tencent cloud

Feedback

DescribeVirusDetail

Last updated: 2024-12-06 15:47:33

    1. API Description

    Domain name for API request: tcss.intl.tencentcloudapi.com.

    This API is used to query the information of a trojan file at runtime.

    A maximum of 20 requests can be initiated per second for this API.

    We recommend you to use API Explorer
    Try it
    API Explorer provides a range of capabilities, including online call, signature authentication, SDK code generation, and API quick search. It enables you to view the request, response, and auto-generated examples.

    2. Input Parameters

    The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.

    Parameter Name Required Type Description
    Action Yes String Common Params. The value used for this API: DescribeVirusDetail.
    Version Yes String Common Params. The value used for this API: 2020-11-01.
    Region No String Common Params. This parameter is not required.
    Id Yes String Trojan file ID

    3. Output Parameters

    Parameter Name Type Description
    ImageId String Image ID
    Note: This field may return null, indicating that no valid values can be obtained.
    ImageName String Image name
    Note: This field may return null, indicating that no valid values can be obtained.
    CreateTime String Creation time
    Note: This field may return null, indicating that no valid values can be obtained.
    Size Integer Trojan file size
    Note: This field may return null, indicating that no valid values can be obtained.
    FilePath String Trojan file path
    Note: This field may return null, indicating that no valid values can be obtained.
    ModifyTime String Last generation time
    Note: This field may return null, indicating that no valid values can be obtained.
    VirusName String Virus name
    Note: This field may return null, indicating that no valid values can be obtained.
    RiskLevel String Risk level. Valid values: RISK_CRITICAL, RISK_HIGH, RISK_MEDIUM, RISK_LOW, RISK_NOTICE.
    Note: This field may return null, indicating that no valid values can be obtained.
    ContainerName String Container name
    Note: This field may return null, indicating that no valid values can be obtained.
    ContainerId String Container ID
    Note: This field may return null, indicating that no valid values can be obtained.
    HostName String Server name
    Note: This field may return null, indicating that no valid values can be obtained.
    HostId String Server ID
    Note: This field may return null, indicating that no valid values can be obtained.
    ProcessName String Process name
    Note: This field may return null, indicating that no valid values can be obtained.
    ProcessPath String Process path
    Note: This field may return null, indicating that no valid values can be obtained.
    ProcessMd5 String Process MD5
    Note: This field may return null, indicating that no valid values can be obtained.
    ProcessId Integer Process ID
    Note: This field may return null, indicating that no valid values can be obtained.
    ProcessArgv String Process parameter
    Note: This field may return null, indicating that no valid values can be obtained.
    ProcessChan String Process chain
    Note: This field may return null, indicating that no valid values can be obtained.
    ProcessAccountGroup String Process group
    Note: This field may return null, indicating that no valid values can be obtained.
    ProcessStartAccount String Process initiator
    Note: This field may return null, indicating that no valid values can be obtained.
    ProcessFileAuthority String Process file permission
    Note: This field may return null, indicating that no valid values can be obtained.
    SourceType Integer Source. Valid values: 0 (quick scan); 1 (scheduled scan); 2 (real-time monitoring).
    Note: This field may return null, indicating that no valid values can be obtained.
    Tags Array of String Tag
    Note: This field may return null, indicating that no valid values can be obtained.
    HarmDescribe String Event description
    Note: This field may return null, indicating that no valid values can be obtained.
    SuggestScheme String Solution
    Note: This field may return null, indicating that no valid values can be obtained.
    Mark String Remarks
    Note: This field may return null, indicating that no valid values can be obtained.
    FileName String Suspicious file name
    Note: This field may return null, indicating that no valid values can be obtained.
    FileMd5 String MD5 checksum of the file
    Note: This field may return null, indicating that no valid values can be obtained.
    EventType String Event type
    Note: This field may return null, indicating that no valid values can be obtained.
    PodName String Cluster name
    Note: This field may return null, indicating that no valid values can be obtained.
    Status String DEAL_NONE: Pending.
    DEAL_IGNORE: Ignored.
    DEAL_ADD_WHITELIST: Allowed.
    DEAL_DEL: Deleted.
    DEAL_ISOLATE: Isolated.
    DEAL_ISOLATING: Isolating.
    DEAL_ISOLATE_FAILED: Isolation failed.
    DEAL_RECOVERING: Recovering.
    DEAL_RECOVER_FAILED: Recovery failed.
    Note: This field may return null, indicating that no valid values can be obtained.
    SubStatus String Sub-status of the failure:
    FILE_NOT_FOUND: The file does not exist.
    FILE_ABNORMAL: The file is abnormal.
    FILE_ABNORMAL_DEAL_RECOVER: The file is abnormal when recovered.
    BACKUP_FILE_NOT_FOUND: The backup file does not exist.
    CONTAINER_NOT_FOUND_DEAL_ISOLATE: The container does not exist during isolation.
    CONTAINER_NOT_FOUND_DEAL_RECOVER: The container does not exist during recovery.
    Note: This field may return null, indicating that no valid values can be obtained.
    HostIP String Private IP
    Note: This field may return null, indicating that no valid values can be obtained.
    ClientIP String Public IP
    Note: This field may return null, indicating that no valid values can be obtained.
    PProcessStartUser String Parent process initiator
    Note: This field may return null, indicating that no valid values can be obtained.
    PProcessUserGroup String User group of the parent process
    Note: This field may return null, indicating that no valid values can be obtained.
    PProcessPath String Path of the parent process
    Note: This field may return null, indicating that no valid values can be obtained.
    PProcessParam String Command line parameters of the parent process
    Note: This field may return null, indicating that no valid values can be obtained.
    AncestorProcessStartUser String Ancestor process initiator
    Note: This field may return null, indicating that no valid values can be obtained.
    AncestorProcessUserGroup String Ancestor process user group
    Note: This field may return null, indicating that no valid values can be obtained.
    AncestorProcessPath String Ancestor process path
    Note: This field may return null, indicating that no valid values can be obtained.
    AncestorProcessParam String Command line parameters of the ancestor process
    Note: This field may return null, indicating that no valid values can be obtained.
    OperationTime String Last processing time of the event
    Note: This field may return null, indicating that no valid values can be obtained.
    ContainerNetStatus String Container isolation status
    Note: This field may return null, indicating that no valid values can be obtained.
    ContainerNetSubStatus String Sub-status of container isolation
    Note: This field may return null, indicating that no valid values can be obtained.
    ContainerIsolateOperationSrc String Container isolation operation source
    Note: This field may return null, indicating that no valid values can be obtained.
    CheckPlatform Array of String Check platform
    1: Tencent Cloud Security Engine.
    2: tav.
    3: binaryAi.
    4: Unusual behavior.
    5: Threat intelligence.
    Note: This field may return null, indicating that no valid values can be obtained.
    FileAccessTime String File accessed time
    Note: This field may return null, indicating that no valid values can be obtained.
    FileModifyTime String File modified time
    Note: This field may return null, indicating that no valid values can be obtained.
    NodeSubNetID String Node subnet ID
    NodeSubNetName String Node subnet name
    NodeSubNetCIDR String Subnet IP range
    ClusterID String Cluster ID
    PodIP String Pod IP
    PodStatus String Pod status
    NodeUniqueID String UID of the node
    NodeType String Node type. Values: NORMAL (general node), SUPER (super node).
    NodeID String Node ID
    ClusterName String Cluster name
    Namespace String
    WorkloadType String
    RequestId String The unique request ID, generated by the server, will be returned for every request (if the request fails to reach the server for other reasons, the request will not obtain a RequestId). RequestId is required for locating a problem.

