|
KSC Open API
Kaspersky Security Center API description
|
|
KSC Open API
Kaspersky Security Center API description
|
Format of rule settings in KSC Console:
+---KLHST_MR_Custom (PARAMS_T)
| +---CpuArch = (INT_T)2 - OS Architecture. KLHST_WKS_CPU_ARCH
| +---HRULE_ALIEN = (INT_T)1 - Computer is managed by other KSCServer. See \ref ak_hst_attributes "KLHST_MANAGED_OTHER_SERVER". Values: 0 - ignored, 1 - Yes, 2 - No.
| +---HRULE_CON_IP_RANGE_FROM = (LONG_T)10 - IP interval start. See KLHST_WKS_CONNECT_IP_LONG
| +---HRULE_CON_IP_RANGE_TO = (LONG_T)20 - IP interval end. See KLHST_WKS_CONNECT_IP_LONG
| +---HRULE_FROM_UNASSIGNED = (BOOL_T)true - If true then move only unassigned computers
| +---HRULE_INCLUDE_CHILD_OU = (BOOL_T)false - Include child AD OU if true
| +---HRULE_IP_RANGE_FROM = (LONG_T)1 - IP interval start. See KLHST_WKS_IP_LONG
| +---HRULE_IP_RANGE_TO = (LONG_T)10 - IP interval end. See KLHST_WKS_IP_LONG
| +---HRULE_NAGENT_STATUS = (INT_T)1 - Values: 0 - not set, 1 - Network Agent installed ("KLHST_WKS_STATUS & 0x00000004 <> 0"), 2 - Network Agent not installed ("KLHST_WKS_STATUS & 0x00000004 = 0")
| +---HRULE_OS_VERSIONS (ARRAY_T) - See Mapping of OS version index to the host's search attributes in \ref ak_srvview_host_tags_rules
| | +---0 = (INT_T)12
| | +---1 = (INT_T)24
| | +---2 = (INT_T)33
| | +---3 = (INT_T)13
| | +---4 = (INT_T)0
| +---HRULE_ROAMING_STATUS = (INT_T)1 - Values: 0 - not set, 1 - Roaming mode active ("KLHST_WKS_STATUS & 0x00000020 <> 0"), 2 - Roaming mode inactive ("KLHST_WKS_STATUS & 0x00000020 = 0")
| +---HRULE_TAG = (STRING_T)"ConnProd" - list of tags divided by "\n"
| +---HRULE_TAG_EXCLUDE = (BOOL_T)true - tags exclusion flag
| +---HRULE_TAG_OR = (BOOL_T)true - if true tags combined by logical OR otherwise by logical AND
| +---HRULE_USER_CERT_INSTALLED = (INT_T)1 - Values: 0 - not set, 1 - Certificate installed ("KLHST_MOB_HAS_OWNER_CERT <> 0"), 2 - Certificate not installed ("KLHST_MOB_HAS_OWNER_CERT = 0")
| +---HRULE_USE_CON_IP_RANGE = (BOOL_T)true - true if HRULE_CON_IP_RANGE_FROM, HRULE_CON_IP_RANGE_TO are set or false if it is ignored
| +---HRULE_USE_IP_RANGE = (BOOL_T)true - true if HRULE_IP_RANGE_FROM, HRULE_IP_RANGE_TO are set or false if it is ignored
| +---KLDPNS_ID = (INT_T)1 - See KLDPNS_ID
| +---HRULE_INCLUDE_CHILD_OU = (BOOL_T)true - Include child AD OU if true
| +---KLHST_AD_GROUP = (INT_T)16416 - See KLHST_AD_GROUP
| +---KLHST_AD_ORGUNIT or KLHST_AD_ORGUNIT_GP = (INT_T)1923 - See KLHST_AD_ORGUNIT (if HRULE_INCLUDE_CHILD_OU == false) or KLHST_AD_ORGUNIT_GP (if HRULE_INCLUDE_CHILD_OU == true)
| +---KLHST_WKS_DNSDOMAIN = (STRING_T)"dnsdomain" - See KLHST_WKS_DNSDOMAIN
| +---KLHST_WKS_DNSNAME = (STRING_T)"dnsname" - See KLHST_WKS_DNSNAME
| +---KLHST_WKS_WINDOMAIN = (STRING_T)"windomain" - See KLHST_WKS_WINDOMAIN
| +---KLHST_WKS_WINHOSTNAME = (STRING_T)"comp" - See KLHST_WKS_WINHOSTNAME
| +---OsBuild=(INT)16233 - OS Build number (KLHST_WKS_OS_BUILD_NUMBER=16233)
