Download OpenAPI specification:Download
Public API for external connectors
All API methods must include an access token to authenticate and authorize calls in a request header. Specifying an access token in a URI is not supported. Not specifying an access token in these cases results in a returned 401 error code.
Security Scheme Type | HTTP |
---|---|
HTTP Authorization Scheme | bearer |
Bearer format | "JWT" |
Product information includes Kaspersky Industrial CyberSecurity for Networks release version and a list of installed components and their versions.
You can get product version and component information from Kaspersky Industrial CyberSecurity for Networks using the about API methods.
Kaspersky Industrial CyberSecurity for Networks allows a recipient system to query information about a single address space or several address spaces.
You can get several address spaces starting from a certain offset, not including an address spaces with the specified offset.
You can specify filtering and paging options for the address spaces.
By default, address spaces are not sorted. Use the sort
property from argument to specify sorting order.
You can use the following fields for filtering:
You can use the following fields for sorting:
version required | string |
Query argument. Specify the argument to define parameters for filtering and sorting, such as an offset and a maximum number of address spaces in the returned results.
filter | object Nullable Filtering parameters.
Example of a simple condition with the AND operator. { "query": { ... "filter": [ { "field": "propName3", "condition": "isOneOf", "value": ["DPI", "NIC", "CC"], }, { "field": "propName4", "condition": ">=", "value": "2020-10-27T17:32:25.806Z" } ] } } Example of a set of conditions with a nested condition group. The conditions in the group are combined with the OR operator, while the top-level conditions are combined with the AND operator. { "query": { ... "filter": [ [ { "field": "propName1", "condition": ">=", "value": 10 }, { "field": "propName1", "value": 1, "operator": "or" } ], { "field": "propName3", "condition": "isOneOf", "value": ["DPI", "NIC", "CC"] }, { "field": "propName4", "condition": ">=", "value": "2020-10-27T17:32:25.806Z" } ] } } |
Array of objects (ColumnOrderDto) Nullable Sorting parameters.
| |
offset | integer <int32> [ 0 .. 2147483647 ] Nullable Zero-based index of the item in the full list from which the sorting must begin.
|
limit | integer <int32> [ 0 .. 1000 ] Nullable Maximum number of items in the results.
|
{- "filter": [
- {
- "field": "Id",
- "condition": ">",
- "value": 12370
}, - {
- "field": "ReadOnly",
- "condition": "=",
- "value": false
}
], - "sort": [
- {
- "column": "Id",
- "direction": "Asc",
- "nullsBehaviour": null
}
], - "offset": 200,
- "limit": 100
}
{- "offset": 200,
- "limit": 100,
- "values": [
- {
- "id": 123456,
- "name": "AddressSpace1",
- "description": "AddressSpace1 description",
- "readOnly": false,
- "rules": [
- {
- "id": 2323,
- "description": "AddressSpaceRule description",
- "vlanType": "SpecificVlans",
- "subnetType": "L2AndL3",
- "trafficSource": "MonitoringPoints",
- "subnets": [
- {
- "from": "192.168.0.1",
- "to": "192.168.0.100"
}, - {
- "from": "10.16.0.0/16",
- "to": null
}
], - "vlans": [
- {
- "from": 1,
- "to": 10
}
], - "monitoringPoints": [
- {
- "id": 1
}
], - "eppProxyNodes": null,
- "activePollingConnectors": null
}
]
}
]
}
id required | integer <int64> >= 0 ID of the requested address space. |
version required | string |
{- "id": 123456,
- "name": "string",
- "description": "string",
- "readOnly": true,
- "rules": [
- {
- "id": 123456,
- "description": "string",
- "vlanType": "AnyVlanOrNoVlanTagged",
- "subnetType": "L2Only",
- "trafficSource": "MonitoringPoints",
- "subnets": [
- {
- "from": "string",
- "to": "string"
}
], - "vlans": [
- {
- "from": 0,
- "to": 0
}
], - "monitoringPoints": [
- {
- "id": 123456
}
], - "eppProxyNodes": [
- {
- "eppProxyId": 0
}
], - "activePollingConnectors": [
- {
- "id": 0
}
]
}
]
}
Allowing rules can be of the following types:
id required | integer <int64> >= 1 ID of the requested allowing rule. |
version required | string |
{- "commands": "ADD; CHECKPOINT LOAD; CHECKPOINT LOAD FINISH; CHECKPOINT LOAD INIT - RESPONSE; CHECKPOINT LOAD STOP",
- "protocols": "Foxboro FCP280/FCP270 - device interaction",
- "isDpiDetectable": false,
- "addressType": "Ip",
- "timestampCreated": "2020-10-26T10:15:06",
- "timestampModified": "2020-10-26T11:15:06",
- "monitoringPoint": "",
- "monitoringPointTimestampDeleted": null,
- "id": 12369,
- "isActive": true,
- "ruleType": "Nic",
- "side1": {
- "macAddressRanges": [
- {
- "from": "ff:ff:ff:ff:ff:ff",
- "to": "ff:ff:ff:ff:ff:ff"
}
], - "ipAddressRanges": [
- {
- "from": "1.1.1.1",
- "to": "1.1.1.10"
}
], - "portAddressRanges": [
- {
- "from": 8000,
- "to": 8080
}
], - "ipAddressSpaceIds": [
- 123,
- 567,
- 892
], - "macAddressSpaceIds": [
- 233,
- 577
]
}, - "side2": {
- "macAddressRanges": [
- {
- "from": "00:50:56:ac:b5:32",
- "to": "00:50:56:ac:b5:45"
}
], - "ipAddressRanges": [
- {
- "from": "1.1.1.1",
- "to": "1.1.1.10"
}, - {
- "from": "1.1.12.1",
- "to": "1.1.12.10"
}
], - "portAddressRanges": [ ],
- "ipAddressSpaceIds": [
- 0
], - "macAddressSpaceIds": [
- 0
]
}, - "comment": "",
- "isAutoGenerated": true,
- "eventType": "",
- "eventTypeId": 0,
- "triggeredRule": ""
}
You can edit allowing rule data in Kaspersky Industrial CyberSecurity for Networks using this API.
id required | integer <int64> >= 1 ID of the allowing rule that you want to edit. |
version required | string |
You can edit the following parameters of the allowing rule:
isActive required | boolean Activity state of the allowing rule. |
{- "isActive": true
}
You can get several allowing rules starting from a certain offset, not including the rules with the specified offset.
You can specify filtering and paging options for the rules.
By default, allowing rules are not sorted. Use the sort
property from argument to specify sorting order.
You can use the following fields for filtering:
You can use the following fields for sorting:
version required | string |
Query argument. Specify the argument to define the parameters for filtering and sorting, such as an offset and a maximum number of allowing rules in the returned results.
filter | object Nullable Filtering parameters.
Example of a simple condition with the AND operator. { "query": { ... "filter": [ { "field": "propName3", "condition": "isOneOf", "value": ["DPI", "NIC", "CC"], }, { "field": "propName4", "condition": ">=", "value": "2020-10-27T17:32:25.806Z" } ] } } Example of a set of conditions with a nested condition group. The conditions in the group are combined with the OR operator, while the top-level conditions are combined with the AND operator. { "query": { ... "filter": [ [ { "field": "propName1", "condition": ">=", "value": 10 }, { "field": "propName1", "value": 1, "operator": "or" } ], { "field": "propName3", "condition": "isOneOf", "value": ["DPI", "NIC", "CC"] }, { "field": "propName4", "condition": ">=", "value": "2020-10-27T17:32:25.806Z" } ] } } |
Array of objects (ColumnOrderDto) Nullable Sorting parameters.
| |
offset | integer <int32> [ 0 .. 2147483647 ] Nullable Zero-based index of the item in the full list from which the sorting must begin.
|
limit | integer <int32> [ 0 .. 1000 ] Nullable Maximum number of items in the results.
|
{- "filter": [
- {
- "field": "Id",
- "condition": ">",
- "value": 12370
}, - {
- "field": "EventType",
- "condition": "=",
- "value": "Nic"
}
], - "sort": [
- {
- "column": "Id",
- "direction": "Asc",
- "nullsBehaviour": null
}
], - "offset": 200,
- "limit": 100
}
{- "offset": 200,
- "limit": 100,
- "values": [
- {
- "commands": "ADD; CHECKPOINT LOAD; CHECKPOINT LOAD FINISH; CHECKPOINT LOAD INIT - RESPONSE; CHECKPOINT LOAD STOP",
- "protocols": "Foxboro FCP280/FCP270 - device interaction",
- "isDpiDetectable": false,
- "addressType": "Ip",
- "timestampCreated": "2020-10-26T10:15:06",
- "timestampModified": "2020-10-26T11:15:06",
- "monitoringPoint": "",
- "monitoringPointTimestampDeleted": null,
- "id": 12371,
- "isActive": true,
- "ruleType": "Nic",
- "side1": {
- "macAddressRanges": [
- {
- "from": "ff:ff:ff:ff:ff:ff",
- "to": "ff:ff:ff:ff:ff:ff"
}
], - "ipAddressRanges": [
- {
- "from": "1.1.1.1",
- "to": "1.1.1.10"
}
], - "portAddressRanges": [
- {
- "from": 8000,
- "to": 8080
}
], - "ipAddressSpaceIds": [
- 123,
- 567,
- 892
], - "macAddressSpaceIds": [
- 233,
- 577
]
}, - "side2": {
- "macAddressRanges": [
- {
- "from": "00:50:56:ac:b5:32",
- "to": "00:50:56:ac:b5:45"
}
], - "ipAddressRanges": [
- {
- "from": "1.1.1.1",
- "to": "1.1.1.10"
}, - {
- "from": "1.1.12.1",
- "to": "1.1.12.10"
}
], - "portAddressRanges": [ ],
- "ipAddressSpaceIds": [
- 0
], - "macAddressSpaceIds": [
- 0
]
}, - "comment": "",
- "isAutoGenerated": true,
- "eventType": "",
- "eventTypeId": 0,
- "triggeredRule": ""
}
]
}
An application message log stores information about errors in application operation and errors in operations performed by system processes of Kaspersky Industrial CyberSecurity for Networks.
You can get application messages from Kaspersky Industrial CyberSecurity for Networks using the application messages API methods.
You can get several application messages starting from a certain offset, not including the application message with the specified offset.
You can specify filtering and paging options for the application messages.
By default, application messages are not sorted. Use the sort
property from argument to specify sorting order.
You can use the following fields for filtering:
You can use the following fields for sorting:
version required | string |
Query argument. Specify the argument to define the parameters for filtering and sorting, such as an offset and a maximum number of application messages in the returned results.
filter | object Nullable Filtering parameters.
Example of a simple condition with the AND operator. { "query": { ... "filter": [ { "field": "propName3", "condition": "isOneOf", "value": ["DPI", "NIC", "CC"], }, { "field": "propName4", "condition": ">=", "value": "2020-10-27T17:32:25.806Z" } ] } } Example of a set of conditions with a nested condition group. The conditions in the group are combined with the OR operator, while the top-level conditions are combined with the AND operator. { "query": { ... "filter": [ [ { "field": "propName1", "condition": ">=", "value": 10 }, { "field": "propName1", "value": 1, "operator": "or" } ], { "field": "propName3", "condition": "isOneOf", "value": ["DPI", "NIC", "CC"] }, { "field": "propName4", "condition": ">=", "value": "2020-10-27T17:32:25.806Z" } ] } } |
Array of objects (ColumnOrderDto) Nullable Sorting parameters.
| |
offset | integer <int32> [ 0 .. 2147483647 ] Nullable Zero-based index of the item in the full list from which the sorting must begin.
|
limit | integer <int32> [ 0 .. 1000 ] Nullable Maximum number of items in the results.
|
{- "filter": [
- {
- "field": "Id",
- "condition": ">",
- "value": 12370
}, - {
- "field": "Status",
- "condition": "=",
- "value": "CriticalMalfunction"
}
], - "sort": [
- {
- "column": "Id",
- "direction": "Asc",
- "nullsBehaviour": null
}
], - "offset": 200,
- "limit": 100
}
{- "offset": 200,
- "limit": 100,
- "values": [
- {
- "id": 12345,
- "date": "2020-10-27T17:32:25Z",
- "status": "CriticalMalfunction",
- "node": "Server1",
- "systemProcess": "Filter",
- "descriptionId": 2324,
- "description": "Something happened"
}
]
}
Kaspersky Industrial CyberSecurity for Networks can save information about actions that users performed in the application.
