List of statistics dashboards types and attributes

Depending on the dashboard type, some input parameters should be present in the dashboard request parameters. The following parameters are common for all supported dashboard types:

• "KLRPT_DSH_TYPE" - Integer - Dashboard type. Required.
• "id" - Integer - Dashboard scope administration group ID.
• "KLRPT_QUERY_ID" - Integer - Hosts query identity if dashboard is created for a hosts query. Must be <= 0 or absent if the dashboard is created for a group.
• "bIncludeVS" - Boolean - True if data from Virtual Servers is included. Optional. The default value is true.
• "KLPPT_StatFinishTime" - Time - Finish time, for histogram and diagram dashboards. Statistics building time is used if the parameter is less than 0 or absent.
• "KLPPT_StatPeriodInSec" - Integer - Period of time to monitor in seconds, for histogram and diagram dashboards (used to calculate KLPPT_StatStartTime = KLPPT_StatFinishTime - KLPPT_StatPeriodInSec if KLPPT_StatStartTime is less than 0 or absent). Must be less than 0 or absent if "KLPPT_StatStartTime" is used.
• "KLPPT_StatStartTime" - Time - Start time, for histogram and diagram dashboards. Must be invalid or absent if "KLPPT_StatPeriodInSec" is used.
  Other input attributes are specific for certain dashboard types and are described below on this page.

Each result dashboard entry container contains all the input attributes specified in the request and some specific output attributes. Depending on the KLRPT_DSH_TYPE value, the output attributes may be placed directly in the root of the container, or inside the parameter DSHT_DATA that is a (paramArray) of (paramParams).

Here is the full list of supported dashboard types (specified by the KLRPT_DSH_TYPE value), their specific input and output parameters.

KLRPT_DSH_TYPE	Type	Meaning	Computer scope support	Time period support	Input parameters	Output data placement	Output parameters
1	Histogram	Distribution of the event in time.	Yes	Yes	"product_name" (paramString) - Product name. See List of KLHST_WKS_PRODUCT_NAME and KLHST_WKS_PRODUCT_VERSION values for some products. "product_version" (paramString) - Product version. See List of KLHST_WKS_PRODUCT_NAME and KLHST_WKS_PRODUCT_VERSION values for some products. "event_type" (paramString) - Event type. See List of event attributes for event types. "GNRL_EA_SEVERITY" (paramInt) - See List of event attributes for event severities.	DSHT_DATA entries	"tmStart" (paramDateTime) - Beginning of the time interval. "tmFinish" (paramDateTime) - End of the time interval. "nCount" (paramInt) - Number of events published during the interval.
2	Histogram	Distribution of virus activity in time.	Yes	Yes	"bUseEvents" (paramBool) - Use "GNRL_EV_VIRUS_FOUND" events instead of using virus activity report. Default and recommended value is false.	DSHT_DATA entries	"tmStart" (paramDateTime) - beginning of the time interval, "tmFinish" (paramDateTime) - End of the time interval. "nCount" (paramInt) - Number of threat detections during the interval.
3	Histogram	Distribution of virus activity on corresponding products in time.	Yes	Yes	"bUseEvents" (paramBool) - Use "GNRL_EV_VIRUS_FOUND" events instead of using virus activity report. Default and recommended value is false.	DSHT_DATA entries	"tmStart" (paramDateTime) - Beginning of the time interval. "tmFinish" (paramDateTime) - End of the time interval. "nAvpPrdType" (paramInt) - Types of security (anti-virus) products. "nCount" (paramInt) - Number of threat detections by products of the nAvpPrdType type during the interval.
4	Histogram	Distribution of network attacks in time.	Yes	Yes		DSHT_DATA entries	"tmStart" (paramDateTime) - Beginning of the time interval. "tmFinish" (paramDateTime) - End of the time interval. "nCount" (paramInt) - Number of network attack detections during the interval.
5	Histogram	Distribution of new hosts found in time.	No	Yes		DSHT_DATA entries	"tmStart" (paramDateTime) - Beginning of the time interval. "tmFinish" (paramDateTime) - End of the time interval. "nCount" (paramInt) - Number of new hosts found during the interval.
