|
KSC Open API
Kaspersky Security Center API description
|
|
KSC Open API
Kaspersky Security Center API description
|
View name: HostTagsRulesSrvView
| Name | Type | Description |
|---|---|---|
| "KLHST_HTR_ID" | paramInt | Rule ID. |
| "KLHST_HTR_DN" | paramString | Rule display name. |
| "KLHST_HTR_TagValue" | paramString | Tag value that will be set by the rule. It is the rule ID. |
| "KLHST_HTR_Enabled" | paramBool | The attribute accepts true if the rule is turned on. |
| "KLHST_HTR_Query" | paramString | Host filtering expression. See Search filter syntax. Only filter by the fields listed below.
|
| "KLHST_HTR_VServer" | paramInt | Virtual server ID. |
| "KLHST_HTR_Custom" | paramParams | Any data associated with the rule. It is not analyzed by Administration Server. |
| "KLHST_HTR_IsDeleted" | paramBool | The parameter accepts true if the rule is marked and will be deleted from the database soon. |
Format of the rule settings in KSC Console:
+--- (paramParams) +---KLHST_HTR_Custom (paramParams) | +---conditions (paramArray) - ORed conditions | +---0 (paramParams) - 1st condition in rule | +---KLHST_HTR_Custom (paramParams) | | +---CpuArch = (paramInt)3 - OS Architecture. KLHST_WKS_CPU_ARCH | | +---HRULE_USE_CON_IP_RANGE = (paramBool)true - True if HRULE_CON_IP_RANGE_FROM, HRULE_CON_IP_RANGE_TO are set, or false if it is ignored | | +---HRULE_CON_IP_RANGE_FROM = (paramLong)1 - IP interval start. See KLHST_WKS_CONNECT_IP_LONG | | +---HRULE_CON_IP_RANGE_TO = (paramLong)255 - IP interval end. See KLHST_WKS_CONNECT_IP_LONG | | +---HRULE_USE_IP_RANGE = (paramBool)true - True if HRULE_IP_RANGE_FROM, HRULE_IP_RANGE_TO are set, or false if it is ignored | | +---HRULE_IP_RANGE_FROM = (paramLong)1 - IP interval start. See KLHST_WKS_IP_LONG | | +---HRULE_IP_RANGE_TO = (paramLong)222 - IP interval end. See KLHST_WKS_IP_LONG | | +---HRULE_NAGENT_STATUS = (paramInt)1 - Values: 0 - not set, 1 - Network Agent installed ("KLHST_WKS_STATUS & 0x00000004 <> 0"), 2 - Network Agent is not installed ("KLHST_WKS_STATUS & 0x00000004 = 0") | | +---HRULE_OS_VERSIONS (paramArray) - See Mapping of OS version index to the host's search attributes in the table below | | | +---0 = (paramInt)14 | | | +---1 = (paramInt)21 | | | +---2 = (paramInt)20 | | +---HRULE_ROAMING_STATUS = (paramInt)1 - Values: 0 - not set, 1 - Roaming mode is active ("KLHST_WKS_STATUS & 0x00000020 <> 0"), 2 - Roaming mode is inactive ("KLHST_WKS_STATUS & 0x00000020 = 0") | | +---HRULE_USER_CERT_INSTALLED = (paramInt)1 - Values: 0 - not set, 1 - Certificate is installed ("KLHST_MOB_HAS_OWNER_CERT <> 0"), 2 - Certificate is not installed ("KLHST_MOB_HAS_OWNER_CERT = 0") | | +---InventoryDisplayVersion = (paramString)"1.0.0.0" - See KLHST_INVENTORY_PRODUCT_DISPLAY_VERSION | | +---InventoryProductName = (paramString)""ActivePerl 5.8.7 Build 813"" - See KLHST_INVENTORY_PRODUCT_NAME | | +---InventoryPublisher = (paramString)""AT&T Research Labs."" - See KLHST_INVENTORY_PRODUCT_PUBLISHER | | +---KLDPNS_ID = (paramInt)1 - See KLDPNS_ID | | +---HRULE_INCLUDE_CHILD_OU = (paramBool)true - Include child AD OU if true | | +---KLHST_AD_GROUP = (paramInt)16416 - See KLHST_AD_GROUP | | +---KLHST_AD_ORGUNIT or KLHST_AD_ORGUNIT_GP = (paramInt)1923 - See KLHST_AD_ORGUNIT if HRULE_INCLUDE_CHILD_OU == false, or KLHST_AD_ORGUNIT_GP if HRULE_INCLUDE_CHILD_OU == true | | +---KLHST_WKS_DNSDOMAIN = (paramString)"dnsdomain" - See KLHST_WKS_DNSDOMAIN | | +---KLHST_WKS_DNSNAME = (paramString)"dnsname" - See KLHST_WKS_DNSNAME | | +---KLHST_WKS_WINDOMAIN = (paramString)"windomain" - See KLHST_WKS_WINDOMAIN | | +---KLHST_WKS_WINHOSTNAME = (paramString)"comp" - See KLHST_WKS_WINHOSTNAME | | +---OsSp = (paramString)"1.2" - OS Service pack version in format "Major.