Tencent Cloud

Prev Next

search by keyword

Recent Pages

Documentation

Data Types

Last updated: 2024-10-29 22:07:42

ABTestConfig

Canary project configuration

Used by actions: DescribeABTestConfig.

Name	Type	Description
ProjectName	String	Canary project name
Status	Boolean	Valid values: `true` (in canary upgrade); `false` (not in canary upgrade).

AbnormalProcessChildRuleInfo

Container runtime security - Sub-policy information

Used by actions: AddEditAbnormalProcessRule, DescribeAbnormalProcessDetail, DescribeAbnormalProcessRuleDetail.

Name	Type	Required	Description
RuleMode	String	Yes	Policy mode. `RULE_MODE_RELEASE`: Allow. `RULE_MODE_ALERT`: Alert. `RULE_MODE_HOLDUP`: Block.
ProcessPath	String	Yes	Process path
RuleId	String	No	Sub-policy ID Note: This field may return null, indicating that no valid values can be obtained.
RuleLevel	String	No	Severity. Valid values: `HIGH` (high); `MIDDLE` (medium); `LOW` (low). Note: This field may return null, indicating that no valid values can be obtained.

AbnormalProcessEventDescription

Description of the abnormal container process event at runtime

Used by actions: DescribeAbnormalProcessDetail.

Name	Type	Description
Description	String	Event rule
Solution	String	Solution
Remark	String	Event remarks Note: This field may return null, indicating that no valid values can be obtained.
MatchRule	AbnormalProcessChildRuleInfo	Details of the hit rule
RuleName	String	Name of the hit rule. Valid values: `PROXY_TOOL` (proxy); `TRANSFER_CONTROL` (lateral movement); `ATTACK_CMD` (malicious command); `REVERSE_SHELL` (reverse shell); `FILELESS` (fileless execution); `RISK_CMD` (high-risk command); `ABNORMAL_CHILD_PROC` (unusual start found in the child process of the sensitive service); `USER_DEFINED_RULE` (custom rule).
RuleId	String	ID of the hit rule
OperationTime	String	Last processing time of the event Note: This field may return null, indicating that no valid values can be obtained.
GroupName	String	Name of the hit policy. Valid values: `SYSTEM_DEFINED_RULE` (preset policy); name of the custom policy. Note: This field may return null, indicating that no valid values can be obtained.

AbnormalProcessEventInfo

Container runtime security - Information of the abnormal process

Used by actions: DescribeAbnormalProcessEvents.

Name	Type	Description
ProcessPath	String	Process directory
EventType	String	Event type. `MALICE_PROCESS_START`: Malicious process startup.
MatchRuleName	String	Name of the hit rule. Valid values: `PROXY_TOOL` (proxy); `TRANSFER_CONTROL` (lateral movement); `ATTACK_CMD` (malicious command); `REVERSE_SHELL` (reverse shell); `FILELESS` (fileless execution); `RISK_CMD` (high-risk command); `ABNORMAL_CHILD_PROC` (unusual start found in the child process of the sensitive service); `USER_DEFINED_RULE` (custom rule).
FoundTime	Timestamp	Generation time
ContainerName	String	Container name
ImageName	String	Image name
Behavior	String	Action execution result. `BEHAVIOR_NONE`: None. `BEHAVIOR_ALERT`: Alert. `BEHAVIOR_RELEASE`: Allow. `BEHAVIOR_HOLDUP_FAILED`: Failed to block. `BEHAVIOR_HOLDUP_SUCCESSED`: Blocked.
Status	String	Status. `EVENT_UNDEAL`: Pending. `EVENT_DEALED`: Processed. `EVENT_INGNORE`: Ignored.
Id	String	Unique event ID
ImageId	String	Image ID, which is used for redirect.
ContainerId	String	Container ID, which is used for redirect.
Solution	String	Event solution
Description	String	Event description
MatchRuleId	String	Hit policy ID
MatchAction	String	Action of the hit rule: `RULE_MODE_RELEASE`: Allow. `RULE_MODE_ALERT`: Alert. `RULE_MODE_HOLDUP`: Block.
MatchProcessPath	String	Information of the process that hits the rule
RuleExist	Boolean	Whether the rule exists
EventCount	Integer	Number of events
LatestFoundTime	Timestamp	Last generation time
RuleId	String	Rule group ID
MatchGroupName	String	Name of the hit policy. Valid values: `SYSTEM_DEFINED_RULE` (preset policy); name of the custom policy.
MatchRuleLevel	String	Level of the hit rule. Valid values: `HIGH` (high); `MIDDLE` (medium); `LOW` (low).
ContainerNetStatus	String	Network status `NORMAL`: Not isolated. `ISOLATED`: Isolated. `ISOLATING`: Isolating. `ISOLATE_FAILED`: Isolation failed. `RESTORING`: Recovering. `RESTORE_FAILED`: Recovery failed. Note: This field may return null, indicating that no valid values can be obtained.
ContainerNetSubStatus	String	Sub-status of the container "AGENT_OFFLINE" // The agent is offline. "NODE_DESTROYED" // The node is terminated. "CONTAINER_EXITED" // The container exited. "CONTAINER_DESTROYED" // The container was terminated. "SHARED_HOST" // The container shares the network with the server. "RESOURCE_LIMIT" // The number of resources to be isolated exceeds the limit. "UNKNOW" // The reason is unknown. Note: This field may return null, indicating that no valid values can be obtained.
ContainerIsolateOperationSrc	String	Container isolation operation source Note: This field may return null, indicating that no valid values can be obtained.
ContainerStatus	String	Container status `RUNNING`: Running. `PAUSED`: Paused. `STOPPED`: Stopped. `CREATED`: Created. `DESTROYED`: Terminated. `RESTARTING`: Restarting. `REMOVING`: Removing.
ClusterID	String	Cluster ID
NodeType	String	Node type. Values: `NORMAL` (general node), `SUPER` (super node).
PodName	String	Pod name
PodIP	String	Pod IP
NodeUniqueID	String	Cluster ID
PublicIP	String	Node public IP
NodeName	String	Node name
NodeID	String	Node ID
HostID	String	uuid
HostIP	String	Private IP of the node
ClusterName	String	Cluster name

AbnormalProcessEventTendencyInfo

Trend of pending abnormal process events

Used by actions: DescribeAbnormalProcessEventTendency.

Name	Type	Description
Date	Date	Date
ProxyToolEventCount	Integer	Number of pending proxy events
TransferControlEventCount	Integer	Number of pending lateral movement events
AttackCmdEventCount	Integer	Number of pending malicious command events
ReverseShellEventCount	Integer	Number of pending reverse shell events
FilelessEventCount	Integer	Number of pending fileless execution events
RiskCmdEventCount	Integer	Number of pending high-risk command events
AbnormalChildProcessEventCount	Integer	Number of pending events of unusual startups found in the child process of the sensitive service
UserDefinedRuleEventCount	Integer	Number of pending custom rule events

AbnormalProcessRuleInfo

Runtime security - Abnormal process detection policy

Used by actions: AddEditAbnormalProcessRule, DescribeAbnormalProcessRuleDetail.

Name	Type	Required	Description
IsEnable	Boolean	Yes	Valid values: `true` (enabled); `false` (disabled).
ImageIds	Array of String	Yes	IDs of associated images. An empty array indicates all images.
ChildRules	Array of AbnormalProcessChildRuleInfo	Yes	Array of sub-policies of the user policy
RuleName	String	Yes	Policy name
RuleId	String	No	Policy ID Note: This field may return null, indicating that no valid values can be obtained.
SystemChildRules	Array of AbnormalProcessSystemChildRuleInfo	No	Array of sub-policies of the preset policy
IsDefault	Boolean	No	Whether it is the default preset policy

AbnormalProcessSystemChildRuleInfo

Information of the sub-policy of the preset policy for abnormal processes

Used by actions: AddEditAbnormalProcessRule, DescribeAbnormalProcessRuleDetail.

Name	Type	Required	Description
RuleId	String	Yes	Sub-policy ID
IsEnable	Boolean	Yes	Sub-policy status. Valid values: `true` (enabled); `false` (disabled).
RuleMode	String	Yes	Policy mode. `RULE_MODE_RELEASE`: Allow. `RULE_MODE_ALERT`: Alert. `RULE_MODE_HOLDUP`: Block.
RuleType	String	Yes	Behavior type detected by the sub-policy `PROXY_TOOL`: Proxy. `TRANSFER_CONTROL`: Lateral movement. `ATTACK_CMD`: Malicious command. `REVERSE_SHELL`: Reverse shell. `FILELESS`: Fileless execution. `RISK_CMD`: High-risk command. `ABNORMAL_CHILD_PROC`: Unusual start found in the child process of the sensitive service.
RuleLevel	String	No	Severity. Valid values: `HIGH` (high); `MIDDLE` (medium); `LOW` (low). Note: This field may return null, indicating that no valid values can be obtained.

AccessControlChildRuleInfo

Container runtime security - Information of the access control sub-policy

Used by actions: AddEditAccessControlRule, DescribeAccessControlDetail, DescribeAccessControlRuleDetail.

Name	Type	Required	Description
RuleMode	String	Yes	Policy mode. `RULE_MODE_RELEASE`: Allow. `RULE_MODE_ALERT`: Alert. `RULE_MODE_HOLDUP`: Block.
ProcessPath	String	Yes	Process path
TargetFilePath	String	Yes	Accessed file path, which is valid only for access control.
RuleId	String	No	Sub-policy ID Note: This field may return null, indicating that no valid values can be obtained.

AccessControlEventDescription

Description of the container access control event at runtime

Used by actions: DescribeAccessControlDetail.

Name	Type	Description
Description	String	Event rule
Solution	String	Solution
Remark	String	Event remarks Note: This field may return null, indicating that no valid values can be obtained.
MatchRule	AccessControlChildRuleInfo	Details of the hit rule
RuleName	String	Name of the hit rule
RuleId	String	ID of the hit rule
OperationTime	String	Last processing time of the event Note: This field may return null, indicating that no valid values can be obtained.

AccessControlEventInfo

Container runtime security - Information of the access control event

Used by actions: DescribeAccessControlEvents.

Name	Type	Description
ProcessName	String	Process name
MatchRuleName	String	Name of the hit rule
FoundTime	Timestamp	Generation time
ContainerName	String	Container name
ImageName	String	Image name
Behavior	String	Action execution result. `BEHAVIOR_NONE`: None. `BEHAVIOR_ALERT`: Alert. `BEHAVIOR_RELEASE`: Allow. `BEHAVIOR_HOLDUP_FAILED`: Failed to block. `BEHAVIOR_HOLDUP_SUCCESSED`: Blocked.
Status	String	Status. `0`: Pending. `EVENT_UNDEAL`: Pending. `EVENT_DEALED`: Processed. `EVENT_INGNORE`: Ignored.
Id	String	Unique event ID
FileName	String	Filename
EventType	String	Event type. `FILE_ABNORMAL_READ`: Abnormal file read.
ImageId	String	Image ID, which is used for redirect.
ContainerId	String	Container ID, which is used for redirect.
Solution	String	Event solution
Description	String	Event description
MatchRuleId	String	Hit policy ID
MatchAction	String	Action of the hit rule: `RULE_MODE_RELEASE`: Allow. `RULE_MODE_ALERT`: Alert. `RULE_MODE_HOLDUP`: Block.
MatchProcessPath	String	Information of the process that hits the rule
MatchFilePath	String	Information of the file that hits the rule
FilePath	String	File path containing the name
RuleExist	Boolean	Whether the rule exists
EventCount	Integer	Number of events
LatestFoundTime	String	Last generation time
RuleId	String	Rule group ID
ContainerNetStatus	String	Network status `NORMAL`: Not isolated. `ISOLATED`: Isolated. `ISOLATING`: Isolating. `ISOLATE_FAILED`: Isolation failed. `RESTORING`: Recovering. `RESTORE_FAILED`: Recovery failed.
ContainerNetSubStatus	String	Sub-status of the container "AGENT_OFFLINE" // The agent is offline. "NODE_DESTROYED" // The node is terminated. "CONTAINER_EXITED" // The container exited. "CONTAINER_DESTROYED" // The container was terminated. "SHARED_HOST" // The container shares the network with the server. "RESOURCE_LIMIT" // The number of resources to be isolated exceeds the limit. "UNKNOW" // The reason is unknown.
ContainerIsolateOperationSrc	String	Container isolation operation source
ContainerStatus	String	Container status `RUNNING`: Running. `PAUSED`: Paused. `STOPPED`: Stopped. `CREATED`: Created. `DESTROYED`: Terminated. `RESTARTING`: Restarting. `REMOVING`: Removing.
NodeName	String	Node name: For super nodes, the node_id is displayed.
PodName	String	Pod name
PodIP	String	Pod IP
NodeType	String	Node type. Values: `NORMAL` (general node), `SUPER` (super node).
ClusterID	String	Cluster ID
NodeUniqueID	String	Node unique ID. It's used for super nodes.
PublicIP	String	Node public IP
NodeID	String	Node ID
HostID	String	uuid
HostIP	String	Private IP of the node
ClusterName	String	Cluster name

AccessControlRuleInfo

Container runtime - Access control policy information

Used by actions: AddEditAccessControlRule, DescribeAccessControlRuleDetail.

Name	Type	Required	Description
IsEnable	Boolean	Yes	Switch. Valid values: `true` (on); `false` (off).
ImageIds	Array of String	Yes	IDs of associated images. An empty array indicates all images.
ChildRules	Array of AccessControlChildRuleInfo	Yes	Array of sub-policies of the user policy
RuleName	String	Yes	Policy name
RuleId	String	No	Policy ID Note: This field may return null, indicating that no valid values can be obtained.
SystemChildRules	Array of AccessControlSystemChildRuleInfo	No	Array of sub-policies of the preset policy
IsDefault	Boolean	No	Whether it is the default preset policy

AccessControlSystemChildRuleInfo

Container runtime security - Information of the sub-policy of the preset access control policy

Used by actions: AddEditAccessControlRule, DescribeAccessControlRuleDetail.

Name	Type	Required	Description
RuleId	String	Yes	Sub-policy ID
RuleMode	String	Yes	Policy mode. `RULE_MODE_RELEASE`: Allow. `RULE_MODE_ALERT`: Alert. `RULE_MODE_HOLDUP`: Block.
IsEnable	Boolean	Yes	Sub-policy status. Valid values: `true` (enabled); `false` (disabled).
RuleType	String	Yes	Intrusion behavior type detected by the sub-policy `CHANGE_CRONTAB`: Tampering with the scheduled task. `CHANGE_SYS_BIN`: Tampering with the system program. `CHANGE_USRCFG`: Tampering with user configuration.

AffectedNodeItem

Structure of the affected node type

Used by actions: DescribeAffectedNodeList.

Name	Type	Required	Description
ClusterId	String	Yes	Cluster ID
ClusterName	String	Yes	Cluster name
InstanceId	String	Yes	Instance ID
PrivateIpAddresses	String	Yes	Private IP
InstanceRole	String	Yes	Node role, such as `Master` and `Work`.
ClusterVersion	String	Yes	K8s version
ContainerRuntime	String	Yes	Runtime component. Valid values: `docker`, `containerd`.
Region	String	Yes	Region
VerifyInfo	String	Yes	Verification information of the check result
NodeName	String	Yes	Node name

AffectedWorkloadItem

Affected workload item in the cluster security check

Used by actions: DescribeAffectedWorkloadList.

Name	Type	Required	Description
ClusterId	String	Yes	Cluster ID
ClusterName	String	Yes	Cluster name
WorkloadName	String	Yes	Workload name
WorkloadType	String	Yes	Workload type
Region	String	Yes	Region
VerifyInfo	String	Yes	Verification information of the check result

AssetClusterListItem

List of clusters

Used by actions: DescribeAssetClusterList.

Name	Type	Description
ClusterID	String	Cluster ID
ClusterName	String	Cluster name
Status	String	Cluster status `CSR_RUNNING`: Running `CSR_EXCEPTION`: Abnormal `CSR_DEL`: Deleted
BindRuleName	String	Bound rule name
ClusterType	String	Cluster type: `CT_TKE`: TKE cluster `CT_USER_CREATE`: External cluster `CT_TKE_SERVERLESS`: TKE Serverless cluster
ClusterVersion	String	Cluster version
MemLimit	Integer	MEM usage
CpuLimit	Integer	cpu

AssetFilters

TCSS
Key-value pair filter for conditional filtering queries, such as filter ID, name, and status
If more than one filter exists, the logical relationship between these filters is AND.
If multiple values exist in one filter, the logical relationship between these values is OR.