6	Histogram	Distribution of states of the specified group task in time.	No	Yes	"KLTSK_GRP_TSK_ID" (paramString) - ID of the group task.	DSHT_DATA entries	"tmStart" (paramDateTime) - Beginning of the time interval. "tmFinish" (paramDateTime) - End of the time interval. "task_new_state" (paramInt) - New task state. See Group task state enum. "nCount" (paramInt) - Number of task states changes to task_new_state during the interval.
7	Histogram	Distribution of number of records in the anti-virus bases on AK server in time.	No	Yes		DSHT_DATA entries	"tmStart" (paramDateTime) - Beginning of the time interval. "tmFinish" (paramDateTime) - End of the time interval. "nCount64" (paramLong) - Number of records in the AV bases on Administration Server by the end of the interval.
8	Histogram	Distribution of anti-virus protection states in time.	No	Yes		DSHT_DATA entries	"tmStart" (paramDateTime) - Beginning of the time interval. "tmFinish" (paramDateTime) - End of the time interval. "nCrtCount" (paramInt) - Number of hosts with the Critical protection status. "nWrnCount" (paramInt) - Number of hosts with the Warning protection status. "nOkCount" (paramInt) - Number of hosts with the OK protection status.
9	Histogram	Distribution of number of suspicious objects in time.	Yes	Yes		DSHT_DATA entries	"tmStart" (paramDateTime) - Beginning of the time interval. "tmFinish" (paramDateTime) - End of the time interval. "nCount" (paramInt) - Number of suspicious objects detected during the time interval.
10	Histogram	Distribution of number of objects added into quarantine in time.	Yes	Yes		DSHT_DATA entries	"tmStart" (paramDateTime) - Beginning of the time interval. "tmFinish" (paramDateTime) - End of the time interval. "nCount" (paramInt) - Number of objects added into quarantine during the time interval.
11	Diagram	Viruses and curing result.	Yes	Yes		DSHT_DATA entries	"nVirType" (paramInt) - Threat types enum. "nVirRslt" (paramInt) - Threat curing result enum. "nCount" (paramInt) - Number of detects with a given curing result.
12	Diagram	Viruses and products.	Yes	Yes		DSHT_DATA entries	"nAvpPrdType" (paramInt) - Types of security (anti-virus) products. "nVirType" (paramInt) - Threat types enum. "nCount" (paramInt) - Number of detects.
13	Diagram	Curing result and products.	Yes	Yes		DSHT_DATA entries	"nAvpPrdType" (paramInt) - Types of security (anti-virus) products. "nVirRslt" (paramInt) - Threat curing result enum. "nCount" (paramInt) - Number of detects with a given curing result.
14	Diagram	Most infected computers.	Yes	Yes		DSHT_DATA entries	"wstrInternalName" (paramString) - Host GUID. "wstrName" (paramString) - Host name. "nCount" (paramInt) - Number of detects.
15	Diagram	Most infecting users.	Yes	Yes		DSHT_DATA entries	"wstrName" (paramString) - User name. "nCount" (paramInt) - Number of detects.
16	Diagram	Most infected groups.	Yes	Yes		DSHT_DATA entries	"nId" (paramInt) - Administration group ID. "wstrName" (paramString) - Administration group name. "nCount" (paramInt) - Number of detects.
17	Diagram	Most infected domains.	Yes	Yes		DSHT_DATA entries	"wstrName" (paramString) - Domain name. "nCount" (paramInt) - Number of detects.
18	Diagram	Most widespread viruses.	Yes	Yes		DSHT_DATA entries	"wstrName" (paramString) - Threat (virus) name. "nCount" (paramInt) - Number of detects.
19	Diagram	Most widespread uncured viruses.	Yes	Yes		DSHT_DATA entries	"wstrName" (paramString) - Threat (virus) name. "nCount" (paramInt) - Number of detects.
20	Diagram	Current state of the most anti-virus protection (number of hosts with the status Critical, Warning, and OK).	Yes	No		Root	"nCrtCount" (paramInt) - Number of hosts with the Critical protection status. "nWrnCount" (paramInt) - Number of hosts with the Warning protection status. "nOkCount" (paramInt) - Number of hosts with the OK protection status.
