Kaspersky Industrial CyberSecurity for Networks Public API (v3)

Download OpenAPI specification:Download

Public API for external connectors


Bearer authentication

All API methods must include an access token to authenticate and authorize calls in a request header. Specifying an access token in a URI is not supported. Not specifying an access token in these cases results in a returned 401 error code.

Security Scheme Type HTTP
HTTP Authorization Scheme bearer
Bearer format "JWT"


Product information includes Kaspersky Industrial CyberSecurity for Networks release version and a list of installed components and their versions.

You can get product version and component information from Kaspersky Industrial CyberSecurity for Networks using the about API methods.

Getting product information

path Parameters


Response samples

Content type
  • "version": "",
  • "updateableComponents": [


Allowing rules are rules for reducing the number of repeated events that do not require operator attention in Kaspersky Industrial CyberSecurity for Networks. You can get allowing rules from Kaspersky Industrial CyberSecurity for Networks using the allowing rules API methods.

Querying a single allowing rule

path Parameters
integer <int64> >= 1

ID of the requested allowing rule.



Response samples

Content type
  • "protocols": "Foxboro FCP280/FCP270 - device interaction",
  • "isDpiDetectable": false,
  • "addressType": "Ip",
  • "timestampCreated": "2020-10-26T10:15:06",
  • "timestampModified": "2020-10-26T11:15:06",
  • "monitoringPoint": "",
  • "monitoringPointTimestampDeleted": null,
  • "id": 12369,
  • "isActive": true,
  • "ruleType": "Nic",
  • "side1": {
  • "side2": {
  • "comment": "",
  • "isAutoGenerated": true,
  • "eventType": "",
  • "eventTypeId": 0,
  • "triggeredRule": ""

Editing an existing allowing rule

You can edit allowing rule data in Kaspersky Industrial CyberSecurity for Networks using this API.

path Parameters
integer <int64> >= 1

ID of the allowing rule that you want to edit.

Request Body schema:

Parameters of the allowing rule to edit:

  • IsActive

Activity state of the allowing rule.


Request samples

Content type
  • "isActive": true

Removing an existing allowing rule

You can remove allowing rules from Kaspersky Industrial CyberSecurity for Networks using this API.

path Parameters
integer <int64> >= 1

ID of the allowing rule that you want to remove.



Querying several allowing rules

You can get several allowing rules starting from a certain offset, not including the rules with the specified offset. You can specify filtering and paging options for the rules. By default, allowing rules are not sorted. Use the sort property from argument to specify sorting order.

You can use the following fields for filtering:

  • Id
  • IsActive
  • RuleType
  • Commands
  • Protocols
  • TimestampCreated
  • TimestampModified
  • TriggeredRule
  • MonitoringPoint
  • EventType
  • IsAutoGenerated

You can use the following fields for sorting:

  • Id
path Parameters
Request Body schema:

Query argument. Specify the argument to define the parameters for filtering and sorting, such as an offset and a maximum number of allowing rules in the returned results.

object Nullable

Filtering parameters. To define a filter, pass an array of filtering conditions to the filter object:

  1. Each item in the array indicates a name of the field to be used for filtering and filtering conditions.
  2. If no filtering conditions are defined (there is no object filtering array or it is empty), all objects of the specified type are returned.
  3. To configure filtering, define a filter object containing an array of conditions. Each item in the array can be a condition or a group of conditions in the form of an array. The maximum nesting of groups is three levels, including the first.
  4. Each filtering condition can have the following parameters:
    • field (required)—Object field name from the table of fields of the specific object type, in the camelCase format. Specify subparameters after a colon. For example, to specify an IP address of a source field, use "source:ipAddress".
    • condition (optional)—Filtering condition for the field value. Supported values:
      • "="—Equals. This value is also used if this parameter is not defined.
      • "<>"—Does not equal.
      • ">"—Field value is larger than the value in the value array. Use only for numeric and time values.
      • ">="—Field value is larger than or equals to the value in the value array. Use only for numeric and time values.
      • "<"—Field value is less than the value in a value array. Use only for numeric and time values.
      • "<="—Field value is less than or equals to the value in a value array. Use only for numeric and time values.
      • "IsEmpty"—Field value is empty. The value in the value array is ignored.
      • "IsOneOf"—Field value is empty or equals to one of the values in the value array. The value array contains an array of possible values.
    • value—Value or values with which the field is compared.
      • Specify elements of enums as strings in the English locale without spaces, special characters, or brackets. For example, "DPI", "Warning", "EngineeringWorkstation".
      • Specify dates in the ISO 8601 format with full indication of all parts of the date and time. For example, "2020-10-25T17:32:25.707Z".
    • operator—Logical operator that combines conditions and condition groups at a specific level. The operator in the first top-level condition is ignored. The operator in the first condition in a group is considered to be the operator of this group. Supported values:
      • "and"—Condition is added with the AND operator. This operator is also used if the parameter is not defined.
      • "or"—Condition is added with the OR operator.
    • Parameter values and all comparisons are not case sensitive.
    • If an unsupported parameter value is defined, the "Incorrect parameters" error is returned with the name and value of the parameter.

Example of a simple condition with the AND operator.

                    "field": "propName3",
                    "condition": "isOneOf",
                    "value": ["DPI", "NIC", "CC"],
                    "field": "propName4",
                    "condition": ">=",
                    "value": "2020-10-27T17:32:25.806Z"

Example of a set of conditions with a nested condition group. The conditions in the group are combined with the OR operator, while the top-level conditions are combined with the AND operator.

                        "field": "propName1",
                        "condition": ">=",
                        "value": 10
                        "field": "propName1",
                        "value": 1,
                        "operator": "or"
                    "field": "propName3",
                    "condition": "isOneOf",
                    "value": ["DPI", "NIC", "CC"]
                    "field": "propName4",
                    "condition": ">=",
                    "value": "2020-10-27T17:32:25.806Z"
Array of objects (ColumnOrderDto) Nullable

Sorting parameters. A list of columns that can be sorted depends on the type of requested data. A full list is provided in the description of the corresponding paging method.

integer <int32> [ 0 .. 2147483647 ] Nullable

Zero-based index of the item in the full list from which the sorting must begin. If no offset is specified, the sorting results start at the beginning of the full list.

integer <int32> [ 0 .. 1000 ] Nullable

Maximum number of items in the results. If no limit is specified, the method returns all data beginning from the offset.


Request samples

Content type
  • "filter": [
  • "sort": [
  • "offset": 200,
  • "limit": 100

Response samples

Content type
  • "offset": 200,
  • "limit": 100,
  • "values": [


An application message log stores information about errors in application operation and errors in operations performed by system processes of Kaspersky Industrial CyberSecurity for Networks.

You can get application messages from Kaspersky Industrial CyberSecurity for Networks using the application messages API methods.