Information is saved in the audit log if user activity audit is enabled.
You can get audit entries from Kaspersky Industrial CyberSecurity for Networks using the audit messages API methods.
You can get a specified number of audit entries starting from a certain offset, not including the audit entry with the specified offset.
You can specify filtering and paging options for the audit entries.
By default, audit entries are not sorted. Use the sort
property from argument to specify sorting order.
You can use the following fields for filtering:
You can use the following fields for sorting:
version required | string |
Query argument. Specify the argument to define the parameters for filtering and sorting, such as an offset and a maximum number of audit entries in the returned results.
filter | object Nullable Filtering parameters.
Example of a simple condition with the AND operator. { "query": { ... "filter": [ { "field": "propName3", "condition": "isOneOf", "value": ["DPI", "NIC", "CC"], }, { "field": "propName4", "condition": ">=", "value": "2020-10-27T17:32:25.806Z" } ] } } Example of a set of conditions with a nested condition group. The conditions in the group are combined with the OR operator, while the top-level conditions are combined with the AND operator. { "query": { ... "filter": [ [ { "field": "propName1", "condition": ">=", "value": 10 }, { "field": "propName1", "value": 1, "operator": "or" } ], { "field": "propName3", "condition": "isOneOf", "value": ["DPI", "NIC", "CC"] }, { "field": "propName4", "condition": ">=", "value": "2020-10-27T17:32:25.806Z" } ] } } |
Array of objects (ColumnOrderDto) Nullable Sorting parameters.
| |
offset | integer <int32> [ 0 .. 2147483647 ] Nullable Zero-based index of the item in the full list from which the sorting must begin.
|
limit | integer <int32> [ 0 .. 1000 ] Nullable Maximum number of items in the results.
|
{- "filter": [
- {
- "field": "Id",
- "condition": ">",
- "value": 12370
}, - {
- "field": "Result",
- "condition": "=",
- "value": "Success"
}
], - "sort": [
- {
- "column": "Id",
- "direction": "Asc",
- "nullsBehaviour": null
}
], - "offset": 200,
- "limit": 100
}
{- "offset": 200,
- "limit": 100,
- "values": [
- {
- "id": 12335,
- "date": "2020-10-27T17:32:25Z",
- "node": "Server1",
- "user": "Adam",
- "action": "Some user action",
- "result": "Success",
- "description": "Very long description text"
}
]
}
Kaspersky Industrial CyberSecurity for Networks provides a capability for a connector to query its configuration.
You can get connector configuration information from Kaspersky Industrial CyberSecurity for Networks using the configuration API methods.
{- "config": "- type: string\n name: address\n default: yes\n max_len: 1024\n- type: uint\n name: portNumber\n range: {from: 0, to: 65535}\n default: yes\n default_value: 0\n- type: string\n name: transportProtocol\n loc: yes\n values: [TCP, UDP]\n default: yes",
- "eventTypesToSend": [
- 3
], - "forwardAppMessages": true,
- "forwardAuditMessages": false
}
Applications on devices that are connected to the industrial network. Kaspersky Industrial CyberSecurity for Networks monitors their activity and updates information about them. It allows an administrator to make security-related decisions.
If an application was detected on a device, you can add this information to Kaspersky Industrial CyberSecurity for Networks.
version required | string |
Parameters of the request for registering applications detected on devices.
required | Array of objects (DetectedDeviceApplicationsItem) Array of elements, each of which contains a device ID and information about applications detected on this device. |
{- "elements": [
- {
- "deviceId": 1,
- "apps": [
- {
- "name": "Application",
- "vendor": null,
- "version": null,
- "installedOn": "2024-09-12T12:16:54.8732202Z",
- "size": 10000,
- "description": "Some description"
}
]
}, - {
- "deviceId": 2,
- "apps": [
- {
- "name": "AnotherApplication",
- "vendor": "TestVendor",
- "version": null,
- "installedOn": "2024-09-12T12:16:54.8732209Z",
- "size": 10000,
- "description": "Some description"
}, - {
- "name": "App",
- "vendor": "Unknown",
- "version": "0.0.1",
- "installedOn": "2024-09-12T12:16:54.873221Z",
- "size": 10000,
- "description": "Some description"
}
]
}
]
}
version required | string |
filter | object Nullable Filtering parameters.
Example of a simple condition with the AND operator. { "query": { ... "filter": [ { "field": "propName3", "condition": "isOneOf", "value": ["DPI", "NIC", "CC"], }, { "field": "propName4", "condition": ">=", "value": "2020-10-27T17:32:25.806Z" } ] } } Example of a set of conditions with a nested condition group. The conditions in the group are combined with the OR operator, while the top-level conditions are combined with the AND operator. { "query": { ... "filter": [ [ { "field": "propName1", "condition": ">=", "value": 10 }, { "field": "propName1", "value": 1, "operator": "or" } ], { "field": "propName3", "condition": "isOneOf", "value": ["DPI", "NIC", "CC"] }, { "field": "propName4", "condition": ">=", "value": "2020-10-27T17:32:25.806Z" } ] } } |
Array of objects (ColumnOrderDto) Nullable Sorting parameters.
| |
offset | integer <int32> [ 0 .. 2147483647 ] Nullable Zero-based index of the item in the full list from which the sorting must begin.
|
limit | integer <int32> [ 0 .. 1000 ] Nullable Maximum number of items in the results.
|
{- "filter": [
- {
- "field": "Id",
- "condition": ">",
- "value": 1
}
], - "sort": [
- {
- "column": "Id",
- "direction": "Asc",
- "nullsBehaviour": null
}
], - "offset": 100,
- "limit": 200
}
{- "total": 203,
- "offset": 200,
- "limit": 100,
- "values": [
- {
- "id": 1,
- "name": "My App 1",
- "vendor": "Miroksoft",
- "version": "1.0.0",
- "device": {
- "id": 1001,
- "name": "My App 1Desktop"
}, - "source": "PublicAPI",
- "installedOn": null,
- "size": null,
- "lastSeen": "2024-11-10T00:00:01Z",
- "description": null
}, - {
- "id": 2,
- "name": "My App 2",
- "vendor": "Grapes",
- "version": "1.0.0",
- "device": {
- "id": 1002,
- "name": "My App 2Desktop"
}, - "source": "PublicAPI",
- "installedOn": null,
- "size": null,
- "lastSeen": "2024-11-10T00:00:01Z",
- "description": null
}, - {
- "id": 3,
- "name": "New App",
- "vendor": "Miroksoft",
- "version": "1.0.0",
- "device": {
- "id": 1003,
- "name": "New AppDesktop"
}, - "source": "PublicAPI",
- "installedOn": null,
- "size": null,
- "lastSeen": "2024-11-10T00:00:01Z",
- "description": null
}
]
}
id required | integer <int64> >= 1 ID of the requested application. |
version required | string |
{- "id": 1,
- "name": "My App 1",
- "vendor": "Miroksoft",
- "version": "1.0.0",
- "device": {
- "id": 1001,
- "name": "My App 1Desktop"
}, - "source": "PublicAPI",
- "installedOn": null,
- "size": null,
- "lastSeen": "2024-11-10T00:00:01Z",
- "description": null
}
Executable files on devices that are connected to the industrial network. Kaspersky Industrial CyberSecurity for Networks monitors their activity and updates information about them. It allows an administrator to make security-related decisions.
If an executable file was detected on a device, you can add this information to Kaspersky Industrial CyberSecurity for Networks.
version required | string |
Request parameters for passing an array of executable files detected on devices.
Array of objects (DetectedDeviceExecutableFile) Nullable The list of executable files on the device. |
{- "executableFiles": [
- {
- "deviceId": 1,
- "imagePath": "C:\\Program Files\\Vendor\\Product\\App\\main.exe",
- "md5": "2c3f91bb4c0994a7b36ed0b6b14ec9c7",
- "sha256": "56afe5133fdc5806ec6b19436f7b55f1499cfc94619740c171424fbcf7808fd3",
- "productName": "Product",
- "productVersion": "v1.0",
- "productVendor": "Vendor",
- "fileSize": 1024,
- "fileAttributes": "Readonly, Hidden, Compressed",
- "createdTime": "2024-01-01T00:00:00Z",
- "lastModifiedTime": "2024-01-01T00:00:00Z",
- "signatureCheckResult": true,
- "description": "Executable file description"
}
]
}
Patches on devices that are connected to the industrial network. Kaspersky Industrial CyberSecurity for Networks monitors their activity and updates information about them. It allows an administrator to make security-related decisions.
If an application patch was detected on a device, you can add this information to Kaspersky Industrial CyberSecurity for Networks.
version required | string |
Parameters of the request for registering patches detected on devices.
required | Array of objects (DetectedDevicePatchesItem) Array of elements, each of which contains a device ID and information about application patches detected on this device. |
{- "elements": [
- {
- "deviceId": 1,
- "patches": [
- {
- "name": "Patch",
- "program": "Application",
- "vendor": "SomeVendor",
- "version": "1.0.0",
- "installedOn": "2024-09-12T12:16:54.9774925Z",
- "description": "Some description"
}
]
}, - {
- "deviceId": 2,
- "patches": [
- {
- "name": "AnotherPatch",
- "program": "Application",
- "vendor": "TestVendor",
- "version": "1.0.0",
- "installedOn": "2024-09-12T12:16:54.9775002Z",
- "description": "Some description"
}, - {
- "name": "AppPatch",
- "program": "App",
- "vendor": "Unknown",
- "version": "0.0.1",
- "installedOn": "2024-09-12T12:16:54.9775003Z",
- "description": "Some description"
}
]
}
]
}
version required | string |
filter | object Nullable Filtering parameters.
