KSC Open API
Kaspersky Security Center API description
SrvView EventsSrvViewName - Events virtual list

Parameter 'pParams' of SrvView::ResetIterator method may contain optional parameter:

  • "EVP_MAX_EVENTS_SRCH_AREA" (paramInt) Search will be from the last received N events. If not specified, a default value depending on the DBMS type will be used. A value of 0 means "no limit".

View contains list of events.

View name: "EventsSrvViewName"

List of view attributes and options is presented below.

NameTypeDescription
"event_db_id"paramLongEvent ID (64-bit) since AK 8.5.
"GNRL_EA_SEVERITY"paramInt

Event severity. May have one of the following values:

  • 1 - severity "Information"
  • 2 - severity "Warning"
  • 3 - severity "Error"
  • 4 - severity "Critical"

"KLEVP_EVENT_GROUP_TASK_ID"paramStringIf the event has been published by the group task, then the parameter is equal to the ID of the task.
"group_name"paramStringName of the group where the host is located.
"product_name"paramString

Product name.

"product_displ_version"paramString

Product build.

"event_type"paramString

Name of the event type:

  • "KLPRCI_TaskState" - Task state changed. See the "task_new_state" attribute.
  • "GNRL_EV_SUSPICIOUS_OBJECT_FOUND" - Unknown or malicious application is found.
  • "GNRL_EV_VIRUS_FOUND" - Virus found.
  • "GNRL_EV_OBJECT_CURED" - Object was cured.
  • "GNRL_EV_OBJECT_DELETED" - Object was deleted.
  • "GNRL_EV_OBJECT_REPORTED" - Object was reported.
  • "GNRL_EV_PASSWD_ARCHIVE_FOUND" - Password-protected archive was found.
  • "GNRL_EV_OBJECT_QUARANTINED" - Object was put into quarantine.
  • "GNRL_EV_OBJECT_NOTCURED" - Object wasn't cured.

See also Parameters GNRL_EA_PARAM_* for some events.

"event_type_id"paramInt

Unique ID of the event type.

"event_type_display_name"paramStringDisplay name of the event type.
"GNRL_EA_DESCRIPTION"paramStringEvent description.
"rise_time"paramDateTimeTime when the event was published, in UTC.
"registration_time"paramDateTimeTime when the event was registered by Administration Server, in UTC.
"GNRL_EA_ID"paramInt

Numeric event ID.

"task_new_state"paramIntTask state (for the "KLPRCI_TaskState" events). The following values are possible: Group task state enum.
"task_old_state"paramIntOld task state. Possible values are the same as for "task_new_state".
"task_display_name"paramStringDisplay name of the task.
"host_id"paramLongHost ID.
"group_id"paramIntID of the group where the host is located.
"hostname"paramStringHost name - a unique server-generated string.
"hostdn"paramStringDisplay name of the host.
"KLEVP_EVENT_HOST_IP_ADDRESS"paramLongHost IPv4 address (little-endian byte order).
"KLEVP_EVENT_HOST_CONN_IP_ADDRESS"paramLongHost IPv4 connection address (little-endian byte order).
"KLEVP_EVENT_DOMAIN"paramStringDNS suffix.
"domain_name"paramStringDomain name.
"KLEVP_EVENT_HOST_STATUS"paramIntExtended status ID of the host. See "KLHST_WKS_STATUS" in List of host attributes.
"KLEVP_EVENT_HOST_NETBIOSNAME"paramStringHost Windows (NetBIOS) name.
"GNRL_EA_PARAM_N"paramStringExtra event parameters, depending on the event type "event_type", where N = 1..9. See Parameters GNRL_EA_PARAM_* for some events.
"KLVSRV_ID"paramInt

Virtual server ID.

"KLVSRV_DN"paramString

Virtual server display name.

"FULLTEXT_SEARCH"paramStringSearch-only field for full-text search. See Full-text attribute. The following fields are included in search:
  • "task_display_name"
  • "event_type_display_name"
  • "descr"
"EVP_MAX_EVENTS_SRCH_AREA"paramInt

Search will be from last N events.

This parameter is an optional for search.

See also: