KSC Open API
Kaspersky Security Center API description
|
Finds an incident by using filtering strings. Finds incidents after filtering by the strFilter string.
Remarks:
The following attributes can be used for ordering (pFields2Order):
The following attributes cannot be used for ordering (pFields2Order):
See also how to use the KlAkOAPI Python package: def FindHostIncidents(server, strFilter): print("Filter string: " + strFilter) strAccessor = KlAkOAPI.HostGroup.KlAkHostGroup(server).FindIncidents(strFilter, ["KLINCDT_ID", "KLINCDT_SEVERITY", "KLINCDT_ADDED", "KLINCDT_BODY", "KLINCDT_IS_HANDLED", "KLHST_WKS_HOSTNAME", "GNRL_EXTRA_PARAMS"], [], lMaxLifeTime = 60 * 60).OutPar("strAccessor") oChunkAccessor = KlAkOAPI.ChunkAccessor.KlAkChunkAccessor(server) lRecords = oChunkAccessor.GetItemsCount(strAccessor).RetVal() print("Found", lRecords, "host incidents") nStart = 0 nStep = 200 oResult = [] while nStart < lRecords: oChunk = oChunkAccessor.GetItemsChunk(strAccessor, nStart, nStep) parIncidents = oChunk.OutPar('pChunk')['KLCSP_ITERATOR_ARRAY'] for oObj in parIncidents: print("Found incident: ID =", oObj["KLINCDT_ID"], ", Severity =" , oObj["KLINCDT_SEVERITY"], ", Added =", oObj["KLINCDT_ADDED"], ", Body =", oObj["KLINCDT_BODY"], ", IsHandled =", oObj["KLINCDT_IS_HANDLED"], ", Hostname =", oObj["KLHST_WKS_HOSTNAME"]) if "GNRL_EXTRA_PARAMS" in oObj: print("Custom params: TEST_STRING =", oObj["GNRL_EXTRA_PARAMS"]["TEST_STRING"]) print("Custom params: TEST_INT =", oObj["GNRL_EXTRA_PARAMS"]["TEST_INT"]) oResult.append(oObj["KLINCDT_ID"]) nStart += nStep return oResult def main(): server = KlAkOAPI.AdmServer.KlAkAdmServer.Create("https://ksc.example.com:13299", "username", "password", verify = False) FindHostIncidents(server, "KLINCDT_IS_HANDLED=1") |