ABTestConfig
Canary project configuration
Used by actions: DescribeABTestConfig.
| Name |
Type |
Description |
| ProjectName |
String |
Canary project name |
| Status |
Boolean |
Valid values: true (in canary upgrade); false (not in canary upgrade). |
AbnormalProcessChildRuleInfo
Container runtime security - Sub-policy information
Used by actions: AddEditAbnormalProcessRule, DescribeAbnormalProcessDetail, DescribeAbnormalProcessRuleDetail.
| Name |
Type |
Required |
Description |
| RuleMode |
String |
Yes |
Policy mode. RULE_MODE_RELEASE: Allow.
RULE_MODE_ALERT: Alert.
RULE_MODE_HOLDUP: Block. |
| ProcessPath |
String |
Yes |
Process path |
| RuleId |
String |
No |
Sub-policy ID
Note: This field may return null, indicating that no valid values can be obtained. |
| RuleLevel |
String |
No |
Severity. Valid values: HIGH (high); MIDDLE (medium); LOW (low).
Note: This field may return null, indicating that no valid values can be obtained. |
AbnormalProcessEventDescription
Description of the abnormal container process event at runtime
Used by actions: DescribeAbnormalProcessDetail.
| Name |
Type |
Description |
| Description |
String |
Event rule |
| Solution |
String |
Solution |
| Remark |
String |
Event remarks
Note: This field may return null, indicating that no valid values can be obtained. |
| MatchRule |
AbnormalProcessChildRuleInfo |
Details of the hit rule |
| RuleName |
String |
Name of the hit rule. Valid values: PROXY_TOOL (proxy); TRANSFER_CONTROL (lateral movement); ATTACK_CMD (malicious command); REVERSE_SHELL (reverse shell); FILELESS (fileless execution); RISK_CMD (high-risk command); ABNORMAL_CHILD_PROC (unusual start found in the child process of the sensitive service); USER_DEFINED_RULE (custom rule). |
| RuleId |
String |
ID of the hit rule |
| OperationTime |
String |
Last processing time of the event
Note: This field may return null, indicating that no valid values can be obtained. |
| GroupName |
String |
Name of the hit policy. Valid values: SYSTEM_DEFINED_RULE (preset policy); name of the custom policy.
Note: This field may return null, indicating that no valid values can be obtained. |
AbnormalProcessEventInfo
Container runtime security - Information of the abnormal process
Used by actions: DescribeAbnormalProcessEvents.
| Name |
Type |
Description |
| ProcessPath |
String |
Process directory |
| EventType |
String |
Event type. MALICE_PROCESS_START: Malicious process startup. |
| MatchRuleName |
String |
Name of the hit rule. Valid values: PROXY_TOOL (proxy); TRANSFER_CONTROL (lateral movement); ATTACK_CMD (malicious command); REVERSE_SHELL (reverse shell); FILELESS (fileless execution); RISK_CMD (high-risk command); ABNORMAL_CHILD_PROC (unusual start found in the child process of the sensitive service); USER_DEFINED_RULE (custom rule). |
| FoundTime |
Timestamp |
Generation time |
| ContainerName |
String |
Container name |
| ImageName |
String |
Image name |
| Behavior |
String |
Action execution result. BEHAVIOR_NONE: None.
BEHAVIOR_ALERT: Alert.
BEHAVIOR_RELEASE: Allow.
BEHAVIOR_HOLDUP_FAILED: Failed to block.
BEHAVIOR_HOLDUP_SUCCESSED: Blocked. |
| Status |
String |
Status. EVENT_UNDEAL: Pending.
EVENT_DEALED: Processed.
EVENT_INGNORE: Ignored. |
| Id |
String |
Unique event ID |
| ImageId |
String |
Image ID, which is used for redirect. |
| ContainerId |
String |
Container ID, which is used for redirect. |
| Solution |
String |
Event solution |
| Description |
String |
Event description |
| MatchRuleId |
String |
Hit policy ID |
| MatchAction |
String |
Action of the hit rule:
RULE_MODE_RELEASE: Allow.
RULE_MODE_ALERT: Alert.
RULE_MODE_HOLDUP: Block. |
| MatchProcessPath |
String |
Information of the process that hits the rule |
| RuleExist |
Boolean |
Whether the rule exists |
| EventCount |
Integer |
Number of events |
| LatestFoundTime |
Timestamp |
Last generation time |
| RuleId |
String |
Rule group ID |
| MatchGroupName |
String |
Name of the hit policy. Valid values: SYSTEM_DEFINED_RULE (preset policy); name of the custom policy. |
| MatchRuleLevel |
String |
Level of the hit rule. Valid values: HIGH (high); MIDDLE (medium); LOW (low). |
| ContainerNetStatus |
String |
Network status
NORMAL: Not isolated.
ISOLATED: Isolated.
ISOLATING: Isolating.
ISOLATE_FAILED: Isolation failed.
RESTORING: Recovering.
RESTORE_FAILED: Recovery failed.
Note: This field may return null, indicating that no valid values can be obtained. |
| ContainerNetSubStatus |
String |
Sub-status of the container
"AGENT_OFFLINE" // The agent is offline.
"NODE_DESTROYED" // The node is terminated.
"CONTAINER_EXITED" // The container exited.
"CONTAINER_DESTROYED" // The container was terminated.
"SHARED_HOST" // The container shares the network with the server.
"RESOURCE_LIMIT" // The number of resources to be isolated exceeds the limit.
"UNKNOW" // The reason is unknown.
Note: This field may return null, indicating that no valid values can be obtained. |
| ContainerIsolateOperationSrc |
String |
Container isolation operation source
Note: This field may return null, indicating that no valid values can be obtained. |
| ContainerStatus |
String |
Container status
RUNNING: Running.
PAUSED: Paused.
STOPPED: Stopped.
CREATED: Created.
DESTROYED: Terminated.
RESTARTING: Restarting.
REMOVING: Removing. |
| ClusterID |
String |
Cluster ID |
| NodeType |
String |
Node type. Values: NORMAL (general node), SUPER (super node). |
| PodName |
String |
Pod name |
| PodIP |
String |
Pod IP |
| NodeUniqueID |
String |
Cluster ID |
| PublicIP |
String |
Node public IP |
| NodeName |
String |
Node name |
| NodeID |
String |
Node ID |
| HostID |
String |
uuid |
| HostIP |
String |
Private IP of the node |
| ClusterName |
String |
Cluster name |
AbnormalProcessEventTendencyInfo
Trend of pending abnormal process events
Used by actions: DescribeAbnormalProcessEventTendency.
| Name |
Type |
Description |
| Date |
Date |
Date |
| ProxyToolEventCount |
Integer |
Number of pending proxy events |
| TransferControlEventCount |
Integer |
Number of pending lateral movement events |
| AttackCmdEventCount |
Integer |
Number of pending malicious command events |
| ReverseShellEventCount |
Integer |
Number of pending reverse shell events |
| FilelessEventCount |
Integer |
Number of pending fileless execution events |
| RiskCmdEventCount |
Integer |
Number of pending high-risk command events |
| AbnormalChildProcessEventCount |
Integer |
Number of pending events of unusual startups found in the child process of the sensitive service |
| UserDefinedRuleEventCount |
Integer |
Number of pending custom rule events |
AbnormalProcessRuleInfo
Runtime security - Abnormal process detection policy
Used by actions: AddEditAbnormalProcessRule, DescribeAbnormalProcessRuleDetail.
| Name |
Type |
Required |
Description |
| IsEnable |
Boolean |
Yes |
Valid values: true (enabled); false (disabled). |
| ImageIds |
Array of String |
Yes |
IDs of associated images. An empty array indicates all images. |
| ChildRules |
Array of AbnormalProcessChildRuleInfo |
Yes |
Array of sub-policies of the user policy |
| RuleName |
String |
Yes |
Policy name |
| RuleId |
String |
No |
Policy ID
Note: This field may return null, indicating that no valid values can be obtained. |
| SystemChildRules |
Array of AbnormalProcessSystemChildRuleInfo |
No |
Array of sub-policies of the preset policy |
| IsDefault |
Boolean |
No |
Whether it is the default preset policy |
AbnormalProcessSystemChildRuleInfo
Information of the sub-policy of the preset policy for abnormal processes
Used by actions: AddEditAbnormalProcessRule, DescribeAbnormalProcessRuleDetail.
| Name |
Type |
Required |
Description |
| RuleId |
String |
Yes |
Sub-policy ID |
| IsEnable |
Boolean |
Yes |
Sub-policy status. Valid values: true (enabled); false (disabled). |
| RuleMode |
String |
Yes |
Policy mode. RULE_MODE_RELEASE: Allow.
RULE_MODE_ALERT: Alert.
RULE_MODE_HOLDUP: Block. |
| RuleType |
String |
Yes |
Behavior type detected by the sub-policy
PROXY_TOOL: Proxy.
TRANSFER_CONTROL: Lateral movement.
ATTACK_CMD: Malicious command.
REVERSE_SHELL: Reverse shell.
FILELESS: Fileless execution.
RISK_CMD: High-risk command.
ABNORMAL_CHILD_PROC: Unusual start found in the child process of the sensitive service. |
| RuleLevel |
String |
No |
Severity. Valid values: HIGH (high); MIDDLE (medium); LOW (low).
Note: This field may return null, indicating that no valid values can be obtained. |
AccessControlChildRuleInfo
Container runtime security - Information of the access control sub-policy
Used by actions: AddEditAccessControlRule, DescribeAccessControlDetail, DescribeAccessControlRuleDetail.
| Name |
Type |
Required |
Description |
| RuleMode |
String |
Yes |
Policy mode. RULE_MODE_RELEASE: Allow.
RULE_MODE_ALERT: Alert.
RULE_MODE_HOLDUP: Block. |
| ProcessPath |
String |
Yes |
Process path |
| TargetFilePath |
String |
Yes |
Accessed file path, which is valid only for access control. |
| RuleId |
String |
No |
Sub-policy ID
Note: This field may return null, indicating that no valid values can be obtained. |
AccessControlEventDescription
Description of the container access control event at runtime
Used by actions: DescribeAccessControlDetail.
| Name |
Type |
Description |
| Description |
String |
Event rule |
| Solution |
String |
Solution |
| Remark |
String |
Event remarks
Note: This field may return null, indicating that no valid values can be obtained. |
| MatchRule |
AccessControlChildRuleInfo |
Details of the hit rule |
| RuleName |
String |
Name of the hit rule |
| RuleId |
String |
ID of the hit rule |
| OperationTime |
String |
Last processing time of the event
Note: This field may return null, indicating that no valid values can be obtained. |
AccessControlEventInfo
Container runtime security - Information of the access control event
Used by actions: DescribeAccessControlEvents.
| Name |
Type |
Description |
| ProcessName |
String |
Process name |
| MatchRuleName |
String |
Name of the hit rule |
| FoundTime |
Timestamp |
Generation time |
| ContainerName |
String |
Container name |
| ImageName |
String |
Image name |
| Behavior |
String |
Action execution result. BEHAVIOR_NONE: None.
BEHAVIOR_ALERT: Alert.
BEHAVIOR_RELEASE: Allow.
BEHAVIOR_HOLDUP_FAILED: Failed to block.
BEHAVIOR_HOLDUP_SUCCESSED: Blocked. |
| Status |
String |
Status. 0: Pending. EVENT_UNDEAL: Pending.
EVENT_DEALED: Processed.
EVENT_INGNORE: Ignored. |
| Id |
String |
Unique event ID |
| FileName |
String |
Filename |
| EventType |
String |
Event type. FILE_ABNORMAL_READ: Abnormal file read. |
| ImageId |
String |
Image ID, which is used for redirect. |
| ContainerId |
String |
Container ID, which is used for redirect. |
| Solution |
String |
Event solution |
| Description |
String |
Event description |
| MatchRuleId |
String |
Hit policy ID |
| MatchAction |
String |
Action of the hit rule:
RULE_MODE_RELEASE: Allow.
RULE_MODE_ALERT: Alert.
RULE_MODE_HOLDUP: Block. |
| MatchProcessPath |
String |
Information of the process that hits the rule |
| MatchFilePath |
String |
Information of the file that hits the rule |
| FilePath |
String |
File path containing the name |
| RuleExist |
Boolean |
Whether the rule exists |
| EventCount |
Integer |
Number of events |
| LatestFoundTime |
String |
Last generation time |
| RuleId |
String |
Rule group ID |
| ContainerNetStatus |
String |
Network status
NORMAL: Not isolated.
ISOLATED: Isolated.
ISOLATING: Isolating.
