tencent cloud

Feedback

Data Types

Last updated: 2024-12-06 15:49:15

    ABTestConfig

    Canary project configuration

    Used by actions: DescribeABTestConfig.

    Name Type Description
    ProjectName String Canary project name
    Status Boolean Valid values: true (in canary upgrade); false (not in canary upgrade).

    AbnormalProcessChildRuleInfo

    Container runtime security - Sub-policy information

    Used by actions: AddEditAbnormalProcessRule, DescribeAbnormalProcessDetail, DescribeAbnormalProcessRuleDetail.

    Name Type Required Description
    RuleMode String Yes Policy mode. RULE_MODE_RELEASE: Allow.
    RULE_MODE_ALERT: Alert.
    RULE_MODE_HOLDUP: Block.
    ProcessPath String Yes Process path
    RuleId String No Sub-policy ID
    Note: This field may return null, indicating that no valid values can be obtained.
    RuleLevel String No Severity. Valid values: HIGH (high); MIDDLE (medium); LOW (low).
    Note: This field may return null, indicating that no valid values can be obtained.

    AbnormalProcessEventDescription

    Description of the abnormal container process event at runtime

    Used by actions: DescribeAbnormalProcessDetail.

    Name Type Description
    Description String Event rule
    Solution String Solution
    Remark String Event remarks
    Note: This field may return null, indicating that no valid values can be obtained.
    MatchRule AbnormalProcessChildRuleInfo Details of the hit rule
    RuleName String Name of the hit rule. Valid values: PROXY_TOOL (proxy); TRANSFER_CONTROL (lateral movement); ATTACK_CMD (malicious command); REVERSE_SHELL (reverse shell); FILELESS (fileless execution); RISK_CMD (high-risk command); ABNORMAL_CHILD_PROC (unusual start found in the child process of the sensitive service); USER_DEFINED_RULE (custom rule).
    RuleId String ID of the hit rule
    OperationTime String Last processing time of the event
    Note: This field may return null, indicating that no valid values can be obtained.
    GroupName String Name of the hit policy. Valid values: SYSTEM_DEFINED_RULE (preset policy); name of the custom policy.
    Note: This field may return null, indicating that no valid values can be obtained.

    AbnormalProcessEventInfo

    Container runtime security - Information of the abnormal process

    Used by actions: DescribeAbnormalProcessEvents.

    Name Type Description
    ProcessPath String Process directory
    EventType String Event type. MALICE_PROCESS_START: Malicious process startup.
    MatchRuleName String Name of the hit rule. Valid values: PROXY_TOOL (proxy); TRANSFER_CONTROL (lateral movement); ATTACK_CMD (malicious command); REVERSE_SHELL (reverse shell); FILELESS (fileless execution); RISK_CMD (high-risk command); ABNORMAL_CHILD_PROC (unusual start found in the child process of the sensitive service); USER_DEFINED_RULE (custom rule).
    FoundTime Timestamp Generation time
    ContainerName String Container name
    ImageName String Image name
    Behavior String Action execution result. BEHAVIOR_NONE: None.
    BEHAVIOR_ALERT: Alert.
    BEHAVIOR_RELEASE: Allow.
    BEHAVIOR_HOLDUP_FAILED: Failed to block.
    BEHAVIOR_HOLDUP_SUCCESSED: Blocked.
    Status String Status. EVENT_UNDEAL: Pending.
    EVENT_DEALED: Processed.
    EVENT_INGNORE: Ignored.
    Id String Unique event ID
    ImageId String Image ID, which is used for redirect.
    ContainerId String Container ID, which is used for redirect.
    Solution String Event solution
    Description String Event description
    MatchRuleId String Hit policy ID
    MatchAction String Action of the hit rule:
    RULE_MODE_RELEASE: Allow.
    RULE_MODE_ALERT: Alert.
    RULE_MODE_HOLDUP: Block.
    MatchProcessPath String Information of the process that hits the rule
    RuleExist Boolean Whether the rule exists
    EventCount Integer Number of events
    LatestFoundTime Timestamp Last generation time
    RuleId String Rule group ID
    MatchGroupName String Name of the hit policy. Valid values: SYSTEM_DEFINED_RULE (preset policy); name of the custom policy.
    MatchRuleLevel String Level of the hit rule. Valid values: HIGH (high); MIDDLE (medium); LOW (low).
    ContainerNetStatus String Network status
    NORMAL: Not isolated.
    ISOLATED: Isolated.
    ISOLATING: Isolating.
    ISOLATE_FAILED: Isolation failed.
    RESTORING: Recovering.
    RESTORE_FAILED: Recovery failed.
    Note: This field may return null, indicating that no valid values can be obtained.
    ContainerNetSubStatus String Sub-status of the container
    "AGENT_OFFLINE" // The agent is offline.
    "NODE_DESTROYED" // The node is terminated.
    "CONTAINER_EXITED" // The container exited.
    "CONTAINER_DESTROYED" // The container was terminated.
    "SHARED_HOST" // The container shares the network with the server.
    "RESOURCE_LIMIT" // The number of resources to be isolated exceeds the limit.
    "UNKNOW" // The reason is unknown.
    Note: This field may return null, indicating that no valid values can be obtained.
    ContainerIsolateOperationSrc String Container isolation operation source
    Note: This field may return null, indicating that no valid values can be obtained.
    ContainerStatus String Container status
    RUNNING: Running.
    PAUSED: Paused.
    STOPPED: Stopped.
    CREATED: Created.
    DESTROYED: Terminated.
    RESTARTING: Restarting.
    REMOVING: Removing.
    ClusterID String Cluster ID
    NodeType String Node type. Values: NORMAL (general node), SUPER (super node).
    PodName String Pod name
    PodIP String Pod IP
    NodeUniqueID String Cluster ID
    PublicIP String Node public IP
    NodeName String Node name
    NodeID String Node ID
    HostID String uuid
    HostIP String Private IP of the node
    ClusterName String Cluster name

    AbnormalProcessEventTendencyInfo

    Trend of pending abnormal process events

    Used by actions: DescribeAbnormalProcessEventTendency.

    Name Type Description
    Date Date Date
    ProxyToolEventCount Integer Number of pending proxy events
    TransferControlEventCount Integer Number of pending lateral movement events
    AttackCmdEventCount Integer Number of pending malicious command events
    ReverseShellEventCount Integer Number of pending reverse shell events
    FilelessEventCount Integer Number of pending fileless execution events
    RiskCmdEventCount Integer Number of pending high-risk command events
    AbnormalChildProcessEventCount Integer Number of pending events of unusual startups found in the child process of the sensitive service
    UserDefinedRuleEventCount Integer Number of pending custom rule events

    AbnormalProcessRuleInfo

    Runtime security - Abnormal process detection policy

    Used by actions: AddEditAbnormalProcessRule, DescribeAbnormalProcessRuleDetail.

    Name Type Required Description
    IsEnable Boolean Yes Valid values: true (enabled); false (disabled).
    ImageIds Array of String Yes IDs of associated images. An empty array indicates all images.
    ChildRules Array of AbnormalProcessChildRuleInfo Yes Array of sub-policies of the user policy
    RuleName String Yes Policy name
    RuleId String No Policy ID
    Note: This field may return null, indicating that no valid values can be obtained.
    SystemChildRules Array of AbnormalProcessSystemChildRuleInfo No Array of sub-policies of the preset policy
    IsDefault Boolean No Whether it is the default preset policy

    AbnormalProcessSystemChildRuleInfo

    Information of the sub-policy of the preset policy for abnormal processes

    Used by actions: AddEditAbnormalProcessRule, DescribeAbnormalProcessRuleDetail.

    Name Type Required Description
    RuleId String Yes Sub-policy ID
    IsEnable Boolean Yes Sub-policy status. Valid values: true (enabled); false (disabled).
    RuleMode String Yes Policy mode. RULE_MODE_RELEASE: Allow.
    RULE_MODE_ALERT: Alert.
    RULE_MODE_HOLDUP: Block.
    RuleType String Yes Behavior type detected by the sub-policy
    PROXY_TOOL: Proxy.
    TRANSFER_CONTROL: Lateral movement.
    ATTACK_CMD: Malicious command.
    REVERSE_SHELL: Reverse shell.
    FILELESS: Fileless execution.
    RISK_CMD: High-risk command.
    ABNORMAL_CHILD_PROC: Unusual start found in the child process of the sensitive service.
    RuleLevel String No Severity. Valid values: HIGH (high); MIDDLE (medium); LOW (low).
    Note: This field may return null, indicating that no valid values can be obtained.

    AccessControlChildRuleInfo

    Container runtime security - Information of the access control sub-policy

    Used by actions: AddEditAccessControlRule, DescribeAccessControlDetail, DescribeAccessControlRuleDetail.

    Name Type Required Description
    RuleMode String Yes Policy mode. RULE_MODE_RELEASE: Allow.
    RULE_MODE_ALERT: Alert.
    RULE_MODE_HOLDUP: Block.
    ProcessPath String Yes Process path
    TargetFilePath String Yes Accessed file path, which is valid only for access control.
    RuleId String No Sub-policy ID
    Note: This field may return null, indicating that no valid values can be obtained.

    AccessControlEventDescription

    Description of the container access control event at runtime

    Used by actions: DescribeAccessControlDetail.

    Name Type Description
    Description String Event rule
    Solution String Solution
    Remark String Event remarks
    Note: This field may return null, indicating that no valid values can be obtained.
    MatchRule AccessControlChildRuleInfo Details of the hit rule
    RuleName String Name of the hit rule
    RuleId String ID of the hit rule
    OperationTime String Last processing time of the event
    Note: This field may return null, indicating that no valid values can be obtained.

    AccessControlEventInfo

    Container runtime security - Information of the access control event

    Used by actions: DescribeAccessControlEvents.

    Name Type Description
    ProcessName String Process name
    MatchRuleName String Name of the hit rule
    FoundTime Timestamp Generation time
    ContainerName String Container name
    ImageName String Image name
    Behavior String Action execution result. BEHAVIOR_NONE: None.
    BEHAVIOR_ALERT: Alert.
    BEHAVIOR_RELEASE: Allow.
    BEHAVIOR_HOLDUP_FAILED: Failed to block.
    BEHAVIOR_HOLDUP_SUCCESSED: Blocked.
    Status String Status. 0: Pending. EVENT_UNDEAL: Pending.
    EVENT_DEALED: Processed.
    EVENT_INGNORE: Ignored.
    Id String Unique event ID
    FileName String Filename
    EventType String Event type. FILE_ABNORMAL_READ: Abnormal file read.
    ImageId String Image ID, which is used for redirect.
    ContainerId String Container ID, which is used for redirect.
    Solution String Event solution
    Description String Event description
    MatchRuleId String Hit policy ID
    MatchAction String Action of the hit rule:
    RULE_MODE_RELEASE: Allow.
    RULE_MODE_ALERT: Alert.
    RULE_MODE_HOLDUP: Block.
    MatchProcessPath String Information of the process that hits the rule
    MatchFilePath String Information of the file that hits the rule
    FilePath String File path containing the name
    RuleExist Boolean Whether the rule exists
    EventCount Integer Number of events
    LatestFoundTime String Last generation time
    RuleId String Rule group ID
    ContainerNetStatus String Network status
    NORMAL: Not isolated.
    ISOLATED: Isolated.
    ISOLATING: Isolating.
    ISOLATE_FAILED: Isolation failed.
    RESTORING: Recovering.
    RESTORE_FAILED: Recovery failed.
    ContainerNetSubStatus String Sub-status of the container
    "AGENT_OFFLINE" // The agent is offline.
    "NODE_DESTROYED" // The node is terminated.
    "CONTAINER_EXITED" // The container exited.
    "CONTAINER_DESTROYED" // The container was terminated.
    "SHARED_HOST" // The container shares the network with the server.
    "RESOURCE_LIMIT" // The number of resources to be isolated exceeds the limit.
    "UNKNOW" // The reason is unknown.
    ContainerIsolateOperationSrc String Container isolation operation source
    ContainerStatus String Container status
    RUNNING: Running.
    PAUSED: Paused.
    STOPPED: Stopped.
    CREATED: Created.
    DESTROYED: Terminated.
    RESTARTING: Restarting.
    REMOVING: Removing.
    NodeName String Node name: For super nodes, the node_id is displayed.
    PodName String Pod name
    PodIP String Pod IP
    NodeType String Node type. Values: NORMAL (general node), SUPER (super node).
    ClusterID String Cluster ID
    NodeUniqueID String Node unique ID. It's used for super nodes.
    PublicIP String Node public IP
    NodeID String Node ID
    HostID String uuid
    HostIP String Private IP of the node
    ClusterName String Cluster name

    AccessControlRuleInfo

    Container runtime - Access control policy information

    Used by actions: AddEditAccessControlRule, DescribeAccessControlRuleDetail.

    Name Type Required Description
    IsEnable Boolean Yes Switch. Valid values: true (on); false (off).
    ImageIds Array of String Yes IDs of associated images. An empty array indicates all images.
    ChildRules Array of AccessControlChildRuleInfo Yes Array of sub-policies of the user policy
    RuleName String Yes Policy name
    RuleId String No Policy ID
    Note: This field may return null, indicating that no valid values can be obtained.
    SystemChildRules Array of AccessControlSystemChildRuleInfo No Array of sub-policies of the preset policy
    IsDefault Boolean No Whether it is the default preset policy

    AccessControlSystemChildRuleInfo

    Container runtime security - Information of the sub-policy of the preset access control policy

    Used by actions: AddEditAccessControlRule, DescribeAccessControlRuleDetail.

    Name Type Required Description
    RuleId String Yes Sub-policy ID
    RuleMode String Yes Policy mode. RULE_MODE_RELEASE: Allow.
    RULE_MODE_ALERT: Alert.
    RULE_MODE_HOLDUP: Block.
    IsEnable Boolean Yes Sub-policy status. Valid values: true (enabled); false (disabled).
    RuleType String Yes Intrusion behavior type detected by the sub-policy
    CHANGE_CRONTAB: Tampering with the scheduled task.
    CHANGE_SYS_BIN: Tampering with the system program.
    CHANGE_USRCFG: Tampering with user configuration.

    AffectedNodeItem

    Structure of the affected node type

    Used by actions: DescribeAffectedNodeList.

    Name Type Required Description
    ClusterId String Yes Cluster ID
    ClusterName String Yes Cluster name
    InstanceId String Yes Instance ID
    PrivateIpAddresses String Yes Private IP
    InstanceRole String Yes Node role, such as Master and Work.
    ClusterVersion String Yes K8s version
    ContainerRuntime String Yes Runtime component. Valid values: docker, containerd.
    Region String Yes Region
    VerifyInfo String Yes Verification information of the check result
    NodeName String Yes Node name

    AffectedWorkloadItem

    Affected workload item in the cluster security check

    Used by actions: DescribeAffectedWorkloadList.

    Name Type Required Description
    ClusterId String Yes Cluster ID
    ClusterName String Yes Cluster name
    WorkloadName String Yes Workload name
    WorkloadType String Yes Workload type
    Region String Yes Region
    VerifyInfo String Yes Verification information of the check result

    AssetClusterListItem

    List of clusters

    Used by actions: DescribeAssetClusterList.

    Name Type Description
    ClusterID String Cluster ID
    ClusterName String Cluster name
    Status String Cluster status
    CSR_RUNNING: Running
    CSR_EXCEPTION: Abnormal
    CSR_DEL: Deleted
    BindRuleName String Bound rule name
    ClusterType String Cluster type:
    CT_TKE: TKE cluster
    CT_USER_CREATE: External cluster
    CT_TKE_SERVERLESS: TKE Serverless cluster
    ClusterVersion String Cluster version
    MemLimit Integer MEM usage
    CpuLimit Integer cpu

    AssetFilters

    TCSS
    Key-value pair filter for conditional filtering queries, such as filter ID, name, and status
    If more than one filter exists, the logical relationship between these filters is AND.
    If multiple values exist in one filter, the logical relationship between these values is OR.