Querying several application messages

You can get several application messages starting from a certain offset, not including the application message with the specified offset. You can specify filtering and paging options for the application messages. By default, application messages are not sorted. Use the sort property from argument to specify sorting order.

You can use the following fields for filtering:

  • id
  • date
  • status
  • node
  • systemProcess
  • descriptionId

You can use the following fields for sorting:

  • id
path Parameters
Request Body schema:

Query argument. Specify the argument to define the parameters for filtering and sorting, such as an offset and a maximum number of application messages in the returned results.

object Nullable

Filtering parameters. To define a filter, pass an array of filtering conditions to the filter object:

  1. Each item in the array indicates a name of the field to be used for filtering and filtering conditions.
  2. If no filtering conditions are defined (there is no object filtering array or it is empty), all objects of the specified type are returned.
  3. To configure filtering, define a filter object containing an array of conditions. Each item in the array can be a condition or a group of conditions in the form of an array. The maximum nesting of groups is three levels, including the first.
  4. Each filtering condition can have the following parameters:
    • field (required)—Object field name from the table of fields of the specific object type, in the camelCase format. Specify subparameters after a colon. For example, to specify an IP address of a source field, use "source:ipAddress".
    • condition (optional)—Filtering condition for the field value. Supported values:
      • "="—Equals. This value is also used if this parameter is not defined.
      • "<>"—Does not equal.
      • ">"—Field value is larger than the value in the value array. Use only for numeric and time values.
      • ">="—Field value is larger than or equals to the value in the value array. Use only for numeric and time values.
      • "<"—Field value is less than the value in a value array. Use only for numeric and time values.
      • "<="—Field value is less than or equals to the value in a value array. Use only for numeric and time values.
      • "IsEmpty"—Field value is empty. The value in the value array is ignored.
      • "IsOneOf"—Field value is empty or equals to one of the values in the value array. The value array contains an array of possible values.
    • value—Value or values with which the field is compared.
      • Specify elements of enums as strings in the English locale without spaces, special characters, or brackets. For example, "DPI", "Warning", "EngineeringWorkstation".
      • Specify dates in the ISO 8601 format with full indication of all parts of the date and time. For example, "2020-10-25T17:32:25.707Z".
    • operator—Logical operator that combines conditions and condition groups at a specific level. The operator in the first top-level condition is ignored. The operator in the first condition in a group is considered to be the operator of this group. Supported values:
      • "and"—Condition is added with the AND operator. This operator is also used if the parameter is not defined.
      • "or"—Condition is added with the OR operator.
    • Parameter values and all comparisons are not case sensitive.
    • If an unsupported parameter value is defined, the "Incorrect parameters" error is returned with the name and value of the parameter.

Example of a simple condition with the AND operator.

                    "field": "propName3",
                    "condition": "isOneOf",
                    "value": ["DPI", "NIC", "CC"],
                    "field": "propName4",
                    "condition": ">=",
                    "value": "2020-10-27T17:32:25.806Z"

Example of a set of conditions with a nested condition group. The conditions in the group are combined with the OR operator, while the top-level conditions are combined with the AND operator.

                        "field": "propName1",
                        "condition": ">=",
                        "value": 10
                        "field": "propName1",
                        "value": 1,
                        "operator": "or"
                    "field": "propName3",
                    "condition": "isOneOf",
                    "value": ["DPI", "NIC", "CC"]
                    "field": "propName4",
                    "condition": ">=",
                    "value": "2020-10-27T17:32:25.806Z"
Array of objects (ColumnOrderDto) Nullable

Sorting parameters. A list of columns that can be sorted depends on the type of requested data. A full list is provided in the description of the corresponding paging method.

integer <int32> [ 0 .. 2147483647 ] Nullable

Zero-based index of the item in the full list from which the sorting must begin. If no offset is specified, the sorting results start at the beginning of the full list.

integer <int32> [ 0 .. 1000 ] Nullable

Maximum number of items in the results. If no limit is specified, the method returns all data beginning from the offset.


Request samples

Content type
  • "filter": [
  • "sort": [
  • "offset": 200,
  • "limit": 100

Response samples

Content type
  • "offset": 200,
  • "limit": 100,
  • "values": [


Kaspersky Industrial CyberSecurity for Networks can save information about actions that users performed in the application.

Information is saved in the audit log if user activity audit is enabled.

You can get audit entries from Kaspersky Industrial CyberSecurity for Networks using the audit messages API methods.

Querying several audit entries

You can get a specified number of audit entries starting from a certain offset, not including the audit entry with the specified offset. You can specify filtering and paging options for the audit entries. By default, audit entries are not sorted. Use the sort property from argument to specify sorting order.

You can use the following fields for filtering:

  • id
  • date
  • node
  • user
  • action
  • result

You can use the following fields for sorting:

  • id
path Parameters
Request Body schema:

Query argument. Specify the argument to define the parameters for filtering and sorting, such as an offset and a maximum number of audit entries in the returned results.

object Nullable

Filtering parameters. To define a filter, pass an array of filtering conditions to the filter object:

  1. Each item in the array indicates a name of the field to be used for filtering and filtering conditions.
  2. If no filtering conditions are defined (there is no object filtering array or it is empty), all objects of the specified type are returned.
  3. To configure filtering, define a filter object containing an array of conditions. Each item in the array can be a condition or a group of conditions in the form of an array. The maximum nesting of groups is three levels, including the first.
  4. Each filtering condition can have the following parameters:
    • field (required)—Object field name from the table of fields of the specific object type, in the camelCase format. Specify subparameters after a colon. For example, to specify an IP address of a source field, use "source:ipAddress".
    • condition (optional)—Filtering condition for the field value. Supported values:
      • "="—Equals. This value is also used if this parameter is not defined.
      • "<>"—Does not equal.
      • ">"—Field value is larger than the value in the value array. Use only for numeric and time values.
      • ">="—Field value is larger than or equals to the value in the value array. Use only for numeric and time values.
      • "<"—Field value is less than the value in a value array. Use only for numeric and time values.
      • "<="—Field value is less than or equals to the value in a value array. Use only for numeric and time values.
      • "IsEmpty"—Field value is empty. The value in the value array is ignored.
      • "IsOneOf"—Field value is empty or equals to one of the values in the value array. The value array contains an array of possible values.
    • value—Value or values with which the field is compared.
      • Specify elements of enums as strings in the English locale without spaces, special characters, or brackets. For example, "DPI", "Warning", "EngineeringWorkstation".
      • Specify dates in the ISO 8601 format with full indication of all parts of the date and time. For example, "2020-10-25T17:32:25.707Z".
    • operator—Logical operator that combines conditions and condition groups at a specific level. The operator in the first top-level condition is ignored. The operator in the first condition in a group is considered to be the operator of this group. Supported values:
      • "and"—Condition is added with the AND operator. This operator is also used if the parameter is not defined.
      • "or"—Condition is added with the OR operator.
    • Parameter values and all comparisons are not case sensitive.
    • If an unsupported parameter value is defined, the "Incorrect parameters" error is returned with the name and value of the parameter.

