KSC Open API
Kaspersky Security Center API description
Virus found event extra attributes

Additional attributes must be presented as string in JSON format, for example: {"engine":1,"method":3,"local":true,"harm":false,"blacklist":false}
Possible attributes:

  • "engine" - (JSON number) instrument which used to detect malicious action, see EDetectionEngine
  • "method" - (JSON number) method of detection (intelligence classes), see EDetectionMethod
  • "local" - (JSON boolean) true if virus found on local storage
  • "harm" - (JSON boolean) true if virus may destroy data
  • "blacklist" - (JSON boolean) true if the object is blocked based on the client's decision
  • "edr_ver" - (JSON number) version of JSON parameter of event that can be used to select a set of plugins that support killchain visualization
  • "edr" - (JSON object) optional parameter, may include following product specific attributes: -- "id" - (JSON string) killchain network list item identifier (see KILLCHAIN_LIST_NAME)
  • "cloud_sb" - (JSON boolean) true if detected by Cloud Sandbox