KSC Open API
Kaspersky Security Center API description
AddDomain
AddGroup
AddGroupHostsForSync
AddHost
AddHostsForSync
AddIncident
DelDomain
DeleteIncident
FindGroups
FindHosts
FindHostsAsync
FindHostsAsyncCancel
FindHostsAsyncGetAccessor
FindIncidents
FindUsers
GetAllHostfixes
GetComponentsForProductOnHost
GetDomainHosts
GetDomains
GetGroupId
GetGroupInfo
GetGroupInfoEx
GetHostfixesForProductOnHost
GetHostInfo
GetHostProducts
GetHostTasks
GetInstanceStatistics
GetRunTimeInfo
GetStaticInfo
GetSubgroups
GroupIdGroups
GroupIdSuper
GroupIdUnassigned
MoveHostsFromGroupToGroup
MoveHostsToGroup
RemoveGroup
RemoveHost
RemoveHosts
ResolveAndMoveToGroup
RestartNetworkScanning
SetLocInfo
SS_CreateSection
SS_DeleteSection
SS_GetNames
SS_Read
SS_Write
UpdateGroup
UpdateHost
UpdateHostsMultiple
UpdateIncident
ZeroVirusCountForGroup
ZeroVirusCountForHosts
int HostGroup::FindIncidents ( wstring  strFilter,
array  pFieldsToReturn,
array  pFieldsToOrder,
int  lMaxLifeTime,
[out] wstring  strAccessor 
)

Finds an incident by using filtering strings.

Finds incidents after filtering by the strFilter string.

Parameters:
strFilter(wstring) expression for filtering incidents. See Search filter syntax. See the list of the incident attributes, which can be used in this expression, in the Remarks section below.
pFieldsToReturn(array) array of the incident attribute names to return. See List of the incident attributes to know the attribute names.
pFieldsToOrder(array) array of containers, each of them containing two attributes:
  • "Name" (string) - Name of an attribute used for ordering. See Remarks below.
  • "Asc" (boolean) - Ascending sorting if true; otherwise descending sorting.
lMaxLifeTime(int) maximum lifetime of an accessor, in seconds.
[out]strAccessor(wstring) result set ID. Identifier of the server-side ordered collection of found incidents. The result set is destroyed and associated memory is freed in the following cases:
Returns:
(int) number of found records.

Remarks:
The following attributes can be used in the string for filtering (strFilter):

  • "KLINCDT_ID"
  • "KLINCDT_SEVERITY"
  • "KLINCDT_ADDED"
  • "KLINCDT_IS_HANDLED"
  • "KLINCDT_BODY"
  • "KLHST_WKS_HOSTNAME"

The following attributes can be used for ordering (pFields2Order):

  • "KLINCDT_ID"
  • "KLINCDT_SEVERITY"
  • "KLINCDT_ADDED"
  • "KLINCDT_IS_HANDLED"

The following attributes cannot be used for ordering (pFields2Order):

  • "KLINCDT_BODY"
  • "KLHST_WKS_HOSTNAME"
  • "GNRL_EXTRA_PARAMS"

See also how to use the KlAkOAPI Python package: 

            def FindHostIncidents(server, strFilter):
                print("Filter string: " + strFilter)
                strAccessor = KlAkOAPI.HostGroup.KlAkHostGroup(server).FindIncidents(strFilter, ["KLINCDT_ID", "KLINCDT_SEVERITY", "KLINCDT_ADDED", "KLINCDT_BODY", "KLINCDT_IS_HANDLED", "KLHST_WKS_HOSTNAME", "GNRL_EXTRA_PARAMS"], [], lMaxLifeTime = 60 * 60).OutPar("strAccessor")
                oChunkAccessor = KlAkOAPI.ChunkAccessor.KlAkChunkAccessor(server)    
                lRecords = oChunkAccessor.GetItemsCount(strAccessor).RetVal()
                print("Found", lRecords, "host incidents")
                nStart = 0
                nStep = 200
                oResult = []
                while nStart < lRecords:
                    oChunk = oChunkAccessor.GetItemsChunk(strAccessor, nStart, nStep)
                    parIncidents = oChunk.OutPar('pChunk')['KLCSP_ITERATOR_ARRAY']
                    for oObj in parIncidents:
                        print("Found incident: ID =", oObj["KLINCDT_ID"], ", Severity =" , oObj["KLINCDT_SEVERITY"],  ", Added =", oObj["KLINCDT_ADDED"], ", Body =", oObj["KLINCDT_BODY"], ", IsHandled =",  oObj["KLINCDT_IS_HANDLED"], ", Hostname =", oObj["KLHST_WKS_HOSTNAME"])
                        if "GNRL_EXTRA_PARAMS" in oObj:
                            print("Custom params: TEST_STRING =", oObj["GNRL_EXTRA_PARAMS"]["TEST_STRING"])
                            print("Custom params: TEST_INT =", oObj["GNRL_EXTRA_PARAMS"]["TEST_INT"])
                        oResult.append(oObj["KLINCDT_ID"])
                    nStart += nStep
                return oResult
            def main():    
                server = KlAkOAPI.AdmServer.KlAkAdmServer.Create("https://ksc.example.com:13299", "username", "password", verify = False)                
                FindHostIncidents(server, "KLINCDT_IS_HANDLED=1")