Kaspersky Industrial CyberSecurity for Nodes SNMP traps options descriptions and possible values

Descriptions of the traps options and their possible values are given below:

• eventDateAndTime: event date and time.
• eventSeverity: importance level.

  The option can take the following values:

  • critical (1) – critical
  • warning (2) – warning
  • info (3) – informational
• userName: user name (for example, the name of a user that attempted to access an infected file).
• computerName: protected device name (for example, the name of a protected device from which a user attempted to access an infected file).
• eventSource: functional component that generated the event.

  The option can take the following values:

  • unknown (0) – functional component not known
  • quarantine (1) – Quarantine
  • backup (2) – Backup
  • reporting (3) – task logs
  • updates (4) – Update
  • realTimeProtection (5) – Real-Time File Protection
  • onDemandScanning (6) – On-Demand Scan
  • product (7) – event related to operation of Kaspersky Industrial CyberSecurity for Nodes as a whole rather than operation of individual components
  • systemAudit (8) – system audit log
• eventReason: event trigger: what triggered the event.

  The option can take the following values:

  • reasonUnknown (0) – reason is unknown.
  • reasonInvalidSettings (1) – only for Backup and Quarantine events. Displayed if the Quarantine or Backup folder is unavailable (insufficient access permissions or an invalid folder is specified in the Quarantine settings, for example, a network path is specified). In this case, Kaspersky Industrial CyberSecurity for Nodes will use the default Backup or Quarantine folder.
• objectName: an object name (for example, the name of the file where the virus was detected).
• threatName: The name of the object according to the Virus Encyclopedia classification. This name is included in the full name that Kaspersky Industrial CyberSecurity for Nodes returns on detecting an object. You can view the full name of a detected object in the task log.
• detectType: type of object detected.

  The option can take the following values:

  • undefined (0) – undefined
  • virware – classic viruses and network worms
  • trojware – Trojans
  • malware – other malicious applications
  • adware – advertising software
  • pornware – pornographic software
  • riskware – legitimate applications that may be used by intruders to damage the user's device or personal data
• detectCertainty: certainty level for threat detection.

  The option can take the following values:

  • Suspicion (probably infected) – Kaspersky Industrial CyberSecurity for Nodes has detected a partial match between a section of object code and a known section of malicious code.
  • Sure (infected) – Kaspersky Industrial CyberSecurity for Nodes has detected a complete match between a section of code in the object and a known section of malicious code.
• days: number of days (for example, the number of days until the license expiration date).
• errorCode: an error code.
• knowledgeBaseId: address of a knowledge base article (for example, address of an article that explains a particular error).
• taskName: a task name.
• updaterErrorEventReason: the reason for the update error.

  The option can take the following values:

  • reasonUnknown(0) – reason is unknown.
  • reasonAccessDenied – access denied.
  • reasonUrlsExhausted – the list of update sources has been exhausted.
  • reasonInvalidConfig – invalid configuration file.
  • reasonInvalidSignature – invalid signature.
  • reasonCantCreateFolder – folder cannot be created.
  • reasonFileOperError – file error.
  • reasonDataCorrupted – object is corrupted.
  • reasonConnectionReset – connection reset.
  • reasonTimeOut – connection timeout exceeded.
  • reasonProxyAuthError – proxy authentication error.
  • reasonServerAuthError – server authentication error.
  • reasonHostNotFound – device not found.
  • reasonServerBusy – server unavailable.
  • reasonConnectionError – connection error.
  • reasonModuleNotFound – object not found.
  • reasonBlstCheckFailed(16) – error while checking the key denylist. It is possible that database updates were being published at the time of the update; please repeat the update in a few minutes.
• storageObjectNotAddedEventReason: the reason why the object was not put in Backup or Quarantine.

  The option can take the following values:

  • reasonUnknown (0) – reason is unknown.
  • reasonStorageInternalError – database error; Kaspersky Industrial CyberSecurity for Nodes must be restored.
  • reasonStorageReadOnly – database is read-only; Kaspersky Industrial CyberSecurity for Nodes must be restored.
  • reasonStorageIOError – input-output error: a) Kaspersky Industrial CyberSecurity for Nodes is corrupted and needs to be restored; b) the disk where Kaspersky Industrial CyberSecurity for Nodes files are stored is corrupted.
  • reasonStorageCorrupted – storage is corrupted; Kaspersky Industrial CyberSecurity for Nodes must be restored.
  • reasonStorageFull – database is full; free disk space is required.
  • reasonStorageOpenError – database file could not be opened; Kaspersky Industrial CyberSecurity for Nodes must be restored.
  • reasonStorageOSFeatureError – some operating system features do not correspond to Kaspersky Industrial CyberSecurity for Nodes requirements.
  • reasonObjectNotFound – object being placed in Quarantine does not exist on the disk.
  • reasonObjectAccessError – insufficient permissions to use Backup API: the account being used to perform the operation does not have Backup Operator permissions.
  • reasonDiskOutOfSpace – not enough space on the disk.