Skip to main content

Kaspersky Security Center (Beta)

Supported versions

Supported Cortex XSOAR versions: 5.5.0 and later.

beta

This is a beta Integration, which lets you implement and test pre-release software. Since the integration is beta, it might contain bugs. Updates to the integration during the beta phase might include non-backward compatible features. We appreciate your feedback on the quality and usability of the integration to help us identify issues, fix them, and continually improve.

The administration console for controlling all Kaspersky Lab security solutions and system administration tools.

This integration was integrated and tested with version 12 of Kaspersky Security Center.

Note: The integration is in beta because it only covers a subset of the endpoints and API use cases.

Prerequisites#

The user should be assigned to a role with the relevant devices in scope, and the following access rights:

  • Basic functionality - Read

  • Management of administration groups - Modify

Configure Kaspersky Security Center on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for Kaspersky Security Center.

  3. Click Add instance to create and configure a new integration instance.

    ParameterRequired
    Server URL (e.g., https://kaspersky.domain.com:13299)True
    UsernameTrue
    PasswordTrue
    Trust any certificate (not secure)False
    Use system proxy settingsFalse
  4. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

ksc-hosts-list#


Returns a list of hosts.

Base Command#

ksc-hosts-list

Input#

Argument NameDescriptionRequired
filterFilter which contains a condition over host attributes, e.g., KLHST_WKS_OS_NAME = "Microsoft Windows Server 2016". See the integration documentation for the search filter syntax.Optional
limitThe maximum number of hosts to return. Default is 50.Optional

Context Output#

PathTypeDescription
KasperskySecurityCenter.Host.KLHST_WKS_DNStringHost display name.
KasperskySecurityCenter.Host.KLHST_WKS_DNSDOMAINStringDNS suffix.
KasperskySecurityCenter.Host.KLHST_WKS_DNSNAMEStringDNS name without DNS suffix.
KasperskySecurityCenter.Host.KLHST_WKS_FQDNStringHost FQDN name.
KasperskySecurityCenter.Host.KLHST_WKS_GROUPIDStringID of administration group where host is located.
KasperskySecurityCenter.Host.KLHST_WKS_HOSTNAMEStringHost name ID.
KasperskySecurityCenter.Host.KLHST_WKS_OS_NAMEStringOperating system name.

Command Example#

!ksc-hosts-list filter=KLHST_WKS_OS_NAME = "Microsoft Windows Server 2016"

Context Example#

{
"KasperskySecurityCenter": {
"Host": {
"KLHST_WKS_DN": "EC2AMAZ-U66K3KL",
"KLHST_WKS_DNSDOMAIN": "eu-west-2.compute.internal",
"KLHST_WKS_DNSNAME": "ip-172-32-34-237",
"KLHST_WKS_FQDN": "ip-172-32-34-237.eu-west-2.compute.internal",
"KLHST_WKS_GROUPID": 0,
"KLHST_WKS_HOSTNAME": "4328e16f-bf83-47c3-8d0b-0fdf79f9d673",
"KLHST_WKS_OS_NAME": "Microsoft Windows Server 2016"
}
}
}

Human Readable Output#

Hosts List#

KLHST_WKS_HOSTNAMEKLHST_WKS_DNKLHST_WKS_OS_NAMEKLHST_WKS_FQDN
4328e16f-bf83-47c3-8d0b-0fdf79f9d673EC2AMAZ-U66K3JKMicrosoft Windows Server 2016ip-172-32-34-237.eu-west-2.compute.internal

ksc-host-get#


Returns details of a host

Base Command#

ksc-host-get

Input#

Argument NameDescriptionRequired
hostnameThe unique hostname GUID to retrieve the details of. Can be retrieved using the ksc-hosts-list command.Required