    Used by actions: AddEditImageAutoAuthorizedRule, CreateAssetImageRegistryScanTask, CreateAssetImageScanTask, CreateAssetImageVirusExportJob, CreateComponentExportJob, CreateHostExportJob, CreateProcessEventsExportJob, CreateVulExportJob, DescribeAssetAppServiceList, DescribeAssetComponentList, DescribeAssetContainerList, DescribeAssetDBServiceList, DescribeAssetHostList, DescribeAssetImageHostList, DescribeAssetImageList, DescribeAssetImageListExport, DescribeAssetImageRegistryList, DescribeAssetImageRegistryListExport, DescribeAssetImageRegistryRegistryList, DescribeAssetImageRegistryRiskInfoList, DescribeAssetImageRegistryRiskListExport, DescribeAssetImageRegistrySummary, DescribeAssetImageRegistryVirusList, DescribeAssetImageRegistryVirusListExport, DescribeAssetImageRegistryVulList, DescribeAssetImageRegistryVulListExport, DescribeAssetImageRiskList, DescribeAssetImageRiskListExport, DescribeAssetImageSimpleList, DescribeAssetImageVirusList, DescribeAssetImageVirusListExport, DescribeAssetImageVulList, DescribeAssetImageVulListExport, DescribeAssetPortList, DescribeAssetProcessList, DescribeAssetWebServiceList, DescribeImageAutoAuthorizedLogList, DescribeImageAutoAuthorizedTaskList, DescribeImageComponentList, DescribeImageRegistryNamespaceList, DescribeVulRegistryImageList, ModifyAssetImageRegistryScanStop, ModifyAssetImageScanStop, ModifyImageAuthorized.

    Name Type Required Description
    Name String Yes Filter name
    Values Array of String Yes One or more filter values
    ExactMatch Boolean No Whether to use fuzzy query

    AssetSimpleImageInfo

    Brief information of the image

    Used by actions: DescribeAssetImageSimpleList.

    Name Type Description
    ImageID String Image ID
    ImageName String Image name
    ContainerCnt Integer Number of associated containers
    ScanTime String Last scan time
    Size Integer Image size

    AutoAuthorizedImageInfo

    Result of the automatic image licensing

    Used by actions: DescribeImageAutoAuthorizedLogList.

    Name Type Description
    ImageId String Image ID
    ImageName String Image name
    AuthorizedTime String Licensing time
    Status String Licensing result. Valid values: SUCCESS (success); REACH_LIMIT (reaching the upper limit on licenses); LICENSE_INSUFFICIENT (insufficient licenses).
    IsAuthorized Integer Whether it is licensed. Valid values: 1 (yes); 0 (no).

    AutoAuthorizedRuleHostInfo

    List of servers licensed based on the automatic image licensing rule

    Used by actions: DescribeAutoAuthorizedRuleHost.

    Name Type Description
    HostID String Server ID
    HostIP String Server IP, which is the private IP
    HostName String Server name
    ImageCnt Integer Number of images
    ContainerCnt Integer Number of containers
    PublicIp String Public IP
    InstanceID String Server instance ID
    MachineType String Server source. Valid values: CVM, ECM, LH, BM, Other. The first four values indicate Tencent Cloud instances, while the last one indicates non-Tencent Cloud instances.
    DockerVersion String Docker version
    Status String Agent status

    CKafkaInstanceInfo

    Optional information of the security log Kafka

    Used by actions: DescribeSecLogDeliveryKafkaOptions.

    Name Type Required Description
    InstanceID String No Instance ID
    Note: This field may return null, indicating that no valid values can be obtained.
    InstanceName String No Instance name
    Note: This field may return null, indicating that no valid values can be obtained.
    TopicList Array of CKafkaTopicInfo No Topic list
    Note: This field may return null, indicating that no valid values can be obtained.
    RouteList Array of CkafkaRouteInfo No Route list
    Note: This field may return null, indicating that no valid values can be obtained.
    KafkaVersion String No Kafka version number
    Note: This field may return null, indicating that no valid values can be obtained.

    CKafkaTopicInfo

    CKafka topic information

    Used by actions: DescribeSecLogDeliveryKafkaOptions.

    Name Type Required Description
    TopicID String Yes Topic ID
    TopicName String Yes Topic name

    CkafkaRouteInfo

    CKafka route details

    Used by actions: DescribeSecLogDeliveryKafkaOptions.

    Name Type Required Description
    RouteID Integer No Route ID
    Note: This field may return null, indicating that no valid values can be obtained.
    Domain String No Domain name
    Note: This field may return null, indicating that no valid values can be obtained.
    DomainPort Integer No Domain port
    Note: This field may return null, indicating that no valid values can be obtained.
    Vip String No VIP
    Note: This field may return null, indicating that no valid values can be obtained.
    VipType Integer No VIP type
    Note: This field may return null, indicating that no valid values can be obtained.
    AccessType Integer No Access type
    // 0: PLAINTEXT (plaintext method, which does not carry user information and is supported for legacy versions and Community Edition)
    // 1: SASL_PLAINTEXT (plaintext method, which authenticates the login through SASL before data start and is supported only for Community Edition)
    // 2: SSL (SSL-encrypted communication, which does not carry user information and is supported for legacy versions and Community Edition)
    // 3: SASL_SSL (SSL-encrypted communication, which authenticates the login through SASL before data start and is supported only for Community Edition)
    Note: This field may return null, indicating that no valid values can be obtained.

    ClsLogsetInfo

    CLS logset information

    Used by actions: DescribeSecLogDeliveryClsOptions.

    Name Type Required Description
    LogsetID String Yes Logset ID
    LogsetName String No Logset name
    Note: This field may return null, indicating that no valid values can be obtained.
    TopicList Array of ClsTopicInfo No List of CLS topics
    Note: This field may return null, indicating that no valid values can be obtained.

    ClsTopicInfo

    CLS topic information

    Used by actions: DescribeSecLogDeliveryClsOptions.

    Name Type Required Description
    TopicID String No Topic ID
    TopicName String No Topic name

    ClusterCheckItem

    Details of a cluster security check item

    Used by actions: DescribeCheckItemList, DescribeRiskList.

    Name Type Description
    CheckItemId Integer Unique ID of the check item
    Note: This field may return null, indicating that no valid values can be obtained.
    Name String Name of the risk item
    ItemDetail String Detailed description of the check item
    Note: This field may return null, indicating that no valid values can be obtained.
    RiskLevel String Severity. Valid values: Serious (critical); High (high); Middle (medium); Hint (prompt).
    Note: This field may return null, indicating that no valid values can be obtained.
    RiskTarget String Check target and risky target. Valid values: Runc, Kubelet, Containerd, Pods.
    Note: This field may return null, indicating that no valid values can be obtained.
    RiskType String Risk type. Valid values: CVERisk (vulnerability risk); ConfigRisk (configuration risk).
    Note: This field may return null, indicating that no valid values can be obtained.
    RiskAttribute String Risk type of the check item. Valid values: PrivilegePromotion (privilege escalation); RefuseService (service rejected); DirectoryEscape (directory traversal); UnauthorizedAccess (unauthorized access); PrivilegeAndAccessControl (permissions, privileges, and access controls); SensitiveInfoLeak (sensitive data leakage).
    Note: This field may return null, indicating that no valid values can be obtained.
    RiskProperty String Risk characteristic and tag. Valid values: ExistEXP (an EXP exists); ExistPOC (a POC exists); NoNeedReboot (restart not required); ServerRestart (service restart); RemoteInfoLeak (remote information leakage); RemoteRefuseService (remote denial of service); RemoteExploit (remote exploit); RemoteExecute (remote execution).
    Note: This field may return null, indicating that no valid values can be obtained.
    CVENumber String CVE No.
    Note: This field may return null, indicating that no valid values can be obtained.
    DiscoverTime String Disclosure time
    Note: This field may return null, indicating that no valid values can be obtained.
    Solution String Solution
    Note: This field may return null, indicating that no valid values can be obtained.
    CVSS String CVSS information, which is used for drawing.
    Note: This field may return null, indicating that no valid values can be obtained.
    CVSSScore String CVSS score
    Note: This field may return null, indicating that no valid values can be obtained.
    RelateLink String Reference link
    Note: This field may return null, indicating that no valid values can be obtained.
    AffectedType String Affected type. Valid values: Node, Workload.
    Note: This field may return null, indicating that no valid values can be obtained.
    AffectedVersion String Affected version information
    Note: This field may return null, indicating that no valid values can be obtained.
    IgnoredAssetNum Integer Number of ignored assets
    Note: This field may return null, indicating that no valid values can be obtained.
    IsIgnored Boolean Whether to ignore the check item
    Note: This field may return null, indicating that no valid values can be obtained.
    RiskAssessment String Impact assessment
    Note: This field may return null, indicating that no valid values can be obtained.

    ClusterCheckTaskItem

    Input parameters for a cluster check task

    Used by actions: CreateClusterCheckTask.

    Name Type Required Description
    ClusterId String Yes ID of the specified cluster to be scanned
    ClusterRegion String Yes Cluster region
    NodeIp String No IP of the specified node to be scanned
    WorkloadName String No Name of the specified workload to be scanned

    ClusterCreateComponentItem

    Input parameters for CreateCheckComponent, which are used to batch install defenders.

    Used by actions: CreateCheckComponent.

    Name Type Required Description
    ClusterId String Yes ID of the cluster for which to install the component
    ClusterRegion String Yes Cluster region

    ClusterCustomParameters

    Custom parameters of the cluster

    Used by actions: DescribeAgentDaemonSetCmd.

    Name Type Required Description
    Name String Yes Parameter name
    Values Array of String Yes Parameter value

    ClusterInfoItem

    Response parameters structure of the cluster asset

    Used by actions: DescribeUserCluster.

    Name Type Description
    ClusterId String Cluster ID
    ClusterName String Cluster name
    ClusterVersion String Cluster version
    ClusterOs String Cluster OS
    ClusterType String Cluster type
    ClusterNodeNum Integer Number of nodes in the cluster
    Region String Cluster region
    DefenderStatus String Status of the monitoring component. Valid values: Defender_Uninstall, Defender_Normal, Defender_Error, Defender_Installing.
    ClusterStatus String Cluster status
    ClusterCheckMode String Cluster check mode. Valid values: Cluster_Normal, Cluster_Actived.
    ClusterAutoCheck Boolean Whether automatic and regular check is enabled
    DefenderErrorReason String Cause of the failure to deploy the defender. When it is UserDaemonSetNotReady, UnreadyNodeNum is changed to "The defenders on N nodes are ready". If it is another value, the error message is directly displayed.
    UnreadyNodeNum Integer Number of nodes where the defender is not ready
    SeriousRiskCount Integer Number of critical check items
    HighRiskCount Integer Number of high-risk check items
    MiddleRiskCount Integer Number of medium-risk check items
    HintRiskCount Integer Number of prompt-risk check items
    CheckFailReason String Check failure cause
    CheckStatus String Check status. Valid values: Task_Running, NoRisk, HasRisk, Uncheck, Task_Error.
    TaskCreateTime String Task creation time and check time

    ClusterRiskItem

    A risk item is a check item with an issue found in the check, with certain information of the check result.

    Used by actions: DescribeRiskList.

    Name Type Description
    CheckItem ClusterCheckItem Check item information
    VerifyInfo String Verification information
    ErrorMessage String Event description and check error message
    AffectedClusterCount Integer Number of affected clusters
    AffectedNodeCount Integer Number of affected nodes

    ComplianceAffectedAsset

    Information of the asset affected by the check item

    Used by actions: DescribeCompliancePolicyItemAffectedAssetList.

    Name Type Description
    CustomerAssetId Integer Unique ID of the customer asset
    AssetName String Asset name
    AssetType String Asset type
    CheckStatus String Check status

    CHECK_INIT: To be checked.

    CHECK_RUNNING: Checking.

    CHECK_FINISHED: Checked.

    CHECK_FAILED: Check failed.
    NodeName String Node name
    LastCheckTime String Last check time in the format of "YYYY-MM-DD HH:m::SS"

    It is "0000-00-00 00:00:00" if no check has been performed.
    CheckResult String Check result. Valid values:

    RESULT_FAILED: Failed.

    RESULT_PASSED: Passed.
    HostIP String Server IP
    Note: This field may return null, indicating that no valid values can be obtained.
    ImageTag String Image tag
    Note: This field may return null, indicating that no valid values can be obtained.
    VerifyInfo String Verification information of the check item
    Note: This field may return null, indicating that no valid values can be obtained.
    InstanceId String Instance ID
    Note: This field may return null, indicating that no valid values can be obtained.

    ComplianceAssetDetailInfo

    Asset details

    Used by actions: DescribeComplianceAssetDetailInfo.

    Name Type Description
    CustomerAssetId Integer Customer asset ID
    AssetType String Asset type
    AssetName String Asset name
    NodeName String Node name of the asset
    HostName String Server name of the asset
    HostIP String Server IP of the asset
    CheckStatus String Check status
    CHECK_INIT: To be checked.
    CHECK_RUNNING: Checking.
    CHECK_FINISHED: Checked.
    CHECK_FAILED: Check failed.
    PassedPolicyItemCount Integer Number of check items that the asset passed
    FailedPolicyItemCount Integer Number of check items that the asset failed
    LastCheckTime Timestamp Last check time
    Note: This field may return null, indicating that no valid values can be obtained.
    CheckResult String Check result. Valid values:
    RESULT_FAILED: Failed.
    RESULT_PASSED: Passed.
    Note: This field may return null, indicating that no valid values can be obtained.
    AssetStatus String Asset status
    AssetCreateTime Timestamp Asset creation time
    ASSET_NORMAL: Running.
    ASSET_PAUSED: Suspended.
    ASSET_STOPPED: Stopped.
    ASSET_ABNORMAL: Abnormal.

    ComplianceAssetInfo

    Asset information

    Used by actions: DescribeComplianceAssetList.

    Name Type Description
    CustomerAssetId Integer Customer asset ID
    AssetType String Asset type
    AssetName String Asset name
    ImageTag String This field is the image tag when the asset is an image.
    Note: This field may return null, indicating that no valid values can be obtained.
    HostIP String Server IP of the asset
    NodeName String Node name of the asset
    CheckStatus String Check status

    CHECK_INIT: To be checked.

    CHECK_RUNNING: Checking.

    CHECK_FINISHED: Checked.

    CHECK_FAILED: Check failed.
    PassedPolicyItemCount Integer Number of check items that the asset passed
    Note: This field may return null, indicating that no valid values can be obtained.
    FailedPolicyItemCount Integer Number of check items that the asset failed
    Note: This field may return null, indicating that no valid values can be obtained.
    LastCheckTime Timestamp Last check time
    Note: This field may return null, indicating that no valid values can be obtained.
    CheckResult String Check result. Valid values:
    RESULT_FAILED: Failed.
    RESULT_PASSED: Passed.
    Note: This field may return null, indicating that no valid values can be obtained.
    InstanceId String Node instance ID
    Note: This field may return null, indicating that no valid values can be obtained.

    ComplianceAssetPolicyItem

    Information of a check item

    Used by actions: DescribeComplianceAssetPolicyItemList.

    Name Type Description
    CustomerPolicyItemId Integer Unique ID of the customer check item
    BasePolicyItemId Integer Original ID of the check item
    Name String Check item name
    Category String Category of the check item
    BenchmarkStandardId Integer Compliance standard ID
    BenchmarkStandardName String Compliance standard name
    RiskLevel String Severity
    CheckStatus String Check status
    CHECK_INIT: To be checked.
    CHECK_RUNNING: Checking.
    CHECK_FINISHED: Checked.
    CHECK_FAILED: Check failed.
    CheckResult String Check result
    RESULT_PASSED: Passed.
    RESULT_FAILED: Failed.
    Note: This field may return null, indicating that no valid values can be obtained.
    WhitelistId Integer Allowed item ID of the check item. If it exists and is not 0, the check item is ignored.
    Note: This field may return null, indicating that no valid values can be obtained.
    FixSuggestion String Handling suggestion
    LastCheckTime String Last check time
    Note: This field may return null, indicating that no valid values can be obtained.
    VerifyInfo String Verification information
    Note: This field may return null, indicating that no valid values can be obtained.