Example of a simple condition with the AND operator. { "query": { ... "filter": [ { "field": "propName3", "condition": "isOneOf", "value": ["DPI", "NIC", "CC"], }, { "field": "propName4", "condition": ">=", "value": "2020-10-27T17:32:25.806Z" } ] } } Example of a set of conditions with a nested condition group. The conditions in the group are combined with the OR operator, while the top-level conditions are combined with the AND operator. { "query": { ... "filter": [ [ { "field": "propName1", "condition": ">=", "value": 10 }, { "field": "propName1", "value": 1, "operator": "or" } ], { "field": "propName3", "condition": "isOneOf", "value": ["DPI", "NIC", "CC"] }, { "field": "propName4", "condition": ">=", "value": "2020-10-27T17:32:25.806Z" } ] } } |
Array of objects (ColumnOrderDto) Nullable Sorting parameters.
| |
offset | integer <int32> [ 0 .. 2147483647 ] Nullable Zero-based index of the item in the full list from which the sorting must begin.
|
limit | integer <int32> [ 0 .. 1000 ] Nullable Maximum number of items in the results.
|
{- "filter": [
- {
- "field": "Id",
- "condition": ">",
- "value": 1
}
], - "sort": [
- {
- "column": "Id",
- "direction": "Asc",
- "nullsBehaviour": null
}
], - "offset": 100,
- "limit": 200
}
{- "total": 201,
- "offset": 200,
- "limit": 100,
- "values": [
- {
- "id": 1,
- "name": "My Patch 1",
- "program": "Program 1",
- "vendor": "Mirosoft",
- "version": "1.0.0",
- "device": {
- "id": 1001,
- "name": "My Patch 1 Desktop"
}, - "source": "PublicAPI",
- "installedOn": null,
- "lastSeen": "2024-11-10T00:00:01Z",
- "description": null
}, - {
- "id": 2,
- "name": "My Patch 2",
- "program": "Program 1",
- "vendor": "Grapes",
- "version": "1.0.0",
- "device": {
- "id": 1002,
- "name": "My Patch 2 Desktop"
}, - "source": "PublicAPI",
- "installedOn": null,
- "lastSeen": "2024-11-10T00:00:01Z",
- "description": null
}, - {
- "id": 3,
- "name": "New Patch",
- "program": "Program 2",
- "vendor": "Mirosoft New",
- "version": "1.0.0",
- "device": {
- "id": 1003,
- "name": "New Patch Desktop"
}, - "source": "PublicAPI",
- "installedOn": null,
- "lastSeen": "2024-11-10T00:00:01Z",
- "description": null
}
]
}
id required | integer <int64> >= 1 ID of the requested patch. |
version required | string |
{- "id": 1,
- "name": "My Patch",
- "program": "Patch Program",
- "vendor": "Mirosoft",
- "version": "1.0.0",
- "device": {
- "id": 1001,
- "name": "My Patch Desktop"
}, - "source": "PublicAPI",
- "installedOn": null,
- "lastSeen": "2024-11-10T00:00:01Z",
- "description": null
}
Devices are connected to the industrial network. Kaspersky Industrial CyberSecurity for Networks monitors device activity and updates information about them. It allows an administrator to make security-related decisions.
You can get a list of devices and their protocols from Kaspersky Industrial CyberSecurity for Networks using devices API methods.
You can also create, edit, and remove devices in Kaspersky Industrial CyberSecurity for Networks.
You can get several devices starting from a certain offset, not including the device with the specified offset.
You can specify filtering and paging options for the devices.
By default, devices are not sorted. Use the sort
property from argument to specify sorting order.
You can use the following fields for filtering:
You can use the following fields for sorting:
version required | string |
Query argument. Specify the argument to define the parameters for filtering and sorting, such as an offset and a maximum number of devices in the returned results.
filter | object Nullable Filtering parameters.
Example of a simple condition with the AND operator. { "query": { ... "filter": [ { "field": "propName3", "condition": "isOneOf", "value": ["DPI", "NIC", "CC"], }, { "field": "propName4", "condition": ">=", "value": "2020-10-27T17:32:25.806Z" } ] } } Example of a set of conditions with a nested condition group. The conditions in the group are combined with the OR operator, while the top-level conditions are combined with the AND operator. { "query": { ... "filter": [ [ { "field": "propName1", "condition": ">=", "value": 10 }, { "field": "propName1", "value": 1, "operator": "or" } ], { "field": "propName3", "condition": "isOneOf", "value": ["DPI", "NIC", "CC"] }, { "field": "propName4", "condition": ">=", "value": "2020-10-27T17:32:25.806Z" } ] } } |
Array of objects (ColumnOrderDto) Nullable Sorting parameters.
| |
offset | integer <int32> [ 0 .. 2147483647 ] Nullable Zero-based index of the item in the full list from which the sorting must begin.
|
limit | integer <int32> [ 0 .. 1000 ] Nullable Maximum number of items in the results.
|
{- "filter": [
- {
- "field": "Id",
- "condition": ">",
- "value": 12370
}, - {
- "field": "Category",
- "condition": "=",
- "value": "Plc"
}
], - "sort": [
- {
- "column": "Id",
- "direction": "Asc",
- "nullsBehaviour": null
}
], - "offset": 200,
- "limit": 100
}
{- "offset": 200,
- "limit": 100,
- "values": [
- {
- "id": 123456,
- "name": "BoilerPlc",
- "description": "Very long description text",
- "status": "Recognized",
- "addressInformation": [
- {
- "networkInterfaceId": 32424,
- "networkInterfaceName": "ens32",
- "macAddress": "ff:aa:bb:cc:dd:ee",
- "macAddressSpaceId": 1,
- "ipAddresses": [
- {
- "id": 121212,
- "ip": "192.168.0.20",
- "addressSpaceId": 1
}, - {
- "id": 121213,
- "ip": "192.168.0.21",
- "addressSpaceId": 5
}
]
}, - {
- "networkInterfaceId": 32425,
- "networkInterfaceName": "Name",
- "macAddress": "ee:aa:bb:cc:dd:ee",
- "macAddressSpaceId": null,
- "ipAddresses": [
- {
- "id": 121214,
- "ip": "192.168.1.21",
- "addressSpaceId": 3
}
]
}
], - "category": "Plc",
- "categoryConfidence": 100,
- "group": "group1",
- "securityState": "Critical",
- "influence": "Normal",
- "lastSeen": "2020-12-15T11:17:12",
- "lastModified": "2020-11-14T10:16:11",
- "created": "2020-10-26T10:15:06",
- "os": "Linux",
- "osConfidence": 200,
- "networkName": "factory-net",
- "networkNameConfidence": 200,
- "hardwareVendor": "Siemens",
- "hardwareVendorConfidence": 200,
- "hardwareModel": "S7-1500",
- "hardwareModelConfidence": 200,
- "hardwareVersion": "3.51",
- "hardwareVersionConfidence": 200,
- "softwareVendor": "SomeCompany",
- "softwareVendorConfidence": 200,
- "softwareModel": "FirmwareOs1",
- "softwareModelConfidence": 200,
- "softwareVersion": "1.23",
- "softwareVersionConfidence": 200,
- "isRouter": false,
- "isRouterConfidence": 200,
- "labels": [
- "label1",
- "label2"
], - "risks": [
- {
- "id": 122334,
- "name": "Risk name 1",
- "category": "TechnologicalRisk",
- "state": "Accepted",
- "baseScore": 5.5,
- "score": 6.1,
- "typeId": null
}, - {
- "id": 122334,
- "name": "Risk name 2",
- "category": "Vulnerability",
- "state": "Active",
- "baseScore": 7.1,
- "score": 8,
- "typeId": null
}
], - "processControlSettings": {
- "deviceType": "Siemens Simatic S-1500",
- "protocols": [
- {
- "id": 123123,
- "name": "S7CommOverTcp",
- "protocolStackId": 2,
- "systemCommands": {
- "total": 23,
- "monitored": 7
}, - "addresses2": [
- {
- "addressConfig": "{ \"ip\": \"192.168.0.20\", \"port\": 102, \"rack\": 0, \"slot\": 2 }",
- "ipAddressSpaceId": 1,
- "macAddressSpaceId": 1
}
]
}, - {
- "id": 123123,
- "name": "IndustrialEthernet",
- "protocolStackId": 12,
- "systemCommands": {
- "total": 25,
- "monitored": 9
}, - "addresses2": [
- {
- "addressConfig": "{ \"mac\": \"ff:aa:bb:cc:dd:ee\", \"rack\": 0, \"slot\": 2 }",
- "ipAddressSpaceId": 2,
- "macAddressSpaceId": 2
}
]
}
]
}, - "attributes": [
- {
- "name": "name1",
- "value": "value1",
- "isAutoupdated": false,
- "confidence": 1
}, - {
- "name": "name2",
- "value": "value2",
- "isAutoupdated": true,
- "confidence": 2
}
], - "userAttributes": [
- {
- "name": "nameU1",
- "value": "valueU1"
}, - {
- "name": "nameU2",
- "value": "valueU2"
}
], - "epp": {
- "name": "KICS",
- "lastSync": "2021-08-01T00:00:01",
- "rtpState": "Running",
- "keaVersion": "1.2",
- "version": "3.4.5",
- "licenses": [
- {
- "serialNumber": "xx.yy.zz",
- "status": "Active",
- "expirationDate": "2022-01-01T00:00:00"
}, - {
- "serialNumber": "ww.ww.ww",
- "status": "Reserved",
- "expirationDate": "2023-01-01T00:00:00"
}
], - "basesVersion": "2021-07-01T10:11:12"
}, - "hardwareInfo": {
- "cpus": [
- {
- "deviceId": "CPU0",
- "name": "Intel(R) Core(TM) i7-8565U CPU @ 1.80GHz",
- "numberOfCores": 4,
- "numberOfLogicalProcessors": 8
}, - {
- "deviceId": "CPU1",
- "name": "Intel(R) Core(TM) i7-8565U CPU @ 1.80GHz",
- "numberOfCores": 4,
- "numberOfLogicalProcessors": 8
}
], - "bios": {
- "manufacturer": "LENOVO",
- "majorVersion": 1,
- "minorVersion": 38,
- "releaseDate": "2023-01-01T00:00:00"
}, - "ram": {
- "totalPhysicalMemory": 17179869184
}, - "localDisks": [
- {
- "deviceId": "C:",
- "freeSpace": 53687091200,
- "size": 268435456000
}, - {
- "deviceId": "D:",
- "freeSpace": 53687091200,
- "size": 536870912000
}
], - "usbDevices": [
- {
- "deviceId": "USB\\VID_0529&PID_0620\\6&1BAF74D7&0&1",
- "pnpClass": "SmartCardReader",
- "name": "Microsoft Usb ccid Smartcard Reader"
}, - {
- "deviceId": "USB\\VID_0529&PID_0620\\6&1BAF74D7&0&2",
- "pnpClass": "DumbCardReader",
- "name": "Microsoft Usb dumb card Reader"
}
], - "opticalDrives": [
- {
- "name": "HL-DT-ST DVD-RAM GP60NS60 USB Device",
- "mediaLoaded": true
}, - {
- "name": "ML-DT-ST DVD-ROM CP60NS60 USB Device",
- "mediaLoaded": false
}
]
}, - "plcEnhancedConfig": null,
- "sshPublicKey": "ecdsa_256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMVf2d7LsQZqfMy3vZUBubcSkpmMPkf0SMUv5pNea/iE8EWcMMSpHEiZQAE7VsZvNQJ0sCEUtqMKT8ObWo6WIUs="
}
]
}
id required | integer <int64> >= 1 ID of the requested device. |
version required | string |
{- "id": 123456,
- "name": "BoilerPlc",
- "description": "Very long description text",
- "status": "Recognized",
- "addressInformation": [
- {
- "networkInterfaceId": 32424,
- "networkInterfaceName": "ens32",
- "macAddress": "ff:aa:bb:cc:dd:ee",
- "macAddressSpaceId": 1,
- "ipAddresses": [
- {
- "id": 121212,
- "ip": "192.168.0.20",
- "addressSpaceId": 1
}, - {
- "id": 121213,
- "ip": "192.168.0.21",
- "addressSpaceId": 2
}
]
}, - {
- "networkInterfaceId": 32425,
- "networkInterfaceName": "Name",
- "macAddress": "ee:aa:bb:cc:dd:ee",
- "macAddressSpaceId": 1,
- "ipAddresses": [
- {
- "id": 121214,
- "ip": "192.168.1.21",
- "addressSpaceId": 1
}
]
}
], - "category": "Plc",
- "categoryConfidence": 100,
- "group": "group1",
- "securityState": "Critical",
- "influence": 0,
