore": 120,
- "timeAfter": 60
}
}
Information about the added license key.
You can get information about the added license key by using the license key API methods.
{- "localization": "en",
- "serialNumber": {
- "customerId": 2028,
- "applicationId": 9482,
- "serialNumber": 1465860564,
- "key": "250a-0007ec-575f41d4"
}, - "productName": "Kaspersky Industrial CyberSecurity for Networks Standard Server, Limited Updates International Edition. 1 - Server 1 year NFR License: KICS for Networks",
- "licenseInstallationDate": "2020-12-31T00:00:00",
- "licenseExpirationDate": "2019-12-18T00:00:00",
- "licenseCreationDate": "2020-01-01T00:00:00",
- "licenseStatus": "Active",
- "daysTillLicenseExpire": 41
}
Monitoring points are used for receiving and processing industrial network traffic in Kaspersky Industrial CyberSecurity for Networks.
You can get monitoring points from Kaspersky Industrial CyberSecurity for Networks by using monitoring-points API methods.
[- {
- "mpId": 12345,
- "name": "MonitoringPoint1",
- "nicId": "nic1",
- "hostId": "sensor1",
- "enabled": true,
- "createdTime": "2020-10-27T14:32:25Z",
- "deletedTime": "2020-10-27T14:32:25Z"
}
]
id required | integer <int64> >= 1 ID of the queried monitoring point. |
version required | string |
{- "mpId": 12345,
- "name": "MonitoringPoint1",
- "nicId": "nic1",
- "hostId": "sensor1",
- "enabled": true,
- "createdTime": "2020-10-27T14:32:25Z",
- "deletedTime": "2020-10-27T14:32:25Z"
}
You can send a network topology map report by using the network topology map API methods.
You can send a network topology map report in Kaspersky Industrial CyberSecurity for Networks by using this API.
version required | string |
Request to send a network topology map report.
apmId | integer <int64> Unique ID of active polling method. |
Array of objects (NtmNodeInfo) Nullable List of nodes. |
{- "apmId": 1,
- "nodes": [
- {
- "timestamp": "2020-01-01T12:00:00",
- "rawData": "specific data"
}
]
}
{- "error": "Error text"
}
Kaspersky Industrial CyberSecurity for Networks uses several dictionaries, including a dictionary of protocols.
You can get protocols from Kaspersky Industrial CyberSecurity for Networks by using protocol-stacks API methods.
[- {
- "protocolStackId": 12345,
- "name": "Modbus TCP",
- "protocolStackName": "TCP/Modbus TCP",
- "parentId": 5001,
- "etherType": 123,
- "ipType": 345,
- "customType": "345",
- "isIndustrial": true,
- "isActive": true
}
]
id required | integer <int64> >= 1 ID of the queried ProtocolStack. |
version required | string |
{- "protocolStackId": 12345,
- "name": "ModbusTcp",
- "protocolStackName": "TCP/ModbusTcp",
- "parentId": 5001,
- "etherType": 123,
- "ipType": 345,
- "customType": "345",
- "isIndustrial": true,
- "isActive": true
}
Kaspersky Industrial CyberSecurity for Networks can detect the risks of devices. One asset can have multiple risks.
You can get risks from Kaspersky Industrial CyberSecurity for Networks by using the risks API methods.
Returns a specified number of risk entries starting from a certain offset (but not including entry with specified offset).
You can specify filtering and paging options for risk entries.
By default, risk entries are not sorted. You should use {sort} property from argument to specify sort order.
Fields that can be used for filtering:
version required | string |
Query argument. This argument allows you to define the parameters for filtering and sorting, the offset and maximum number of risks in the returned results.
filter | object Nullable Filtering parameters.
Example of a set of conditions with a nested conditions group in which the conditions are merged by OR, while the top-level conditions are merged by AND: |
Array of objects (ColumnOrderDto) Nullable Sorting results.
| |
offset | integer <int32> [ 0 .. 2147483647 ] Nullable 0-based index of the item in the full list where the results must begin.
|
limit | integer <int32> [ 0 .. 1000 ] Nullable Maximum number of items in the results.