Context Output#

PathTypeDescription
Endpoint.IDStringThe unique ID within the tool retrieving the endpoint.
Endpoint.OSStringEndpoint OS.
Endpoint.HostnameStringThe hostname that is mapped to this endpoint.
Endpoint.DomainStringThe domain of the endpoint.
KasperskySecurityCenter.Host.KLHST_WKS_DNStringHost display name.
KasperskySecurityCenter.Host.KLHST_INSTANCEIDStringNetwork agent ID.
KasperskySecurityCenter.Host.KLHST_WKS_DNSDOMAINStringDNS suffix.
KasperskySecurityCenter.Host.KLHST_WKS_DNSNAMEStringDNS name without DNS suffix.
KasperskySecurityCenter.Host.KLHST_WKS_FQDNStringHost FQDN name.
KasperskySecurityCenter.Host.KLHST_WKS_GROUPIDStringID of administration group where host is located.
KasperskySecurityCenter.Host.KLHST_WKS_HOSTNAMEStringHost name ID.
KasperskySecurityCenter.Host.KLHST_WKS_OS_NAMEStringOperating system name.
KasperskySecurityCenter.Host.KLHST_WKS_ANTI_SPAM_STATUSNumberProduct component status.
KasperskySecurityCenter.Host.KLHST_WKS_COLLAB_SRVS_STATUSNumberCollaboration servers protection status.
KasperskySecurityCenter.Host.KLHST_WKS_CPU_ARCHNumberCPU architecture from the operating system point of view (since KSC 10 SP1).
KasperskySecurityCenter.Host.KLHST_WKS_CREATED.valueDateTime of host record creation.
KasperskySecurityCenter.Host.KLHST_WKS_CTYPENumberComputer type.
KasperskySecurityCenter.Host.KLHST_WKS_DLP_STATUSNumberDLP status.
KasperskySecurityCenter.Host.KLHST_WKS_EDR_STATUSNumberEDR component status.
KasperskySecurityCenter.Host.KLHST_WKS_LAST_VISIBLE.valueDateLast host visibility time.
KasperskySecurityCenter.Host.KLHST_WKS_NAG_VERSIONStringNetwork agent build number in format A.B.C[.D].
KasperskySecurityCenter.Host.KLHST_WKS_NAG_VER_IDNumberNetwork Agent version ID.
KasperskySecurityCenter.Host.KLHST_WKS_OSSP_VER_MAJORNumberService Pack version major part (since KSC 10 SP1).
KasperskySecurityCenter.Host.KLHST_WKS_OSSP_VER_MINORNumberService Pack version minor part (since KSC 10 SP1).
KasperskySecurityCenter.Host.KLHST_WKS_OS_BUILD_NUMBERNumberOperating system version build number.
KasperskySecurityCenter.Host.KLHST_WKS_OS_RELEASE_IDNumberOperating system version release ID (for Windows 10).
KasperskySecurityCenter.Host.KLHST_WKS_OWNER_IS_CUSTOMBooleanIf owner was changed via UpdateHostwith KLHST_WKS_CUSTOM_OWNER_ID.
KasperskySecurityCenter.Host.KLHST_WKS_PTYPENumberPlatform type.
KasperskySecurityCenter.Host.KLHST_WKS_RBT_REQUEST_REASONNumberReboot request reasons mask.
KasperskySecurityCenter.Host.KLHST_WKS_RBT_REQUIREDBooleanIf reboot is required.
KasperskySecurityCenter.Host.KLHST_WKS_RTP_AV_BASES_TIME.valueDateAnti-virus bases time.
KasperskySecurityCenter.Host.KLHST_WKS_RTP_AV_VERSIONStringProtection build number in format A.B.C[.D].
KasperskySecurityCenter.Host.KLHST_WKS_STATUSNumberHost status.