21	Diagram	Distribution of installed protection (anti-virus) products versions by versions.	Yes	No	"product_name" (paramString) - Product name. See List of KLHST_WKS_PRODUCT_NAME and KLHST_WKS_PRODUCT_VERSION values for some products. "product_version" (paramString) - Product version. See List of KLHST_WKS_PRODUCT_NAME and KLHST_WKS_PRODUCT_VERSION values for some products.	DSHT_DATA entries	"wstrName" (paramString) - Product name. "nCount" (paramInt) - Number of installations.
22	Diagram	Distribution of anti-virus bases versions on hosts (5 counters: actual, 1 day old, 3-days old, 7-days old, and more than 7 days old).	Yes	No		Root	"nCountActual" (paramInt) - Number of installed products with actual bases (same as on Administration Server or newer). "nCountDay" (paramInt) - Number of installed products with obsolete bases released last 24 hours. "nCount3Days" (paramInt) - Number of installed products with obsolete bases released last 3 days. "nCount7Days" (paramInt) - Number of installed products with obsolete bases released last 7 days. "nCountOld" (paramInt) - Number of installed products with obsolete bases released more than 7 days ago.
23	Diagram	Distribution of errors.	Yes	Yes		DSHT_DATA entries	"wstrName" (paramString) - Error description. "nCount" (paramInt) - Number of errors.
24	Diagram	Distribution of RTP current state.	Yes	No		DSHT_DATA entries	"nLastRtpState" (paramInt) - RTP state. See KLHST_WKS_RTP_STATE. "nCount" (paramInt) - Number of hosts with the given RTP state.
25	Diagram	Distribution of network attack types.	Yes	Yes		DSHT_DATA entries	"wstrName" (paramString) - Network attack. "nCount" (paramInt) - Attacks count.
26	Diagram	License usage.	Yes	No		DSHT_DATA entries	"wstrName" (paramString) - License serial number. "nCount" (paramInt) - Number of usages. "nLimit" (paramInt) - Usage limit.
27	Diagram	Current state of AK server update task.	No	No		Root	"task_new_state" (paramInt) - Current task state. See Group task state enum. "rise_time" (paramDateTime) - Time of the state change. "GNRL_EA_DESCRIPTION" (paramString) - State description. "GNRL_COMPLETED_PERCENT" (paramInt) - Completion percent.
28	Diagram	Current state of AK server backup task.	No	No		Root	"task_new_state" (paramInt) - Current task state. See Group task state enum. "rise_time" (paramDateTime) - Time of the state change. "GNRL_EA_DESCRIPTION" (paramString) - State description.
29	Diagram	State of secondary servers (number of secondary servers connected, disconnected 10 minutes ago or fewer, hour ago, more than hour ago, or never connected).	No	No		Root	"nOkCount" (paramInt) - Number of online secondary servers (with active connection). "nCountMinutesAgo" (paramInt) - Number of secondary servers last connected a minute ago. "nCountHourAgo" (paramInt) - Number of secondary servers last connected an hour ago. "nCount24hAgo" (paramInt) - Number of secondary servers last connected 24 hours ago. "nCountLongAgo" (paramInt) - Number of secondary servers last connected more than 24 hours ago. "nNeverConnected" (paramInt) - Number of never connected secondary servers.
30	Diagram	State of the primary server connection.	No	No		Root	"nType" (paramInt) - 0 never connected, 1 - online (connected), 2 - disconnected. "tmLastConnectionTime" (paramDateTime) - Last successful connection time.
31	Diagram	State of the anti-viral protection deployment (number of hosts with Network Agent and anti-virus, Network Agent only, or nothing).	Yes	No		Root	"nOkCount" (paramInt) - Number of hosts waving both Network Agent and RTP-product installed. "nWrnCount" (paramInt) - Number of hosts waving just Network Agent installed. "nCrtCount" (paramInt) - Number of hosts without Network Agent installed.
32	Histogram	Network traffic history.	No	Yes	"KLDSH_DIR_MASK" (paramInt) - Traffic type bitmask. Bit 0 means incoming traffic, bit 1 means outgoing traffic.	DSHT_DATA entries	"tmStart" (paramDateTime) - Beginning of the time interval. "tmFinish" (paramDateTime) - End of the time interval. "nCount64" (paramLong) - Traffic (KB).
