KSC Open API
Kaspersky Security Center API description
Parameters of some events

Parameters c_er_par1..c_er_par9 for some general events. UID - unique identity to link the events on a threat detection and the processing result.

Threat processing result events

Events:

  • GNRL_EV_OBJECT_CURED
  • GNRL_EV_OBJECT_DELETED
  • GNRL_EV_OBJECT_REPORTED
  • GNRL_EV_PASSWD_ARCHIVE_FOUND
  • GNRL_EV_OBJECT_QUARANTINED
  • GNRL_EV_OBJECT_NOTCURED
  • GNRL_EV_OBJECT_PASSED
  • GNRL_EV_OBJECT_BLOCKED

Parameters:

  • GNRL_EA_PARAM_2 - Object name, paramString
  • GNRL_EA_PARAM_6 - UID, paramString
  • GNRL_EA_PARAM_3,4 - reserved for future
See also:
Other parameters

Threat detection events

Events:

  • GNRL_EV_VIRUS_FOUND
  • GNRL_EV_VIRUS_FOUND_BY_KSN

Parameters:

See also:
Other parameters

Attack events

Event:

  • GNRL_EV_ATTACK_DETECTED

Parameters:

  • GNRL_EA_PARAM_1 - Attack name
  • GNRL_EA_PARAM_2 - Attacked protocol
  • GNRL_EA_PARAM_3 - IPv4 address (an unsigned long integer) as a string, e.g.: L"2886729929"
  • GNRL_EA_PARAM_4 - Attacked port
  • GNRL_EA_PARAM_5 - IPv6 address (a hex 128-bit integer) as a string, e.g.: L"12B012B012B012B012B012B012B012B0"
  • GNRL_EA_PARAM_6 - IPv4 (an unsigned long integer) or IPv6 (a hex 128-bit integer) address of attacked interface (see GNRL_EA_PARAM_3 and GNRL_EA_PARAM_5 for sample)

Event:

  • GNRL_EV_PLC_ATTACK_DETECTED

Parameters:

  • GNRL_EA_PARAM_1 - Binary id of the attacked PLC Device as hex-string, see KLPLC::c_szwPLC_BinId, paramString (32)
  • GNRL_EA_PARAM_2 - Attacked type in string representation, for example: L"1" to PLC_AT_FIRMWARE_CHANGED, see EPLCAttackType, paramString
  • GNRL_EA_PARAM_3 - IPv4 (an unsigned long integer) as a string or IPv6 (a hex 128-bit integer) as a string. Address of attacking host. ( optional ) Examples:
    • L"2886729929". it is IPv4
    • L"12B012B012B012B012B012B012B012B0". it is IPv6
  • GNRL_EA_PARAM_4 - Mac address of attacking host. ( optional ) Examples: ae80::2936:8a14:7ffb:51r8%11
  • GNRL_EA_PARAM_5 - Name of attacking host. ( optional )
See also:
Other parameters

Other parameters

Becides the described parameters c_er_par1..c_er_par9, all the events (not just GNRL_EV_*) must contain the following parameters:

  • KLEVP::c_er_severity (paramInt) - event severity, one of KLEVP_EVENT_SEVERITY_*: KLEVP_EVENT_SEVERITY_INFO, KLEVP_EVENT_SEVERITY_WARNING, KLEVP_EVENT_SEVERITY_ERROR, KLEVP_EVENT_SEVERITY_CRITICAL.
  • KLEVP::c_er_task_display_name (paramString) - Displayed name of a task published the event.
  • KLEVP::c_er_descr (paramString) - event description localized by Product (up to 1000 unicode symbols).
  • KLEVP::c_er_event_type_display_name (paramString) Event type name localized by product.
  • KLEVP::c_er_event_vm_info (paramParams) (Optional) Information about virtual machine KLEVP::c_er_event_vm_id (paramString (32)), KLEVP::c_er_event_vm_full_name (paramString (256)), KLEVP::c_er_event_vm_cluster_id (paramString (127)), KLEVP::c_er_event_vm_ipv4 (paramInt)