KSC Open API
13.1
Kaspersky Security Center API description
|
Format of rule settings in KSC Console:
+---KLHST_MR_Custom (PARAMS_T) | +---CpuArch = (INT_T)2 - OS Architecture. KLHST_WKS_CPU_ARCH | +---HRULE_ALIEN = (INT_T)1 - Computer is managed by other KSCServer. See \ref ak_hst_attributes "KLHST_MANAGED_OTHER_SERVER". Values: 0 - ignored, 1 - Yes, 2 - No. | +---HRULE_CON_IP_RANGE_FROM = (LONG_T)10 - IP interval start. See KLHST_WKS_CONNECT_IP_LONG | +---HRULE_CON_IP_RANGE_TO = (LONG_T)20 - IP interval end. See KLHST_WKS_CONNECT_IP_LONG | +---HRULE_FROM_UNASSIGNED = (BOOL_T)true - If true then move only unassigned computers | +---HRULE_INCLUDE_CHILD_OU = (BOOL_T)false - Include child AD OU if true | +---HRULE_IP_RANGE_FROM = (LONG_T)1 - IP interval start. See KLHST_WKS_IP_LONG | +---HRULE_IP_RANGE_TO = (LONG_T)10 - IP interval end. See KLHST_WKS_IP_LONG | +---HRULE_NAGENT_STATUS = (INT_T)1 - Values: 0 - not set, 1 - Network Agent installed ("KLHST_WKS_STATUS & 0x00000004 <> 0"), 2 - Network Agent not installed ("KLHST_WKS_STATUS & 0x00000004 = 0") | +---HRULE_OS_VERSIONS (ARRAY_T) - See Mapping of OS version index to the host's search attributes in \ref ak_srvview_host_tags_rules | | +---0 = (INT_T)12 | | +---1 = (INT_T)24 | | +---2 = (INT_T)33 | | +---3 = (INT_T)13 | | +---4 = (INT_T)0 | +---HRULE_ROAMING_STATUS = (INT_T)1 - Values: 0 - not set, 1 - Roaming mode active ("KLHST_WKS_STATUS & 0x00000020 <> 0"), 2 - Roaming mode inactive ("KLHST_WKS_STATUS & 0x00000020 = 0") | +---HRULE_TAG = (STRING_T)"ConnProd" - list of tags divided by "\n" | +---HRULE_TAG_EXCLUDE = (BOOL_T)true - tags exclusion flag | +---HRULE_TAG_OR = (BOOL_T)true - if true tags combined by logical OR otherwise by logical AND | +---HRULE_USER_CERT_INSTALLED = (INT_T)1 - Values: 0 - not set, 1 - Certificate installed ("KLHST_MOB_HAS_OWNER_CERT <> 0"), 2 - Certificate not installed ("KLHST_MOB_HAS_OWNER_CERT = 0") | +---HRULE_USE_CON_IP_RANGE = (BOOL_T)true - true if HRULE_CON_IP_RANGE_FROM, HRULE_CON_IP_RANGE_TO are set or false if it is ignored | +---HRULE_USE_IP_RANGE = (BOOL_T)true - true if HRULE_IP_RANGE_FROM, HRULE_IP_RANGE_TO are set or false if it is ignored | +---KLDPNS_ID = (INT_T)1 - See KLDPNS_ID | +---HRULE_INCLUDE_CHILD_OU = (BOOL_T)true - Include child AD OU if true | +---KLHST_AD_GROUP = (INT_T)16416 - See KLHST_AD_GROUP | +---KLHST_AD_ORGUNIT or KLHST_AD_ORGUNIT_GP = (INT_T)1923 - See KLHST_AD_ORGUNIT (if HRULE_INCLUDE_CHILD_OU == false) or KLHST_AD_ORGUNIT_GP (if HRULE_INCLUDE_CHILD_OU == true) | +---KLHST_WKS_DNSDOMAIN = (STRING_T)"dnsdomain" - See KLHST_WKS_DNSDOMAIN | +---KLHST_WKS_DNSNAME = (STRING_T)"dnsname" - See KLHST_WKS_DNSNAME | +---KLHST_WKS_WINDOMAIN = (STRING_T)"windomain" - See KLHST_WKS_WINDOMAIN | +---KLHST_WKS_WINHOSTNAME = (STRING_T)"comp" - See KLHST_WKS_WINHOSTNAME | +---OsBuild=(INT)16233 - OS Build number (KLHST_WKS_OS_BUILD_NUMBER=16233) | +---OsBuildCond=(INT)0 - OS Build number comparison condition (0-equal, 1-not equal, 2-greater, 3-less) | +---OsRelease=(INT)1700 - OS Release ID (KLHST_WKS_OS_RELEASE_ID<>1700) | +---OsReleaseCond=(INT)1 - OS Release ID comparison condition (0-equal, 1-not equal, 2-greater, 3-less) | +---OsSp = (STRING_T)"1.2" - OS Service pack version in format "Major.