ISOLATE_FAILED: Isolation failed.
RESTORING: Recovering.
RESTORE_FAILED: Recovery failed. |
| ContainerNetSubStatus |
String |
Sub-status of the container
"AGENT_OFFLINE" // The agent is offline.
"NODE_DESTROYED" // The node is terminated.
"CONTAINER_EXITED" // The container exited.
"CONTAINER_DESTROYED" // The container was terminated.
"SHARED_HOST" // The container shares the network with the server.
"RESOURCE_LIMIT" // The number of resources to be isolated exceeds the limit.
"UNKNOW" // The reason is unknown. |
| ContainerIsolateOperationSrc |
String |
Container isolation operation source |
| ContainerStatus |
String |
Container status
RUNNING: Running.
PAUSED: Paused.
STOPPED: Stopped.
CREATED: Created.
DESTROYED: Terminated.
RESTARTING: Restarting.
REMOVING: Removing. |
| NodeName |
String |
Node name: For super nodes, the node_id is displayed. |
| PodName |
String |
Pod name |
| PodIP |
String |
Pod IP |
| NodeType |
String |
Node type. Values: NORMAL (general node), SUPER (super node). |
| ClusterID |
String |
Cluster ID |
| NodeUniqueID |
String |
Node unique ID. It's used for super nodes. |
| PublicIP |
String |
Node public IP |
| NodeID |
String |
Node ID |
| HostID |
String |
uuid |
| HostIP |
String |
Private IP of the node |
| ClusterName |
String |
Cluster name |
AccessControlRuleInfo
Container runtime - Access control policy information
Used by actions: AddEditAccessControlRule, DescribeAccessControlRuleDetail.
| Name |
Type |
Required |
Description |
| IsEnable |
Boolean |
Yes |
Switch. Valid values: true (on); false (off). |
| ImageIds |
Array of String |
Yes |
IDs of associated images. An empty array indicates all images. |
| ChildRules |
Array of AccessControlChildRuleInfo |
Yes |
Array of sub-policies of the user policy |
| RuleName |
String |
Yes |
Policy name |
| RuleId |
String |
No |
Policy ID
Note: This field may return null, indicating that no valid values can be obtained. |
| SystemChildRules |
Array of AccessControlSystemChildRuleInfo |
No |
Array of sub-policies of the preset policy |
| IsDefault |
Boolean |
No |
Whether it is the default preset policy |
AccessControlSystemChildRuleInfo
Container runtime security - Information of the sub-policy of the preset access control policy
Used by actions: AddEditAccessControlRule, DescribeAccessControlRuleDetail.
| Name |
Type |
Required |
Description |
| RuleId |
String |
Yes |
Sub-policy ID |
| RuleMode |
String |
Yes |
Policy mode. RULE_MODE_RELEASE: Allow.
RULE_MODE_ALERT: Alert.
RULE_MODE_HOLDUP: Block. |
| IsEnable |
Boolean |
Yes |
Sub-policy status. Valid values: true (enabled); false (disabled). |
| RuleType |
String |
Yes |
Intrusion behavior type detected by the sub-policy
CHANGE_CRONTAB: Tampering with the scheduled task.
CHANGE_SYS_BIN: Tampering with the system program.
CHANGE_USRCFG: Tampering with user configuration. |
AffectedNodeItem
Structure of the affected node type
Used by actions: DescribeAffectedNodeList.
| Name |
Type |
Required |
Description |
| ClusterId |
String |
Yes |
Cluster ID |
| ClusterName |
String |
Yes |
Cluster name |
| InstanceId |
String |
Yes |
Instance ID |
| PrivateIpAddresses |
String |
Yes |
Private IP |
| InstanceRole |
String |
Yes |
Node role, such as Master and Work. |
| ClusterVersion |
String |
Yes |
K8s version |
| ContainerRuntime |
String |
Yes |
Runtime component. Valid values: docker, containerd. |
| Region |
String |
Yes |
Region |
| VerifyInfo |
String |
Yes |
Verification information of the check result |
| NodeName |
String |
Yes |
Node name |
AffectedWorkloadItem
Affected workload item in the cluster security check
Used by actions: DescribeAffectedWorkloadList.
| Name |
Type |
Required |
Description |
| ClusterId |
String |
Yes |
Cluster ID |
| ClusterName |
String |
Yes |
Cluster name |
| WorkloadName |
String |
Yes |
Workload name |
| WorkloadType |
String |
Yes |
Workload type |
| Region |
String |
Yes |
Region |
| VerifyInfo |
String |
Yes |
Verification information of the check result |
AssetClusterListItem
List of clusters
Used by actions: DescribeAssetClusterList.
| Name |
Type |
Description |
| ClusterID |
String |
Cluster ID |
| ClusterName |
String |
Cluster name |
| Status |
String |
Cluster status
CSR_RUNNING: Running
CSR_EXCEPTION: Abnormal
CSR_DEL: Deleted |
| BindRuleName |
String |
Bound rule name |
| ClusterType |
String |
Cluster type:
CT_TKE: TKE cluster
CT_USER_CREATE: External cluster
CT_TKE_SERVERLESS: TKE Serverless cluster |
| ClusterVersion |
String |
Cluster version |
| MemLimit |
Integer |
MEM usage |
| CpuLimit |
Integer |
cpu |
AssetFilters
TCSS
Key-value pair filter for conditional filtering queries, such as filter ID, name, and status
If more than one filter exists, the logical relationship between these filters is AND.
If multiple values exist in one filter, the logical relationship between these values is OR.
Used by actions: AddEditImageAutoAuthorizedRule, CreateAssetImageRegistryScanTask, CreateAssetImageScanTask, CreateAssetImageVirusExportJob, CreateComponentExportJob, CreateHostExportJob, CreateProcessEventsExportJob, CreateVulExportJob, DescribeAssetAppServiceList, DescribeAssetComponentList, DescribeAssetContainerList, DescribeAssetDBServiceList, DescribeAssetHostList, DescribeAssetImageHostList, DescribeAssetImageList, DescribeAssetImageListExport, DescribeAssetImageRegistryList, DescribeAssetImageRegistryListExport, DescribeAssetImageRegistryRegistryList, DescribeAssetImageRegistryRiskInfoList, DescribeAssetImageRegistryRiskListExport, DescribeAssetImageRegistrySummary, DescribeAssetImageRegistryVirusList, DescribeAssetImageRegistryVirusListExport, DescribeAssetImageRegistryVulList, DescribeAssetImageRegistryVulListExport, DescribeAssetImageRiskList, DescribeAssetImageRiskListExport, DescribeAssetImageSimpleList, DescribeAssetImageVirusList, DescribeAssetImageVirusListExport, DescribeAssetImageVulList, DescribeAssetImageVulListExport, DescribeAssetPortList, DescribeAssetProcessList, DescribeAssetWebServiceList, DescribeImageAutoAuthorizedLogList, DescribeImageAutoAuthorizedTaskList, DescribeImageComponentList, DescribeImageRegistryNamespaceList, DescribeVulRegistryImageList, ModifyAssetImageRegistryScanStop, ModifyAssetImageScanStop, ModifyImageAuthorized.
| Name |
Type |
Required |
Description |
| Name |
String |
Yes |
Filter name |
| Values |
Array of String |
Yes |
One or more filter values |
| ExactMatch |
Boolean |
No |
Whether to use fuzzy query |
AssetSimpleImageInfo
Brief information of the image
Used by actions: DescribeAssetImageSimpleList.
| Name |
Type |
Description |
| ImageID |
String |
Image ID |
| ImageName |
String |
Image name |
| ContainerCnt |
Integer |
Number of associated containers |
| ScanTime |
String |
Last scan time |
| Size |
Integer |
Image size |
AutoAuthorizedImageInfo
Result of the automatic image licensing
Used by actions: DescribeImageAutoAuthorizedLogList.
| Name |
Type |
Description |
| ImageId |
String |
Image ID |
| ImageName |
String |
Image name |
| AuthorizedTime |
String |
Licensing time |
| Status |
String |
Licensing result. Valid values: SUCCESS (success); REACH_LIMIT (reaching the upper limit on licenses); LICENSE_INSUFFICIENT (insufficient licenses). |
| IsAuthorized |
Integer |
Whether it is licensed. Valid values: 1 (yes); 0 (no). |
AutoAuthorizedRuleHostInfo
List of servers licensed based on the automatic image licensing rule
Used by actions: DescribeAutoAuthorizedRuleHost.
| Name |
Type |
Description |
| HostID |
String |
Server ID |
| HostIP |
String |
Server IP, which is the private IP |
| HostName |
String |
Server name |
| ImageCnt |
Integer |
Number of images |
| ContainerCnt |
Integer |
Number of containers |
| PublicIp |
String |
Public IP |
| InstanceID |
String |
Server instance ID |
| MachineType |
String |
Server source. Valid values: CVM, ECM, LH, BM, Other. The first four values indicate Tencent Cloud instances, while the last one indicates non-Tencent Cloud instances. |
| DockerVersion |
String |
Docker version |
| Status |
String |
Agent status |
CKafkaInstanceInfo
Optional information of the security log Kafka
Used by actions: DescribeSecLogDeliveryKafkaOptions.
| Name |
Type |
Required |
Description |
| InstanceID |
String |
No |
Instance ID
Note: This field may return null, indicating that no valid values can be obtained. |
| InstanceName |
String |
No |
Instance name
Note: This field may return null, indicating that no valid values can be obtained. |
| TopicList |
Array of CKafkaTopicInfo |
No |
Topic list
Note: This field may return null, indicating that no valid values can be obtained. |
| RouteList |
Array of CkafkaRouteInfo |
No |
Route list
Note: This field may return null, indicating that no valid values can be obtained. |
| KafkaVersion |
String |
No |
Kafka version number
Note: This field may return null, indicating that no valid values can be obtained. |
CKafkaTopicInfo
CKafka topic information
Used by actions: DescribeSecLogDeliveryKafkaOptions.
| Name |
Type |
Required |
Description |
| TopicID |
String |
Yes |
Topic ID |
| TopicName |
String |
Yes |
Topic name |
CkafkaRouteInfo
CKafka route details
Used by actions: DescribeSecLogDeliveryKafkaOptions.
| Name |
Type |
Required |
Description |
| RouteID |
Integer |
No |
Route ID
Note: This field may return null, indicating that no valid values can be obtained. |
| Domain |
String |
No |
Domain name
Note: This field may return null, indicating that no valid values can be obtained. |
| DomainPort |
Integer |
No |
Domain port
Note: This field may return null, indicating that no valid values can be obtained. |
| Vip |
String |
No |
VIP
Note: This field may return null, indicating that no valid values can be obtained. |
| VipType |
Integer |
No |
VIP type
Note: This field may return null, indicating that no valid values can be obtained. |
| AccessType |
Integer |
No |
Access type
// 0: PLAINTEXT (plaintext method, which does not carry user information and is supported for legacy versions and Community Edition)
// 1: SASL_PLAINTEXT (plaintext method, which authenticates the login through SASL before data start and is supported only for Community Edition)
// 2: SSL (SSL-encrypted communication, which does not carry user information and is supported for legacy versions and Community Edition)
// 3: SASL_SSL (SSL-encrypted communication, which authenticates the login through SASL before data start and is supported only for Community Edition)
Note: This field may return null, indicating that no valid values can be obtained. |
ClsLogsetInfo
CLS logset information
Used by actions: DescribeSecLogDeliveryClsOptions.
| Name |
Type |
Required |
Description |
| LogsetID |
String |
Yes |
Logset ID |
| LogsetName |
String |
No |
Logset name
Note: This field may return null, indicating that no valid values can be obtained. |
| TopicList |
Array of ClsTopicInfo |
No |
List of CLS topics
Note: This field may return null, indicating that no valid values can be obtained. |
ClsTopicInfo
CLS topic information
Used by actions: DescribeSecLogDeliveryClsOptions.
| Name |
Type |
Required |
Description |
| TopicID |
String |
No |
Topic ID |
| TopicName |
String |
No |
Topic name |
ClusterCheckItem
Details of a cluster security check item
Used by actions: DescribeCheckItemList, DescribeRiskList.
| Name |
Type |
Description |
| CheckItemId |
Integer |
Unique ID of the check item
Note: This field may return null, indicating that no valid values can be obtained. |
| Name |
String |
Name of the risk item |
| ItemDetail |
String |
Detailed description of the check item
Note: This field may return null, indicating that no valid values can be obtained. |
| RiskLevel |
String |
Severity. Valid values: Serious (critical); High (high); Middle (medium); Hint (prompt).
