KSC Open API
Kaspersky Security Center API description
|
The logical expression has following format:
expression ::= log_subexpr | comp_exp
Definition of log_subexpr is included in the table below.
Name | Value |
---|---|
"LOP" | KLLX_LOP_*, logical operation (paramInt). |
"ARGS" | (paramArray), each entry is (paramParams) and contains either log_subexpr or comp_exp. |
Definition of comp_exp is included in the table below.
Name | Value |
---|---|
"OP" | KLLX_COP_*, comparison operation. The value of the data source attribute "name" is the first operand and the value "val" from the expression is the second operand (paramInt). |
"name" | attribute_name, the first operand (paramString). |
"val" | attribute value, the second operand. If absent, "another" is used, the type must be the same as the attribute type in the data source. |
"another" | attribute_name, the second operand. Required if "val" is absent, otherwise ignored (paramString). |
Sample of "EXPRESSION":
(&(strAttr1 = 'val1')(nAttr2 < 100)(|( exists nAttr3 )(strAttr4 <> strAttr5)))
The logical expression is typically stored in the "EXPRESSION" variable that is (paramParams), and must contain either the logical (log_subexpr) or compare (comp_exp) operation. If the logical expression contains logical operation, the following attributes must be present:
Logical operation codes:
LOP symbolic name | LOP ID | Description | Type |
---|---|---|---|
KLLX_LOP_AND | 1 | Logical 'AND' | Binary operation |
KLLX_LOP_OR | 2 | Logical 'OR' | Binary operation |
KLLX_LOP_NOT | 3 | Logical 'NOT' | Unary operation |
If using an OR comparison operation, the following attributes must be present:
Comparison operation codes name are listed below:
COP symbolic name | COP ID | Description | Type |
---|---|---|---|
KLLX_COP_EX | 1 | "name" exists | Unary operation |
KLLX_COP_NEX | 2 | "name" not exists | Unary operation |
KLLX_COP_L | 3 | "name" less than "val" | Binary operation |
KLLX_COP_G | 4 | "name" greater than "val" | Binary operation |
KLLX_COP_LEQ | 5 | "name" less or equal than "val" | Binary operation |
KLLX_COP_GEQ | 6 | "name" greater or equal than "val" | Binary operation |
KLLX_COP_EQ | 7 | "name" equal to "val" | Binary operation |
KLLX_COP_NEQ | 8 | "name" not equal to "val" | Binary operation |
KLLX_COP_CNT | 9 | "name" contains "val" | Binary operation |
KLLX_COP_NCNT | 10 | "name" not contains "val" | Binary operation |
Remarks for binary operations:
If the "EXPRESSION" contains neither "LOP" nor "OP", the expression is considered to be invalid.
Example of logical expression:
+--- +---ARGS | +---0 | | +---OP = KLLX_COP_EQ | | +---name = "strAttr1" | | +---val = "val1" | +---1 | | +---OP = KLLX_COP_L | | +---name = "nAttr2" | | +---val = 100 | +---2 | +---ARGS | | +---0 | | | +---OP = KLLX_COP_EX | | | +---name = "nAttr3" | | +---1 | | +---OP = KLLX_COP_NEQ | | +---another = "nAttr5" | | +---name = "nAttr4" | +---LOP = KLLX_LOP_OR +---LOP = KLLX_LOP_AND