Used by actions: AddEditImageAutoAuthorizedRule, CreateAssetImageRegistryScanTask, CreateAssetImageScanTask, CreateAssetImageVirusExportJob, CreateComponentExportJob, CreateHostExportJob, CreateProcessEventsExportJob, CreateVulExportJob, DescribeAssetAppServiceList, DescribeAssetComponentList, DescribeAssetContainerList, DescribeAssetDBServiceList, DescribeAssetHostList, DescribeAssetImageHostList, DescribeAssetImageList, DescribeAssetImageListExport, DescribeAssetImageRegistryList, DescribeAssetImageRegistryListExport, DescribeAssetImageRegistryRegistryList, DescribeAssetImageRegistryRiskInfoList, DescribeAssetImageRegistryRiskListExport, DescribeAssetImageRegistrySummary, DescribeAssetImageRegistryVirusList, DescribeAssetImageRegistryVirusListExport, DescribeAssetImageRegistryVulList, DescribeAssetImageRegistryVulListExport, DescribeAssetImageRiskList, DescribeAssetImageRiskListExport, DescribeAssetImageSimpleList, DescribeAssetImageVirusList, DescribeAssetImageVirusListExport, DescribeAssetImageVulList, DescribeAssetImageVulListExport, DescribeAssetPortList, DescribeAssetProcessList, DescribeAssetWebServiceList, DescribeImageAutoAuthorizedLogList, DescribeImageAutoAuthorizedTaskList, DescribeImageComponentList, DescribeImageRegistryNamespaceList, DescribeVulRegistryImageList, ModifyAssetImageRegistryScanStop, ModifyAssetImageScanStop, ModifyImageAuthorized.

Name	Type	Required	Description
Name	String	Yes	Filter name
Values	Array of String	Yes	One or more filter values
ExactMatch	Boolean	No	Whether to use fuzzy query

AssetSimpleImageInfo

Brief information of the image

Used by actions: DescribeAssetImageSimpleList.

Name	Type	Description
ImageID	String	Image ID
ImageName	String	Image name
ContainerCnt	Integer	Number of associated containers
ScanTime	String	Last scan time
Size	Integer	Image size

AutoAuthorizedImageInfo

Result of the automatic image licensing

Used by actions: DescribeImageAutoAuthorizedLogList.

Name	Type	Description
ImageId	String	Image ID
ImageName	String	Image name
AuthorizedTime	String	Licensing time
Status	String	Licensing result. Valid values: `SUCCESS` (success); `REACH_LIMIT` (reaching the upper limit on licenses); `LICENSE_INSUFFICIENT` (insufficient licenses).
IsAuthorized	Integer	Whether it is licensed. Valid values: `1` (yes); `0` (no).

AutoAuthorizedRuleHostInfo

List of servers licensed based on the automatic image licensing rule

Used by actions: DescribeAutoAuthorizedRuleHost.

Name	Type	Description
HostID	String	Server ID
HostIP	String	Server IP, which is the private IP
HostName	String	Server name
ImageCnt	Integer	Number of images
ContainerCnt	Integer	Number of containers
PublicIp	String	Public IP
InstanceID	String	Server instance ID
MachineType	String	Server source. Valid values: `CVM`, `ECM`, `LH`, `BM`, `Other`. The first four values indicate Tencent Cloud instances, while the last one indicates non-Tencent Cloud instances.
DockerVersion	String	Docker version
Status	String	Agent status

CKafkaInstanceInfo

Optional information of the security log Kafka

Used by actions: DescribeSecLogDeliveryKafkaOptions.

Name	Type	Required	Description
InstanceID	String	No	Instance ID Note: This field may return null, indicating that no valid values can be obtained.
InstanceName	String	No	Instance name Note: This field may return null, indicating that no valid values can be obtained.
TopicList	Array of CKafkaTopicInfo	No	Topic list Note: This field may return null, indicating that no valid values can be obtained.
RouteList	Array of CkafkaRouteInfo	No	Route list Note: This field may return null, indicating that no valid values can be obtained.
KafkaVersion	String	No	Kafka version number Note: This field may return null, indicating that no valid values can be obtained.

CKafkaTopicInfo

CKafka topic information

Used by actions: DescribeSecLogDeliveryKafkaOptions.

Name	Type	Required	Description
TopicID	String	Yes	Topic ID
TopicName	String	Yes	Topic name

CkafkaRouteInfo

CKafka route details

Used by actions: DescribeSecLogDeliveryKafkaOptions.

Name	Type	Required	Description
RouteID	Integer	No	Route ID Note: This field may return null, indicating that no valid values can be obtained.
Domain	String	No	Domain name Note: This field may return null, indicating that no valid values can be obtained.
DomainPort	Integer	No	Domain port Note: This field may return null, indicating that no valid values can be obtained.
Vip	String	No	VIP Note: This field may return null, indicating that no valid values can be obtained.
VipType	Integer	No	VIP type Note: This field may return null, indicating that no valid values can be obtained.
AccessType	Integer	No	Access type // `0`: PLAINTEXT (plaintext method, which does not carry user information and is supported for legacy versions and Community Edition) // `1`: SASL_PLAINTEXT (plaintext method, which authenticates the login through SASL before data start and is supported only for Community Edition) // `2`: SSL (SSL-encrypted communication, which does not carry user information and is supported for legacy versions and Community Edition) // `3`: SASL_SSL (SSL-encrypted communication, which authenticates the login through SASL before data start and is supported only for Community Edition) Note: This field may return null, indicating that no valid values can be obtained.

ClsLogsetInfo

CLS logset information

Used by actions: DescribeSecLogDeliveryClsOptions.

Name	Type	Required	Description
LogsetID	String	Yes	Logset ID
LogsetName	String	No	Logset name Note: This field may return null, indicating that no valid values can be obtained.
TopicList	Array of ClsTopicInfo	No	List of CLS topics Note: This field may return null, indicating that no valid values can be obtained.

ClsTopicInfo

CLS topic information

Used by actions: DescribeSecLogDeliveryClsOptions.

Name	Type	Description
TopicID	String	Topic ID
TopicName	String	Topic name

ClusterCheckItem

Details of a cluster security check item

Used by actions: DescribeCheckItemList, DescribeRiskList.

Name	Type	Description
CheckItemId	Integer	Unique ID of the check item Note: This field may return null, indicating that no valid values can be obtained.
Name	String	Name of the risk item
ItemDetail	String	Detailed description of the check item Note: This field may return null, indicating that no valid values can be obtained.
RiskLevel	String	Severity. Valid values: `Serious` (critical); `High` (high); `Middle` (medium); `Hint` (prompt). Note: This field may return null, indicating that no valid values can be obtained.
RiskTarget	String	Check target and risky target. Valid values: `Runc`, `Kubelet`, `Containerd`, `Pods`. Note: This field may return null, indicating that no valid values can be obtained.
RiskType	String	Risk type. Valid values: `CVERisk` (vulnerability risk); `ConfigRisk` (configuration risk). Note: This field may return null, indicating that no valid values can be obtained.
RiskAttribute	String	Risk type of the check item. Valid values: `PrivilegePromotion` (privilege escalation); `RefuseService` (service rejected); `DirectoryEscape` (directory traversal); `UnauthorizedAccess` (unauthorized access); `PrivilegeAndAccessControl` (permissions, privileges, and access controls); `SensitiveInfoLeak` (sensitive data leakage). Note: This field may return null, indicating that no valid values can be obtained.
RiskProperty	String	Risk characteristic and tag. Valid values: `ExistEXP` (an EXP exists); `ExistPOC` (a POC exists); `NoNeedReboot` (restart not required); `ServerRestart` (service restart); `RemoteInfoLeak` (remote information leakage); `RemoteRefuseService` (remote denial of service); `RemoteExploit` (remote exploit); `RemoteExecute` (remote execution). Note: This field may return null, indicating that no valid values can be obtained.
CVENumber	String	CVE No. Note: This field may return null, indicating that no valid values can be obtained.
DiscoverTime	String	Disclosure time Note: This field may return null, indicating that no valid values can be obtained.
Solution	String	Solution Note: This field may return null, indicating that no valid values can be obtained.
CVSS	String	CVSS information, which is used for drawing. Note: This field may return null, indicating that no valid values can be obtained.
CVSSScore	String	CVSS score Note: This field may return null, indicating that no valid values can be obtained.
RelateLink	String	Reference link Note: This field may return null, indicating that no valid values can be obtained.
AffectedType	String	Affected type. Valid values: `Node`, `Workload`. Note: This field may return null, indicating that no valid values can be obtained.
AffectedVersion	String	Affected version information Note: This field may return null, indicating that no valid values can be obtained.
IgnoredAssetNum	Integer	Number of ignored assets Note: This field may return null, indicating that no valid values can be obtained.
IsIgnored	Boolean	Whether to ignore the check item Note: This field may return null, indicating that no valid values can be obtained.
RiskAssessment	String	Impact assessment Note: This field may return null, indicating that no valid values can be obtained.

ClusterCheckTaskItem

Input parameters for a cluster check task

Used by actions: CreateClusterCheckTask.

Name	Type	Required	Description
ClusterId	String	Yes	ID of the specified cluster to be scanned
ClusterRegion	String	Yes	Cluster region
NodeIp	String	No	IP of the specified node to be scanned
WorkloadName	String	No	Name of the specified workload to be scanned

ClusterCreateComponentItem

Input parameters for CreateCheckComponent, which are used to batch install defenders.

Used by actions: CreateCheckComponent.

Name	Type	Required	Description
ClusterId	String	Yes	ID of the cluster for which to install the component
ClusterRegion	String	Yes	Cluster region

ClusterCustomParameters

Custom parameters of the cluster

Used by actions: DescribeAgentDaemonSetCmd.

Name	Type	Required	Description
Name	String	Yes	Parameter name
Values	Array of String	Yes	Parameter value

ClusterInfoItem

Response parameters structure of the cluster asset

Used by actions: DescribeUserCluster.

Name	Type	Description
ClusterId	String	Cluster ID
ClusterName	String	Cluster name
ClusterVersion	String	Cluster version
ClusterOs	String	Cluster OS
ClusterType	String	Cluster type
ClusterNodeNum	Integer	Number of nodes in the cluster
Region	String	Cluster region
DefenderStatus	String	Status of the monitoring component. Valid values: `Defender_Uninstall`, `Defender_Normal`, `Defender_Error`, `Defender_Installing`.
ClusterStatus	String	Cluster status
ClusterCheckMode	String	Cluster check mode. Valid values: `Cluster_Normal`, `Cluster_Actived`.
ClusterAutoCheck	Boolean	Whether automatic and regular check is enabled
DefenderErrorReason	String	Cause of the failure to deploy the defender. When it is `UserDaemonSetNotReady`, `UnreadyNodeNum` is changed to "The defenders on N nodes are ready". If it is another value, the error message is directly displayed.
UnreadyNodeNum	Integer	Number of nodes where the defender is not ready
SeriousRiskCount	Integer	Number of critical check items
HighRiskCount	Integer	Number of high-risk check items
MiddleRiskCount	Integer	Number of medium-risk check items
HintRiskCount	Integer	Number of prompt-risk check items
CheckFailReason	String	Check failure cause
CheckStatus	String	Check status. Valid values: `Task_Running`, `NoRisk`, `HasRisk`, `Uncheck`, `Task_Error`.
TaskCreateTime	String	Task creation time and check time

ClusterRiskItem

A risk item is a check item with an issue found in the check, with certain information of the check result.

Used by actions: DescribeRiskList.

Name	Type	Description
CheckItem	ClusterCheckItem	Check item information
VerifyInfo	String	Verification information
ErrorMessage	String	Event description and check error message
AffectedClusterCount	Integer	Number of affected clusters
AffectedNodeCount	Integer	Number of affected nodes

ComplianceAffectedAsset

Information of the asset affected by the check item

Used by actions: DescribeCompliancePolicyItemAffectedAssetList.

Name	Type	Description
CustomerAssetId	Integer	Unique ID of the customer asset
AssetName	String	Asset name
AssetType	String	Asset type
CheckStatus	String	Check status `CHECK_INIT`: To be checked. `CHECK_RUNNING`: Checking. `CHECK_FINISHED`: Checked. `CHECK_FAILED`: Check failed.
NodeName	String	Node name
LastCheckTime	String	Last check time in the format of "YYYY-MM-DD HH:m::SS" It is "0000-00-00 00:00:00" if no check has been performed.
CheckResult	String	Check result. Valid values: `RESULT_FAILED`: Failed. `RESULT_PASSED`: Passed.
HostIP	String	Server IP Note: This field may return null, indicating that no valid values can be obtained.
ImageTag	String	Image tag Note: This field may return null, indicating that no valid values can be obtained.
VerifyInfo	String	Verification information of the check item Note: This field may return null, indicating that no valid values can be obtained.
InstanceId	String	Instance ID Note: This field may return `null`, indicating that no valid values can be obtained.

ComplianceAssetDetailInfo

Asset details

Used by actions: DescribeComplianceAssetDetailInfo.

Name	Type	Description
CustomerAssetId	Integer	Customer asset ID
AssetType	String	Asset type
AssetName	String	Asset name
NodeName	String	Node name of the asset
HostName	String	Server name of the asset
HostIP	String	Server IP of the asset
CheckStatus	String	Check status `CHECK_INIT`: To be checked. `CHECK_RUNNING`: Checking. `CHECK_FINISHED`: Checked. `CHECK_FAILED`: Check failed.
PassedPolicyItemCount	Integer	Number of check items that the asset passed
FailedPolicyItemCount	Integer	Number of check items that the asset failed
LastCheckTime	Timestamp	Last check time Note: This field may return null, indicating that no valid values can be obtained.
CheckResult	String	Check result. Valid values: `RESULT_FAILED`: Failed. `RESULT_PASSED`: Passed. Note: This field may return null, indicating that no valid values can be obtained.
AssetStatus	String	Asset status
AssetCreateTime	Timestamp	Asset creation time `ASSET_NORMAL`: Running. `ASSET_PAUSED`: Suspended. `ASSET_STOPPED`: Stopped. `ASSET_ABNORMAL`: Abnormal.

ComplianceAssetInfo

Asset information

Used by actions: DescribeComplianceAssetList.

Name	Type	Description
CustomerAssetId	Integer	Customer asset ID
AssetType	String	Asset type
AssetName	String	Asset name
ImageTag	String	This field is the image tag when the asset is an image. Note: This field may return null, indicating that no valid values can be obtained.
HostIP	String	Server IP of the asset
NodeName	String	Node name of the asset
CheckStatus	String	Check status `CHECK_INIT`: To be checked. `CHECK_RUNNING`: Checking. `CHECK_FINISHED`: Checked. `CHECK_FAILED`: Check failed.
PassedPolicyItemCount	Integer	Number of check items that the asset passed Note: This field may return null, indicating that no valid values can be obtained.
FailedPolicyItemCount	Integer	Number of check items that the asset failed Note: This field may return null, indicating that no valid values can be obtained.
LastCheckTime	Timestamp	Last check time Note: This field may return null, indicating that no valid values can be obtained.
CheckResult	String	Check result. Valid values: `RESULT_FAILED`: Failed. `RESULT_PASSED`: Passed. Note: This field may return null, indicating that no valid values can be obtained.
InstanceId	String	Node instance ID Note: This field may return `null`, indicating that no valid values can be obtained.

ComplianceAssetPolicyItem

Information of a check item

Used by actions: DescribeComplianceAssetPolicyItemList.

Name	Type	Description
CustomerPolicyItemId	Integer	Unique ID of the customer check item
BasePolicyItemId	Integer	Original ID of the check item
Name	String	Check item name
Category	String	Category of the check item
BenchmarkStandardId	Integer	Compliance standard ID
BenchmarkStandardName	String	Compliance standard name
RiskLevel	String	Severity
CheckStatus	String	Check status `CHECK_INIT`: To be checked. `CHECK_RUNNING`: Checking. `CHECK_FINISHED`: Checked. `CHECK_FAILED`: Check failed.
CheckResult	String	Check result `RESULT_PASSED`: Passed. `RESULT_FAILED`: Failed. Note: This field may return null, indicating that no valid values can be obtained.
WhitelistId	Integer	Allowed item ID of the check item. If it exists and is not `0`, the check item is ignored. Note: This field may return null, indicating that no valid values can be obtained.
FixSuggestion	String	Handling suggestion
LastCheckTime	String	Last check time Note: This field may return null, indicating that no valid values can be obtained.
VerifyInfo	String	Verification information Note: This field may return null, indicating that no valid values can be obtained.