Command Example#

!ksc-host-get hostname="4328e16f-bf83-47c3-8d0b-0fdf79f9d673"

Context Example#

{
"Endpoint": {
"ID": "4328e16f-bf83-47c3-8d0b-0fdf79f9d673",
"OS": "Microsoft Windows Server 2016",
"Hostname": "EC2AMAZ-U66K3L",
"Domain": "eu-west-2.compute.internal"
},
"KasperskySecurityCenter": {
"Host": {
"KLHST_INSTANCEID": "025ed285-389b-44c5-a9ef-6e723f7d9466",
"KLHST_WKS_ANTI_SPAM_STATUS": 0,
"KLHST_WKS_COLLAB_SRVS_STATUS": 0,
"KLHST_WKS_CPU_ARCH": 2,
"KLHST_WKS_CREATED": {
"type": "datetime",
"value": "2021-02-23T10:14:33Z"
},
"KLHST_WKS_CTYPE": 36871,
"KLHST_WKS_DLP_STATUS": 0,
"KLHST_WKS_DN": "EC2AMAZ-U66K3L",
"KLHST_WKS_DNSDOMAIN": "eu-west-2.compute.internal",
"KLHST_WKS_DNSNAME": "ip-172-32-34-237",
"KLHST_WKS_EDR_STATUS": 0,
"KLHST_WKS_EMAIL_AV_STATUS": 0,
"KLHST_WKS_FQDN": "ip-172-32-34-237.eu-west-2.compute.internal",
"KLHST_WKS_GROUPID": 0,
"KLHST_WKS_HOSTNAME": "4328e16f-bf83-47c3-8d0b-0fdf79f9d673",
"KLHST_WKS_LAST_VISIBLE": {
"type": "datetime",
"value": "2021-03-23T08:55:52Z"
},
"KLHST_WKS_NAG_VERSION": "12.2.0.4376",
"KLHST_WKS_NAG_VER_ID": 786434,
"KLHST_WKS_OSSP_VER_MAJOR": 0,
"KLHST_WKS_OSSP_VER_MINOR": 0,
"KLHST_WKS_OS_BUILD_NUMBER": 14393,
"KLHST_WKS_OS_NAME": "Microsoft Windows Server 2016",
"KLHST_WKS_OS_RELEASE_ID": 1607,
"KLHST_WKS_OWNER_IS_CUSTOM": false,
"KLHST_WKS_PTYPE": 2,
"KLHST_WKS_RBT_REQUEST_REASON": 0,
"KLHST_WKS_RBT_REQUIRED": false,
"KLHST_WKS_RTP_AV_BASES_TIME": {
"type": "datetime",
"value": "2021-03-23T00:19:00Z"
},
"KLHST_WKS_RTP_AV_VERSION": "11.5.0.590",
"KLHST_WKS_STATUS": 29
}
}
}

Human Readable Output#

Host 4328e16f-bf83-47c3-8d0b-0fdf79f9d673#

KLHST_WKS_HOSTNAMEKLHST_WKS_OS_NAMEKLHST_WKS_FQDNKLHST_WKS_DNKLHST_WKS_NAG_VERSION
4328e16f-bf83-47c3-8d0b-0fdf79f9d673Microsoft Windows Server 2016ip-172-32-34-237.eu-west-2.compute.internalEC2AMAZ-U66K3L12.2.0.4376

ksc-groups-list#


Returns a list of groups.

Base Command#

ksc-groups-list

Input#

Argument NameDescriptionRequired
filterFilter which contains a condition over group attributes, e.g., name = "Managed devices". See the integration documentation for the search filter syntax.Optional
limitThe maximum number of groups to return. Default is 50.Optional

Context Output#

PathTypeDescription
KasperskySecurityCenter.Group.idNumberGroup ID.
KasperskySecurityCenter.Group.nameStringGroup name.

Command Example#

!ksc-groups-list filter=name = "Managed devices"

Context Example#

{
"KasperskySecurityCenter": {
"Group": {
"id": 0,
"name": "Managed devices"
}
}
}

Human Readable Output#

Groups List#

idname
0Managed devices

ksc-group-add#


Create new administration group.