    ComplianceAssetPolicySetItem

    List of asset IDs and check item IDs

    Used by actions: AddComplianceAssetPolicySetToWhitelist.

    Name Type Required Description
    CustomerAssetItemId Integer Yes Asset ID
    CustomerPolicyItemIdSet Array of Integer No List of IDs of check items to be ignored in the specified asset. If it is empty, it indicates all.

    ComplianceAssetSummary

    Asset overview

    Used by actions: DescribeComplianceTaskAssetSummary.

    Name Type Description
    AssetType String Asset type
    IsCustomerFirstCheck Boolean Whether it is the first check. This parameter is used together with CheckStatus.
    CheckStatus String Check status

    CHECK_UNINIT: Feature not enabled.

    CHECK_INIT: To be checked.

    CHECK_RUNNING: Checking.

    CHECK_FINISHED: Checked.

    CHECK_FAILED: Check failed.
    CheckProgress Float Check progress. Value range: 0-100. This field is valid only if the check is running.
    Note: This field may return null, indicating that no valid values can be obtained.
    PassedPolicyItemCount Integer Number of check items that the asset passed
    FailedPolicyItemCount Integer Number of check items that the asset failed
    FailedCriticalPolicyItemCount Integer Number of critical check items that the asset failed
    FailedHighRiskPolicyItemCount Integer Number of high-risk check items that the asset failed
    FailedMediumRiskPolicyItemCount Integer Number of medium-risk check items that the asset failed
    FailedLowRiskPolicyItemCount Integer Number of low-risk check items that the asset failed
    NoticePolicyItemCount Integer Number of prompt check items of the asset
    PassedAssetCount Integer Number of assets that passed the check
    FailedAssetCount Integer Number of assets that failed the check
    AssetPassedRate Float Asset compliance rate. Value range: 0-100.
    ScanFailedAssetCount Integer Number of assets that failed the check
    CheckCostTime Float Last check duration in seconds
    Note: This field may return null, indicating that no valid values can be obtained.
    LastCheckTime Timestamp Last check time
    Note: This field may return null, indicating that no valid values can be obtained.
    PeriodRule CompliancePeriodTaskRule Scheduled check rule
    OpenPolicyItemCount Integer Total number of enabled check items
    Note: This field may return null, indicating that no valid values can be obtained.
    IgnoredPolicyItemCount Integer Total number of ignored check items
    Note: This field may return null, indicating that no valid values can be obtained.

    ComplianceBenchmarkStandard

    Information of a compliance standard

    Used by actions: DescribeCompliancePeriodTaskList.

    Name Type Description
    StandardId Integer Compliance standard ID
    Name String Compliance standard name
    PolicyItemCount Integer Number of items contained in the compliance standard
    Enabled Boolean Whether to enable the standard
    Description String Description of the standard

    ComplianceBenchmarkStandardEnable

    Whether to enable the compliance standard

    Used by actions: ModifyCompliancePeriodTask.

    Name Type Required Description
    StandardId Integer Yes Compliance standard ID
    Enable Boolean Yes Whether to enable the compliance standard

    ComplianceContainerDetailInfo

    Container asset details

    Used by actions: DescribeComplianceAssetDetailInfo.

    Name Type Description
    ContainerId String Container ID on the server
    PodName String Pod name of the container
    Note: This field may return null, indicating that no valid values can be obtained.

    ComplianceFilters

    Key-value pair filter for conditional filtering queries, such as filter ID, name, and status. If more than one filter exists, the logical relationship between these filters is AND. If multiple values exist in one filter, the logical relationship between these values is OR.

    Used by actions: DescribeAffectedNodeList, DescribeAffectedWorkloadList, DescribeCheckItemList, DescribeComplianceAssetList, DescribeComplianceAssetPolicyItemList, DescribeCompliancePolicyItemAffectedAssetList, DescribeComplianceScanFailedAssetList, DescribeComplianceTaskPolicyItemSummaryList, DescribeComplianceWhitelistItemList, DescribeNetworkFirewallAuditRecord, DescribeNetworkFirewallClusterList, DescribeNetworkFirewallNamespaceLabelList, DescribeNetworkFirewallPodLabelsList, DescribeNetworkFirewallPolicyList, DescribeRiskList, DescribeUserCluster.

    Name Type Required Description
    Name String Yes Filter name
    Values Array of String Yes One or more filter values
    ExactMatch Boolean No Whether to use fuzzy query. Default value: true.

    ComplianceHostDetailInfo

    Server asset details

    Used by actions: DescribeComplianceAssetDetailInfo.

    Name Type Description
    DockerVersion String Docker version on the server
    Note: This field may return null, indicating that no valid values can be obtained.
    K8SVersion String K8s version on the server
    Note: This field may return null, indicating that no valid values can be obtained.

    ComplianceImageDetailInfo

    Image asset details

    Used by actions: DescribeComplianceAssetDetailInfo.

    Name Type Description
    ImageId String Image ID on the server
    ImageName String Image name
    ImageTag String Image tag
    Repository String Path of the remote repository of the image
    Note: This field may return null, indicating that no valid values can be obtained.

    ComplianceK8SDetailInfo

    K8s asset details

    Used by actions: DescribeComplianceAssetDetailInfo.

    Name Type Description
    ClusterName String K8s cluster name
    Note: This field may return null, indicating that no valid values can be obtained.
    ClusterVersion String K8s cluster version
    Note: This field may return null, indicating that no valid values can be obtained.

    CompliancePeriodTask

    Information of a scheduled task of the compliance baseline check

    Used by actions: DescribeCompliancePeriodTaskList.

    Name Type Description
    PeriodTaskId Integer Scheduled task ID
    AssetType String Asset type
    ASSET_CONTAINER: Container.
    ASSET_IMAGE: Image.
    ASSET_HOST: Server.
    ASSET_K8S: K8s asset.
    LastTriggerTime Timestamp Last trigger time
    Note: This field may return null, indicating that no valid values can be obtained.
    TotalPolicyItemCount Integer Total number of check items
    PeriodRule CompliancePeriodTaskRule Cycle settings
    BenchmarkStandardSet Array of ComplianceBenchmarkStandard List of compliance standards

    CompliancePeriodTaskRule

    Cycle of a scheduled task

    Used by actions: DescribeCompliancePeriodTaskList, DescribeComplianceTaskAssetSummary, ModifyCompliancePeriodTask.

    Name Type Required Description
    Frequency Integer Yes Execution frequency (days). Valid values: 1, 3, 7.
    ExecutionTime String Yes Execution time in the format of "HH:mm:SS"
    Enable Boolean No Whether to enable
    Note: This field may return null, indicating that no valid values can be obtained.

    CompliancePolicyAssetSetItem

    List of check item IDs and asset IDs

    Used by actions: DeleteCompliancePolicyAssetSetFromWhitelist.

    Name Type Required Description
    CustomerPolicyItemId Integer Yes Check item ID
    CustomerAssetItemIdSet Array of Integer No List of IDs of assets to be ignored in the specified check item. If it is empty, it indicates all.

    CompliancePolicyItemSummary

    Aggregated information of a check item

    Used by actions: DescribeCompliancePolicyItemAffectedSummary, DescribeComplianceTaskPolicyItemSummaryList.

    Name Type Description
    CustomerPolicyItemId Integer Unique ID of the customer check item
    BasePolicyItemId Integer Original ID of the check item
    Name String Check item name
    Category String Category of the check item, which is an enumerated string.
    BenchmarkStandardName String Compliance standard
    RiskLevel String Severity. Valid values: RISK_CRITICAL, RISK_HIGH, RISK_MEDIUM, RISK_LOW, RISK_NOTICE.
    AssetType String Asset type of the check item
    LastCheckTime Timestamp Last check time
    Note: This field may return null, indicating that no valid values can be obtained.
    CheckStatus String Check status

    CHECK_INIT: To be checked.

    CHECK_RUNNING: Checking.

    CHECK_FINISHED: Checked.

    CHECK_FAILED: Check failed.
    CheckResult String Check result. Valid values: RESULT_PASSED: Passed.

    RESULT_FAILED: Failed.
    Note: This field may return null, indicating that no valid values can be obtained.
    PassedAssetCount Integer Number of assets that passed the check
    Note: This field may return null, indicating that no valid values can be obtained.
    FailedAssetCount Integer Number of assets that failed the check
    Note: This field may return null, indicating that no valid values can be obtained.
    WhitelistId Integer Allowed item ID of the check item. If it exists and is not 0, the check item is ignored.
    Note: This field may return null, indicating that no valid values can be obtained.
    FixSuggestion String Handling suggestion
    BenchmarkStandardId Integer Compliance standard ID
    ApplicableVersion String TCSS editions that support this check item
    Note: This field may return null, indicating that no valid value was found.

    ComplianceScanFailedAsset

    Information of the asset that failed the check

    Used by actions: DescribeComplianceScanFailedAssetList.

    Name Type Description
    CustomerAssetId Integer Customer asset ID
    AssetType String Asset type
    CheckStatus String Check status
    CHECK_INIT: To be checked.
    CHECK_RUNNING: Checking.
    CHECK_FINISHED: Checked.
    CHECK_FAILED: Check failed.
    AssetName String Asset name
    FailureReason String Cause of the asset check failure
    Suggestion String Suggestion for handling the check failure
    CheckTime Timestamp Check time

    ComplianceWhitelistItem

    Allowed item

    Used by actions: DescribeComplianceWhitelistItemList.

    Name Type Description
    WhitelistItemId Integer Allowed item ID
    CustomerPolicyItemId Integer ID of the customer check item
    Name String Check item name
    StandardName String Compliance standard name
    StandardId Integer Compliance standard ID
    AffectedAssetCount Integer Number of assets affected by the check item
    LastUpdateTime Timestamp Last update time
    InsertTime Timestamp Allowed time

    ComponentInfo

    Container component information

    Used by actions: DescribeAssetComponentList.

    Name Type Description
    Name String Name
    Version String Version

    ComponentsInfo

    Component information

    Used by actions: DescribeAssetImageRegistryVulList.

    Name Type Description
    Version String Component version information
    Note: This field may return null, indicating that no valid values can be obtained.
    FixedVersion String Fixed version
    Note: This field may return·null, indicating that no valid values can be obtained.
    Path String Path
    Note: This field may return·null, indicating that no valid values can be obtained.
    Type String Type
    Note: This field may return·null, indicating that no valid values can be obtained.
    Name String Add-on name
    Note: This field may return null, indicating that no valid values can be obtained.

    ContainerInfo

    List of containers

    Used by actions: DescribeAssetContainerList.

    Name Type Description
    ContainerID String Container ID
    ContainerName String Container name
    Status String Container status
    CreateTime String Creation time
    RunAs String Operator
    Cmd String Command line
    CPUUsage Integer CPU utilization * 1000
    RamUsage Integer Memory usage in KB
    ImageName String Image name
    ImageID String Image ID
    POD String Image ID
    HostID String Server ID
    HostIP String Server IP
    UpdateTime String Update time
    HostName String Server name
    PublicIp String Public IP
    NetStatus String Network status
    NORMAL: Not isolated.
    ISOLATED: Isolated.
    ISOLATING: Isolating.
    ISOLATE_FAILED: Isolation failed.
    RESTORING: Recovering.
    RESTORE_FAILED: Recovery failed.
    NetSubStatus String Sub-status of the network
    IsolateSource String Isolation source
    Note: This field may return null, indicating that no valid values can be obtained.
    IsolateTime String Isolation time
    Note: This field may return null, indicating that no valid values can be obtained.
    NodeID String Super node ID
    PodIP String Pod IP
    PodName String Pod name
    NodeType String Node type. Valid values: NORMAL (general node), SUPER (super node)
    NodeUniqueID String UID of the super node
    PodCpu Integer Number of CPU cores used by the pod
    PodMem Integer Memory specification of the Pod
    ClusterName String
    ClusterID String
    PodUid String

    ContainerMount

    Container mount information

    Used by actions: DescribeAssetContainerDetail.

    Name Type Description
    Type String Mount type: bind.
    Source String Host path
    Destination String Path in the container
    Mode String Mode
    RW Boolean Read/Write permission
    Propagation String Propagation type
    Name String Name
    Driver String Driver

    ContainerNetwork

    Container network information

    Used by actions: DescribeAssetContainerDetail.

    Name Type Description
    EndpointID String Endpoint ID
    Mode String Mode: bridge.
    Name String Network name
    NetworkID String Network ID
    Gateway String Gateway
    Ipv4 String IPv4 address
    Ipv6 String IPv6 address
    MAC String MAC address

    EmergencyVulInfo

    List of emergency vulnerabilities

    Used by actions: DescribeEmergencyVulList.

    Name Type Description
    Name String Vulnerability name
    Tags Array of String Vulnerability tag
    Note: This field may return null, indicating that no valid values can be obtained.
    CVSSV3Score Float CVSS V3 score
    Note: This field may return null, indicating that no valid values can be obtained.
    Level String Risk level
    Note: This field may return null, indicating that no valid values can be obtained.
    CVEID String CVE No.
    Category String Vulnerability type
    Note: This field may return null, indicating that no valid values can be obtained.
    SubmitTime String Vulnerability disclosure time
    Note: This field may return null, indicating that no valid values can be obtained.
    LatestFoundTime String Last discovery time
    Note: This field may return null, indicating that no valid values can be obtained.
    Status String Emergency vulnerability risk information. Valid values: NOT_SCAN (not scanned); SCANNING (scanning); SCANNED_NOT_RISK (scanned and at no risk); SCANNED_RISK (scanned and at risk).
    ID Integer Vulnerability ID
    PocID String POC ID
    DefenceStatus String Defense status. Valid values: NO_DEFENDED, DEFENDED.
    Note: This field may return null, indicating that no valid values can be obtained.
    DefenceScope String Scope of servers with exploit prevention enabled. Valid values: MANUAL (specified servers); ALL (all servers).
    Note: This field may return null, indicating that no valid values can be obtained.
    DefenceHostCount Integer Number of servers with exploit prevention enabled
    Note: This field may return null, indicating that no valid values can be obtained.
    DefendedCount Integer Number of attacks defended against
    Note: This field may return null, indicating that no valid values can be obtained.

    EscapeEventDescription

    Description of the container escape event at runtime

    Used by actions: DescribeEscapeEventDetail.

    Name Type Description
    Description String Event rule
    Solution String Solution
    Remark String Event remarks
    Note: This field may return null, indicating that no valid values can be obtained.
    OperationTime String Last processing time of the event
    Note: This field may return null, indicating that no valid values can be obtained.

    EscapeEventInfo

    List of container escape events

    Used by actions: DescribeEscapeEventInfo.