Example of a simple condition with the AND operator.

                    "field": "propName3",
                    "condition": "isOneOf",
                    "value": ["DPI", "NIC", "CC"],
                    "field": "propName4",
                    "condition": ">=",
                    "value": "2020-10-27T17:32:25.806Z"

Example of a set of conditions with a nested condition group. The conditions in the group are combined with the OR operator, while the top-level conditions are combined with the AND operator.

                        "field": "propName1",
                        "condition": ">=",
                        "value": 10
                        "field": "propName1",
                        "value": 1,
                        "operator": "or"
                    "field": "propName3",
                    "condition": "isOneOf",
                    "value": ["DPI", "NIC", "CC"]
                    "field": "propName4",
                    "condition": ">=",
                    "value": "2020-10-27T17:32:25.806Z"
Array of objects (ColumnOrderDto) Nullable

Sorting parameters. A list of columns that can be sorted depends on the type of requested data. A full list is provided in the description of the corresponding paging method.

integer <int32> [ 0 .. 2147483647 ] Nullable

Zero-based index of the item in the full list from which the sorting must begin. If no offset is specified, the sorting results start at the beginning of the full list.

integer <int32> [ 0 .. 1000 ] Nullable

Maximum number of items in the results. If no limit is specified, the method returns all data beginning from the offset.


Request samples

Content type
  • "filter": [
  • "sort": [
  • "offset": 200,
  • "limit": 100

Response samples

Content type
  • "offset": 200,
  • "limit": 100,
  • "values": [


Kaspersky Industrial CyberSecurity for Networks provides a capability for a connector to query its configuration.

You can get connector configuration information from Kaspersky Industrial CyberSecurity for Networks using the configuration API methods.

Returning information about the current connector

path Parameters


Response samples

Content type
  • "config": "- type: string\n name: address\n default: yes\n max_len: 1024\n- type: uint\n name: portNumber\n range: {from: 0, to: 65535}\n default: yes\n default_value: 0\n- type: string\n name: transportProtocol\n loc: yes\n values: [TCP, UDP]\n default: yes",
  • "eventTypesToSend": [
  • "forwardAppMessages": true,
  • "forwardAuditMessages": false


Devices are connected to the industrial network. Kaspersky Industrial CyberSecurity for Networks monitors device activity and updates information about them. It allows an administrator to make security-related decisions.

You can get a list of devices and their protocols from Kaspersky Industrial CyberSecurity for Networks using devices API methods.

You can also create, edit, and remove devices in Kaspersky Industrial CyberSecurity for Networks.

Querying several devices

You can get several devices starting from a certain offset, not including the device with the specified offset. You can specify filtering and paging options for the devices. By default, devices are not sorted. Use the sort property from argument to specify sorting order.

You can use the following fields for filtering:

  • id
  • name
  • status
  • addressInformation:macAddress
  • addressInformation:ipAddress
  • category
  • group
  • securityState
  • lastSeen
  • vulnerabilities:cveId
  • vulnerabilities:state
  • lastModified
  • created
  • os
  • hardwareVendor
  • hardwareModel
  • hardwareVersion
  • softwareVendor
  • softwareModel
  • softwareVersion
  • networkName
  • label
  • hasIndustrialConfig
  • epp:name
  • epp:rtpState
  • epp:lastSync

You can use the following fields for sorting:

  • id
path Parameters
Request Body schema:

Query argument. Specify the argument to define the parameters for filtering and sorting, such as an offset and a maximum number of devices in the returned results.

object Nullable

Filtering parameters. To define a filter, pass an array of filtering conditions to the filter object:

  1. Each item in the array indicates a name of the field to be used for filtering and filtering conditions.
  2. If no filtering conditions are defined (there is no object filtering array or it is empty), all objects of the specified type are returned.
  3. To configure filtering, define a filter object containing an array of conditions. Each item in the array can be a condition or a group of conditions in the form of an array. The maximum nesting of groups is three levels, including the first.
  4. Each filtering condition can have the following parameters:
    • field (required)—Object field name from the table of fields of the specific object type, in the camelCase format. Specify subparameters after a colon. For example, to specify an IP address of a source field, use "source:ipAddress".
    • condition (optional)—Filtering condition for the field value. Supported values:
      • "="—Equals. This value is also used if this parameter is not defined.
      • "<>"—Does not equal.
      • ">"—Field value is larger than the value in the value array. Use only for numeric and time values.
      • ">="—Field value is larger than or equals to the value in the value array. Use only for numeric and time values.
      • "<"—Field value is less than the value in a value array. Use only for numeric and time values.
      • "<="—Field value is less than or equals to the value in a value array. Use only for numeric and time values.
      • "IsEmpty"—Field value is empty. The value in the value array is ignored.
      • "IsOneOf"—Field value is empty or equals to one of the values in the value array. The value array contains an array of possible values.
    • value—Value or values with which the field is compared.
      • Specify elements of enums as strings in the English locale without spaces, special characters, or brackets. For example, "DPI", "Warning", "EngineeringWorkstation".
      • Specify dates in the ISO 8601 format with full indication of all parts of the date and time. For example, "2020-10-25T17:32:25.707Z".
    • operator—Logical operator that combines conditions and condition groups at a specific level. The operator in the first top-level condition is ignored. The operator in the first condition in a group is considered to be the operator of this group. Supported values:
      • "and"—Condition is added with the AND operator. This operator is also used if the parameter is not defined.
      • "or"—Condition is added with the OR operator.
    • Parameter values and all comparisons are not case sensitive.
    • If an unsupported parameter value is defined, the "Incorrect parameters" error is returned with the name and value of the parameter.

Example of a simple condition with the AND operator.

                    "field": "propName3",
                    "condition": "isOneOf",
                    "value": ["DPI", "NIC", "CC"],
                    "field": "propName4",
                    "condition": ">=",
                    "value": "2020-10-27T17:32:25.806Z"

Example of a set of conditions with a nested condition group. The conditions in the group are combined with the OR operator, while the top-level conditions are combined with the AND operator.

                        "field": "propName1",
                        "condition": ">=",
                        "value": 10
                        "field": "propName1",
                        "value": 1,
                        "operator": "or"
                    "field": "propName3",
                    "condition": "isOneOf",
                    "value": ["DPI", "NIC", "CC"]
                    "field": "propName4",
                    "condition": ">=",
                    "value": "2020-10-27T17:32:25.806Z"
Array of objects (ColumnOrderDto) Nullable

Sorting parameters. A list of columns that can be sorted depends on the type of requested data. A full list is provided in the description of the corresponding paging method.

integer <int32> [ 0 .. 2147483647 ] Nullable

Zero-based index of the item in the full list from which the sorting must begin. If no offset is specified, the sorting results start at the beginning of the full list.

integer <int32> [ 0 .. 1000 ] Nullable

Maximum number of items in the results. If no limit is specified, the method returns all data beginning from the offset.


