KSC Open API
Kaspersky Security Center API description
|
Custom category is a paramParams of special format:
<category> | +---<uuid> +---<name> +---<descr> +---<inclusions> +---<exclusions> +---<type> +---<version> +---<CategoryType> +---<EnableAutoForceUpdate> +---<AutoForceUpdatePeriod> +---<SilverImageType> +---<SilverImageHosts> +---<CategoryFilter> | +---<FilesFromDir> +---<IncludeDll> +---<IncludeScripts> +---<MetadataFlag>
Attribute | Type | Description | Readonly |
---|---|---|---|
uuid | paramBinary | Globally unique category id. Used in KES policy. | Yes |
name | wstring | Category name. Max length 256 symbols. | |
descr | wstring | Category description. Max length 256 symbols. | |
inclusions | array | Array of expressions | |
exclusions | array | Array of expressions | |
type | int | Category type for KES:
| Yes |
version | int | Category version | Yes |
CategoryType | int | Category type
| |
EnableAutoForceUpdate | boolean | Enable auto force update. For AutoUpdate and SilverImage. | |
AutoForceUpdatePeriod | int | Update period in seconds | |
SilverImageType | int | Silver image type:
| |
SilverImageHosts | array | Array of hosts ids (Host id in string format) | |
CategoryFilter | params | Category filter | |
FilesFromDir | wstring | Path to directory with files | |
IncludeDll | boolean | Include DLL files | |
IncludeScripts | boolean | Include Script files | |
MetadataFlag | int | Bit mask:
|
Inclusions (exclusions) is an array of expression of format:
<expression> | +---<ex_type> // for types VendorName, ProductName, FileHash, FileName, FilePath +---<str> +---<str2> +---<str_op> | // for types ProductVersion, FileVersion +---<ver_major> +---<ver_minor> +---<ver_build> +---<ver_revision> +---<ver_suffix> +---<ver_raw> +---<ver_op> | // for type Linked +---<uuid> | // for type Media +---<media_type> | // for types AND, OR +---<l_expr> +---<r_expr> | // for type NOT +---<expr> | // for type Certificate +---<certificate> | +---<CertSerial> +---<CertThumbprint> +---<CertIssuer> +---<CertIssuerShort> +---<CertSubject> +---<CertSubjectShort> +---<CertValidFrom> +---<CertValidTo> +---<CertPublicKey>
Attribute | Type | Description |
---|---|---|
ex_type | int | Expression type:
|
str | wstring | String data. If it a MD5 file hash we recommend use uppercase chars from {0123456789ABCDEF} |
str2 | wstring | Additional string data. If it a SHA256 file hash we recommend use uppercase chars from {0123456789ABCDEF} |
str_op | int | String comparison operation:
|
ver_major | int | Version major |
ver_minor | int | Version minor |
ver_build | int | Version build |
ver_revision | int | Version revision |
ver_suffix | wstring | Version suffix |
ver_raw | wstring | Version raw |
ver_op | int | Version comparison operation:
|
uuid | paramBinary | UUID of KL-category |
media_type | int | Media type:
|
l_expr | params | Left sub-expression |
r_expr | params | Right sub-expression |
expr | params | Sub-expression |
certificate | params | Container with certificate attributes |
CertSerial | paramBinary | Certificate serial number |
CertThumbprint | paramBinary | Certificate thumbprint |
CertIssuer | wstring | Certificate issuer attribute in full format |
CertIssuerShort | wstring | Certificate issuer attribute in short format |
CertSubject | wstring | Certificate subject attribute in full format |
CertSubjectShort | wstring | Certificate subject attribute in short format |
CertValidFrom | datetime | Certificate is valid from date |
CertValidTo | datetime | Certificate is valid to date |
CertPublicKey | paramBinary | Public key |