    Name Type Description
    EventType String Event type.
    ESCAPE_CGROUPS: Cgroup escape.
    ESCAPE_TAMPER_SENSITIVE_FILE: File tamper escape.
    ESCAPE_DOCKER_API: Docker API access escape.
    ESCAPE_VUL_OCCURRED: Vulnerability exploit.
    MOUNT_SENSITIVE_PTAH: Sensitive path mount.
    PRIVILEGE_CONTAINER_START: Privileged container.
    PRIVILEGE: Program privilege escalation escape.
    ContainerName String Container name
    ImageName String Image name
    Status String Status. Valid values: EVENT_UNDEAL (pending); EVENT_DEALED (processed); EVENT_INGNORE (ignored).
    EventId String Unique event ID
    NodeName String Node name
    PodName String Pod (instance) name
    FoundTime Timestamp Generation time
    EventName String Event name
    Host file access escape
    Syscall escape
    Mount namespace escape
    Program privilege escalation escape
    Privileged container startup escape
    Sensitive path mount
    ImageId String Image ID, which is used for redirect.
    ContainerId String Container ID, which is used for redirect.
    Solution String Event solution
    Description String Event description
    EventCount Integer Number of events
    LatestFoundTime Timestamp Last generation time
    NodeIP String Node IP
    Note: This field may return null, indicating that no valid values can be obtained.
    HostID String Server IP
    Note: This field may return null, indicating that no valid values can be obtained.
    ContainerNetStatus String Network status
    NORMAL: Not isolated.
    ISOLATED: Isolated.
    ISOLATING: Isolating.
    ISOLATE_FAILED: Isolation failed.
    RESTORING: Recovering.
    RESTORE_FAILED: Recovery failed.
    Note: This field may return null, indicating that no valid values can be obtained.
    ContainerNetSubStatus String Sub-status of the container
    "AGENT_OFFLINE" // The agent is offline.
    "NODE_DESTROYED" // The node is terminated.
    "CONTAINER_EXITED" // The container exited.
    "CONTAINER_DESTROYED" // The container was terminated.
    "SHARED_HOST" // The container shares the network with the server.
    "RESOURCE_LIMIT" // The number of resources to be isolated exceeds the limit.
    "UNKNOW" // The reason is unknown.
    Note: This field may return null, indicating that no valid values can be obtained.
    ContainerIsolateOperationSrc String Container isolation operation source
    Note: This field may return null, indicating that no valid values can be obtained.
    ContainerStatus String Container status
    RUNNING: Running.
    PAUSED: Paused.
    STOPPED: Stopped.
    CREATED: Created.
    DESTROYED: Terminated.
    RESTARTING: Restarting.
    REMOVING: Removing.
    ClusterID String ID of the cluster where the node resides
    NodeType String Node type. Values: NORMAL (general node), SUPER (super node).
    PodIP String Pod IP
    NodeUniqueID String Unique node ID
    PublicIP String Node public IP
    NodeID String Node ID
    HostIP String Private IP of the node
    ClusterName String Cluster name

    EscapeEventTendencyInfo

    Trend of pending escape events

    Used by actions: DescribeEscapeEventTendency.

    Name Type Description
    RiskContainerEventCount Integer Total number of pending containers at risk
    ProcessPrivilegeEventCount Integer Total number of pending program privilege escalation events
    ContainerEscapeEventCount Integer Total number of pending container escape events
    Date Date Date

    EscapeRule

    Enablement/Disablement of the container escape scan policy

    Used by actions: DescribeEscapeRuleInfo.

    Name Type Description
    Type String Rule type
    ESCAPE_HOST_ACESS_FILE: Host file access escape.
    ESCAPE_MOUNT_NAMESPACE: Mount namespace escape.
    ESCAPE_PRIVILEDGE: Program privilege escalation escape.
    ESCAPE_PRIVILEDGE_CONTAINER_START: Privileged container startup escape.
    ESCAPE_MOUNT_SENSITIVE_PTAH: Sensitive path mount.
    ESCAPE_SYSCALL: Syscall escape.
    Name String Rule name
    Host file access escape
    Syscall escape
    Mount namespace escape
    Program privilege escalation escape
    Privileged container startup escape
    Sensitive path mount
    IsEnable Boolean Whether to enable. Valid values: false (no); true (yes).
    Group String Rule group. Valid values: RISK_CONTAINER (container in risk); PROCESS_PRIVILEGE (program privilege escalation); CONTAINER_ESCAPE (container escape).

    EscapeRuleEnabled

    Enablement/Disablement of the container escape scan policy

    Used by actions: ModifyEscapeRule.

    Name Type Required Description
    Type String Yes Rule type
    ESCAPE_HOST_ACESS_FILE: Host file access escape.
    ESCAPE_MOUNT_NAMESPACE: Mount namespace escape.
    ESCAPE_PRIVILEDGE: Program privilege escalation escape.
    ESCAPE_PRIVILEDGE_CONTAINER_START: Privileged container startup escape.
    ESCAPE_MOUNT_SENSITIVE_PTAH: Sensitive path mount.
    ESCAPE_SYSCALL: Syscall escape.
    IsEnable Boolean Yes Whether to enable. Valid values: false (no); true (yes).

    EscapeWhiteListInfo

    Escape allowlist

    Used by actions: DescribeEscapeWhiteList.

    Name Type Description
    ImageID String Image ID
    ImageName String Image name
    ID Integer Allowed item ID
    HostCount Integer Number of associated servers
    ContainerCount Integer Number of associated containers
    EventType Array of String Allowed event type
    InsertTime String Creation time
    UpdateTime String Update time
    ImageSize Integer Image size

    ExportJobInfo

    Export job details

    Used by actions: DescribeExportJobManageList.

    Name Type Description
    JobID String Job ID
    JobName String Job name
    Source String Source
    ExportStatus String Export status
    ExportProgress Integer Export progress
    FailureMsg String Reason for failure
    Timeout String Timeout threshold
    InsertTime String Insertion time

    FileAttributeInfo

    Container runtime security - File attribute information

    Used by actions: DescribeAccessControlDetail.

    Name Type Description
    FileName String Filename
    FileType String File type
    FileSize Integer File size in bytes
    FilePath String File path
    FileCreateTime Timestamp File creation time
    LatestTamperedFileMTime Timestamp Time when the file is last tampered with
    NewFile String Content of the new file
    FileDiff String Differences between old and new files

    HostInfo

    List of server IDs

    Used by actions: DescribeAssetHostList.

    Name Type Description
    HostID String Server ID
    HostIP String Server IP, which is the private IP
    HostName String Server name
    Group String Project
    DockerVersion String Docker version
    DockerFileSystemDriver String Docker file system type
    ImageCnt Integer Number of images
    ContainerCnt Integer Number of containers
    Status String Agent status
    IsContainerd Boolean Whether it is Containerd
    MachineType String Server source. Valid values: CVM, ECM, LH, BM, Other. The first four values indicate Tencent Cloud instances, while the last one indicates non-Tencent Cloud instances.
    PublicIp String Public IP
    Uuid String Server UUID
    InstanceID String Server instance ID
    RegionID Integer Region ID
    Project ProjectInfo Project
    Note: This field may return null, indicating that no valid value was found.
    Tags Array of TagInfo Tags
    Note: This field may return null, indicating that no valid value was found.
    ClusterID String Cluster ID
    ClusterName String
    ClusterAccessedStatus String

    ImageAutoAuthorizedTask

    Information of the automatic image licensing task

    Used by actions: DescribeImageAutoAuthorizedTaskList.

    Name Type Description
    TaskId Integer Task ID
    Type String Licensing method. Valid values: AUTO (automatic licensing); MANUAL (manual licensing).
    AuthorizedDate Date Task date
    Source String Image source. Valid values: LOCAL (local image); REGISTRY (repository image).
    LastAuthorizedTime String Last licensing time
    SuccessCount Integer Number of images automatically licensed successfully
    FailCount Integer Number of images failed to be automatically licensed
    LatestFailCode String Error code for the last task. Valid values: REACH_LIMIT (reaching the upper limit on licenses); LICENSE_INSUFFICIENT (insufficient licenses).

    ImageComponent

    Information of a component in the image

    Used by actions: DescribeImageComponentList.

    Name Type Description
    Name String Component name
    Version String Component version
    Path String Component path
    Type String Component type
    VulCount Integer Number of component vulnerabilities
    Note: This field may return null, indicating that no valid values can be obtained.
    ImageID String Image ID
    Note: This field may return null, indicating that no valid values can be obtained.

    ImageHost

    List of images associated with servers

    Used by actions: DescribeAssetImageHostList.

    Name Type Description
    ImageID String Image ID
    HostID String Server ID

    ImageInfo

    Basic image information

    Used by actions: CreateAssetImageRegistryScanTask, CreateAssetImageRegistryScanTaskOneKey, DescribeAssetImageRegistryRiskInfoList, DescribeAssetImageRegistryRiskListExport, DescribeAssetImageRegistryScanStatusOneKey, DescribeAssetImageRegistryVirusList, DescribeAssetImageRegistryVirusListExport, DescribeAssetImageRegistryVulList, DescribeAssetImageRegistryVulListExport, DescribeImageRegistryTimingScanTask, ModifyAssetImageRegistryScanStop, ModifyAssetImageRegistryScanStopOneKey, UpdateImageRegistryTimingScanTask.

    Name Type Required Description
    InstanceName String Yes Instance name
    Namespace String Yes Namespace
    ImageName String Yes Image name
    ImageTag String Yes Image tag
    Force String Yes Forced scan
    ImageDigest String No Image ID
    RegistryType String No Repository type
    ImageRepoAddress String No Image repository address
    InstanceId String No Instance ID

    ImageProgress

    Basic image information

    Used by actions: DescribeAssetImageRegistryScanStatusOneKey.

    Name Type Description
    ImageId String Image ID
    Note: This field may return null, indicating that no valid values can be obtained.
    RegistryType String Repository type
    Note: This field may return null, indicating that no valid values can be obtained.
    ImageRepoAddress String Image repository address
    Note: This field may return null, indicating that no valid values can be obtained.
    InstanceId String Instance ID
    Note: This field may return null, indicating that no valid values can be obtained.
    InstanceName String Instance name
    Note: This field may return null, indicating that no valid values can be obtained.
    Namespace String Namespace
    Note: This field may return null, indicating that no valid values can be obtained.
    ImageName String Repository name
    Note: This field may return null, indicating that no valid values can be obtained.
    ImageTag String Image tag
    Note: This field may return null, indicating that no valid values can be obtained.
    ScanStatus String Image scanning status
    Note: This field may return null, indicating that no valid values can be obtained.
    CveProgress Integer CVE scanning progress of the image
    Note: This field may return null, indicating that no valid values can be obtained.
    RiskProgress Integer Sensitive data scanning progress of the image
    Note: This field may return null, indicating that no valid values can be obtained.
    VirusProgress Integer Trojan scanning progress of the image
    Note: This field may return null, indicating that no valid values can be obtained.

    ImageRepoInfo

    List of image repositories

    Used by actions: DescribeAssetImageRegistryList.

    Name Type Description
    ImageDigest String Image digest
    ImageRepoAddress String Image repository address
    RegistryType String Repository type
    ImageName String Image name
    ImageTag String Image tag
    ImageSize Integer Image size
    ScanTime String Last scan time
    ScanStatus String Scanning status
    VulCnt Integer Number of vulnerabilities
    VirusCnt Integer Number of viruses and trojans
    RiskCnt Integer Number of risky behaviors
    IsTrustImage Boolean Whether it is a trusted image
    OsName String Image system
    ScanVirusError String Trojan scan error
    Note: This field may return null, indicating that no valid values can be obtained.
    ScanVulError String Vulnerability scan error
    Note: This field may return null, indicating that no valid values can be obtained.
    InstanceId String Instance ID
    InstanceName String Instance name
    Namespace String Namespace
    ScanRiskError String High-risk scan error
    Note: This field may return null, indicating that no valid values can be obtained.
    ScanVirusProgress Integer Sensitive data scanning progress
    Note: This field may return null, indicating that no valid values can be obtained.
    ScanVulProgress Integer Trojan scanning progress
    Note: This field may return null, indicating that no valid values can be obtained.
    ScanRiskProgress Integer Vulnerability scanning progress
    Note: This field may return null, indicating that no valid values can be obtained.
    ScanRemainTime Integer Remaining scan time in seconds
    Note: This field may return null, indicating that no valid values can be obtained.
    CveStatus String CVE scanning status
    Note: This field may return null, indicating that no valid values can be obtained.
    RiskStatus String High-risk scanning status
    Note: This field may return null, indicating that no valid values can be obtained.
    VirusStatus String Trojan scanning status
    Note: This field may return null, indicating that no valid values can be obtained.
    Progress Integer Overall progress
    Note: This field may return null, indicating that no valid values can be obtained.
    IsAuthorized Integer Licensing status
    RegistryRegion String Repository region
    Id Integer List of IDs
    ImageId String Image ID
    Note: This field may return null, indicating that no valid values can be obtained.
    ImageCreateTime Timestamp ISO8601 Image creation time
    Note: This field may return null, indicating that no valid values can be obtained.
    IsLatestImage Boolean Whether it is the latest image tag
    Note: This field may return null, indicating that no valid values can be obtained.

    ImageRepoRegistryInfo

    Used by actions: DescribeAssetImageRegistryRegistryList.

    Name Type Description
    RegistryId Integer
    Name String
    RegistryType String
    Url String
    NetType String
    RegistryRegion String
    RegistryVersion String
    ConnectMsg String
    ConnDetectType String
    ConnDetectHostCount Integer
    ConnDetectDetail Array of RegistryConnDetectResult
    InstanceID String
    LatestSyncTime String
    SyncStatus String
    SyncFailReason String
    SyncSolution String
    SyncMessage String

    ImageRisk

    Information of a high-risk behavior in the image

    Used by actions: DescribeAssetImageRegistryRiskInfoList.

    Name Type Description
    Behavior Integer High-risk behavior
    Note: This field may return null, indicating that no valid values can be obtained.
    Type Integer Type
    Note: This field may return null, indicating that no valid values can be obtained.
    Level String Risk level
    Note: This field may return null, indicating that no valid values can be obtained.
    Desc String Description
    Note: This field may return null, indicating that no valid values can be obtained.
    InstructionContent String Solution
    Note: This field may return null, indicating that no valid values can be obtained.

    ImageRiskInfo

    Image risk details

    Used by actions: DescribeAssetImageRiskList.

    Name Type Description
    Behavior Integer Behavior
    Type Integer Type
    Level Integer Level
    Desc String Details
    InstructionContent String Solution

    ImageRiskTendencyInfo

    Trend information of security events at runtime

    Used by actions: DescribeImageRiskTendency.

    Name Type Description
    ImageRiskSet Array of RunTimeTendencyInfo List of trends
    ImageRiskType String Risk type:
    IRT_VULNERABILITY: Vulnerability.
    IRT_MALWARE_VIRUS: Virus and trojan.
    IRT_RISK: Sensitive data.

    ImageSimpleInfo

    List of images

    Used by actions: DescribeImageSimpleList.

    Name Type Description
    ImageID String Image ID
    ImageName String Image name
    Size Integer Image size
    ImageType String Type
    ContainerCnt Integer Number of associated containers

    ImageVirus

    Information of a virus in the image

    Used by actions: DescribeAssetImageRegistryVirusList.

    Name Type Description
    Path String Path
    Note: This field may return null, indicating that no valid values can be obtained.
    RiskLevel String Risk level
    Note: This field may return null, indicating that no valid values can be obtained.
    Category String Category
    Note: This field may return null, indicating that no valid values can be obtained.
    VirusName String Virus name
    Note: This field may return null, indicating that no valid values can be obtained.
    Tags Array of String Tag
    Note: This field may return null, indicating that no valid values can be obtained.
    Desc String Description
    Note: This field may return null, indicating that no valid values can be obtained.
    Solution String Solution
    Note: This field may return null, indicating that no valid values can be obtained.
    FileType String File type
    Note: This field may return null, indicating that no valid values can be obtained.
    FileName String File path
    Note: This field may return null, indicating that no valid values can be obtained.
    FileMd5 String MD5 checksum of the file
    Note: This field may return null, indicating that no valid values can be obtained.
    FileSize Integer Size
    Note: This field may return null, indicating that no valid values can be obtained.
    FirstScanTime String First discovery time
    Note: This field may return null, indicating that no valid values can be obtained.
    LatestScanTime String Last scan time
    Note: This field may return null, indicating that no valid values can be obtained.

    ImageVirusInfo

    Information of a virus in the image

    Used by actions: DescribeAssetImageVirusList.