33	Histogram	Network traffic history with maximum, average and latest values.	No	Yes	"KLDSH_DIR_MASK" (paramInt) - Traffic type bitmask. Bit 0 means incoming traffic. Bit 1 means outgoing traffic.	DSHT_DATA entries	"tmStart" (paramDateTime) - Beginning of the time interval. "tmFinish" (paramDateTime) - End of the time interval. nMax, nMean, nCount
34	Histogram	Connections history.	No	Yes		DSHT_DATA entries	"tmStart" (paramDateTime) - Beginning of time interval. "tmFinish" (paramDateTime) - End of the time interval. nCount64
35	Histogram	Connections history with maximum, average and latest values.	No	Yes		DSHT_DATA entries	"tmStart" (paramDateTime) - Beginning of the time interval. "tmFinish" (paramDateTime) - End of the time interval. "nMax" (paramInt) - Maximal number of existing connections during the interval. "nMean" (paramInt) - Mean number of existing connections during the interval. "nCount" (paramInt) - Number of existing connections by the end of the interval.
36	Histogram	Active connections history.	No	Yes		DSHT_DATA entries	"tmStart" (paramDateTime) - Beginning of the time interval. "tmFinish" (paramDateTime) - End of the time interval. "nMax" (paramInt) - Maximal number of new connections during the interval. "nMean" (paramInt) - Mean number of new connections during the interval. "nCount" (paramInt) - Number of new connections by the end of the interval.
37	Diagram	Statistics of distribution points connected during the latest half an hour, hour, 24 hours, or more than 24 hours.	No	No		Root	"nOkCount" (paramInt) - Number of distribution points connected during the latest half an hour, hour, 24 hours, or more than 24 hours. "nCountHourAgo" (paramInt) - Number of distribution points connected during the latest half an hour, hour, 24 hours, or more than 24 hours. "nCount24hAgo" (paramInt) - Number of distribution points connected during the latest half an hour, hour, 24 hours, or more than 24 hours. "nCountLongAgo" (paramInt) - Number of distribution points connected during the latest half an hour, hour, 24 hours, or more than 24 hours.
38	Diagram	Most infected virtual servers.	Yes	Yes		DSHT_DATA entries	"KLVSRV_ID" (paramInt) - Virtual server ID. 0 means "Main server". "wstrName" (paramString) - Virtual server name. "nCount" (paramInt) - Number of virtual servers.
39	Diagram	Distribution of hosts with the specified status on virtual servers.	No	No	"nType" (paramInt) - Traffic type bitmask. Bit 0 means status critical, bit 1 means status warning, bit 2 means the OK status.	DSHT_DATA entries	"KLVSRV_ID" (paramInt) - Virtual server ID. 0 means "Main server". "wstrName" (paramString) - Virtual server name. "nCount" (paramInt) - Number of hosts with the given hosts statuses.
40	Diagram	Distribution of hosts with different vulnerability status (critical, high, warning, none).	Yes	No	"bIgnoreVulnerabilitiesWithNoFixes" (paramBool) - Ignore vulnerabilities that cannot be fixed by a patch installation. Default is true.	DSHT_DATA entries	"nCrtCount" (paramInt) - Number of critically-vulnerable hosts. "nHiCount" (paramInt) - Number of high-vulnerable hosts. "nWrnCount" (paramInt) - Number of warning vulnerable hosts. "nOkCount" (paramInt) - Number of non-vulnerable hosts.
41	Diagram	Distribution of last WUA search times.	Yes	No		DSHT_DATA entries	"nLimit" (paramInt) - maximal number of days within which WUA search performed, 0 means "any"; "nLimit2" (paramInt) - minimal number of days within which WUA search performed, 0 means "any"; "nCount" (paramInt) - number of hosts having ran WUA from nLimit days ago to "nLimit2" days ago, nLimit < "nLimit2";
42	Diagram	Distribution of the most frequently denied files. Contains the top frequently denied files. If the number of files exceeds a limit, the data of other files is aggregated into an additional single entry.	Yes	Yes		DSHT_DATA entries	"wstrName" (paramString) - Denied file name. Absent in the extra aggregating entry. "nCount" (paramInt) - Number of denied launches. "nFileId" (paramLong) - File identity in the KSC database. 0 for additional aggregated entry.