- "lastSeen": "2020-12-15T11:17:12",
- "lastModified": "2020-11-14T10:16:11",
- "created": "2020-10-26T10:15:06",
- "os": "Linux",
- "osConfidence": 200,
- "networkName": "factory-net",
- "networkNameConfidence": 200,
- "hardwareVendor": "Siemens",
- "hardwareVendorConfidence": 200,
- "hardwareModel": "S7-1500",
- "hardwareModelConfidence": 200,
- "hardwareVersion": "3.51",
- "hardwareVersionConfidence": 200,
- "softwareVendor": "SomeCompany",
- "softwareVendorConfidence": 200,
- "softwareModel": "FirmwareOs1",
- "softwareModelConfidence": 200,
- "softwareVersion": "1.23",
- "softwareVersionConfidence": 200,
- "isRouter": false,
- "isRouterConfidence": 200,
- "labels": [
- "label1",
- "label2"
], - "risks": [
- {
- "id": 122334,
- "name": "Risk name 1",
- "category": "TechnologicalRisk",
- "state": "Accepted",
- "baseScore": 5.5,
- "score": 6.1,
- "typeId": null
}, - {
- "id": 122334,
- "name": "Risk name 2",
- "category": "Vulnerability",
- "state": "Active",
- "baseScore": 7.1,
- "score": 8,
- "typeId": null
}
], - "processControlSettings": {
- "deviceType": "Siemens Simatic S-1500",
- "protocols": [
- {
- "id": 123123,
- "name": "S7CommOverTcp",
- "protocolStackId": 2,
- "systemCommands": {
- "total": 23,
- "monitored": 7
}, - "addresses2": [
- {
- "addressConfig": "{ \"ip\": \"192.168.0.20\", \"port\": 102, \"rack\": 0, \"slot\": 2 }",
- "ipAddressSpaceId": 1,
- "macAddressSpaceId": 1
}
]
}, - {
- "id": 123123,
- "name": "IndustrialEthernet",
- "protocolStackId": 12,
- "systemCommands": {
- "total": 25,
- "monitored": 9
}, - "addresses2": [
- {
- "addressConfig": "{ \"mac\": \"ff:aa:bb:cc:dd:ee\", \"rack\": 0, \"slot\": 2 }",
- "ipAddressSpaceId": 2,
- "macAddressSpaceId": 2
}
]
}
]
}, - "attributes": [
- {
- "name": "name1",
- "value": "value1",
- "isAutoupdated": false,
- "confidence": 1
}, - {
- "name": "name2",
- "value": "value2",
- "isAutoupdated": true,
- "confidence": 2
}
], - "userAttributes": [
- {
- "name": "nameU1",
- "value": "valueU1"
}, - {
- "name": "nameU2",
- "value": "valueU2"
}
], - "epp": {
- "name": "KICS",
- "lastSync": "2021-08-01T00:00:01",
- "rtpState": "Running",
- "keaVersion": "1.2",
- "version": "3.4.5",
- "licenses": [
- {
- "serialNumber": "xx.yy.zz",
- "status": "Active",
- "expirationDate": "2022-01-01T00:00:00"
}, - {
- "serialNumber": "ww.ww.ww",
- "status": "Reserved",
- "expirationDate": "2023-01-01T00:00:00"
}
], - "basesVersion": "2021-07-01T10:11:12"
}, - "hardwareInfo": {
- "cpus": [
- {
- "deviceId": "CPU0",
- "name": "Intel(R) Core(TM) i7-8565U CPU @ 1.80GHz",
- "numberOfCores": 4,
- "numberOfLogicalProcessors": 8
}, - {
- "deviceId": "CPU1",
- "name": "Intel(R) Core(TM) i7-8565U CPU @ 1.80GHz",
- "numberOfCores": 4,
- "numberOfLogicalProcessors": 8
}
], - "bios": {
- "manufacturer": "LENOVO",
- "majorVersion": 1,
- "minorVersion": 38,
- "releaseDate": "2023-01-01T00:00:00"
}, - "ram": {
- "totalPhysicalMemory": 17179869184
}, - "localDisks": [
- {
- "deviceId": "C:",
- "freeSpace": 53687091200,
- "size": 268435456000
}, - {
- "deviceId": "D:",
- "freeSpace": 53687091200,
- "size": 536870912000
}
], - "usbDevices": [
- {
- "deviceId": "USB\\VID_0529&PID_0620\\6&1BAF74D7&0&1",
- "pnpClass": "SmartCardReader",
- "name": "Microsoft Usb ccid Smartcard Reader"
}, - {
- "deviceId": "USB\\VID_0529&PID_0620\\6&1BAF74D7&0&2",
- "pnpClass": "DumbCardReader",
- "name": "Microsoft Usb dumb card Reader"
}
], - "opticalDrives": [
- {
- "name": "HL-DT-ST DVD-RAM GP60NS60 USB Device",
- "mediaLoaded": true
}, - {
- "name": "ML-DT-ST DVD-ROM CP60NS60 USB Device",
- "mediaLoaded": false
}
]
}, - "plcEnhancedConfig": "{\"version\":\"1.0\",\"model\":\"Siemens S7-300/400\",\"software\":\"STEP 7\",\"physicalModel\":{\"rackCount\":1,\"rackSegments\":[10,8]},\"hardware\":{\"modules\":[{\"rack\":0,\"slot\":0,\"moduleType\":\"RACK\",\"identifier\":[\"SIMATIC 400\",\"RACK-400\",\"UR2-H\"],\"model\":\"UR2-H\"},{\"rack\":0,\"slot\":2,\"moduleType\":\"CPU\",\"identifier\":[\"SIMATIC 400\",\"CPU-400/CPU 400-H\",\"CPU 412-5H PN/DP\",\"6ES7 412-5HK06-0AB0\",\"V6.0\"],\"model\":\"CPU-412-5H\",\"orderNumber\":\"6ES7 314-1AG14-0AB0\",\"firmwareVersion\":\"3.3.8\",\"serialNumber\":\"SVPF1313847\",\"requestedOperationMode\":\"Unknown\",\"currentOperationMode\":\"Run\",\"copyrightEntry\":\"Original Siemens Equipment\",\"hardwareVersion\":\"4.0.1\",\"bootloaderVersion\":\"32.9.9\"},{\"rack\":0,\"slot\":1,\"moduleType\":\"PS\",\"model\":\"PS 405 10A\",\"identifier\":[\"SIMATIC 400\",\"PS-400\",\"Redundant PS-400\",\"PS 405 10A\"]},{\"rack\":0,\"slot\":5,\"moduleType\":\"CP\",\"model\":\"CP 443-1\",\"identifier\":[\"SIMATIC 400\",\"CP-400\",\"Industrial Ethernet\",\"CP 443-1\",\"6GK7 443-1EX30-0XE0\",\"V3.0\"],\"orderNumber\":\"6GK7 443-1EX30-0XE0\"},{\"rack\":0,\"slot\":6,\"moduleType\":\"AI\",\"model\":\"AI\",\"identifier\":[\"SIMATIC 400\"]}],\"memory\":{\"regions\":[\"region=LoadMemory type=Assigned amount=17184\",\"region=LoadMemory type=Free amount=113888\",\"region=WorkMemory type=Assigned amount=10236\"]},\"protection\":{\"params\":[\"selector_protection_level=CanReadWrite\",\"param_protection_level=NoPassword\"]}},\"project\":{\"hash\":\"0x135C\",\"blocks\":[{\"blockType\":\"OB\",\"blockNumber\":200,\"blockLang\":\"0x00\",\"checksum\":\"0x135C\",\"codeDate\":\"2022-12-01\",\"author\":\"STEP 7\"},{\"blockType\":\"SDB\",\"blockNumber\":1,\"blockLang\":\"0x00\",\"checksum\":\"0x135C\",\"codeDate\":\"2022-12-01\",\"author\":\"STEP 7\"}]}}",
- "sshPublicKey": "43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8"
}
id required | integer <int64> >= 1 ID of the device. |
version required | string |
dontBreakOnFailure | boolean Default: false Identifies whether operations must continue if one of them fails. |
sourceId | integer <int64> External source identifier. |
Field operations.
op | string (PatchOperationType) Enum: "Add" "Remove" "Replace" "Test" |
path required | string non-empty ^(\/\w+)*(\/-)?$ |
value | object Nullable |
[- {
- "op": "Add",
- "path": "string",
- "value": { }
}
]
[- {
- "result": "Succeeded",
- "op": "Add",
- "path": "string",
- "value": { }
}
]
You can edit device data in Kaspersky Industrial CyberSecurity for Networks using this API.
id required | integer <int64> >= 1 ID of the device that you want to edit. |
version required | string |
Parameters of the device that you want to edit.
allowProcessControlSettingsUpdate required | boolean Allow industrial configuration editing. |
name required | string [ 1 .. 8192 ] characters Unique name of the device. |
required | Array of objects (DeviceAddressInformation) non-empty MAC and IP addresses of the device. |
description | string <= 65536 characters Nullable Description of the device. |
status | string (AssetStatus) Enum: "Unauthorized" "Recognized" "Archived" |
category | string (AssetType) Enum: "ScadaHmi" "Rpa" "Server" "Workstation" "Plc" "EngineeringStation" "MobileDevice" "NetworkDevice" "Other" "Laptop" "HmiPanel" "Printer" "UPS" "NetworkCamera" "Gateway" "StorageSystem" "Firewall" "Switch" "VirtualSwitch" "Router" "VirtualRouter" "WiFi" "Historian" |
os | string <= 65536 characters Nullable Name of an operating system of the device. |
hardwareVendor | string <= 65536 characters Nullable Name of a device manufacturer. |
hardwareModel | string <= 65536 characters Nullable Device hardware model. |
hardwareVersion | string <= 65536 characters Nullable Device hardware version. |
softwareVendor | string <= 65536 characters Nullable Device software vendor. |
softwareModel | string <= 65536 characters Nullable Device software model. |
softwareVersion | string <= 65536 characters Nullable Device software version. |
networkName | string <= 65536 characters Nullable Name used to represent the device in the network. |
isRouter | boolean Identifies whether the device is a routing device. |
influence | string (DeviceInfluenceType) Enum: "BusinessCritical" "Important" "Normal" |
labels | Array of strings Nullable List of labels assigned to the device. |
Array of objects (DeviceUserAttributeData) Nullable Any additional user-defined parameters of the device returned in pairs "Name, Value". | |
sshPublicKey | string <= 256 characters Nullable Device ssh public key. |
{- "allowProcessControlSettingsUpdate": true,
- "name": "BoilerPlc",
- "addressInformation": [
- {
- "networkInterfaceId": 123409,
- "networkInterfaceName": null,
- "macAddress": "11:22:33:44:55:66",
- "macAddressSpaceId": null,
- "ipAddresses": [
- {
- "id": 101,
- "ip": "1.2.3.4",
- "addressSpaceId": null
}, - {
- "id": 102,
- "ip": "1.2.3.5",
- "addressSpaceId": null
}
]
}
], - "description": "Very long description text",
- "status": "Recognized",
- "category": "NetworkDevice",
- "os": "Linux",
- "hardwareVendor": "Siemens",
- "hardwareModel": "S7-1500",
- "hardwareVersion": "3.51",
- "softwareVendor": "SomeCompany",
- "softwareModel": "FirmwareOs1",
- "softwareVersion": "1.23",
- "networkName": "factory-net",
- "isRouter": false,
- "influence": 0,
- "labels": [
- "label1",
- "label2"
], - "userAttributes": [
- {
- "name": "name1",
- "value": "value1"
}, - {
- "name": "name2",
- "value": "value2"
}
], - "sshPublicKey": "ecdsa_256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMVf2d7LsQZqfMy3vZUBubcSkpmMPkf0SMUv5pNea/iE8EWcMMSpHEiZQAE7VsZvNQJ0sCEUtqMKT8ObWo6WIUs="
}
{- "status": "Error",
- "errors": [
- {
- "field": "ip",
- "path": "addressInformation/ipAddresses[0]",
- "errorMessage": "Wrong ip address format"
}
]
}
id required | integer <int64> >= 1 ID of the device. |
version required | string |
mode required | string (AssignIndustrialConfigMode) Enum: "Replace" "Merge" Mode of industrial configuration assignment. |
config required | string <binary> |
{- "addedTags": 10,
- "tagErrors": 0,
- "removedTags": 5,
- "replacedTags": 5,
- "removedRules": 1
}
id required | integer <int64> >= 1 ID of the device for which protocols are queried. |
version required | string |
[- {
- "id": 12345,
- "name": "ModbusTcp",
- "protocolStackId": 1,
- "systemCommands": {
- "total": 15,
- "monitored": 3
}, - "addresses2": [
- {
- "addressConfig": "{ \"ip\": \"192.168.0.7\", \"port\": 502, \"unit\": 0 }",
- "ipAddressSpaceId": 1,
- "macAddressSpaceId": 1
}, - {
- "addressConfig": "{ \"ip\": \"192.168.0.8\", \"port\": 502, \"unit\": 0 }",
- "ipAddressSpaceId": 2,
- "macAddressSpaceId": 2
}
]
}
]
You can create devices in Kaspersky Industrial CyberSecurity for Networks using this API.