Base Command#

ksc-group-add

Input#

Argument NameDescriptionRequired
nameThe name of the group to add.Required
parent_idID of group under which to create the group. Can be retrieved using the ksc-groups-list command.Required

Context Output#

PathTypeDescription
KasperskySecurityCenter.Group.idNumberGroup ID.
KasperskySecurityCenter.Group.nameStringGroup name.

Command Example#

!ksc-group-add name="Assigned Devices" parent_id=1

Context Example#

{
"KasperskySecurityCenter": {
"Group": {
"id": 10,
"name": "Assigned Devices"
}
}
}

Human Readable Output#

Group was added successfully#

idname
10Assigned Devices

ksc-group-delete#


Deletes an administrative group.

Base Command#

ksc-group-delete

Input#

Argument NameDescriptionRequired
group_idID of group to delete. Can be retrieved using the ksc-groups-list command.Required
flags1 = Delete group only if it is empty, 2 = delete group with subgroups, policies and tasks 3 = delete group with subgroups, hosts, policies and tasks. Possible values are: 1, 2, 3. Default is 1.Optional

Context Output#

There is no context output for this command.

Command Example#

!ksc-group-delete group_id=10 flags=1

Human Readable Output#

Delete group action was submitted

ksc-software-applications-list#


Returns limited attributes for all software applications.

Base Command#

ksc-software-applications-list

Input#

There are no input arguments for this command.

Context Output#

PathTypeDescription
KasperskySecurityCenter.Inventory.Software.ARPRegKeyStringSubkey for application under registry key for list of add-remove progamms.
KasperskySecurityCenter.Inventory.Software.CommentsStringSoftware application comments.
KasperskySecurityCenter.Inventory.Software.DisplayNameStringSoftware application display name.
KasperskySecurityCenter.Inventory.Software.DisplayVersionStringSoftware application display version.
KasperskySecurityCenter.Inventory.Software.ProductIDStringSoftware application product ID.
KasperskySecurityCenter.Inventory.Software.PublisherStringSoftware application publisher.

Command Example#

!ksc-software-applications-list

Context Example#

{
"KasperskySecurityCenter": {
"Inventory": {
"Software": [
{
"ARPRegKey": "{E8C99927-8E6E-4B6B-B80C-1B8B23B1767D}",
"CleanerProductName": "",
"Comments": "",
"DisplayName": "Microsoft SQL Server 2014 Transact-SQL ScriptDom ",
"DisplayVersion": "12.2.5000.0",
"HelpLink": "http://search.microsoft.com",
"HelpTelephone": "",
"InstallDate": "",
"InstallDir": "",
"LangId": 1033,
"PackageCode": "",
"ProductID": "03820C7E0D0202C290E1ED29F77E75F0",
"Publisher": "Microsoft Corporation",
"QuietUninstallString": "",
"UninstallString": "",
"VapmBuild": {
"type": "long",
"value": 0
},
"bIsMsi": true
},
{
"ARPRegKey": "{8CCB15BC-2D37-49A3-BF21-6D030D822CEA}",
"CleanerProductName": "",
"Comments": "",
"DisplayName": "Plug-in for Microsoft Exchange ActiveSync",
"DisplayVersion": "12.0.0.7734",
"HelpLink": "",
"HelpTelephone": "",
"InstallDate": "",
"InstallDir": "",
"LangId": 0,
"PackageCode": "",
"ProductID": "1F2C9666BE2192456F484CA31F0371F3",
"Publisher": "Kaspersky",
"QuietUninstallString": "",
"UninstallString": "",
"VapmBuild": {
"type": "long",
"value": 0
},
"bIsMsi": false
}
]
}
}
}

Human Readable Output#

Inventory Software Applications#

DisplayNamePublisherDisplayVersion
Microsoft SQL Server 2014 Transact-SQL ScriptDomMicrosoft Corporation12.2.5000.0
Plug-in for Microsoft Exchange ActiveSyncKaspersky12.0.0.7734

ksc-software-patches-list#


Returns limited attributes for all software application updates.

Base Command#

ksc-software-patches-list

Input#

There are no input arguments for this command.