ComplianceAssetPolicySetItem

List of asset IDs and check item IDs

Used by actions: AddComplianceAssetPolicySetToWhitelist.

Name	Type	Required	Description
CustomerAssetItemId	Integer	Yes	Asset ID
CustomerPolicyItemIdSet	Array of Integer	No	List of IDs of check items to be ignored in the specified asset. If it is empty, it indicates all.

ComplianceAssetSummary

Asset overview

Used by actions: DescribeComplianceTaskAssetSummary.

Name	Type	Description
AssetType	String	Asset type
IsCustomerFirstCheck	Boolean	Whether it is the first check. This parameter is used together with `CheckStatus`.
CheckStatus	String	Check status `CHECK_UNINIT`: Feature not enabled. `CHECK_INIT`: To be checked. `CHECK_RUNNING`: Checking. `CHECK_FINISHED`: Checked. `CHECK_FAILED`: Check failed.
CheckProgress	Float	Check progress. Value range: 0-100. This field is valid only if the check is running. Note: This field may return null, indicating that no valid values can be obtained.
PassedPolicyItemCount	Integer	Number of check items that the asset passed
FailedPolicyItemCount	Integer	Number of check items that the asset failed
FailedCriticalPolicyItemCount	Integer	Number of critical check items that the asset failed
FailedHighRiskPolicyItemCount	Integer	Number of high-risk check items that the asset failed
FailedMediumRiskPolicyItemCount	Integer	Number of medium-risk check items that the asset failed
FailedLowRiskPolicyItemCount	Integer	Number of low-risk check items that the asset failed
NoticePolicyItemCount	Integer	Number of prompt check items of the asset
PassedAssetCount	Integer	Number of assets that passed the check
FailedAssetCount	Integer	Number of assets that failed the check
AssetPassedRate	Float	Asset compliance rate. Value range: 0-100.
ScanFailedAssetCount	Integer	Number of assets that failed the check
CheckCostTime	Float	Last check duration in seconds Note: This field may return null, indicating that no valid values can be obtained.
LastCheckTime	Timestamp	Last check time Note: This field may return null, indicating that no valid values can be obtained.
PeriodRule	CompliancePeriodTaskRule	Scheduled check rule
OpenPolicyItemCount	Integer	Total number of enabled check items Note: This field may return null, indicating that no valid values can be obtained.
IgnoredPolicyItemCount	Integer	Total number of ignored check items Note: This field may return null, indicating that no valid values can be obtained.

ComplianceBenchmarkStandard

Information of a compliance standard

Used by actions: DescribeCompliancePeriodTaskList.

Name	Type	Description
StandardId	Integer	Compliance standard ID
Name	String	Compliance standard name
PolicyItemCount	Integer	Number of items contained in the compliance standard
Enabled	Boolean	Whether to enable the standard
Description	String	Description of the standard

ComplianceBenchmarkStandardEnable

Whether to enable the compliance standard

Used by actions: ModifyCompliancePeriodTask.

Name	Type	Required	Description
StandardId	Integer	Yes	Compliance standard ID
Enable	Boolean	Yes	Whether to enable the compliance standard

ComplianceContainerDetailInfo

Container asset details

Used by actions: DescribeComplianceAssetDetailInfo.

Name	Type	Description
ContainerId	String	Container ID on the server
PodName	String	Pod name of the container Note: This field may return null, indicating that no valid values can be obtained.

ComplianceFilters

Key-value pair filter for conditional filtering queries, such as filter ID, name, and status. If more than one filter exists, the logical relationship between these filters is AND. If multiple values exist in one filter, the logical relationship between these values is OR.

Used by actions: DescribeAffectedNodeList, DescribeAffectedWorkloadList, DescribeCheckItemList, DescribeComplianceAssetList, DescribeComplianceAssetPolicyItemList, DescribeCompliancePolicyItemAffectedAssetList, DescribeComplianceScanFailedAssetList, DescribeComplianceTaskPolicyItemSummaryList, DescribeComplianceWhitelistItemList, DescribeNetworkFirewallAuditRecord, DescribeNetworkFirewallClusterList, DescribeNetworkFirewallNamespaceLabelList, DescribeNetworkFirewallPodLabelsList, DescribeNetworkFirewallPolicyList, DescribeRiskList, DescribeUserCluster.

Name	Type	Required	Description
Name	String	Yes	Filter name
Values	Array of String	Yes	One or more filter values
ExactMatch	Boolean	No	Whether to use fuzzy query. Default value: `true`.

ComplianceHostDetailInfo

Server asset details

Used by actions: DescribeComplianceAssetDetailInfo.

Name	Type	Description
DockerVersion	String	Docker version on the server Note: This field may return null, indicating that no valid values can be obtained.
K8SVersion	String	K8s version on the server Note: This field may return null, indicating that no valid values can be obtained.

ComplianceImageDetailInfo

Image asset details

Used by actions: DescribeComplianceAssetDetailInfo.

Name	Type	Description
ImageId	String	Image ID on the server
ImageName	String	Image name
ImageTag	String	Image tag
Repository	String	Path of the remote repository of the image Note: This field may return null, indicating that no valid values can be obtained.

ComplianceK8SDetailInfo

K8s asset details

Used by actions: DescribeComplianceAssetDetailInfo.

Name	Type	Description
ClusterName	String	K8s cluster name Note: This field may return null, indicating that no valid values can be obtained.
ClusterVersion	String	K8s cluster version Note: This field may return null, indicating that no valid values can be obtained.

CompliancePeriodTask

Information of a scheduled task of the compliance baseline check

Used by actions: DescribeCompliancePeriodTaskList.

Name	Type	Description
PeriodTaskId	Integer	Scheduled task ID
AssetType	String	Asset type `ASSET_CONTAINER`: Container. `ASSET_IMAGE`: Image. `ASSET_HOST`: Server. `ASSET_K8S`: K8s asset.
LastTriggerTime	Timestamp	Last trigger time Note: This field may return null, indicating that no valid values can be obtained.
TotalPolicyItemCount	Integer	Total number of check items
PeriodRule	CompliancePeriodTaskRule	Cycle settings
BenchmarkStandardSet	Array of ComplianceBenchmarkStandard	List of compliance standards

CompliancePeriodTaskRule

Cycle of a scheduled task

Used by actions: DescribeCompliancePeriodTaskList, DescribeComplianceTaskAssetSummary, ModifyCompliancePeriodTask.

Name	Type	Required	Description
Frequency	Integer	Yes	Execution frequency (days). Valid values: `1`, `3`, `7`.
ExecutionTime	String	Yes	Execution time in the format of "HH:mm:SS"
Enable	Boolean	No	Whether to enable Note: This field may return null, indicating that no valid values can be obtained.

CompliancePolicyAssetSetItem

List of check item IDs and asset IDs

Used by actions: DeleteCompliancePolicyAssetSetFromWhitelist.

Name	Type	Required	Description
CustomerPolicyItemId	Integer	Yes	Check item ID
CustomerAssetItemIdSet	Array of Integer	No	List of IDs of assets to be ignored in the specified check item. If it is empty, it indicates all.

CompliancePolicyItemSummary

Aggregated information of a check item

Used by actions: DescribeCompliancePolicyItemAffectedSummary, DescribeComplianceTaskPolicyItemSummaryList.

Name	Type	Description
CustomerPolicyItemId	Integer	Unique ID of the customer check item
BasePolicyItemId	Integer	Original ID of the check item
Name	String	Check item name
Category	String	Category of the check item, which is an enumerated string.
BenchmarkStandardName	String	Compliance standard
RiskLevel	String	Severity. Valid values: `RISK_CRITICAL`, `RISK_HIGH`, `RISK_MEDIUM`, `RISK_LOW`, `RISK_NOTICE`.
AssetType	String	Asset type of the check item
LastCheckTime	Timestamp	Last check time Note: This field may return null, indicating that no valid values can be obtained.
CheckStatus	String	Check status `CHECK_INIT`: To be checked. `CHECK_RUNNING`: Checking. `CHECK_FINISHED`: Checked. `CHECK_FAILED`: Check failed.
CheckResult	String	Check result. Valid values: `RESULT_PASSED`: Passed. `RESULT_FAILED`: Failed. Note: This field may return null, indicating that no valid values can be obtained.
PassedAssetCount	Integer	Number of assets that passed the check Note: This field may return null, indicating that no valid values can be obtained.
FailedAssetCount	Integer	Number of assets that failed the check Note: This field may return null, indicating that no valid values can be obtained.
WhitelistId	Integer	Allowed item ID of the check item. If it exists and is not `0`, the check item is ignored. Note: This field may return null, indicating that no valid values can be obtained.
FixSuggestion	String	Handling suggestion
BenchmarkStandardId	Integer	Compliance standard ID
ApplicableVersion	String	TCSS editions that support this check item Note: This field may return `null`, indicating that no valid value was found.

ComplianceScanFailedAsset

Information of the asset that failed the check

Used by actions: DescribeComplianceScanFailedAssetList.

Name	Type	Description
CustomerAssetId	Integer	Customer asset ID
AssetType	String	Asset type
CheckStatus	String	Check status `CHECK_INIT`: To be checked. `CHECK_RUNNING`: Checking. `CHECK_FINISHED`: Checked. `CHECK_FAILED`: Check failed.
AssetName	String	Asset name
FailureReason	String	Cause of the asset check failure
Suggestion	String	Suggestion for handling the check failure
CheckTime	Timestamp	Check time

ComplianceWhitelistItem

Allowed item

Used by actions: DescribeComplianceWhitelistItemList.

Name	Type	Description
WhitelistItemId	Integer	Allowed item ID
CustomerPolicyItemId	Integer	ID of the customer check item
Name	String	Check item name
StandardName	String	Compliance standard name
StandardId	Integer	Compliance standard ID
AffectedAssetCount	Integer	Number of assets affected by the check item
LastUpdateTime	Timestamp	Last update time
InsertTime	Timestamp	Allowed time

ComponentInfo

Container component information

Used by actions: DescribeAssetComponentList.

Name	Type	Description
Name	String	Name
Version	String	Version

ComponentsInfo

Component information

Used by actions: DescribeAssetImageRegistryVulList.

Name	Type	Description
Version	String	Component version information Note: This field may return null, indicating that no valid values can be obtained.
FixedVersion	String	Fixed version Note: This field may return·`null`, indicating that no valid values can be obtained.
Path	String	Path Note: This field may return·`null`, indicating that no valid values can be obtained.
Type	String	Type Note: This field may return·`null`, indicating that no valid values can be obtained.
Name	String	Add-on name Note: This field may return null, indicating that no valid values can be obtained.

ContainerInfo

List of containers

Used by actions: DescribeAssetContainerList.

Name	Type	Description
ContainerID	String	Container ID
ContainerName	String	Container name
Status	String	Container status
CreateTime	String	Creation time
RunAs	String	Operator
Cmd	String	Command line
CPUUsage	Integer	CPU utilization * 1000
RamUsage	Integer	Memory usage in KB
ImageName	String	Image name
ImageID	String	Image ID
POD	String	Image ID
HostID	String	Server ID
HostIP	String	Server IP
UpdateTime	String	Update time
HostName	String	Server name
PublicIp	String	Public IP
NetStatus	String	Network status `NORMAL`: Not isolated. `ISOLATED`: Isolated. `ISOLATING`: Isolating. `ISOLATE_FAILED`: Isolation failed. `RESTORING`: Recovering. `RESTORE_FAILED`: Recovery failed.
NetSubStatus	String	Sub-status of the network
IsolateSource	String	Isolation source Note: This field may return null, indicating that no valid values can be obtained.
IsolateTime	String	Isolation time Note: This field may return null, indicating that no valid values can be obtained.
NodeID	String	Super node ID
PodIP	String	Pod IP
PodName	String	Pod name
NodeType	String	Node type. Valid values: `NORMAL` (general node), `SUPER` (super node)
NodeUniqueID	String	UID of the super node
PodCpu	Integer	Number of CPU cores used by the pod
PodMem	Integer	Memory specification of the Pod
ClusterName	String
ClusterID	String
PodUid	String

ContainerMount

Container mount information

Used by actions: DescribeAssetContainerDetail.

Name	Type	Description
Type	String	Mount type: `bind`.
Source	String	Host path
Destination	String	Path in the container
Mode	String	Mode
RW	Boolean	Read/Write permission
Propagation	String	Propagation type
Name	String	Name
Driver	String	Driver

ContainerNetwork

Container network information

Used by actions: DescribeAssetContainerDetail.

Name	Type	Description
EndpointID	String	Endpoint ID
Mode	String	Mode: `bridge`.
Name	String	Network name
NetworkID	String	Network ID
Gateway	String	Gateway
Ipv4	String	IPv4 address
Ipv6	String	IPv6 address
MAC	String	MAC address

EmergencyVulInfo

List of emergency vulnerabilities

Used by actions: DescribeEmergencyVulList.

Name	Type	Description
Name	String	Vulnerability name
Tags	Array of String	Vulnerability tag Note: This field may return null, indicating that no valid values can be obtained.
CVSSV3Score	Float	CVSS V3 score Note: This field may return null, indicating that no valid values can be obtained.
Level	String	Risk level Note: This field may return null, indicating that no valid values can be obtained.
CVEID	String	CVE No.
Category	String	Vulnerability type Note: This field may return null, indicating that no valid values can be obtained.
SubmitTime	String	Vulnerability disclosure time Note: This field may return null, indicating that no valid values can be obtained.
LatestFoundTime	String	Last discovery time Note: This field may return null, indicating that no valid values can be obtained.
Status	String	Emergency vulnerability risk information. Valid values: `NOT_SCAN` (not scanned); `SCANNING` (scanning); `SCANNED_NOT_RISK` (scanned and at no risk); `SCANNED_RISK` (scanned and at risk).
ID	Integer	Vulnerability ID
PocID	String	POC ID
DefenceStatus	String	Defense status. Valid values: `NO_DEFENDED`, `DEFENDED`. Note: This field may return null, indicating that no valid values can be obtained.
DefenceScope	String	Scope of servers with exploit prevention enabled. Valid values: `MANUAL` (specified servers); `ALL` (all servers). Note: This field may return null, indicating that no valid values can be obtained.
DefenceHostCount	Integer	Number of servers with exploit prevention enabled Note: This field may return null, indicating that no valid values can be obtained.
DefendedCount	Integer	Number of attacks defended against Note: This field may return null, indicating that no valid values can be obtained.

EscapeEventDescription

Description of the container escape event at runtime

Used by actions: DescribeEscapeEventDetail.

Name	Type	Description
Description	String	Event rule
Solution	String	Solution
Remark	String	Event remarks Note: This field may return null, indicating that no valid values can be obtained.
OperationTime	String	Last processing time of the event Note: This field may return null, indicating that no valid values can be obtained.

EscapeEventInfo

List of container escape events

Used by actions: DescribeEscapeEventInfo.