Request samples

Content type
  • "filter": [
  • "sort": [
  • "offset": 200,
  • "limit": 100

Response samples

Content type
  • "offset": 200,
  • "limit": 100,
  • "values": [

Querying a single device

path Parameters
integer <int64> >= 1

ID of the requested device.



Response samples

Content type
  • "id": 123456,
  • "name": "BoilerPlc",
  • "description": "Very long description text",
  • "status": "Recognized",
  • "addressInformation": [
  • "category": "Plc",
  • "group": "group1",
  • "securityState": "Critical",
  • "lastSeen": "2020-12-15T11:17:12",
  • "lastModified": "2020-11-14T10:16:11",
  • "created": "2020-10-26T10:15:06",
  • "os": "Linux",
  • "networkName": "factory-net",
  • "hardwareVendor": "Siemens",
  • "hardwareModel": "S7-1500",
  • "hardwareVersion": "3.51",
  • "softwareVendor": "SomeCompany",
  • "softwareModel": "FirmwareOs1",
  • "softwareVersion": "1.23",
  • "isRouter": false,
  • "labels": [
  • "vulnerabilities": [
  • "processControlSettings": {
  • "attributes": [
  • "userAttributes": [
  • "epp": {

Editing an existing device

You can edit device data in Kaspersky Industrial CyberSecurity for Networks using this API.

path Parameters
integer <int64> >= 1

ID of the device that you want to edit.

Request Body schema:

Parameters of the device that you want to edit.


Allow industrial configuration editing.

string [ 1 .. 8192 ] characters

Unique name of the device.

Array of objects (DeviceAddressInformation) non-empty

MAC and IP addresses of the device.

string <= 65536 characters Nullable

Description of the device.

string (AssetStatus)
Enum: "Unauthorized" "Recognized" "Archived"
string (AssetType)
Enum: "ScadaHmi" "Rpa" "Server" "Workstation" "Plc" "EngineeringStation" "MobileDevice" "NetworkDevice" "Other" "Laptop" "HmiPanel" "Printer" "UPS" "NetworkCamera" "Gateway" "StorageSystem" "Firewall" "Switch" "VirtualSwitch" "Router" "VirtualRouter" "WiFi" "Historian"
string <= 65536 characters Nullable

Name of an operating system of the device.

string <= 65536 characters Nullable

Name of a device manufacturer.

string <= 65536 characters Nullable

Device hardware model.

string <= 65536 characters Nullable

Device hardware version.

string <= 65536 characters Nullable

Device software vendor.

string <= 65536 characters Nullable

Device software model.

string <= 65536 characters Nullable

Device software version.

string <= 65536 characters Nullable

Name used to represent the device in the network.


Identifies whether the device is a routing device.

Array of strings Nullable

List of labels assigned to the device.

Array of objects (DeviceUserAttributeData) Nullable

Any additional user-defined parameters of the device returned in pairs "Name, Value".


Request samples

Content type
  • "allowProcessControlSettingsUpdate": true,
  • "name": "BoilerPlc",
  • "addressInformation": [
  • "description": "Very long description text",
  • "status": "Recognized",
  • "category": "NetworkDevice",
  • "os": "Linux",
  • "hardwareVendor": "Siemens",
  • "hardwareModel": "S7-1500",
  • "hardwareVersion": "3.51",
  • "softwareVendor": "SomeCompany",
  • "softwareModel": "FirmwareOs1",
  • "softwareVersion": "1.23",
  • "networkName": "factory-net",
  • "isRouter": false,
  • "labels": [
  • "userAttributes": [

Response samples

Content type
  • "status": "Error",
  • "errors": [

Removing an existing device

You can remove devices from Kaspersky Industrial CyberSecurity for Networks using this API.

path Parameters
integer <int64> >= 1

ID of the device that you want to remove.



Querying device protocols

path Parameters
integer <int64> >= 1

ID of the device from which protocols are queried.



Response samples

Content type
  • {

Creating a device

You can create devices in Kaspersky Industrial CyberSecurity for Networks using this API.

path Parameters
Request Body schema:

Parameters of the created device.

string (DuplicateAction)
Enum: "Skip" "Overwrite"

Allow loss of industrial configuration.

string [ 1 .. 8192 ] characters

Unique name of the device.

Array of objects (DeviceAddressInformation) non-empty

MAC and IP addresses of the device.

string <= 65536 characters Nullable

Description of the device.

string (AssetStatus)
Enum: "Unauthorized" "Recognized" "Archived"
string (AssetType)
Enum: "ScadaHmi" "Rpa" "Server" "Workstation" "Plc" "EngineeringStation" "MobileDevice" "NetworkDevice" "Other" "Laptop" "HmiPanel" "Printer" "UPS" "NetworkCamera" "Gateway" "StorageSystem" "Firewall" "Switch" "VirtualSwitch" "Router" "VirtualRouter" "WiFi" "Historian"
string <= 65536 characters Nullable

Name of an operating system of the device.

string <= 65536 characters Nullable

Name of a device manufacturer.

string <= 65536 characters Nullable

Device hardware model.

string <= 65536 characters Nullable

Device hardware version.

string <= 65536 characters Nullable

Device software vendor.

string <= 65536 characters Nullable

Device software model.

string <= 65536 characters Nullable

Device software version.

string <= 65536 characters Nullable

Name used to represent the device in the network.


Identifies whether the device is a routing device.

Array of strings Nullable

List of labels assigned to the device.

Array of objects (DeviceUserAttributeData) Nullable

Any additional user-defined parameters of the device returned in pairs "Name, Value".


Request samples

Content type
  • "whatIfDuplicate": "Skip",
  • "allowProcessControlSettingsLoss": true,
  • "name": "BoilerPlc",
  • "addressInformation": [
  • "description": "Very long description text",
  • "status": "Recognized",
  • "category": "NetworkDevice",
  • "os": "Linux",
  • "hardwareVendor": "Siemens",
  • "hardwareModel": "S7-1500",
  • "hardwareVersion": "3.51",
  • "softwareVendor": "SomeCompany",
  • "softwareModel": "FirmwareOs1",
  • "softwareVersion": "1.23",
  • "networkName": "factory-net",
  • "isRouter": false,
  • "labels": [
  • "userAttributes": [

Response samples

Content type
  • "status": "Created",
  • "deviceId": 12345


Events are messages generated by Kaspersky Industrial CyberSecurity for Networks in response to probably malicious industrial network traffic, detected attacks, and other security-related data. You can get events from Kaspersky Industrial CyberSecurity for Networks using the events API methods. In addition, you can register your own events in Kaspersky Industrial CyberSecurity for Networks. Kaspersky Industrial CyberSecurity for Networks handles these events as it does any other events.