Context Output#

PathTypeDescription
KasperskySecurityCenter.Inventory.Patch.ClassificationStringClassification of the update.
KasperskySecurityCenter.Inventory.Patch.CommentsStringSoftware application patch comments.
KasperskySecurityCenter.Inventory.Patch.DisplayNameStringSoftware application patch display name.
KasperskySecurityCenter.Inventory.Patch.DisplayVersionStringSoftware application patch display version.
KasperskySecurityCenter.Inventory.Patch.PatchIDStringSoftware application patch ID.
KasperskySecurityCenter.Inventory.Patch.PublisherStringSoftware application patch publisher.

Command Example#

!ksc-software-patches-list

Context Example#

{
"KasperskySecurityCenter": {
"Inventory": {
"Patch": [
{
"Classification": "",
"Comments": "",
"DisplayName": "Service Pack 2 for SQL Server 2014 (KB3171021) (64-bit)",
"DisplayVersion": "12.2.5000.0",
"HelpLink": "http://support.microsoft.com/?kbid=3171021",
"HelpTelephone": "",
"InstallDate": "",
"MoreInfoURL": "",
"ParentID": "",
"PatchID": "63EC6F65A3D1E99FB87FB0B206EED9D1",
"Publisher": "Microsoft Corporation",
"QuietUninstallString": "",
"UninstallString": "",
"bIsMsi": false
},
{
"Classification": "Update",
"Comments": "",
"DisplayName": "Update (KB3176936)",
"DisplayVersion": "",
"HelpLink": "http://support.microsoft.com/?kbid=3176936",
"HelpTelephone": "",
"InstallDate": "",
"MoreInfoURL": "",
"ParentID": "",
"PatchID": "KB3176936",
"Publisher": "Microsoft Windows",
"QuietUninstallString": "",
"UninstallString": "",
"bIsMsi": false
}
]
}
}
}

Human Readable Output#

Inventory Software Patches#

DisplayNamePublisherDisplayVersion
Service Pack 2 for SQL Server 2014 (KB3171021) (64-bit)Microsoft Corporation12.2.5000.0
Update (KB3176936)Microsoft Windows

ksc-host-software-applications-list#


Retrieve software applications for a host.

Base Command#

ksc-host-software-applications-list

Input#

Argument NameDescriptionRequired
hostnameThe unique hostname GUID to retrieve the software applications of. Can be retrieved using the ksc-hosts-list command.Required

Context Output#

PathTypeDescription
KasperskySecurityCenter.Host.Software.ARPRegKeyStringSubkey for application under registry key for list of add-remove progamms.
KasperskySecurityCenter.Host.Software.CommentsStringSoftware application comments.
KasperskySecurityCenter.Host.Software.DisplayNameStringSoftware application display name.
KasperskySecurityCenter.Host.Software.DisplayVersionStringSoftware application display version.
KasperskySecurityCenter.Host.Software.ProductIDStringSoftware application product ID.
KasperskySecurityCenter.Host.Software.PublisherStringSoftware application publisher.

Command Example#

!ksc-host-software-applications-list hostname=4328e16f-bf83-47c3-8d0b-0fdf79f9d673

