KSC Open API
Kaspersky Security Center API description
SrvView List of host automatic tagging rules

View name: HostTagsRulesSrvView

NameTypeDescription
"KLHST_HTR_ID"paramIntRule ID.
"KLHST_HTR_DN"paramStringRule display name.
"KLHST_HTR_TagValue"paramStringTag value that will be set by the rule. It is the rule ID.
"KLHST_HTR_Enabled"paramBoolThe attribute accepts true if the rule is turned on.
"KLHST_HTR_Query"paramString

Host filtering expression. See Search filter syntax.

Only filter by the fields listed below.

  • KLHST_WKS_FROM_UNASSIGNED
  • KLHST_NAG_INSTID
  • KLHST_WKS_STATUS
  • KLHST_WKS_WINHOSTNAME
  • KLHST_WKS_WINDOMAIN
  • KLHST_WKS_DNSNAME
  • KLHST_WKS_DNSDOMAIN
  • KLHST_WKS_IP_LONG
  • KLHST_WKS_CONNECT_IP_LONG
  • KLHST_WKS_CTYPE
  • KLHST_WKS_PTYPE
  • KLHST_WKS_OS_VER_MAJOR
  • KLHST_WKS_OS_VER_MINOR
  • KLHST_WKS_OSSP_VER_MAJOR
  • KLHST_WKS_CPU_ARCH
  • KLDPNS_ID
  • KLHST_WKS_GROUPID
  • KLHST_AD_ORGUNIT
  • KLHST_AD_ORGUNIT_GP
  • KLHST_AD_GROUP
  • KLHST_MOB_HAS_OWNER_CERT
  • HST_VM_TYPE
  • HST_VM_VDI
  • KLHST_INVENTORY_PRODUCT_NAME
  • KLHST_INVENTORY_PRODUCT_DISPLAY_VERSION
  • KLHST_INVENTORY_PRODUCT_PUBLISHER

"KLHST_HTR_VServer"paramIntVirtual server ID.
"KLHST_HTR_Custom"paramParamsAny data associated with the rule. It is not analyzed by Administration Server.
"KLHST_HTR_IsDeleted"paramBoolThe parameter accepts true if the rule is marked and will be deleted from the database soon.

Format of the rule settings in KSC Console:

