Kaspersky Security Center Automation  10.0
List of event filter attributes.


Event severity. May have following values.

  • 1 – severity "Information"
  • 2 – severity "Warning"
  • 3 – severity "Error"
  • 4 – severity "Critical"

"KLEVP_EVENT_PRODUCT" String Product name *
"KLEVP_EVENT_VERSION" String Product version name *
"KLEVP_EVENT_HOST" String Host name – a unique server-generated string
"KLEVP_EVENT_TASK_NAME" String Display name of the task
"KLEVP_EVENT_HOST_DISPNAME" String Display name of the host
"KLEVP_EVENT_HOST_GROUP" String Name of the group where host is located

Name of the event type. Following values are possible.

  • "KLPRCI_TaskState" – Task state changed, see "task_new_state" attribute.
  • "GNRL_EV_SUSPICIOUS_OBJECT_FOUND" – Suspicious object found.
  • "GNRL_EV_VIRUS_FOUND" – Virus found.
  • "GNRL_EV_OBJECT_CURED" – Object was cured.
  • "GNRL_EV_OBJECT_DELETED" – Object was deleted.
  • "GNRL_EV_PASSWD_ARCHIVE_FOUND" – Password-protected archive was found.
  • "GNRL_EV_OBJECT_QUARANTINED" – Object was put into quarantine.
  • "GNRL_EV_OBJECT_NOTCURED" – Object wasn't cured.

See also Parameters GNRL_EA_PARAM_* for some events.

"task_new_state" Integer

Task state (for events of type "KLPRCI_TaskState"). Following values are possible.

  • 1 – Task running
  • 2 – Task suspended
  • 3 – Task failed
  • 4 – Task completed successfully

"KLEVP_EVENT_RISE_TIME_LEAST" Time Earliest UTC time when the event was published.
"KLEVP_EVENT_RISE_TIME_GREATEST" Time Latest UTC time when the event was published.
"EVP_MAX_EVENTS_COUNT" Integer Resultset must not contain more that specified number of event records.