Querying several events

You can get several events starting from a certain offset, not including event with specified offset. You can specify filtering and paging options for the events. By default, events are not sorted. Use the sort property from argument to specify sorting order.

You can use the following fields for filtering:

  • startTime
  • lastSeenTime
  • title
  • severity
  • source:ipAddress
  • source:port
  • source:macAddress
  • source:applicationLevelAddress
  • destination:ipAddress
  • destination:port
  • destination:macAddress
  • destination:applicationLevelAddress
  • vlanId
  • protocol
  • technology
  • totalAppearances
  • id
  • status
  • triggeredRule
  • monitoringPointId
  • eventType
  • mark
  • origin

You can use the following fields for sorting:

  • id
path Parameters
Request Body schema:

Query argument. Specify the argument to define the parameters for filtering and sorting, such as an offset and a maximum number of events in the returned results.

object Nullable

Filtering parameters. To define a filter, pass an array of filtering conditions to the filter object:

  1. Each item in the array indicates a name of the field to be used for filtering and filtering conditions.
  2. If no filtering conditions are defined (there is no object filtering array or it is empty), all objects of the specified type are returned.
  3. To configure filtering, define a filter object containing an array of conditions. Each item in the array can be a condition or a group of conditions in the form of an array. The maximum nesting of groups is three levels, including the first.
  4. Each filtering condition can have the following parameters:
    • field (required)—Object field name from the table of fields of the specific object type, in the camelCase format. Specify subparameters after a colon. For example, to specify an IP address of a source field, use "source:ipAddress".
    • condition (optional)—Filtering condition for the field value. Supported values:
      • "="—Equals. This value is also used if this parameter is not defined.
      • "<>"—Does not equal.
      • ">"—Field value is larger than the value in the value array. Use only for numeric and time values.
      • ">="—Field value is larger than or equals to the value in the value array. Use only for numeric and time values.
      • "<"—Field value is less than the value in a value array. Use only for numeric and time values.
      • "<="—Field value is less than or equals to the value in a value array. Use only for numeric and time values.
      • "IsEmpty"—Field value is empty. The value in the value array is ignored.
      • "IsOneOf"—Field value is empty or equals to one of the values in the value array. The value array contains an array of possible values.
    • value—Value or values with which the field is compared.
      • Specify elements of enums as strings in the English locale without spaces, special characters, or brackets. For example, "DPI", "Warning", "EngineeringWorkstation".
      • Specify dates in the ISO 8601 format with full indication of all parts of the date and time. For example, "2020-10-25T17:32:25.707Z".
    • operator—Logical operator that combines conditions and condition groups at a specific level. The operator in the first top-level condition is ignored. The operator in the first condition in a group is considered to be the operator of this group. Supported values:
      • "and"—Condition is added with the AND operator. This operator is also used if the parameter is not defined.
      • "or"—Condition is added with the OR operator.
    • Parameter values and all comparisons are not case sensitive.
    • If an unsupported parameter value is defined, the "Incorrect parameters" error is returned with the name and value of the parameter.

Example of a simple condition with the AND operator.

                    "field": "propName3",
                    "condition": "isOneOf",
                    "value": ["DPI", "NIC", "CC"],
                    "field": "propName4",
                    "condition": ">=",
                    "value": "2020-10-27T17:32:25.806Z"

Example of a set of conditions with a nested condition group. The conditions in the group are combined with the OR operator, while the top-level conditions are combined with the AND operator.

                        "field": "propName1",
                        "condition": ">=",
                        "value": 10
                        "field": "propName1",
                        "value": 1,
                        "operator": "or"
                    "field": "propName3",
                    "condition": "isOneOf",
                    "value": ["DPI", "NIC", "CC"]
                    "field": "propName4",
                    "condition": ">=",
                    "value": "2020-10-27T17:32:25.806Z"
Array of objects (ColumnOrderDto) Nullable

Sorting parameters. A list of columns that can be sorted depends on the type of requested data. A full list is provided in the description of the corresponding paging method.

integer <int32> [ 0 .. 2147483647 ] Nullable

Zero-based index of the item in the full list from which the sorting must begin. If no offset is specified, the sorting results start at the beginning of the full list.

integer <int32> [ 0 .. 1000 ] Nullable

Maximum number of items in the results. If no limit is specified, the method returns all data beginning from the offset.


Request samples

Content type
  • "filter": [
  • "sort": [
  • "offset": 200,
  • "limit": 100

Response samples

Content type
  • "offset": 200,
  • "limit": 100,
  • "values": [

Querying a single event

path Parameters
integer <int64> >= 1

ID of the requested event.



Response samples

Content type
  • "id": 123456,
  • "eventType": 123123,
  • "title": "Something happened",
  • "severity": "Warning",
  • "startTime": "2020-10-27T17:32:25Z",
  • "lastSeenTime": "2020-10-27T17:32:26Z",
  • "endTime": "2020-10-27T17:32:26Z",
  • "protocol": "Modbus",
  • "communications": [
  • "technology": "Dpi",
  • "totalAppearances": 10,
  • "status": "Proposed",
  • "description": "Very long description text",
  • "triggeredRule": "Rule name",
  • "triggeredRuleId": 123,
  • "monitoringPoint": "Mpoint 1",
  • "monitoringPointId": 1,
  • "monitoringPointDeletedTime": "2020-10-26T10:15:06",
  • "mark": 0,
  • "origin": "System",
  • "childrenCount": 6,
  • "assets": [
  • "params": [
  • "vulnerabilities": [

Editing an existing event

You can edit event data in Kaspersky Industrial CyberSecurity for Networks using this API.

path Parameters
integer <int64> >= 1

ID of the event that you want to edit.

Request Body schema:

Parameters of the event to edit:

  • status
  • mark
string (EventUserState)
Enum: "Proposed" "Active" "Resolved"
integer <int32> Nullable

Numeric value from 0 to 7 that represents a selection of icons that you can set for any event or incident to find events and incidents based on criteria that are not in the table.