    4. Example

    Example1 Querying the trojan information

    This example shows you how to query the trojan information.

    Input Example

    POST / HTTP/1.1
    Host: tcss.intl.tencentcloudapi.com
    Content-Type: application/json
    X-TC-Action: DescribeVirusDetail
    <Common request parameters>
    
    {
        "Id": "dskaldjskld"
    }
    

    Output Example

    {
        "Response": {
            "ImageId": "abc",
            "ImageName": "abc",
            "CreateTime": "abc",
            "Size": 1,
            "FilePath": "abc",
            "ModifyTime": "abc",
            "VirusName": "abc",
            "RiskLevel": "abc",
            "ContainerName": "abc",
            "ContainerId": "abc",
            "HostName": "abc",
            "HostId": "abc",
            "ProcessName": "abc",
            "ProcessPath": "abc",
            "ProcessMd5": "abc",
            "ProcessId": 1,
            "ProcessArgv": "abc",
            "ProcessChan": "abc",
            "ProcessAccountGroup": "abc",
            "ProcessStartAccount": "abc",
            "ProcessFileAuthority": "abc",
            "SourceType": 0,
            "Tags": [
                "abc"
            ],
            "HarmDescribe": "abc",
            "SuggestScheme": "abc",
            "Mark": "abc",
            "FileName": "abc",
            "FileMd5": "abc",
            "EventType": "abc",
            "PodName": "abc",
            "Status": "abc",
            "SubStatus": "abc",
            "HostIP": "abc",
            "ClientIP": "abc",
            "PProcessStartUser": "abc",
            "PProcessUserGroup": "abc",
            "PProcessPath": "abc",
            "PProcessParam": "abc",
            "AncestorProcessStartUser": "abc",
            "AncestorProcessUserGroup": "abc",
            "AncestorProcessPath": "abc",
            "AncestorProcessParam": "abc",
            "OperationTime": "abc",
            "ContainerNetStatus": "abc",
            "ContainerNetSubStatus": "abc",
            "ContainerIsolateOperationSrc": "abc",
            "CheckPlatform": [
                "abc"
            ],
            "FileAccessTime": "abc",
            "FileModifyTime": "abc",
            "NodeSubNetID": "abc",
            "NodeSubNetName": "abc",
            "NodeSubNetCIDR": "abc",
            "ClusterID": "abc",
            "PodIP": "abc",
            "PodStatus": "abc",
            "NodeUniqueID": "abc",
            "NodeType": "abc",
            "NodeID": "abc",
            "ClusterName": "abc",
            "RequestId": "abc"
        }
    }
    

    5. Developer Resources

    SDK

    TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.

    Command Line Interface

    6. Error Code

    The following only lists the error codes related to the API business logic. For other error codes, see Common Error Codes.

    Error Code Description
    InternalError An internal error occurred.
    InternalError.MainDBFail The database operation failed.
    InvalidParameter The parameter is incorrect.
    ResourceNotFound The resource does not exist.