KSC Open API
Kaspersky Security Center API description
Incident detection event

When incident is detected, Administration Server publish event "KLSRV_EV_INCIDENT_ADDED" with following parameters (see List of incident attributes):

Name Type Description
"KLINCDT_ID" paramInt Incident ID
"KLINCDT_SEVERITY" paramInt Incident severity
"KLINCDT_TYPE" paramString Incident type

For retrieve this event use ConEvents::Subscribe and ConEvents::Retrieve methods (see List of Server ConEvents statistics). For take detailed information about incident use HostGroup::FindIncidents method and ChunkAccessor interface.