Data on the environment of detected objects

Support

Support for business applications

Kaspersky Anti Targeted Attack (KATA) Platform

Interaction with external systems via API

API that external systems can use to receive information about application alerts

Scope of transmitted data

Data on the environment of detected objects

8 November 2023

ID 181471

The scope of transmitted data on the environment of detected objects depending on the source of the object is listed in the following table.

Data on the environment of detected objects

Source of the object	Parameter	Description	Data type	Example
`web`	`sourceIP`	IP address of the computer that established the connection.	IP address	`192.0.2.0`
	`sourceHostname`	Name of the computer that established the connection.	String	`example.com`
	`destinationIp`	IP address of the computer with which the connection was established.	IP address	`198.51.100.0`
	`destinationPort`	Port of the computer with which the connection was established.	Integer	`3128`
	`URL`	URL of the web resource that was accessed. IDS technology alerts do not have this parameter. For URL technology alerts, this parameter has the same value as the `detectedObject` parameter.	String	`https://example.com:443/`
	`method.`	HTTP request method.	String	`Connect`
	`referrer`	URL from which the redirect was made.	String	`https://example.com:443/`
	`agentString`	`User agent` header of the HTTP request that contains the name and version of the client application.	String	`Mozilla/4.0`
`mail`	`mailFrom`	Sender's email address.	String	`sender@example.com`
	`mailTo`	Comma-separated list of recipient email addresses.	Array	`recipient1@example.com, recipient2@example.com`
	`subject`	Subject of the message.	String	`'You are the winner'`
	`messageId`	Email message ID.	String	`1745028736.156014.1542897410859.JavaMail.svc_jira_pool@hqconflapp2`
`endpoint` `external`	`hostName`	Name of the computer on which the alert was generated.	String	`computername.example.com`
`endpoint` `external`	`IP`	IP address of the computer on which the alert was generated.	IP address	`198.51.100.0`
`dns`	`sourceIp`	IP address of the computer which initiated the DNS connection.	IP address	`192.0.2.0`
	`destinationIp`	IP address of the computer with which the DNS connection was established (typically, a DNS server).	IP address	`198.51.100.0`
	`destinationPort`	Port of the computer with which the DNS connection was established (typically, a DNS server).	Integer	`3128`
	`dnsMessageType`	Type of the DNS message: `Request` `Response`	String	`Request`
	`dnsRequestType`	One of the following DNS request types: `A`. `AAA`. `CNAME`. `MX`.	String	`MX`
	`domainToBeResolved`	Domain name from the DNS request.	String	`example.com`

Kaspersky Professional Services

Implementation services. Health check and security system configuration. Contact us if you need expert help.

Kaspersky Premium Support (MSA): High‑priority incident processing

Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.