Kaspersky Security Center

API Reference Guide

July 22, 2024

ID 211453

This Kaspersky Security Center OpenAPI reference guide is designed to assist in the following tasks:

  • Automation and customization. You can automate tasks that you might not want to handle manually by using Administration Console. You can also implement custom scenarios that are not yet supported in Administration Console. For example, as an administrator, you can use Kaspersky Security Center OpenAPI to create and run scripts that will facilitate developing the structure of administration groups and keep that structure up-to-date.
  • Custom development. For example, you can develop an alternative MMC-based Administration Console for your clients, which permits a limited set of actions.

In the OpenAPI reference guide, you can use the search field in the right part of the screen to locate the information you need.


Samples of scripts

The OpenAPI reference guide contains samples of the Python scripts listed in the table below. The samples show how you can call OpenAPI methods and automatically accomplish various tasks for protecting your network, for instance, create a "primary/secondary" hierarchy, run tasks in Kaspersky Security Center, or assign distribution points. You can run the samples as is or create your own scripts based on the samples.

To call the OpenAPI methods and run scripts:

  1. Download the KlAkOAPI.tar.gz archive. This archive includes the KlAkOAPI package and samples (you can copy them from the archive or the OpenAPI reference guide). The KlAkOAPI.tar.gz archive is also located in the Kaspersky Security Center installation folder.
  2. Install the KlAkOAPI package from the KlAkOAPI.tar.gz archive on a device where Administration Server is installed.

    You can call the OpenAPI methods, run the samples and your own scripts only on devices where Administration Server and the KlAkOAPI package are installed.

    Matching between user scenarios and samples of Kaspersky Security Center OpenAPI methods


    Purpose of the sample


    Log KlAkParams

    You can extract and process data by using the KlAkParams data structure. The sample shows how to work with this data structure.

    The sample output may be present in different ways. You can get the data to send an HTTP method or to use it in your code.

    Monitoring and reporting

    Create and delete a "primary/secondary" hierarchy

    You can add a secondary Administration Server and establish a "primary/secondary" hierarchy. Alternately, you can disconnect the secondary Administration Server from the hierarchy.

    Create the group hierarchy with a structure based on the Active Directory unit

    You can poll the Active Directory unit and form a hierarchy of discovered device groups.

    Creating administration groups

    Create the group hierarchy with a structure based on the cached Active Directory unit

    You can form a hierarchy of the managed device groups based on the Active Directory unit polled earlier. If new devices appear in the Active Directory after the last polling, they are not added into the group because they are not in the saved polling results.

    Creating administration groups

    Download network list files via connection gateway to the specified device

    You can connect to Network Agent on the needed device by using a connection gateway, and then download a file with the network list to your device.

    Adjustment of distribution points and connection gateways

    Install a license key stored in the primary Administration Server repository onto the secondary Administration Servers

    You can connect to the primary Administration Server, download a required license key from it, and transmit this key to all the secondary Administration Servers included in a hierarchy.

    Licensing of managed applications

    Create a report of effective user rights

    You can create different reports. For instance, you can generate the report of effective user rights by using this sample. This report describes the rights that a user has, depending on his or her group and role.

    You can download the report in the HTML, PDF, or Excel format.

    Generating and viewing a report

    Start a task for a device

    You can connect to Network Agent on the needed device by using a connection gateway, and then run the necessary task.

    Starting a task manually

    Create IP subnets based on Active Directory Site and Services

    You can create an IP subnet based on the Active Directory unit that you use.

    The sample launches polling of the specified IP range and deletes discovered subnets to avoid their conflict with a new subnet. Therefore, do not run this sample in the network where it is important to keep subnets.

    After polling, the sample refers to the Active Directory, examines every device in it, and creates the IP subnet. To do this, the sample uses masks and IP addresses of all devices.

    Configuring network protection

    Register distribution points for devices in a group

    You can assign managed devices as distribution points (previously known as update agents).

    Updating Kaspersky databases and applications

    Enumerate all groups

    You can perform various actions with administration groups. The sample shows how to do the following:

    • Get an identifier of the "Managed devices" root group
    • Move through the group hierarchy
    • Retrieve the full, expanded hierarchy of groups, along with their names and nesting

    Configuring Administration Server

    Enumerate tasks, query task statistics, and run a task

    You can find out the following information:

    • Task progress history
    • Current task status
    • Number of tasks in different statuses

    You can also run a task. By default, the sample runs a task after it outputs statistics.

    Monitoring task execution

    Create and run a task

    You can create a task. Specify the following task parameters in the sample:

    • Type
    • Method of run
    • Name
    • Device group for which the task will be used

    By default, the sample creates a task with the "Show message" type. You can run this task for all managed devices of Administration Server. If necessary, you can specify your own task parameters.

    Creating a task

    Enumerate license keys

    You can get a list of all the active license keys for Kaspersky applications installed on managed devices of Administration Server. The list contains detailed data about every license key, such as a name, type, or expiration date.

    Viewing information about license keys in use

    Create and find an internal user

    You can create an account for further work.

    Selecting the account to start Administration Server

    Create a custom category

    You can create the application category with the needed parameters.

    Creating an application category with content added manually

    Enumerate users by using SrvView

    You can use the SrvView class to request detailed information from the Administration Server. For instance, you can get a list of users by using this sample.

    Managing user accounts

Applications interacting with Kaspersky Security Center via OpenAPI

Some applications interact with Kaspersky Security Center via OpenAPI. Such applications include, for example, Kaspersky Anti Targeted Attack Platform or Kaspersky Security for Virtualization. This can also be a custom client application developed by you based on OpenAPI.

Applications interacting with Kaspersky Security Center via OpenAPI connect to Administration Server. If you have configured an allowlist of IP addresses for connecting to the Administration Server, add IP addresses of devices where applications using Kaspersky Security Center OpenAPI are installed. To find out whether the application that you use works by OpenAPI, see Help of this application.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.