KSC Open API
Kaspersky Security Center API description
List of event attributes

List of event attributes is presented below. Do not confuse this list with List of event attributes published by server, which is used only when publishing events from the server side.

NameTypeDescription
"GNRL_EA_SEVERITY"paramInt

Event severity. May have the following values:

  • 0 - Constant to be used as invalid event severity value
  • 1 - Severity "Information"
  • 2 - Severity "Warning"
  • 3 - Severity "Error"
  • 4 - Severity "Critical"

"product_name"paramStringProduct name (up to 32 symbols) *.
"product_version"paramStringProduct version name (up to 32 symbols) *.
"product_displ_version"paramStringProduct build (up to 32 symbols).
"hostname"paramStringHost name. A unique server-generated string (up to 256 symbols).
"task_display_name"paramStringDisplay name of the task (up to 100 symbols).
"hostdn"paramStringDisplay name of the host (up to 256 symbols).
"domain_name"paramStringDomain name of the host (added by the administration system).
"host_id"paramIntIdentity of the host (added by administration system).
"host_type"paramIntType of host in the administration hierarchy (added by the administration system). See Administration Hierarchy Host Type enum.
"group_name"paramStringName of the group where the host is located (up to 128 symbols).
"group_id"paramIntID of the group where the host is located.
"event_id"paramIntEvent ID.
"event_db_id"paramLongEvent ID (64-bit) since AK 8.5.
"event_type"paramString

Name of the event type (up to 50 symbols). For example:

  • "KLPRCI_TaskState" - Task execution state changed. See also "task_new_state" attribute.
  • "KLEVP_GroupTaskSyncState" - Task synchronization state changed. See also "task_new_state" attribute.
  • "GNRL_EV_SUSPICIOUS_OBJECT_FOUND" - Unknown or malicious application is found.
  • "GNRL_EV_VIRUS_FOUND" - Virus found.
  • "GNRL_EV_OBJECT_CURED" - Object was cured.
  • "GNRL_EV_OBJECT_DELETED" - Object was deleted.
  • "GNRL_EV_OBJECT_REPORTED" - Object was reported.
  • "GNRL_EV_PASSWD_ARCHIVE_FOUND" - Password-protected archive was found.
  • "GNRL_EV_OBJECT_QUARANTINED" - Object was put into quarantine.
  • "GNRL_EV_OBJECT_NOTCURED" - Object wasn't cured.

See also Parameters GNRL_EA_PARAM_* for some events.

"event_type_display_name"paramStringDisplay name of the event type (up to 100 symbols).
"body"paramParamsEvent body (added by the administration system).
"event_type_id"paramIntEvent type unique identity.
"task_old_state"paramIntOld task state (for events of type "KLPRCI_TaskState" or "KLEVP_GroupTaskSyncState"). The following values are possible: Group task state enum.
"task_new_state"paramIntNew task state (for events of type "KLPRCI_TaskState" or "KLEVP_GroupTaskSyncState"). The following values are possible: Group task state enum.
"rise_time"paramDateTimeTime when the event was published, in UTC.
"registration_time"paramDateTimeTime when the event was registered at the Administration Server, in UTC.
"GNRL_EA_ID"paramIntEvent type localization identity.
"GNRL_EA_DESCRIPTION"paramStringEvent description (up to 1000 symbols).
"GNRL_EA_DESCRIPTION_DISP_NAME"paramStringAttribute added by the administration system. Localized event description (up to 1000 symbols).
"GNRL_EA_PARAM_N"paramStringExtra event parameters depending on event type "event_type", where N = 1..9. See Parameters GNRL_EA_PARAM_* for some events.
"GNRL_EXTRA_PARAMS"paramStringAdditional event parameter, which is not to be stored in the event's properties in the KSC database. Its meaning depends on the event type.
"KLVSRV_ID"paramIntVirtual server ID in the database. 0 for non-virtual server.
"KLVSRV_DN"paramStringVirtual server display name (up to 256 symbols).
"GNRL_COMPLETED_PERCENT"paramIntOperation completion percent.
"event_vm_info"paramParamsInformation about the virtual machine the published the event. Should contain the following parameters:
NameTypeDescription
"event_vm_id"paramStringIdentity of VM. 32 ANSI symbols. Case insensitive.
"event_vm_full_name"paramStringFull name of VM (path of VM in vCenter). Up to 256 UNICODE symbols.
"event_cluster_id"paramStringCluster unique ID (same as "KLCONN_CLUSTER_ID"). Up to 127 symbols.
"event_vm_ipv4"paramIntHost IPv4 address with network byte order. Optional.