version required | string |
Parameters of the created device.
whatIfDuplicate required | string (DuplicateAction) Enum: "Skip" "Overwrite" |
allowProcessControlSettingsLoss required | boolean Allow loss of industrial configuration. |
name required | string [ 1 .. 8192 ] characters Unique name of the device. |
required | Array of objects (DeviceAddressInformation) non-empty MAC and IP addresses of the device. |
description | string <= 65536 characters Nullable Description of the device. |
status | string (AssetStatus) Enum: "Unauthorized" "Recognized" "Archived" |
category | string (AssetType) Enum: "ScadaHmi" "Rpa" "Server" "Workstation" "Plc" "EngineeringStation" "MobileDevice" "NetworkDevice" "Other" "Laptop" "HmiPanel" "Printer" "UPS" "NetworkCamera" "Gateway" "StorageSystem" "Firewall" "Switch" "VirtualSwitch" "Router" "VirtualRouter" "WiFi" "Historian" |
os | string <= 65536 characters Nullable Name of an operating system of the device. |
hardwareVendor | string <= 65536 characters Nullable Name of a device manufacturer. |
hardwareModel | string <= 65536 characters Nullable Device hardware model. |
hardwareVersion | string <= 65536 characters Nullable Device hardware version. |
softwareVendor | string <= 65536 characters Nullable Device software vendor. |
softwareModel | string <= 65536 characters Nullable Device software model. |
softwareVersion | string <= 65536 characters Nullable Device software version. |
networkName | string <= 65536 characters Nullable Name used to represent the device in the network. |
isRouter | boolean Identifies whether the device is a routing device. |
influence | string (DeviceInfluenceType) Enum: "BusinessCritical" "Important" "Normal" |
labels | Array of strings Nullable List of labels assigned to the device. |
Array of objects (DeviceUserAttributeData) Nullable Any additional user-defined parameters of the device returned in pairs "Name, Value". | |
sshPublicKey | string <= 256 characters Nullable Device ssh public key. |
{- "whatIfDuplicate": "Skip",
- "allowProcessControlSettingsLoss": true,
- "name": "BoilerPlc",
- "addressInformation": [
- {
- "networkInterfaceId": 0,
- "networkInterfaceName": null,
- "macAddress": "11:22:33:44:55:66",
- "macAddressSpaceId": null,
- "ipAddresses": [
- {
- "id": 0,
- "ip": "1.2.3.4",
- "addressSpaceId": null
}, - {
- "id": 0,
- "ip": "1.2.3.5",
- "addressSpaceId": null
}
]
}
], - "description": "Very long description text",
- "status": "Recognized",
- "category": "NetworkDevice",
- "os": "Linux",
- "hardwareVendor": "Siemens",
- "hardwareModel": "S7-1500",
- "hardwareVersion": "3.51",
- "softwareVendor": "SomeCompany",
- "softwareModel": "FirmwareOs1",
- "softwareVersion": "1.23",
- "networkName": "factory-net",
- "isRouter": false,
- "influence": 0,
- "labels": [
- "label1",
- "label2"
], - "userAttributes": [
- {
- "name": "name1",
- "value": "value1"
}, - {
- "name": "name2",
- "value": "value2"
}
], - "sshPublicKey": "ecdsa_256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMVf2d7LsQZqfMy3vZUBubcSkpmMPkf0SMUv5pNea/iE8EWcMMSpHEiZQAE7VsZvNQJ0sCEUtqMKT8ObWo6WIUs="
}
{- "status": "Created",
- "deviceId": 12345
}
Users of devices that are connected to the industrial network. Kaspersky Industrial CyberSecurity for Networks monitors their activity and updates information about them. It allows an administrator to make security-related decisions.
You can get several device users starting from a certain offset, not including the device user with the specified offset.
You can specify filtering and paging options for the device users.
By default, device users are not sorted. Use the sort
property from argument to specify sorting order.
You can use the following fields for filtering:
You can use the following fields for sorting:
version required | string |
Query argument. Specify the argument to define the parameters for filtering and sorting, such as an offset and a maximum number of device users in the returned results.
filter | object Nullable Filtering parameters.
Example of a simple condition with the AND operator. { "query": { ... "filter": [ { "field": "propName3", "condition": "isOneOf", "value": ["DPI", "NIC", "CC"], }, { "field": "propName4", "condition": ">=", "value": "2020-10-27T17:32:25.806Z" } ] } } Example of a set of conditions with a nested condition group. The conditions in the group are combined with the OR operator, while the top-level conditions are combined with the AND operator. { "query": { ... "filter": [ [ { "field": "propName1", "condition": ">=", "value": 10 }, { "field": "propName1", "value": 1, "operator": "or" } ], { "field": "propName3", "condition": "isOneOf", "value": ["DPI", "NIC", "CC"] }, { "field": "propName4", "condition": ">=", "value": "2020-10-27T17:32:25.806Z" } ] } } |
Array of objects (ColumnOrderDto) Nullable Sorting parameters.
| |
offset | integer <int32> [ 0 .. 2147483647 ] Nullable Zero-based index of the item in the full list from which the sorting must begin.
|
limit | integer <int32> [ 0 .. 1000 ] Nullable Maximum number of items in the results.
|
{- "filter": [
- {
- "field": "Id",
- "condition": ">",
- "value": 12370
}
], - "sort": [
- {
- "column": "Id",
- "direction": "Asc",
- "nullsBehaviour": null
}
], - "offset": 200,
- "limit": 100
}
{- "total": 203,
- "offset": 200,
- "limit": 100,
- "values": [
- {
- "id": 1,
- "name": "Petrov",
- "description": null,
- "fullName": "domain\\1-2-3\\$Petrov",
- "groups": [
- "locadm",
- "user"
], - "device": {
- "id": 1001,
- "name": "${name}Desktop"
}, - "source": "EPP",
- "sid": "S-1-5-21-1507001333-1204550764-1011284298-$1",
- "isDisabled": false,
- "isLockedOut": false,
- "mustChangePassword": false,
- "canChangePassword": true,
- "passwordNeverExpires": false,
- "lastSeen": "2024-01-01T00:00:01Z"
}, - {
- "id": 2,
- "name": "Ivanov",
- "description": null,
- "fullName": "domain\\1-2-3\\$Ivanov",
- "groups": [
- "locadm",
- "user"
], - "device": {
- "id": 1002,
- "name": "${name}Desktop"
}, - "source": "EPP",
- "sid": "S-1-5-21-1507001333-1204550764-1011284298-$2",
- "isDisabled": false,
- "isLockedOut": false,
- "mustChangePassword": false,
- "canChangePassword": true,
- "passwordNeverExpires": false,
- "lastSeen": "2024-01-01T00:00:01Z"
}, - {
- "id": 3,
- "name": "admin",
- "description": null,
- "fullName": "domain\\1-2-3\\$admin",
- "groups": [
- "locadm",
- "user"
], - "device": {
- "id": 1003,
- "name": "${name}Desktop"
}, - "source": "EPP",
- "sid": "S-1-5-21-1507001333-1204550764-1011284298-$3",
- "isDisabled": false,
- "isLockedOut": false,
- "mustChangePassword": false,
- "canChangePassword": true,
- "passwordNeverExpires": false,
- "lastSeen": "2024-01-01T00:00:01Z"
}
]
}
id required | integer <int64> >= 1 ID of the requested device user. |
version required | string |
{- "id": 1368,
- "name": "Ivanov",
- "description": null,
- "fullName": "domain\\1-2-3\\$Ivanov",
- "groups": [
- "locadm",
- "user"
], - "device": {
- "id": 2368,
- "name": "${name}Desktop"
}, - "source": "EPP",
- "sid": "S-1-5-21-1507001333-1204550764-1011284298-$1368",
- "isDisabled": false,
- "isLockedOut": false,
- "mustChangePassword": false,
- "canChangePassword": true,
- "passwordNeverExpires": false,
- "lastSeen": "2024-01-01T00:00:01Z"
}
If a device user was detected, you can add this information to Kaspersky Industrial CyberSecurity for Networks.
version required | string |
Parameters of the request for registering detected users of specified devices.
Array of objects (DetectedDeviceUsersItem) Nullable Array of elements, each of which contains information about devices and their users. |
{- "elements": [
- {
- "deviceId": 123456,
- "users": [
- {
- "name": "device-name\\user-login-1"
}, - {
- "name": "device-name\\user-login-2"
}, - {
- "name": "device-name\\user-login-3"
}
]
}, - {
- "deviceId": 654321,
- "users": [
- {
- "name": "domain-name\\user-login-4"
}, - {
- "name": "domain-name\\user-login-5"
}
]
}
]
}
Events are messages generated by Kaspersky Industrial CyberSecurity for Networks in response to probably malicious industrial network traffic, detected attacks, and other security-related data. You can get events from Kaspersky Industrial CyberSecurity for Networks using the events API methods. In addition, you can register your own events in Kaspersky Industrial CyberSecurity for Networks. Kaspersky Industrial CyberSecurity for Networks handles these events as it does any other events.
You can get several events starting from a certain offset, not including event with specified offset.
You can specify filtering and paging options for the events.
By default, events are not sorted. Use the sort
property from argument to specify sorting order.
You can use the following fields for filtering:
You can use the following fields for sorting:
version required | string |
Query argument. Specify the argument to define the parameters for filtering and sorting, such as an offset and a maximum number of events in the returned results.
filter | object Nullable Filtering parameters.