| +---OsBuildCond=(INT)0 - OS Build number comparison condition (0-equal, 1-not equal, 2-greater, 3-less)
| +---OsRelease=(INT)1700 - OS Release ID (KLHST_WKS_OS_RELEASE_ID<>1700)
| +---OsReleaseCond=(INT)1 - OS Release ID comparison condition (0-equal, 1-not equal, 2-greater, 3-less)
| +---OsSp = (STRING_T)"1.2" - OS Service pack version in format "Major.[Minor]". See KLHST_WKS_OSSP_VER_MAJOR, KLHST_WKS_OSSP_VER_MINOR
| +---PartVDI = (INT_T)1 - Computer is dynamic virtual machine as a part of VDI (0 - ignore, 1 - yes, 2 - no). See HST_VM_VDI
| +---VM = (INT_T)1 - Computer is virtual machine (0 - ignore, 1 - yes, 2 - no). See HST_VM_VDI
| +---VMType = (INT_T)3 - Virtual machine type. See HST_VM_TYPE
| +---cloud_azone = (STRING_T)"cloud zone" - Cloud host availability zone, STRING_T. See KLHST_CLOUD_HOST_AVAILABILITYZONE
| +---cloud_pgroup = (STRING_T)"cloud group" - Cloud host Placement Group, STRING_T. See KLHST_CLOUD_HOST_PLACEMENTGROUP
| +---cloud_subnet = (STRING_T)"cloud subnet" - Cloud host subnet, STRING_T. See KLHST_CLOUD_HOST_SUBNET
| +---cloud_type = (INT_T)1 - Cloud type. See \ref akqrs_cloud_type and \ref ak_hst_attributes_srchonly "KLHST_CLOUD_HOST_TYPE"
| +---search_in_subclouds = (BOOL_T)true - Search in cloud subcontainers. See \ref ak_hst_attributes_srchonly "KLHST_CLOUD_CONTAINER_GP"
- Part of query string from "General" gui page
| +---HRULE_QUERY_PART1 = (STRING_T)"(KLHST_WKS_FROM_UNASSIGNED<>0)"
- Part of query string from "Network" gui page
| +---HRULE_QUERY_PART2 = (STRING_T)"(KLHST_WKS_WINHOSTNAME="device")(KLHST_WKS_WINDOMAIN="win_domain")(KLHST_WKS_DNSNAME="dns_name")(KLHST_WKS_DNSDOMAIN="dns_domain")(&(KLHST_WKS_IP_LONG>=1)(KLHST_WKS_IP_LONG<=10))(&(KLHST_WKS_CONNECT_IP_LONG>=10)(KLHST_WKS_CONNECT_IP_LONG<=20))(KLDPNS_ID=1)(KLHST_WKS_GROUPID=4)(KLHST_WKS_STATUS&32<>0)(KLHST_MANAGED_OTHER_SERVER<>0)"
- Part of query string from "Applications" gui page
| +---HRULE_QUERY_PART3 = (STRING_T)"(|(KLHST_WKS_PTYPE=7)(KLHST_WKS_PTYPE=13)(KLHST_WKS_PTYPE=16)(KLHST_WKS_PTYPE=6)(&(KLHST_WKS_OS_VER_MAJOR=4)(KLHST_WKS_OS_VER_MINOR=0)(KLHST_WKS_CTYPE & 4194304 = 4194304)))(KLHST_WKS_STATUS&4<>0)(KLHST_MOB_HAS_OWNER_CERT<>0)(KLHST_WKS_CPU_ARCH=2)(KLHST_WKS_OS_BUILD_NUMBER=3)(KLHST_WKS_OS_RELEASE_ID=1000)"
- Part of query string from "Active Directory" gui page
| +---HRULE_QUERY_PART4 = (STRING_T)""
- Part of query string from "Virtual machines" gui page
| +---HRULE_QUERY_PART5 = (STRING_T)"(&(HST_VM_TYPE<>2)(HST_VM_TYPE<>0)(HST_VM_VDI<>0)(HST_VM_TYPE=7))"
- Part of query string from "Tags" gui page
| +---HRULE_QUERY_PART6 = (STRING_T)"(|(KLHST_INCLUDED_WKS_TAG_NAME<>"ConnProd"))"
- Part of query string from "Cloud segments" gui page
| +---HRULE_QUERY_PART7 = (STRING_T)"(KLHST_CLOUD_CONTAINER_GP=0x00000000000000000000000000000000)(KLHST_CLOUD_HOST_TYPE=1)(KLHST_CLOUD_HOST_AVAILABILITYZONE="cloud zone")(KLHST_CLOUD_HOST_PLACEMENTGROUP="cloud group")(KLHST_CLOUD_HOST_SUBNET="cloud subnet")"