Note: This field may return null, indicating that no valid values can be obtained. |
| RiskTarget |
String |
Check target and risky target. Valid values: Runc, Kubelet, Containerd, Pods.
Note: This field may return null, indicating that no valid values can be obtained. |
| RiskType |
String |
Risk type. Valid values: CVERisk (vulnerability risk); ConfigRisk (configuration risk).
Note: This field may return null, indicating that no valid values can be obtained. |
| RiskAttribute |
String |
Risk type of the check item. Valid values: PrivilegePromotion (privilege escalation); RefuseService (service rejected); DirectoryEscape (directory traversal); UnauthorizedAccess (unauthorized access); PrivilegeAndAccessControl (permissions, privileges, and access controls); SensitiveInfoLeak (sensitive data leakage).
Note: This field may return null, indicating that no valid values can be obtained. |
| RiskProperty |
String |
Risk characteristic and tag. Valid values: ExistEXP (an EXP exists); ExistPOC (a POC exists); NoNeedReboot (restart not required); ServerRestart (service restart); RemoteInfoLeak (remote information leakage); RemoteRefuseService (remote denial of service); RemoteExploit (remote exploit); RemoteExecute (remote execution).
Note: This field may return null, indicating that no valid values can be obtained. |
| CVENumber |
String |
CVE No.
Note: This field may return null, indicating that no valid values can be obtained. |
| DiscoverTime |
String |
Disclosure time
Note: This field may return null, indicating that no valid values can be obtained. |
| Solution |
String |
Solution
Note: This field may return null, indicating that no valid values can be obtained. |
| CVSS |
String |
CVSS information, which is used for drawing.
Note: This field may return null, indicating that no valid values can be obtained. |
| CVSSScore |
String |
CVSS score
Note: This field may return null, indicating that no valid values can be obtained. |
| RelateLink |
String |
Reference link
Note: This field may return null, indicating that no valid values can be obtained. |
| AffectedType |
String |
Affected type. Valid values: Node, Workload.
Note: This field may return null, indicating that no valid values can be obtained. |
| AffectedVersion |
String |
Affected version information
Note: This field may return null, indicating that no valid values can be obtained. |
| IgnoredAssetNum |
Integer |
Number of ignored assets
Note: This field may return null, indicating that no valid values can be obtained. |
| IsIgnored |
Boolean |
Whether to ignore the check item
Note: This field may return null, indicating that no valid values can be obtained. |
| RiskAssessment |
String |
Impact assessment
Note: This field may return null, indicating that no valid values can be obtained. |
ClusterCheckTaskItem
Input parameters for a cluster check task
Used by actions: CreateClusterCheckTask.
| Name |
Type |
Required |
Description |
| ClusterId |
String |
Yes |
ID of the specified cluster to be scanned |
| ClusterRegion |
String |
Yes |
Cluster region |
| NodeIp |
String |
No |
IP of the specified node to be scanned |
| WorkloadName |
String |
No |
Name of the specified workload to be scanned |
ClusterCreateComponentItem
Input parameters for CreateCheckComponent, which are used to batch install defenders.
Used by actions: CreateCheckComponent.
| Name |
Type |
Required |
Description |
| ClusterId |
String |
Yes |
ID of the cluster for which to install the component |
| ClusterRegion |
String |
Yes |
Cluster region |
ClusterCustomParameters
Custom parameters of the cluster
Used by actions: DescribeAgentDaemonSetCmd.
| Name |
Type |
Required |
Description |
| Name |
String |
Yes |
Parameter name |
| Values |
Array of String |
Yes |
Parameter value |
ClusterInfoItem
Response parameters structure of the cluster asset
Used by actions: DescribeUserCluster.
| Name |
Type |
Description |
| ClusterId |
String |
Cluster ID |
| ClusterName |
String |
Cluster name |
| ClusterVersion |
String |
Cluster version |
| ClusterOs |
String |
Cluster OS |
| ClusterType |
String |
Cluster type |
| ClusterNodeNum |
Integer |
Number of nodes in the cluster |
| Region |
String |
Cluster region |
| DefenderStatus |
String |
Status of the monitoring component. Valid values: Defender_Uninstall, Defender_Normal, Defender_Error, Defender_Installing. |
| ClusterStatus |
String |
Cluster status |
| ClusterCheckMode |
String |
Cluster check mode. Valid values: Cluster_Normal, Cluster_Actived. |
| ClusterAutoCheck |
Boolean |
Whether automatic and regular check is enabled |
| DefenderErrorReason |
String |
Cause of the failure to deploy the defender. When it is UserDaemonSetNotReady, UnreadyNodeNum is changed to "The defenders on N nodes are ready". If it is another value, the error message is directly displayed. |
| UnreadyNodeNum |
Integer |
Number of nodes where the defender is not ready |
| SeriousRiskCount |
Integer |
Number of critical check items |
| HighRiskCount |
Integer |
Number of high-risk check items |
| MiddleRiskCount |
Integer |
Number of medium-risk check items |
| HintRiskCount |
Integer |
Number of prompt-risk check items |
| CheckFailReason |
String |
Check failure cause |
| CheckStatus |
String |
Check status. Valid values: Task_Running, NoRisk, HasRisk, Uncheck, Task_Error. |
| TaskCreateTime |
String |
Task creation time and check time |
ClusterRiskItem
A risk item is a check item with an issue found in the check, with certain information of the check result.
Used by actions: DescribeRiskList.
| Name |
Type |
Description |
| CheckItem |
ClusterCheckItem |
Check item information |
| VerifyInfo |
String |
Verification information |
| ErrorMessage |
String |
Event description and check error message |
| AffectedClusterCount |
Integer |
Number of affected clusters |
| AffectedNodeCount |
Integer |
Number of affected nodes |
ComplianceAffectedAsset
Information of the asset affected by the check item
Used by actions: DescribeCompliancePolicyItemAffectedAssetList.
| Name |
Type |
Description |
| CustomerAssetId |
Integer |
Unique ID of the customer asset |
| AssetName |
String |
Asset name |
| AssetType |
String |
Asset type |
| CheckStatus |
String |
Check status
CHECK_INIT: To be checked.
CHECK_RUNNING: Checking.
CHECK_FINISHED: Checked.
CHECK_FAILED: Check failed. |
| NodeName |
String |
Node name |
| LastCheckTime |
String |
Last check time in the format of "YYYY-MM-DD HH:m::SS"
It is "0000-00-00 00:00:00" if no check has been performed. |
| CheckResult |
String |
Check result. Valid values:
RESULT_FAILED: Failed.
RESULT_PASSED: Passed. |
| HostIP |
String |
Server IP
Note: This field may return null, indicating that no valid values can be obtained. |
| ImageTag |
String |
Image tag
Note: This field may return null, indicating that no valid values can be obtained. |
| VerifyInfo |
String |
Verification information of the check item
Note: This field may return null, indicating that no valid values can be obtained. |
| InstanceId |
String |
Instance ID
Note: This field may return null, indicating that no valid values can be obtained. |
ComplianceAssetDetailInfo
Asset details
Used by actions: DescribeComplianceAssetDetailInfo.
| Name |
Type |
Description |
| CustomerAssetId |
Integer |
Customer asset ID |
| AssetType |
String |
Asset type |
| AssetName |
String |
Asset name |
| NodeName |
String |
Node name of the asset |
| HostName |
String |
Server name of the asset |
| HostIP |
String |
Server IP of the asset |
| CheckStatus |
String |
Check status
CHECK_INIT: To be checked.
CHECK_RUNNING: Checking.
CHECK_FINISHED: Checked.
CHECK_FAILED: Check failed. |
| PassedPolicyItemCount |
Integer |
Number of check items that the asset passed |
| FailedPolicyItemCount |
Integer |
Number of check items that the asset failed |
| LastCheckTime |
Timestamp |
Last check time
Note: This field may return null, indicating that no valid values can be obtained. |
| CheckResult |
String |
Check result. Valid values:
RESULT_FAILED: Failed.
RESULT_PASSED: Passed.
Note: This field may return null, indicating that no valid values can be obtained. |
| AssetStatus |
String |
Asset status |
| AssetCreateTime |
Timestamp |
Asset creation time
ASSET_NORMAL: Running.
ASSET_PAUSED: Suspended.
ASSET_STOPPED: Stopped.
ASSET_ABNORMAL: Abnormal. |
ComplianceAssetInfo
Asset information
Used by actions: DescribeComplianceAssetList.
| Name |
Type |
Description |
| CustomerAssetId |
Integer |
Customer asset ID |
| AssetType |
String |
Asset type |
| AssetName |
String |
Asset name |
| ImageTag |
String |
This field is the image tag when the asset is an image.
Note: This field may return null, indicating that no valid values can be obtained. |
| HostIP |
String |
Server IP of the asset |
| NodeName |
String |
Node name of the asset |
| CheckStatus |
String |
Check status
CHECK_INIT: To be checked.
CHECK_RUNNING: Checking.
CHECK_FINISHED: Checked.
CHECK_FAILED: Check failed. |
| PassedPolicyItemCount |
Integer |
Number of check items that the asset passed
Note: This field may return null, indicating that no valid values can be obtained. |
| FailedPolicyItemCount |
Integer |
Number of check items that the asset failed
Note: This field may return null, indicating that no valid values can be obtained. |
| LastCheckTime |
Timestamp |
Last check time
Note: This field may return null, indicating that no valid values can be obtained. |
| CheckResult |
String |
Check result. Valid values:
RESULT_FAILED: Failed.
RESULT_PASSED: Passed.
Note: This field may return null, indicating that no valid values can be obtained. |
| InstanceId |
String |
Node instance ID
Note: This field may return null, indicating that no valid values can be obtained. |
ComplianceAssetPolicyItem
Information of a check item
Used by actions: DescribeComplianceAssetPolicyItemList.
| Name |
Type |
Description |
| CustomerPolicyItemId |
Integer |
Unique ID of the customer check item |
| BasePolicyItemId |
Integer |
Original ID of the check item |
| Name |
String |
Check item name |
| Category |
String |
Category of the check item |
| BenchmarkStandardId |
Integer |
Compliance standard ID |
| BenchmarkStandardName |
String |
Compliance standard name |
| RiskLevel |
String |
Severity |
| CheckStatus |
String |
Check status
CHECK_INIT: To be checked.
CHECK_RUNNING: Checking.
CHECK_FINISHED: Checked.
CHECK_FAILED: Check failed. |
| CheckResult |
String |
Check result
RESULT_PASSED: Passed.
RESULT_FAILED: Failed.
Note: This field may return null, indicating that no valid values can be obtained. |
| WhitelistId |
Integer |
Allowed item ID of the check item. If it exists and is not 0, the check item is ignored.
Note: This field may return null, indicating that no valid values can be obtained. |
| FixSuggestion |
String |
Handling suggestion |
| LastCheckTime |
String |
Last check time
Note: This field may return null, indicating that no valid values can be obtained. |
| VerifyInfo |
String |
Verification information
Note: This field may return null, indicating that no valid values can be obtained. |
ComplianceAssetPolicySetItem
List of asset IDs and check item IDs
Used by actions: AddComplianceAssetPolicySetToWhitelist.
| Name |
Type |
Required |
Description |
| CustomerAssetItemId |
Integer |
Yes |
Asset ID |
| CustomerPolicyItemIdSet |
Array of Integer |
No |
List of IDs of check items to be ignored in the specified asset. If it is empty, it indicates all. |
ComplianceAssetSummary
Asset overview
Used by actions: DescribeComplianceTaskAssetSummary.
| Name |
Type |
Description |
| AssetType |
String |
Asset type |
| IsCustomerFirstCheck |
Boolean |
Whether it is the first check. This parameter is used together with CheckStatus. |
| CheckStatus |
String |
Check status
CHECK_UNINIT: Feature not enabled.
CHECK_INIT: To be checked.
CHECK_RUNNING: Checking.
CHECK_FINISHED: Checked.
CHECK_FAILED: Check failed. |
| CheckProgress |
Float |
Check progress. Value range: 0-100. This field is valid only if the check is running.