Example of a simple condition with the AND operator. { "query": { ... "filter": [ { "field": "propName3", "condition": "isOneOf", "value": ["DPI", "NIC", "CC"], }, { "field": "propName4", "condition": ">=", "value": "2020-10-27T17:32:25.806Z" } ] } } Example of a set of conditions with a nested condition group. The conditions in the group are combined with the OR operator, while the top-level conditions are combined with the AND operator. { "query": { ... "filter": [ [ { "field": "propName1", "condition": ">=", "value": 10 }, { "field": "propName1", "value": 1, "operator": "or" } ], { "field": "propName3", "condition": "isOneOf", "value": ["DPI", "NIC", "CC"] }, { "field": "propName4", "condition": ">=", "value": "2020-10-27T17:32:25.806Z" } ] } } |
Array of objects (ColumnOrderDto) Nullable Sorting parameters.
| |
offset | integer <int32> [ 0 .. 2147483647 ] Nullable Zero-based index of the item in the full list from which the sorting must begin.
|
limit | integer <int32> [ 0 .. 1000 ] Nullable Maximum number of items in the results.
|
{- "filter": [
- {
- "field": "Id",
- "condition": ">",
- "value": 12370
}, - {
- "field": "Technology",
- "condition": "=",
- "value": "Dpi"
}
], - "sort": [
- {
- "column": "Id",
- "direction": "Asc",
- "nullsBehaviour": null
}
], - "offset": 200,
- "limit": 100
}
{- "offset": 200,
- "limit": 100,
- "values": [
- {
- "id": 123456,
- "eventType": 123123,
- "title": "Something happened",
- "score": 5.3,
- "startTime": "2020-10-27T17:32:25Z",
- "lastSeenTime": "2020-10-27T17:32:26Z",
- "endTime": "2020-10-27T17:32:26Z",
- "protocol": "Modbus",
- "communications": [
- {
- "sourceIp": "192.168.0.1",
- "sourceIpAddressSpaceId": 0,
- "sourcePort": 20,
- "sourceMac": "ff:aa:bb:cc:dd:ee",
- "sourceMacAddressSpaceId": 0,
- "sourceApplication": "slot=10",
- "destinationIp": "192.168.0.1",
- "destinationIpAddressSpaceId": 1,
- "destinationPort": 30,
- "destinationMac": "ff:aa:bb:cc:dd:ee",
- "destinationMacAddressSpaceId": 1,
- "destinationApplication": "slot=5",
- "applicationProtocol": null,
- "vlanId": 0,
- "protocolStack": [
- "TCP",
- "Modbus"
], - "protocolStackId": 1232,
- "protocolStackPath": "TCP/Modbus",
- "systemCommandId": 12312,
- "systemCommandName": "STOP_PLC"
}
], - "technology": "Dpi",
- "totalAppearances": 10,
- "status": "Proposed",
- "description": "Very long description text",
- "triggeredRule": "Rule name",
- "triggeredRuleId": 123,
- "monitoringPoint": "Mpoint 1",
- "monitoringPointId": 1,
- "monitoringPointDeletedTime": "2020-10-26T10:15:06",
- "mark": 0,
- "origin": "System",
- "childrenCount": 6,
- "assets": [
- {
- "id": 12312
}
], - "params": [
- {
- "name": "param1",
- "value": "value 1"
}, - {
- "name": "param2",
- "value": "value 2"
}
], - "risks": [
- {
- "id": 21213
}
], - "applications": [
- {
- "eppApplication": {
- "applicationId": 1,
- "applicationName": "Microsoft® Windows® Operating System",
- "productName": "Microsoft® Windows® Operating System",
- "productVersion": "10.0.19041.964",
- "productVendor": "Microsoft Corporation",
- "imagePath": "C:\\\\WINDOWS\\\\System32\\\\smss.exe",
- "osName": "Microsoft Windows 10 Pro",
- "isServer": true,
- "signatureCheckResult": true,
- "md5": "2c3f91bb4c0994a7b36ed0b6b14ec9c7",
- "sha256": "56afe5133fdc5806ec6b19436f7b55f1499cfc94619740c171424fbcf7808fd3",
- "communicationIndex": 0,
- "communicationIsSource": true
}, - "eppUser": {
- "userId": 202,
- "userName": "Administrator",
- "logonType": "Interactive",
- "accountType": "Admin"
}
}, - {
- "eppApplication": {
- "applicationId": 1,
- "applicationName": "Microsoft® Windows® Operating System",
- "productName": "Microsoft® Windows® Operating System",
- "productVersion": "10.0.19041.964",
- "productVendor": "Microsoft Corporation",
- "imagePath": "C:\\\\WINDOWS\\\\System32\\\\smss.exe",
- "osName": "Microsoft Windows 10 Pro",
- "isServer": true,
- "signatureCheckResult": true,
- "md5": "2c3f91bb4c0994a7b36ed0b6b14ec9c7",
- "sha256": "56afe5133fdc5806ec6b19436f7b55f1499cfc94619740c171424fbcf7808fd3",
- "communicationIndex": 0,
- "communicationIsSource": true
}, - "eppUser": null
}
]
}
]
}
id required | integer <int64> >= 1 ID of the requested event. |
version required | string |
{- "id": 123456,
- "eventType": 123123,
- "title": "Something happened",
- "score": 5.3,
- "startTime": "2020-10-27T17:32:25Z",
- "lastSeenTime": "2020-10-27T17:32:26Z",
- "endTime": "2020-10-27T17:32:26Z",
- "protocol": "Modbus",
- "communications": [
- {
- "sourceIp": "192.168.0.1",
- "sourceIpAddressSpaceId": 0,
- "sourcePort": 20,
- "sourceMac": "ff:aa:bb:cc:dd:ee",
- "sourceMacAddressSpaceId": 0,
- "sourceApplication": "slot=10",
- "destinationIp": "192.168.0.1",
- "destinationIpAddressSpaceId": 1,
- "destinationPort": 30,
- "destinationMac": "ff:aa:bb:cc:dd:ee",
- "destinationMacAddressSpaceId": 1,
- "destinationApplication": "slot=5",
- "applicationProtocol": null,
- "vlanId": 0,
- "protocolStack": [
- "TCP",
- "Modbus"
], - "protocolStackId": 1232,
- "protocolStackPath": "TCP/Modbus",
- "systemCommandId": 12312,
- "systemCommandName": "STOP_PLC"
}
], - "technology": "Dpi",
- "totalAppearances": 10,
- "status": "Proposed",
- "description": "Very long description text",
- "triggeredRule": "Rule name",
- "triggeredRuleId": 123,
- "monitoringPoint": "Mpoint 1",
- "monitoringPointId": 1,
- "monitoringPointDeletedTime": "2020-10-26T10:15:06",
- "mark": 0,
- "origin": "System",
- "childrenCount": 6,
- "assets": [
- {
- "id": 12312
}
], - "params": [
- {
- "name": "param1",
- "value": "value 1"
}, - {
- "name": "param2",
- "value": "value 2"
}
], - "risks": [
- {
- "id": 21213
}
], - "applications": [
- {
- "eppApplication": {
- "applicationId": 1,
- "applicationName": "Microsoft® Windows® Operating System",
- "productName": "Microsoft® Windows® Operating System",
- "productVersion": "10.0.19041.964",
- "productVendor": "Microsoft Corporation",
- "imagePath": "C:\\\\WINDOWS\\\\System32\\\\smss.exe",
- "osName": "Microsoft Windows 10 Pro",
- "isServer": true,
- "signatureCheckResult": true,
- "md5": "2c3f91bb4c0994a7b36ed0b6b14ec9c7",
- "sha256": "56afe5133fdc5806ec6b19436f7b55f1499cfc94619740c171424fbcf7808fd3",
- "communicationIndex": 0,
- "communicationIsSource": true
}, - "eppUser": {
- "userId": 202,
- "userName": "Administrator",
- "logonType": "Interactive",
- "accountType": "Admin"
}
}
]
}
You can edit event data in Kaspersky Industrial CyberSecurity for Networks using this API.
id required | integer <int64> >= 1 ID of the event that you want to edit. |
version required | string |
Parameters of the event to edit:
status | string (EventUserState) Enum: "Proposed" "Active" "Resolved" |
mark | integer <int32> Nullable Numeric value from 0 to 7 that represents a selection of icons that you can set for any event or incident to find events and incidents based on criteria that are not in the table. |
{- "status": "Proposed",
- "mark": 0
}
"string"
You can get a ZIP file with traffic associated with several events. The traffic can be filtered and sorted in the same way as for the QueryEvents() method.
version required | string |
Query argument. Specify the argument to define parameters for filtering and sorting, such as an offset and a maximum number of events in the returned results.
filter | object Nullable Filtering parameters.
Example of a simple condition with the AND operator. { "query": { ... "filter": [ { "field": "propName3", "condition": "isOneOf", "value": ["DPI", "NIC", "CC"], }, { "field": "propName4", "condition": ">=", "value": "2020-10-27T17:32:25.806Z" } ] } } Example of a set of conditions with a nested condition group. The conditions in the group are combined with the OR operator, while the top-level conditions are combined with the AND operator. { "query": { ... "filter": [ [ { "field": "propName1", "condition": ">=", "value": 10 }, { "field": "propName1", "value": 1, "operator": "or" } ], { "field": "propName3", "condition": "isOneOf", "value": ["DPI", "NIC", "CC"] }, { "field": "propName4", "condition": ">=", "value": "2020-10-27T17:32:25.806Z" } ] } } |
Array of objects (ColumnOrderDto) Nullable Sorting parameters.
| |
offset | integer <int32> [ 0 .. 2147483647 ] Nullable Zero-based index of the item in the full list from which the sorting must begin.
|
limit | integer <int32> [ 0 .. 1000 ] Nullable Maximum number of items in the results.
|
{- "filter": [
- {
- "field": "Id",
- "condition": ">",
- "value": 12370
}, - {
- "field": "Technology",
- "condition": "=",
- "value": "Dpi"
}
], - "sort": [
- {
- "column": "Id",
- "direction": "Asc",
- "nullsBehaviour": null
}
], - "offset": 200,
- "limit": 100
}
"string"
You can register events in Kaspersky Industrial CyberSecurity for Networks using this API.
version required | string |
Parameters of the event that you want to register.
title required | string [ 1 .. 4096 ] characters Title defined for the event type. |
score required | number <float> [ 0 .. 10 ] Score of the event or incident. |
startTime required | string <date-time> For an event that is not an incident: date and time when the event was registered. For an incident: date and time when the first event included in the incident was registered. |
lastSeenTime | string <date-time> Nullable For an event that is not an incident: date and time when the event last occurred. It may contain date and time when the event was registered, or date and time when the value of an event regenerate counter increased if the conditions for event registration were repeated during the event regenerate timeout. |
endTime required | string <date-time> For an event that is not an incident: date and time when the Resolved status was assigned, or date and time of the event regenerate timeout. For an incident: the latest date and time of the end of events that are part of the incident. |
totalAppearances | integer <int32> [ 1 .. 2147483647 ] Nullable For an event that is not an incident: value of a regenerate counter after the event was registered within the event regenerate timeout. |
description | string [ 0 .. 32000 ] characters Nullable Description specified for the event type. |
triggeredRuleName | string [ 0 .. 4096 ] characters Nullable For an event that is not an incident: name of a Process Control rule or an Intrusion Detection rule that was triggered and caused event registration. For an incident: name of a correlation rule that was triggered and caused incident registration. |
monitoringPointId | integer <int32> [ 0 .. 65535 ] Identifier of the monitoring point whose traffic invoked registration of the event. |
mark | integer <int32> [ 0 .. 7 ] Numeric value from 0 to 7 that represents a selection of icons that you can set for any event or incident to find events and incidents based on criteria that are not in the table. |
origin required | string (EventOrigin) Enum: "Unknown" "System" "User" |
object Nullable Array of name-value pairs that are additional parameters of the event. | |
Array of objects (CreateEventCommunication) Nullable Array of event communications. | |
Array of objects (CreateEventApplication) Nullable Array of event applications and user sessions. |
{- "title": "Something happened",
- "score": 7.7,
- "startTime": "2020-10-27T14:32:25Z",
- "lastSeenTime": "2020-10-27T14:32:26Z",
- "endTime": "2020-10-27T14:32:26Z",
- "totalAppearances": 10,
- "description": "Very long description text",
- "triggeredRuleName": "Rule name",
- "monitoringPointId": 1,
- "mark": 0,
- "origin": "User",
- "params": {
- "param1": "value 1",
- "param2": "value 2"
}, - "communications": [
- {
- "sourceIp": "192.168.0.1",
- "sourceIpAddressSpaceId": 1234,
- "sourcePort": 20,
- "sourceMac": "ff:aa:bb:cc:dd:ee",
- "sourceMacAddressSpaceId": 1234,
- "destinationIp": "192.168.0.1",
- "destinationIpAddressSpaceId": 1234,
- "destinationPort": 30,
- "destinationMac": "ff:aa:bb:cc:dd:ee",
- "destinationMacAddressSpaceId": 1234,
- "vlanId": 0,
- "protocolStackId": 1232
}
], - "applications": [
- {
- "eppApplication": {
- "applicationName": "Microsoft® Windows® Operating System",
- "osName": "Microsoft Windows 10 Pro",
- "productName": "Microsoft® Windows® Operating System",
- "productVersion": "10.0.19041.746",
- "productVendor": "Microsoft Corporation",
- "imagePath": "C:\\Windows\\System32\\mspaint.exe",
- "isServer": false,
- "communicationIndex": 0,
- "communicationIsSource": true
}, - "eppUser": {
- "userName": "Administrator",
- "accountType": "Admin",
- "logonType": "Interactive"
}
}, - {
- "eppApplication": {
- "applicationName": "Microsoft® Windows® Operating System",
- "osName": "Microsoft Windows 10 Pro",
- "productName": "Microsoft® Windows® Operating System",
- "productVersion": "10.0.19041.964",
- "productVendor": "Microsoft Corporation",
- "imagePath": "C:\\WINDOWS\\System32\\smss.exe",
- "isServer": false,
- "communicationIndex": 2,
- "communicationIsSource": false
}, - "eppUser": {
- "userName": "TEMPLATE-FOR-KS\\autotester",
- "accountType": "Admin",
- "logonType": "Interactive"
}
}
]
}
{- "errorMessage": "string"
}
Event type is a defined set of parameters for registering events in Kaspersky Industrial CyberSecurity for Networks. A unique number (event type code) is assigned to each event type. You can get event types from Kaspersky Industrial CyberSecurity for Networks using the event types API methods.
