Working Example for KSC API FileCategorizer2::CreateCategory

[MarcoB]

Hello,

 

is there anyone out there who can give me an some help for the KSC API method

FileCategorizer2::CreateCategory

 

I want to create a Custom Group of type “simple” with multiple  “inclusions” of type “metadata”

 

When i post data to the API i got the success message, but no inclusions are visible at the created category:

 

I tried different kind of JSON-Data-arrays ..

Here is one of many examples which is not working…

 

$json_array = [

      'pCategory' => [

             'name' => 'mynewCategory',

              'CategoryType' => 0,

               'exclusions' => [],

                'inclusions' => [

                       'type' => 'params',

                        'value' => [

                           'ex_type' => 4,

                            'str' => 'myfirstinclusion.EXE',

                         ]

               ]

     ]

];

 

[0xcffaedfe]

as one of the solutions you can create a category in gui ksc read it through api and see how the fields you need look like.

working example below... 

very simple example 

{
  "pCategory" : {
    "CategoryType" : 0,
    "CustomCategoryCipCompatible" : false,
    "Md5WithoutSha256Exists" : false,
    "exclusions" : [],
    "fromMaster" : false,
    "inclusions" : [
      {
        "type" : "params",
        "value" : {
          "ex_type" : 0,
          "str" : "text",
          "str_op" : 3
        }
      }
    ],
    "name" : "test",
    "descr" : "test2",
    "version" : 65535
  }
}

 

 

 

  client.FileCategorizer2.CreateCategory(ctx, kaspersky.CategoryParams{
    PCategory: &kaspersky.PCategory{
      CategoryType:                0,
      CustomCategoryCipCompatible: false,
      Md5WithoutSha256Exists:      false,
      Exclusions:                  []kaspersky.Exclusions{},
      FromMaster:                  false,
      Inclusions:                  []kaspersky.Inclusion{
        {
          Type:           "params",
          InclusionValue: &kaspersky.InclusionValue{
          ExType: 0,
          Str:    "text",
          StrOp:  3,
        },
        },

      },
      Name:                        "test",
      Descr:                       "test2",
      Version:                     65535,
  }})

 

 

[MarcoB]

Thank you 0xcffaedfe,

 

its a little bit more complicated :)

If you wanna add params like “Programversion like 1.2.3” this is an working example 

In this example i ignored params like “ver_build” and others …

 

$json_array = [
    'nCategoryId' => 21,
    'arrNewExpressions' => array([
            'type' => 'params',
            'value' => [
                'ex_type' => 9,
                'l_expr' => [
                    'type' => 'params',
                    'value' => [
                        'ex_type' => 4,
                        'str' => 'MYFILENAME',
                        'str_op' => 0,
                ]],
                'r_expr' => [
                    'type' => 'params',
                    'value' => [
                        'ex_type' => 7,
                        'ver_build' => 0,
                        'ver_major' => 0,
                        'ver_minor' => 0,
                        'ver_op' => 4,
                        'ver_revision' => 0,
                        'ver_raw' => 9
                        ]
                ],   
                ]
            ]
    ),
    'bInclusions' => 1
];

 

[0xcffaedfe]

The set of fields depends on CategoryType and ex_type,

[MarcoB]

Thats right!

 

It was really hard for me to identifiy the propper structure and kind of data.

At least your hint to the manual creation of an example in GUI solved the case!

 

Thank you!

[0xcffaedfe]

@MarcoB ur welcome