Name	Type	Description
EventType	String	Event type. `ESCAPE_CGROUPS`: Cgroup escape. `ESCAPE_TAMPER_SENSITIVE_FILE`: File tamper escape. `ESCAPE_DOCKER_API`: Docker API access escape. `ESCAPE_VUL_OCCURRED`: Vulnerability exploit. `MOUNT_SENSITIVE_PTAH`: Sensitive path mount. `PRIVILEGE_CONTAINER_START`: Privileged container. `PRIVILEGE`: Program privilege escalation escape.
ContainerName	String	Container name
ImageName	String	Image name
Status	String	Status. Valid values: `EVENT_UNDEAL` (pending); `EVENT_DEALED` (processed); `EVENT_INGNORE` (ignored).
EventId	String	Unique event ID
NodeName	String	Node name
PodName	String	Pod (instance) name
FoundTime	Timestamp	Generation time
EventName	String	Event name Host file access escape Syscall escape Mount namespace escape Program privilege escalation escape Privileged container startup escape Sensitive path mount
ImageId	String	Image ID, which is used for redirect.
ContainerId	String	Container ID, which is used for redirect.
Solution	String	Event solution
Description	String	Event description
EventCount	Integer	Number of events
LatestFoundTime	Timestamp	Last generation time
NodeIP	String	Node IP Note: This field may return null, indicating that no valid values can be obtained.
HostID	String	Server IP Note: This field may return null, indicating that no valid values can be obtained.
ContainerNetStatus	String	Network status `NORMAL`: Not isolated. `ISOLATED`: Isolated. `ISOLATING`: Isolating. `ISOLATE_FAILED`: Isolation failed. `RESTORING`: Recovering. `RESTORE_FAILED`: Recovery failed. Note: This field may return null, indicating that no valid values can be obtained.
ContainerNetSubStatus	String	Sub-status of the container "AGENT_OFFLINE" // The agent is offline. "NODE_DESTROYED" // The node is terminated. "CONTAINER_EXITED" // The container exited. "CONTAINER_DESTROYED" // The container was terminated. "SHARED_HOST" // The container shares the network with the server. "RESOURCE_LIMIT" // The number of resources to be isolated exceeds the limit. "UNKNOW" // The reason is unknown. Note: This field may return null, indicating that no valid values can be obtained.
ContainerIsolateOperationSrc	String	Container isolation operation source Note: This field may return null, indicating that no valid values can be obtained.
ContainerStatus	String	Container status `RUNNING`: Running. `PAUSED`: Paused. `STOPPED`: Stopped. `CREATED`: Created. `DESTROYED`: Terminated. `RESTARTING`: Restarting. `REMOVING`: Removing.
ClusterID	String	ID of the cluster where the node resides
NodeType	String	Node type. Values: `NORMAL` (general node), `SUPER` (super node).
PodIP	String	Pod IP
NodeUniqueID	String	Unique node ID
PublicIP	String	Node public IP
NodeID	String	Node ID
HostIP	String	Private IP of the node
ClusterName	String	Cluster name

EscapeEventTendencyInfo

Trend of pending escape events

Used by actions: DescribeEscapeEventTendency.

Name	Type	Description
RiskContainerEventCount	Integer	Total number of pending containers at risk
ProcessPrivilegeEventCount	Integer	Total number of pending program privilege escalation events
ContainerEscapeEventCount	Integer	Total number of pending container escape events
Date	Date	Date

EscapeRule

Enablement/Disablement of the container escape scan policy

Used by actions: DescribeEscapeRuleInfo.

Name	Type	Description
Type	String	Rule type `ESCAPE_HOST_ACESS_FILE`: Host file access escape. `ESCAPE_MOUNT_NAMESPACE`: Mount namespace escape. `ESCAPE_PRIVILEDGE`: Program privilege escalation escape. `ESCAPE_PRIVILEDGE_CONTAINER_START`: Privileged container startup escape. `ESCAPE_MOUNT_SENSITIVE_PTAH`: Sensitive path mount. `ESCAPE_SYSCALL`: Syscall escape.
Name	String	Rule name Host file access escape Syscall escape Mount namespace escape Program privilege escalation escape Privileged container startup escape Sensitive path mount
IsEnable	Boolean	Whether to enable. Valid values: `false` (no); `true` (yes).
Group	String	Rule group. Valid values: `RISK_CONTAINER` (container in risk); `PROCESS_PRIVILEGE` (program privilege escalation); `CONTAINER_ESCAPE` (container escape).

EscapeRuleEnabled

Enablement/Disablement of the container escape scan policy

Used by actions: ModifyEscapeRule.

Name	Type	Required	Description
Type	String	Yes	Rule type `ESCAPE_HOST_ACESS_FILE`: Host file access escape. `ESCAPE_MOUNT_NAMESPACE`: Mount namespace escape. `ESCAPE_PRIVILEDGE`: Program privilege escalation escape. `ESCAPE_PRIVILEDGE_CONTAINER_START`: Privileged container startup escape. `ESCAPE_MOUNT_SENSITIVE_PTAH`: Sensitive path mount. `ESCAPE_SYSCALL`: Syscall escape.
IsEnable	Boolean	Yes	Whether to enable. Valid values: `false` (no); `true` (yes).

EscapeWhiteListInfo

Escape allowlist

Used by actions: DescribeEscapeWhiteList.

Name	Type	Description
ImageID	String	Image ID
ImageName	String	Image name
ID	Integer	Allowed item ID
HostCount	Integer	Number of associated servers
ContainerCount	Integer	Number of associated containers
EventType	Array of String	Allowed event type
InsertTime	String	Creation time
UpdateTime	String	Update time
ImageSize	Integer	Image size

ExportJobInfo

Export job details

Used by actions: DescribeExportJobManageList.

Name	Type	Description
JobID	String	Job ID
JobName	String	Job name
Source	String	Source
ExportStatus	String	Export status
ExportProgress	Integer	Export progress
FailureMsg	String	Reason for failure
Timeout	String	Timeout threshold
InsertTime	String	Insertion time

FileAttributeInfo

Container runtime security - File attribute information

Used by actions: DescribeAccessControlDetail.

Name	Type	Description
FileName	String	Filename
FileType	String	File type
FileSize	Integer	File size in bytes
FilePath	String	File path
FileCreateTime	Timestamp	File creation time
LatestTamperedFileMTime	Timestamp	Time when the file is last tampered with
NewFile	String	Content of the new file
FileDiff	String	Differences between old and new files

HostInfo

List of server IDs

Used by actions: DescribeAssetHostList.

Name	Type	Description
HostID	String	Server ID
HostIP	String	Server IP, which is the private IP
HostName	String	Server name
Group	String	Project
DockerVersion	String	Docker version
DockerFileSystemDriver	String	Docker file system type
ImageCnt	Integer	Number of images
ContainerCnt	Integer	Number of containers
Status	String	Agent status
IsContainerd	Boolean	Whether it is Containerd
MachineType	String	Server source. Valid values: `CVM`, `ECM`, `LH`, `BM`, `Other`. The first four values indicate Tencent Cloud instances, while the last one indicates non-Tencent Cloud instances.
PublicIp	String	Public IP
Uuid	String	Server UUID
InstanceID	String	Server instance ID
RegionID	Integer	Region ID
Project	ProjectInfo	Project Note: This field may return `null`, indicating that no valid value was found.
Tags	Array of TagInfo	Tags Note: This field may return `null`, indicating that no valid value was found.
ClusterID	String	Cluster ID
ClusterName	String
ClusterAccessedStatus	String

ImageAutoAuthorizedTask

Information of the automatic image licensing task

Used by actions: DescribeImageAutoAuthorizedTaskList.

Name	Type	Description
TaskId	Integer	Task ID
Type	String	Licensing method. Valid values: `AUTO` (automatic licensing); `MANUAL` (manual licensing).
AuthorizedDate	Date	Task date
Source	String	Image source. Valid values: `LOCAL` (local image); `REGISTRY` (repository image).
LastAuthorizedTime	String	Last licensing time
SuccessCount	Integer	Number of images automatically licensed successfully
FailCount	Integer	Number of images failed to be automatically licensed
LatestFailCode	String	Error code for the last task. Valid values: `REACH_LIMIT` (reaching the upper limit on licenses); `LICENSE_INSUFFICIENT` (insufficient licenses).

ImageComponent

Information of a component in the image

Used by actions: DescribeImageComponentList.

Name	Type	Description
Name	String	Component name
Version	String	Component version
Path	String	Component path
Type	String	Component type
VulCount	Integer	Number of component vulnerabilities Note: This field may return null, indicating that no valid values can be obtained.
ImageID	String	Image ID Note: This field may return null, indicating that no valid values can be obtained.

ImageHost

List of images associated with servers

Used by actions: DescribeAssetImageHostList.

Name	Type	Description
ImageID	String	Image ID
HostID	String	Server ID

ImageInfo

Basic image information

Used by actions: CreateAssetImageRegistryScanTask, CreateAssetImageRegistryScanTaskOneKey, DescribeAssetImageRegistryRiskInfoList, DescribeAssetImageRegistryRiskListExport, DescribeAssetImageRegistryScanStatusOneKey, DescribeAssetImageRegistryVirusList, DescribeAssetImageRegistryVirusListExport, DescribeAssetImageRegistryVulList, DescribeAssetImageRegistryVulListExport, DescribeImageRegistryTimingScanTask, ModifyAssetImageRegistryScanStop, ModifyAssetImageRegistryScanStopOneKey, UpdateImageRegistryTimingScanTask.

Name	Type	Required	Description
InstanceName	String	Yes	Instance name
Namespace	String	Yes	Namespace
ImageName	String	Yes	Image name
ImageTag	String	Yes	Image tag
Force	String	Yes	Forced scan
ImageDigest	String	No	Image ID
RegistryType	String	No	Repository type
ImageRepoAddress	String	No	Image repository address
InstanceId	String	No	Instance ID

ImageProgress

Basic image information

Used by actions: DescribeAssetImageRegistryScanStatusOneKey.

Name	Type	Description
ImageId	String	Image ID Note: This field may return null, indicating that no valid values can be obtained.
RegistryType	String	Repository type Note: This field may return null, indicating that no valid values can be obtained.
ImageRepoAddress	String	Image repository address Note: This field may return null, indicating that no valid values can be obtained.
InstanceId	String	Instance ID Note: This field may return null, indicating that no valid values can be obtained.
InstanceName	String	Instance name Note: This field may return null, indicating that no valid values can be obtained.
Namespace	String	Namespace Note: This field may return null, indicating that no valid values can be obtained.
ImageName	String	Repository name Note: This field may return null, indicating that no valid values can be obtained.
ImageTag	String	Image tag Note: This field may return null, indicating that no valid values can be obtained.
ScanStatus	String	Image scanning status Note: This field may return null, indicating that no valid values can be obtained.
CveProgress	Integer	CVE scanning progress of the image Note: This field may return null, indicating that no valid values can be obtained.
RiskProgress	Integer	Sensitive data scanning progress of the image Note: This field may return null, indicating that no valid values can be obtained.
VirusProgress	Integer	Trojan scanning progress of the image Note: This field may return null, indicating that no valid values can be obtained.

ImageRepoInfo

List of image repositories

Used by actions: DescribeAssetImageRegistryList.

Name	Type	Description
ImageDigest	String	Image digest
ImageRepoAddress	String	Image repository address
RegistryType	String	Repository type
ImageName	String	Image name
ImageTag	String	Image tag
ImageSize	Integer	Image size
ScanTime	String	Last scan time
ScanStatus	String	Scanning status
VulCnt	Integer	Number of vulnerabilities
VirusCnt	Integer	Number of viruses and trojans
RiskCnt	Integer	Number of risky behaviors
SentiveInfoCnt	Integer	Number of sensitive data items
IsTrustImage	Boolean	Whether it is a trusted image
OsName	String	Image system
ScanVirusError	String	Trojan scan error Note: This field may return null, indicating that no valid values can be obtained.
ScanVulError	String	Vulnerability scan error Note: This field may return null, indicating that no valid values can be obtained.
InstanceId	String	Instance ID
InstanceName	String	Instance name
Namespace	String	Namespace
ScanRiskError	String	High-risk scan error Note: This field may return null, indicating that no valid values can be obtained.
ScanVirusProgress	Integer	Sensitive data scanning progress Note: This field may return null, indicating that no valid values can be obtained.
ScanVulProgress	Integer	Trojan scanning progress Note: This field may return null, indicating that no valid values can be obtained.
ScanRiskProgress	Integer	Vulnerability scanning progress Note: This field may return null, indicating that no valid values can be obtained.
ScanRemainTime	Integer	Remaining scan time in seconds Note: This field may return null, indicating that no valid values can be obtained.
CveStatus	String	CVE scanning status Note: This field may return null, indicating that no valid values can be obtained.
RiskStatus	String	High-risk scanning status Note: This field may return null, indicating that no valid values can be obtained.
VirusStatus	String	Trojan scanning status Note: This field may return null, indicating that no valid values can be obtained.
Progress	Integer	Overall progress Note: This field may return null, indicating that no valid values can be obtained.
IsAuthorized	Integer	Licensing status
RegistryRegion	String	Repository region
Id	Integer	List of IDs
ImageId	String	Image ID Note: This field may return null, indicating that no valid values can be obtained.
ImageCreateTime	Timestamp ISO8601	Image creation time Note: This field may return null, indicating that no valid values can be obtained.
IsLatestImage	Boolean	Whether it is the latest image tag Note: This field may return null, indicating that no valid values can be obtained.

ImageRepoRegistryInfo

Used by actions: DescribeAssetImageRegistryRegistryList.

Name	Type	Description
RegistryId	Integer
Name	String
RegistryType	String
Url	String
NetType	String
RegistryRegion	String
RegistryVersion	String
ConnectMsg	String
ConnDetectType	String
ConnDetectHostCount	Integer
ConnDetectDetail	Array of RegistryConnDetectResult
InstanceID	String
LatestSyncTime	String
SyncStatus	String
SyncFailReason	String
SyncSolution	String
SyncMessage	String

ImageRisk

Information of a high-risk behavior in the image

Used by actions: DescribeAssetImageRegistryRiskInfoList.

Name	Type	Description
Behavior	Integer	High-risk behavior Note: This field may return null, indicating that no valid values can be obtained.
Type	Integer	Type Note: This field may return null, indicating that no valid values can be obtained.
Level	String	Risk level Note: This field may return null, indicating that no valid values can be obtained.
Desc	String	Description Note: This field may return null, indicating that no valid values can be obtained.
InstructionContent	String	Solution Note: This field may return null, indicating that no valid values can be obtained.

ImageRiskInfo

Image risk details

Used by actions: DescribeAssetImageRiskList.

Name	Type	Description
Behavior	Integer	Behavior
Type	Integer	Type
Level	Integer	Level
Desc	String	Details
InstructionContent	String	Solution

ImageRiskTendencyInfo

Trend information of security events at runtime

Used by actions: DescribeImageRiskTendency.

Name	Type	Description
ImageRiskSet	Array of RunTimeTendencyInfo	List of trends
ImageRiskType	String	Risk type: `IRT_VULNERABILITY`: Vulnerability. `IRT_MALWARE_VIRUS`: Virus and trojan. `IRT_RISK`: Sensitive data.

ImageSimpleInfo

List of images

Used by actions: DescribeImageSimpleList.

Name	Type	Description
ImageID	String	Image ID
ImageName	String	Image name
Size	Integer	Image size
ImageType	String	Type
ContainerCnt	Integer	Number of associated containers

ImageVirus

Information of a virus in the image

Used by actions: DescribeAssetImageRegistryVirusList.

Name	Type	Description
Path	String	Path Note: This field may return null, indicating that no valid values can be obtained.
RiskLevel	String	Risk level Note: This field may return null, indicating that no valid values can be obtained.
Category	String	Category Note: This field may return null, indicating that no valid values can be obtained.
VirusName	String	Virus name Note: This field may return null, indicating that no valid values can be obtained.
Tags	Array of String	Tag Note: This field may return null, indicating that no valid values can be obtained.
Desc	String	Description Note: This field may return null, indicating that no valid values can be obtained.
Solution	String	Solution Note: This field may return null, indicating that no valid values can be obtained.
FileType	String	File type Note: This field may return null, indicating that no valid values can be obtained.
FileName	String	File path Note: This field may return null, indicating that no valid values can be obtained.
FileMd5	String	MD5 checksum of the file Note: This field may return null, indicating that no valid values can be obtained.
FileSize	Integer	Size Note: This field may return null, indicating that no valid values can be obtained.
FirstScanTime	String	First discovery time Note: This field may return null, indicating that no valid values can be obtained.
LatestScanTime	String	Last scan time Note: This field may return null, indicating that no valid values can be obtained.

ImageVirusInfo

Information of a virus in the image

Used by actions: DescribeAssetImageVirusList.

Name	Type	Description
Path	String	Path Note: This field may return null, indicating that no valid values can be obtained.
RiskLevel	Integer	Risk level Note: This field may return null, indicating that no valid values can be obtained.
VirusName	String	Virus name Note: This field may return null, indicating that no valid values can be obtained.
Tags	Array of String	Tag Note: This field may return null, indicating that no valid values can be obtained.
Desc	String	Description Note: This field may return null, indicating that no valid values can be obtained.
Solution	String	Fix suggestion Note: This field may return null, indicating that no valid values can be obtained.
Size	Integer	Size Note: This field may return null, indicating that no valid values can be obtained.
FirstScanTime	String	First discovery time Note: This field may return null, indicating that no valid values can be obtained.
LatestScanTime	String	Last scan time Note: This field may return null, indicating that no valid values can be obtained.
Md5	String	MD5 checksum of the file Note: This field may return null, indicating that no valid values can be obtained.
FileName	String	Filename Note: This field may return null, indicating that no valid values can be obtained.
CheckPlatform	Array of String	Check platform `1`: Tencent Cloud Security Engine. `2`: tav. `3`: binaryAi. `4`: Unusual behavior. `5`: Threat intelligence. Note: This field may return null, indicating that no valid values can be obtained.