[Minor]". See KLHST_WKS_OSSP_VER_MAJOR, KLHST_WKS_OSSP_VER_MINOR | +---PartVDI = (INT_T)1 - Computer is dynamic virtual machine as a part of VDI (0 - ignore, 1 - yes, 2 - no). See HST_VM_VDI | +---VM = (INT_T)1 - Computer is virtual machine (0 - ignore, 1 - yes, 2 - no). See HST_VM_VDI | +---VMType = (INT_T)3 - Virtual machine type. See HST_VM_TYPE | +---cloud_azone = (STRING_T)"cloud zone" - Cloud host availability zone, STRING_T. See KLHST_CLOUD_HOST_AVAILABILITYZONE | +---cloud_pgroup = (STRING_T)"cloud group" - Cloud host Placement Group, STRING_T. See KLHST_CLOUD_HOST_PLACEMENTGROUP | +---cloud_subnet = (STRING_T)"cloud subnet" - Cloud host subnet, STRING_T. See KLHST_CLOUD_HOST_SUBNET | +---cloud_type = (INT_T)1 - Cloud type. See \ref akqrs_cloud_type and \ref ak_hst_attributes_srchonly "KLHST_CLOUD_HOST_TYPE" | +---search_in_subclouds = (BOOL_T)true - Search in cloud subcontainers. See \ref ak_hst_attributes_srchonly "KLHST_CLOUD_CONTAINER_GP" - Part of query string from "General" gui page | +---HRULE_QUERY_PART1 = (STRING_T)"(KLHST_WKS_FROM_UNASSIGNED<>0)" - Part of query string from "Network" gui page | +---HRULE_QUERY_PART2 = (STRING_T)"(KLHST_WKS_WINHOSTNAME="device")(KLHST_WKS_WINDOMAIN="win_domain")(KLHST_WKS_DNSNAME="dns_name")(KLHST_WKS_DNSDOMAIN="dns_domain")(&(KLHST_WKS_IP_LONG>=1)(KLHST_WKS_IP_LONG<=10))(&(KLHST_WKS_CONNECT_IP_LONG>=10)(KLHST_WKS_CONNECT_IP_LONG<=20))(KLDPNS_ID=1)(KLHST_WKS_GROUPID=4)(KLHST_WKS_STATUS&32<>0)(KLHST_MANAGED_OTHER_SERVER<>0)" - Part of query string from "Applications" gui page | +---HRULE_QUERY_PART3 = (STRING_T)"(|(KLHST_WKS_PTYPE=7)(KLHST_WKS_PTYPE=13)(KLHST_WKS_PTYPE=16)(KLHST_WKS_PTYPE=6)(&(KLHST_WKS_OS_VER_MAJOR=4)(KLHST_WKS_OS_VER_MINOR=0)(KLHST_WKS_CTYPE & 4194304 = 4194304)))(KLHST_WKS_STATUS&4<>0)(KLHST_MOB_HAS_OWNER_CERT<>0)(KLHST_WKS_CPU_ARCH=2)(KLHST_WKS_OS_BUILD_NUMBER=3)(KLHST_WKS_OS_RELEASE_ID=1000)" - Part of query string from "Active Directory" gui page | +---HRULE_QUERY_PART4 = (STRING_T)"" - Part of query string from "Virtual machines" gui page | +---HRULE_QUERY_PART5 = (STRING_T)"(&(HST_VM_TYPE<>2)(HST_VM_TYPE<>0)(HST_VM_VDI<>0)(HST_VM_TYPE=7))" - Part of query string from "Tags" gui page | +---HRULE_QUERY_PART6 = (STRING_T)"(|(KLHST_INCLUDED_WKS_TAG_NAME<>"ConnProd"))" - Part of query string from "Cloud segments" gui page | +---HRULE_QUERY_PART7 = (STRING_T)"(KLHST_CLOUD_CONTAINER_GP=0x00000000000000000000000000000000)(KLHST_CLOUD_HOST_TYPE=1)(KLHST_CLOUD_HOST_AVAILABILITYZONE="cloud zone")(KLHST_CLOUD_HOST_PLACEMENTGROUP="cloud group")(KLHST_CLOUD_HOST_SUBNET="cloud subnet")"