Kaspersky Automated Security Awareness Platform response

Event field name

Field value

DeviceAction

KASAP response

DeviceFacility

manual response

EventOutcome

succeeded or failed

Message

Description of the error, if an error occurred, otherwise the field is empty.

SourceTranslatedAddress

This field contains the value of the HTTP header x-real-ip or x-forwarded-for. If these headers are absent, the field will be empty.

SourceAddress

The address from which the user logged in. If the user logged in using a proxy, there will be a proxy address.

SourcePort

Port from which the user logged in. If the user logged in using a proxy, there will be a port on the proxy side.

SourceUserName

Login of the user who sent the request.

SourceUserID

ID of the user who sent the request.

DeviceCustomString1

The manager of the user to whom the course is assigned.

DeviceCustomString1Label

manager

DeviceCustomString3

Information about the group where the user belonged. Not available for failed.

DeviceCustomString3Label

manager

DeviceCustomString4

Information about the group where the user was added.

DeviceCustomString4Label

new kasap group

DeviceCustomString5

Tenant ID.

DeviceCustomString5Label

tenant ID

DeviceCustomString6

Tenant name.

DeviceCustomString6Label

tenant name

DestinationUserID

ID of the Active Directory user account which causes the response.

DestinationUserName

Account name (sAMAccountName).

DestinationNtDomain

Domain of the Active Directory user account which causes the response.

Page top