ImageVul

Information of a vulnerability in the image

Used by actions: DescribeAssetImageRegistryVulList.

Name	Type	Description
CVEID	String	Vulnerability ID Note: This field may return null, indicating that no valid values can be obtained.
POCID	String	POC ID Note: This field may return null, indicating that no valid values can be obtained.
Name	String	Vulnerability name Note: This field may return null, indicating that no valid values can be obtained.
Components	Array of ComponentsInfo	Component information Note: This field may return null, indicating that no valid values can be obtained.
Category	String	Category Note: This field may return null, indicating that no valid values can be obtained.
CategoryType	String	Category 2 Note: This field may return null, indicating that no valid values can be obtained.
Level	String	Risk level Note: This field may return null, indicating that no valid values can be obtained.
Des	String	Description Note: This field may return null, indicating that no valid values can be obtained.
OfficialSolution	String	Solution Note: This field may return null, indicating that no valid values can be obtained.
Reference	String	Reference Note: This field may return null, indicating that no valid values can be obtained.
DefenseSolution	String	Defense solution Note: This field may return null, indicating that no valid values can be obtained.
SubmitTime	String	Submission time Note: This field may return null, indicating that no valid values can be obtained.
CvssScore	String	CVSS score Note: This field may return null, indicating that no valid values can be obtained.
CvssVector	String	CVSS information Note: This field may return null, indicating that no valid values can be obtained.
IsSuggest	String	Whether fix is suggested Note: This field may return null, indicating that no valid values can be obtained.
FixedVersions	String	Number of the fixed version Note: This field may return null, indicating that no valid values can be obtained.
Tag	Array of String	Vulnerability tag. Valid values: `CanBeFixed`, `DynamicLevelPoc`, `DynamicLevelExp`. Note: This field may return null, indicating that no valid values can be obtained.
Component	String	Component name Note: This field may return null, indicating that no valid values can be obtained.
Version	String	Component version Note: This field may return null, indicating that no valid values can be obtained.

ImagesBindRuleInfo

Information of the runtime rule bound to the image

Used by actions: DescribeAssetImageBindRuleInfo.

Name	Type	Description
ImageId	String	Image ID
ImageName	String	Image name
ContainerCnt	Integer	Number of associated containers
RuleId	String	Bound rule ID Note: This field may return null, indicating that no valid values can be obtained.
RuleName	String	Rule name Note: This field may return null, indicating that no valid values can be obtained.
ImageSize	Integer	Image size Note: This field may return null, indicating that no valid values can be obtained.
ScanTime	String	Last scan time Note: This field may return null, indicating that no valid values can be obtained.

ImagesInfo

List of image IDs

Used by actions: DescribeAssetImageList.

Name	Type	Description
ImageID	String	Image ID
ImageName	String	Image name
CreateTime	String	Creation time
Size	Integer	Image size
HostCnt	Integer	Number of servers
ContainerCnt	Integer	Number of containers
ScanTime	String	Scan time
VulCnt	Integer	Number of vulnerabilities
VirusCnt	Integer	Number of viruses
RiskCnt	Integer	Number of sensitive data items
IsTrustImage	Boolean	Whether it is a trusted image
OsName	String	Image system
AgentError	String	Image scan error in the agent
ScanError	String	Image scan error on the backend
ScanStatus	String	Scanning status
ScanVirusError	String	Trojan scan error message
ScanVulError	String	Vulnerability scan error message
ScanRiskError	String	Risk scan error message
IsSuggest	Integer	Whether the image is of high priority. Valid values: `0` (no); others (yes).
IsAuthorized	Integer	Whether it is licensed. Valid values: `1` (yes); `0` (no).
ComponentCnt	Integer	Number of components

ImagesVul

Vulnerability in the image

Used by actions: DescribeAssetImageVulList.

Name	Type	Description
CVEID	String	Vulnerability ID
Name	String	Vulnerability name
Component	String	Component
Version	String	Version
Category	String	Category
CategoryType	String	Category 2
Level	Integer	Risk level
Des	String	Description
OfficialSolution	String	Solution
Reference	String	Reference
DefenseSolution	String	Defense solution
SubmitTime	String	Submission time
CVSSV3Score	Float	CVSS V3 score
CVSSV3Desc	String	CVSS V3 description
IsSuggest	Boolean	Whether it is of high priority. Valid values: `true` (yes); `false` (no).
FixedVersions	String	Number of the fixed version Note: This field may return null, indicating that no valid values can be obtained.
Tag	Array of String	Vulnerability tag. Valid values: `CanBeFixed`, `DynamicLevelPoc`, `DynamicLevelExp`. Note: This field may return null, indicating that no valid values can be obtained.

K8sApiAbnormalEventInfo

K8sApi api abnormal event details

Used by actions: DescribeK8sApiAbnormalEventInfo.

Name	Type	Description
MatchRuleName	String	Hit rule name
MatchRuleType	String	Hit rule type
RiskLevel	String	Alarm level
ClusterID	String	Cluster ID
ClusterName	String	Cluster name
ClusterRunningStatus	String	Cluster running status
FirstCreateTime	String	First creation time
LastCreateTime	String	Last creation time
AlarmCount	Integer	Number of alarms
Status	String	Status `EVENT_UNDEAL`: Unhandled `EVENT_DEALED`: Handled `EVENT_IGNORE`: Ignored `EVENT_DEL`: Deleted `EVENT_ADD_WHITE`: Added to an allowlist
ClusterMasterIP	String	The master IP of a cluster
K8sVersion	String	K8s version
RunningComponent	Array of String	Runtime component
Desc	String	Description
Suggestion	String	Suggestion
Info	String	Request information
MatchRuleID	String	Rule ID
HighLightFields	Array of String	An array of highlighted fields
MatchRule	K8sApiAbnormalRuleScopeInfo	Hit rule

K8sApiAbnormalEventListItem

Items in the K8sApi abnormal event list

Used by actions: DescribeK8sApiAbnormalEventList.

Name	Type	Description
ID	Integer	Event ID
MatchRuleType	String	Hit rule type
RiskLevel	String	Threat level
ClusterID	String	Cluster ID
ClusterName	String	Cluster name
ClusterRunningStatus	String	Cluster running status
FirstCreateTime	String	First creation time
LastCreateTime	String	Last creation time
AlarmCount	Integer	Number of alarms
Status	String	Status
RuleType	String	Rule type
Desc	String	Description
Suggestion	String	Solution
RuleName	String	Rule name
MatchRule	K8sApiAbnormalRuleScopeInfo	Hit rule

K8sApiAbnormalRuleInfo

K8sApi abnormal request rule details

Used by actions: CreateK8sApiAbnormalRuleInfo, DescribeK8sApiAbnormalRuleInfo, ModifyK8sApiAbnormalRuleInfo.

Name	Type	Required	Description
RuleName	String	Yes	Rule name
Status	Boolean	Yes	Status
RuleInfoList	Array of K8sApiAbnormalRuleScopeInfo	Yes	Rule information list
EffectClusterIDSet	Array of String	Yes	Effective cluster IDSet
RuleType	String	Yes	Rule type RT_SYSTEM: System rules RT_USER: User-defined rules
EffectAllCluster	Boolean	Yes	Whether all clusters are effective
RuleID	String	No	Rule ID

K8sApiAbnormalRuleListItem

Items in the list of K8sApi abnormal request rules

Used by actions: DescribeK8sApiAbnormalRuleList.

Name	Type	Description
RuleID	String	Rule ID
RuleName	String	Rule name
RuleType	String	Rule type RT_SYSTEM System rules RT_USER User defined
EffectClusterCount	Integer	Total number of affected clusters
UpdateTime	String	Update time
OprUin	String	Edit account
Status	Boolean	Status

K8sApiAbnormalRuleScopeInfo

Configuration range of K8sApi abnormal event rules

Used by actions: CreateK8sApiAbnormalRuleInfo, DescribeK8sApiAbnormalEventInfo, DescribeK8sApiAbnormalEventList, DescribeK8sApiAbnormalRuleInfo, DescribeK8sApiAbnormalRuleScopeList, ModifyK8sApiAbnormalRuleInfo.

Name	Type	Required	Description
Scope	String	Yes	Range System event: ANONYMOUS_ACCESS: Anonymous access ABNORMAL_UA_REQ: Abnormal UA request ANONYMOUS_ABNORMAL_PERMISSION: Abnormal changes on permissions of an anonymous user GET_CREDENTIALS: Credential information acquisition MOUNT_SENSITIVE_PATH: Sensitive path mounting COMMAND_RUN: Command execution PRIVILEGE_CONTAINER: Privilege container EXCEPTION_CRONTAB_TASK: Aabnormal scheduled task STATICS_POD: Static pod creation ABNORMAL_CREATE_POD: Abnormal pod creation USER_DEFINED: User defined
Action	String	Yes	Action (RULE_MODE_ALERT: Alarm RULE_MODE_RELEASE: Release)
RiskLevel	String	No	Threat level: "HIGH": High-risk level; "MIDDLE": Middle-risk level; "LOW": Low-risk level; "NOTICE": Notice level Note: This field may return `null`, indicating that no valid value was found.
Status	Boolean	No	Switch status (true: On; false: Off): applicable to system rules. Note: This field may return `null`, indicating that no valid value was found.
IsDelete	Boolean	No	Whether to delete: applicable to custom rule input parameters. Note: This field may return `null`, indicating that no valid value was found.

K8sApiAbnormalTendencyItem

Items in the list of K8sApi abnormal request trends

Used by actions: DescribeK8sApiAbnormalTendency.

Name	Type	Description
Date	String	Date
ExceptionUARequestCount	Integer	The number of abnormal UA request events
AnonymousUserRightCount	Integer	The number of anonymous user permission events
CredentialInformationObtainCount	Integer	The number of credential information acquisition events
SensitiveDataMountCount	Integer	The number of sensitive data mounting events
CmdExecCount	Integer	The number of command execution events
AbnormalScheduledTaskCount	Integer	The number of abnormal scheduled task events
StaticsPodCreateCount	Integer	The number of static pods created
DoubtfulContainerCreateCount	Integer	The number of suspicious containers created
UserDefinedRuleCount	Integer	The number of custom rule events
AnonymousAccessCount	Integer	The number of anonymous access events
PrivilegeContainerCount	Integer	The number of privilege container events

ModifyIgnoreVul

Input parameters for adding and unignoring vulnerabilities in the scan

Used by actions: AddIgnoreVul, DeleteIgnoreVul.

Name	Type	Required	Description
PocID	String	Yes	POC ID
ImageIDs	Array of String	No	IDs of images to be ignored. If it is not specified, it indicates to ignore all.
ImageType	String	No	When there is an image Image type. Valid values: `LOCAL` (local image); `REGISTRY` (repository image).

NetworkAuditRecord

The structure returned by the audit of the network cluster asset

Used by actions: DescribeNetworkFirewallAuditRecord.

Name	Type	Description
ClusterId	String	Cluster ID
ClusterName	String	Cluster name
Region	String	Cluster region
Action	String	Action
Operation	String	Operator
NetworkPolicyName	String	Policy name
OperationTime	String	Operation time
AppId	Integer	Operator `appid` Note: This field may return null, indicating that no valid values can be obtained.
Uin	String	Operator UIN
PolicyId	Integer	The policy ID. Note: This field may return·`null`, indicating that no valid values can be obtained.

NetworkClusterInfoItem

Response parameters structure of the network cluster asset

Used by actions: DescribeNetworkFirewallClusterList.

Name	Type	Description
ClusterId	String	Cluster ID
ClusterName	String	Cluster name
ClusterVersion	String	Cluster version
ClusterOs	String	Cluster OS
ClusterType	String	Cluster type
Region	String	Cluster region
NetworkPolicyPlugin	String	Cluster network plugin
ClusterStatus	String	Cluster status
TotalRuleCount	Integer	Total number of policies
EnableRuleCount	Integer	Number of enabled policies
NetworkPolicyPluginStatus	String	Status of the cluster network plugin. Valid values: `Running` (normal); `Error` (abnormal).
NetworkPolicyPluginError	String	Error message of the cluster network plugin Note: This field may return null, indicating that no valid values can be obtained.
ClusterNetworkSettings	String	Cluster network plugin Note: This field may return·`null`, indicating that no valid values can be obtained.

NetworkClusterNamespaceLabelInfo

Response parameters structure of the network space label

Used by actions: DescribeNetworkFirewallNamespaceLabelList.

Name	Type	Description
Labels	String	Network space label
Name	String	Network space name

NetworkClusterPodInfo

Response parameters structure of the network cluster Pod

Used by actions: DescribeNetworkFirewallPodLabelsList.

Name	Type	Description
PodName	String	Pod name
Namespace	String	Pod space Note: This field may return null, indicating that no valid values can be obtained.
Labels	String	Pod label Note: This field may return null, indicating that no valid values can be obtained.
WorkloadKind	String	Pod type Note: This field may return null, indicating that no valid values can be obtained.

NetworkCustomPolicy

Custom rule of the network cluster policy

Used by actions: AddAndPublishNetworkFirewallPolicyDetail, AddNetworkFirewallPolicyDetail, DescribeNetworkFirewallPolicyDetail, UpdateAndPublishNetworkFirewallPolicyDetail, UpdateNetworkFirewallPolicyDetail.

Name	Type	Required	Description
Direction	String	Yes	Network policy direction. Valid values: `FROM`, `TO`.
Ports	Array of NetworkPorts	No	Network policy port Note: This field may return null, indicating that no valid values can be obtained.
Peer	Array of NetworkPeer	No	Network policy object `PublishedNoConfirm`: Enabled and to be confirmed. `PublishedConfirmed`: Enabled and confirmed. `unPublishing`: Disabled. `Publishing`: Enabled. `unPublishEdit`: To be enabled. Note: This field may return null, indicating that no valid values can be obtained.

NetworkPeer

Custom rule of the network cluster policy

Name	Type	Required	Description
PeerType	String	Yes	Object type: Namespace: `NamespaceSelector`, which indicates that `NamespaceSelector` has a value. Pod type: `PodSelector`, which indicates that both `NamespaceSelector` and `PodSelector` have values. IP type: `IPBlock`, which indicates that only `IPBlock` has a value.
NamespaceSelector	String	No	Namespace selector Note: This field may return null, indicating that no valid values can be obtained.
PodSelector	String	No	Pod selector Note: This field may return null, indicating that no valid values can be obtained.
IPBlock	String	No	IP selector Note: This field may return null, indicating that no valid values can be obtained.

NetworkPolicyInfoItem

Response parameters structure of the network cluster policy

Used by actions: DescribeNetworkFirewallPolicyList.

Name	Type	Description
Name	String	Network policy name
Description	String	Network policy description Note: This field may return null, indicating that no valid values can be obtained.
PublishStatus	String	Publishing status: `PublishedNoConfirm`: Enabled and to be confirmed. `PublishedConfirmed`: Enabled and confirmed. `unPublishing`: Disabled. `Publishing`: Enabled. `unPublishEdit`: To be enabled.
PolicySourceType	String	Policy type: `System`: Synched from the cluster. `Manual`: Added manually.
Namespace	String	Policy space
PolicyCreateTime	String	Policy creation date
NetworkPolicyPlugin	String	Policy type kube-router: KubeRouter cilium: Cilium
PublishResult	String	Policy publishing result Note: This field may return null, indicating that no valid values can be obtained.
FromPolicyRule	Integer	Inbound rule `1`: Allow all. `2`: Reject all. `3`: Custom.
ToPolicyRule	Integer	Inbound rule `1`: Allow all. `2`: Reject all. `3`: Custom.
PodSelector	String	Object Note: This field may return null, indicating that no valid values can be obtained.
Id	Integer	Network policy ID

NetworkPorts

Port of the custom rule of the network cluster policy

Name	Type	Required	Description
Protocol	String	No	Protocol of the network policy Note: This field may return null, indicating that no valid values can be obtained.
Port	String	No	Port of the network policy Note: This field may return null, indicating that no valid values can be obtained.

PortInfo

List of ports

Used by actions: DescribeAssetPortList.