Request samples

Content type
  • "status": "Active",
  • "mark": 1

Response samples

Content type

Registering an event

You can register events in Kaspersky Industrial CyberSecurity for Networks using this API.

path Parameters
Request Body schema:

Parameters of the event that you want to register.

string [ 1 .. 4096 ] characters

Title defined for the event type.

string (EventSeverity)
Enum: "Info" "Warning" "Critical"
string <date-time>

For an event that is not an incident: date and time when the event was registered. For an incident: date and time when the first event included in the incident was registered.

string <date-time>

For an event that is not an incident: date and time when the event last occurred. It may contain date and time when the event was registered, or date and time when the value of an event regenerate counter increased if the conditions for event registration were repeated during the event regenerate timeout.

string <date-time>

For an event that is not an incident: date and time when the Resolved status was assigned, or date and time of the event regenerate timeout. For an incident: the latest date and time of the end of events that are part of the incident.

integer <int32> [ 0 .. 2147483647 ] Nullable

For an event that is not an incident: value of a regenerate counter after the event was registered within the event regenerate timeout.

string [ 0 .. 32000 ] characters Nullable

Description specified for the event type.

string [ 0 .. 4096 ] characters Nullable

For an event that is not an incident: name of a Process Control rule or an Intrusion Detection rule that was triggered and caused event registration. For an incident: name of a correlation rule that was triggered and caused incident registration.

integer <int32> [ 0 .. 65535 ] Nullable

Identifier of the monitoring point whose traffic invoked registration of the event.

integer <int32> [ 0 .. 7 ] Nullable

Numeric value from 0 to 7 that represents a selection of icons that you can set for any event or incident to find events and incidents based on criteria that are not in the table.

string (EventOrigin)
Enum: "Unknown" "System" "User"
object Nullable

Array of name-value pairs that are additional parameters of the event.


Request samples

Content type
  • "title": "Something happened",
  • "severity": "Warning",
  • "startTime": "2020-10-27T17:32:25Z",
  • "lastSeenTime": "2020-10-27T17:32:26Z",
  • "endTime": "2020-10-27T17:32:26Z",
  • "totalAppearances": 10,
  • "description": "Very long description text",
  • "triggeredRuleName": "Rule name",
  • "monitoringPointId": 1,
  • "mark": 0,
  • "origin": "System",
  • "params": {

Response samples

Content type
  • "errorMessage": "Error message text"

Querying traffic for several events

You can get a ZIP file with traffic associated with several events. The traffic can be filtered and sorted in the same way as for the QueryEvents() method.

path Parameters
Request Body schema:

Query argument. Specify the argument to define parameters for filtering and sorting, such as an offset and a maximum number of events in the returned results.

object Nullable

Filtering parameters. To define a filter, pass an array of filtering conditions to the filter object:

  1. Each item in the array indicates a name of the field to be used for filtering and filtering conditions.
  2. If no filtering conditions are defined (there is no object filtering array or it is empty), all objects of the specified type are returned.
  3. To configure filtering, define a filter object containing an array of conditions. Each item in the array can be a condition or a group of conditions in the form of an array. The maximum nesting of groups is three levels, including the first.
  4. Each filtering condition can have the following parameters:
    • field (required)—Object field name from the table of fields of the specific object type, in the camelCase format. Specify subparameters after a colon. For example, to specify an IP address of a source field, use "source:ipAddress".
    • condition (optional)—Filtering condition for the field value. Supported values:
      • "="—Equals. This value is also used if this parameter is not defined.
      • "<>"—Does not equal.
      • ">"—Field value is larger than the value in the value array. Use only for numeric and time values.
      • ">="—Field value is larger than or equals to the value in the value array. Use only for numeric and time values.
      • "<"—Field value is less than the value in a value array. Use only for numeric and time values.
      • "<="—Field value is less than or equals to the value in a value array. Use only for numeric and time values.
      • "IsEmpty"—Field value is empty. The value in the value array is ignored.
      • "IsOneOf"—Field value is empty or equals to one of the values in the value array. The value array contains an array of possible values.
    • value—Value or values with which the field is compared.
      • Specify elements of enums as strings in the English locale without spaces, special characters, or brackets. For example, "DPI", "Warning", "EngineeringWorkstation".
      • Specify dates in the ISO 8601 format with full indication of all parts of the date and time. For example, "2020-10-25T17:32:25.707Z".
    • operator—Logical operator that combines conditions and condition groups at a specific level. The operator in the first top-level condition is ignored. The operator in the first condition in a group is considered to be the operator of this group. Supported values:
      • "and"—Condition is added with the AND operator. This operator is also used if the parameter is not defined.
      • "or"—Condition is added with the OR operator.
    • Parameter values and all comparisons are not case sensitive.
    • If an unsupported parameter value is defined, the "Incorrect parameters" error is returned with the name and value of the parameter.

Example of a simple condition with the AND operator.

                    "field": "propName3",
                    "condition": "isOneOf",
                    "value": ["DPI", "NIC", "CC"],
                    "field": "propName4",
                    "condition": ">=",
                    "value": "2020-10-27T17:32:25.806Z"

Example of a set of conditions with a nested condition group. The conditions in the group are combined with the OR operator, while the top-level conditions are combined with the AND operator.

                        "field": "propName1",
                        "condition": ">=",
                        "value": 10
                        "field": "propName1",
                        "value": 1,
                        "operator": "or"
                    "field": "propName3",
                    "condition": "isOneOf",
                    "value": ["DPI", "NIC", "CC"]
                    "field": "propName4",
                    "condition": ">=",
                    "value": "2020-10-27T17:32:25.806Z"
Array of objects (ColumnOrderDto) Nullable

Sorting parameters. A list of columns that can be sorted depends on the type of requested data. A full list is provided in the description of the corresponding paging method.

integer <int32> [ 0 .. 2147483647 ] Nullable

Zero-based index of the item in the full list from which the sorting must begin. If no offset is specified, the sorting results start at the beginning of the full list.

integer <int32> [ 0 .. 1000 ] Nullable

Maximum number of items in the results. If no limit is specified, the method returns all data beginning from the offset.


Request samples

Content type
  • "filter": [
  • "sort": [
  • "offset": 200,
  • "limit": 100

Response samples

Content type

Querying traffic for a single event

You can get a PCAP file with traffic associated with a single event.

path Parameters
integer <int64> >= 1

ID of the requested event.



Response samples

Content type


Event type is a defined set of parameters for registering events in Kaspersky Industrial CyberSecurity for Networks. A unique number (event type code) is assigned to each event type. You can get event types from Kaspersky Industrial CyberSecurity for Networks using the event types API methods.

Getting a list of event types

path Parameters


Response samples

Content type
  • {
  • {

Getting one event type

path Parameters
integer <int64> >= 1

Event type ID.



Response samples

Content type
  • "eventTypeId": 1,
  • "title": "Incident",
  • "description": "A sequence of events corresponding to the incident was detected.",
  • "severity": "Critical",
  • "technology": "External",
  • "eventRegenerateTimeout": 3000,
  • "trafficKeeping": {


Information about a license key.

You can get information about the added license key using the license key API methods.

