Data structure of event type description
Nov 27, 2023
For each event type, its display name, identifier (ID), alphabetic code, description, and the default storage term are provided.
- Event type display name. This text is displayed in Kaspersky Security Center when you configure events and when they occur.
- Event type ID. This numerical code is used when you process events by using third-party tools for event analysis.
- Event type (alphabetic code). This code is used when you browse and process events by using public views that are provided in the Kaspersky Security Center database and when events are exported to a SIEM system.
- Description. This text contains the situations when an event occurs and what you can do in such a case.
- Default storage term. This is the number of days during which the event is stored in the Administration Server database and is displayed in the list of events on Administration Server. After this period elapses, the event is deleted. If the event storage term value is 0, such events are detected but are not displayed in the list of events on Administration Server. If you configured to save such events to the operating system event log, you can find them there.
You can change the storage term for events:
Other data may include the following fields:
- event_id: unique number of the event in the database, generated and assigned automatically; not to be confused with Event type ID.
- task_id: the ID of the task that caused the event (if any)
- severity: one of the following severity levels (in the ascending order of severity):
0) Invalid severity level