Note: This field may return null, indicating that no valid values can be obtained. |
| PassedPolicyItemCount |
Integer |
Number of check items that the asset passed |
| FailedPolicyItemCount |
Integer |
Number of check items that the asset failed |
| FailedCriticalPolicyItemCount |
Integer |
Number of critical check items that the asset failed |
| FailedHighRiskPolicyItemCount |
Integer |
Number of high-risk check items that the asset failed |
| FailedMediumRiskPolicyItemCount |
Integer |
Number of medium-risk check items that the asset failed |
| FailedLowRiskPolicyItemCount |
Integer |
Number of low-risk check items that the asset failed |
| NoticePolicyItemCount |
Integer |
Number of prompt check items of the asset |
| PassedAssetCount |
Integer |
Number of assets that passed the check |
| FailedAssetCount |
Integer |
Number of assets that failed the check |
| AssetPassedRate |
Float |
Asset compliance rate. Value range: 0-100. |
| ScanFailedAssetCount |
Integer |
Number of assets that failed the check |
| CheckCostTime |
Float |
Last check duration in seconds
Note: This field may return null, indicating that no valid values can be obtained. |
| LastCheckTime |
Timestamp |
Last check time
Note: This field may return null, indicating that no valid values can be obtained. |
| PeriodRule |
CompliancePeriodTaskRule |
Scheduled check rule |
| OpenPolicyItemCount |
Integer |
Total number of enabled check items
Note: This field may return null, indicating that no valid values can be obtained. |
| IgnoredPolicyItemCount |
Integer |
Total number of ignored check items
Note: This field may return null, indicating that no valid values can be obtained. |
ComplianceBenchmarkStandard
Information of a compliance standard
Used by actions: DescribeCompliancePeriodTaskList.
| Name |
Type |
Description |
| StandardId |
Integer |
Compliance standard ID |
| Name |
String |
Compliance standard name |
| PolicyItemCount |
Integer |
Number of items contained in the compliance standard |
| Enabled |
Boolean |
Whether to enable the standard |
| Description |
String |
Description of the standard |
ComplianceBenchmarkStandardEnable
Whether to enable the compliance standard
Used by actions: ModifyCompliancePeriodTask.
| Name |
Type |
Required |
Description |
| StandardId |
Integer |
Yes |
Compliance standard ID |
| Enable |
Boolean |
Yes |
Whether to enable the compliance standard |
ComplianceContainerDetailInfo
Container asset details
Used by actions: DescribeComplianceAssetDetailInfo.
| Name |
Type |
Description |
| ContainerId |
String |
Container ID on the server |
| PodName |
String |
Pod name of the container
Note: This field may return null, indicating that no valid values can be obtained. |
ComplianceFilters
Key-value pair filter for conditional filtering queries, such as filter ID, name, and status. If more than one filter exists, the logical relationship between these filters is AND. If multiple values exist in one filter, the logical relationship between these values is OR.
Used by actions: DescribeAffectedNodeList, DescribeAffectedWorkloadList, DescribeCheckItemList, DescribeComplianceAssetList, DescribeComplianceAssetPolicyItemList, DescribeCompliancePolicyItemAffectedAssetList, DescribeComplianceScanFailedAssetList, DescribeComplianceTaskPolicyItemSummaryList, DescribeComplianceWhitelistItemList, DescribeNetworkFirewallAuditRecord, DescribeNetworkFirewallClusterList, DescribeNetworkFirewallNamespaceLabelList, DescribeNetworkFirewallPodLabelsList, DescribeNetworkFirewallPolicyList, DescribeRiskList, DescribeUserCluster.
| Name |
Type |
Required |
Description |
| Name |
String |
Yes |
Filter name |
| Values |
Array of String |
Yes |
One or more filter values |
| ExactMatch |
Boolean |
No |
Whether to use fuzzy query. Default value: true. |
ComplianceHostDetailInfo
Server asset details
Used by actions: DescribeComplianceAssetDetailInfo.
| Name |
Type |
Description |
| DockerVersion |
String |
Docker version on the server
Note: This field may return null, indicating that no valid values can be obtained. |
| K8SVersion |
String |
K8s version on the server
Note: This field may return null, indicating that no valid values can be obtained. |
ComplianceImageDetailInfo
Image asset details
Used by actions: DescribeComplianceAssetDetailInfo.
| Name |
Type |
Description |
| ImageId |
String |
Image ID on the server |
| ImageName |
String |
Image name |
| ImageTag |
String |
Image tag |
| Repository |
String |
Path of the remote repository of the image
Note: This field may return null, indicating that no valid values can be obtained. |
ComplianceK8SDetailInfo
K8s asset details
Used by actions: DescribeComplianceAssetDetailInfo.
| Name |
Type |
Description |
| ClusterName |
String |
K8s cluster name
Note: This field may return null, indicating that no valid values can be obtained. |
| ClusterVersion |
String |
K8s cluster version
Note: This field may return null, indicating that no valid values can be obtained. |
CompliancePeriodTask
Information of a scheduled task of the compliance baseline check
Used by actions: DescribeCompliancePeriodTaskList.
| Name |
Type |
Description |
| PeriodTaskId |
Integer |
Scheduled task ID |
| AssetType |
String |
Asset type
ASSET_CONTAINER: Container.
ASSET_IMAGE: Image.
ASSET_HOST: Server.
ASSET_K8S: K8s asset. |
| LastTriggerTime |
Timestamp |
Last trigger time
Note: This field may return null, indicating that no valid values can be obtained. |
| TotalPolicyItemCount |
Integer |
Total number of check items |
| PeriodRule |
CompliancePeriodTaskRule |
Cycle settings |
| BenchmarkStandardSet |
Array of ComplianceBenchmarkStandard |
List of compliance standards |
CompliancePeriodTaskRule
Cycle of a scheduled task
Used by actions: DescribeCompliancePeriodTaskList, DescribeComplianceTaskAssetSummary, ModifyCompliancePeriodTask.
| Name |
Type |
Required |
Description |
| Frequency |
Integer |
Yes |
Execution frequency (days). Valid values: 1, 3, 7. |
| ExecutionTime |
String |
Yes |
Execution time in the format of "HH:mm:SS" |
| Enable |
Boolean |
No |
Whether to enable
Note: This field may return null, indicating that no valid values can be obtained. |
CompliancePolicyAssetSetItem
List of check item IDs and asset IDs
Used by actions: DeleteCompliancePolicyAssetSetFromWhitelist.
| Name |
Type |
Required |
Description |
| CustomerPolicyItemId |
Integer |
Yes |
Check item ID |
| CustomerAssetItemIdSet |
Array of Integer |
No |
List of IDs of assets to be ignored in the specified check item. If it is empty, it indicates all. |
CompliancePolicyItemSummary
Aggregated information of a check item
Used by actions: DescribeCompliancePolicyItemAffectedSummary, DescribeComplianceTaskPolicyItemSummaryList.
| Name |
Type |
Description |
| CustomerPolicyItemId |
Integer |
Unique ID of the customer check item |
| BasePolicyItemId |
Integer |
Original ID of the check item |
| Name |
String |
Check item name |
| Category |
String |
Category of the check item, which is an enumerated string. |
| BenchmarkStandardName |
String |
Compliance standard |
| RiskLevel |
String |
Severity. Valid values: RISK_CRITICAL, RISK_HIGH, RISK_MEDIUM, RISK_LOW, RISK_NOTICE. |
| AssetType |
String |
Asset type of the check item |
| LastCheckTime |
Timestamp |
Last check time
Note: This field may return null, indicating that no valid values can be obtained. |
| CheckStatus |
String |
Check status
CHECK_INIT: To be checked.
CHECK_RUNNING: Checking.
CHECK_FINISHED: Checked.
CHECK_FAILED: Check failed. |
| CheckResult |
String |
Check result. Valid values: RESULT_PASSED: Passed.
RESULT_FAILED: Failed.
Note: This field may return null, indicating that no valid values can be obtained. |
| PassedAssetCount |
Integer |
Number of assets that passed the check
Note: This field may return null, indicating that no valid values can be obtained. |
| FailedAssetCount |
Integer |
Number of assets that failed the check
Note: This field may return null, indicating that no valid values can be obtained. |
| WhitelistId |
Integer |
Allowed item ID of the check item. If it exists and is not 0, the check item is ignored.
Note: This field may return null, indicating that no valid values can be obtained. |
| FixSuggestion |
String |
Handling suggestion |
| BenchmarkStandardId |
Integer |
Compliance standard ID |
| ApplicableVersion |
String |
TCSS editions that support this check item
Note: This field may return null, indicating that no valid value was found. |
ComplianceScanFailedAsset
Information of the asset that failed the check
Used by actions: DescribeComplianceScanFailedAssetList.
| Name |
Type |
Description |
| CustomerAssetId |
Integer |
Customer asset ID |
| AssetType |
String |
Asset type |
| CheckStatus |
String |
Check status
CHECK_INIT: To be checked.
CHECK_RUNNING: Checking.
CHECK_FINISHED: Checked.
CHECK_FAILED: Check failed. |
| AssetName |
String |
Asset name |
| FailureReason |
String |
Cause of the asset check failure |
| Suggestion |
String |
Suggestion for handling the check failure |
| CheckTime |
Timestamp |
Check time |
ComplianceWhitelistItem
Allowed item
Used by actions: DescribeComplianceWhitelistItemList.
| Name |
Type |
Description |
| WhitelistItemId |
Integer |
Allowed item ID |
| CustomerPolicyItemId |
Integer |
ID of the customer check item |
| Name |
String |
Check item name |
| StandardName |
String |
Compliance standard name |
| StandardId |
Integer |
Compliance standard ID |
| AffectedAssetCount |
Integer |
Number of assets affected by the check item |
| LastUpdateTime |
Timestamp |
Last update time |
| InsertTime |
Timestamp |
Allowed time |
ComponentInfo
Container component information
Used by actions: DescribeAssetComponentList.
| Name |
Type |
Description |
| Name |
String |
Name |
| Version |
String |
Version |
ComponentsInfo
Component information
Used by actions: DescribeAssetImageRegistryVulList.
| Name |
Type |
Description |
| Version |
String |
Component version information
Note: This field may return null, indicating that no valid values can be obtained. |
| FixedVersion |
String |
Fixed version
Note: This field may return·null, indicating that no valid values can be obtained. |
| Path |
String |
Path
Note: This field may return·null, indicating that no valid values can be obtained. |
| Type |
String |
Type
Note: This field may return·null, indicating that no valid values can be obtained. |
| Name |
String |
Add-on name
Note: This field may return null, indicating that no valid values can be obtained. |
ContainerInfo
List of containers
Used by actions: DescribeAssetContainerList.
| Name |
Type |
Description |
| ContainerID |
String |
Container ID |
| ContainerName |
String |
Container name |
| Status |
String |
Container status |
| CreateTime |
String |
Creation time |
| RunAs |
String |
Operator |
| Cmd |
String |
Command line |
| CPUUsage |
Integer |
CPU utilization * 1000 |
| RamUsage |
Integer |
Memory usage in KB |
| ImageName |
String |
Image name |
| ImageID |
String |
Image ID |
| POD |
String |
Image ID |
| HostID |
String |
Server ID |
| HostIP |
String |
Server IP |
| UpdateTime |
String |
Update time |
| HostName |
String |
Server name |
| PublicIp |
String |
Public IP |
| NetStatus |
String |
Network status
NORMAL: Not isolated.
ISOLATED: Isolated.
ISOLATING: Isolating.
ISOLATE_FAILED: Isolation failed.
RESTORING: Recovering.
RESTORE_FAILED: Recovery failed. |
| NetSubStatus |
String |
Sub-status of the network |
| IsolateSource |
String |
Isolation source
Note: This field may return null, indicating that no valid values can be obtained. |
| IsolateTime |
String |
Isolation time
Note: This field may return null, indicating that no valid values can be obtained. |
| NodeID |
String |
Super node ID |
| PodIP |
String |
Pod IP |
| PodName |
String |
Pod name |
| NodeType |
String |
Node type. Valid values: NORMAL (general node), SUPER (super node) |
| NodeUniqueID |
String |
UID of the super node |
| PodCpu |
Integer |
Number of CPU cores used by the pod |
| PodMem |
Integer |
Memory specification of the Pod |
| ClusterName |
String |
|
| ClusterID |
String |
|
| PodUid |
String |
|
ContainerMount
Container mount information
Used by actions: DescribeAssetContainerDetail.
| Name |
Type |
Description |
| Type |
String |
Mount type: bind. |
| Source |
String |
Host path |
| Destination |
String |
Path in the container |
| Mode |
String |
Mode |
| RW |
Boolean |
Read/Write permission |
| Propagation |
String |
Propagation type |
| Name |
String |
Name |
| Driver |
String |
Driver |
ContainerNetwork
Container network information
Used by actions: DescribeAssetContainerDetail.
| Name |
Type |
Description |
| EndpointID |
String |
Endpoint ID |
| Mode |
String |
Mode: bridge. |
| Name |
String |
Network name |
| NetworkID |
String |
Network ID |
| Gateway |
String |
Gateway |
| Ipv4 |
String |
IPv4 address |
| Ipv6 |
String |
IPv6 address |
| MAC |
String |
MAC address |
EmergencyVulInfo
List of emergency vulnerabilities
Used by actions: DescribeEmergencyVulList.
| Name |
Type |
Description |
| Name |
String |
Vulnerability name |
| Tags |
Array of String |
Vulnerability tag
Note: This field may return null, indicating that no valid values can be obtained. |
| CVSSV3Score |
Float |
CVSS V3 score
Note: This field may return null, indicating that no valid values can be obtained. |
| Level |
String |
Risk level
Note: This field may return null, indicating that no valid values can be obtained. |
| CVEID |
String |
CVE No. |
| Category |
String |
Vulnerability type
Note: This field may return null, indicating that no valid values can be obtained. |
| SubmitTime |
String |
Vulnerability disclosure time
Note: This field may return null, indicating that no valid values can be obtained. |
| LatestFoundTime |
String |
Last discovery time
Note: This field may return null, indicating that no valid values can be obtained. |
| Status |
String |
Emergency vulnerability risk information. Valid values: NOT_SCAN (not scanned); SCANNING (scanning); SCANNED_NOT_RISK (scanned and at no risk); SCANNED_RISK (scanned and at risk). |
| ID |
Integer |
Vulnerability ID |
| PocID |
String |
POC ID |
| DefenceStatus |
String |
Defense status. Valid values: NO_DEFENDED, DEFENDED.