    Name Type Description
    Path String Path
    Note: This field may return null, indicating that no valid values can be obtained.
    RiskLevel Integer Risk level
    Note: This field may return null, indicating that no valid values can be obtained.
    VirusName String Virus name
    Note: This field may return null, indicating that no valid values can be obtained.
    Tags Array of String Tag
    Note: This field may return null, indicating that no valid values can be obtained.
    Desc String Description
    Note: This field may return null, indicating that no valid values can be obtained.
    Solution String Fix suggestion
    Note: This field may return null, indicating that no valid values can be obtained.
    Size Integer Size
    Note: This field may return null, indicating that no valid values can be obtained.
    FirstScanTime String First discovery time
    Note: This field may return null, indicating that no valid values can be obtained.
    LatestScanTime String Last scan time
    Note: This field may return null, indicating that no valid values can be obtained.
    Md5 String MD5 checksum of the file
    Note: This field may return null, indicating that no valid values can be obtained.
    FileName String Filename
    Note: This field may return null, indicating that no valid values can be obtained.
    CheckPlatform Array of String Check platform
    1: Tencent Cloud Security Engine.
    2: tav.
    3: binaryAi.
    4: Unusual behavior.
    5: Threat intelligence.
    Note: This field may return null, indicating that no valid values can be obtained.

    ImageVul

    Information of a vulnerability in the image

    Used by actions: DescribeAssetImageRegistryVulList.

    Name Type Description
    CVEID String Vulnerability ID
    Note: This field may return null, indicating that no valid values can be obtained.
    POCID String POC ID
    Note: This field may return null, indicating that no valid values can be obtained.
    Name String Vulnerability name
    Note: This field may return null, indicating that no valid values can be obtained.
    Components Array of ComponentsInfo Component information
    Note: This field may return null, indicating that no valid values can be obtained.
    Category String Category
    Note: This field may return null, indicating that no valid values can be obtained.
    CategoryType String Category 2
    Note: This field may return null, indicating that no valid values can be obtained.
    Level String Risk level
    Note: This field may return null, indicating that no valid values can be obtained.
    Des String Description
    Note: This field may return null, indicating that no valid values can be obtained.
    OfficialSolution String Solution
    Note: This field may return null, indicating that no valid values can be obtained.
    Reference String Reference
    Note: This field may return null, indicating that no valid values can be obtained.
    DefenseSolution String Defense solution
    Note: This field may return null, indicating that no valid values can be obtained.
    SubmitTime String Submission time
    Note: This field may return null, indicating that no valid values can be obtained.
    CvssScore String CVSS score
    Note: This field may return null, indicating that no valid values can be obtained.
    CvssVector String CVSS information
    Note: This field may return null, indicating that no valid values can be obtained.
    IsSuggest String Whether fix is suggested
    Note: This field may return null, indicating that no valid values can be obtained.
    FixedVersions String Number of the fixed version
    Note: This field may return null, indicating that no valid values can be obtained.
    Tag Array of String Vulnerability tag. Valid values: CanBeFixed, DynamicLevelPoc, DynamicLevelExp.
    Note: This field may return null, indicating that no valid values can be obtained.
    Component String Component name
    Note: This field may return null, indicating that no valid values can be obtained.
    Version String Component version
    Note: This field may return null, indicating that no valid values can be obtained.

    ImagesBindRuleInfo

    Information of the runtime rule bound to the image

    Used by actions: DescribeAssetImageBindRuleInfo.

    Name Type Description
    ImageId String Image ID
    ImageName String Image name
    ContainerCnt Integer Number of associated containers
    RuleId String Bound rule ID
    Note: This field may return null, indicating that no valid values can be obtained.
    RuleName String Rule name
    Note: This field may return null, indicating that no valid values can be obtained.
    ImageSize Integer Image size
    Note: This field may return null, indicating that no valid values can be obtained.
    ScanTime String Last scan time
    Note: This field may return null, indicating that no valid values can be obtained.

    ImagesInfo

    List of image IDs

    Used by actions: DescribeAssetImageList.

    Name Type Description
    ImageID String Image ID
    ImageName String Image name
    CreateTime String Creation time
    Size Integer Image size
    HostCnt Integer Number of servers
    ContainerCnt Integer Number of containers
    ScanTime String Scan time
    VulCnt Integer Number of vulnerabilities
    VirusCnt Integer Number of viruses
    RiskCnt Integer Number of sensitive data items
    IsTrustImage Boolean Whether it is a trusted image
    OsName String Image system
    AgentError String Image scan error in the agent
    ScanError String Image scan error on the backend
    ScanStatus String Scanning status
    ScanVirusError String Trojan scan error message
    ScanVulError String Vulnerability scan error message
    ScanRiskError String Risk scan error message
    IsSuggest Integer Whether the image is of high priority. Valid values: 0 (no); others (yes).
    IsAuthorized Integer Whether it is licensed. Valid values: 1 (yes); 0 (no).
    ComponentCnt Integer Number of components

    ImagesVul

    Vulnerability in the image

    Used by actions: DescribeAssetImageVulList.

    Name Type Description
    CVEID String Vulnerability ID
    Name String Vulnerability name
    Component String Component
    Version String Version
    Category String Category
    CategoryType String Category 2
    Level Integer Risk level
    Des String Description
    OfficialSolution String Solution
    Reference String Reference
    DefenseSolution String Defense solution
    SubmitTime String Submission time
    CVSSV3Score Float CVSS V3 score
    CVSSV3Desc String CVSS V3 description
    IsSuggest Boolean Whether it is of high priority. Valid values: true (yes); false (no).
    FixedVersions String Number of the fixed version
    Note: This field may return null, indicating that no valid values can be obtained.
    Tag Array of String Vulnerability tag. Valid values: CanBeFixed, DynamicLevelPoc, DynamicLevelExp.
    Note: This field may return null, indicating that no valid values can be obtained.

    K8sApiAbnormalEventInfo

    K8sApi api abnormal event details

    Used by actions: DescribeK8sApiAbnormalEventInfo.

    Name Type Description
    MatchRuleName String Hit rule name
    MatchRuleType String Hit rule type
    RiskLevel String Alarm level
    ClusterID String Cluster ID
    ClusterName String Cluster name
    ClusterRunningStatus String Cluster running status
    FirstCreateTime String First creation time
    LastCreateTime String Last creation time
    AlarmCount Integer Number of alarms
    Status String Status
    EVENT_UNDEAL: Unhandled
    EVENT_DEALED: Handled
    EVENT_IGNORE: Ignored
    EVENT_DEL: Deleted
    EVENT_ADD_WHITE: Added to an allowlist
    ClusterMasterIP String The master IP of a cluster
    K8sVersion String K8s version
    RunningComponent Array of String Runtime component
    Desc String Description
    Suggestion String Suggestion
    Info String Request information
    MatchRuleID String Rule ID
    HighLightFields Array of String An array of highlighted fields
    MatchRule K8sApiAbnormalRuleScopeInfo Hit rule

    K8sApiAbnormalEventListItem

    Items in the K8sApi abnormal event list

    Used by actions: DescribeK8sApiAbnormalEventList.

    Name Type Description
    ID Integer Event ID
    MatchRuleType String Hit rule type
    RiskLevel String Threat level
    ClusterID String Cluster ID
    ClusterName String Cluster name
    ClusterRunningStatus String Cluster running status
    FirstCreateTime String First creation time
    LastCreateTime String Last creation time
    AlarmCount Integer Number of alarms
    Status String Status
    RuleType String Rule type
    Desc String Description
    Suggestion String Solution
    RuleName String Rule name
    MatchRule K8sApiAbnormalRuleScopeInfo Hit rule

    K8sApiAbnormalRuleInfo

    K8sApi abnormal request rule details

    Used by actions: CreateK8sApiAbnormalRuleInfo, DescribeK8sApiAbnormalRuleInfo, ModifyK8sApiAbnormalRuleInfo.

    Name Type Required Description
    RuleName String Yes Rule name
    Status Boolean Yes Status
    RuleInfoList Array of K8sApiAbnormalRuleScopeInfo Yes Rule information list
    EffectClusterIDSet Array of String Yes Effective cluster IDSet
    RuleType String Yes Rule type
    RT_SYSTEM: System rules
    RT_USER: User-defined rules
    EffectAllCluster Boolean Yes Whether all clusters are effective
    RuleID String No Rule ID

    K8sApiAbnormalRuleListItem

    Items in the list of K8sApi abnormal request rules

    Used by actions: DescribeK8sApiAbnormalRuleList.

    Name Type Description
    RuleID String Rule ID
    RuleName String Rule name
    RuleType String Rule type
    RT_SYSTEM System rules
    RT_USER User defined
    EffectClusterCount Integer Total number of affected clusters
    UpdateTime String Update time
    OprUin String Edit account
    Status Boolean Status

    K8sApiAbnormalRuleScopeInfo

    Configuration range of K8sApi abnormal event rules

    Used by actions: CreateK8sApiAbnormalRuleInfo, DescribeK8sApiAbnormalEventInfo, DescribeK8sApiAbnormalEventList, DescribeK8sApiAbnormalRuleInfo, DescribeK8sApiAbnormalRuleScopeList, ModifyK8sApiAbnormalRuleInfo.

    Name Type Required Description
    Scope String Yes Range
    System event:
    ANONYMOUS_ACCESS: Anonymous access
    ABNORMAL_UA_REQ: Abnormal UA request
    ANONYMOUS_ABNORMAL_PERMISSION: Abnormal changes on permissions of an anonymous user
    GET_CREDENTIALS: Credential information acquisition
    MOUNT_SENSITIVE_PATH: Sensitive path mounting
    COMMAND_RUN: Command execution
    PRIVILEGE_CONTAINER: Privilege container
    EXCEPTION_CRONTAB_TASK: Aabnormal scheduled task
    STATICS_POD: Static pod creation
    ABNORMAL_CREATE_POD: Abnormal pod creation
    USER_DEFINED: User defined
    Action String Yes Action (RULE_MODE_ALERT: Alarm RULE_MODE_RELEASE: Release)
    RiskLevel String No Threat level: "HIGH": High-risk level; "MIDDLE": Middle-risk level; "LOW": Low-risk level; "NOTICE": Notice level
    Note: This field may return null, indicating that no valid value was found.
    Status Boolean No Switch status (true: On; false: Off): applicable to system rules.
    Note: This field may return null, indicating that no valid value was found.
    IsDelete Boolean No Whether to delete: applicable to custom rule input parameters.
    Note: This field may return null, indicating that no valid value was found.

    K8sApiAbnormalTendencyItem

    Items in the list of K8sApi abnormal request trends

    Used by actions: DescribeK8sApiAbnormalTendency.

    Name Type Description
    Date String Date
    ExceptionUARequestCount Integer The number of abnormal UA request events
    AnonymousUserRightCount Integer The number of anonymous user permission events
    CredentialInformationObtainCount Integer The number of credential information acquisition events
    SensitiveDataMountCount Integer The number of sensitive data mounting events
    CmdExecCount Integer The number of command execution events
    AbnormalScheduledTaskCount Integer The number of abnormal scheduled task events
    StaticsPodCreateCount Integer The number of static pods created
    DoubtfulContainerCreateCount Integer The number of suspicious containers created
    UserDefinedRuleCount Integer The number of custom rule events
    AnonymousAccessCount Integer The number of anonymous access events
    PrivilegeContainerCount Integer The number of privilege container events

    ModifyIgnoreVul

    Input parameters for adding and unignoring vulnerabilities in the scan

    Used by actions: AddIgnoreVul, DeleteIgnoreVul.

    Name Type Required Description
    PocID String Yes POC ID
    ImageIDs Array of String No IDs of images to be ignored. If it is not specified, it indicates to ignore all.
    ImageType String No When there is an image
    Image type. Valid values: LOCAL (local image); REGISTRY (repository image).

    NetworkAuditRecord

    The structure returned by the audit of the network cluster asset

    Used by actions: DescribeNetworkFirewallAuditRecord.

    Name Type Description
    ClusterId String Cluster ID
    ClusterName String Cluster name
    Region String Cluster region
    Action String Action
    Operation String Operator
    NetworkPolicyName String Policy name
    OperationTime String Operation time
    AppId Integer Operator appid
    Note: This field may return null, indicating that no valid values can be obtained.
    Uin String Operator UIN
    PolicyId Integer The policy ID.
    Note: This field may return·null, indicating that no valid values can be obtained.

    NetworkClusterInfoItem

    Response parameters structure of the network cluster asset

    Used by actions: DescribeNetworkFirewallClusterList.

    Name Type Description
    ClusterId String Cluster ID
    ClusterName String Cluster name
    ClusterVersion String Cluster version
    ClusterOs String Cluster OS
    ClusterType String Cluster type
    Region String Cluster region
    NetworkPolicyPlugin String Cluster network plugin
    ClusterStatus String Cluster status
    TotalRuleCount Integer Total number of policies
    EnableRuleCount Integer Number of enabled policies
    NetworkPolicyPluginStatus String Status of the cluster network plugin. Valid values: Running (normal); Error (abnormal).
    NetworkPolicyPluginError String Error message of the cluster network plugin
    Note: This field may return null, indicating that no valid values can be obtained.
    ClusterNetworkSettings String Cluster network plugin
    Note: This field may return·null, indicating that no valid values can be obtained.

    NetworkClusterNamespaceLabelInfo

    Response parameters structure of the network space label

    Used by actions: DescribeNetworkFirewallNamespaceLabelList.

    Name Type Description
    Labels String Network space label
    Name String Network space name

    NetworkClusterPodInfo

    Response parameters structure of the network cluster Pod

    Used by actions: DescribeNetworkFirewallPodLabelsList.

    Name Type Description
    PodName String Pod name
    Namespace String Pod space
    Note: This field may return null, indicating that no valid values can be obtained.
    Labels String Pod label
    Note: This field may return null, indicating that no valid values can be obtained.
    WorkloadKind String Pod type
    Note: This field may return null, indicating that no valid values can be obtained.

    NetworkCustomPolicy

    Custom rule of the network cluster policy

    Used by actions: AddAndPublishNetworkFirewallPolicyDetail, AddNetworkFirewallPolicyDetail, DescribeNetworkFirewallPolicyDetail, UpdateAndPublishNetworkFirewallPolicyDetail, UpdateNetworkFirewallPolicyDetail.

    Name Type Required Description
    Direction String Yes Network policy direction. Valid values: FROM, TO.
    Ports Array of NetworkPorts No Network policy port
    Note: This field may return null, indicating that no valid values can be obtained.
    Peer Array of NetworkPeer No Network policy object

    PublishedNoConfirm: Enabled and to be confirmed.

    PublishedConfirmed: Enabled and confirmed.

    unPublishing: Disabled.

    Publishing: Enabled.

    unPublishEdit: To be enabled.
    Note: This field may return null, indicating that no valid values can be obtained.

    NetworkPeer

    Custom rule of the network cluster policy

    Used by actions: AddAndPublishNetworkFirewallPolicyDetail, AddNetworkFirewallPolicyDetail, DescribeNetworkFirewallPolicyDetail, UpdateAndPublishNetworkFirewallPolicyDetail, UpdateNetworkFirewallPolicyDetail.

    Name Type Required Description
    PeerType String Yes Object type:

    Namespace: NamespaceSelector, which indicates that NamespaceSelector has a value.

    Pod type: PodSelector, which indicates that both NamespaceSelector and PodSelector have values.

    IP type: IPBlock, which indicates that only IPBlock has a value.
    NamespaceSelector String No Namespace selector
    Note: This field may return null, indicating that no valid values can be obtained.
    PodSelector String No Pod selector
    Note: This field may return null, indicating that no valid values can be obtained.
    IPBlock String No IP selector
    Note: This field may return null, indicating that no valid values can be obtained.

    NetworkPolicyInfoItem

    Response parameters structure of the network cluster policy

    Used by actions: DescribeNetworkFirewallPolicyList.

    Name Type Description
    Name String Network policy name
    Description String Network policy description
    Note: This field may return null, indicating that no valid values can be obtained.
    PublishStatus String Publishing status:

    PublishedNoConfirm: Enabled and to be confirmed.

    PublishedConfirmed: Enabled and confirmed.

    unPublishing: Disabled.

    Publishing: Enabled.

    unPublishEdit: To be enabled.
    PolicySourceType String Policy type:

    System: Synched from the cluster.