|
{- "filter": [
- {
- "field": "Score",
- "condition": ">",
- "value": 5
}, - {
- "field": "State",
- "condition": "<>",
- "value": "Remediated"
}
], - "sort": [
- {
- "column": "Id",
- "direction": "Asc",
- "nullsBehaviour": null
}
], - "offset": 200,
- "limit": 100
}
{- "offset": 200,
- "limit": 100,
- "values": [
- {
- "id": 12345,
- "typeId": 121327,
- "name": "Some risk detected.",
- "category": "Vulnerability",
- "baseScore": 5.9,
- "score": 5.9,
- "cveSource": "NVD",
- "protocolStackId": 1,
- "sourcePort": 8081,
- "sourceIp": "192.168.0.1",
- "sourceIpAddressSpaceId": null,
- "sourceMac": "aa:bb:cc:dd:ee:ff",
- "sourceMacAddressSpaceId": null,
- "destinationPort": 8082,
- "destinationIp": "192.168.0.1",
- "destinationIpAddressSpaceId": null,
- "destinationMac": "aa:bb:cc:dd:ee:ff",
- "destinationMacAddressSpaceId": null,
- "assetGroup": "Group / Subgroup",
- "assetName": "Asset 1",
- "assetAddress": "192.168.0.1",
- "assetId": 5678,
- "state": "Active",
- "comments": "User comments",
- "firstDetected": "2020-10-27T14:32:25Z",
- "lastStateChanged": "2020-10-27T14:32:26Z",
- "description": "Long description text",
- "attackConditions": "Attack conditions text",
- "impact": "Some impact",
- "vector": "Vector text",
- "mitigations": [
- {
- "id": 234788,
- "type": "Primary",
- "typeName": "Primary mitigation",
- "source": "Vendor",
- "sourceName": "Provided by vendor",
- "mitigation": "Update the firmware"
}
], - "references": [
- {
- "id": 123,
- "type": "VendorAdvisory",
- "typeName": "Vendor advisory text",
- "title": "Reference title"
}
], - "cveEvents": [
- {
- "id": 213578,
- "type": "AdvisoryPublished",
- "typeName": "Event has been published",
- "date": "2020-10-27T14:32:25Z"
}
], - "matchedCpes": [
- {
- "id": 1,
- "cpe": "SFGSFGSDFGSDFGSDFGDF",
- "displayName": "Siemens firmware",
- "targetType": "Hardware",
- "viewOrder": 0
}
], - "events": [
- {
- "id": 23234,
- "timeStampLastSeen": "2020-10-27T14:32:25Z",
- "title": "Some event",
- "userState": "Active"
}
], - "otherAssets": [
- {
- "id": 2,
- "title": "Asset 2",
- "address": "192.168.0.2"
}
]
}
]
}
id required | integer <int64> >= 1 ID of the queried risk. |
version required | string |
{- "id": 12345,
- "typeId": 31231,
- "name": "Some risk detected.",
- "category": "Vulnerability",
- "baseScore": 5.9,
- "score": 5.9,
- "cveSource": "NVD",
- "protocolStackId": 1,
- "sourcePort": 8081,
- "sourceIp": "192.168.0.1",
- "sourceIpAddressSpaceId": 1,
- "sourceMac": "aa:bb:cc:dd:ee:ff",
- "sourceMacAddressSpaceId": 2,
- "destinationPort": 8082,
- "destinationIp": "192.168.0.1",
- "destinationIpAddressSpaceId": 3,
- "destinationMac": "aa:bb:cc:dd:ee:ff",
- "destinationMacAddressSpaceId": 4,
- "assetGroup": "Group / Subgroup",
- "assetName": "Asset 1",
- "assetAddress": "192.168.0.1",
- "assetId": 5678,
- "state": "Active",
- "comments": "User comments",
- "firstDetected": "2020-10-27T14:32:25Z",
- "lastStateChanged": "2020-10-27T14:32:26Z",
- "description": "Long description text",
- "attackConditions": "Attack conditions text",
- "impact": "Some impact",
- "vector": "Vector text",
- "mitigations": [
- {
- "id": 234788,
- "type": "Primary",
- "typeName": "Primary mitigation",
- "source": "Vendor",
- "sourceName": "Provided by vendor",
- "mitigation": "Update the firmware"
}
], - "references": [
- {
- "id": 123,
- "type": "VendorAdvisory",
- "typeName": "Vendor advisory text",
- "title": "Reference title"
}
], - "cveEvents": [
- {
- "id": 213578,
- "type": "AdvisoryPublished",
- "typeName": "Event has been published",
- "date": "2020-10-27T14:32:25Z"
}
], - "matchedCpes": [
- {
- "id": 1,
- "cpe": "SFGSFGSDFGSDFGSDFGDF",
- "displayName": "Siemens firmware",
- "targetType": "Hardware",
- "viewOrder": 0
}
], - "events": [
- {
- "id": 23234,
- "timeStampLastSeen": "2020-10-27T14:32:25Z",
- "title": "Some event",
- "userState": "Active"
}
], - "otherAssets": [
- {
- "id": 2,
- "title": "Asset 2",
- "address": "192.168.0.2"
}
]
}
You can create risks in Kaspersky Industrial CyberSecurity for Networks by using this API.