Name	Type	Description
Type	String	Type
PublicIP	String	Public IP
PublicPort	Integer	Server port
ContainerPort	Integer	Container port
ContainerPID	Integer	Container PID
ContainerName	String	Container name
HostID	String	Server ID
HostIP	String	Server IP
ProcessName	String	Process name
ListenContainer	String	Monitored address in the container
ListenHost	String	Monitored address outside the container
RunAs	String	Operating account
HostName	String	Server name
PublicIp	String	Public IP
NodeID	String	Node ID
PodIP	String	Pod IP
PodName	String	Pod name
NodeType	String	Node type.
NodeUniqueID	String	UID of the super node

ProcessBaseInfo

Runtime security - Basic process information

Used by actions: DescribeAbnormalProcessDetail, DescribeAccessControlDetail, DescribeEscapeEventDetail, DescribeReverseShellDetail, DescribeRiskSyscallDetail.

Name	Type	Description
ProcessStartUser	String	Process initiator Note: This field may return null, indicating that no valid values can be obtained.
ProcessUserGroup	String	Process user group Note: This field may return null, indicating that no valid values can be obtained.
ProcessPath	String	Process path Note: This field may return null, indicating that no valid values can be obtained.
ProcessParam	String	Process command line parameter Note: This field may return null, indicating that no valid values can be obtained.

ProcessDetailBaseInfo

Runtime security details - Basic process information

Used by actions: DescribeAbnormalProcessDetail, DescribeReverseShellDetail, DescribeRiskSyscallDetail.

Name	Type	Description
ProcessName	String	Process name
ProcessId	Integer	Process PID
ProcessStartUser	String	Process initiator
ProcessUserGroup	String	Process user group
ProcessPath	String	Process path
ProcessParam	String	Process command line parameter

ProcessDetailInfo

Runtime security details - Process information

Used by actions: DescribeAbnormalProcessDetail, DescribeAccessControlDetail, DescribeEscapeEventDetail, DescribeReverseShellDetail, DescribeRiskSyscallDetail.

Name	Type	Description
ProcessName	String	Process name
ProcessAuthority	String	Process permission
ProcessId	Integer	Process PID
ProcessStartUser	String	Process initiator
ProcessUserGroup	String	Process user group
ProcessPath	String	Process path
ProcessTree	String	Process tree
ProcessMd5	String	Process MD5
ProcessParam	String	Process command line parameter

ProcessInfo

List of processes

Used by actions: DescribeAssetProcessList.

Name	Type	Description
StartTime	String	Process start time
RunAs	String	Operator
CmdLine	String	Command line parameter
Exe	String	Exe path
PID	Integer	Server PID
ContainerPID	Integer	Container PID
ContainerName	String	Container name
HostID	String	Server ID
HostIP	String	Server IP
ProcessName	String	Process name
HostName	String	Server name
PublicIp	String	Public IP
NodeID	String	Node ID
PodIP	String	Pod IP
PodName	String	Pod name
NodeType	String	Node type.
NodeUniqueID	String	UID of the super node

ProjectInfo

The project to which the host belongs

Used by actions: DescribeAssetHostDetail, DescribeAssetHostList.

Name	Type	Description
ProjectName	String	Project name
ProjectID	Integer	Project ID

PromotionActivityContent

Promotion content

Used by actions: DescribePromotionActivity.

Name	Type	Description
MonthNum	Integer	Number of months
CoresCountLimit	Integer	Minimum number of cores
ProfessionalDiscount	Integer	Discount on the Pro Edition
ImageAuthorizationNum	Integer	Number of free images

RaspInfo

RASP information of vulnerability defense plugin

Used by actions: DescribeVulDefenceEventDetail.

Name	Type	Description
Name	String	RASP name
Value	String	RASP description

RegionInfo

Region information

Used by actions: DescribeSecLogDeliveryClsOptions, DescribeSecLogDeliveryKafkaOptions.

Name	Type	Description
Region	String	Region identifier
RegionName	String	Region name

RegistryConnDetectResult

Used by actions: DescribeAssetImageRegistryRegistryList.

Name	Type	Description
Quuid	String
Uuid	String
ConnDetectStatus	String
ConnDetectMessage	String
Solution	String
FailReason	String

ReverseShellEventDescription

Description of the container reverse shell event at runtime

Used by actions: DescribeReverseShellDetail.

Name	Type	Description
Description	String	Description
Solution	String	Solution
Remark	String	Event remarks Note: This field may return null, indicating that no valid values can be obtained.
DstAddress	String	Destination address
OperationTime	String	Last processing time of the event Note: This field may return null, indicating that no valid values can be obtained.

ReverseShellEventInfo

Container runtime security - Information of the reverse shell

Used by actions: DescribeReverseShellEvents.

Name	Type	Description
ProcessName	String	Process name
ProcessPath	String	Process path
ImageId	String	Image ID
ContainerId	String	Container ID
ImageName	String	Image name
ContainerName	String	Container name
FoundTime	String	Generation time
Solution	String	Event solution
Description	String	Event description
Status	String	Status. `EVENT_UNDEAL`: Pending. `EVENT_DEALED`: Processed. `EVENT_INGNORE`: Ignored. `EVENT_ADD_WHITE`: Allowed.
EventId	String	Event ID
Remark	String	Remarks
PProcessName	String	Parent process name
EventCount	Integer	Number of events
LatestFoundTime	String	Last generation time
DstAddress	String	Destination address
ContainerNetStatus	String	Network status `NORMAL`: Not isolated. `ISOLATED`: Isolated. `ISOLATING`: Isolating. `ISOLATE_FAILED`: Isolation failed. `RESTORING`: Recovering. `RESTORE_FAILED`: Recovery failed.
ContainerNetSubStatus	String	Sub-status of the container "AGENT_OFFLINE" // The agent is offline. "NODE_DESTROYED" // The node is terminated. "CONTAINER_EXITED" // The container exited. "CONTAINER_DESTROYED" // The container was terminated. "SHARED_HOST" // The container shares the network with the server. "RESOURCE_LIMIT" // The number of resources to be isolated exceeds the limit. "UNKNOW" // The reason is unknown.
ContainerIsolateOperationSrc	String	Container isolation operation source
ContainerStatus	String	Container status `RUNNING`: Running. `PAUSED`: Paused. `STOPPED`: Stopped. `CREATED`: Created. `DESTROYED`: Terminated. `RESTARTING`: Restarting. `REMOVING`: Removing.

ReverseShellWhiteListBaseInfo

Information of an allowed reverse shell

Used by actions: DescribeReverseShellWhiteLists.

Name	Type	Description
Id	String	Allowed item ID
ImageCount	Integer	Number of images
ProcessName	String	Connection process name
DstIp	String	Destination address IP
CreateTime	Timestamp	Creation time
UpdateTime	Timestamp	Update time
DstPort	String	Target port
IsGlobal	Boolean	Whether it is allowed globally. `true`: Yes.
ImageIds	Array of String	Array of image IDs. An empty array indicates all.

ReverseShellWhiteListInfo

Information of an allowed reverse shell

Used by actions: AddEditReverseShellWhiteList, DescribeReverseShellWhiteListDetail.

Name	Type	Required	Description
DstIp	String	Yes	Target IP
DstPort	String	Yes	Target port
ProcessName	String	Yes	Target process
ImageIds	Array of String	Yes	Array of image IDs. An empty array indicates all.
Id	String	No	Allowed item ID, which is empty if the item is newly created.

RiskSyscallEventDescription

Description of the high-risk container syscall event at runtime

Used by actions: DescribeRiskSyscallDetail.

Name	Type	Description
Description	String	Description
Solution	String	Solution
Remark	String	Event remarks Note: This field may return null, indicating that no valid values can be obtained.
SyscallName	String	Syscall name
OperationTime	String	Last processing time of the event Note: This field may return null, indicating that no valid values can be obtained.

RiskSyscallEventInfo

Container runtime security - Information of the high-risk syscall

Used by actions: DescribeRiskSyscallEvents.

Name	Type	Description
ProcessName	String	Process name
ProcessPath	String	Process path
ImageId	String	Image ID
ContainerId	String	Container ID
ImageName	String	Image name
ContainerName	String	Container name
FoundTime	String	Generation time
Solution	String	Event solution
Description	String	Event description
SyscallName	String	Syscall name
Status	String	Status. `EVENT_UNDEAL`: Pending. `EVENT_DEALED`: Processed. `EVENT_INGNORE`: Ignored. `EVENT_ADD_WHITE`: Allowed.
EventId	String	Event ID
NodeName	String	Node name
PodName	String	Pod (instance) name
Remark	String	Remarks
RuleExist	Boolean	Whether the system monitoring rule name exists
EventCount	Integer	Number of events
LatestFoundTime	String	Last generation time
ContainerNetStatus	String	Network status `NORMAL`: Not isolated. `ISOLATED`: Isolated. `ISOLATING`: Isolating. `ISOLATE_FAILED`: Isolation failed. `RESTORING`: Recovering. `RESTORE_FAILED`: Recovery failed.
ContainerNetSubStatus	String	Sub-status of the container "AGENT_OFFLINE" // The agent is offline. "NODE_DESTROYED" // The node is terminated. "CONTAINER_EXITED" // The container exited. "CONTAINER_DESTROYED" // The container was terminated. "SHARED_HOST" // The container shares the network with the server. "RESOURCE_LIMIT" // The number of resources to be isolated exceeds the limit. "UNKNOW" // The reason is unknown.
ContainerIsolateOperationSrc	String	Container isolation operation source
ContainerStatus	String	Container status `RUNNING`: Running. `PAUSED`: Paused. `STOPPED`: Stopped. `CREATED`: Created. `DESTROYED`: Terminated. `RESTARTING`: Restarting. `REMOVING`: Removing.
NodeType	String	Node type. Values: `NORMAL` (general node), `SUPER` (super node).
ClusterID	String	Cluster ID
PodIP	String	Pod IP
NodeUniqueID	String	Unique node ID
PublicIP	String	Node public IP
NodeID	String	Node ID
HostID	String	uuid
HostIP	String	Private IP of the node
ClusterName	String	Cluster name

RiskSyscallWhiteListBaseInfo

Information of the allowlist of high-risk syscalls

Used by actions: DescribeRiskSyscallWhiteLists.

Name	Type	Description
Id	String	Allowed item ID
ImageCount	Integer	Number of images
ProcessPath	String	Connection process path
SyscallNames	Array of String	List of syscall names
CreateTime	Timestamp	Creation time
UpdateTime	Timestamp	Update time
IsGlobal	Boolean	Whether it is allowed globally. `true`: Yes.
ImageIds	Array of String	Array of image IDs

RiskSyscallWhiteListInfo

Information of the allowlist of high-risk syscalls

Used by actions: AddEditRiskSyscallWhiteList, DescribeRiskSyscallWhiteListDetail.

Name	Type	Required	Description
ImageIds	Array of String	Yes	Array of image IDs. An empty array indicates all.
SyscallNames	Array of String	No	Syscall name. The `DescribeRiskSyscallNames` API can be called to get the list of enumerated values.
ProcessPath	String	No	Target process
Id	String	No	Allowed item ID, which is empty if the item is newly created.

RuleBaseInfo

Runtime security - Basic policy information

Used by actions: DescribeAbnormalProcessRules, DescribeAccessControlRules.

Name	Type	Description
IsDefault	Boolean	Valid values: `true` (default policy); `false` (custom policy).
EffectImageCount	Integer	Number of associated images
RuleId	String	Policy ID
UpdateTime	String	Policy update time, which can be empty. Note: This field may return null, indicating that no valid values can be obtained.
RuleName	String	Policy name
EditUserName	String	Name of the editing user
IsEnable	Boolean	Valid values: `true` (enable the policy); `false` (disable the policy).

RunTimeEventBaseInfo

Runtime security - Basic event information

Used by actions: DescribeAbnormalProcessDetail, DescribeAccessControlDetail, DescribeEscapeEventDetail, DescribeReverseShellDetail, DescribeRiskSyscallDetail.

Name	Type	Description
EventId	String	Unique event ID
FoundTime	Timestamp	Event discovery time
ContainerId	String	Container ID
ContainerName	String	Container name
ImageId	String	Image ID
ImageName	String	Image name
NodeName	String	Node name
Status	String	Status. `EVENT_UNDEAL`: Pending. `EVENT_DEALED`: Processed. `EVENT_INGNORE`: Ignored.
EventName	String	Event name: Host file access escape Syscall escape Mount namespace escape Program privilege escalation escape Privileged container startup escape Sensitive path mount Malicious process startup File tampering
EventType	String	Event type `ESCAPE_HOST_ACESS_FILE`: Host file access escape. `ESCAPE_MOUNT_NAMESPACE`: Mount namespace escape. `ESCAPE_PRIVILEDGE`: Program privilege escalation escape. `ESCAPE_PRIVILEDGE_CONTAINER_START`: Privileged container startup escape. `ESCAPE_MOUNT_SENSITIVE_PTAH`: Sensitive path mount. `ESCAPE_SYSCALL`: Syscall escape.
EventCount	Integer	Number of events
LatestFoundTime	String	Last generation time
HostIP	String	Private IP Note: This field may return null, indicating that no valid values can be obtained.
ClientIP	String	Public IP Note: This field may return null, indicating that no valid values can be obtained.
ContainerNetStatus	String	Network status `NORMAL`: Not isolated. `ISOLATED`: Isolated. `ISOLATING`: Isolating. `ISOLATE_FAILED`: Isolation failed. `RESTORING`: Recovering. `RESTORE_FAILED`: Recovery failed. Note: This field may return null, indicating that no valid values can be obtained.
ContainerNetSubStatus	String	Sub-status of the container "AGENT_OFFLINE" // The agent is offline. "NODE_DESTROYED" // The node is terminated. "CONTAINER_EXITED" // The container exited. "CONTAINER_DESTROYED" // The container was terminated. "SHARED_HOST" // The container shares the network with the server. "RESOURCE_LIMIT" // The number of resources to be isolated exceeds the limit. "UNKNOW" // The reason is unknown. Note: This field may return null, indicating that no valid values can be obtained.
ContainerIsolateOperationSrc	String	Container isolation operation source Note: This field may return null, indicating that no valid values can be obtained.
NodeID	String	Node ID
NodeType	String	Node type. Valid values: `NORMAL` (general node), `SUPER` (super node)
NodeSubNetID	String	Node subnet ID
NodeSubNetName	String	Node subnet name
NodeSubNetCIDR	String	Subnet IP range
PodName	String	Pod name
PodIP	String	Pod IP
PodStatus	String	Pod status
ClusterID	String	Cluster ID
ClusterName	String	Cluster name
NodeUniqueID	String	Unique node ID
HostID	String	uuid
Namespace	String
WorkloadType	String

RunTimeFilters

Used by actions: CreateAbnormalProcessRulesExportJob, CreateAccessControlsRuleExportJob, CreateDefenceVulExportJob, CreateEmergencyVulExportJob, CreateEscapeEventsExportJob, CreateEscapeWhiteListExportJob, CreateImageExportJob, CreateK8sApiAbnormalEventExportJob, CreateK8sApiAbnormalRuleExportJob, CreateRiskDnsEventExportJob, CreateSystemVulExportJob, CreateVulContainerExportJob, CreateVulDefenceEventExportJob, CreateVulDefenceHostExportJob, CreateVulImageExportJob, CreateWebVulExportJob, DescribeAbnormalProcessEvents, DescribeAbnormalProcessEventsExport, DescribeAbnormalProcessRules, DescribeAbnormalProcessRulesExport, DescribeAccessControlEvents, DescribeAccessControlEventsExport, DescribeAccessControlRules, DescribeAccessControlRulesExport, DescribeAssetClusterList, DescribeAssetImageBindRuleInfo, DescribeEmergencyVulList, DescribeEscapeEventInfo, DescribeEscapeEventsExport, DescribeEscapeWhiteList, DescribeExportJobManageList, DescribeImageSimpleList, DescribeK8sApiAbnormalEventList, DescribeK8sApiAbnormalRuleList, DescribeK8sApiAbnormalRuleScopeList, DescribeReverseShellEvents, DescribeReverseShellEventsExport, DescribeReverseShellWhiteLists, DescribeRiskSyscallEvents, DescribeRiskSyscallEventsExport, DescribeRiskSyscallWhiteLists, DescribeScanIgnoreVulList, DescribeSecLogJoinObjectList, DescribeSupportDefenceVul, DescribeSystemVulList, DescribeVirusAutoIsolateSampleList, DescribeVirusList, DescribeVirusTaskList, DescribeVulContainerList, DescribeVulDefenceEvent, DescribeVulDefenceHost, DescribeVulDefencePlugin, DescribeVulImageList, DescribeVulScanLocalImageList, DescribeVulSummary, DescribeWebVulList, ExportVirusList.