+--- (paramParams)
    +---KLHST_HTR_Custom (paramParams)
    |   +---conditions (paramArray)    - ORed conditions
    |       +---0 (paramParams)        - 1st condition in rule
    |           +---KLHST_HTR_Custom (paramParams)
    |           |   +---CpuArch = (paramInt)3                      - OS Architecture. KLHST_WKS_CPU_ARCH
    |           |   +---HRULE_USE_CON_IP_RANGE = (paramBool)true   - True if HRULE_CON_IP_RANGE_FROM, HRULE_CON_IP_RANGE_TO are set, or false if it is ignored
    |           |   +---HRULE_CON_IP_RANGE_FROM = (paramLong)1     - IP interval start. See KLHST_WKS_CONNECT_IP_LONG
    |           |   +---HRULE_CON_IP_RANGE_TO = (paramLong)255     - IP interval end. See KLHST_WKS_CONNECT_IP_LONG
    |           |   +---HRULE_USE_IP_RANGE = (paramBool)true       - True if HRULE_IP_RANGE_FROM, HRULE_IP_RANGE_TO are set, or false if it is ignored
    |           |   +---HRULE_IP_RANGE_FROM = (paramLong)1         - IP interval start. See KLHST_WKS_IP_LONG
    |           |   +---HRULE_IP_RANGE_TO = (paramLong)222         - IP interval end. See KLHST_WKS_IP_LONG
    |           |   +---HRULE_NAGENT_STATUS = (paramInt)1          - Values: 0 - not set, 1 - Network Agent installed ("KLHST_WKS_STATUS & 0x00000004 <> 0"), 2 - Network Agent is not installed ("KLHST_WKS_STATUS & 0x00000004 = 0")
    |           |   +---HRULE_OS_VERSIONS (paramArray)             - See Mapping of OS version index to the host's search attributes in the table below
    |           |   |   +---0 = (paramInt)14
    |           |   |   +---1 = (paramInt)21
    |           |   |   +---2 = (paramInt)20
    |           |   +---HRULE_ROAMING_STATUS = (paramInt)1         - Values: 0 - not set, 1 - Roaming mode is active ("KLHST_WKS_STATUS & 0x00000020 <> 0"), 2 - Roaming mode is inactive ("KLHST_WKS_STATUS & 0x00000020 = 0")
    |           |   +---HRULE_USER_CERT_INSTALLED = (paramInt)1    - Values: 0 - not set, 1 - Certificate is installed ("KLHST_MOB_HAS_OWNER_CERT <> 0"), 2 - Certificate is not installed ("KLHST_MOB_HAS_OWNER_CERT = 0")
    |           |   +---InventoryDisplayVersion = (paramString)"1.0.0.0"                       - See KLHST_INVENTORY_PRODUCT_DISPLAY_VERSION
    |           |   +---InventoryProductName = (paramString)""ActivePerl 5.8.7 Build 813""     - See KLHST_INVENTORY_PRODUCT_NAME
    |           |   +---InventoryPublisher = (paramString)""AT&T Research Labs.""              - See KLHST_INVENTORY_PRODUCT_PUBLISHER
    |           |   +---KLDPNS_ID = (paramInt)1                            - See KLDPNS_ID
    |           |   +---HRULE_INCLUDE_CHILD_OU = (paramBool)true           - Include child AD OU if true
    |           |   +---KLHST_AD_GROUP = (paramInt)16416                   - See KLHST_AD_GROUP
    |           |   +---KLHST_AD_ORGUNIT or KLHST_AD_ORGUNIT_GP = (paramInt)1923 - See KLHST_AD_ORGUNIT if HRULE_INCLUDE_CHILD_OU == false, or KLHST_AD_ORGUNIT_GP if HRULE_INCLUDE_CHILD_OU == true
    |           |   +---KLHST_WKS_DNSDOMAIN = (paramString)"dnsdomain"     - See KLHST_WKS_DNSDOMAIN
    |           |   +---KLHST_WKS_DNSNAME = (paramString)"dnsname"         - See KLHST_WKS_DNSNAME
    |           |   +---KLHST_WKS_WINDOMAIN = (paramString)"windomain"     - See KLHST_WKS_WINDOMAIN
    |           |   +---KLHST_WKS_WINHOSTNAME = (paramString)"comp"        - See KLHST_WKS_WINHOSTNAME
    |           |   +---OsSp = (paramString)"1.2"                          - OS Service pack version in format "Major.[Minor]". See KLHST_WKS_OSSP_VER_MAJOR, KLHST_WKS_OSSP_VER_MINOR
    |           |   +---PartVDI = (paramInt)1                              - Computer is dynamic virtual machine as a part of VDI (0 - ignore, 1 - yes, 2 - no). See HST_VM_VDI
    |           |   +---VM = (paramInt)1                                   - Computer is virtual machine (0 - ignore, 1 - yes, 2 - no). See HST_VM_VDI
    |           |   +---VMType = (paramInt)3                               - Virtual machine type. See HST_VM_TYPE
    |           |   +---name = (paramString)"New condition"                - Name of condition
    |           |   +---OsBuild=(INT)16233                              - OS Build number (KLHST_WKS_OS_BUILD_NUMBER=16233)
    |           |   +---OsBuildCond=(INT)0                              - OS Build number comparison condition (0-equal, 1-not equal, 2-greater, 3-less)
    |           |   +---OsRelease=(INT)1700                             - OS Release ID (KLHST_WKS_OS_RELEASE_ID<>1700)
    |           |   +---OsReleaseCond=(INT)1                            - OS Release ID comparison condition (0-equal, 1-not equal, 2-greater, 3-less)
    |           |   +---HRULE_ALIEN=(INT)1                              - Computer is managed by other Administration Server. See KLHST_MANAGED_OTHER_SERVER. Values: 0 - ignored, 1 - Yes, 2 - No.
    +---KLHST_HTR_DN = (paramString)"New rule"                             - Name of rule. See KLHST_HTR_DN
    +---KLHST_HTR_Enabled = (paramBool)true                                - See KLHST_HTR_Enabled
    +---KLHST_HTR_Query =                                               - See KLHST_HTR_Query
            (paramString)"(|(&(KLHST_WKS_WINHOSTNAME="comp")(KLHST_WKS_WINDOMAIN="windomain")(KLHST_WKS_DNSNAME="dnsname")(KLHST_WKS_DNSDOMAIN="dnsdomain")(&(KLHST_WKS_IP_LONG>=1)(KLHST_WKS_IP_LONG<=222))(&(KLHST_WKS_CONNECT_IP_LONG>=1)(KLHST_WKS_CONNECT_IP_LONG<=255))(KLDPNS_ID=1)(KLHST_WKS_GROUPID=4)(KLHST_WKS_STATUS&32<>0)(KLHST_AD_ORGUNIT_GP=1923)(KLHST_AD_GROUP=16416)(|(KLHST_WKS_CTYPE & 2048 = 2048)(KLHST_WKS_PTYPE=12)(KLHST_WKS_PTYPE=11))(KLHST_WKS_STATUS&4<>0)(KLHST_MOB_HAS_OWNER_CERT<>0)(&(KLHST_WKS_OSSP_VER_MAJOR=1)(KLHST_WKS_OSSP_VER_MINOR=2))(KLHST_WKS_CPU_ARCH=3)(&(HST_VM_TYPE<>2)(HST_VM_TYPE<>0)(HST_VM_VDI<>0)(HST_VM_TYPE=3))(KLHST_INVENTORY_PRODUCT_NAME="""ActivePerl 5.8.7 Build 813""")(KLHST_INVENTORY_PRODUCT_DISPLAY_VERSION="1.0.0.0")(KLHST_INVENTORY_PRODUCT_PUBLISHER="""AT&T Research Labs.""")))"
    +---KLHST_HTR_TagValue = (paramString)"ss"                             - See KLHST_HTR_TagValue