Context Example#

{
"KasperskySecurityCenter": {
"Host": {
"Software": [
{
"ARPRegKey": "{E8C99927-8E6E-4B6B-B80C-1B8B23B1767D}",
"CleanerProductName": "",
"Comments": "",
"DisplayName": "Microsoft SQL Server 2014 Transact-SQL ScriptDom ",
"DisplayVersion": "12.2.5000.0",
"HelpLink": "http://search.microsoft.com",
"HelpTelephone": "",
"InstallDate": "20210223",
"InstallDir": "",
"InstanceID": {
"type": "binary",
"value": "AA=="
},
"LangId": 1033,
"PackageCode": "",
"ProductID": "03820C7E0D0202C290E1ED29F77E75F0",
"Publisher": "Microsoft Corporation",
"QuietUninstallString": "msiexec.exe /X {E8C99927-8E6E-4B6B-B80C-1B8B23B1767D} /quiet /norestart",
"UninstallString": "MsiExec.exe /I{E8C99927-8E6E-4B6B-B80C-1B8B23B1767D}",
"VapmBuild": {
"type": "long",
"value": 0
},
"bIsMsi": true
},
{
"ARPRegKey": "{8CCB15BC-2D37-49A3-BF21-6D030D822CEA}",
"CleanerProductName": "",
"Comments": "",
"DisplayName": "Plug-in for Microsoft Exchange ActiveSync",
"DisplayVersion": "12.0.0.7734",
"HelpLink": "",
"HelpTelephone": "",
"InstallDate": "20210223",
"InstallDir": "C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Security Center\\Plugins\\",
"InstanceID": {
"type": "binary",
"value": "AA=="
},
"LangId": 0,
"PackageCode": "",
"ProductID": "1F2C9666BE2192456F484CA31F0371F3",
"Publisher": "Kaspersky",
"QuietUninstallString": "msiexec.exe /X {8CCB15BC-2D37-49A3-BF21-6D030D822CEA} /quiet /norestart",
"UninstallString": "MsiExec.exe /X{8CCB15BC-2D37-49A3-BF21-6D030D822CEA}",
"VapmBuild": {
"type": "long",
"value": 0
},
"bIsMsi": false
}
]
}
}
}

Human Readable Output#

Host 4328e16f-bf83-47c3-8d0b-0fdf79f9d673 Software Applications#

DisplayNamePublisherDisplayVersion
Microsoft SQL Server 2014 Transact-SQL ScriptDomMicrosoft Corporation12.2.5000.0
Plug-in for Microsoft Exchange ActiveSyncKaspersky12.0.0.7734

ksc-host-software-patches-list#


Retrieves patches for a host.

Base Command#

ksc-host-software-patches-list

Input#

Argument NameDescriptionRequired
hostnameThe unique hostname GUID to retrieve the software patches of. Can be retrieved using the ksc-hosts-list command.Required

Context Output#

PathTypeDescription
KasperskySecurityCenter.Host.Patch.ClassificationStringClassification of the update.
KasperskySecurityCenter.Host.Patch.CommentsStringSoftware application patch comments.
KasperskySecurityCenter.Host.Patch.DisplayNameStringSoftware application patch display name.
KasperskySecurityCenter.Host.Patch.DisplayVersionStringSoftware application patch display version.
KasperskySecurityCenter.Host.Patch.PatchIDStringSoftware application patch ID.
KasperskySecurityCenter.Host.Patch.PublisherStringSoftware application patch publisher.

Command Example#

!ksc-host-software-patches-list hostname=4328e16f-bf83-47c3-8d0b-0fdf79f9d673

Context Example#

{
"KasperskySecurityCenter": {
"Host": {
"Patch": [
{
"Classification": "",
"Comments": "",
"DisplayName": "Service Pack 2 for SQL Server 2014 (KB3171021) (64-bit)",
"DisplayVersion": "12.2.5000.0",
"HelpLink": "http://support.microsoft.com/?kbid=3171021",
"HelpTelephone": "",
"InstallDate": "",
"MoreInfoURL": "",
"ParentID": "F1ACBE9BCAB229A280C0C7F64FC45600",
"PatchID": "63EC6F65A3D1E99FB87FB0B206EED9D1",
"Publisher": "Microsoft Corporation",
"QuietUninstallString": "",
"UninstallString": "",
"bIsMsi": false
},
{
"Classification": "Update",
"Comments": "",
"DisplayName": "Update (KB3176936)",
"DisplayVersion": "",
"HelpLink": "http://support.microsoft.com/?kbid=3176936",
"HelpTelephone": "",
"InstallDate": "",
"MoreInfoURL": "",
"ParentID": "FDDE89CD0E6BCE9BD4CAAB06897AAF74",
"PatchID": "KB3176936",
"Publisher": "Microsoft Windows",
"QuietUninstallString": "",
"UninstallString": "",
"bIsMsi": false
}
]
}
}
}