Getting information about the added license key

path Parameters


Response samples

Content type
  • "localization": "en",
  • "serialNumber": {
  • "productName": "Kaspersky Industrial CyberSecurity for Networks Standard Server, Limited Updates International Edition. 1 - Server 1 year NFR License: KICS for Networks",
  • "licenseInstallationDate": "2020-12-31T00:00:00",
  • "licenseExpirationDate": "2019-12-18T00:00:00",
  • "licenseCreationDate": "2020-01-01T00:00:00",
  • "licenseStatus": "Active",
  • "daysTillLicenseExpire": 41


Monitoring points are used for receiving and processing industrial network traffic in Kaspersky Industrial CyberSecurity for Networks.

You can get monitoring points from Kaspersky Industrial CyberSecurity for Networks using monitoring-points API methods.

Querying a dictionary with monitoring points

path Parameters


Response samples

Content type
  • {

Querying a single monitoring point

path Parameters
integer <int64> >= 1

ID of the queried monitoring point.



Response samples

Content type
  • "mpId": 12345,
  • "name": "MonitoringPoint1",
  • "nicId": "nic1",
  • "hostId": "sensor1",
  • "enabled": true,
  • "createdTime": "2020-10-27T17:32:25Z",
  • "deletedTime": "2020-10-27T17:32:25Z"


Kaspersky Industrial CyberSecurity for Networks uses several dictionaries, including a dictionary of protocols.

You can get protocols from Kaspersky Industrial CyberSecurity for Networks using protocol-stacks API methods.

Querying a dictionary with protocol stacks

path Parameters


Response samples

Content type
  • {

Querying a single protocol stack

path Parameters
integer <int64> >= 1

ID of the queried protocol stack.



Response samples

Content type
  • "protocolStackId": 12345,
  • "name": "ModbusTcp",
  • "protocolStackName": "TCP/ModbusTcp",
  • "parentId": 5001,
  • "etherType": 123,
  • "ipType": 345,
  • "customType": "345",
  • "isIndustrial": true,
  • "isActive": true


Kaspersky Industrial CyberSecurity for Networks provides capability for a recipient system to query data on general settings. You can get server settings from Kaspersky Industrial CyberSecurity for Networks using the server settings API methods.

Querying information about the locale used by the application

path Parameters


Response samples

Content type
  • "localization": "ru"


Tags are values that describe parameters of an industrial process. For example, a manufacturing process involving a thermal oxidizer can have temperature, residence time, and turbulence among many other tags.

You can get tags from Kaspersky Industrial CyberSecurity for Networks using the tags API methods.

Querying several tags

You can get several tags starting from a certain offset, not including the tag with the specified offset. You can specify filtering and paging options for the tags. By default, tags are not sorted. Use the sort property from argument to specify sorting order.

You can use the following fields for filtering:

  • assetName
  • assetId
  • assetAddress
  • group
  • assetProtocolId
  • protocol
  • protocolStackId
  • name
  • id
  • favourite
  • measureUnit
  • origin

You can use the following fields for sorting:

  • id
path Parameters
Request Body schema:

Query argument. Specify the argument to define parameters for filtering and sorting, such as an offset and a maximum number of tags in the returned results.

object Nullable

Filtering parameters. To define a filter, pass an array of filtering conditions to the filter object:

  1. Each item in the array indicates a name of the field to be used for filtering and filtering conditions.
  2. If no filtering conditions are defined (there is no object filtering array or it is empty), all objects of the specified type are returned.
  3. To configure filtering, define a filter object containing an array of conditions. Each item in the array can be a condition or a group of conditions in the form of an array. The maximum nesting of groups is three levels, including the first.
  4. Each filtering condition can have the following parameters:
    • field (required)—Object field name from the table of fields of the specific object type, in the camelCase format. Specify subparameters after a colon. For example, to specify an IP address of a source field, use "source:ipAddress".
    • condition (optional)—Filtering condition for the field value. Supported values:
      • "="—Equals. This value is also used if this parameter is not defined.
      • "<>"—Does not equal.
      • ">"—Field value is larger than the value in the value array. Use only for numeric and time values.
      • ">="—Field value is larger than or equals to the value in the value array. Use only for numeric and time values.
      • "<"—Field value is less than the value in a value array. Use only for numeric and time values.
      • "<="—Field value is less than or equals to the value in a value array. Use only for numeric and time values.
      • "IsEmpty"—Field value is empty. The value in the value array is ignored.
      • "IsOneOf"—Field value is empty or equals to one of the values in the value array. The value array contains an array of possible values.
    • value—Value or values with which the field is compared.
      • Specify elements of enums as strings in the English locale without spaces, special characters, or brackets. For example, "DPI", "Warning", "EngineeringWorkstation".
      • Specify dates in the ISO 8601 format with full indication of all parts of the date and time. For example, "2020-10-25T17:32:25.707Z".
    • operator—Logical operator that combines conditions and condition groups at a specific level. The operator in the first top-level condition is ignored. The operator in the first condition in a group is considered to be the operator of this group. Supported values:
      • "and"—Condition is added with the AND operator. This operator is also used if the parameter is not defined.
      • "or"—Condition is added with the OR operator.
    • Parameter values and all comparisons are not case sensitive.
    • If an unsupported parameter value is defined, the "Incorrect parameters" error is returned with the name and value of the parameter.

Example of a simple condition with the AND operator.

                    "field": "propName3",
                    "condition": "isOneOf",
                    "value": ["DPI", "NIC", "CC"],
                    "field": "propName4",
                    "condition": ">=",
                    "value": "2020-10-27T17:32:25.806Z"

Example of a set of conditions with a nested condition group. The conditions in the group are combined with the OR operator, while the top-level conditions are combined with the AND operator.

                        "field": "propName1",
                        "condition": ">=",
                        "value": 10
                        "field": "propName1",
                        "value": 1,
                        "operator": "or"
                    "field": "propName3",
                    "condition": "isOneOf",
                    "value": ["DPI", "NIC", "CC"]
                    "field": "propName4",
                    "condition": ">=",
                    "value": "2020-10-27T17:32:25.806Z"
Array of objects (ColumnOrderDto) Nullable

Sorting parameters. A list of columns that can be sorted depends on the type of requested data. A full list is provided in the description of the corresponding paging method.

integer <int32> [ 0 .. 2147483647 ] Nullable

Zero-based index of the item in the full list from which the sorting must begin. If no offset is specified, the sorting results start at the beginning of the full list.

integer <int32> [ 0 .. 1000 ] Nullable

Maximum number of items in the results. If no limit is specified, the method returns all data beginning from the offset.


Request samples

Content type
  • "filter": [
  • "sort": [
  • "offset": 200,
  • "limit": 100

Response samples

Content type
  • "offset": 200,
  • "limit": 100,
  • "values": [

Querying a single tag

path Parameters
integer <int64> >= 1

ID of the requested event.



