KSC Open API
Kaspersky Security Center API description
Virus activity report data srvview attributes

RptViractSrvViewName srvview.

Caller must specify information presented below in the SrvView's optional parameters. The format is the following:

	(paramParams)
		+--"EDetectionTypeLoc"	Localized names of values from EDetectionType enumeration (paramParams)
			+--"Value" = "Localized value name"	(paramString)
			....
			+--"-1" = "Not a virus"	(paramString)
		+--"EDetectionEngineLoc"	Localized names of values from EDetectionEngine enumeration (paramParams)
			+--"Value" = "Localized value name"	(paramString)
			....
			+--"11" = "AMSI Protection Provider"	(paramString)
		+--"EDetectionMethodLoc"	Localized names of values from EDetectionMethod enumeration (paramParams)
			+--"Value" = "Localized value name"	(paramString)
			....
			+--"6" = "Sandbox"	(paramString)
		+--"EViractResultLoc"	Localized names of values from EViractResult enumeration (paramParams)
			+--"Value" = "Localized value name"	(paramString)
			....
			+--"5" = "Blocked"	(paramString)
	

List of attributes is presented below:

NameTypeDescription
sResultEventparamStringName of the resulting event, event_type of nEventResult.
nEventVirusparamLongVirus found event ID, ev_event.nId of event 'GNRL_EV_VIRUS_FOUND'.
sDetectionTypeparamStringElement from KLEVP::EDetectionType (par8 from nEventVirus).
nEventResultparamLongResulting event. ev_event.nId of event 'GNRL_EV_*' is about an action with infected object. 0 means 'old unresolved'.
tmVirusFoundTimeDATETIME_TVirus detection time (event publication time of nEventVirus).
sObjectparamStringInfected object name.
binObjectHashparamBinaryMD5 hash of the infected object.
sVirusNameparamStringVirus name from nEventVirus.
sActionparamStringDescription of the 'nEventResult' event.
sAccountparamStringUser name (par7 from nEventVirus).
sProductNameparamStringPublisher product name.
sProductVersionparamStringPublisher product version.
sProductDisplVersionparamStringPublisher product display version.
sSha256paramStringSHA256 hash of the infected object.
bLocalparamBoolThe attribute accepts true if the object is local or from the UNC path.
bBlacklistparamBool"Client status" 'KPSN Blacklist'.
bHarmparamBoolThe attribute accepts true if the object is really harmful.
nEdrDataVersionparamIntEDR data version of killchain.
sHostDisplNameparamStringHost display name.
sWinHostNameparamStringWindows host name.
sHostIdparamStringHost ID in 'Hosts'.
sHostDnsNameparamStringHost DNS name.
sHostAddressparamStringHost address.
nHostIpConparamLongHost connection IP.
nHostIpAddressparamLongHost IP.
sHostCommentparamStringHost comment.
nGroupIdparamIntHost group ID from 'AdmGroups'.
sGroupNameparamStringHost group name.
bEdrDataVersionNot0paramBoolThe attribute accepts true if EDR data version of killchain is greater than 0.
nVServerparamIntVirtual Administration Server ID. 0 is used for the main server.
sVServerNameparamStringVirtual Administration Server display name. Empty string for main server.
nEViractResultparamIntViract result. See EViractResult enumeration.
nEDetectionTypeparamIntDetection type. See EDetectionType enumeration.
nDtctEngineparamIntDetect engine. Type of the software or hardware tools to detect a malicious action. See EDetectionEngine enumeration.
nDtctMethodparamIntDetection method of a malicious action (intelligence classes). See EDetectionMethod enumeration.
bDtctCloudSendboxparamBoolThe attribute accepts true if the object is detected by Cloud Sandbox
sEViractResultLocparamStringLocalized nEViractResult.
sEDetectionTypeLocparamStringLocalized nEDetectionType.
sDtctEngineLocparamStringLocalized nDtctEngine.
sDtctMethodLocparamStringLocalized nDtctMethod.
sTaskDisplayNameparamStringTask display name from which the viract event was published.