|
KSC Open API
13.1
Kaspersky Security Center API description
|
|
KSC Open API
13.1
Kaspersky Security Center API description
|
RptViractSrvViewName srvview.
Caller must specify information presented below in the SrvView's optional parameters. The format is the following:
(paramParams) +--"EDetectionTypeLoc" Localized names of values from EDetectionType enumeration (paramParams) +--"Value" = "Localized value name" (paramString) .... +--"-1" = "Not a virus" (paramString) +--"EDetectionEngineLoc" Localized names of values from EDetectionEngine enumeration (paramParams) +--"Value" = "Localized value name" (paramString) .... +--"11" = "AMSI Protection Provider" (paramString) +--"EDetectionMethodLoc" Localized names of values from EDetectionMethod enumeration (paramParams) +--"Value" = "Localized value name" (paramString) .... +--"6" = "Sandbox" (paramString) +--"EViractResultLoc" Localized names of values from EViractResult enumeration (paramParams) +--"Value" = "Localized value name" (paramString) .... +--"5" = "Blocked" (paramString)
List of attributes is presented below:
| Name | Type | Description |
|---|---|---|
| sResultEvent | paramString | Name of the resulting event, event_type of nEventResult. |
| nEventVirus | paramLong | Virus found event ID, ev_event.nId of event 'GNRL_EV_VIRUS_FOUND'. |
| sDetectionType | paramString | Element from KLEVP::EDetectionType (par8 from nEventVirus). |
| nEventResult | paramLong | Resulting event. ev_event.nId of event 'GNRL_EV_*' is about an action with infected object. 0 means 'old unresolved'. |
| tmVirusFoundTime | DATETIME_T | Virus detection time (event publication time of nEventVirus). |
| sObject | paramString | Infected object name. |
| binObjectHash | paramBinary | MD5 hash of the infected object. |
| sVirusName | paramString | Virus name from nEventVirus. |
| sAction | paramString | Description of the 'nEventResult' event. |
| sAccount | paramString | User name (par7 from nEventVirus). |
| sProductName | paramString | Publisher product name. |
| sProductVersion | paramString | Publisher product version. |
| sProductDisplVersion | paramString | Publisher product display version. |
| sSha256 | paramString | SHA256 hash of the infected object. |
| bLocal | paramBool | The attribute accepts true if the object is local or from the UNC path. |
| bBlacklist | paramBool | "Client verdict" 'KPSN Blacklist'. |
| bHarm | paramBool | The attribute accepts true if the object is really harmful. |
| nEdrDataVersion | paramInt | EDR data version of killchain. |
| sHostDisplName | paramString | Host display name. |
| sWinHostName | paramString | Windows host name. |
| sHostId | paramString | Host ID in 'Hosts'. |
| sHostDnsName | paramString | Host DNS name. |
| sHostAddress | paramString | Host address. |
| nHostIpCon | paramLong | Host connection IP. |
| nHostIpAddress | paramLong | Host IP. |
| sHostComment | paramString | Host comment. |
| nGroupId | paramInt | Host group ID from 'AdmGroups'. |
| sGroupName | paramString | Host group name. |
| bEdrDataVersionNot0 | paramBool | The attribute accepts true if EDR data version of killchain is greater than 0. |
| nVServer | paramInt | Virtual Administration Server ID. 0 is used for the main server. |
| sVServerName | paramString | Virtual Administration Server display name. Empty string for main server. |
| nEViractResult | paramInt | Viract result. See EViractResult enumeration. |
| nEDetectionType | paramInt | Detection type. See EDetectionType enumeration. |
| nDtctEngine | paramInt | Detect engine. Type of the software or hardware tools to detect a malicious action. See EDetectionEngine enumeration. |
| nDtctMethod | paramInt | Detection method of a malicious action (intelligence classes). See EDetectionMethod enumeration. |
| sEViractResultLoc | paramString | Localized nEViractResult. |
| sEDetectionTypeLoc | paramString | Localized nEDetectionType. |
| sDtctEngineLoc | paramString | Localized nDtctEngine. |
| sDtctMethodLoc | paramString | Localized nDtctMethod. |