Human Readable Output#

Host 4328e16f-bf83-47c3-8d0b-0fdf79f9d673 Software Patches#

DisplayNamePublisherDisplayVersion
Service Pack 2 for SQL Server 2014 (KB3171021) (64-bit)Microsoft Corporation12.2.5000.0
Update (KB3176936)Microsoft Windows

ksc-policies-list#


Returns policies located in specified group.

Base Command#

ksc-policies-list

Input#

Argument NameDescriptionRequired
group_idID of group to retrieve the policies of. Can be retrieved using the ksc-groups-list command. Set to -1 to retrieve policies of all groups. Default is -1.Required

Context Output#

PathTypeDescription
KasperskySecurityCenter.Policy.KLPOL_ACTIVEBooleanWhether the policy is active.
KasperskySecurityCenter.Policy.KLPOL_CREATED.valueDatePolicy creation date.
KasperskySecurityCenter.Policy.KLPOL_MODIFIED.valueDatePolicy modification date.
KasperskySecurityCenter.Policy.KLPOL_DNStringPolicy display name.
KasperskySecurityCenter.Policy.KLPOL_PRODUCTStringPolicy product name.
KasperskySecurityCenter.Policy.KLPOL_VERSIONStringPolicy product version.
KasperskySecurityCenter.Policy.KLPOL_GROUP_IDNumberPolicy group ID.
KasperskySecurityCenter.Policy.KLPOL_IDNumberPolicy ID.

Command Example#

!ksc-policies-list group_id=0

Context Example#

{
"KasperskySecurityCenter": {
"Policy": [
{
"KLPOL_ACCEPT_PARENT": true,
"KLPOL_ACTIVE": true,
"KLPOL_CREATED": {
"type": "datetime",
"value": "2021-02-25T08:14:39Z"
},
"KLPOL_DN": "Kaspersky Endpoint Security for Windows (11.5.0)",
"KLPOL_FORCED": false,
"KLPOL_FORCE_DISTRIB2CHILDREN": false,
"KLPOL_GROUP_ID": 0,
"KLPOL_GROUP_NAME": "Managed devices",
"KLPOL_GSYN_ID": 13,
"KLPOL_HIDE_ON_SLAVES": false,
"KLPOL_ID": 1,
"KLPOL_INHERITED": false,
"KLPOL_MODIFIED": {
"type": "datetime",
"value": "2021-02-25T08:14:43Z"
},
"KLPOL_PRODUCT": "KES",
"KLPOL_PROFILES_NUM": 0,
"KLPOL_ROAMING": false,
"KLPOL_VERSION": "11.0.0.0"
},
{
"KLPOL_ACCEPT_PARENT": true,
"KLPOL_ACTIVE": true,
"KLPOL_CREATED": {
"type": "datetime",
"value": "2021-02-25T08:14:44Z"
},
"KLPOL_DN": "Kaspersky Security Center Network Agent",
"KLPOL_FORCED": false,
"KLPOL_FORCE_DISTRIB2CHILDREN": false,
"KLPOL_GROUP_ID": 0,
"KLPOL_GROUP_NAME": "Managed devices",
"KLPOL_GSYN_ID": 14,
"KLPOL_HIDE_ON_SLAVES": false,
"KLPOL_ID": 2,
"KLPOL_INHERITED": false,
"KLPOL_MODIFIED": {
"type": "datetime",
"value": "2021-02-25T08:14:44Z"
},
"KLPOL_PRODUCT": "1103",
"KLPOL_PROFILES_NUM": 0,
"KLPOL_ROAMING": false,
"KLPOL_VERSION": "1.0.0.0"
}
]
}
}

Human Readable Output#

Policies List#

KLPOL_IDKLPOL_DNKLPOL_PRODUCTKLPOL_VERSION
1Kaspersky Endpoint Security for Windows (11.5.0)KES11.0.0.0
2Kaspersky Security Center Network Agent11031.0.0.0

ksc-policy-get#


Retrieves data for specified policy.

