Kaspersky Industrial CyberSecurity for Networks Public API (v3)

Download OpenAPI specification:Download

Public API for external connectors

Authentication

Bearer authentication

All API methods must include the access token used to authenticate and authorize calls in the request header. Specifying an access token in a URI is not supported. Not specifying an access token in these cases results in a returned 401 error code.

Security Scheme Type HTTP
HTTP Authorization Scheme bearer
Bearer format "JWT"

About

Product information - Kaspersky Industrial CyberSecurity for Networks release version and list of installed components and their versions.
You can get product version and component info from Kaspersky Industrial CyberSecurity for Networks by using the about api methods.

Get information about the Kaspersky Industrial CyberSecurity for Networks version.

path Parameters
version
required
string

Responses

Response samples

Content type
application/json
{
  • "version": "3.1.0.131",
  • "updateableComponents": [
    ]
}

AllowRules

Allowing rules are rules for reducing the number of repeated events that do not require operator attention in Kaspersky Industrial CyberSecurity for Networks. You can get allowing rules from Kaspersky Industrial CyberSecurity for Networks by using the allowing rules api methods.

Query single allowing rule.

path Parameters
id
required
integer <int64> >= 1

ID of the requested allowing rule.

version
required
string

Responses

Response samples

Content type
application/json
{
  • "commands": "ADD; CHECKPOINT LOAD; CHECKPOINT LOAD FINISH; CHECKPOINT LOAD INIT - RESPONSE; CHECKPOINT LOAD STOP",
  • "protocols": "Foxboro FCP280/FCP270 - device interaction",
  • "isDpiDetectable": false,
  • "addressType": "Ip",
  • "timestampCreated": "2020-10-26T10:15:06",
  • "timestampModified": "2020-10-26T11:15:06",
  • "monitoringPoint": "",
  • "monitoringPointTimestampDeleted": null,
  • "id": 12369,
  • "isActive": true,
  • "ruleType": "Nic",
  • "side1": {
    },
  • "side2": {
    },
  • "comment": "",
  • "isAutoGenerated": true,
  • "eventType": "",
  • "eventTypeId": 0,
  • "triggeredRule": ""
}

Edit existing allowing rule.

You can edit allowing rule data in Kaspersky Industrial CyberSecurity for Networks by using this API.

path Parameters
id
required
integer <int64> >= 1

ID of the edited allowing rule.

version
required
string
Request Body schema:

Parameters of the edited allowing rule:

  • IsActive
isActive
required
boolean

State of activity of allowing rule.

Responses

Request samples

Content type
{
  • "isActive": true
}

Remove existing allowing rule.

You can remove allowing rules from Kaspersky Industrial CyberSecurity for Networks by using this API.

path Parameters
id
required
integer <int64> >= 1

ID of the removed allowing rule.

version
required
string

Responses

Query several allowing rules.

Returns a specified number of allowing rules starting from a certain offset (but not including rules with specified offset). You can specify filtering and paging options for rules. By default, allowing rules are not sorted. You should use {sort} property from argument to specify sort order.
Fields that can be used for filtering:

  • Id
  • IsActive
  • RuleType
  • Commands
  • Protocols
  • TimestampCreated
  • TimestampModified
  • TriggeredRule
  • MonitoringPoint
  • EventType
  • IsAutoGenerated

Fields that can be used for sorting:
  • Id
path Parameters
version
required
string
Request Body schema:

Query argument. This lets you define the parameters for filtering and sorting, the offset and maximum number of allowing rules in the returned results.

filter
object Nullable

Filtering parameters. To define a filter in a query, an array of filtering conditions is passed in the filter object:

  1. Each item of this array indicates the name of the field to be used for filtering and the filter conditions.
  2. If no filtering conditions are defined (there is no object filtering array or it is empty), all objects of the specific type are returned.
  3. To configure filtering in a query, the filter object containing an array of conditions is defined. An item of this array can be either a condition or a group of conditions in the form of a conditions array. The maximum nesting of groups is three levels (including the first).
  4. Each condition can have the following parameters:
    • field (required) - object field name from the table of fields of the specific object type in camelCase. Subparameters are indicated after a colon (example - IP address of the source field: "source:ipAddress").
    • condition(optional) - condition for the field value. Supported options:
      • "=" - equals. This is also used if this parameter is not defined.
      • "<>" - does not equal.
      • ">" - the value of field is larger than value. Applicable only to numerical and time values.
      • ">=" - the value of field is larger than or equal to value. Applicable only to numerical and time values.
      • "<" - the value of field is less than value. Applicable only to numerical and time values.
      • "<=" - the value of field is less than or equal to value. Applicable only to numerical and time values.
      • "IsEmpty" - the value of field is empty. Value is ignored.
      • "IsOneOf" - the value of field is empty or is equal to one of the values in the value array. Value contains an array of possible values.
    • value - value or values that are compared.
      • Members of enums are indicated as strings in the English locale without spaces, special characters, or anything indicated in brackets. Examples: "DPI", "Warning", "EngineeringWorkstation".
      • Dates are indicated in ISO_8601 format with full indication of all parts of the date and time. Example: "2020-10-25T17:32:25.707Z".
    • operator - logical operation that merges this condition with other conditions and groups of conditions at the specific level. The operator of the first top-level condition is ignored. The operator of the first condition in a group is considered to be the operator of this group. Supported options:
      • "and" - the condition is added by AND. It is also used if this parameter is not defined.
      • "or" - the condition is added by OR.
    • Parsing of the values of parameters and all comparisons are not case sensitive.
    • If an unsupported parameter value is defined, the "Incorrect parameters" error is returned with the name and value of the parameter.

Example of a simple condition with an AND conjunction.

{
        "query":
        {
            ...
            "filter":
            [
                {
                    "field": "propName3",
                    "condition": "isOneOf",
                    "value": ["DPI", "NIC", "CC"],
                },
                {
                    "field": "propName4",
                    "condition": ">=",
                    "value": "2020-10-27T17:32:25.806Z"
                }
            ]
        }
}

Example of a set of conditions with a nested conditions group in which the conditions are merged by OR, while the top-level conditions are merged by AND:

{
        "query":
        {
            ...
            "filter":
            [
                [
                    {
                        "field": "propName1",
                        "condition": ">=",
                        "value": 10
                    },
                    {
                        "field": "propName1",
                        "value": 1,
                        "operator": "or"
                    }
                ],
                {
                    "field": "propName3",
                    "condition": "isOneOf",
                    "value": ["DPI", "NIC", "CC"]
                },
                {
                    "field": "propName4",
                    "condition": ">=",
                    "value": "2020-10-27T17:32:25.806Z"
                }
            ]
        }     
}
Array of objects (ColumnOrderDto) Nullable

Sorting results. The list of columns that can participate in sorting depends on the type of requested data. A full list is provided in the description of the corresponding paging method.

offset
integer <int32> [ 0 .. 2147483647 ] Nullable

0-based index of the item in the full list where the results must begin. If no offset is specified, the results return the data beginning at the start of the full list.

limit
integer <int32> [ 0 .. 1000 ] Nullable

Maximum number of items in the results. If no limit is specified, the results return all data beginning from the offset or from the start of the list depending on whether an offset is defined.

Responses