    Manual: Added manually.
    Namespace String Policy space
    PolicyCreateTime String Policy creation date
    NetworkPolicyPlugin String Policy type

    kube-router: KubeRouter

    cilium: Cilium
    PublishResult String Policy publishing result
    Note: This field may return null, indicating that no valid values can be obtained.
    FromPolicyRule Integer Inbound rule

    1: Allow all.

    2: Reject all.

    3: Custom.
    ToPolicyRule Integer Inbound rule

    1: Allow all.

    2: Reject all.

    3: Custom.
    PodSelector String Object
    Note: This field may return null, indicating that no valid values can be obtained.
    Id Integer Network policy ID

    NetworkPorts

    Port of the custom rule of the network cluster policy

    Used by actions: AddAndPublishNetworkFirewallPolicyDetail, AddNetworkFirewallPolicyDetail, DescribeNetworkFirewallPolicyDetail, UpdateAndPublishNetworkFirewallPolicyDetail, UpdateNetworkFirewallPolicyDetail.

    Name Type Required Description
    Protocol String No Protocol of the network policy
    Note: This field may return null, indicating that no valid values can be obtained.
    Port String No Port of the network policy
    Note: This field may return null, indicating that no valid values can be obtained.

    PortInfo

    List of ports

    Used by actions: DescribeAssetPortList.

    Name Type Description
    Type String Type
    PublicIP String Public IP
    PublicPort Integer Server port
    ContainerPort Integer Container port
    ContainerPID Integer Container PID
    ContainerName String Container name
    HostID String Server ID
    HostIP String Server IP
    ProcessName String Process name
    ListenContainer String Monitored address in the container
    ListenHost String Monitored address outside the container
    RunAs String Operating account
    HostName String Server name
    PublicIp String Public IP
    NodeID String Node ID
    PodIP String Pod IP
    PodName String Pod name
    NodeType String Node type.
    NodeUniqueID String UID of the super node

    ProcessBaseInfo

    Runtime security - Basic process information

    Used by actions: DescribeAbnormalProcessDetail, DescribeAccessControlDetail, DescribeEscapeEventDetail, DescribeReverseShellDetail, DescribeRiskSyscallDetail.

    Name Type Description
    ProcessStartUser String Process initiator
    Note: This field may return null, indicating that no valid values can be obtained.
    ProcessUserGroup String Process user group
    Note: This field may return null, indicating that no valid values can be obtained.
    ProcessPath String Process path
    Note: This field may return null, indicating that no valid values can be obtained.
    ProcessParam String Process command line parameter
    Note: This field may return null, indicating that no valid values can be obtained.

    ProcessDetailBaseInfo

    Runtime security details - Basic process information

    Used by actions: DescribeAbnormalProcessDetail, DescribeReverseShellDetail, DescribeRiskSyscallDetail.

    Name Type Description
    ProcessName String Process name
    ProcessId Integer Process PID
    ProcessStartUser String Process initiator
    ProcessUserGroup String Process user group
    ProcessPath String Process path
    ProcessParam String Process command line parameter

    ProcessDetailInfo

    Runtime security details - Process information

    Used by actions: DescribeAbnormalProcessDetail, DescribeAccessControlDetail, DescribeEscapeEventDetail, DescribeReverseShellDetail, DescribeRiskSyscallDetail.

    Name Type Description
    ProcessName String Process name
    ProcessAuthority String Process permission
    ProcessId Integer Process PID
    ProcessStartUser String Process initiator
    ProcessUserGroup String Process user group
    ProcessPath String Process path
    ProcessTree String Process tree
    ProcessMd5 String Process MD5
    ProcessParam String Process command line parameter

    ProcessInfo

    List of processes

    Used by actions: DescribeAssetProcessList.

    Name Type Description
    StartTime String Process start time
    RunAs String Operator
    CmdLine String Command line parameter
    Exe String Exe path
    PID Integer Server PID
    ContainerPID Integer Container PID
    ContainerName String Container name
    HostID String Server ID
    HostIP String Server IP
    ProcessName String Process name
    HostName String Server name
    PublicIp String Public IP
    NodeID String Node ID
    PodIP String Pod IP
    PodName String Pod name
    NodeType String Node type.
    NodeUniqueID String UID of the super node

    ProjectInfo

    The project to which the host belongs

    Used by actions: DescribeAssetHostDetail, DescribeAssetHostList.

    Name Type Description
    ProjectName String Project name
    ProjectID Integer Project ID

    PromotionActivityContent

    Promotion content

    Used by actions: DescribePromotionActivity.

    Name Type Description
    MonthNum Integer Number of months
    CoresCountLimit Integer Minimum number of cores
    ProfessionalDiscount Integer Discount on the Pro Edition
    ImageAuthorizationNum Integer Number of free images

    RaspInfo

    RASP information of vulnerability defense plugin

    Used by actions: DescribeVulDefenceEventDetail.

    Name Type Description
    Name String RASP name
    Value String RASP description

    RegionInfo

    Region information

    Used by actions: DescribeSecLogDeliveryClsOptions, DescribeSecLogDeliveryKafkaOptions.

    Name Type Description
    Region String Region identifier
    RegionName String Region name

    RegistryConnDetectResult

    Used by actions: DescribeAssetImageRegistryRegistryList.

    Name Type Description
    Quuid String
    Uuid String
    ConnDetectStatus String
    ConnDetectMessage String
    Solution String
    FailReason String

    ReverseShellEventDescription

    Description of the container reverse shell event at runtime

    Used by actions: DescribeReverseShellDetail.

    Name Type Description
    Description String Description
    Solution String Solution
    Remark String Event remarks
    Note: This field may return null, indicating that no valid values can be obtained.
    DstAddress String Destination address
    OperationTime String Last processing time of the event
    Note: This field may return null, indicating that no valid values can be obtained.

    ReverseShellEventInfo

    Container runtime security - Information of the reverse shell

    Used by actions: DescribeReverseShellEvents.

    Name Type Description
    ProcessName String Process name
    ProcessPath String Process path
    ImageId String Image ID
    ContainerId String Container ID
    ImageName String Image name
    ContainerName String Container name
    FoundTime String Generation time
    Solution String Event solution
    Description String Event description
    Status String Status. EVENT_UNDEAL: Pending.
    EVENT_DEALED: Processed.
    EVENT_INGNORE: Ignored.
    EVENT_ADD_WHITE: Allowed.
    EventId String Event ID
    Remark String Remarks
    PProcessName String Parent process name
    EventCount Integer Number of events
    LatestFoundTime String Last generation time
    DstAddress String Destination address
    ContainerNetStatus String Network status
    NORMAL: Not isolated.
    ISOLATED: Isolated.
    ISOLATING: Isolating.
    ISOLATE_FAILED: Isolation failed.
    RESTORING: Recovering.
    RESTORE_FAILED: Recovery failed.
    ContainerNetSubStatus String Sub-status of the container
    "AGENT_OFFLINE" // The agent is offline.
    "NODE_DESTROYED" // The node is terminated.
    "CONTAINER_EXITED" // The container exited.
    "CONTAINER_DESTROYED" // The container was terminated.
    "SHARED_HOST" // The container shares the network with the server.
    "RESOURCE_LIMIT" // The number of resources to be isolated exceeds the limit.
    "UNKNOW" // The reason is unknown.
    ContainerIsolateOperationSrc String Container isolation operation source
    ContainerStatus String Container status
    RUNNING: Running.
    PAUSED: Paused.
    STOPPED: Stopped.
    CREATED: Created.
    DESTROYED: Terminated.
    RESTARTING: Restarting.
    REMOVING: Removing.

    ReverseShellWhiteListBaseInfo

    Information of an allowed reverse shell

    Used by actions: DescribeReverseShellWhiteLists.

    Name Type Description
    Id String Allowed item ID
    ImageCount Integer Number of images
    ProcessName String Connection process name
    DstIp String Destination address IP
    CreateTime Timestamp Creation time
    UpdateTime Timestamp Update time
    DstPort String Target port
    IsGlobal Boolean Whether it is allowed globally. true: Yes.
    ImageIds Array of String Array of image IDs. An empty array indicates all.

    ReverseShellWhiteListInfo

    Information of an allowed reverse shell

    Used by actions: AddEditReverseShellWhiteList, DescribeReverseShellWhiteListDetail.

    Name Type Required Description
    DstIp String Yes Target IP
    DstPort String Yes Target port
    ProcessName String Yes Target process
    ImageIds Array of String Yes Array of image IDs. An empty array indicates all.
    Id String No Allowed item ID, which is empty if the item is newly created.

    RiskSyscallEventDescription

    Description of the high-risk container syscall event at runtime

    Used by actions: DescribeRiskSyscallDetail.

    Name Type Description
    Description String Description
    Solution String Solution
    Remark String Event remarks
    Note: This field may return null, indicating that no valid values can be obtained.
    SyscallName String Syscall name
    OperationTime String Last processing time of the event
    Note: This field may return null, indicating that no valid values can be obtained.

    RiskSyscallEventInfo

    Container runtime security - Information of the high-risk syscall

    Used by actions: DescribeRiskSyscallEvents.

    Name Type Description
    ProcessName String Process name
    ProcessPath String Process path
    ImageId String Image ID
    ContainerId String Container ID
    ImageName String Image name
    ContainerName String Container name
    FoundTime String Generation time
    Solution String Event solution
    Description String Event description
    SyscallName String Syscall name
    Status String Status. EVENT_UNDEAL: Pending.
    EVENT_DEALED: Processed.
    EVENT_INGNORE: Ignored.
    EVENT_ADD_WHITE: Allowed.
    EventId String Event ID
    NodeName String Node name
    PodName String Pod (instance) name
    Remark String Remarks
    RuleExist Boolean Whether the system monitoring rule name exists
    EventCount Integer Number of events
    LatestFoundTime String Last generation time
    ContainerNetStatus String Network status
    NORMAL: Not isolated.
    ISOLATED: Isolated.
    ISOLATING: Isolating.
    ISOLATE_FAILED: Isolation failed.
    RESTORING: Recovering.
    RESTORE_FAILED: Recovery failed.
    ContainerNetSubStatus String Sub-status of the container
    "AGENT_OFFLINE" // The agent is offline.
    "NODE_DESTROYED" // The node is terminated.
    "CONTAINER_EXITED" // The container exited.
    "CONTAINER_DESTROYED" // The container was terminated.
    "SHARED_HOST" // The container shares the network with the server.
    "RESOURCE_LIMIT" // The number of resources to be isolated exceeds the limit.
    "UNKNOW" // The reason is unknown.
    ContainerIsolateOperationSrc String Container isolation operation source
    ContainerStatus String Container status
    RUNNING: Running.
    PAUSED: Paused.
    STOPPED: Stopped.
    CREATED: Created.
    DESTROYED: Terminated.
    RESTARTING: Restarting.
    REMOVING: Removing.
    NodeType String Node type. Values: NORMAL (general node), SUPER (super node).
    ClusterID String Cluster ID
    PodIP String Pod IP
    NodeUniqueID String Unique node ID
    PublicIP String Node public IP
    NodeID String Node ID
    HostID String uuid
    HostIP String Private IP of the node
    ClusterName String Cluster name

    RiskSyscallWhiteListBaseInfo

    Information of the allowlist of high-risk syscalls

    Used by actions: DescribeRiskSyscallWhiteLists.

    Name Type Description
    Id String Allowed item ID
    ImageCount Integer Number of images
    ProcessPath String Connection process path
    SyscallNames Array of String List of syscall names
    CreateTime Timestamp Creation time
    UpdateTime Timestamp Update time
    IsGlobal Boolean Whether it is allowed globally. true: Yes.
    ImageIds Array of String Array of image IDs

    RiskSyscallWhiteListInfo

    Information of the allowlist of high-risk syscalls

    Used by actions: AddEditRiskSyscallWhiteList, DescribeRiskSyscallWhiteListDetail.

    Name Type Required Description
    ImageIds Array of String Yes Array of image IDs. An empty array indicates all.
    SyscallNames Array of String No Syscall name. The DescribeRiskSyscallNames API can be called to get the list of enumerated values.
    ProcessPath String No Target process
    Id String No Allowed item ID, which is empty if the item is newly created.

    RuleBaseInfo

    Runtime security - Basic policy information

    Used by actions: DescribeAbnormalProcessRules, DescribeAccessControlRules.

    Name Type Description
    IsDefault Boolean Valid values: true (default policy); false (custom policy).
    EffectImageCount Integer Number of associated images
    RuleId String Policy ID
    UpdateTime String Policy update time, which can be empty.
    Note: This field may return null, indicating that no valid values can be obtained.
    RuleName String Policy name
    EditUserName String Name of the editing user
    IsEnable Boolean Valid values: true (enable the policy); false (disable the policy).

    RunTimeEventBaseInfo

    Runtime security - Basic event information

    Used by actions: DescribeAbnormalProcessDetail, DescribeAccessControlDetail, DescribeEscapeEventDetail, DescribeReverseShellDetail, DescribeRiskSyscallDetail.

    Name Type Description
    EventId String Unique event ID
    FoundTime Timestamp Event discovery time
    ContainerId String Container ID
    ContainerName String Container name
    ImageId String Image ID
    ImageName String Image name
    NodeName String Node name
    Status String Status. EVENT_UNDEAL: Pending.
    EVENT_DEALED: Processed.
    EVENT_INGNORE: Ignored.
    EventName String Event name:
    Host file access escape
    Syscall escape
    Mount namespace escape
    Program privilege escalation escape
    Privileged container startup escape
    Sensitive path mount
    Malicious process startup
    File tampering
    EventType String Event type
    ESCAPE_HOST_ACESS_FILE: Host file access escape.
    ESCAPE_MOUNT_NAMESPACE: Mount namespace escape.
    ESCAPE_PRIVILEDGE: Program privilege escalation escape.
    ESCAPE_PRIVILEDGE_CONTAINER_START: Privileged container startup escape.
    ESCAPE_MOUNT_SENSITIVE_PTAH: Sensitive path mount.
    ESCAPE_SYSCALL: Syscall escape.
    EventCount Integer Number of events
    LatestFoundTime String Last generation time
    HostIP String Private IP
    Note: This field may return null, indicating that no valid values can be obtained.
    ClientIP String Public IP
    Note: This field may return null, indicating that no valid values can be obtained.
    ContainerNetStatus String Network status
    NORMAL: Not isolated.
    ISOLATED: Isolated.
    ISOLATING: Isolating.
    ISOLATE_FAILED: Isolation failed.
    RESTORING: Recovering.
    RESTORE_FAILED: Recovery failed.
    Note: This field may return null, indicating that no valid values can be obtained.
    ContainerNetSubStatus String Sub-status of the container
    "AGENT_OFFLINE" // The agent is offline.
    "NODE_DESTROYED" // The node is terminated.
    "CONTAINER_EXITED" // The container exited.
    "CONTAINER_DESTROYED" // The container was terminated.
    "SHARED_HOST" // The container shares the network with the server.
    "RESOURCE_LIMIT" // The number of resources to be isolated exceeds the limit.
    "UNKNOW" // The reason is unknown.
    Note: This field may return null, indicating that no valid values can be obtained.
    ContainerIsolateOperationSrc String Container isolation operation source
    Note: This field may return null, indicating that no valid values can be obtained.
    NodeID String Node ID
    NodeType String Node type. Valid values: NORMAL (general node), SUPER (super node)
    NodeSubNetID String Node subnet ID
    NodeSubNetName String Node subnet name
    NodeSubNetCIDR String Subnet IP range
    PodName String Pod name
    PodIP String Pod IP
    PodStatus String Pod status
    ClusterID String Cluster ID
    ClusterName String Cluster name
    NodeUniqueID String Unique node ID
    HostID String uuid
    Namespace String
    WorkloadType String

    RunTimeFilters

    TCSS
    Key-value pair filter for conditional filtering queries, such as filter ID, name, and status
    If more than one filter exists, the logical relationship between these filters is AND.
    If multiple values exist in one filter, the logical relationship between these values is OR.

