KSC Open API
Kaspersky Security Center API description
Events notification settings

List of events notification settings is presented below.

NameTypeDescriptionGlobal operation
"KLEVP_ND_SMTP_SERVER"paramStringSMTP server address to be used for email notifications.+
"KLEVP_ND_SMTP_PORT"paramIntSMTP server port.+
"KLEVP_ND_SMTP_TLS_MODE"paramInt

SMTP server data encryption mode:

  • 0 - Do not use TLS
  • 1 - Use TLS if supported by server
  • 2 - Always use TLS, check server certificate validity

+
"KLEVP_ND_SMTP_CA"paramBinaryList of trusted CA certificates to verify SMTP server, PEM format. Used only when KLEVP_ND_SMTP_TLS_MODE = 2.+
"KLEVP_ND_SMTP_TLSVER"paramInt

Force usage of TLS version:

  • 0 - Any supported version
  • 1 - Use only TLS 1.2 and higher

Used only when KLEVP_ND_SMTP_TLS_MODE = 2.

+
"KLEVP_ND_SMS_EMAIL_SMTP_TLS_MODE"paramInt

SMS gateway SMTP server data encryption mode:

  • 0 - Do not use TLS
  • 1 - Use TLS if supported by server
  • 2 - Always use TLS, check server certificate validity

+
"KLEVP_ND_SMS_EMAIL_SMTP_CA"paramBinaryList of trusted CA certificates to verify SMS gateway SMTP server, PEM format. Used only when KLEVP_ND_SMS_EMAIL_SMTP_TLS_MODE = 2.+
"KLEVP_ND_SMS_EMAIL_SMTP_TLSVER"paramInt

Force usage of SMS gateway TLS version:

  • 0 - Any supported version
  • 1 - Use only TLS 1.2 and higher

Used only when KLEVP_ND_SMS_EMAIL_SMTP_TLS_MODE = 2.

+
"KLEVP_ND_EMAIL"paramStringList of email recipients, separated by a comma.
"KLEVP_ND_MESSAGE_TEMPLATE"paramStringTemplate of the message to be sent as email. To see the list of available template substitutions, see Events templates.
"KLEVP_ND_EMAIL_FROM"paramStringSender address.
"KLEVP_ND_EMAIL_SUBJECT"paramStringEmail subject.
"KLEVP_ND_EMAIL_ESMTP_USER"paramStringAccount name to be used for authorization on the SMTP server.+
"KLEVP_ND_EMAIL_ESMTP_PASSWORD"paramStringObsolete: Account password to be used for authorization on the SMTP server.+
"KLEVP_ND_EMAIL_ESMTP_PASSWORD_EX"paramBinaryProtected account password to be used for authorization on the SMTP server (see below).+
"KLEVP_ND_USE_EMAIL"paramBoolUsing emails for notifications; must be false for default settings.

"KLEVP_ND_SMS_TYPE"paramInt

SMS notification type:

  • 0 - Undefined
  • 1 - SMTP SMS gateway
  • 2 - SMS service

"KLEVP_ND_SMS_SERVICE_ID"paramStringUnsupported; must be empty.+
"KLEVP_ND_SMS_RECIPIENTS"paramStringSMS recipients list.
"KLEVP_ND_SMS_TEMPLATE"paramStringSMS message template. To see the list of available template substitutions, see Events templates.
"KLEVP_ND_SMS_EMAIL_TO"paramStringRecipient address to be used for the SMTP SMS gateway.+
"KLEVP_ND_SMS_EMAIL_FROM"paramStringSender address to be used for the SMTP SMS gateway.+
"KLEVP_ND_SMS_SMTP_SERVER"paramStringSMTP SMS gateway server address to be used for SMS notifications.+
"KLEVP_ND_SMS_SMTP_PORT"paramIntSMTP SMS gateway server port to be used for SMS notifications.+
"KLEVP_ND_SMS_EMAIL_SUBJECT"paramStringEmail subject for SMTP messages to be sent to the SMTP SMS gateway.+
"KLEVP_ND_SMS_EMAIL_ESMTP_USER"paramStringAccount name to be used for authorization on the SMTP SMS gateway.+
"KLEVP_ND_SMS_EMAIL_ESMTP_PASSWORD"paramStringObsolete: Account password to be used for authorization on the SMTP SMS gateway.+
"KLEVP_ND_SMS_EMAIL_ESMTP_PASSWORD_EX"paramBinaryProtected account password to be used for authorization on the SMTP SMS gateway (see below).+
"KLEVP_ND_USE_SMS"paramBoolUsing SMS for notifications. Must be false for default settings.+
"KLEVP_ND_EVETN_TYPE"paramStringEvent type (e.g., "GNRL_EV_VIRUS_FOUND" or "KLPRCI_TaskState").
"KLEVP_ND_NET_SEND"paramStringObsolete. Must be empty or not present.
"KLEVP_ND_USE_NET_SEND"paramBoolObsolete. Must be set to false or not present.+
"KLEVP_ND_SCRIPT"paramStringScript to be run as event notification.+
"KLEVP_ND_USE_SCRIPT"paramBoolNotify on event by running the script. The script itself (KLEVP_ND_SCRIPT) can be set in the same parameters; otherwise, default parameters for the server are used.+
"KLEVP_ND_DAYS_TO_STORE_EVENT"paramIntNumber of days to store events in the Administration Server database.
"KLEVP_ND_STORE_AT_SERVER_LOG"paramBoolStore events in Kaspersky Event Log on Administration Server.
"KLEVP_ND_STORE_AT_CLIENT_LOG"paramBoolStore events in Kaspersky Event Log on the client device.
"KLEVP_ND_STORE_AT_CLIENT_PRES"paramBoolObsolete parameter - must be set to false or not present.
"KLEVP_ND_BODY_FILTER"paramParamsEvent body filter. This rule will be applied to an event, if its body matches the filter.
"KLEVP_ND_USE_SNMP"paramBoolNotify on events by SNMP.+
"KLEVP_ND_SMS_LIMIT"paramIntLimitation on the number of SMS notifications.+
"KLEVP_ND_RESOLVE_MX"paramBoolUse MX record lookup when email notification is enabled (meaningful only when KLEVP_ND_USE_EMAIL is set to true). When enabled, KLEVP_ND_SMTP_SERVER is interpreted as a domain name which is to be resolved.+
"KLEVP_ND_USE_SYSLOG"paramBoolNotify on events by exporting to SysLog.+

As an alternative to user credentials (i.e. "KLEVP_ND_EMAIL_ESMTP_USER" and "KLEVP_ND_EMAIL_ESMTP_PASSWORD"), client certificate authentication can be used. When the certificate type is set to 5 (see "KLCERTP::CertificateFunction enum values"), the custom certificate will have higher priority than user's login and password. See Common format for certificate parameters.

Since KSC 12 if some parameters are not set in the settings, such parameters are not changed in the server database. In older KSC, these parameters are saved to the server database with a default value in this case.

Since KSC 12, the global operations rights may be required for some parameters. See Global operation column in table.

Protect password as an encrypted UTF16 string with the server (global) key.

Typical filtering attribute for KLEVP_ND_BODY_FILTER is KLPRCI_newState, which can have one of the following values:

  • 0 - Task in memory is created (just read from disk) at the target computer.
  • 1 - Task in memory is running at the target computer.
  • 2 - Task in memory suspended at the target computer.
  • 3 - Task in memory failed at the target computer.
  • 4 - Task in memory completed at the target computer.
See also: