KSC Open API
Kaspersky Security Center API description
General event attributes
  1. tenant_id: The OSMP tenant ID in whose context the event is being published.
    • format: string
    • examples: 3031feff-815a-4920-a781-0201d1b2cb13
  1. ksc_instance_id: The KSC server instance ID publishing the event.
    • format: string, GUID
    • examples: 95d3de78-a56c-4bf4-83a1-819ff859e9ec
  1. ksc_vs_uid: The KSC virtual server unique identifier publishing the event.
    • format: string, up to 44 ansi chars
    • examples: VSRV42a6e07b-891f-4b88-bdbf-7438434346a4
  1. ksc_vs_id: The KSC virtual server relative identifier publishing the event.
    • format: int
    • examples: 42
  1. ksc_trustee_id: The low 32 bits of the llTrusteeId identifier in the KSC OpenAPI.
    • format: int
    • examples: 42
  1. ksc_trustee_sfx: The high 32 bits of the llTrusteeId identifier in the KSC OpenAPI.
    • format: int
    • examples: 65536
  1. ds: The Directory Service type from which the user information contained in the event is obtained.
    • format: string up to 16 ansi chars
    • examples: "AD", "EntraID".
  1. uid: The unique identifier of the object.
    • format: string, up to 44 ansi chars
    • examples: 5fec2a06-b668-41af-9322-dc0cf962dd7e c0dctApWjo2ooEXO0RATfhWfiQrE2og7axfcZRs6gEk=
  1. uid_bin: Binary representation of the unique identifier of an object in base64.
    • format: Base64 string
    • examples: X+wqBrZoQa+TItwM+WLdfg== c0dctApWjo2ooEXO0RATfhWfiQrE2og7axfcZRs6gEk=
  1. sid_bin: Binary representation of the security identifier in base64.
    • format: Base64 string
    • examples: AQUAAAAAAAUVAAAAGw5oPb8WR561pZ7BWAQAAA==
  1. sid_hash: Hash of the binary representation of the security identifier value in base64.
    • format: Base64 string
    • examples: G8KbNvYjuoKq9nJP07FnGA==
  1. dn: The unique distinctive name of the object (Distinguished name).
    • format: string
    • examples: cn=John Smith,ou=people,dc=example,dc=com
  1. dn_hash: MD5 Hash dn รข base64.
    • format: Base64 string
    • examples: Lxq33Udh1dH0yGlXdRRaFA==
  1. display_name: The object's display name in DS.
    • format: string
    • examples: John Smith ProblemSolvers
  1. upn: User Principal Name.
  1. sam_name: SAM name.
    • format: string
    • examples: JSMITH
  1. mail: E-mail address.
  1. mail_extra: Extra e-mail address.
  1. ds_info: Directory Service object attributes. (json object)

Required attributes of object:

  • ds
  • display_name Attributes, at least one of which must be specified:
  • uid
  • uid_bin
  • sid_hash Optional attributes of object:
  • sid_bin
  • dn
  • dn_hash
  • upn
  • sam_name
  • mail
  • mail_extra
  1. ds_info_original: Object attributes imported into Directory Service from another Directory Service (json object).

Required attributes of object:

  • ds Attributes, at least one of which must be specified:
  • uid
  • uid_bin
  • sid_hash Optional attributes of object:
  • display_name
  • sid_bin
  • dn
  • dn_hash
  • upn
  • sam_name
  • mail
  • mail_extra
  1. ds_ids: Attributes set identifying an object in the Directory Service (json-object).

Attributes, at least one of which must be specified:

  • uid
  • uid_bin
  • sid_hash
  • ksc_trustee_id + ksc_trustee_sfx Optional attributes of object:
  • ds Examples: { "ksc_trustee_id" : "42", "ksc_trustee_sfx" : 65536 } { "uid" : "5fec2a06-b668-41af-9322-dc0cf962dd7e" } { "sid_hash" : "G8KbNvYjuoKq9nJP07FnGA==" } ]
  1. ds_ids_chunk: Object IDs array in the Service Directory (json array).

Each element is an object that has the same structure as the ds_ids parameter described above; Examples: [ { "ksc_trustee_id" : "42", "ksc_trustee_sfx" : 65536 }, { "uid" : "5fec2a06-b668-41af-9322-dc0cf962dd7e" }, { "sid_hash" : "G8KbNvYjuoKq9nJP07FnGA==" } ]