Name	Type	Required	Description
Name	String	Yes	Filter name
Values	Array of String	Yes	One or more filter values
ExactMatch	Boolean	No	Whether to use fuzzy query

RunTimeRiskInfo

Runtime risk information

Used by actions: DescribeImageRiskSummary.

Name	Type	Description
Cnt	Integer	Number
Level	String	Risk level: `CRITICAL`: Critical. `HIGH`: High. `MEDIUM`: Medium. `LOW`: Low.

RunTimeTendencyInfo

Runtime trend information

Used by actions: DescribeImageRiskTendency, DescribeSecEventsTendency, DescribeVulTendency.

Name	Type	Description
CurTime	Date	The time of the day
Cnt	Integer	Current quantity

ScanIgnoreVul

Scan for ignored vulnerabilities

Used by actions: DescribeScanIgnoreVulList.

Name	Type	Description
VulName	String	Vulnerability name
CVEID	String	Vulnerability CVE ID
PocID	String	POC ID
RegistryImageCount	Integer	Number of ignored repository images
UpdateTime	String	Update time
IsIgnoreAll	Integer	Whether to ignore all images. Valid values: `0` (no); `1` (yes).
LocalImageCount	Integer	Number of ignored local images

SearchTemplate

Quick search template

Used by actions: CreateSearchTemplate, DescribeSearchTemplates.

Name	Type	Required	Description
Name	String	Yes	Search name
LogType	String	Yes	Search index type
Condition	String	Yes	Search statement
TimeRange	String	Yes	Time range
Query	String	Yes	Converted search statement content
Flag	String	Yes	Search method. Valid values: `standard` (search in the search box); `simple` (search by filter).
DisplayData	String	Yes	Displayed data
Id	Integer	No	Rule ID

SecLogAlertMsgInfo

Security log alert message

Used by actions: DescribeSecLogAlertMsg.

Name	Type	Description
MsgType	String	Alert type
MsgValue	String	Alert value
State	Boolean	Status. Valid values: `0` (disabled); `1` (enabled).

SecLogDeliveryClsSettingInfo

Security log - Settings of delivery to CLS

Used by actions: DescribeSecLogDeliveryClsSetting, ModifySecLogDeliveryClsSetting.

Name	Type	Required	Description
LogType	String	Yes	Log type
State	Boolean	Yes	Delivery status. Valid values: `true` (enabled); `false` (disabled).
Region	String	Yes	Region
LogSet	String	Yes	Logset
TopicID	String	Yes	Topic ID
LogSetName	String	No	Logset name Note: This field may return null, indicating that no valid values can be obtained.
TopicName	String	No	Topic name Note: This field may return null, indicating that no valid values can be obtained.

SecLogDeliveryKafkaSettingInfo

Settings of security log delivery to Kafka

Used by actions: DescribeSecLogDeliveryKafkaSetting, ModifySecLogDeliveryKafkaSetting.

Name	Type	Required	Description
LogType	String	Yes	Log type
TopicID	String	Yes	Topic ID
TopicName	String	Yes	Topic name Note: This field may return null, indicating that no valid values can be obtained.
State	Boolean	Yes	Delivery status. Valid values: `false` (disabled); `true` (enabled).

SecLogJoinInfo

Security log access details

Used by actions: DescribeSecLogJoinTypeList.

Name	Type	Description
Count	Integer	Number of connected general nodes
SuperNodeCount	Integer	Number of connected super nodes
IsJoined	Boolean	Whether it is accessed. Valid values: `true` (accessed); `false` (not accessed).
LogType	String	Log type ( Container bash: "container_bash" Container startup: "container_launch" K8s API: "k8s_api" )

SecLogJoinObjectInfo

Details of the accessed security log object

Used by actions: DescribeSecLogJoinObjectList.

Name	Type	Description
HostID	String	Server ID
HostName	String	Server name Note: This field may return null, indicating that no valid values can be obtained.
HostIP	String	Server IP Note: This field may return null, indicating that no valid values can be obtained.
HostStatus	String	Server status
ClusterID	String	Cluster ID Note: This field may return null, indicating that no valid values can be obtained.
ClusterName	String	Cluster name Note: This field may return null, indicating that no valid values can be obtained.
PublicIP	String	Public IP Note: This field may return null, indicating that no valid values can be obtained.
JoinState	Boolean	Access status. Valid values: `true` (accessed); `false` (not accessed).
ClusterVersion	String	Cluster version Note: This field may return null, indicating that no valid values can be obtained.
ClusterMainAddress	String	Master node address of the cluster

SecTendencyEventInfo

Trend information of security events at runtime

Used by actions: DescribeSecEventsTendency.

Name	Type	Description
EventSet	Array of RunTimeTendencyInfo	List of trends
EventType	String	Event type: ET_ESCAPE: Container escape ET_REVERSE_SHELL: Reverse shell ET_RISK_SYSCALL: High-risk system calls ET_ABNORMAL_PROCESS: Abnormal process ET_ACCESS_CONTROL: File tampering ET_VIRUS: Trojan event ET_MALICIOUS_CONNECTION: Malicious connection event

ServiceInfo

Information list of TCSS

Used by actions: DescribeAssetAppServiceList, DescribeAssetDBServiceList, DescribeAssetWebServiceList.

Name	Type	Description
ServiceID	String	Service ID
HostID	String	Server ID
HostIP	String	Server IP
ContainerName	String	Container name
Type	String	Service name, such as `nginx` and `redis`
Version	String	Version
RunAs	String	Account
Listen	Array of String	Listened port
Config	String	Configuration
ProcessCnt	Integer	Number of associated processes
AccessLog	String	Access log
ErrorLog	String	Error log
DataPath	String	Data directory
WebRoot	String	Web directory
Pids	Array of Integer	ID of the associated process
MainType	String	Service type. Valid values: `app`, `web`, `db`.
Exe	String	Execution file
Parameter	String	Service command line parameter
ContainerId	String	Container ID
HostName	String	Server name
PublicIp	String	Public IP
NodeID	String	Node ID
PodIP	String	Pod IP
PodName	String	Pod name
NodeType	String	Node type.
NodeUniqueID	String	UID of the super node

SoftQuotaDayInfo

Pay-as-you-go billing details

Used by actions: DescribePostPayDetail.

Name	Type	Description
PayTime	String	Deduction time
CoresCnt	Integer	Number of billed cores

SupportDefenceVul

Vulnerability that can be prevented

Used by actions: DescribeSupportDefenceVul.

Name	Type	Description
PocID	String	POC ID
Name	String	Vulnerability name
Tags	Array of String	Vulnerability tag
CVSSV3Score	Float	Vulnerability CVSS
Level	String	Vulnerability severity
CVEID	String	Vulnerability CVE ID
SubmitTime	String	Vulnerability disclosure time

TagInfo

Host tag information

Used by actions: DescribeAssetHostDetail, DescribeAssetHostList.

Name	Type	Description
TagKey	String	Tag key
TagValue	String	Tag value

UnauthorizedCoresTendency

Trend of unlicensed cores

Used by actions: DescribeUnauthorizedCoresTendency.

Name	Type	Description
DateTime	String	Date
CoresCount	Integer	Number of unlicensed cores

VirusAutoIsolateSampleInfo

Information of the automatically isolated trojan sample

Used by actions: DescribeVirusAutoIsolateSampleList.

Name	Type	Description
MD5	String	MD5 checksum of the file
VirusName	String	Virus name
ModifyTime	Timestamp ISO8601	Last edit time
AutoIsolateSwitch	Boolean	Automatic isolation switch. Valid values: `true` (on); `false` (off).

VirusInfo

List of trojans at runtime

Used by actions: DescribeVirusList.

Name	Type	Description
FileName	String	Filename
FilePath	String	File path
VirusName	String	Virus name
CreateTime	String	Creation time
ModifyTime	String	Update time
ContainerName	String	Container name
ContainerId	String	Container ID
ContainerStatus	String	Container status `RUNNING`: Running. `PAUSED`: Paused. `STOPPED`: Stopped. `CREATED`: Created. `DESTROYED`: Terminated. `RESTARTING`: Restarting. `REMOVING`: Removing.
ImageName	String	Image name
ImageId	String	Image ID
Status	String	`DEAL_NONE`: Pending. `DEAL_IGNORE`: Ignored. `DEAL_ADD_WHITELIST`: Allowed. `DEAL_DEL`: Deleted. `DEAL_ISOLATE`: Isolated. `DEAL_ISOLATING`: Isolating. `DEAL_ISOLATE_FAILED`: Isolation failed. `DEAL_RECOVERING`: Recovering. `DEAL_RECOVER_FAILED`: Recovery failed.
Id	String	Event ID
HarmDescribe	String	Event description
SuggestScheme	String	Solution
SubStatus	String	Sub-status of the failure: `FILE_NOT_FOUND`: The file does not exist. `FILE_ABNORMAL`: The file is abnormal. `FILE_ABNORMAL_DEAL_RECOVER`: The file is abnormal when recovered. `BACKUP_FILE_NOT_FOUND`: The backup file does not exist. `CONTAINER_NOT_FOUND_DEAL_ISOLATE`: The container does not exist during isolation. `CONTAINER_NOT_FOUND_DEAL_RECOVER`: The container does not exist during recovery. `TIMEOUT`: Timed out. `TOO_MANY`: Too many tasks. `OFFLINE`: Offline. `INTERNAL`: Internal service error. `VALIDATION`: Invalid parameter.
ContainerNetStatus	String	Network status `NORMAL`: Not isolated. `ISOLATED`: Isolated. `ISOLATING`: Isolating. `ISOLATE_FAILED`: Isolation failed. `RESTORING`: Recovering. `RESTORE_FAILED`: Recovery failed.
ContainerNetSubStatus	String	Sub-status of the container "AGENT_OFFLINE" // The agent is offline. "NODE_DESTROYED" // The node is terminated. "CONTAINER_EXITED" // The container exited. "CONTAINER_DESTROYED" // The container was terminated. "SHARED_HOST" // The container shares the network with the server. "RESOURCE_LIMIT" // The number of resources to be isolated exceeds the limit. "UNKNOW" // The reason is unknown.
ContainerIsolateOperationSrc	String	Container isolation operation source
MD5	String	MD5 checksum Note: This field may return null, indicating that no valid values can be obtained.
RiskLevel	String	Risk level. Valid values: `RISK_CRITICAL`, `RISK_HIGH`, `RISK_MEDIUM`, `RISK_LOW`, `RISK_NOTICE`. Note: This field may return null, indicating that no valid values can be obtained.
CheckPlatform	Array of String	Check platform `1`: Tencent Cloud Security Engine. `2`: tav. `3`: binaryAi. `4`: Unusual behavior. `5`: Threat intelligence. Note: This field may return null, indicating that no valid values can be obtained.
NodeID	String	Node ID.
NodeName	String	Node name
PodIP	String	Pod IP
PodName	String	Pod (instance) name
ClusterID	String	ID of the cluster where the node resides
NodeType	String	Node type. Values: `NORMAL` (general node), `SUPER` (super node).
PublicIP	String	Public IP of the node
InnerIP	String	Node private IP
NodeUniqueID	String	UID of the node
HostID	String	ID for u200dthe general node
ClusterName	String	Cluster name

VirusTaskInfo

List of containers in the virus scanning task at runtime

Used by actions: DescribeVirusTaskList.

Name	Type	Description
ContainerName	String	Container name
ContainerId	String	Container ID
ImageName	String	Image name
ImageId	String	Image ID
HostName	String	Node name
HostIp	String	Private IP of the node
Status	String	Scanning status: `WAIT`: Pending scanning. `FAILED`: Failed. `SCANNING`: Scanning. `FINISHED`: Ended. `CANCELING`: Canceling. `CANCELED`: Canceled. `CANCEL_FAILED`: Failed to cancel.
StartTime	String	Check start time
EndTime	String	Check end time
RiskCnt	Integer	Number of risks
Id	String	Event ID
ErrorMsg	String	Cause: `SEND_SUCCESSED`: Task submitted. `SCAN_WAIT`: Waiting to scan... `OFFLINE`: Offline. `SEND_FAILED`: Failed to deploy. `TIMEOUT`: Timed out. `LOW_AGENT_VERSION`: The Agent version is too old. `AGENT_NOT_FOUND`: The image's agent doesn't exist. `TOO_MANY`: Too many tasks. `VALIDATION`: Invalid parameter. `INTERNAL`: Internal service error. `MISC`: Other errors. `UNAUTH`: The image is not assigned with a license. `SEND_CANCEL_SUCCESSED`: Task submitted.
NodeType	String	Node type. Values: `NORMAL` (general node), `SUPER` (super node).
PublicIP	String	Public IP of the node
NodeID	String	Node ID

VirusTendencyInfo

Trojan trend details

Used by actions: DescribeVirusEventTendency.

Name	Type	Description
Date	Date	Date
PendingEventCount	Integer	Total number of pending events
RiskContainerCount	Integer	Total number of containers at risk
EventCount	Integer	Total number of events
IsolateEventCount	Integer	Total number of isolated events

VulAffectedComponentInfo

Information of the component affected by the vulnerability

Used by actions: DescribeVulDetail.

Name	Type	Description
Name	String	Component name Note: This field may return null, indicating that no valid values can be obtained.
Version	Array of String	Component version Note: This field may return null, indicating that no valid values can be obtained.
FixedVersion	Array of String	Fixed component version Note: This field may return null, indicating that no valid values can be obtained.

VulAffectedContainerInfo

Information of the container affected by the vulnerability

Used by actions: DescribeVulContainerList.

Name	Type	Description
HostIP	String	Private IP
ContainerID	String	Container ID
ContainerName	String	Container name
PodName	String	Pod name
PodIP	String	Pod IP
HostName	String	Server name
HostID	String	Server ID
PublicIP	String	Public IP
ClusterID	String	Cluster ID
ClusterName	String	Cluster name
NodeType	String	Node type. Values: `NORMAL` (general node), `SUPER` (super node).
NodeUniqueID	String	UID of a super node
NodeID	String	ID of a super node
NodeName	String	Super node name

VulAffectedImageComponentInfo

Information of the component affected by the vulnerability

Used by actions: DescribeVulImageList, DescribeVulRegistryImageList.

Name	Type	Description
Name	String	Component name Note: This field may return null, indicating that no valid values can be obtained.
Version	String	Component version Note: This field may return null, indicating that no valid values can be obtained.
FixedVersion	String	Fixed component version Note: This field may return null, indicating that no valid values can be obtained.
Path	String	Component path Note: This field may return null, indicating that no valid values can be obtained.

VulAffectedImageInfo

Information of the image affected by the vulnerability

Used by actions: DescribeVulImageList.

Name	Type	Description
ImageID	String	Image ID
ImageName	String	Image name
HostCount	Integer	Number of associated servers
ContainerCount	Integer	Number of associated containers
ComponentList	Array of VulAffectedImageComponentInfo	List of components

VulAffectedRegistryImageInfo

This API is used to query the list of repository images u200daffected by a specific vulnerability.

Used by actions: DescribeVulRegistryImageList.

Name	Type	Description
ImageID	String	Image ID
ImageName	String	Image name
ImageTag	String	Image tag
Namespace	String	Image namespace
ImageRepoAddress	String	Image address
ComponentList	Array of VulAffectedImageComponentInfo	List of components
IsLatestImage	Boolean	Whether it is the latest image tag
ImageAssetId	Integer	Internal image asset ID

VulDefenceEvent

Exploit prevention event details

Used by actions: DescribeVulDefenceEvent.

