tencent cloud

Feedback

ModifyRiskEventsStatus

Last updated: 2024-12-06 15:40:07

1. API Description

Domain name for API request: cwp.intl.tencentcloudapi.com.

This API is used to change the status of intrusion detection events, including virus scanning, abnormal log-ins, password cracking, high-risk commands, reverse shells, and local privilege escalations.

A maximum of 20 requests can be initiated per second for this API.

We recommend you to use API Explorer
Try it
API Explorer provides a range of capabilities, including online call, signature authentication, SDK code generation, and API quick search. It enables you to view the request, response, and auto-generated examples.

2. Input Parameters

The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.

Parameter Name Required Type Description
Action Yes String Common Params. The value used for this API: ModifyRiskEventsStatus.
Version Yes String Common Params. The value used for this API: 2018-02-28.
Region No String Common Params. This parameter is not required.
Operate Yes Integer Operations - 0: Mark as Handled, 1: Ignore, 2: Delete Record, 3: Trojan Isolation, 4: Isolated Trojan Resumption, 5: Trojan Trust, 6: Trojan Untrust, 7: Kill Exceptional Process.
RiskType Yes String Operation event types, file scan: MALWARE, exceptional login: HOST_LOGIN, password brute attack: BRUTE_ATTACK, malicious request: MALICIOUS_REQUEST, high-risk command: BASH_EVENT, local privilege escalation: PRIVILEGE_EVENT, reverse shell: REVERSE_SHELL, exceptional process: PROCESS.
Ids.N No Array of Integer An array of event IDs that need to be modified, and batch operation is supported.
UpdateAll No Boolean Whether to update all, i.e. whether to operate on all events; this parameter is invalid when IDs are not left blank.
ExcludeId.N No Array of Integer Excluded event ID: When operating on all events, this ID needs to be excluded.
KillProcess No Boolean When Operate is Trojan isolation, it indicates whether to kill the process, other operations are invalid
Ip.N No Array of String When RiskType is cross-region log-in and IDs are left blank, you can modify the status of events from all source IPs.
Filters.N No Array of Filters Filtering criteria. When RiskType is MALWARE.
1. When RiskType is MALWARE:
  • IpOrAlias - String - required: no - filter by host IP or alias
  • FilePath - String - required: no - filter by path
  • VirusName - String - required: no - filter by description
  • CreateBeginTime - String - required: no - filter by creation time - start time
  • CreateEndTime - String - required: no - filter by creation time - end time
  • Status - String - required: no - filter by status: 4 - pending; 5 -- trusted; 6 - isolated; 10 - isolation in progress; 11 - recovering from isolation

  • When RiskType is PROCESS:
    Filter criteria
  • IpOrName - String - required: no - host IP or host name
  • VirusName - String - required: no - virus name
  • BeginTime - String - required: no - process startup time - begin
  • BeginTime - String - required: no - process startup time - end
  • Status - String - required: no - filter by status: 0 - pending; 1 - under detection; 2 - detected; 3 - exited; 4 - trusted
  • 3. Output Parameters

    Parameter Name Type Description
    IsSync Integer Whether this operation is asynchronous. 0: operation completed; 1: asynchronous operation in progress and DescribeRiskBatchStatus needs to be called by front end to check if the operation is completed.
    Note: This field may return null, indicating that no valid values can be obtained.
    RequestId String The unique request ID, generated by the server, will be returned for every request (if the request fails to reach the server for other reasons, the request will not obtain a RequestId). RequestId is required for locating a problem.

    4. Example

    Example1 Example

    This example shows you when updating the status of events in batches is required.

    Input Example

    POST / HTTP/1.1
    Host: cwp.intl.tencentcloudapi.com
    Content-Type: application/json
    X-TC-Action: ModifyRiskEventsStatus
    <Common request parameters>
    
    {
        "UpdateAll": true,
        "RiskType": "xx",
        "Ip": [
            "xx"
        ],
        "Ids": [
            1
        ],
        "KillProcess": true,
        "ExcludeId": [
            1
        ],
        "Operate": 1
    }
    

    Output Example

    {
        "Response": {
            "RequestId": "a066ece3-12ca-4611-b98e-1c296a14a491",
            "IsSync": 1
        }
    }
    

    5. Developer Resources

    SDK

    TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.

    Command Line Interface

    6. Error Code

    The following only lists the error codes related to the API business logic. For other error codes, see Common Error Codes.

    Error Code Description
    AuthFailure CAM signature/authentication error.
    AuthFailure.UnauthorizedOperation Authentication for the current user failed.
    FailedOperation.AgentOffline The client is offline.
    InternalError Internal error
    InternalError.MainDBFail Failed to manipulate the data.
    InvalidParameter Incorrect parameter.
    InvalidParameter.InvalidFormat Incorrect parameter format.
    OperationDenied The operation was denied.
    UnauthorizedOperation Unauthorized operation.
    UnsupportedOperation The operation is not supported.