version required | string |
Parameters of the created risk.
typeId | integer <int64> >= 0 Unique ID of the risk type. |
baseScore | number <float> [ 0 .. 10 ] Nullable Base risk score. |
name | string <= 8192 characters Nullable Name of the risk. |
description | string <= 65536 characters Nullable Description of the risk. |
firstDetected | string <date-time> Time when the risk was first detected in the specific device. |
lastStateChanged | string <date-time> Time when the risk last changed its state. |
deviceId | integer <int64> >= 0 Nullable ID of the device where the risk was detected. |
sourceIp | string Nullable IP address of one of the communication participants, due to which the risk was generated (filled only if there is communication). |
sourceIpAddressSpaceId | integer <int64> >= 0 Nullable Address space identifier of source IP address. |
sourceMac | string Nullable MAC address of one of the communication participants, due to which the risk was generated (filled only if there is communication). |
sourceMacAddressSpaceId | integer <int64> >= 0 Nullable Address space identifier of source MAC address. |
sourcePort | integer <int32> [ 0 .. 65535 ] Nullable Port of one of the communication participants, due to which the risk was generated (filled only if there is communication). |
destinationIp | string Nullable IP address of the second communication participant, due to which the risk was generated (filled only if there is communication). |
destinationIpAddressSpaceId | integer <int64> >= 0 Nullable Address space identifier of destination IP address. |
destinationMac | string Nullable MAC address of the second communication participant, due to which the risk was generated (filled only if there is communication). |
destinationMacAddressSpaceId | integer <int64> >= 0 Nullable Address space identifier of destination MAC address. |
destinationPort | integer <int32> [ 0 .. 65535 ] Nullable Port of the second communication participant, due to which the risk was generated (filled only if there is communication). |
comments | string <= 1000 characters Nullable User comments of the risk. |
Array of objects (RiskMitigationParameters) Nullable Recommendations on the risk mitigation. | |
object (VulnerabilityRiskParameters) |
{- "typeId": 1,
- "baseScore": 5.5,
- "name": "Some name",
- "description": "Some description",
- "firstDetected": "2020-10-27T14:32:25Z",
- "lastStateChanged": "2020-10-27T14:32:26Z",
- "deviceId": 1,
- "sourceIp": "192.168.1.2",
- "sourceIpAddressSpaceId": 1,
- "sourceMac": "aa:bb:cc:dd:ee:ff",
- "sourceMacAddressSpaceId": 2,
- "sourcePort": 8081,
- "destinationIp": "192.168.0.1",
- "destinationIpAddressSpaceId": 3,
- "destinationMac": "aa:bb:cc:dd:ee:ff",
- "destinationMacAddressSpaceId": 4,
- "destinationPort": 8082,
- "comments": "User comments",
- "mitigations": [
- {
- "type": "Primary",
- "typeName": "Some type name",
- "source": "Vendor",
- "sourceName": "Some source name",
- "mitigation": "Risk mitigation"
}
], - "vulnerabilityRiskInfo": {
- "cveId": "Cve identifier",
- "matchedCpe": "Matched cpe",
- "cpeDisplayName": "Cpe display name",
- "cpeTarget": "Software",
- "published": "2020-10-27T14:32:25Z",
- "references": [
- {
- "type": "VendorAdvisory",
- "typeName": "Vendor advisory text",
- "title": "Reference title"
}
], - "attackConditions": "Attack conditions text",
- "impact": "Some impact",
- "vector": "Vector text"
}
}
"string"
id required | integer <int64> >= 1 ID of the risk. |
version required | string |
New risk comments string.
"string"
"string"
id required | integer <int64> >= 1 ID of the risk. |
version required | string |
New risk state.
"Active"
"string"
Provides the capability for a recipient system to query data on the general settings of Kaspersky Industrial CyberSecurity for Networks. You can get server settings from Kaspersky Industrial CyberSecurity for Networks by using the server settings API methods.
Tags are values that describe parameters of an industrial process. For example, a manufacturing process involving.
a thermal oxidizer may have temperature, residence time, and turbulence among many other tags.
You can get tags from Kaspersky Industrial CyberSecurity for Networks by using the tags API methods.
