Domain name for API request: cwp.intl.tencentcloudapi.com.
This API is used to change the status of intrusion detection events, including virus scanning, abnormal log-ins, password cracking, high-risk commands, reverse shells, and local privilege escalations.
A maximum of 20 requests can be initiated per second for this API.
The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.
Parameter Name | Required | Type | Description |
---|---|---|---|
Action | Yes | String | Common Params. The value used for this API: ModifyRiskEventsStatus. |
Version | Yes | String | Common Params. The value used for this API: 2018-02-28. |
Region | No | String | Common Params. This parameter is not required. |
Operate | Yes | Integer | Operations - 0: Mark as Handled, 1: Ignore, 2: Delete Record, 3: Trojan Isolation, 4: Isolated Trojan Resumption, 5: Trojan Trust, 6: Trojan Untrust, 7: Kill Exceptional Process. |
RiskType | Yes | String | Operation event types, file scan: MALWARE, exceptional login: HOST_LOGIN, password brute attack: BRUTE_ATTACK, malicious request: MALICIOUS_REQUEST, high-risk command: BASH_EVENT, local privilege escalation: PRIVILEGE_EVENT, reverse shell: REVERSE_SHELL, exceptional process: PROCESS. |
Ids.N | No | Array of Integer | An array of event IDs that need to be modified, and batch operation is supported. |
UpdateAll | No | Boolean | Whether to update all, i.e. whether to operate on all events; this parameter is invalid when IDs are not left blank. |
ExcludeId.N | No | Array of Integer | Excluded event ID: When operating on all events, this ID needs to be excluded. |
KillProcess | No | Boolean | When Operate is Trojan isolation, it indicates whether to kill the process, other operations are invalid |
Ip.N | No | Array of String | When RiskType is cross-region log-in and IDs are left blank, you can modify the status of events from all source IPs. |
Filters.N | No | Array of Filters | Filtering criteria. When RiskType is MALWARE. 1. When RiskType is MALWARE: When RiskType is PROCESS: Filter criteria |
Parameter Name | Type | Description |
---|---|---|
IsSync | Integer | Whether this operation is asynchronous. 0: operation completed; 1: asynchronous operation in progress and DescribeRiskBatchStatus needs to be called by front end to check if the operation is completed. Note: This field may return null, indicating that no valid values can be obtained. |
RequestId | String | The unique request ID, generated by the server, will be returned for every request (if the request fails to reach the server for other reasons, the request will not obtain a RequestId). RequestId is required for locating a problem. |
This example shows you when updating the status of events in batches is required.
POST / HTTP/1.1
Host: cwp.intl.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: ModifyRiskEventsStatus
<Common request parameters>
{
"UpdateAll": true,
"RiskType": "xx",
"Ip": [
"xx"
],
"Ids": [
1
],
"KillProcess": true,
"ExcludeId": [
1
],
"Operate": 1
}
{
"Response": {
"RequestId": "a066ece3-12ca-4611-b98e-1c296a14a491",
"IsSync": 1
}
}
TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.
The following only lists the error codes related to the API business logic. For other error codes, see Common Error Codes.
Error Code | Description |
---|---|
AuthFailure | CAM signature/authentication error. |
AuthFailure.UnauthorizedOperation | Authentication for the current user failed. |
FailedOperation.AgentOffline | The client is offline. |
InternalError | Internal error |
InternalError.MainDBFail | Failed to manipulate the data. |
InvalidParameter | Incorrect parameter. |
InvalidParameter.InvalidFormat | Incorrect parameter format. |
OperationDenied | The operation was denied. |
UnauthorizedOperation | Unauthorized operation. |
UnsupportedOperation | The operation is not supported. |
Was this page helpful?