Name	Type	Description
CVEID	String	Vulnerability CVE ID
VulName	String	Vulnerability name
PocID	String	POC ID
EventType	String	Intrusion status
SourceIP	String	Attacker IP
City	String	Region of the attacker IP
EventCount	Integer	Number of events
ContainerID	String	Container ID
ContainerName	String	Container name
ImageID	String	Image ID
ImageName	String	Image name
Status	String	Processing status
EventID	Integer	Event ID
CreateTime	String	First discovery time Note: This field may return null, indicating that no valid values can be obtained.
ContainerNetStatus	String	Isolation status `NORMAL`: Not isolated. `ISOLATED`: Isolated. `ISOLATING`: Isolating. `ISOLATE_FAILED`: Isolation failed. `RESTORING`: Recovering. `RESTORE_FAILED`: Recovery failed.
MergeTime	String	Last discovery time Note: This field may return null, indicating that no valid values can be obtained.
ContainerStatus	String	Container status `RUNNING`: Running. `PAUSED`: Paused. `STOPPED`: Stopped. `CREATED`: Created. `DESTROYED`: Terminated. `RESTARTING`: Restarting. `REMOVING`: Removing. Note: This field may return null, indicating that no valid values can be obtained.
ContainerNetSubStatus	String	Sub-status of the container "AGENT_OFFLINE" // The agent is offline. "NODE_DESTROYED" // The node is terminated. "CONTAINER_EXITED" // The container exited. "CONTAINER_DESTROYED" // The container was terminated. "SHARED_HOST" // The container shares the network with the server. "RESOURCE_LIMIT" // The number of resources to be isolated exceeds the limit. "UNKNOW" // The reason is unknown. Note: This field may return null, indicating that no valid values can be obtained.
ContainerIsolateOperationSrc	String	Container isolation operation source Note: This field may return null, indicating that no valid values can be obtained.
QUUID	String	Node QUuid/Super node ID Note: This field may return·`null`, indicating that no valid values can be obtained.
HostIP	String	Server private IP Note: This field may return null, indicating that no valid values can be obtained.
HostName	String	General node/Super node name Note: This field may return·`null`, indicating that no valid values can be obtained.
NodeType	String	Node type. Values: `NORMAL` (general node), `SUPER` (super node).
PublicIP	String	Public IP
NodeUniqueID	String	UID of a super node
NodeID	String	ID of a super node
ClusterID	String	Cluster ID
ClusterName	String	Cluster name

VulDefenceEventDetail

Exploit prevention event details

Used by actions: DescribeVulDefenceEventDetail.

Name	Type	Description
CVEID	String	Vulnerability CVE ID
VulName	String	Vulnerability name
PocID	String	POC ID
EventType	String	Intrusion status
SourceIP	String	Attacker IP
City	String	Region of the attacker IP
EventCount	Integer	Number of events
ContainerID	String	Container ID
ContainerName	String	Container name
ImageID	String	Image ID
ImageName	String	Image name
Status	String	Processing status
SourcePort	Array of String	Attacker port
EventID	Integer	Event ID
HostName	String	General node/Super node name
HostIP	String	Server private IP
PublicIP	String	Server public IP
PodName	String	Pod name
Description	String	Harm description
OfficialSolution	String	Fix suggestion
NetworkPayload	String	Attack packet
PID	Integer	Process PID Note: This field may return null, indicating that no valid values can be obtained.
MainClass	String	Main class name of the process Note: This field may return null, indicating that no valid values can be obtained.
StackTrace	String	Stack information Note: This field may return null, indicating that no valid values can be obtained.
ServerAccount	String	Listened account Note: This field may return null, indicating that no valid values can be obtained.
ServerPort	String	Listened port Note: This field may return null, indicating that no valid values can be obtained.
ServerExe	String	Process path Note: This field may return null, indicating that no valid values can be obtained.
ServerArg	String	Process command line parameter Note: This field may return null, indicating that no valid values can be obtained.
QUUID	String	Node QUuid/Super node ID Note: This field may return·`null`, indicating that no valid values can be obtained.
ContainerNetStatus	String	Isolation status `NORMAL`: Not isolated. `ISOLATED`: Isolated. `ISOLATING`: Isolating. `ISOLATE_FAILED`: Isolation failed. `RESTORING`: Recovering. `RESTORE_FAILED`: Recovery failed. Note: This field may return null, indicating that no valid values can be obtained.
ContainerNetSubStatus	String	Sub-status of the container "AGENT_OFFLINE" // The agent is offline. "NODE_DESTROYED" // The node is terminated. "CONTAINER_EXITED" // The container exited. "CONTAINER_DESTROYED" // The container was terminated. "SHARED_HOST" // The container shares the network with the server. "RESOURCE_LIMIT" // The number of resources to be isolated exceeds the limit. "UNKNOW" // The reason is unknown. Note: This field may return null, indicating that no valid values can be obtained.
ContainerIsolateOperationSrc	String	Container isolation operation source Note: This field may return null, indicating that no valid values can be obtained.
ContainerStatus	String	Container status `RUNNING`: Running. `PAUSED`: Paused. `STOPPED`: Stopped. `CREATED`: Created. `DESTROYED`: Terminated. `RESTARTING`: Restarting. `REMOVING`: Removing. Note: This field may return null, indicating that no valid values can be obtained.
JNDIUrl	String	API URL Note: This field may return null, indicating that no valid values can be obtained.
RaspDetail	Array of RaspInfo	RASP details Note: This field may return `null`, indicating that no valid value was found.
NodeSubNetName	String	Super node subnet name
NodeSubNetCIDR	String	Super node subnet IP range
PodIP	String	Pod IP
NodeType	String	Node type. Values: `NORMAL` (general node), `SUPER` (super node).
NodeID	String	ID of a super node
NodeUniqueID	String	UID of a super node
NodeSubNetID	String	Super node subnet ID
ClusterID	String	Cluster ID
ClusterName	String	Cluster name
Namespace	String
WorkloadType	String

VulDefenceEventTendency

Trend of exploit prevention events

Used by actions: DescribeVulDefenceEventTendency.

Name	Type	Description
Date	Date	Date
EventCount	Integer	Number of events

VulDefenceHost

Information of the server with exploit prevention enabled

Used by actions: DescribeVulDefenceHost.

Name	Type	Description
HostName	String	General node/Super node name
HostIP	String	Server IP, which is the private IP
HostID	String	Node QUuid/Super node ID
Status	String	Plugin status. Valid values: `SUCCESS` (normal); `FAIL` (abnormal); `NO_DEFENDED` (not defended).
PublicIP	String	Public IP
CreateTime	String	First enablement time
ModifyTime	String	Update time
NodeType	String	Node type. Values: `NORMAL` (general node), `SUPER` (super node).
NodeSubNetName	String	Super node subnet name
NodeSubNetCIDR	String	Super node subnet IP range
NodeSubNetID	String	Super node subnet ID
NodeUniqueID	String	UID of a super node
NodeID	String	ID of a super node
PodIP	String	Pod IP
PodName	String	Pod name

VulDefencePlugin

Vulnerability protection plugin information

Used by actions: DescribeVulDefencePlugin.

Name	Type	Description
PID	Integer	PID of the Java process
MainClass	String	Main class name of the process
Status	String	Plugin status. Valid values: `INJECTING` (injecting); `SUCCESS` (injected successfully); `FAIL` (injection failed); `TIMEOUT` (plugin timed out); `QUIT` (plugin exited).
ErrorLog	String	Error log

VulDetailInfo

Vulnerability details

Used by actions: DescribeVulDetail.

Name	Type	Description
CVEID	String	CVE No.
Name	String	Vulnerability name
Tags	Array of String	Vulnerability tag Note: This field may return null, indicating that no valid values can be obtained.
CategoryType	String	Vulnerability type Note: This field may return null, indicating that no valid values can be obtained.
Level	String	Vulnerability severity Note: This field may return null, indicating that no valid values can be obtained.
SubmitTime	String	Vulnerability disclosure time Note: This field may return null, indicating that no valid values can be obtained.
Description	String	Vulnerability description
CVSSV3Desc	String	CVSS V3 description
OfficialSolution	String	Vulnerability fix suggestion
DefenseSolution	String	Mitigation measure
Reference	Array of String	Reference link
CVSSV3Score	Float	CVSS V3 score
ComponentList	Array of VulAffectedComponentInfo	List of components affected by vulnerabilities
LocalImageCount	Integer	Number of affected local images
ContainerCount	Integer	Number of affected containers
RegistryImageCount	Integer	Number of affected repository images
Category	String	Vulnerability sub-category
LocalNewestImageCount	Integer	Number of affected local images on the latest version
RegistryNewestImageCount	Integer	Number of affected repository images on the latest version
PocID	String	POC ID
DefenceStatus	String	Defense status. Valid values: `NO_DEFENDED`, `DEFENDED`. Note: This field may return null, indicating that no valid values can be obtained.
DefenceScope	String	Scope of servers with exploit prevention enabled. Valid values: `MANUAL` (specified servers); `ALL` (all servers). Note: This field may return null, indicating that no valid values can be obtained.
DefenceHostCount	Integer	Number of servers with exploit prevention enabled Note: This field may return null, indicating that no valid values can be obtained.
DefendedCount	Integer	Number of attacks defended against Note: This field may return null, indicating that no valid values can be obtained.
ScanStatus	String	Whether it is scanned. Valid values: `NOT_SCAN` (not scanned); `SCANNED` (scanned). Note: This field may return null, indicating that no valid values can be obtained.

VulIgnoreLocalImage

Local images ignored by the vulnerability scan

Used by actions: DescribeVulIgnoreLocalImageList.

Name	Type	Description
ID	Integer	Record ID
ImageID	String	Image ID
ImageName	String	Image name
ImageSize	Integer	Image size
PocID	String	POC ID

VulIgnoreRegistryImage

Repository images ignored by the vulnerability scan

Used by actions: DescribeVulIgnoreRegistryImageList.

Name	Type	Description
ID	Integer	Record ID
RegistryName	String	Repository name
ImageVersion	String	Image tag
RegistryPath	String	Repository address
ImageID	String	Image ID
PocID	String	POC ID

VulInfo

List of vulnerabilities

Used by actions: DescribeSystemVulList, DescribeWebVulList.

Name	Type	Description
Name	String	Vulnerability name
Tags	Array of String	Vulnerability tag Note: This field may return null, indicating that no valid values can be obtained.
CVSSV3Score	Float	CVSS V3 score Note: This field may return null, indicating that no valid values can be obtained.
Level	String	Risk level Note: This field may return null, indicating that no valid values can be obtained.
CVEID	String	CVE No.
Category	String	Vulnerability sub-category Note: This field may return null, indicating that no valid values can be obtained.
FoundTime	String	First discovery time Note: This field may return null, indicating that no valid values can be obtained.
LatestFoundTime	String	Last discovery time Note: This field may return null, indicating that no valid values can be obtained.
ID	Integer	Vulnerability ID
LocalImageCount	Integer	Number of affected local images
ContainerCount	Integer	Number of affected containers Note: This field may return null, indicating that no valid values can be obtained.
RegistryImageCount	Integer	Number of affected repository images Note: This field may return null, indicating that no valid values can be obtained.
PocID	String	POC ID Note: This field may return null, indicating that no valid values can be obtained.
DefenceStatus	String	Defense status. Valid values: `NO_DEFENDED`, `DEFENDED`. Note: This field may return null, indicating that no valid values can be obtained.
DefenceScope	String	Scope of servers with exploit prevention enabled. Valid values: `MANUAL` (specified servers); `ALL` (all servers). Note: This field may return null, indicating that no valid values can be obtained.
DefenceHostCount	Integer	Number of servers with exploit prevention enabled Note: This field may return null, indicating that no valid values can be obtained.
DefendedCount	Integer	Number of attacks defended against Note: This field may return null, indicating that no valid values can be obtained.

VulScanImageInfo

Information of the scanned image

Used by actions: DescribeVulScanLocalImageList.

Name	Type	Description
ImageID	String	Image ID
ImageName	String	Image name
Size	Float	Image size
ScanStatus	String	Task status. Valid values: `SCANNING` (scanning); `FAILED` (failed); `FINISHED` (completed); `CANCELED` (canceled).
ScanDuration	Float	Scan duration Note: This field may return null, indicating that no valid values can be obtained.
HighLevelVulCount	Integer	Number of high-risk vulnerabilities
MediumLevelVulCount	Integer	Number of medium-risk vulnerabilities
LowLevelVulCount	Integer	Number of low-risk vulnerabilities
CriticalLevelVulCount	Integer	Number of critical vulnerabilities
TaskID	Integer	ID of the task to scan local images for vulnerabilities
ScanStartTime	String	Start time of the vulnerability scan
ScanEndTime	String	End time of the vulnerability scan
ErrorStatus	String	Cause of the failure. Valid values: `TIMEOUT` (timeout); `TOO_MANY` (too many tasks); `OFFLINE` (offline).

VulTendencyInfo

Vulnerability trend information

Used by actions: DescribeVulTendency.

Name	Type	Description
VulSet	Array of RunTimeTendencyInfo	List of vulnerability trends
ImageType	String	Image type affected by vulnerabilities: `LOCAL`: Local image. `REGISTRY`: Repository image.

VulTopRankingInfo

Ranking of top vulnerabilities

Used by actions: DescribeVulTopRanking.

Name	Type	Description
VulName	String	Vulnerability name
Level	String	Severity. Valid values: `CRITICAL` (critical); `HIGH` (high);`MIDDLE` (medium);`LOW` (low).
AffectedImageCount	Integer	Number of affected images
AffectedContainerCount	Integer	Number of affected containers
ID	Integer	Vulnerability ID
PocID	String	POC ID

WarningRule

Alert configuration policy

Used by actions: AddEditWarningRules, DescribeWarningRules.

Name	Type	Required	Description
Type	String	Yes	Alert event type: Image repository security - Trojan: `IMG_REG_VIRUS`. Image repository security - Vulnerability: `IMG_REG_VUL`. Image repository security - Sensitive data: `IMG_REG_RISK`. Image security - Trojan: `IMG_VIRUS`. Image security - Vulnerability: `IMG_VUL`. Image security - Sensitive data: `IMG_RISK`. Image security - Image blocking: `IMG_INTERCEPT`. Runtime security - Container escape: `RUNTIME_ESCAPE`. Runtime security - Abnormal process: `RUNTIME_FILE`. Runtime security - Abnormal file access: `RUNTIME_PROCESS`. Runtime security - High-risk syscall: `RUNTIME_SYSCALL`. Runtime security - Reverse shell: `RUNTIME_REVERSE_SHELL`. Runtime security - Trojan: `RUNTIME_VIRUS`.
Switch	String	Yes	Switch status: `ON`: On. `OFF`: Off.
BeginTime	String	Yes	Alert start time in the format of "HH:mm"
EndTime	String	Yes	Alert end time in the format of "HH:mm"
ControlBits	String	Yes	Alert level policy control. Each binary bit represents a meaning, and the value is passed as a string. The control switch can be high, medium, or low, corresponding to the third, second, and first binary bit, respectively. Valid values: `0` (off); `1` (on). For example, if the high and medium levels indicate to enable the alert and the low level indicates to disable it, the binary value is `110`. If level control does not take effect for the alert type, pass in `1`.

tencent cloud

Sign Up

Log in

Recent Pages

Data Types

ABTestConfig

AbnormalProcessChildRuleInfo

AbnormalProcessEventDescription

AbnormalProcessEventInfo

AbnormalProcessEventTendencyInfo

AbnormalProcessRuleInfo

AbnormalProcessSystemChildRuleInfo

AccessControlChildRuleInfo

AccessControlEventDescription

AccessControlEventInfo

AccessControlRuleInfo

AccessControlSystemChildRuleInfo

AffectedNodeItem

AffectedWorkloadItem

AssetClusterListItem

AssetFilters

AssetSimpleImageInfo

AutoAuthorizedImageInfo

AutoAuthorizedRuleHostInfo

CKafkaInstanceInfo

CKafkaTopicInfo

CkafkaRouteInfo

ClsLogsetInfo

ClsTopicInfo

ClusterCheckItem

ClusterCheckTaskItem

ClusterCreateComponentItem

ClusterCustomParameters

ClusterInfoItem

ClusterRiskItem

ComplianceAffectedAsset

ComplianceAssetDetailInfo

ComplianceAssetInfo

ComplianceAssetPolicyItem

ComplianceAssetPolicySetItem

ComplianceAssetSummary

ComplianceBenchmarkStandard

ComplianceBenchmarkStandardEnable

ComplianceContainerDetailInfo

ComplianceFilters

ComplianceHostDetailInfo

ComplianceImageDetailInfo

ComplianceK8SDetailInfo

CompliancePeriodTask

CompliancePeriodTaskRule

CompliancePolicyAssetSetItem

CompliancePolicyItemSummary

ComplianceScanFailedAsset

ComplianceWhitelistItem

ComponentInfo

ComponentsInfo

ContainerInfo

ContainerMount

ContainerNetwork

EmergencyVulInfo

EscapeEventDescription

EscapeEventInfo

EscapeEventTendencyInfo

EscapeRule

EscapeRuleEnabled

EscapeWhiteListInfo

ExportJobInfo

FileAttributeInfo

HostInfo

ImageAutoAuthorizedTask

ImageComponent

ImageHost

ImageInfo

ImageProgress

ImageRepoInfo

ImageRepoRegistryInfo

ImageRisk

ImageRiskInfo

ImageRiskTendencyInfo

ImageSimpleInfo