43	Diagram	Hosts encryption statistics	Yes	No		DSHT_DATA entries	"nType" (paramInt) - Encryption status. See Encryption state enum. "nCount" (paramInt) - Number of hosts that have the given encryption status.
44	Diagram	Removable storages encryption statistics.	Yes	No		DSHT_DATA entries	"nType" (paramInt) - Encryption status. See Encryption state enum. "nCount" (paramInt) - Number of devices that have the given encryption status.
45	Diagram	Updates count by installation state for the given period of time.	Yes	Yes		DSHT_DATA entries	"nType" (paramInt) - Update installation status. "nCount" (paramInt) - Number of updates having given installation status on some computers.
46	Diagram	Updates count by installation state and classification for the given period of time.	Yes	Yes	"arrUpdInstallationStates" (paramArray) of (paramInt) - Array of interesting installation statuses (KLVAPM::UpdateInstallationState).	DSHT_DATA entries	"nType" (paramInt) - Update installation status. "nType2" (paramInt) - Update classification. "nCount" (paramInt) - Number of updates that have the specified status.
47	Diagram	Installed (or failed) updates count by installation result and classification for the given period of time.	Yes	Yes		DSHT_DATA entries	"nType" (paramInt) - Update installation status. "nType2" (paramInt) - Update classification (KLWUS::CategoryType). "nCount" (paramInt) - Number of updates that have the specified status.
48	Histogram	Events distribution (by condition)	Yes	Yes	"arrEvDescr" (paramArray) of (paramParams) - Set of filters that determine series of data. Each entry may include the following parameters: --"strEvAlias" (paramString) - Event alias (to be shown in legend, etc. May be based on event type display name, product name, etc.). --"product_name" (paramString) - Internal product name (may be absent or be empty). See List of KLHST_WKS_PRODUCT_NAME and KLHST_WKS_PRODUCT_VERSION values for some products. --"product_version" (paramString) - Internal product version (may be absent or empty). See List of KLHST_WKS_PRODUCT_NAME and KLHST_WKS_PRODUCT_VERSION values for some products. --"GNRL_EA_SEVERITY" (paramInt) - Event severity. See List of event attributes - (may be absent or <= 0 - for all severities). --"event_type" (paramString) - Event type. See List of event attributes for event types (may be absent or empty). --"task_new_state" (paramInt) - Task state (for events of the type "KLPRCI_TaskState"). May be absent or <= 0 for all states (1 - Task running, 2 - Task suspended, 3 - Task failed, 4 - Task completed successfully).	DSHT_DATA entries	"tmStart" (paramDateTime) - Time interval start. "tmFinish" (paramDateTime) - Time interval end. "nType" (paramInt) - Event description index in the "arrEvDescr" array. "nCount" (paramInt) - Events count.
49	Histogram	Amounts of hosts that have a different maximum vulnerability severity (critical, high, warning, none) during some time intervals.	Yes	Yes	"bIgnoreVulnerabilitiesWithNoFixes" (paramBool) - Ignore vulnerabilities that cannot be fixed by a patch installation. Default is true. "bIgnoreVulnerabilitiesFixedByTheEndOfInterval" (paramBool) - Ignore vulnerabilities that were fixed by the end of the time interval. Default is true.	DSHT_DATA entries	"tmStart" (paramDateTime) - Time of the interval start. "tmFinish" (paramDateTime) - Time of the interval end. "nCrtCount" (paramInt) - Number of critically vulnerable hosts. "nHiCount" (paramInt) - Number of highly vulnerable hosts. "nWrnCount" (paramInt) - Number of warning vulnerable hosts.
50	Histogram	Amounts of vulnerability instances with different maximum vulnerability severity (critical, high, warning, none) during some time intervals.	Yes	Yes	"bIgnoreVulnerabilitiesWithNoFixes" (paramBool) - Ignore vulnerabilities that cannot be fixed by a patch installation. Default is true. "bIgnoreVulnerabilitiesFixedByTheEndOfInterval" (paramBool) - Ignore vulnerabilities that were fixed by the end of the time interval. Default is true.	DSHT_DATA entries	"tmStart" (paramDateTime) - Time of the interval start. "tmFinish" (paramDateTime) - Time of the interval end. "nCrtCount" (paramInt) - Number of critical vulnerabilities. "nHiCount" (paramInt) - Number of high-level vulnerabilities. "nWrnCount" (paramInt) - Number of warning-level vulnerabilities.
