Values of fields in the body of CEF messages for classes of Update group events

July 4, 2024

ID 151773

In the body of CEF messages for classes of Update group events, you can use keys in accordance with their semantics (see  the table below).

Permissible values of the fields for classes of Update group events

Key

Value

reason

Reason for the event.

cn1

Number of days.

cn1Label

Its value is always Days.

cn2

Number of hours.

cn2Label

Its value is always Hours.

cnt

Number of records in databases.

deviceCustomDate1

Database publication date.

deviceCustomDate1Label

Its value is always PublishingTime.

deviceCustomDate2

Index publication date.

deviceCustomDate2Label

Its value is always IndexPublishingTime.

Each class of Update group events can contain only keys that are relevant to it (see the table below).

Relevant keys for classes of Update group events

Event class

Relevant keys

LMS_EV_ANTIVIRUS_BASES_UPDATED

reason

LMS_EV_ANTISPAM_BASES_UPDATED

No value

LMS_EV_BASES_NOTHING_TO_UPDATE

No value

LMS_EV_ANTIVIRUS_BASES_UP_TO_DATE

No value

LMS_EV_ANTIPHISHING_BASES_UP_TO_DATE

No value

LMS_EV_ANTISPAM_BASES_UP_TO_DATE

No value

LMS_EV_ANTIVIRUS_BASES_OUT_OF_DATE

cn1, cn1Label

LMS_EV_ANTIPHISHING_BASES_OUT_OF_DATE

cn1, cn1Label

LMS_EV_ANTISPAM_BASES_OUT_OF_DATE

cn2, cn2Label

LMS_EV_ANTIVIRUS_BASES_OBSOLETED

cn1, cn1Label

LMS_EV_ANTIPHISHING_BASES_OBSOLETED

cn1, cn1Label

LMS_EV_ANTISPAM_BASES_OBSOLETED

cn1, cn1Label

LMS_EV_ANTIVIRUS_BASES_APPLIED

deviceCustomDate2, deviceCustomDate2Label, cnt, deviceCustomDate1, deviceCustomDate1Label

LMS_EV_ANTISPAM_BASES_APPLIED

deviceCustomDate1, deviceCustomDate1Label

LMS_EV_ANTIPHISHING_BASES_APPLIED

deviceCustomDate1, deviceCustomDate1Label

LMS_EV_ANTIVIRUS_BASES_ERROR

reason

LMS_EV_ANTISPAM_BASES_ERROR

reason

LMS_EV_ANTIPHISHING_BASES_ERROR

reason

');
Kaspersky Endpoint Security for Business Advanced: Adaptive security of your company
Web and device controls. Data encryption. Centralized and convenient management from a single console.
');
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).