Mapping of OS version index to the host's search attributes:

HRULE_OS_VERSIONS           KLHST_WKS_PTYPE         KLHST_WKS_CTYPE          KLHST_WKS_OS_VER_MAJOR       KLHST_WKS_OS_VER_MINOR
-------------------------------------------------------------------------------------------------------------------------------
0                           0                       0x00400000               4                            0
1                           0                       0x00400000               4                            10
2                           0                       0x00400000               4                            90
3                           0                       0x00001000               4                            0xFFFFFFFF
4                           0                       0x00001000 | 0x00008000  4                            0xFFFFFFFF
5                           0                       0x00001000               5                            0
6                           0                       0x00001000 | 0x00008000  5                            0
7                           0                       0x00001000 | 0x00008000  5                            2
8                           0                       0x00001000               0xFFFFFFFF                   0xFFFFFFFF
9                           0                       0x00001000               6                            0
10                          0                       0x00001000 | 0x00008000  6                            0
11                          0                       0x00000080               0xFFFFFFFF                   0xFFFFFFFF
12                          7                       0x00002000               0xFFFFFFFF                   0xFFFFFFFF
13                          6                       0x00200000               0xFFFFFFFF                   0xFFFFFFFF
14                          0                       0x00000800               0xFFFFFFFF                   0xFFFFFFFF
15                          8                       0x00001000               0xFFFFFFFF                   0xFFFFFFFF
16                          9                       0x00001000               0xFFFFFFFF                   0xFFFFFFFF
17                          0                       0x00001000               6                            1
18                          0                       0x00001000 | 0x00008000  6                            1
19                          10                      0x00001000               0xFFFFFFFF                   0xFFFFFFFF
20                          11                      0x00001000               0xFFFFFFFF                   0xFFFFFFFF
21                          12                      0x00001000               0xFFFFFFFF                   0xFFFFFFFF
22                          0                       0x00001000               6                            2
23                          0                       0x00001000 | 0x00008000  6                            2
24                          13                      0x00001000               0xFFFFFFFF                   0xFFFFFFFF
25                          14                      0x00001000               0xFFFFFFFF                   0xFFFFFFFF
26                          0                       0x00001000               6                            3
27                          0                       0x00001000 | 0x00008000  6                            3
28                          0                       0x00001000               10                           0
29                          0                       0x00001000 | 0x00008000  10                           0
30                          15                      0x00001000               0xFFFFFFFF                   0xFFFFFFFF
31                          2                       0x00001000               0xFFFFFFFF                   0xFFFFFFFF
    


See also:
List of supported srvviews