KSC Open API
Kaspersky Security Center API description
|
RptViractSrvViewName srvview.
Caller must specify information presented below in the SrvView's optional parameters. The format is the following:
(paramParams) +--"EDetectionTypeLoc" Localized names of values from EDetectionType enumeration (paramParams) +--"Value" = "Localized value name" (paramString) .... +--"-1" = "Not a virus" (paramString) +--"EDetectionEngineLoc" Localized names of values from EDetectionEngine enumeration (paramParams) +--"Value" = "Localized value name" (paramString) .... +--"11" = "AMSI Protection Provider" (paramString) +--"EDetectionMethodLoc" Localized names of values from EDetectionMethod enumeration (paramParams) +--"Value" = "Localized value name" (paramString) .... +--"6" = "Sandbox" (paramString) +--"EViractResultLoc" Localized names of values from EViractResult enumeration (paramParams) +--"Value" = "Localized value name" (paramString) .... +--"5" = "Blocked" (paramString)
List of attributes is presented below:
Name | Type | Description |
---|---|---|
sResultEvent | paramString | Name of the resulting event, event_type of nEventResult. |
nEventVirus | paramLong | Virus found event ID, ev_event.nId of event 'GNRL_EV_VIRUS_FOUND'. |
sDetectionType | paramString | Element from KLEVP::EDetectionType (par8 from nEventVirus). |
nEventResult | paramLong | Resulting event. ev_event.nId of event 'GNRL_EV_*' is about an action with infected object. 0 means 'old unresolved'. |
tmVirusFoundTime | DATETIME_T | Virus detection time (event publication time of nEventVirus). |
sObject | paramString | Infected object name. |
binObjectHash | paramBinary | MD5 hash of the infected object. |
sVirusName | paramString | Virus name from nEventVirus. |
sAction | paramString | Description of the 'nEventResult' event. |
sAccount | paramString | User name (par7 from nEventVirus). |
sProductName | paramString | Publisher product name. |
sProductVersion | paramString | Publisher product version. |
sProductDisplVersion | paramString | Publisher product display version. |
sSha256 | paramString | SHA256 hash of the infected object. |
bLocal | paramBool | The attribute accepts true if the object is local or from the UNC path. |
bBlacklist | paramBool | "Client status" 'KPSN Blacklist'. |
bHarm | paramBool | The attribute accepts true if the object is really harmful. |
nEdrDataVersion | paramInt | EDR data version of killchain. |
sHostDisplName | paramString | Host display name. |
sWinHostName | paramString | Windows host name. |
sHostId | paramString | Host ID in 'Hosts'. |
sHostDnsName | paramString | Host DNS name. |
sHostAddress | paramString | Host address. |
nHostIpCon | paramLong | Host connection IP. |
nHostIpAddress | paramLong | Host IP. |
sHostComment | paramString | Host comment. |
nGroupId | paramInt | Host group ID from 'AdmGroups'. |
sGroupName | paramString | Host group name. |
bEdrDataVersionNot0 | paramBool | The attribute accepts true if EDR data version of killchain is greater than 0. |
nVServer | paramInt | Virtual Administration Server ID. 0 is used for the main server. |
sVServerName | paramString | Virtual Administration Server display name. Empty string for main server. |
nEViractResult | paramInt | Viract result. See EViractResult enumeration. |
nEDetectionType | paramInt | Detection type. See EDetectionType enumeration. |
nDtctEngine | paramInt | Detect engine. Type of the software or hardware tools to detect a malicious action. See EDetectionEngine enumeration. |
nDtctMethod | paramInt | Detection method of a malicious action (intelligence classes). See EDetectionMethod enumeration. |
bDtctCloudSendbox | paramBool | The attribute accepts true if the object is detected by Cloud Sandbox |
sEViractResultLoc | paramString | Localized nEViractResult. |
sEDetectionTypeLoc | paramString | Localized nEDetectionType. |
sDtctEngineLoc | paramString | Localized nDtctEngine. |
sDtctMethodLoc | paramString | Localized nDtctMethod. |
sTaskDisplayName | paramString | Task display name from which the viract event was published. |