|
KSC Open API
Kaspersky Security Center API description
|
|
KSC Open API
Kaspersky Security Center API description
|
Custom category is a paramParams of special format:
<category>
|
+---<uuid>
+---<name>
+---<descr>
+---<inclusions>
+---<exclusions>
+---<type>
+---<version>
+---<CategoryType>
+---<EnableAutoForceUpdate>
+---<AutoForceUpdatePeriod>
+---<SilverImageType>
+---<SilverImageHosts>
+---<CategoryFilter>
|
+---<FilesFromDir>
+---<IncludeDll>
+---<IncludeScripts>
+---<MetadataFlag>
| Attribute | Type | Description | Readonly |
|---|---|---|---|
| uuid | paramBinary | Globally unique category id. Used in KES policy. | Yes |
| name | wstring | Category name. Max length 256 symbols. | |
| descr | wstring | Category description. Max length 256 symbols. | |
| inclusions | array | Array of expressions | |
| exclusions | array | Array of expressions | |
| type | int | Category type for KES:
| Yes |
| version | int | Category version | Yes |
| CategoryType | int | Category type
| |
| EnableAutoForceUpdate | boolean | Enable auto force update. For AutoUpdate and SilverImage. | |
| AutoForceUpdatePeriod | int | Update period in seconds | |
| SilverImageType | int | Silver image type:
| |
| SilverImageHosts | array | Array of hosts ids (Host id in string format) | |
| CategoryFilter | params | Category filter | |
| FilesFromDir | wstring | Path to directory with files | |
| IncludeDll | boolean | Include DLL files | |
| IncludeScripts | boolean | Include Script files | |
| MetadataFlag | int | Bit mask:
|
Inclusions (exclusions) is an array of expression of format:
<expression>
|
+---<ex_type>
// for types VendorName, ProductName, FileHash, FileName, FilePath
+---<str>
+---<str2>
+---<str_op>
|
// for types ProductVersion, FileVersion
+---<ver_major>
+---<ver_minor>
+---<ver_build>
+---<ver_revision>
+---<ver_suffix>
+---<ver_raw>
+---<ver_op>
|
// for type Linked
+---<uuid>
|
// for type Media
+---<media_type>
|
// for types AND, OR
+---<l_expr>
+---<r_expr>
|
// for type NOT
+---<expr>
|
// for type Certificate
+---<certificate>
|
+---<CertSerial>
+---<CertThumbprint>
+---<CertIssuer>
+---<CertIssuerShort>
+---<CertSubject>
+---<CertSubjectShort>
+---<CertValidFrom>
+---<CertValidTo>
+---<CertPublicKey>
| Attribute | Type | Description |
|---|---|---|
| ex_type | int | Expression type:
|
| str | wstring | String data. If it a MD5 file hash we recommend use uppercase chars from {0123456789ABCDEF} |
| str2 | wstring | Additional string data. If it a SHA256 file hash we recommend use uppercase chars from {0123456789ABCDEF} |
| str_op | int | String comparison operation:
|
| ver_major | int | Version major |
| ver_minor | int | Version minor |
| ver_build | int | Version build |
| ver_revision | int | Version revision |
| ver_suffix | wstring | Version suffix |
| ver_raw | wstring | Version raw |
| ver_op | int | Version comparison operation:
|
| uuid | paramBinary | UUID of KL-category |
| media_type | int | Media type:
|
| l_expr | params | Left sub-expression |
| r_expr | params | Right sub-expression |
| expr | params | Sub-expression |
| certificate | params | Container with certificate attributes |
| CertSerial | paramBinary | Certificate serial number |
| CertThumbprint | paramBinary | Certificate thumbprint |
| CertIssuer | wstring | Certificate issuer attribute in full format |
| CertIssuerShort | wstring | Certificate issuer attribute in short format |
| CertSubject | wstring | Certificate subject attribute in full format |
| CertSubjectShort | wstring | Certificate subject attribute in short format |
| CertValidFrom | datetime | Certificate is valid from date |
| CertValidTo | datetime | Certificate is valid to date |
| CertPublicKey | paramBinary | Public key |