[- {
- "eventTypeId": 1,
- "title": "Incident",
- "description": "A sequence of events corresponding to the incident was detected.",
- "severity": "Critical",
- "technology": "Dpi",
- "eventRegenerateTimeout": 3000,
- "trafficKeeping": {
- "keep": true,
- "packetsBefore": 1024,
- "packetsAfter": 2048,
- "timeBefore": 120,
- "timeAfter": 60
}
}, - {
- "eventTypeId": 2,
- "title": "Event from external system",
- "description": "Long description",
- "severity": "Warning",
- "technology": "External",
- "eventRegenerateTimeout": 1000,
- "trafficKeeping": {
- "keep": false,
- "packetsBefore": 0,
- "packetsAfter": 0,
- "timeBefore": 0,
- "timeAfter": 0
}
}
]
id required | integer <int64> >= 1 Event type ID. |
version required | string |
{- "eventTypeId": 1,
- "title": "Incident",
- "description": "A sequence of events corresponding to the incident was detected.",
- "severity": "Critical",
- "technology": "External",
- "eventRegenerateTimeout": 3000,
- "trafficKeeping": {
- "keep": true,
- "packetsBefore": 1024,
- "packetsAfter": 2048,
- "timeBefore": 120,
- "timeAfter": 60
}
}
Information about a license key.
You can get information about the added license key using the license-key API methods.
{- "localization": "en",
- "serialNumber": {
- "customerId": 2028,
- "applicationId": 9482,
- "serialNumber": 1465860564,
- "key": "250a-0007ec-575f41d4"
}, - "productName": "Kaspersky Industrial CyberSecurity for Networks Standard Server, Limited Updates International Edition. 1 - Server 1 year NFR License: KICS for Networks",
- "licenseInstallationDate": "2020-12-31T00:00:00",
- "licenseExpirationDate": "2019-12-18T00:00:00",
- "licenseCreationDate": "2020-01-01T00:00:00",
- "licenseStatus": "Active",
- "daysTillLicenseExpire": 41
}
Monitoring points are used for receiving and processing industrial network traffic in Kaspersky Industrial CyberSecurity for Networks.
You can get monitoring points from Kaspersky Industrial CyberSecurity for Networks using monitoring-points API methods.
[- {
- "mpId": 12345,
- "name": "MonitoringPoint1",
- "nicId": "nic1",
- "hostId": "sensor1",
- "enabled": true,
- "createdTime": "2020-10-27T17:32:25Z",
- "deletedTime": "2020-10-27T17:32:25Z"
}
]
id required | integer <int64> >= 1 ID of the queried monitoring point. |
version required | string |
{- "mpId": 12345,
- "name": "MonitoringPoint1",
- "nicId": "nic1",
- "hostId": "sensor1",
- "enabled": true,
- "createdTime": "2020-10-27T17:32:25Z",
- "deletedTime": "2020-10-27T17:32:25Z"
}
You can send a network topology map report using the network topology map API methods.
You can send a network topology map report in Kaspersky Industrial CyberSecurity for Networks using this API.
version required | string |
Request to send a network topology map report includes the following parameters.
apmId | integer <int64> Unique ID of active polling method. |
Array of objects (NtmNodeInfo) Nullable List of nodes. |
{- "apmId": 1,
- "nodes": [
- {
- "timestamp": "2020-01-01T12:00:00",
- "rawData": "specific data"
}
]
}
{- "error": "Error text"
}
Information about the state of nodes.
You can get information about the state of nodes using the technologies API methods.
[- {
- "id": "D156FFE4-BECA-4E8F-8FC9-858F18626934",
- "type": "Server",
- "name": "KICS server",
- "monitoringPointIds": [
- 1,
- 5,
- 7
]
}, - {
- "id": "F63DD168-D0E4-4EF1-9C92-BC77DCE9DFD0",
- "type": "Sensor",
- "name": "KICS sensor 1",
- "monitoringPointIds": [
- 2
]
}, - {
- "id": "C04B4906-269A-437D-9765-6F9F85FFD98E",
- "type": "Sensor",
- "name": "KICS sensor 2",
- "monitoringPointIds": [
- 3
]
}
]
If log files were detected on a device, you can add this information to Kaspersky Industrial CyberSecurity for Networks.
version required | string |
Parameters of the request for registering logs detected on devices.
Array of objects (DetectedPlcLog) Nullable Detected logs. |
{- "logs": [
- {
- "deviceId": 1,
- "time": "0001-01-01T00:00:00",
- "message": "Message",
- "moduleId": "ModuleId"
}, - {
- "deviceId": 2,
- "time": "0001-01-01T00:00:00",
- "message": "Message",
- "moduleId": "Test module"
}, - {
- "deviceId": 3,
- "time": "2024-04-01T00:00:00",
- "message": "Message",
- "moduleId": "ModuleId"
}
]
}
Kaspersky Industrial CyberSecurity for Networks uses several dictionaries, including a dictionary of protocols.
You can get protocols from Kaspersky Industrial CyberSecurity for Networks using protocol-stacks API methods.
[- {
- "protocolStackId": 12345,
- "name": "Modbus TCP",
- "protocolStackName": "TCP/Modbus TCP",
- "parentId": 5001,
- "etherType": 123,
- "ipType": 345,
- "customType": "345",
- "isIndustrial": true,
- "isActive": true
}
]
id required | integer <int64> >= 1 ID of the queried protocol stack. |
version required | string |
{- "protocolStackId": 12345,
- "name": "ModbusTcp",
- "protocolStackName": "TCP/ModbusTcp",
- "parentId": 5001,
- "etherType": 123,
- "ipType": 345,
- "customType": "345",
- "isIndustrial": true,
- "isActive": true
}
Kaspersky Industrial CyberSecurity for Networks can detect risks of devices. One asset can have multiple risks.
You can get risks from Kaspersky Industrial CyberSecurity for Networks using the risks API methods.
You can get several risk entries starting from a certain offset, not including the risk with the specified offset.
You can specify filtering and paging options for risk entries.
By default, risk entries are not sorted. Use the sort
property from argument to specify sorting order.
You can use the following fields for filtering:
You can use the following fields for sorting:
version required | string |
Query argument. Specify the argument to define parameters for filtering and sorting, such as an offset and a maximum number of risks in the returned results.
filter | object Nullable Filtering parameters.
Example of a simple condition with the AND operator. { "query": { ... "filter": [ { "field": "propName3", "condition": "isOneOf", "value": ["DPI", "NIC", "CC"], }, { "field": "propName4", "condition": ">=", "value": "2020-10-27T17:32:25.806Z" } ] } } Example of a set of conditions with a nested condition group. The conditions in the group are combined with the OR operator, while the top-level conditions are combined with the AND operator. { "query": { ... "filter": [ [ { "field": "propName1", "condition": ">=", "value": 10 }, { "field": "propName1", "value": 1, "operator": "or" } ], { "field": "propName3", "condition": "isOneOf", "value": ["DPI", "NIC", "CC"] }, { "field": "propName4", "condition": ">=", "value": "2020-10-27T17:32:25.806Z" } ] } } |
Array of objects (ColumnOrderDto) Nullable Sorting parameters.
| |
offset | integer <int32> [ 0 .. 2147483647 ] Nullable Zero-based index of the item in the full list from which the sorting must begin.
|
limit | integer <int32> [ 0 .. 1000 ] Nullable Maximum number of items in the results.
|
{- "filter": [
- {
- "field": "Score",
- "condition": ">",
- "value": 5
}, - {
- "field": "State",
- "condition": "<>",
- "value": "Remediated"
}
], - "sort": [
- {
- "column": "Id",
- "direction": "Asc",
- "nullsBehaviour": null
}
], - "offset": 200,
- "limit": 100
}
{- "offset": 200,
- "limit": 100,
- "values": [
- {
- "id": 12345,
- "typeId": 121327,
- "name": "Some risk detected.",
- "category": "Vulnerability",
- "baseScore": 5.9,
- "score": 5.9,
- "cveSource": "NVD",
- "protocolStackId": 1,
- "sourcePort": 8081,
- "sourceIp": "192.168.0.1",
- "sourceIpAddressSpaceId": null,
- "sourceMac": "aa:bb:cc:dd:ee:ff",
- "sourceMacAddressSpaceId": null,
- "destinationPort": 8082,
- "destinationIp": "192.168.0.1",
- "destinationIpAddressSpaceId": null,
- "destinationMac": "aa:bb:cc:dd:ee:ff",
- "destinationMacAddressSpaceId": null,
- "assetGroup": "Group / Subgroup",
- "assetName": "Asset 1",
- "assetAddress": "192.168.0.1",
- "assetId": 5678,
- "state": "Active",
- "comments": "User comments",
- "firstDetected": "2020-10-27T17:32:25Z",
- "lastStateChanged": "2020-10-27T17:32:26Z",
- "description": "Long description text",
- "attackConditions": "Attack conditions text",
- "impact": "Some impact",
- "vector": "Vector text",
- "cveId": "CVE identifier",
- "bduFstecIds": "BDU:2019-00775, BDU:2019-01763",
- "mitigations": [
- {
- "id": 234788,
- "type": "Primary",
- "typeName": "Primary mitigation",
- "source": "Vendor",
- "sourceName": "Provided by vendor",
- "mitigation": "Update the firmware"
}
], - "references": [
- {
- "id": 123,
- "type": "VendorAdvisory",
- "typeName": "Vendor advisory text",
- "title": "Reference title"
}
], - "cveEvents": [
- {
- "id": 213578,
- "type": "AdvisoryPublished",
- "typeName": "Event has been published",
- "date": "2020-10-27T17:32:25Z"
}
], - "matchedCpes": [
- {
- "id": 1,
- "cpe": "SFGSFGSDFGSDFGSDFGDF",
- "displayName": "Siemens firmware",
- "targetType": "Hardware",
- "viewOrder": 0
}
], - "events": [
- {
- "id": 23234,
- "timeStampLastSeen": "2020-10-27T17:32:25Z",
- "title": "Some event",
- "userState": "Active"
}
], - "otherAssets": [
- {
- "id": 2,
- "title": "Asset 2",
- "address": "192.168.0.2"
}
]
}
]
}
id required | integer <int64> >= 1 ID of the queried risk. |
version required | string |
{- "id": 12345,
- "typeId": 31231,
- "name": "Some risk detected.",
- "category": "Vulnerability",
- "baseScore": 5.9,
- "score": 5.9,
- "cveSource": "NVD",
- "protocolStackId": 1,
- "sourcePort": 8081,
- "sourceIp": "192.168.0.1",
- "sourceIpAddressSpaceId": 1,
- "sourceMac": "aa:bb:cc:dd:ee:ff",
- "sourceMacAddressSpaceId": 2,
- "destinationPort": 8082,
- "destinationIp": "192.168.0.1",
- "destinationIpAddressSpaceId": 3,
- "destinationMac": "aa:bb:cc:dd:ee:ff",
- "destinationMacAddressSpaceId": 4,
- "assetGroup": "Group / Subgroup",
- "assetName": "Asset 1",
- "assetAddress": "192.168.0.1",
- "assetId": 5678,
- "state": "Active",
- "comments": "User comments",
- "firstDetected": "2020-10-27T17:32:25Z",
- "lastStateChanged": "2020-10-27T17:32:26Z",
- "description": "Long description text",
- "attackConditions": "Attack conditions text",
- "impact": "Some impact",
- "vector": "Vector text",
- "cveId": "CVE identifier",
- "bduFstecIds": "BDU:2019-00775, BDU:2019-01763",
- "mitigations": [
- {
- "id": 234788,
- "type": "Primary",
- "typeName": "Primary mitigation",
- "source": "Vendor",
- "sourceName": "Provided by vendor",
- "mitigation": "Update the firmware"
}
], - "references": [
- {
- "id": 123,
- "type": "VendorAdvisory",
- "typeName": "Vendor advisory text",
- "title": "Reference title"
}
], - "cveEvents": [
- {
- "id": 213578,
- "type": "AdvisoryPublished",
- "typeName": "Event has been published",
- "date": "2020-10-27T17:32:25Z"
}
], - "matchedCpes": [
- {
- "id": 1,
- "cpe": "SFGSFGSDFGSDFGSDFGDF",
- "displayName": "Siemens firmware",
- "targetType": "Hardware",
- "viewOrder": 0
}
], - "events": [
- {
- "id": 23234,
- "timeStampLastSeen": "2020-10-27T17:32:25Z",
- "title": "Some event",
- "userState": "Active"
}
], - "otherAssets": [
- {
- "id": 2,
- "title": "Asset 2",
- "address": "192.168.0.2"
}
]
}
You can create risks in Kaspersky Industrial CyberSecurity for Networks using this API.
