|
KSC Open API
Kaspersky Security Center API description
|
|
KSC Open API
Kaspersky Security Center API description
|
List of general event attributes (GNRL_EA_PARAM_1 - GNRL_EA_PARAM_9) is presented below.
| Event type | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 |
|---|---|---|---|---|---|---|---|---|---|
| GNRL_EV_OBJECT_CURED | Object name (paramString). | ||||||||
| GNRL_EV_OBJECT_DELETED | Object name (paramString). | ||||||||
| GNRL_EV_OBJECT_REPORTED | Object name (paramString). | ||||||||
| GNRL_EV_PASSWD_ARCHIVE_FOUND | Object name (paramString). | ||||||||
| GNRL_EV_OBJECT_QUARANTINED | Object name (paramString). | ||||||||
| GNRL_EV_SUSPICIOUS_OBJECT_FOUND | Object name (paramString). | Virus name (paramString). | |||||||
| GNRL_EV_VIRUS_FOUND | Object name (paramString). | Virus name (paramString). | User name (paramString). | Threat type. See Threat types enum (paramInt). | |||||
| GNRL_EV_ATTACK_DETECTED | Attack name (paramString). | Protocol name (paramString). | IP address in host byte order as a string, for example, "2886729929" for "172.16.0.201" (paramString). | Port (paramInt). | |||||
| GNRL_EV_APPLICATION_LAUNCH_DENIED. | Identity of file (paramString). | User name (paramString). | Identity of custom category that has denied launch (paramString). | Identity of KL category that has denied launch. Optional (paramString). | Additional attributes in JSON format. Optional (paramString). Possible attributes:
| File name, up to 256 UNICODE characters (paramString). | File path, up to 256 UNICODE characters (paramString). | String representations in hex-format of MD5 and/or SHA256 hashes of the identity file separated by the delimiter ";" (paramString). | File version, up to 50 UNICODE characters (paramString). |
| GNRL_EV_APP_LAUNCH_TESTED_ALLOW. | Identity of file (paramString). | User name (paramString). | Identity of custom category that has denied launch (paramString). | String representation of the user SID in the format WIN-SID-<SID_as_uppercase_hex>. | User type, string representation of User type enum (paramString). | ||||
| GNRL_EV_APP_LAUNCH_TESTED_DENIED. | Identity of file (paramString). | User name (paramString). | Identity of custom category that has denied launch (paramString). | String representation of the user SID in the format WIN-SID-<SID_as_uppercase_hex>. | User type, string representation of User type enum (paramString). | ||||
| GNRL_EV_ADSEC_DETECT. | Localized name of rule (up to 90 characters) (paramString). | ID of rule (up to 64 characters) (paramString). | Name of user (up to 256 characters) (paramString). | Path name of source process (up to 260 characters) (paramString). | Path name of source object (up to 260 characters) (paramString). | Path name of target process (up to 260 characters) (paramString). | Path name of target object (up to 260 characters) (paramString). | Additional attributes in JSON format, see Extra attributes of Adaptive Anomalies Control events (paramString). | Additional attributes in JSON format (to provide additional product information, not mentioned in Extra attributes of Adaptive Anomalies Control events) (paramString). |
| GNRL_EV_ADSEC_USER_REQUEST. | Localized name of rule (up to 90 characters) (paramString). | ID of rule (up to 64 characters) (paramString). | Name of user (up to 256 characters) (paramString). | Path name of source process (up to 260 characters) (paramString). | Path name of source object (up to 260 characters) (paramString). | Path name of target process (up to 260 characters) (paramString). | Path name of target object (up to 260 characters) (paramString). | Additional attributes in JSON format, see Extra attributes of Adaptive Anomalies Control events (paramString). | Additional attributes in JSON format (to provide additional product information, not mentioned in Extra attributes of Adaptive Anomalies Control events) (paramString). |