    Used by actions: CreateAbnormalProcessRulesExportJob, CreateAccessControlsRuleExportJob, CreateDefenceVulExportJob, CreateEmergencyVulExportJob, CreateEscapeEventsExportJob, CreateEscapeWhiteListExportJob, CreateImageExportJob, CreateK8sApiAbnormalEventExportJob, CreateK8sApiAbnormalRuleExportJob, CreateRiskDnsEventExportJob, CreateSystemVulExportJob, CreateVulContainerExportJob, CreateVulDefenceEventExportJob, CreateVulDefenceHostExportJob, CreateVulImageExportJob, CreateWebVulExportJob, DescribeAbnormalProcessEvents, DescribeAbnormalProcessEventsExport, DescribeAbnormalProcessRules, DescribeAbnormalProcessRulesExport, DescribeAccessControlEvents, DescribeAccessControlEventsExport, DescribeAccessControlRules, DescribeAccessControlRulesExport, DescribeAssetClusterList, DescribeAssetImageBindRuleInfo, DescribeEmergencyVulList, DescribeEscapeEventInfo, DescribeEscapeEventsExport, DescribeEscapeWhiteList, DescribeExportJobManageList, DescribeImageSimpleList, DescribeK8sApiAbnormalEventList, DescribeK8sApiAbnormalRuleList, DescribeK8sApiAbnormalRuleScopeList, DescribeReverseShellEvents, DescribeReverseShellEventsExport, DescribeReverseShellWhiteLists, DescribeRiskSyscallEvents, DescribeRiskSyscallEventsExport, DescribeRiskSyscallWhiteLists, DescribeScanIgnoreVulList, DescribeSecLogJoinObjectList, DescribeSupportDefenceVul, DescribeSystemVulList, DescribeVirusAutoIsolateSampleList, DescribeVirusList, DescribeVirusTaskList, DescribeVulContainerList, DescribeVulDefenceEvent, DescribeVulDefenceHost, DescribeVulDefencePlugin, DescribeVulImageList, DescribeVulScanLocalImageList, DescribeVulSummary, DescribeWebVulList, ExportVirusList.

    Name Type Required Description
    Name String Yes Filter name
    Values Array of String Yes One or more filter values
    ExactMatch Boolean No Whether to use fuzzy query

    RunTimeRiskInfo

    Runtime risk information

    Used by actions: DescribeImageRiskSummary.

    Name Type Description
    Cnt Integer Number
    Level String Risk level:
    CRITICAL: Critical.
    HIGH: High.
    MEDIUM: Medium.
    LOW: Low.

    RunTimeTendencyInfo

    Runtime trend information

    Used by actions: DescribeImageRiskTendency, DescribeSecEventsTendency, DescribeVulTendency.

    Name Type Description
    CurTime Date The time of the day
    Cnt Integer Current quantity

    ScanIgnoreVul

    Scan for ignored vulnerabilities

    Used by actions: DescribeScanIgnoreVulList.

    Name Type Description
    VulName String Vulnerability name
    CVEID String Vulnerability CVE ID
    PocID String POC ID
    RegistryImageCount Integer Number of ignored repository images
    UpdateTime String Update time
    IsIgnoreAll Integer Whether to ignore all images. Valid values: 0 (no); 1 (yes).
    LocalImageCount Integer Number of ignored local images

    SearchTemplate

    Quick search template

    Used by actions: CreateSearchTemplate, DescribeSearchTemplates.

    Name Type Required Description
    Name String Yes Search name
    LogType String Yes Search index type
    Condition String Yes Search statement
    TimeRange String Yes Time range
    Query String Yes Converted search statement content
    Flag String Yes Search method. Valid values: standard (search in the search box); simple (search by filter).
    DisplayData String Yes Displayed data
    Id Integer No Rule ID

    SecLogAlertMsgInfo

    Security log alert message

    Used by actions: DescribeSecLogAlertMsg.

    Name Type Description
    MsgType String Alert type
    MsgValue String Alert value
    State Boolean Status. Valid values: 0 (disabled); 1 (enabled).

    SecLogDeliveryClsSettingInfo

    Security log - Settings of delivery to CLS

    Used by actions: DescribeSecLogDeliveryClsSetting, ModifySecLogDeliveryClsSetting.

    Name Type Required Description
    LogType String Yes Log type
    State Boolean Yes Delivery status. Valid values: true (enabled); false (disabled).
    Region String Yes Region
    LogSet String Yes Logset
    TopicID String Yes Topic ID
    LogSetName String No Logset name
    Note: This field may return null, indicating that no valid values can be obtained.
    TopicName String No Topic name
    Note: This field may return null, indicating that no valid values can be obtained.

    SecLogDeliveryKafkaSettingInfo

    Settings of security log delivery to Kafka

    Used by actions: DescribeSecLogDeliveryKafkaSetting, ModifySecLogDeliveryKafkaSetting.

    Name Type Required Description
    LogType String Yes Log type
    TopicID String Yes Topic ID
    TopicName String Yes Topic name
    Note: This field may return null, indicating that no valid values can be obtained.
    State Boolean Yes Delivery status. Valid values: false (disabled); true (enabled).

    SecLogJoinInfo

    Security log access details

    Used by actions: DescribeSecLogJoinTypeList.

    Name Type Description
    Count Integer Number of connected general nodes
    SuperNodeCount Integer Number of connected super nodes
    IsJoined Boolean Whether it is accessed. Valid values: true (accessed); false (not accessed).
    LogType String Log type (
    Container bash: "container_bash"
    Container startup: "container_launch"
    K8s API: "k8s_api"
    )

    SecLogJoinObjectInfo

    Details of the accessed security log object

    Used by actions: DescribeSecLogJoinObjectList.

    Name Type Description
    HostID String Server ID
    HostName String Server name
    Note: This field may return null, indicating that no valid values can be obtained.
    HostIP String Server IP
    Note: This field may return null, indicating that no valid values can be obtained.
    HostStatus String Server status
    ClusterID String Cluster ID
    Note: This field may return null, indicating that no valid values can be obtained.
    ClusterName String Cluster name
    Note: This field may return null, indicating that no valid values can be obtained.
    PublicIP String Public IP
    Note: This field may return null, indicating that no valid values can be obtained.
    JoinState Boolean Access status. Valid values: true (accessed); false (not accessed).
    ClusterVersion String Cluster version
    Note: This field may return null, indicating that no valid values can be obtained.
    ClusterMainAddress String Master node address of the cluster

    SecTendencyEventInfo

    Trend information of security events at runtime

    Used by actions: DescribeSecEventsTendency.

    Name Type Description
    EventSet Array of RunTimeTendencyInfo List of trends
    EventType String Event type:
    ET_ESCAPE: Container escape
    ET_REVERSE_SHELL: Reverse shell
    ET_RISK_SYSCALL: High-risk system calls
    ET_ABNORMAL_PROCESS: Abnormal process
    ET_ACCESS_CONTROL: File tampering
    ET_VIRUS: Trojan event
    ET_MALICIOUS_CONNECTION: Malicious connection event

    ServiceInfo

    Information list of TCSS

    Used by actions: DescribeAssetAppServiceList, DescribeAssetDBServiceList, DescribeAssetWebServiceList.

    Name Type Description
    ServiceID String Service ID
    HostID String Server ID
    HostIP String Server IP
    ContainerName String Container name
    Type String Service name, such as nginx and redis
    Version String Version
    RunAs String Account
    Listen Array of String Listened port
    Config String Configuration
    ProcessCnt Integer Number of associated processes
    AccessLog String Access log
    ErrorLog String Error log
    DataPath String Data directory
    WebRoot String Web directory
    Pids Array of Integer ID of the associated process
    MainType String Service type. Valid values: app, web, db.
    Exe String Execution file
    Parameter String Service command line parameter
    ContainerId String Container ID
    HostName String Server name
    PublicIp String Public IP
    NodeID String Node ID
    PodIP String Pod IP
    PodName String Pod name
    NodeType String Node type.
    NodeUniqueID String UID of the super node

    SoftQuotaDayInfo

    Pay-as-you-go billing details

    Used by actions: DescribePostPayDetail.

    Name Type Description
    PayTime String Deduction time
    CoresCnt Integer Number of billed cores

    SupportDefenceVul

    Vulnerability that can be prevented

    Used by actions: DescribeSupportDefenceVul.

    Name Type Description
    PocID String POC ID
    Name String Vulnerability name
    Tags Array of String Vulnerability tag
    CVSSV3Score Float Vulnerability CVSS
    Level String Vulnerability severity
    CVEID String Vulnerability CVE ID
    SubmitTime String Vulnerability disclosure time

    TagInfo

    Host tag information

    Used by actions: DescribeAssetHostDetail, DescribeAssetHostList.

    Name Type Description
    TagKey String Tag key
    TagValue String Tag value

    UnauthorizedCoresTendency

    Trend of unlicensed cores

    Used by actions: DescribeUnauthorizedCoresTendency.

    Name Type Description
    DateTime String Date
    CoresCount Integer Number of unlicensed cores

    VirusAutoIsolateSampleInfo

    Information of the automatically isolated trojan sample

    Used by actions: DescribeVirusAutoIsolateSampleList.

    Name Type Description
    MD5 String MD5 checksum of the file
    VirusName String Virus name
    ModifyTime Timestamp ISO8601 Last edit time
    AutoIsolateSwitch Boolean Automatic isolation switch. Valid values: true (on); false (off).

    VirusInfo

    List of trojans at runtime

    Used by actions: DescribeVirusList.

    Name Type Description
    FileName String Filename
    FilePath String File path
    VirusName String Virus name
    CreateTime String Creation time
    ModifyTime String Update time
    ContainerName String Container name
    ContainerId String Container ID
    ContainerStatus String Container status
    RUNNING: Running.
    PAUSED: Paused.
    STOPPED: Stopped.
    CREATED: Created.
    DESTROYED: Terminated.
    RESTARTING: Restarting.
    REMOVING: Removing.
    ImageName String Image name
    ImageId String Image ID
    Status String DEAL_NONE: Pending.
    DEAL_IGNORE: Ignored.
    DEAL_ADD_WHITELIST: Allowed.
    DEAL_DEL: Deleted.
    DEAL_ISOLATE: Isolated.
    DEAL_ISOLATING: Isolating.
    DEAL_ISOLATE_FAILED: Isolation failed.
    DEAL_RECOVERING: Recovering.
    DEAL_RECOVER_FAILED: Recovery failed.
    Id String Event ID
    HarmDescribe String Event description
    SuggestScheme String Solution
    SubStatus String Sub-status of the failure:
    FILE_NOT_FOUND: The file does not exist.
    FILE_ABNORMAL: The file is abnormal.
    FILE_ABNORMAL_DEAL_RECOVER: The file is abnormal when recovered.
    BACKUP_FILE_NOT_FOUND: The backup file does not exist.
    CONTAINER_NOT_FOUND_DEAL_ISOLATE: The container does not exist during isolation.
    CONTAINER_NOT_FOUND_DEAL_RECOVER: The container does not exist during recovery.
    TIMEOUT: Timed out.
    TOO_MANY: Too many tasks.
    OFFLINE: Offline.
    INTERNAL: Internal service error.
    VALIDATION: Invalid parameter.
    ContainerNetStatus String Network status
    NORMAL: Not isolated.
    ISOLATED: Isolated.
    ISOLATING: Isolating.
    ISOLATE_FAILED: Isolation failed.
    RESTORING: Recovering.
    RESTORE_FAILED: Recovery failed.
    ContainerNetSubStatus String Sub-status of the container
    "AGENT_OFFLINE" // The agent is offline.
    "NODE_DESTROYED" // The node is terminated.
    "CONTAINER_EXITED" // The container exited.
    "CONTAINER_DESTROYED" // The container was terminated.
    "SHARED_HOST" // The container shares the network with the server.
    "RESOURCE_LIMIT" // The number of resources to be isolated exceeds the limit.
    "UNKNOW" // The reason is unknown.
    ContainerIsolateOperationSrc String Container isolation operation source
    MD5 String MD5 checksum
    Note: This field may return null, indicating that no valid values can be obtained.
    RiskLevel String Risk level. Valid values: RISK_CRITICAL, RISK_HIGH, RISK_MEDIUM, RISK_LOW, RISK_NOTICE.
    Note: This field may return null, indicating that no valid values can be obtained.
    CheckPlatform Array of String Check platform
    1: Tencent Cloud Security Engine.
    2: tav.
    3: binaryAi.
    4: Unusual behavior.
    5: Threat intelligence.
    Note: This field may return null, indicating that no valid values can be obtained.
    NodeID String Node ID.
    NodeName String Node name
    PodIP String Pod IP
    PodName String Pod (instance) name
    ClusterID String ID of the cluster where the node resides
    NodeType String Node type. Values: NORMAL (general node), SUPER (super node).
    PublicIP String Public IP of the node
    InnerIP String Node private IP
    NodeUniqueID String UID of the node
    HostID String ID for the general node
    ClusterName String Cluster name

    VirusTaskInfo

    List of containers in the virus scanning task at runtime

    Used by actions: DescribeVirusTaskList.

    Name Type Description
    ContainerName String Container name
    ContainerId String Container ID
    ImageName String Image name
    ImageId String Image ID
    HostName String Node name
    HostIp String Private IP of the node
    Status String Scanning status:
    WAIT: Pending scanning.
    FAILED: Failed.
    SCANNING: Scanning.
    FINISHED: Ended.
    CANCELING: Canceling.
    CANCELED: Canceled.
    CANCEL_FAILED: Failed to cancel.
    StartTime String Check start time
    EndTime String Check end time
    RiskCnt Integer Number of risks
    Id String Event ID
    ErrorMsg String Cause:
    SEND_SUCCESSED: Task submitted.
    SCAN_WAIT: Waiting to scan...
    OFFLINE: Offline.
    SEND_FAILED: Failed to deploy.
    TIMEOUT: Timed out.
    LOW_AGENT_VERSION: The Agent version is too old.
    AGENT_NOT_FOUND: The image's agent doesn't exist.
    TOO_MANY: Too many tasks.
    VALIDATION: Invalid parameter.
    INTERNAL: Internal service error.
    MISC: Other errors.
    UNAUTH: The image is not assigned with a license.
    SEND_CANCEL_SUCCESSED: Task submitted.
    NodeType String Node type. Values: NORMAL (general node), SUPER (super node).
    PublicIP String Public IP of the node
    NodeID String Node ID

    VirusTendencyInfo

    Trojan trend details

    Used by actions: DescribeVirusEventTendency.

    Name Type Description
    Date Date Date
    PendingEventCount Integer Total number of pending events
    RiskContainerCount Integer Total number of containers at risk
    EventCount Integer Total number of events
    IsolateEventCount Integer Total number of isolated events

    VulAffectedComponentInfo

    Information of the component affected by the vulnerability

    Used by actions: DescribeVulDetail.

    Name Type Description
    Name String Component name
    Note: This field may return null, indicating that no valid values can be obtained.
    Version Array of String Component version
    Note: This field may return null, indicating that no valid values can be obtained.
    FixedVersion Array of String Fixed component version
    Note: This field may return null, indicating that no valid values can be obtained.

    VulAffectedContainerInfo

    Information of the container affected by the vulnerability

    Used by actions: DescribeVulContainerList.

    Name Type Description
    HostIP String Private IP
    ContainerID String Container ID
    ContainerName String Container name
    PodName String Pod name
    PodIP String Pod IP
    HostName String Server name
    HostID String Server ID
    PublicIP String Public IP
    ClusterID String Cluster ID
    ClusterName String Cluster name
    NodeType String Node type. Values: NORMAL (general node), SUPER (super node).
    NodeUniqueID String UID of a super node
    NodeID String ID of a super node
    NodeName String Super node name

    VulAffectedImageComponentInfo

    Information of the component affected by the vulnerability

    Used by actions: DescribeVulImageList, DescribeVulRegistryImageList.

    Name Type Description
    Name String Component name
    Note: This field may return null, indicating that no valid values can be obtained.
    Version String Component version
    Note: This field may return null, indicating that no valid values can be obtained.
    FixedVersion String Fixed component version
    Note: This field may return null, indicating that no valid values can be obtained.
    Path String Component path
    Note: This field may return null, indicating that no valid values can be obtained.