version required | string |
Parameters of the risk that you want to create.
typeId | integer <int64> >= 0 Unique ID of the risk type. |
baseScore | number <float> [ 0 .. 10 ] Nullable Base risk score. |
name | string <= 8192 characters Nullable Name of the risk. |
description | string <= 65536 characters Nullable Description of the risk. |
firstDetected | string <date-time> Time when the risk was first detected in the specific device. |
lastStateChanged | string <date-time> Time when the risk last changed its state. |
deviceId | integer <int64> >= 0 Nullable ID of the device where the risk was detected. |
sourceIp | string Nullable IP address of one of the communication participants that generated the risk. This parameter is empty if there is no communication. |
sourceIpAddressSpaceId | integer <int64> >= 0 Nullable Address space identifier of a source IP address. |
sourceMac | string Nullable MAC address of one of the communication participants that generated the risk. This parameter is empty if there is no communication. |
sourceMacAddressSpaceId | integer <int64> >= 0 Nullable Address space identifier of a source MAC address. |
sourcePort | integer <int32> [ 0 .. 65535 ] Nullable Port of one of the communication participants that generated the risk. This parameter is empty if there is no communication. |
destinationIp | string Nullable IP address of the second communication participant that generated the risk. This parameter is empty if there is no communication. |
destinationIpAddressSpaceId | integer <int64> >= 0 Nullable Address space identifier of a destination IP address. |
destinationMac | string Nullable MAC address of the second communication participant that generated the risk. This parameter is empty if there is no communication. |
destinationMacAddressSpaceId | integer <int64> >= 0 Nullable Address space identifier of a destination MAC address. |
destinationPort | integer <int32> [ 0 .. 65535 ] Nullable Port of the second communication participant that generated the risk. This parameter is empty if there is no communication. |
comments | string <= 1000 characters Nullable User comments of the risk. |
Array of objects (RiskMitigationParameters) Nullable Recommendations on the risk mitigation. | |
object (VulnerabilityRiskParameters) |
{- "typeId": 1,
- "baseScore": 5.5,
- "name": "Some name",
- "description": "Some description",
- "firstDetected": "2020-10-27T17:32:25Z",
- "lastStateChanged": "2020-10-27T17:32:26Z",
- "deviceId": 1,
- "sourceIp": "192.168.1.2",
- "sourceIpAddressSpaceId": 1,
- "sourceMac": "aa:bb:cc:dd:ee:ff",
- "sourceMacAddressSpaceId": 2,
- "sourcePort": 8081,
- "destinationIp": "192.168.0.1",
- "destinationIpAddressSpaceId": 3,
- "destinationMac": "aa:bb:cc:dd:ee:ff",
- "destinationMacAddressSpaceId": 4,
- "destinationPort": 8082,
- "comments": "User comments",
- "mitigations": [
- {
- "type": "Primary",
- "typeName": "Some type name",
- "source": "Vendor",
- "sourceName": "Some source name",
- "mitigation": "Risk mitigation"
}
], - "vulnerabilityRiskInfo": {
- "cveId": "Cve identifier",
- "matchedCpe": "Matched cpe",
- "cpeDisplayName": "Cpe display name",
- "cpeTarget": "Software",
- "published": "2020-10-27T17:32:25Z",
- "references": [
- {
- "type": "VendorAdvisory",
- "typeName": "Vendor advisory text",
- "title": "Reference title"
}
], - "attackConditions": "Attack conditions text",
- "impact": "Some impact",
- "vector": "Vector text",
- "bduFstecIds": "BDU:2019-00775"
}
}
"string"
id required | integer <int64> >= 1 ID of the risk. |
version required | string |
String with new comments for the risk.
"string"
"string"
id required | integer <int64> >= 1 ID of the risk. |
version required | string |
New state for the risk.
"Active"
"string"
Kaspersky Industrial CyberSecurity for Networks provides capability for a recipient system to query data on general settings. You can get server settings from Kaspersky Industrial CyberSecurity for Networks using the server settings API methods.
Tags are values that describe parameters of an industrial process. For example, a manufacturing process involving a thermal oxidizer can have temperature, residence time, and turbulence among many other tags.
You can get tags from Kaspersky Industrial CyberSecurity for Networks using the tags API methods.
You can get several tags starting from a certain offset, not including the tag with the specified offset.
You can specify filtering and paging options for tags.
By default, tags are not sorted. Use the sort
property from argument to specify sorting order.
You can use the following fields for filtering:
You can use the following fields for sorting:
version required | string |
Query argument. Specify the argument to define parameters for filtering and sorting, such as an offset and a maximum number of risks in the returned results.
filter | object Nullable Filtering parameters.
Example of a simple condition with the AND operator. { "query": { ... "filter": [ { "field": "propName3", "condition": "isOneOf", "value": ["DPI", "NIC", "CC"], }, { "field": "propName4", "condition": ">=", "value": "2020-10-27T17:32:25.806Z" } ] } } Example of a set of conditions with a nested condition group. The conditions in the group are combined with the OR operator, while the top-level conditions are combined with the AND operator. { "query": { ... "filter": [ [ { "field": "propName1", "condition": ">=", "value": 10 }, { "field": "propName1", "value": 1, "operator": "or" } ], { "field": "propName3", "condition": "isOneOf", "value": ["DPI", "NIC", "CC"] }, { "field": "propName4", "condition": ">=", "value": "2020-10-27T17:32:25.806Z" } ] } } |
Array of objects (ColumnOrderDto) Nullable Sorting parameters.
| |
offset | integer <int32> [ 0 .. 2147483647 ] Nullable Zero-based index of the item in the full list from which the sorting must begin.
|
limit | integer <int32> [ 0 .. 1000 ] Nullable Maximum number of items in the results.
|
{- "filter": [
- {
- "field": "Id",
- "condition": ">",
- "value": 12370
}, - {
- "field": "Origin",
- "condition": "isOneOf",
- "value": "['User']"
}
], - "sort": [
- {
- "column": "Id",
- "direction": "Asc",
- "nullsBehaviour": null
}
], - "offset": 200,
- "limit": 100
}
{- "offset": 200,
- "limit": 100,
- "values": [
- {
- "assetId": 2345,
- "assetName": "Schneider Electric Modicon Momentum",
- "assetAddress": "1.0.0.0",
- "assetGroup": "Group 1",
- "protocol": "Modbus TCP",
- "protocolStackId": 2,
- "assetProtocolId": 1,
- "name": "Tag",
- "id": 1,
- "favourite": true,
- "measureUnit": "kgs/cm2",
- "description": "Tag Description",
- "address": "{\"area\": \"HoldingRegisters\", \"address\": \"123\"}",
- "origin": "User",
- "scaling": {
- "scalable": false,
- "inputMinimum": 0,
- "inputMaximum": 1024,
- "outputMinimum": 0,
- "outputMaximum": 10
}, - "operativeParameters": "{\"d\":{\"type\":{\"n\":\"ValueType\",\"s\":\"Float\",\"t\":\"e\",\"v\":1},\"value\":{\"t\":\"d\",\"v\":0.14147095680236816,\"x\":1}},\"n\":\"Float\"}",
- "registrationTimestamp": "2024-09-12T10:16:55.870566+00:00",
- "timeSinceLastTagReadMs": 1000,
- "timeSinceLastTagWriteMs": 5000,
- "tagDataType": "Int16"
}
]
}
id required | integer <int64> >= 1 ID of the requested event. |
version required | string |
{- "assetId": 2345,
- "assetName": "Schneider Electric Modicon Momentum",
- "assetAddress": "1.0.0.0",
- "assetGroup": "Group 1",
- "protocol": "Modbus TCP",
- "protocolStackId": 2,
- "assetProtocolId": 1,
- "name": "Tag",
- "id": 1,
- "favourite": true,
- "measureUnit": "kgs/cm2",
- "description": "Tag Description",
- "address": "{\"area\": \"HoldingRegisters\", \"address\": \"123\"}",
- "origin": "User",
- "scaling": {
- "scalable": false,
- "inputMinimum": 0,
- "inputMaximum": 1024,
- "outputMinimum": 0,
- "outputMaximum": 10
}, - "operativeParameters": "{\"d\":{\"type\":{\"n\":\"ValueType\",\"s\":\"Float\",\"t\":\"e\",\"v\":1},\"value\":{\"t\":\"d\",\"v\":0.14147095680236816,\"x\":1}},\"n\":\"Float\"}",
- "registrationTimestamp": "2024-09-12T10:16:55.8742351+00:00",
- "timeSinceLastTagReadMs": 1000,
- "timeSinceLastTagWriteMs": 5000,
- "tagDataType": "Int16"
}
Information about the state of technologies.
You can get information about the state of technologies using the technologies API methods.
version required | string |
nodeId | string |
monitoringPointId | integer <int64> |
[- {
- "type": "Ids",
- "name": "Arpspoofing",
- "enabled": true,
- "mode": "NotSupported",
- "status": "Ok",
- "errorMessage": "",
- "learningExpiration": "2024-09-14T12:16:55.8879182+00:00"
}, - {
- "type": "Am",
- "name": "AttributeDiscovery",
- "enabled": true,
- "mode": "NotSupported",
- "status": "InProgress",
- "errorMessage": "",
- "learningExpiration": "2024-09-14T12:16:55.8879189+00:00"
}, - {
- "type": "Nic",
- "name": "NetworkIntegrityControl",
- "enabled": true,
- "mode": "Learning",
- "status": "Error",
- "errorMessage": "Something wrong",
- "learningExpiration": "2024-09-14T12:16:55.8879192+00:00"
}
]