KSC Open API
Kaspersky Security Center API description
Extra attributes of Adaptive Anomalies Control events

Additional attributes for the events types GNRL_EV_ADSEC_USER_REQUEST and GNRL_EV_ADSEC_DETECT must be presented as the GNRL_EA_PARAM_8 parameter in a string in the JSON format. Possible attributes:

  • "source_process_hash" - (JSON string) - SHA-256 hash value of the source process file.
  • "source_object_hash" - (JSON string) - SHA-256 hash value of the target process file.
  • "target_process_hash" - (JSON string) - SHA-256 hash value of the source object.
  • "target_object_hash" - (JSON string) - SHA-256 hash value of the target object.
  • "verdict_type" - (JSON boolean) - True if the rule status is 'BLOCK'; otherwise false (rule is running in the 'REPORT ONLY' state).
  • "user_sid" - (JSON string) - Serialized security ID (SID) of the user.