Note: This field may return null, indicating that no valid values can be obtained. |
| DefenceScope |
String |
Scope of servers with exploit prevention enabled. Valid values: MANUAL (specified servers); ALL (all servers).
Note: This field may return null, indicating that no valid values can be obtained. |
| DefenceHostCount |
Integer |
Number of servers with exploit prevention enabled
Note: This field may return null, indicating that no valid values can be obtained. |
| DefendedCount |
Integer |
Number of attacks defended against
Note: This field may return null, indicating that no valid values can be obtained. |
EscapeEventDescription
Description of the container escape event at runtime
Used by actions: DescribeEscapeEventDetail.
| Name |
Type |
Description |
| Description |
String |
Event rule |
| Solution |
String |
Solution |
| Remark |
String |
Event remarks
Note: This field may return null, indicating that no valid values can be obtained. |
| OperationTime |
String |
Last processing time of the event
Note: This field may return null, indicating that no valid values can be obtained. |
EscapeEventInfo
List of container escape events
Used by actions: DescribeEscapeEventInfo.
| Name |
Type |
Description |
| EventType |
String |
Event type.
ESCAPE_CGROUPS: Cgroup escape.
ESCAPE_TAMPER_SENSITIVE_FILE: File tamper escape.
ESCAPE_DOCKER_API: Docker API access escape.
ESCAPE_VUL_OCCURRED: Vulnerability exploit.
MOUNT_SENSITIVE_PTAH: Sensitive path mount.
PRIVILEGE_CONTAINER_START: Privileged container.
PRIVILEGE: Program privilege escalation escape. |
| ContainerName |
String |
Container name |
| ImageName |
String |
Image name |
| Status |
String |
Status. Valid values: EVENT_UNDEAL (pending); EVENT_DEALED (processed); EVENT_INGNORE (ignored). |
| EventId |
String |
Unique event ID |
| NodeName |
String |
Node name |
| PodName |
String |
Pod (instance) name |
| FoundTime |
Timestamp |
Generation time |
| EventName |
String |
Event name
Host file access escape
Syscall escape
Mount namespace escape
Program privilege escalation escape
Privileged container startup escape
Sensitive path mount |
| ImageId |
String |
Image ID, which is used for redirect. |
| ContainerId |
String |
Container ID, which is used for redirect. |
| Solution |
String |
Event solution |
| Description |
String |
Event description |
| EventCount |
Integer |
Number of events |
| LatestFoundTime |
Timestamp |
Last generation time |
| NodeIP |
String |
Node IP
Note: This field may return null, indicating that no valid values can be obtained. |
| HostID |
String |
Server IP
Note: This field may return null, indicating that no valid values can be obtained. |
| ContainerNetStatus |
String |
Network status
NORMAL: Not isolated.
ISOLATED: Isolated.
ISOLATING: Isolating.
ISOLATE_FAILED: Isolation failed.
RESTORING: Recovering.
RESTORE_FAILED: Recovery failed.
Note: This field may return null, indicating that no valid values can be obtained. |
| ContainerNetSubStatus |
String |
Sub-status of the container
"AGENT_OFFLINE" // The agent is offline.
"NODE_DESTROYED" // The node is terminated.
"CONTAINER_EXITED" // The container exited.
"CONTAINER_DESTROYED" // The container was terminated.
"SHARED_HOST" // The container shares the network with the server.
"RESOURCE_LIMIT" // The number of resources to be isolated exceeds the limit.
"UNKNOW" // The reason is unknown.
Note: This field may return null, indicating that no valid values can be obtained. |
| ContainerIsolateOperationSrc |
String |
Container isolation operation source
Note: This field may return null, indicating that no valid values can be obtained. |
| ContainerStatus |
String |
Container status
RUNNING: Running.
PAUSED: Paused.
STOPPED: Stopped.
CREATED: Created.
DESTROYED: Terminated.
RESTARTING: Restarting.
REMOVING: Removing. |
| ClusterID |
String |
ID of the cluster where the node resides |
| NodeType |
String |
Node type. Values: NORMAL (general node), SUPER (super node). |
| PodIP |
String |
Pod IP |
| NodeUniqueID |
String |
Unique node ID |
| PublicIP |
String |
Node public IP |
| NodeID |
String |
Node ID |
| HostIP |
String |
Private IP of the node |
| ClusterName |
String |
Cluster name |
EscapeEventTendencyInfo
Trend of pending escape events
Used by actions: DescribeEscapeEventTendency.
| Name |
Type |
Description |
| RiskContainerEventCount |
Integer |
Total number of pending containers at risk |
| ProcessPrivilegeEventCount |
Integer |
Total number of pending program privilege escalation events |
| ContainerEscapeEventCount |
Integer |
Total number of pending container escape events |
| Date |
Date |
Date |
EscapeRule
Enablement/Disablement of the container escape scan policy
Used by actions: DescribeEscapeRuleInfo.
| Name |
Type |
Description |
| Type |
String |
Rule type
ESCAPE_HOST_ACESS_FILE: Host file access escape.
ESCAPE_MOUNT_NAMESPACE: Mount namespace escape.
ESCAPE_PRIVILEDGE: Program privilege escalation escape.
ESCAPE_PRIVILEDGE_CONTAINER_START: Privileged container startup escape.
ESCAPE_MOUNT_SENSITIVE_PTAH: Sensitive path mount.
ESCAPE_SYSCALL: Syscall escape. |
| Name |
String |
Rule name
Host file access escape
Syscall escape
Mount namespace escape
Program privilege escalation escape
Privileged container startup escape
Sensitive path mount |
| IsEnable |
Boolean |
Whether to enable. Valid values: false (no); true (yes). |
| Group |
String |
Rule group. Valid values: RISK_CONTAINER (container in risk); PROCESS_PRIVILEGE (program privilege escalation); CONTAINER_ESCAPE (container escape). |
EscapeRuleEnabled
Enablement/Disablement of the container escape scan policy
Used by actions: ModifyEscapeRule.
| Name |
Type |
Required |
Description |
| Type |
String |
Yes |
Rule type
ESCAPE_HOST_ACESS_FILE: Host file access escape.
ESCAPE_MOUNT_NAMESPACE: Mount namespace escape.
ESCAPE_PRIVILEDGE: Program privilege escalation escape.
ESCAPE_PRIVILEDGE_CONTAINER_START: Privileged container startup escape.
ESCAPE_MOUNT_SENSITIVE_PTAH: Sensitive path mount.
ESCAPE_SYSCALL: Syscall escape. |
| IsEnable |
Boolean |
Yes |
Whether to enable. Valid values: false (no); true (yes). |
EscapeWhiteListInfo
Escape allowlist
Used by actions: DescribeEscapeWhiteList.
| Name |
Type |
Description |
| ImageID |
String |
Image ID |
| ImageName |
String |
Image name |
| ID |
Integer |
Allowed item ID |
| HostCount |
Integer |
Number of associated servers |
| ContainerCount |
Integer |
Number of associated containers |
| EventType |
Array of String |
Allowed event type |
| InsertTime |
String |
Creation time |
| UpdateTime |
String |
Update time |
| ImageSize |
Integer |
Image size |
ExportJobInfo
Export job details
Used by actions: DescribeExportJobManageList.
| Name |
Type |
Description |
| JobID |
String |
Job ID |
| JobName |
String |
Job name |
| Source |
String |
Source |
| ExportStatus |
String |
Export status |
| ExportProgress |
Integer |
Export progress |
| FailureMsg |
String |
Reason for failure |
| Timeout |
String |
Timeout threshold |
| InsertTime |
String |
Insertion time |
FileAttributeInfo
Container runtime security - File attribute information
Used by actions: DescribeAccessControlDetail.
| Name |
Type |
Description |
| FileName |
String |
Filename |
| FileType |
String |
File type |
| FileSize |
Integer |
File size in bytes |
| FilePath |
String |
File path |
| FileCreateTime |
Timestamp |
File creation time |
| LatestTamperedFileMTime |
Timestamp |
Time when the file is last tampered with |
| NewFile |
String |
Content of the new file |
| FileDiff |
String |
Differences between old and new files |
HostInfo
List of server IDs
Used by actions: DescribeAssetHostList.
| Name |
Type |
Description |
| HostID |
String |
Server ID |
| HostIP |
String |
Server IP, which is the private IP |
| HostName |
String |
Server name |
| Group |
String |
Project |
| DockerVersion |
String |
Docker version |
| DockerFileSystemDriver |
String |
Docker file system type |
| ImageCnt |
Integer |
Number of images |
| ContainerCnt |
Integer |
Number of containers |
| Status |
String |
Agent status |
| IsContainerd |
Boolean |
Whether it is Containerd |
| MachineType |
String |
Server source. Valid values: CVM, ECM, LH, BM, Other. The first four values indicate Tencent Cloud instances, while the last one indicates non-Tencent Cloud instances. |
| PublicIp |
String |
Public IP |
| Uuid |
String |
Server UUID |
| InstanceID |
String |
Server instance ID |
| RegionID |
Integer |
Region ID |
| Project |
ProjectInfo |
Project
Note: This field may return null, indicating that no valid value was found. |
| Tags |
Array of TagInfo |
Tags
Note: This field may return null, indicating that no valid value was found. |
| ClusterID |
String |
Cluster ID |
| ClusterName |
String |
|
| ClusterAccessedStatus |
String |
|
ImageAutoAuthorizedTask
Information of the automatic image licensing task
Used by actions: DescribeImageAutoAuthorizedTaskList.
| Name |
Type |
Description |
| TaskId |
Integer |
Task ID |
| Type |
String |
Licensing method. Valid values: AUTO (automatic licensing); MANUAL (manual licensing). |
| AuthorizedDate |
Date |
Task date |
| Source |
String |
Image source. Valid values: LOCAL (local image); REGISTRY (repository image). |
| LastAuthorizedTime |
String |
Last licensing time |
| SuccessCount |
Integer |
Number of images automatically licensed successfully |
| FailCount |
Integer |
Number of images failed to be automatically licensed |
| LatestFailCode |
String |
Error code for the last task. Valid values: REACH_LIMIT (reaching the upper limit on licenses); LICENSE_INSUFFICIENT (insufficient licenses). |
ImageComponent
Information of a component in the image
Used by actions: DescribeImageComponentList.
| Name |
Type |
Description |
| Name |
String |
Component name |
| Version |
String |
Component version |
| Path |
String |
Component path |
| Type |
String |
Component type |
| VulCount |
Integer |
Number of component vulnerabilities
Note: This field may return null, indicating that no valid values can be obtained. |
| ImageID |
String |
Image ID
Note: This field may return null, indicating that no valid values can be obtained. |
ImageHost
List of images associated with servers
Used by actions: DescribeAssetImageHostList.
| Name |
Type |
Description |
| ImageID |
String |
Image ID |
| HostID |
String |
Server ID |
ImageInfo
Basic image information
Used by actions: CreateAssetImageRegistryScanTask, CreateAssetImageRegistryScanTaskOneKey, DescribeAssetImageRegistryRiskInfoList, DescribeAssetImageRegistryRiskListExport, DescribeAssetImageRegistryScanStatusOneKey, DescribeAssetImageRegistryVirusList, DescribeAssetImageRegistryVirusListExport, DescribeAssetImageRegistryVulList, DescribeAssetImageRegistryVulListExport, DescribeImageRegistryTimingScanTask, ModifyAssetImageRegistryScanStop, ModifyAssetImageRegistryScanStopOneKey, UpdateImageRegistryTimingScanTask.