Returns a specified number of tags starting from a certain offset (but not including tag with specified offset).
You can specify filtering and paging options for tags.
By default, tags are not sorted. You should use {sort} property from argument to specify sort order.
Fields that can be used for filtering:
version required | string |
Query argument. This lets you define the parameters for filtering and sorting, the offset and maximum number of events in the returned results.
filter | object Nullable Filtering parameters.
Example of a set of conditions with a nested conditions group in which the conditions are merged by OR, while the top-level conditions are merged by AND: |
Array of objects (ColumnOrderDto) Nullable Sorting results.
| |
offset | integer <int32> [ 0 .. 2147483647 ] Nullable 0-based index of the item in the full list where the results must begin.
|
limit | integer <int32> [ 0 .. 1000 ] Nullable Maximum number of items in the results.
|
{- "filter": [
- {
- "field": "Id",
- "condition": ">",
- "value": 12370
}, - {
- "field": "Origin",
- "condition": "isOneOf",
- "value": "['User']"
}
], - "sort": [
- {
- "column": "Id",
- "direction": "Asc",
- "nullsBehaviour": null
}
], - "offset": 200,
- "limit": 100
}
{- "offset": 200,
- "limit": 100,
- "values": [
- {
- "assetId": 2345,
- "assetName": "Schneider Electric Modicon Momentum",
- "assetAddress": "1.0.0.0",
- "assetGroup": "Group 1",
- "protocol": "Modbus TCP",
- "protocolStackId": 2,
- "assetProtocolId": 1,
- "name": "Tag",
- "id": 1,
- "favourite": true,
- "measureUnit": "kgs/cm2",
- "description": "Tag Description",
- "address": "{\"area\": \"HoldingRegisters\", \"address\": \"123\"}",
- "origin": "User",
- "scaling": {
- "scalable": false,
- "inputMinimum": 0,
- "inputMaximum": 1024,
- "outputMinimum": 0,
- "outputMaximum": 10
}, - "operativeParameters": "{\"d\":{\"type\":{\"n\":\"ValueType\",\"s\":\"Float\",\"t\":\"e\",\"v\":1},\"value\":{\"t\":\"d\",\"v\":0.14147095680236816,\"x\":1}},\"n\":\"Float\"}",
- "registrationTimestamp": "2022-09-18T21:13:36.1112012+03:00",
- "timeSinceLastTagReadMs": 1000,
- "timeSinceLastTagWriteMs": 5000,
- "tagDataType": "Int16"
}
]
}
id required | integer <int64> >= 1 ID of the requested event. |
version required | string |
{- "assetId": 2345,
- "assetName": "Schneider Electric Modicon Momentum",
- "assetAddress": "1.0.0.0",
- "assetGroup": "Group 1",
- "protocol": "Modbus TCP",
- "protocolStackId": 2,
- "assetProtocolId": 1,
- "name": "Tag",
- "id": 1,
- "favourite": true,
- "measureUnit": "kgs/cm2",
- "description": "Tag Description",
- "address": "{\"area\": \"HoldingRegisters\", \"address\": \"123\"}",
- "origin": "User",
- "scaling": {
- "scalable": false,
- "inputMinimum": 0,
- "inputMaximum": 1024,
- "outputMinimum": 0,
- "outputMaximum": 10
}, - "operativeParameters": "{\"d\":{\"type\":{\"n\":\"ValueType\",\"s\":\"Float\",\"t\":\"e\",\"v\":1},\"value\":{\"t\":\"d\",\"v\":0.14147095680236816,\"x\":1}},\"n\":\"Float\"}",
- "registrationTimestamp": "2022-09-18T21:13:36.1128693+03:00",
- "timeSinceLastTagReadMs": 1000,
- "timeSinceLastTagWriteMs": 5000,
- "tagDataType": "Int16"
}
Information about the state of the technologies.
You can get information about the state of the technologies by using the technologies API methods.
version required | string |
[- {
- "type": "Ids",
- "name": "Arpspoofing",
- "enabled": true,
- "mode": "NotSupported",
- "status": "Ok",
- "errorMessage": ""
}, - {
- "type": "Am",
- "name": "AttributeDiscovery",
- "enabled": true,
- "mode": "NotSupported",
- "status": "InProgress",
- "errorMessage": ""
}, - {
- "type": "Nic",
- "name": "NetworkIntegrityControl",
- "enabled": true,
- "mode": "Learning",
- "status": "Error",
- "errorMessage": "Something wrong"
}
]