    VulAffectedImageInfo

    Information of the image affected by the vulnerability

    Used by actions: DescribeVulImageList.

    Name Type Description
    ImageID String Image ID
    ImageName String Image name
    HostCount Integer Number of associated servers
    ContainerCount Integer Number of associated containers
    ComponentList Array of VulAffectedImageComponentInfo List of components

    VulAffectedRegistryImageInfo

    This API is used to query the list of repository images affected by a specific vulnerability.

    Used by actions: DescribeVulRegistryImageList.

    Name Type Description
    ImageID String Image ID
    ImageName String Image name
    ImageTag String Image tag
    Namespace String Image namespace
    ImageRepoAddress String Image address
    ComponentList Array of VulAffectedImageComponentInfo List of components
    IsLatestImage Boolean Whether it is the latest image tag
    ImageAssetId Integer Internal image asset ID

    VulDefenceEvent

    Exploit prevention event details

    Used by actions: DescribeVulDefenceEvent.

    Name Type Description
    CVEID String Vulnerability CVE ID
    VulName String Vulnerability name
    PocID String POC ID
    EventType String Intrusion status
    SourceIP String Attacker IP
    City String Region of the attacker IP
    EventCount Integer Number of events
    ContainerID String Container ID
    ContainerName String Container name
    ImageID String Image ID
    ImageName String Image name
    Status String Processing status
    EventID Integer Event ID
    CreateTime String First discovery time
    Note: This field may return null, indicating that no valid values can be obtained.
    ContainerNetStatus String Isolation status
    NORMAL: Not isolated.
    ISOLATED: Isolated.
    ISOLATING: Isolating.
    ISOLATE_FAILED: Isolation failed.
    RESTORING: Recovering.
    RESTORE_FAILED: Recovery failed.
    MergeTime String Last discovery time
    Note: This field may return null, indicating that no valid values can be obtained.
    ContainerStatus String Container status
    RUNNING: Running.
    PAUSED: Paused.
    STOPPED: Stopped.
    CREATED: Created.
    DESTROYED: Terminated.
    RESTARTING: Restarting.
    REMOVING: Removing.
    Note: This field may return null, indicating that no valid values can be obtained.
    ContainerNetSubStatus String Sub-status of the container
    "AGENT_OFFLINE" // The agent is offline.
    "NODE_DESTROYED" // The node is terminated.
    "CONTAINER_EXITED" // The container exited.
    "CONTAINER_DESTROYED" // The container was terminated.
    "SHARED_HOST" // The container shares the network with the server.
    "RESOURCE_LIMIT" // The number of resources to be isolated exceeds the limit.
    "UNKNOW" // The reason is unknown.
    Note: This field may return null, indicating that no valid values can be obtained.
    ContainerIsolateOperationSrc String Container isolation operation source
    Note: This field may return null, indicating that no valid values can be obtained.
    QUUID String Node QUuid/Super node ID
    Note: This field may return·null, indicating that no valid values can be obtained.
    HostIP String Server private IP
    Note: This field may return null, indicating that no valid values can be obtained.
    HostName String General node/Super node name
    Note: This field may return·null, indicating that no valid values can be obtained.
    NodeType String Node type. Values: NORMAL (general node), SUPER (super node).
    PublicIP String Public IP
    NodeUniqueID String UID of a super node
    NodeID String ID of a super node
    ClusterID String Cluster ID
    ClusterName String Cluster name

    VulDefenceEventDetail

    Exploit prevention event details

    Used by actions: DescribeVulDefenceEventDetail.

    Name Type Description
    CVEID String Vulnerability CVE ID
    VulName String Vulnerability name
    PocID String POC ID
    EventType String Intrusion status
    SourceIP String Attacker IP
    City String Region of the attacker IP
    EventCount Integer Number of events
    ContainerID String Container ID
    ContainerName String Container name
    ImageID String Image ID
    ImageName String Image name
    Status String Processing status
    SourcePort Array of String Attacker port
    EventID Integer Event ID
    HostName String General node/Super node name
    HostIP String Server private IP
    PublicIP String Server public IP
    PodName String Pod name
    Description String Harm description
    OfficialSolution String Fix suggestion
    NetworkPayload String Attack packet
    PID Integer Process PID
    Note: This field may return null, indicating that no valid values can be obtained.
    MainClass String Main class name of the process
    Note: This field may return null, indicating that no valid values can be obtained.
    StackTrace String Stack information
    Note: This field may return null, indicating that no valid values can be obtained.
    ServerAccount String Listened account
    Note: This field may return null, indicating that no valid values can be obtained.
    ServerPort String Listened port
    Note: This field may return null, indicating that no valid values can be obtained.
    ServerExe String Process path
    Note: This field may return null, indicating that no valid values can be obtained.
    ServerArg String Process command line parameter
    Note: This field may return null, indicating that no valid values can be obtained.
    QUUID String Node QUuid/Super node ID
    Note: This field may return·null, indicating that no valid values can be obtained.
    ContainerNetStatus String Isolation status
    NORMAL: Not isolated.
    ISOLATED: Isolated.
    ISOLATING: Isolating.
    ISOLATE_FAILED: Isolation failed.
    RESTORING: Recovering.
    RESTORE_FAILED: Recovery failed.
    Note: This field may return null, indicating that no valid values can be obtained.
    ContainerNetSubStatus String Sub-status of the container
    "AGENT_OFFLINE" // The agent is offline.
    "NODE_DESTROYED" // The node is terminated.
    "CONTAINER_EXITED" // The container exited.
    "CONTAINER_DESTROYED" // The container was terminated.
    "SHARED_HOST" // The container shares the network with the server.
    "RESOURCE_LIMIT" // The number of resources to be isolated exceeds the limit.
    "UNKNOW" // The reason is unknown.
    Note: This field may return null, indicating that no valid values can be obtained.
    ContainerIsolateOperationSrc String Container isolation operation source
    Note: This field may return null, indicating that no valid values can be obtained.
    ContainerStatus String Container status
    RUNNING: Running.
    PAUSED: Paused.
    STOPPED: Stopped.
    CREATED: Created.
    DESTROYED: Terminated.
    RESTARTING: Restarting.
    REMOVING: Removing.
    Note: This field may return null, indicating that no valid values can be obtained.
    JNDIUrl String API URL
    Note: This field may return null, indicating that no valid values can be obtained.
    RaspDetail Array of RaspInfo RASP details
    Note: This field may return null, indicating that no valid value was found.
    NodeSubNetName String Super node subnet name
    NodeSubNetCIDR String Super node subnet IP range
    PodIP String Pod IP
    NodeType String Node type. Values: NORMAL (general node), SUPER (super node).
    NodeID String ID of a super node
    NodeUniqueID String UID of a super node
    NodeSubNetID String Super node subnet ID
    ClusterID String Cluster ID
    ClusterName String Cluster name
    Namespace String
    WorkloadType String

    VulDefenceEventTendency

    Trend of exploit prevention events

    Used by actions: DescribeVulDefenceEventTendency.

    Name Type Description
    Date Date Date
    EventCount Integer Number of events

    VulDefenceHost

    Information of the server with exploit prevention enabled

    Used by actions: DescribeVulDefenceHost.

    Name Type Description
    HostName String General node/Super node name
    HostIP String Server IP, which is the private IP
    HostID String Node QUuid/Super node ID
    Status String Plugin status. Valid values: SUCCESS (normal); FAIL (abnormal); NO_DEFENDED (not defended).
    PublicIP String Public IP
    CreateTime String First enablement time
    ModifyTime String Update time
    NodeType String Node type. Values: NORMAL (general node), SUPER (super node).
    NodeSubNetName String Super node subnet name
    NodeSubNetCIDR String Super node subnet IP range
    NodeSubNetID String Super node subnet ID
    NodeUniqueID String UID of a super node
    NodeID String ID of a super node
    PodIP String Pod IP
    PodName String Pod name

    VulDefencePlugin

    Vulnerability protection plugin information

    Used by actions: DescribeVulDefencePlugin.

    Name Type Description
    PID Integer PID of the Java process
    MainClass String Main class name of the process
    Status String Plugin status. Valid values: INJECTING (injecting); SUCCESS (injected successfully); FAIL (injection failed); TIMEOUT (plugin timed out); QUIT (plugin exited).
    ErrorLog String Error log

    VulDetailInfo

    Vulnerability details

    Used by actions: DescribeVulDetail.

    Name Type Description
    CVEID String CVE No.
    Name String Vulnerability name
    Tags Array of String Vulnerability tag
    Note: This field may return null, indicating that no valid values can be obtained.
    CategoryType String Vulnerability type
    Note: This field may return null, indicating that no valid values can be obtained.
    Level String Vulnerability severity
    Note: This field may return null, indicating that no valid values can be obtained.
    SubmitTime String Vulnerability disclosure time
    Note: This field may return null, indicating that no valid values can be obtained.
    Description String Vulnerability description
    CVSSV3Desc String CVSS V3 description
    OfficialSolution String Vulnerability fix suggestion
    DefenseSolution String Mitigation measure
    Reference Array of String Reference link
    CVSSV3Score Float CVSS V3 score
    ComponentList Array of VulAffectedComponentInfo List of components affected by vulnerabilities
    LocalImageCount Integer Number of affected local images
    ContainerCount Integer Number of affected containers
    RegistryImageCount Integer Number of affected repository images
    Category String Vulnerability sub-category
    LocalNewestImageCount Integer Number of affected local images on the latest version
    RegistryNewestImageCount Integer Number of affected repository images on the latest version
    PocID String POC ID
    DefenceStatus String Defense status. Valid values: NO_DEFENDED, DEFENDED.
    Note: This field may return null, indicating that no valid values can be obtained.
    DefenceScope String Scope of servers with exploit prevention enabled. Valid values: MANUAL (specified servers); ALL (all servers).
    Note: This field may return null, indicating that no valid values can be obtained.
    DefenceHostCount Integer Number of servers with exploit prevention enabled
    Note: This field may return null, indicating that no valid values can be obtained.
    DefendedCount Integer Number of attacks defended against
    Note: This field may return null, indicating that no valid values can be obtained.
    ScanStatus String Whether it is scanned. Valid values: NOT_SCAN (not scanned); SCANNED (scanned).
    Note: This field may return null, indicating that no valid values can be obtained.

    VulIgnoreLocalImage

    Local images ignored by the vulnerability scan

    Used by actions: DescribeVulIgnoreLocalImageList.

    Name Type Description
    ID Integer Record ID
    ImageID String Image ID
    ImageName String Image name
    ImageSize Integer Image size
    PocID String POC ID

    VulIgnoreRegistryImage

    Repository images ignored by the vulnerability scan

    Used by actions: DescribeVulIgnoreRegistryImageList.

    Name Type Description
    ID Integer Record ID
    RegistryName String Repository name
    ImageVersion String Image tag
    RegistryPath String Repository address
    ImageID String Image ID
    PocID String POC ID

    VulInfo

    List of vulnerabilities

    Used by actions: DescribeSystemVulList, DescribeWebVulList.

    Name Type Description
    Name String Vulnerability name
    Tags Array of String Vulnerability tag
    Note: This field may return null, indicating that no valid values can be obtained.
    CVSSV3Score Float CVSS V3 score
    Note: This field may return null, indicating that no valid values can be obtained.
    Level String Risk level
    Note: This field may return null, indicating that no valid values can be obtained.
    CVEID String CVE No.
    Category String Vulnerability sub-category
    Note: This field may return null, indicating that no valid values can be obtained.
    FoundTime String First discovery time
    Note: This field may return null, indicating that no valid values can be obtained.
    LatestFoundTime String Last discovery time
    Note: This field may return null, indicating that no valid values can be obtained.
    ID Integer Vulnerability ID
    LocalImageCount Integer Number of affected local images
    ContainerCount Integer Number of affected containers
    Note: This field may return null, indicating that no valid values can be obtained.
    RegistryImageCount Integer Number of affected repository images
    Note: This field may return null, indicating that no valid values can be obtained.
    PocID String POC ID
    Note: This field may return null, indicating that no valid values can be obtained.
    DefenceStatus String Defense status. Valid values: NO_DEFENDED, DEFENDED.
    Note: This field may return null, indicating that no valid values can be obtained.
    DefenceScope String Scope of servers with exploit prevention enabled. Valid values: MANUAL (specified servers); ALL (all servers).
    Note: This field may return null, indicating that no valid values can be obtained.
    DefenceHostCount Integer Number of servers with exploit prevention enabled
    Note: This field may return null, indicating that no valid values can be obtained.
    DefendedCount Integer Number of attacks defended against
    Note: This field may return null, indicating that no valid values can be obtained.

    VulScanImageInfo

    Information of the scanned image

    Used by actions: DescribeVulScanLocalImageList.

    Name Type Description
    ImageID String Image ID
    ImageName String Image name
    Size Float Image size
    ScanStatus String Task status. Valid values: SCANNING (scanning); FAILED (failed); FINISHED (completed); CANCELED (canceled).
    ScanDuration Float Scan duration
    Note: This field may return null, indicating that no valid values can be obtained.
    HighLevelVulCount Integer Number of high-risk vulnerabilities
    MediumLevelVulCount Integer Number of medium-risk vulnerabilities
    LowLevelVulCount Integer Number of low-risk vulnerabilities
    CriticalLevelVulCount Integer Number of critical vulnerabilities
    TaskID Integer ID of the task to scan local images for vulnerabilities
    ScanStartTime String Start time of the vulnerability scan
    ScanEndTime String End time of the vulnerability scan
    ErrorStatus String Cause of the failure. Valid values: TIMEOUT (timeout); TOO_MANY (too many tasks); OFFLINE (offline).

    VulTendencyInfo

    Vulnerability trend information

    Used by actions: DescribeVulTendency.

    Name Type Description
    VulSet Array of RunTimeTendencyInfo List of vulnerability trends
    ImageType String Image type affected by vulnerabilities:
    LOCAL: Local image.
    REGISTRY: Repository image.

    VulTopRankingInfo

    Ranking of top vulnerabilities

    Used by actions: DescribeVulTopRanking.

    Name Type Description
    VulName String Vulnerability name
    Level String Severity. Valid values: CRITICAL (critical); HIGH (high);MIDDLE (medium);LOW (low).
    AffectedImageCount Integer Number of affected images
    AffectedContainerCount Integer Number of affected containers
    ID Integer Vulnerability ID
    PocID String POC ID

    WarningRule

    Alert configuration policy

    Used by actions: AddEditWarningRules, DescribeWarningRules.

    Name Type Required Description
    Type String Yes Alert event type:
    Image repository security - Trojan: IMG_REG_VIRUS.
    Image repository security - Vulnerability: IMG_REG_VUL.
    Image repository security - Sensitive data: IMG_REG_RISK.
    Image security - Trojan: IMG_VIRUS.
    Image security - Vulnerability: IMG_VUL.
    Image security - Sensitive data: IMG_RISK.
    Image security - Image blocking: IMG_INTERCEPT.
    Runtime security - Container escape: RUNTIME_ESCAPE.
    Runtime security - Abnormal process: RUNTIME_FILE.
    Runtime security - Abnormal file access: RUNTIME_PROCESS.
    Runtime security - High-risk syscall: RUNTIME_SYSCALL.
    Runtime security - Reverse shell: RUNTIME_REVERSE_SHELL.
    Runtime security - Trojan: RUNTIME_VIRUS.
    Switch String Yes Switch status:
    ON: On.
    OFF: Off.
    BeginTime String Yes Alert start time in the format of "HH:mm"
    EndTime String Yes Alert end time in the format of "HH:mm"
    ControlBits String Yes Alert level policy control. Each binary bit represents a meaning, and the value is passed as a string.
    The control switch can be high, medium, or low, corresponding to the third, second, and first binary bit, respectively. Valid values: 0 (off); 1 (on).
    For example, if the high and medium levels indicate to enable the alert and the low level indicates to disable it, the binary value is 110.
    If level control does not take effect for the alert type, pass in 1.