51	Histogram	Antispam product component statuses distribution on hosts.	Yes	No		DSHT_DATA entries	"nType" (paramInt) - Anti-spam component status. See Product component status. "nCount" (paramInt) - Number of hosts having the specified product component status.
52	Histogram	DLP product component statuses distribution on hosts.	Yes	No		DSHT_DATA entries	"nType" (paramInt) - DLP component status. See Product component status. "nCount" (paramInt) - Number of hosts having the specified product component status.
53	Histogram	Collaboration servers protection status.	Yes	No		DSHT_DATA entries	"nType" (paramInt) - Collaboration servers protection status. See Product component status. "nCount" (paramInt) - Number of collaboration servers that have the specified product component status.
54	Histogram	E-mail anti-virus product component statuses distribution on hosts.	Yes	No		DSHT_DATA entries	"nType" (paramInt) - E-mail anti-virus component status. See Product component status. "nCount" (paramInt) - Number of hosts that have the specified product component status.
55	Histogram	EDR product component statuses distribution on hosts.	Yes	No		DSHT_DATA entries	"nType" (paramInt) - EDR component status. See Product component status. "nCount" (paramInt) - Number of hosts that have the specified product component status.
56	Diagram	Threat detection by product component.	Yes	Yes		DSHT_DATA entries	"nType" (paramInt) - Detection engine type. See Threat detection engine type enum. "wstrName" (paramString) - Detection engine type name (localized string representation of Threat detection engine type enum). "nCount" (paramInt) - Number of detected objects.
57	Diagram	Product component detections by curing results.	Yes	Yes	"nDtctEngine" (paramInt) - Threat detection engine type enum	DSHT_DATA entries	"nType" (paramInt) - Detection engine type. See Threat detection engine type enum. "wstrName" (paramString) - Detection engine type name (localized string representation of Threat detection engine type enum). "nVirRslt" (paramInt) - Threat curing result enum. "nCount" (paramInt) - Number of detected objects.
58	Diagram	Top 10 most frequent events in the KSC database.	No	No		DSHT_DATA entries	"wstrName" (paramString) - Event type. "strEvAlias" (paramString) - Event type display name. "nCount" (paramInt) - Absolute number of specified events in the KSC database. "nMax" (paramInt) - Maximum number of events supported by the KSC database.
59	Histogram	Top 10 most used categories of the cloud services (enabled for KES Cloud mode only).	Yes	Yes		DSHT_DATA entries	"wstrCategoryName" (paramString) - Category of the cloud services. "nCount" (paramInt) - Number of requests to all the cloud services of the category.
60	Diagram	Top 10 most used cloud services of category (enabled for KES Cloud mode only).	Yes	Yes	"wstrCategoryName" (paramString) - Category of the cloud services.	DSHT_DATA entries	"wstrServiceName" (paramString) - Cloud service of the category. "nCount" (paramInt) - Number of requests to all the cloud services of the category.
61	Diagram	Top 10 devices that requested the particular cloud service (enabled for KES Cloud mode only).	Yes	Yes	"wstrCategoryName" (paramString) - Category of the cloud services. "wstrServiceName" (paramString) - Cloud service of the category.	DSHT_DATA entries	"wstrName" (paramString) - Device name that requested the cloud service. "nCount" (paramInt) - Number of requests to the cloud service.
62	Diagram	Top 10 amount of requests to the cloud service from a device (enabled for KES Cloud mode only)	Yes	Yes		DSHT_DATA entries	"wstrName" (paramString) - Device name that requested the cloud service. "nCount" (paramInt) - Number of requests to the cloud service.
63	Diagram	Statistics of detected threats by presence of an incident card (killchain)	Yes	Yes		Root	"nOkCount" (paramInt) - Number of detected threats with incident cards. "nCountOld" (paramInt) - Number of detected threats without incident card.