KSC Open API
Kaspersky Security Center API description
Custom category format

Custom category is a paramParams of special format:

    <category>
    |
    +---<uuid>
    +---<name>
    +---<descr>
    +---<inclusions>
    +---<exclusions>
    +---<type>
    +---<version>
    +---<CategoryType>
    +---<EnableAutoForceUpdate>
    +---<AutoForceUpdatePeriod>
    +---<SilverImageType>
    +---<SilverImageHosts>
    +---<CategoryFilter>
        |
        +---<FilesFromDir>
        +---<IncludeDll>
        +---<IncludeScripts>
        +---<MetadataFlag>
    
AttributeTypeDescriptionReadonly
uuidparamBinaryGlobally unique category id. Used in KES policy.Yes
namewstringCategory name. Max length 256 symbols.
descrwstringCategory description. Max length 256 symbols.
inclusionsarrayArray of expressions
exclusionsarrayArray of expressions
typeint Category type for KES:
  • 0 - COMMON
  • 1 - BYFILESHASH
Yes
versionintCategory versionYes
CategoryTypeint Category type
  • 0 - Simple (Manually by user)
  • 1 - AutoUpdate (From directory)
  • 2 - SilverImage (Automatically by hashes from hosts)
EnableAutoForceUpdatebooleanEnable auto force update. For AutoUpdate and SilverImage.
AutoForceUpdatePeriodintUpdate period in seconds
SilverImageTypeint Silver image type:
  • 0 - All files
  • 1 - Uncategorized
SilverImageHostsarrayArray of hosts ids (Host id in string format)
CategoryFilterparamsCategory filter
FilesFromDirwstringPath to directory with files
IncludeDllbooleanInclude DLL files
IncludeScriptsbooleanInclude Script files
MetadataFlagint Bit mask:
  • 0x00000001 - File name
  • 0x00000002 - File path
  • 0x00000004 - Company name
  • 0x00000001 - File name
  • 0x00000008 - Product name
  • 0x00000010 - File version
  • 0x00000020 - Product version
  • 0x00000040 - MD5 hash
  • 0x00000080 - Local file name
  • 0x00000100 - SHA256 hash

Inclusions (exclusions) is an array of expression of format:


    <expression>
    |
    +---<ex_type>
    // for types VendorName, ProductName, FileHash, FileName, FilePath
    +---<str>
    +---<str2>
    +---<str_op>
    |
    // for types ProductVersion, FileVersion
    +---<ver_major>
    +---<ver_minor>
    +---<ver_build>
    +---<ver_revision>
    +---<ver_suffix>
    +---<ver_raw>
    +---<ver_op>
    |
    // for type Linked
    +---<uuid>
    |
    // for type Media
    +---<media_type>
    |
    // for types AND, OR
    +---<l_expr>
    +---<r_expr>
    |
    // for type NOT
    +---<expr>
    |
    // for type Certificate
    +---<certificate>
        |
        +---<CertSerial>
        +---<CertThumbprint>
        +---<CertIssuer>
        +---<CertIssuerShort>
        +---<CertSubject>
        +---<CertSubjectShort>
        +---<CertValidFrom>
        +---<CertValidTo>
        +---<CertPublicKey>
    
AttributeTypeDescription
ex_typeint Expression type:
  • 0 - Unknown
  • 1 - VendorName
  • 2 - ProductName
  • 3 - FileHash
  • 4 - FileName
  • 5 - FilePath
  • 6 - ProductVersion
  • 7 - FileVersion
  • 8 - Linked
  • 9 - And
  • 10 - Or
  • 11 - Not
  • 12 - Media
  • 13 - Certificate
strwstringString data. If it a MD5 file hash we recommend use uppercase chars from {0123456789ABCDEF}
str2wstringAdditional string data. If it a SHA256 file hash we recommend use uppercase chars from {0123456789ABCDEF}
str_opint String comparison operation:
  • 0 - Equal
  • 1 - NotEqual
  • 2 - Like
  • 3 - Contains
  • 4 - StartsWith
  • 5 - EndsWith
ver_majorintVersion major
ver_minorintVersion minor
ver_buildintVersion build
ver_revisionintVersion revision
ver_suffixwstringVersion suffix
ver_rawwstringVersion raw
ver_opint Version comparison operation:
  • 0 - Equal
  • 1 - NotEqual
  • 2 - Like
  • 3 - Contains
  • 4 - StartsWith
  • 5 - EndsWith
  • 6 - Greater
  • 7 - GreaterOrEqual
  • 8 - Less
  • 9 - LessOrEqual
uuidparamBinaryUUID of KL-category
media_typeint Media type:
  • 0 - Any
  • 1 - RemovableDrive
l_exprparamsLeft sub-expression
r_exprparamsRight sub-expression
exprparamsSub-expression
certificateparamsContainer with certificate attributes
CertSerialparamBinaryCertificate serial number
CertThumbprintparamBinaryCertificate thumbprint
CertIssuerwstringCertificate issuer attribute in full format
CertIssuerShortwstringCertificate issuer attribute in short format
CertSubjectwstringCertificate subject attribute in full format
CertSubjectShortwstringCertificate subject attribute in short format
CertValidFromdatetimeCertificate is valid from date
CertValidTodatetimeCertificate is valid to date
CertPublicKeyparamBinaryPublic key