| Name |
Type |
Required |
Description |
| InstanceName |
String |
Yes |
Instance name |
| Namespace |
String |
Yes |
Namespace |
| ImageName |
String |
Yes |
Image name |
| ImageTag |
String |
Yes |
Image tag |
| Force |
String |
Yes |
Forced scan |
| ImageDigest |
String |
No |
Image ID |
| RegistryType |
String |
No |
Repository type |
| ImageRepoAddress |
String |
No |
Image repository address |
| InstanceId |
String |
No |
Instance ID |
ImageProgress
Basic image information
Used by actions: DescribeAssetImageRegistryScanStatusOneKey.
| Name |
Type |
Description |
| ImageId |
String |
Image ID
Note: This field may return null, indicating that no valid values can be obtained. |
| RegistryType |
String |
Repository type
Note: This field may return null, indicating that no valid values can be obtained. |
| ImageRepoAddress |
String |
Image repository address
Note: This field may return null, indicating that no valid values can be obtained. |
| InstanceId |
String |
Instance ID
Note: This field may return null, indicating that no valid values can be obtained. |
| InstanceName |
String |
Instance name
Note: This field may return null, indicating that no valid values can be obtained. |
| Namespace |
String |
Namespace
Note: This field may return null, indicating that no valid values can be obtained. |
| ImageName |
String |
Repository name
Note: This field may return null, indicating that no valid values can be obtained. |
| ImageTag |
String |
Image tag
Note: This field may return null, indicating that no valid values can be obtained. |
| ScanStatus |
String |
Image scanning status
Note: This field may return null, indicating that no valid values can be obtained. |
| CveProgress |
Integer |
CVE scanning progress of the image
Note: This field may return null, indicating that no valid values can be obtained. |
| RiskProgress |
Integer |
Sensitive data scanning progress of the image
Note: This field may return null, indicating that no valid values can be obtained. |
| VirusProgress |
Integer |
Trojan scanning progress of the image
Note: This field may return null, indicating that no valid values can be obtained. |
ImageRepoInfo
List of image repositories
Used by actions: DescribeAssetImageRegistryList.
| Name |
Type |
Description |
| ImageDigest |
String |
Image digest |
| ImageRepoAddress |
String |
Image repository address |
| RegistryType |
String |
Repository type |
| ImageName |
String |
Image name |
| ImageTag |
String |
Image tag |
| ImageSize |
Integer |
Image size |
| ScanTime |
String |
Last scan time |
| ScanStatus |
String |
Scanning status |
| VulCnt |
Integer |
Number of vulnerabilities |
| VirusCnt |
Integer |
Number of viruses and trojans |
| RiskCnt |
Integer |
Number of risky behaviors |
| IsTrustImage |
Boolean |
Whether it is a trusted image |
| OsName |
String |
Image system |
| ScanVirusError |
String |
Trojan scan error
Note: This field may return null, indicating that no valid values can be obtained. |
| ScanVulError |
String |
Vulnerability scan error
Note: This field may return null, indicating that no valid values can be obtained. |
| InstanceId |
String |
Instance ID |
| InstanceName |
String |
Instance name |
| Namespace |
String |
Namespace |
| ScanRiskError |
String |
High-risk scan error
Note: This field may return null, indicating that no valid values can be obtained. |
| ScanVirusProgress |
Integer |
Sensitive data scanning progress
Note: This field may return null, indicating that no valid values can be obtained. |
| ScanVulProgress |
Integer |
Trojan scanning progress
Note: This field may return null, indicating that no valid values can be obtained. |
| ScanRiskProgress |
Integer |
Vulnerability scanning progress
Note: This field may return null, indicating that no valid values can be obtained. |
| ScanRemainTime |
Integer |
Remaining scan time in seconds
Note: This field may return null, indicating that no valid values can be obtained. |
| CveStatus |
String |
CVE scanning status
Note: This field may return null, indicating that no valid values can be obtained. |
| RiskStatus |
String |
High-risk scanning status
Note: This field may return null, indicating that no valid values can be obtained. |
| VirusStatus |
String |
Trojan scanning status
Note: This field may return null, indicating that no valid values can be obtained. |
| Progress |
Integer |
Overall progress
Note: This field may return null, indicating that no valid values can be obtained. |
| IsAuthorized |
Integer |
Licensing status |
| RegistryRegion |
String |
Repository region |
| Id |
Integer |
List of IDs |
| ImageId |
String |
Image ID
Note: This field may return null, indicating that no valid values can be obtained. |
| ImageCreateTime |
Timestamp ISO8601 |
Image creation time
Note: This field may return null, indicating that no valid values can be obtained. |
| IsLatestImage |
Boolean |
Whether it is the latest image tag
Note: This field may return null, indicating that no valid values can be obtained. |
ImageRepoRegistryInfo
Used by actions: DescribeAssetImageRegistryRegistryList.
| Name |
Type |
Description |
| RegistryId |
Integer |
|
| Name |
String |
|
| RegistryType |
String |
|
| Url |
String |
|
| NetType |
String |
|
| RegistryRegion |
String |
|
| RegistryVersion |
String |
|
| ConnectMsg |
String |
|
| ConnDetectType |
String |
|
| ConnDetectHostCount |
Integer |
|
| ConnDetectDetail |
Array of RegistryConnDetectResult |
|
| InstanceID |
String |
|
| LatestSyncTime |
String |
|
| SyncStatus |
String |
|
| SyncFailReason |
String |
|
| SyncSolution |
String |
|
| SyncMessage |
String |
|
ImageRisk
Information of a high-risk behavior in the image
Used by actions: DescribeAssetImageRegistryRiskInfoList.
| Name |
Type |
Description |
| Behavior |
Integer |
High-risk behavior
Note: This field may return null, indicating that no valid values can be obtained. |
| Type |
Integer |
Type
Note: This field may return null, indicating that no valid values can be obtained. |
| Level |
String |
Risk level
Note: This field may return null, indicating that no valid values can be obtained. |
| Desc |
String |
Description
Note: This field may return null, indicating that no valid values can be obtained. |
| InstructionContent |
String |
Solution
Note: This field may return null, indicating that no valid values can be obtained. |
ImageRiskInfo
Image risk details
Used by actions: DescribeAssetImageRiskList.
| Name |
Type |
Description |
| Behavior |
Integer |
Behavior |
| Type |
Integer |
Type |
| Level |
Integer |
Level |
| Desc |
String |
Details |
| InstructionContent |
String |
Solution |
ImageRiskTendencyInfo
Trend information of security events at runtime
Used by actions: DescribeImageRiskTendency.
| Name |
Type |
Description |
| ImageRiskSet |
Array of RunTimeTendencyInfo |
List of trends |
| ImageRiskType |
String |
Risk type:
IRT_VULNERABILITY: Vulnerability.
IRT_MALWARE_VIRUS: Virus and trojan.
IRT_RISK: Sensitive data. |
ImageSimpleInfo
List of images
Used by actions: DescribeImageSimpleList.
| Name |
Type |
Description |
| ImageID |
String |
Image ID |
| ImageName |
String |
Image name |
| Size |
Integer |
Image size |
| ImageType |
String |
Type |
| ContainerCnt |
Integer |
Number of associated containers |
ImageVirus
Information of a virus in the image
Used by actions: DescribeAssetImageRegistryVirusList.
| Name |
Type |
Description |
| Path |
String |
Path
Note: This field may return null, indicating that no valid values can be obtained. |
| RiskLevel |
String |
Risk level
Note: This field may return null, indicating that no valid values can be obtained. |
| Category |
String |
Category
Note: This field may return null, indicating that no valid values can be obtained. |
| VirusName |
String |
Virus name
Note: This field may return null, indicating that no valid values can be obtained. |
| Tags |
Array of String |
Tag
Note: This field may return null, indicating that no valid values can be obtained. |
| Desc |
String |
Description
Note: This field may return null, indicating that no valid values can be obtained. |
| Solution |
String |
Solution
Note: This field may return null, indicating that no valid values can be obtained. |
| FileType |
String |
File type
Note: This field may return null, indicating that no valid values can be obtained. |
| FileName |
String |
File path
Note: This field may return null, indicating that no valid values can be obtained. |
| FileMd5 |
String |
MD5 checksum of the file
Note: This field may return null, indicating that no valid values can be obtained. |
| FileSize |
Integer |
Size
Note: This field may return null, indicating that no valid values can be obtained. |
| FirstScanTime |
String |
First discovery time
Note: This field may return null, indicating that no valid values can be obtained. |
| LatestScanTime |
String |
Last scan time
Note: This field may return null, indicating that no valid values can be obtained. |
ImageVirusInfo
Information of a virus in the image
Used by actions: DescribeAssetImageVirusList.
| Name |
Type |
Description |
| Path |
String |
Path
Note: This field may return null, indicating that no valid values can be obtained. |
| RiskLevel |
Integer |
Risk level
Note: This field may return null, indicating that no valid values can be obtained. |
| VirusName |
String |
Virus name
Note: This field may return null, indicating that no valid values can be obtained. |
| Tags |
Array of String |
Tag
Note: This field may return null, indicating that no valid values can be obtained. |
| Desc |
String |
Description
Note: This field may return null, indicating that no valid values can be obtained. |
| Solution |
String |
Fix suggestion
Note: This field may return null, indicating that no valid values can be obtained. |
| Size |
Integer |
Size
Note: This field may return null, indicating that no valid values can be obtained. |
| FirstScanTime |
String |
First discovery time
Note: This field may return null, indicating that no valid values can be obtained. |
| LatestScanTime |
String |
Last scan time
Note: This field may return null, indicating that no valid values can be obtained. |
| Md5 |
String |
MD5 checksum of the file
Note: This field may return null, indicating that no valid values can be obtained. |
| FileName |
String |
Filename
Note: This field may return null, indicating that no valid values can be obtained. |
| CheckPlatform |
Array of String |
Check platform
1: Tencent Cloud Security Engine.
2: tav.
3: binaryAi.
4: Unusual behavior.
5: Threat intelligence.
Note: This field may return null, indicating that no valid values can be obtained. |
ImageVul
Information of a vulnerability in the image
Used by actions: DescribeAssetImageRegistryVulList.
| Name |
Type |
Description |
| CVEID |
String |
Vulnerability ID
Note: This field may return null, indicating that no valid values can be obtained. |
| POCID |
String |
POC ID
Note: This field may return null, indicating that no valid values can be obtained. |
| Name |
String |
Vulnerability name
Note: This field may return null, indicating that no valid values can be obtained. |
| Components |
Array of ComponentsInfo |
Component information
Note: This field may return null, indicating that no valid values can be obtained. |
| Category |
String |
Category
Note: This field may return null, indicating that no valid values can be obtained. |
| CategoryType |
String |
Category 2
Note: This field may return null, indicating that no valid values can be obtained. |
| Level |
String |
Risk level
Note: This field may return null, indicating that no valid values can be obtained. |
| Des |
String |
Description
Note: This field may return null, indicating that no valid values can be obtained. |
| OfficialSolution |
String |
Solution
Note: This field may return null, indicating that no valid values can be obtained. |
| Reference |
String |
Reference
Note: This field may return null, indicating that no valid values can be obtained. |
| DefenseSolution |
String |
Defense solution
Note: This field may return null, indicating that no valid values can be obtained. |
| SubmitTime |
String |
Submission time
Note: This field may return null, indicating that no valid values can be obtained. |
| CvssScore |
String |
CVSS score
Note: This field may return null, indicating that no valid values can be obtained. |
| CvssVector |
String |
CVSS information
Note: This field may return null, indicating that no valid values can be obtained. |
| IsSuggest |
String |
Whether fix is suggested
Note: This field may return null, indicating that no valid values can be obtained. |
| FixedVersions |
String |
Number of the fixed version
Note: This field may return null, indicating that no valid values can be obtained. |
| Tag |
Array of String |
Vulnerability tag. Valid values: CanBeFixed, DynamicLevelPoc, DynamicLevelExp.