Base Command#

ksc-policy-get

Input#

Argument NameDescriptionRequired
policy_idID of policy to retrieve details of. Can be retrieved using the ksc-policies-list command.Required

Context Output#

PathTypeDescription
KasperskySecurityCenter.Policy.KLPOL_ACTIVEBooleanWhether the policy is active.
KasperskySecurityCenter.Policy.KLPOL_CREATED.valueDatePolicy creation date.
KasperskySecurityCenter.Policy.KLPOL_MODIFIED.valueDatePolicy modification date.
KasperskySecurityCenter.Policy.KLPOL_DNStringPolicy display name.
KasperskySecurityCenter.Policy.KLPOL_PRODUCTStringPolicy product name.
KasperskySecurityCenter.Policy.KLPOL_VERSIONStringPolicy product version.
KasperskySecurityCenter.Policy.KLPOL_GROUP_IDNumberPolicy group ID.
KasperskySecurityCenter.Policy.KLPOL_IDNumberPolicy ID.

Command Example#

!ksc-policy-get policy_id=1

Context Example#

{
"KasperskySecurityCenter": {
"Policy": {
"KLPOL_ACCEPT_PARENT": true,
"KLPOL_ACTIVE": true,
"KLPOL_CREATED": {
"type": "datetime",
"value": "2021-02-25T08:14:39Z"
},
"KLPOL_DN": "Kaspersky Endpoint Security for Windows (11.5.0)",
"KLPOL_FORCED": false,
"KLPOL_FORCE_DISTRIB2CHILDREN": false,
"KLPOL_GROUP_ID": 0,
"KLPOL_GROUP_NAME": "Managed devices",
"KLPOL_GSYN_ID": 13,
"KLPOL_HIDE_ON_SLAVES": false,
"KLPOL_ID": 1,
"KLPOL_INHERITED": false,
"KLPOL_MODIFIED": {
"type": "datetime",
"value": "2021-02-25T08:14:43Z"
},
"KLPOL_PRODUCT": "KES",
"KLPOL_ROAMING": false,
"KLPOL_VERSION": "11.0.0.0"
}
}
}

Human Readable Output#

Policy 1#

KLPOL_IDKLPOL_DNKLPOL_PRODUCTKLPOL_VERSION
1Kaspersky Endpoint Security for Windows (11.5.0)KES11.0.0.0

Search Filter Syntax#

A number of commands are using a search filter that has syntax resembling one from RFC 2254.

filter = "(" filtercomp ")"
filtercomp = and / or / not / item
and = "&" filterlist
or = "|" filterlist
not = "!" filter
filterlist = 1*filter
item = simple
simple = attr filtertype value
filtertype = equal / greater / less / notequal
equal = "="
greater = ">"
less = "<"
notequal = "<>"
attr = AttributeDescription
value = Integer / Quoted string / UTC time / Binary
  • Integer must be provided as signed decimal.

  • Quoted string may contain following wildcards. If 'value' in 'simple' has wildcards then 'filtertype' must be 'equal'

    WildcardDescription
    ?Any single character.
    *Any string of zero or more characters.
    [ ]Any single character within the specified range ([a-f]) or set ([abcdef]).
    [^]Any single character not within the specified range (a-f) or set (abcdef).
  • UTC time can be specified either in absolute or relative format. Absolute format: T"YYYY-MM-DD hh:mm:ss" Example: T"2005-04-27 23:59:01" To specify UTC time in relative format the 'Pseudovalue' CURTIME([\<signed integer delta>]) may be used as "current time (in UTC) + \<signed integer delta>"

  • Binary must be provided as hex with '0x' prefix. For example, 0xF41748C0BEF943a6AE2C5D1010F046A.