Response samples

Content type
  • "assetId": 2345,
  • "assetName": "Schneider Electric Modicon Momentum",
  • "assetAddress": "",
  • "assetGroup": "Group 1",
  • "protocol": "Modbus TCP",
  • "protocolStackId": 2,
  • "assetProtocolId": 1,
  • "name": "Tag",
  • "id": 1,
  • "favourite": true,
  • "measureUnit": "kgs/cm2",
  • "description": "Tag Description",
  • "address": "{\"area\": \"HoldingRegisters\", \"address\": \"123\"}",
  • "origin": "User",
  • "scaling": {
  • "operativeParameters": "{\"d\":{\"type\":{\"n\":\"ValueType\",\"s\":\"Float\",\"t\":\"e\",\"v\":1},\"value\":{\"t\":\"d\",\"v\":0.14147095680236816,\"x\":1}},\"n\":\"Float\"}",
  • "registrationTimestamp": "2024-09-12T10:16:52.3903517+00:00",
  • "timeSinceLastTagReadMs": 1000,
  • "timeSinceLastTagWriteMs": 5000,
  • "tagDataType": "Int16"


Information about the state of technologies.

You can get information about the state of technologies using the technologies API methods.

Getting information about the state of technologies

path Parameters


Response samples

Content type
  • {
  • {
  • {


Kaspersky Industrial CyberSecurity for Networks can detect vulnerabilities of devices. Kaspersky Industrial CyberSecurity for Networks identifies a vulnerability in an asset/device if the specific device is linked to a specific CVE record. One asset can have multiple vulnerabilities.

You can get vulnerabilities from Kaspersky Industrial CyberSecurity for Networks using the vulnerabilities API methods.

Querying several vulnerability entries

You can get a specified number of vulnerability entries starting from a certain offset, not including the entry with the specified offset. You can specify filtering and paging options for the vulnerability entries. By default, vulnerability entries are not sorted. Use the sort property from argument to specify sorting order.

You can use the following fields for filtering:

  • cveId
  • cvsScore
  • state
  • assetGroup
  • assetName
  • assetAddress
  • firstDetected
  • lastDetected
  • published
  • attackConditions
  • impact
  • vector
  • cveSource

You can use the following fields for sorting:

  • assetVulnerabilityId
path Parameters
Request Body schema:

Query argument. Specify the argument to define the parameters for filtering and sorting, such as an offset and a maximum number of vulnerability entries in the returned results.

object Nullable

Filtering parameters. To define a filter, pass an array of filtering conditions to the filter object:

  1. Each item in the array indicates a name of the field to be used for filtering and filtering conditions.
  2. If no filtering conditions are defined (there is no object filtering array or it is empty), all objects of the specified type are returned.
  3. To configure filtering, define a filter object containing an array of conditions. Each item in the array can be a condition or a group of conditions in the form of an array. The maximum nesting of groups is three levels, including the first.
  4. Each filtering condition can have the following parameters:
    • field (required)—Object field name from the table of fields of the specific object type, in the camelCase format. Specify subparameters after a colon. For example, to specify an IP address of a source field, use "source:ipAddress".
    • condition (optional)—Filtering condition for the field value. Supported values:
      • "="—Equals. This value is also used if this parameter is not defined.
      • "<>"—Does not equal.
      • ">"—Field value is larger than the value in the value array. Use only for numeric and time values.
      • ">="—Field value is larger than or equals to the value in the value array. Use only for numeric and time values.
      • "<"—Field value is less than the value in a value array. Use only for numeric and time values.
      • "<="—Field value is less than or equals to the value in a value array. Use only for numeric and time values.
      • "IsEmpty"—Field value is empty. The value in the value array is ignored.
      • "IsOneOf"—Field value is empty or equals to one of the values in the value array. The value array contains an array of possible values.
    • value—Value or values with which the field is compared.
      • Specify elements of enums as strings in the English locale without spaces, special characters, or brackets. For example, "DPI", "Warning", "EngineeringWorkstation".
      • Specify dates in the ISO 8601 format with full indication of all parts of the date and time. For example, "2020-10-25T17:32:25.707Z".
    • operator—Logical operator that combines conditions and condition groups at a specific level. The operator in the first top-level condition is ignored. The operator in the first condition in a group is considered to be the operator of this group. Supported values:
      • "and"—Condition is added with the AND operator. This operator is also used if the parameter is not defined.
      • "or"—Condition is added with the OR operator.
    • Parameter values and all comparisons are not case sensitive.
    • If an unsupported parameter value is defined, the "Incorrect parameters" error is returned with the name and value of the parameter.

Example of a simple condition with the AND operator.

                    "field": "propName3",
                    "condition": "isOneOf",
                    "value": ["DPI", "NIC", "CC"],
                    "field": "propName4",
                    "condition": ">=",
                    "value": "2020-10-27T17:32:25.806Z"

Example of a set of conditions with a nested condition group. The conditions in the group are combined with the OR operator, while the top-level conditions are combined with the AND operator.

                        "field": "propName1",
                        "condition": ">=",
                        "value": 10
                        "field": "propName1",
                        "value": 1,
                        "operator": "or"
                    "field": "propName3",
                    "condition": "isOneOf",
                    "value": ["DPI", "NIC", "CC"]
                    "field": "propName4",
                    "condition": ">=",
                    "value": "2020-10-27T17:32:25.806Z"
Array of objects (ColumnOrderDto) Nullable

Sorting parameters. A list of columns that can be sorted depends on the type of requested data. A full list is provided in the description of the corresponding paging method.

integer <int32> [ 0 .. 2147483647 ] Nullable

Zero-based index of the item in the full list from which the sorting must begin. If no offset is specified, the sorting results start at the beginning of the full list.

integer <int32> [ 0 .. 1000 ] Nullable

Maximum number of items in the results. If no limit is specified, the method returns all data beginning from the offset.


Request samples

Content type
  • "filter": [
  • "sort": [
  • "offset": 200,
  • "limit": 100

Response samples

Content type
  • "offset": 200,
  • "limit": 100,
  • "values": [

Querying a single vulnerability

path Parameters
integer <int64> >= 1

ID of the queried vulnerability.



Response samples

Content type
  • "assetVulnerabilityId": 12345,
  • "cveId": "CVE-2020-1234",
  • "cvsScore": 5.9,
  • "state": "Active",
  • "description": "Very long description text",
  • "assetGroup": "Group / Subgroup",
  • "assetName": "Asset 1",
  • "assetAddress": "",
  • "assetId": 5678,
  • "firstDetected": "2020-10-27T17:32:25Z",
  • "lastDetected": "2020-10-27T17:32:25Z",
  • "published": "2020-10-27T17:32:25Z",
  • "attackConditions": "Attack conditions text",
  • "impact": "Some impact",
  • "vector": "Vector text",
  • "cveSource": "NVD",
  • "mitigations": [
  • "references": [
  • "cveEvents": [
  • "matchedCpes": [
  • "events": [
  • "otherAssets": [
© 2024 AO Kaspersky Lab