Note: This field may return null, indicating that no valid values can be obtained. |
| Component |
String |
Component name
Note: This field may return null, indicating that no valid values can be obtained. |
| Version |
String |
Component version
Note: This field may return null, indicating that no valid values can be obtained. |
ImagesBindRuleInfo
Information of the runtime rule bound to the image
Used by actions: DescribeAssetImageBindRuleInfo.
| Name |
Type |
Description |
| ImageId |
String |
Image ID |
| ImageName |
String |
Image name |
| ContainerCnt |
Integer |
Number of associated containers |
| RuleId |
String |
Bound rule ID
Note: This field may return null, indicating that no valid values can be obtained. |
| RuleName |
String |
Rule name
Note: This field may return null, indicating that no valid values can be obtained. |
| ImageSize |
Integer |
Image size
Note: This field may return null, indicating that no valid values can be obtained. |
| ScanTime |
String |
Last scan time
Note: This field may return null, indicating that no valid values can be obtained. |
ImagesInfo
List of image IDs
Used by actions: DescribeAssetImageList.
| Name |
Type |
Description |
| ImageID |
String |
Image ID |
| ImageName |
String |
Image name |
| CreateTime |
String |
Creation time |
| Size |
Integer |
Image size |
| HostCnt |
Integer |
Number of servers |
| ContainerCnt |
Integer |
Number of containers |
| ScanTime |
String |
Scan time |
| VulCnt |
Integer |
Number of vulnerabilities |
| VirusCnt |
Integer |
Number of viruses |
| RiskCnt |
Integer |
Number of sensitive data items |
| IsTrustImage |
Boolean |
Whether it is a trusted image |
| OsName |
String |
Image system |
| AgentError |
String |
Image scan error in the agent |
| ScanError |
String |
Image scan error on the backend |
| ScanStatus |
String |
Scanning status |
| ScanVirusError |
String |
Trojan scan error message |
| ScanVulError |
String |
Vulnerability scan error message |
| ScanRiskError |
String |
Risk scan error message |
| IsSuggest |
Integer |
Whether the image is of high priority. Valid values: 0 (no); others (yes). |
| IsAuthorized |
Integer |
Whether it is licensed. Valid values: 1 (yes); 0 (no). |
| ComponentCnt |
Integer |
Number of components |
ImagesVul
Vulnerability in the image
Used by actions: DescribeAssetImageVulList.
| Name |
Type |
Description |
| CVEID |
String |
Vulnerability ID |
| Name |
String |
Vulnerability name |
| Component |
String |
Component |
| Version |
String |
Version |
| Category |
String |
Category |
| CategoryType |
String |
Category 2 |
| Level |
Integer |
Risk level |
| Des |
String |
Description |
| OfficialSolution |
String |
Solution |
| Reference |
String |
Reference |
| DefenseSolution |
String |
Defense solution |
| SubmitTime |
String |
Submission time |
| CVSSV3Score |
Float |
CVSS V3 score |
| CVSSV3Desc |
String |
CVSS V3 description |
| IsSuggest |
Boolean |
Whether it is of high priority. Valid values: true (yes); false (no). |
| FixedVersions |
String |
Number of the fixed version
Note: This field may return null, indicating that no valid values can be obtained. |
| Tag |
Array of String |
Vulnerability tag. Valid values: CanBeFixed, DynamicLevelPoc, DynamicLevelExp.
Note: This field may return null, indicating that no valid values can be obtained. |
K8sApiAbnormalEventInfo
K8sApi api abnormal event details
Used by actions: DescribeK8sApiAbnormalEventInfo.
| Name |
Type |
Description |
| MatchRuleName |
String |
Hit rule name |
| MatchRuleType |
String |
Hit rule type |
| RiskLevel |
String |
Alarm level |
| ClusterID |
String |
Cluster ID |
| ClusterName |
String |
Cluster name |
| ClusterRunningStatus |
String |
Cluster running status |
| FirstCreateTime |
String |
First creation time |
| LastCreateTime |
String |
Last creation time |
| AlarmCount |
Integer |
Number of alarms |
| Status |
String |
Status
EVENT_UNDEAL: Unhandled
EVENT_DEALED: Handled
EVENT_IGNORE: Ignored
EVENT_DEL: Deleted
EVENT_ADD_WHITE: Added to an allowlist |
| ClusterMasterIP |
String |
The master IP of a cluster |
| K8sVersion |
String |
K8s version |
| RunningComponent |
Array of String |
Runtime component |
| Desc |
String |
Description |
| Suggestion |
String |
Suggestion |
| Info |
String |
Request information |
| MatchRuleID |
String |
Rule ID |
| HighLightFields |
Array of String |
An array of highlighted fields |
| MatchRule |
K8sApiAbnormalRuleScopeInfo |
Hit rule |
K8sApiAbnormalEventListItem
Items in the K8sApi abnormal event list
Used by actions: DescribeK8sApiAbnormalEventList.
| Name |
Type |
Description |
| ID |
Integer |
Event ID |
| MatchRuleType |
String |
Hit rule type |
| RiskLevel |
String |
Threat level |
| ClusterID |
String |
Cluster ID |
| ClusterName |
String |
Cluster name |
| ClusterRunningStatus |
String |
Cluster running status |
| FirstCreateTime |
String |
First creation time |
| LastCreateTime |
String |
Last creation time |
| AlarmCount |
Integer |
Number of alarms |
| Status |
String |
Status |
| RuleType |
String |
Rule type |
| Desc |
String |
Description |
| Suggestion |
String |
Solution |
| RuleName |
String |
Rule name |
| MatchRule |
K8sApiAbnormalRuleScopeInfo |
Hit rule |
K8sApiAbnormalRuleInfo
K8sApi abnormal request rule details
Used by actions: CreateK8sApiAbnormalRuleInfo, DescribeK8sApiAbnormalRuleInfo, ModifyK8sApiAbnormalRuleInfo.
| Name |
Type |
Required |
Description |
| RuleName |
String |
Yes |
Rule name |
| Status |
Boolean |
Yes |
Status |
| RuleInfoList |
Array of K8sApiAbnormalRuleScopeInfo |
Yes |
Rule information list |
| EffectClusterIDSet |
Array of String |
Yes |
Effective cluster IDSet |
| RuleType |
String |
Yes |
Rule type
RT_SYSTEM: System rules
RT_USER: User-defined rules |
| EffectAllCluster |
Boolean |
Yes |
Whether all clusters are effective |
| RuleID |
String |
No |
Rule ID |
K8sApiAbnormalRuleListItem
Items in the list of K8sApi abnormal request rules
Used by actions: DescribeK8sApiAbnormalRuleList.
| Name |
Type |
Description |
| RuleID |
String |
Rule ID |
| RuleName |
String |
Rule name |
| RuleType |
String |
Rule type
RT_SYSTEM System rules
RT_USER User defined |
| EffectClusterCount |
Integer |
Total number of affected clusters |
| UpdateTime |
String |
Update time |
| OprUin |
String |
Edit account |
| Status |
Boolean |
Status |
K8sApiAbnormalRuleScopeInfo
Configuration range of K8sApi abnormal event rules
Used by actions: CreateK8sApiAbnormalRuleInfo, DescribeK8sApiAbnormalEventInfo, DescribeK8sApiAbnormalEventList, DescribeK8sApiAbnormalRuleInfo, DescribeK8sApiAbnormalRuleScopeList, ModifyK8sApiAbnormalRuleInfo.
| Name |
Type |
Required |
Description |
| Scope |
String |
Yes |
Range
System event:
ANONYMOUS_ACCESS: Anonymous access
ABNORMAL_UA_REQ: Abnormal UA request
ANONYMOUS_ABNORMAL_PERMISSION: Abnormal changes on permissions of an anonymous user
GET_CREDENTIALS: Credential information acquisition
MOUNT_SENSITIVE_PATH: Sensitive path mounting
COMMAND_RUN: Command execution
PRIVILEGE_CONTAINER: Privilege container
EXCEPTION_CRONTAB_TASK: Aabnormal scheduled task
STATICS_POD: Static pod creation
ABNORMAL_CREATE_POD: Abnormal pod creation
USER_DEFINED: User defined |
| Action |
String |
Yes |
Action (RULE_MODE_ALERT: Alarm RULE_MODE_RELEASE: Release) |
| RiskLevel |
String |
No |
Threat level: "HIGH": High-risk level; "MIDDLE": Middle-risk level; "LOW": Low-risk level; "NOTICE": Notice level
Note: This field may return null, indicating that no valid value was found. |
| Status |
Boolean |
No |
Switch status (true: On; false: Off): applicable to system rules.
Note: This field may return null, indicating that no valid value was found. |
| IsDelete |
Boolean |
No |
Whether to delete: applicable to custom rule input parameters.
Note: This field may return null, indicating that no valid value was found. |
K8sApiAbnormalTendencyItem
Items in the list of K8sApi abnormal request trends
Used by actions: DescribeK8sApiAbnormalTendency.
| Name |
Type |
Description |
| Date |
String |
Date |
| ExceptionUARequestCount |
Integer |
The number of abnormal UA request events |
| AnonymousUserRightCount |
Integer |
The number of anonymous user permission events |
| CredentialInformationObtainCount |
Integer |
The number of credential information acquisition events |
| SensitiveDataMountCount |
Integer |
The number of sensitive data mounting events |
| CmdExecCount |
Integer |
The number of command execution events |
| AbnormalScheduledTaskCount |
Integer |
The number of abnormal scheduled task events |
| StaticsPodCreateCount |
Integer |
The number of static pods created |
| DoubtfulContainerCreateCount |
Integer |
The number of suspicious containers created |
| UserDefinedRuleCount |
Integer |
The number of custom rule events |
| AnonymousAccessCount |
Integer |
The number of anonymous access events |
| PrivilegeContainerCount |
Integer |
The number of privilege container events |
ModifyIgnoreVul
Input parameters for adding and unignoring vulnerabilities in the scan
Used by actions: AddIgnoreVul, DeleteIgnoreVul.
| Name |
Type |
Required |
Description |
| PocID |
String |
Yes |
POC ID |
| ImageIDs |
Array of String |
No |
IDs of images to be ignored. If it is not specified, it indicates to ignore all. |
| ImageType |
String |
No |
When there is an image
Image type. Valid values: LOCAL (local image); REGISTRY (repository image). |
NetworkAuditRecord
The structure returned by the audit of the network cluster asset
Used by actions: DescribeNetworkFirewallAuditRecord.
| Name |
Type |
Description |
| ClusterId |
String |
Cluster ID |
| ClusterName |
String |
Cluster name |
| Region |
String |
Cluster region |
| Action |
String |
Action |
| Operation |
String |
Operator |
| NetworkPolicyName |
String |
Policy name |
| OperationTime |
String |
Operation time |
| AppId |
Integer |
Operator appid
Note: This field may return null, indicating that no valid values can be obtained. |
| Uin |
String |
Operator UIN |
| PolicyId |
Integer |
The policy ID.
Note: This field may return·null, indicating that no valid values can be obtained. |
NetworkClusterInfoItem
Response parameters structure of the network cluster asset
Used by actions: DescribeNetworkFirewallClusterList.
| Name |
Type |
Description |
| ClusterId |
String |
Cluster ID |
| ClusterName |
String |
Cluster name |
| ClusterVersion |
String |
Cluster version |
| ClusterOs |
String |
Cluster OS |
| ClusterType |
String |
Cluster type |
| Region |
String |
Cluster region |
| NetworkPolicyPlugin |
String |
Cluster network plugin |
| ClusterStatus |
String |
Cluster status |
| TotalRuleCount |
Integer |
Total number of policies |
| EnableRuleCount |
Integer |
Number of enabled policies |
| NetworkPolicyPluginStatus |
String |
Status of the cluster network plugin. Valid values: Running (normal); Error (abnormal). |
| NetworkPolicyPluginError |
String |
Error message of the cluster network plugin
Note: This field may return null, indicating that no valid values can be obtained. |
| ClusterNetworkSettings |
String |
Cluster network plugin
Note: This field may return·null, indicating that no valid values can be obtained. |
NetworkClusterNamespaceLabelInfo
Response parameters structure of the network space label
Used by actions: DescribeNetworkFirewallNamespaceLabelList.
| Name |
Type |
Description |
| Labels |
String |
Network space label |
| Name |
String |
Network space name |
NetworkClusterPodInfo
Response parameters structure of the network cluster Pod
Used by actions: DescribeNetworkFirewallPodLabelsList.
| Name |
Type |
Description |
| PodName |
String |
Pod name |
| Namespace |
String |
Pod space
Note: This field may return null, indicating that no valid values can be obtained. |
| Labels |
String |
Pod label
Note: This field may return null, indicating that no valid values can be obtained. |
| WorkloadKind |
String |
Pod type
Note: This field may return null, indicating that no valid values can be obtained. |
NetworkCustomPolicy
Custom rule of the network cluster policy
Used by actions: AddAndPublishNetworkFirewallPolicyDetail, AddNetworkFirewallPolicyDetail, DescribeNetworkFirewallPolicyDetail, UpdateAndPublishNetworkFirewallPolicyDetail, UpdateNetworkFirewallPolicyDetail.
| Name |
Type |
Required |
Description |
| Direction |
String |
Yes |
Network policy direction. Valid values: FROM, TO. |
| Ports |
Array of NetworkPorts |
No |
Network policy port
Note: This field may return null, indicating that no valid values can be obtained. |
| Peer |
Array of NetworkPeer |
No |
Network policy object
PublishedNoConfirm: Enabled and to be confirmed.
