Kaspersky Industrial CyberSecurity for Networks event configuration variables

You can use Kaspersky Industrial CyberSecurity for Networks variables in the following cases:

• When creating and modifying custom event types.
• When configuring the settings for relaying events by email.

In place of the specified variables, the Server automatically inserts the current values of settings when registering or relaying an event.

In the settings of custom event types, you can use the following variables for the Title and Description entry fields:

• $communications – lines of the description of network interactions (one line for each network interaction) indicating the protocol and addresses of the network packet source and destination.
• $dst_address – address of the network packet destination (depending on the data available in the protocol, this can be an IP address, port number, MAC address and/or other address data).
• $Event_type_id – code of the event type.
• $monitoring_point – name of the monitoring point whose traffic invoked registration of the event.
• $occurred – date and time of event registration.
• $protocol – name of the application-level protocol that was being monitored when the event was registered.
• $src_address – address of the network packet source (depending on the data available in the protocol, this can be an IP address, port number, MAC address and/or other address data).
• $tags is the list of all names and values of tags participating in the Process Control rule.
• $technology_rule – name of the Process Control rule by which the event was registered.
• $top_level_protocol – name of the top-level protocol.
• $extra.<paramName> – additional variable added using the AddEventParam function for an external system or Lua script.

In the Email recipient settings, you can use the following variables for the Event template entry field:

• $closed – date and time when the Resolved status was assigned or the date and time of the event regenerate timeout (for events that are not incidents), or the date and time of registration of the last event included in the incident (for incidents).
• $communications – lines of the description of network interactions (one line for each network interaction) indicating the protocol and addresses of the network packet source and destination.
• $count – number of times an event or incident was triggered.
• $description – event description.
• $Event_id – unique ID of the registered event.
• $Event_type_id – code of the event type.
• $monitoring_point – name of the monitoring point whose traffic invoked registration of the event.
• $occurred – date and time of event registration.
• $severity – importance level of the event.
• $technology – technology associated with the event.
• $technology_rule – name of the rule by which the event was registered.
• $title – event title.

In the Email recipient settings, for the Text of notification entry field, you can use the $events variable only. The variable is replaced by a list of lines containing information about events. Each line will correspond to an event with the current values of variables from the Event template field.

To insert a variable into the entry field:

1. Set the cursor in the necessary position of the entry field in which you want to use the variable.
2. Click the Add variable button or enter the $ character (the $ character needs to be separated from the preceding word by a space).

   The entry field next to the cursor will display a drop-down list of available variables.

3. Select the relevant variable from the drop-down list.

The variable will be added to the entry field and will be distinguished by a special font.

Page top