Below is an example of a JSON file containing a configuration for the Event Processor service. The file contains a description of the event parameters for the Event Processor.
Only a Kaspersky employee can create a configuration file. The system administrator uploads the Event Processor configuration file when configuring the Event Processor service settings.
{ "timestamp_field": "TimeStamp", "timestamp_scale": "ms", "fields": [ "User_Host", "User_Name", "Destination_Host", "Access_Result" ], "groupBy": [ "User_Host", "User_Name", "Destination_Host", "Access_Result" ], "nodes": [ { "name": "User_Name", "depth": 0, "tooltip": { "templates": [ "User: {{User_Name}}" ] } }, { "name": "User_Host", "depth": 1, "tooltip": { "templates": [ "User host: {{User_Host}}" ] } }, { "name": "Destination_Host", "depth": 2, "tooltip": { "templates": [ "Destination: {{Destination_Host}}" ] } } ], "links": [ { "source": "User_Name", "target": "User_Host", "value": "interval_count", "tooltip": { "templates": [ "{{User_Name}} » {{User_Host}}", "Count: {{interval_count}}" ] }, "isGraphGroup": true }, { "source": "User_Host", "target": "Destination_Host", "value": "interval_count", "tooltip": { "templates": [ "{{User_Host}} » {{Destination_Host}}", "DeviceEventClassID: {{Access_Result}}", "Count: {{interval_count}}" ] } } ] }
|