Support

Support for business applications

Kaspersky Anti Targeted Attack (KATA) Platform

Interaction with external systems via API

API that external systems can use to receive information about application events

Query language for filtering events

Kaspersky Anti Targeted Attack (KATA) Platform
Нет результатов
Knowledge Base Online Help
FAQ Download Forum Contact support Recovery tools

Query language for filtering events

8 November 2023

ID 249006

The event filtering query language supports the following functions and operators:

  • Functions: in.
  • Comparison operators for String or Boolean values:
    • ==
    • !=
  • Comparison operators for numbers and variables:
    • AND
    • OR
    • NOT
    • ==
    • !=
    • >
    • >=
    • <
    • <=

You can view the list of fields by which you can filter events in the Fields for filtering events section.

If you want to receive information about events of different types, you must create a separate request for each type of event.

EventType=='threatdetect' AND EventType=='threatprocessingresult'

Numerical and string constants are supported. String constants must be enclosed in single quotation marks: 'example'. Wildcards * and ? are supported for string constants. If you do not want to use these characters as wildcards, you must escape them: \*, \?. Also, in string constants, you must escape special characters.

Kaspersky Professional Services
Implementation services. Health check and security system configuration. Contact us if you need expert help.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.