Data structure of event type description

For each event type, its display name, identifier (ID), alphabetic code, description, and the default storage term are provided.

• Event type display name. This text is displayed in Kaspersky Security Center when you configure events and when they occur.
• Event type ID. This numerical code is used when you process events by using third-party tools for event analysis.
• Event type (alphabetic code). This code is used when you browse and process events by using public views that are provided in the Kaspersky Security Center database and when events are exported to a SIEM system.
• Description. This text contains the situations when an event occurs and what you can do in such a case.
• Default storage term. This is the number of days during which the event is stored in the Administration Server database and is displayed in the list of events on Administration Server. After this period elapses, the event is deleted. If the event storage term value is 0, such events are detected but are not displayed in the list of events on Administration Server. If you configured to save such events to the operating system event log, you can find them there.

  You can change the storage term for events:

  • Administration Console: Setting the storage term for an event
  • Kaspersky Security Center Web Console: Setting the storage term for an event

Other data may include the following fields:

• event_id: unique number of the event in the database, generated and assigned automatically; not to be confused with Event type ID.
• task_id: the ID of the task that caused the event (if any)
• severity: one of the following severity levels (in the ascending order of severity):

  0) Invalid severity level

  1) Info

  2) Warning

  3) Error

  4) Critical