[Minor]". See KLHST_WKS_OSSP_VER_MAJOR, KLHST_WKS_OSSP_VER_MINOR | | +---PartVDI = (paramInt)1 - Computer is dynamic virtual machine as a part of VDI (0 - ignore, 1 - yes, 2 - no). See HST_VM_VDI | | +---VM = (paramInt)1 - Computer is virtual machine (0 - ignore, 1 - yes, 2 - no). See HST_VM_VDI | | +---VMType = (paramInt)3 - Virtual machine type. See HST_VM_TYPE | | +---name = (paramString)"New condition" - Name of condition | | +---OsBuild=(INT)16233 - OS Build number (KLHST_WKS_OS_BUILD_NUMBER=16233) | | +---OsBuildCond=(INT)0 - OS Build number comparison condition (0-equal, 1-not equal, 2-greater, 3-less) | | +---OsRelease=(INT)1700 - OS Release ID (KLHST_WKS_OS_RELEASE_ID<>1700) | | +---OsReleaseCond=(INT)1 - OS Release ID comparison condition (0-equal, 1-not equal, 2-greater, 3-less) | | +---HRULE_ALIEN=(INT)1 - Computer is managed by other Administration Server. See KLHST_MANAGED_OTHER_SERVER. Values: 0 - ignored, 1 - Yes, 2 - No. +---KLHST_HTR_DN = (paramString)"New rule" - Name of rule. See KLHST_HTR_DN +---KLHST_HTR_Enabled = (paramBool)true - See KLHST_HTR_Enabled +---KLHST_HTR_Query = - See KLHST_HTR_Query (paramString)"(|(&(KLHST_WKS_WINHOSTNAME="comp")(KLHST_WKS_WINDOMAIN="windomain")(KLHST_WKS_DNSNAME="dnsname")(KLHST_WKS_DNSDOMAIN="dnsdomain")(&(KLHST_WKS_IP_LONG>=1)(KLHST_WKS_IP_LONG<=222))(&(KLHST_WKS_CONNECT_IP_LONG>=1)(KLHST_WKS_CONNECT_IP_LONG<=255))(KLDPNS_ID=1)(KLHST_WKS_GROUPID=4)(KLHST_WKS_STATUS&32<>0)(KLHST_AD_ORGUNIT_GP=1923)(KLHST_AD_GROUP=16416)(|(KLHST_WKS_CTYPE & 2048 = 2048)(KLHST_WKS_PTYPE=12)(KLHST_WKS_PTYPE=11))(KLHST_WKS_STATUS&4<>0)(KLHST_MOB_HAS_OWNER_CERT<>0)(&(KLHST_WKS_OSSP_VER_MAJOR=1)(KLHST_WKS_OSSP_VER_MINOR=2))(KLHST_WKS_CPU_ARCH=3)(&(HST_VM_TYPE<>2)(HST_VM_TYPE<>0)(HST_VM_VDI<>0)(HST_VM_TYPE=3))(KLHST_INVENTORY_PRODUCT_NAME="""ActivePerl 5.8.7 Build 813""")(KLHST_INVENTORY_PRODUCT_DISPLAY_VERSION="1.0.0.0")(KLHST_INVENTORY_PRODUCT_PUBLISHER="""AT&T Research Labs.""")))" +---KLHST_HTR_TagValue = (paramString)"ss" - See KLHST_HTR_TagValue
Mapping of OS version index to the host's search attributes:
HRULE_OS_VERSIONS KLHST_WKS_PTYPE KLHST_WKS_CTYPE KLHST_WKS_OS_VER_MAJOR KLHST_WKS_OS_VER_MINOR ------------------------------------------------------------------------------------------------------------------------------- 0 0 0x00400000 4 0 1 0 0x00400000 4 10 2 0 0x00400000 4 90 3 0 0x00001000 4 0xFFFFFFFF 4 0 0x00001000 | 0x00008000 4 0xFFFFFFFF 5 0 0x00001000 5 0 6 0 0x00001000 | 0x00008000 5 0 7 0 0x00001000 | 0x00008000 5 2 8 0 0x00001000 0xFFFFFFFF 0xFFFFFFFF 9 0 0x00001000 6 0 10 0 0x00001000 | 0x00008000 6 0 11 0 0x00000080 0xFFFFFFFF 0xFFFFFFFF 12 7 0x00002000 0xFFFFFFFF 0xFFFFFFFF 13 6 0x00200000 0xFFFFFFFF 0xFFFFFFFF 14 0 0x00000800 0xFFFFFFFF 0xFFFFFFFF 15 8 0x00001000 0xFFFFFFFF 0xFFFFFFFF 16 9 0x00001000 0xFFFFFFFF 0xFFFFFFFF 17 0 0x00001000 6 1 18 0 0x00001000 | 0x00008000 6 1 19 10 0x00001000 0xFFFFFFFF 0xFFFFFFFF 20 11 0x00001000 0xFFFFFFFF 0xFFFFFFFF 21 12 0x00001000 0xFFFFFFFF 0xFFFFFFFF 22 0 0x00001000 6 2 23 0 0x00001000 | 0x00008000 6 2 24 13 0x00001000 0xFFFFFFFF 0xFFFFFFFF 25 14 0x00001000 0xFFFFFFFF 0xFFFFFFFF 26 0 0x00001000 6 3 27 0 0x00001000 | 0x00008000 6 3 28 0 0x00001000 10 0 29 0 0x00001000 | 0x00008000 10 0 30 15 0x00001000 0xFFFFFFFF 0xFFFFFFFF 31 2 0x00001000 0xFFFFFFFF 0xFFFFFFFF
