KSC Open API
Kaspersky Security Center API description
int HostGroup::FindIncidents ( wstring  strFilter,
array  pFieldsToReturn,
array  pFieldsToOrder,
int  lMaxLifeTime,
[out] wstring  strAccessor 
)

Finds an incident by using filtering strings.

Finds incidents after filtering by the strFilter string.

Parameters:
strFilter(wstring) expression for filtering incidents. See Search filter syntax. See the list of the incident attributes, which can be used in this expression, in the Remarks section below.
pFieldsToReturn(array) array of the incident attribute names to return. See List of the incident attributes to know the attribute names.
pFieldsToOrder(array) array of containers, each of them containing two attributes:
  • "Name" (string) - Name of an attribute used for ordering. See Remarks below.
  • "Asc" (boolean) - Ascending sorting if true; otherwise descending sorting.
lMaxLifeTime(int) maximum lifetime of an accessor, in seconds.
[out]strAccessor(wstring) result set ID. Identifier of the server-side ordered collection of found incidents. The result set is destroyed and associated memory is freed in the following cases:
Returns:
(int) number of found records.

Remarks:
The following attributes can be used in the string for filtering (strFilter):

  • "KLINCDT_ID"
  • "KLINCDT_SEVERITY"
  • "KLINCDT_ADDED"
  • "KLINCDT_IS_HANDLED"
  • "KLINCDT_BODY"
  • "KLHST_WKS_HOSTNAME"

The following attributes can be used for ordering (pFields2Order):

  • "KLINCDT_ID"
  • "KLINCDT_SEVERITY"
  • "KLINCDT_ADDED"
  • "KLINCDT_IS_HANDLED"

The following attributes cannot be used for ordering (pFields2Order):

  • "KLINCDT_BODY"
  • "KLHST_WKS_HOSTNAME"
  • "GNRL_EXTRA_PARAMS"

See also how to use the KlAkOAPI Python package:

            def FindHostIncidents(server, strFilter):
                print("Filter string: " + strFilter)
                strAccessor = KlAkOAPI.HostGroup.KlAkHostGroup(server).FindIncidents(strFilter, ["KLINCDT_ID", "KLINCDT_SEVERITY", "KLINCDT_ADDED", "KLINCDT_BODY", "KLINCDT_IS_HANDLED", "KLHST_WKS_HOSTNAME", "GNRL_EXTRA_PARAMS"], [], lMaxLifeTime = 60 * 60).OutPar("strAccessor")
                oChunkAccessor = KlAkOAPI.ChunkAccessor.KlAkChunkAccessor(server)    
                lRecords = oChunkAccessor.GetItemsCount(strAccessor).RetVal()
                print("Found", lRecords, "host incidents")
                nStart = 0
                nStep = 200
                oResult = []
                while nStart < lRecords:
                    oChunk = oChunkAccessor.GetItemsChunk(strAccessor, nStart, nStep)
                    parIncidents = oChunk.OutPar('pChunk')['KLCSP_ITERATOR_ARRAY']
                    for oObj in parIncidents:
                        print("Found incident: ID =", oObj["KLINCDT_ID"], ", Severity =" , oObj["KLINCDT_SEVERITY"],  ", Added =", oObj["KLINCDT_ADDED"], ", Body =", oObj["KLINCDT_BODY"], ", IsHandled =",  oObj["KLINCDT_IS_HANDLED"], ", Hostname =", oObj["KLHST_WKS_HOSTNAME"])
                        if "GNRL_EXTRA_PARAMS" in oObj:
                            print("Custom params: TEST_STRING =", oObj["GNRL_EXTRA_PARAMS"]["TEST_STRING"])
                            print("Custom params: TEST_INT =", oObj["GNRL_EXTRA_PARAMS"]["TEST_INT"])
                        oResult.append(oObj["KLINCDT_ID"])
                    nStart += nStep
                return oResult
            def main():    
                server = KlAkOAPI.AdmServer.KlAkAdmServer.Create("https://ksc.example.com:13299", "username", "password", verify = False)                
                FindHostIncidents(server, "KLINCDT_IS_HANDLED=1")