Kaspersky Security Center can notify the administrator about events on client devices by running an executable file. The executable file must contain another executable file with placeholders of the event to be relayed to the administrator (see the table below).
Placeholders for describing an event
Placeholder |
Placeholder description |
|---|---|
%SEVERITY% |
Event severity. Possible values:
|
%COMPUTER% |
Name of the device where the event occurred. Maximum length of the device name is 256 characters. |
%DOMAIN% |
Domain name of the device where the event occurred. |
%EVENT% |
Name of the event type. Maximum length of the event type name is 50 characters. |
%DESCR% |
Event description. Maximum length of the description is 1000 characters. |
%RISE_TIME% |
Event creation time. |
%KLCSAK_EVENT_TASK_DISPLAY_NAME% |
Task name. Maximum length of the task name is 100 characters. |
%KL_PRODUCT% |
Product name. |
%KL_VERSION% |
Product version number. |
%KLCSAK_EVENT_SEVERITY_NUM% |
Event severity number. Possible values:
|
%HOST_IP% |
IP address of the device where the event occurred. |
%HOST_CONN_IP% |
Connection IP address of the device where the event occurred. |
Example: Event notifications are sent by an executable file (such as script1.bat) inside which another executable file (such as script2.bat) with the %COMPUTER% placeholder is launched. When an event occurs, the script1.bat file is run on the administrator's device, which, in turn, runs the script2.bat file with the %COMPUTER% placeholder. The administrator then receives the name of the device where the event occurred. |