PublishedConfirmed: Enabled and confirmed.
unPublishing: Disabled.
Publishing: Enabled.
unPublishEdit: To be enabled.
Note: This field may return null, indicating that no valid values can be obtained. |
NetworkPeer
Custom rule of the network cluster policy
Used by actions: AddAndPublishNetworkFirewallPolicyDetail, AddNetworkFirewallPolicyDetail, DescribeNetworkFirewallPolicyDetail, UpdateAndPublishNetworkFirewallPolicyDetail, UpdateNetworkFirewallPolicyDetail.
| Name |
Type |
Required |
Description |
| PeerType |
String |
Yes |
Object type:
Namespace: NamespaceSelector, which indicates that NamespaceSelector has a value.
Pod type: PodSelector, which indicates that both NamespaceSelector and PodSelector have values.
IP type: IPBlock, which indicates that only IPBlock has a value. |
| NamespaceSelector |
String |
No |
Namespace selector
Note: This field may return null, indicating that no valid values can be obtained. |
| PodSelector |
String |
No |
Pod selector
Note: This field may return null, indicating that no valid values can be obtained. |
| IPBlock |
String |
No |
IP selector
Note: This field may return null, indicating that no valid values can be obtained. |
NetworkPolicyInfoItem
Response parameters structure of the network cluster policy
Used by actions: DescribeNetworkFirewallPolicyList.
| Name |
Type |
Description |
| Name |
String |
Network policy name |
| Description |
String |
Network policy description
Note: This field may return null, indicating that no valid values can be obtained. |
| PublishStatus |
String |
Publishing status:
PublishedNoConfirm: Enabled and to be confirmed.
PublishedConfirmed: Enabled and confirmed.
unPublishing: Disabled.
Publishing: Enabled.
unPublishEdit: To be enabled. |
| PolicySourceType |
String |
Policy type:
System: Synched from the cluster.
Manual: Added manually. |
| Namespace |
String |
Policy space |
| PolicyCreateTime |
String |
Policy creation date |
| NetworkPolicyPlugin |
String |
Policy type
kube-router: KubeRouter
cilium: Cilium |
| PublishResult |
String |
Policy publishing result
Note: This field may return null, indicating that no valid values can be obtained. |
| FromPolicyRule |
Integer |
Inbound rule
1: Allow all.
2: Reject all.
3: Custom. |
| ToPolicyRule |
Integer |
Inbound rule
1: Allow all.
2: Reject all.
3: Custom. |
| PodSelector |
String |
Object
Note: This field may return null, indicating that no valid values can be obtained. |
| Id |
Integer |
Network policy ID |
NetworkPorts
Port of the custom rule of the network cluster policy
Used by actions: AddAndPublishNetworkFirewallPolicyDetail, AddNetworkFirewallPolicyDetail, DescribeNetworkFirewallPolicyDetail, UpdateAndPublishNetworkFirewallPolicyDetail, UpdateNetworkFirewallPolicyDetail.
| Name |
Type |
Required |
Description |
| Protocol |
String |
No |
Protocol of the network policy
Note: This field may return null, indicating that no valid values can be obtained. |
| Port |
String |
No |
Port of the network policy
Note: This field may return null, indicating that no valid values can be obtained. |
PortInfo
List of ports
Used by actions: DescribeAssetPortList.
| Name |
Type |
Description |
| Type |
String |
Type |
| PublicIP |
String |
Public IP |
| PublicPort |
Integer |
Server port |
| ContainerPort |
Integer |
Container port |
| ContainerPID |
Integer |
Container PID |
| ContainerName |
String |
Container name |
| HostID |
String |
Server ID |
| HostIP |
String |
Server IP |
| ProcessName |
String |
Process name |
| ListenContainer |
String |
Monitored address in the container |
| ListenHost |
String |
Monitored address outside the container |
| RunAs |
String |
Operating account |
| HostName |
String |
Server name |
| PublicIp |
String |
Public IP |
| NodeID |
String |
Node ID |
| PodIP |
String |
Pod IP |
| PodName |
String |
Pod name |
| NodeType |
String |
Node type. |
| NodeUniqueID |
String |
UID of the super node |
ProcessBaseInfo
Runtime security - Basic process information
Used by actions: DescribeAbnormalProcessDetail, DescribeAccessControlDetail, DescribeEscapeEventDetail, DescribeReverseShellDetail, DescribeRiskSyscallDetail.
| Name |
Type |
Description |
| ProcessStartUser |
String |
Process initiator
Note: This field may return null, indicating that no valid values can be obtained. |
| ProcessUserGroup |
String |
Process user group
Note: This field may return null, indicating that no valid values can be obtained. |
| ProcessPath |
String |
Process path
Note: This field may return null, indicating that no valid values can be obtained. |
| ProcessParam |
String |
Process command line parameter
Note: This field may return null, indicating that no valid values can be obtained. |
ProcessDetailBaseInfo
Runtime security details - Basic process information
Used by actions: DescribeAbnormalProcessDetail, DescribeReverseShellDetail, DescribeRiskSyscallDetail.
| Name |
Type |
Description |
| ProcessName |
String |
Process name |
| ProcessId |
Integer |
Process PID |
| ProcessStartUser |
String |
Process initiator |
| ProcessUserGroup |
String |
Process user group |
| ProcessPath |
String |
Process path |
| ProcessParam |
String |
Process command line parameter |
ProcessDetailInfo
Runtime security details - Process information
Used by actions: DescribeAbnormalProcessDetail, DescribeAccessControlDetail, DescribeEscapeEventDetail, DescribeReverseShellDetail, DescribeRiskSyscallDetail.
| Name |
Type |
Description |
| ProcessName |
String |
Process name |
| ProcessAuthority |
String |
Process permission |
| ProcessId |
Integer |
Process PID |
| ProcessStartUser |
String |
Process initiator |
| ProcessUserGroup |
String |
Process user group |
| ProcessPath |
String |
Process path |
| ProcessTree |
String |
Process tree |
| ProcessMd5 |
String |
Process MD5 |
| ProcessParam |
String |
Process command line parameter |
ProcessInfo
List of processes
Used by actions: DescribeAssetProcessList.
| Name |
Type |
Description |
| StartTime |
String |
Process start time |
| RunAs |
String |
Operator |
| CmdLine |
String |
Command line parameter |
| Exe |
String |
Exe path |
| PID |
Integer |
Server PID |
| ContainerPID |
Integer |
Container PID |
| ContainerName |
String |
Container name |
| HostID |
String |
Server ID |
| HostIP |
String |
Server IP |
| ProcessName |
String |
Process name |
| HostName |
String |
Server name |
| PublicIp |
String |
Public IP |
| NodeID |
String |
Node ID |
| PodIP |
String |
Pod IP |
| PodName |
String |
Pod name |
| NodeType |
String |
Node type. |
| NodeUniqueID |
String |
UID of the super node |
ProjectInfo
The project to which the host belongs
Used by actions: DescribeAssetHostDetail, DescribeAssetHostList.
| Name |
Type |
Description |
| ProjectName |
String |
Project name |
| ProjectID |
Integer |
Project ID |
PromotionActivityContent
Promotion content
Used by actions: DescribePromotionActivity.
| Name |
Type |
Description |
| MonthNum |
Integer |
Number of months |
| CoresCountLimit |
Integer |
Minimum number of cores |
| ProfessionalDiscount |
Integer |
Discount on the Pro Edition |
| ImageAuthorizationNum |
Integer |
Number of free images |
RaspInfo
RASP information of vulnerability defense plugin
Used by actions: DescribeVulDefenceEventDetail.
| Name |
Type |
Description |
| Name |
String |
RASP name |
| Value |
String |
RASP description |
RegionInfo
Region information
Used by actions: DescribeSecLogDeliveryClsOptions, DescribeSecLogDeliveryKafkaOptions.
| Name |
Type |
Description |
| Region |
String |
Region identifier |
| RegionName |
String |
Region name |
RegistryConnDetectResult
Used by actions: DescribeAssetImageRegistryRegistryList.
| Name |
Type |
Description |
| Quuid |
String |
|
| Uuid |
String |
|
| ConnDetectStatus |
String |
|
| ConnDetectMessage |
String |
|
| Solution |
String |
|
| FailReason |
String |
|
ReverseShellEventDescription
Description of the container reverse shell event at runtime
Used by actions: DescribeReverseShellDetail.
| Name |
Type |
Description |
| Description |
String |
Description |
| Solution |
String |
Solution |
| Remark |
String |
Event remarks
Note: This field may return null, indicating that no valid values can be obtained. |
| DstAddress |
String |
Destination address |
| OperationTime |
String |
Last processing time of the event
Note: This field may return null, indicating that no valid values can be obtained. |
ReverseShellEventInfo
Container runtime security - Information of the reverse shell
Used by actions: DescribeReverseShellEvents.
| Name |
Type |
Description |
| ProcessName |
String |
Process name |
| ProcessPath |
String |
Process path |
| ImageId |
String |
Image ID |
| ContainerId |
String |
Container ID |
| ImageName |
String |
Image name |
| ContainerName |
String |
Container name |
| FoundTime |
String |
Generation time |
| Solution |
String |
Event solution |
| Description |
String |
Event description |
| Status |
String |
Status. EVENT_UNDEAL: Pending.
EVENT_DEALED: Processed.
EVENT_INGNORE: Ignored.
EVENT_ADD_WHITE: Allowed. |
| EventId |
String |
Event ID |
| Remark |
String |
Remarks |
| PProcessName |
String |
Parent process name |
| EventCount |
Integer |
Number of events |
| LatestFoundTime |
String |
Last generation time |
| DstAddress |
String |
Destination address |
| ContainerNetStatus |
String |
Network status
NORMAL: Not isolated.
ISOLATED: Isolated.
ISOLATING: Isolating.
ISOLATE_FAILED: Isolation failed.
RESTORING: Recovering.
RESTORE_FAILED: Recovery failed. |
| ContainerNetSubStatus |
String |
Sub-status of the container
"AGENT_OFFLINE" // The agent is offline.
"NODE_DESTROYED" // The node is terminated.
"CONTAINER_EXITED" // The container exited.
"CONTAINER_DESTROYED" // The container was terminated.
"SHARED_HOST" // The container shares the network with the server.
"RESOURCE_LIMIT" // The number of resources to be isolated exceeds the limit.
"UNKNOW" // The reason is unknown. |
| ContainerIsolateOperationSrc |
String |
Container isolation operation source |
| ContainerStatus |
String |
Container status
RUNNING: Running.
PAUSED: Paused.
STOPPED: Stopped.
CREATED: Created.
DESTROYED: Terminated.
RESTARTING: Restarting.
REMOVING: Removing. |
ReverseShellWhiteListBaseInfo
Information of an allowed reverse shell
Used by actions: DescribeReverseShellWhiteLists.
| Name |
Type |
Description |
| Id |
String |
Allowed item ID |
| ImageCount |
Integer |
Number of images |
| ProcessName |
String |
Connection process name |
| DstIp |
String |
Destination address IP |
| CreateTime |
Timestamp |
Creation time |
| UpdateTime |
Timestamp |
Update time |
| DstPort |
String |
Target port |
| IsGlobal |
Boolean |
Whether it is allowed globally. true: Yes. |
| ImageIds |
Array of String |
Array of image IDs. An empty array indicates all. |
ReverseShellWhiteListInfo
Information of an allowed reverse shell
Used by actions: AddEditReverseShellWhiteList, DescribeReverseShellWhiteListDetail.
| Name |
Type |
Required |
Description |
| DstIp |
String |
Yes |
Target IP |
| DstPort |
String |
Yes |
Target port |
| ProcessName |
String |
Yes |
Target process |
| ImageIds |
Array of String |
Yes |
Array of image IDs. An empty array indicates all. |
| Id |
String |
No |
Allowed item ID, which is empty if the item is newly created. |
RiskSyscallEventDescription
Description of the high-risk container syscall event at runtime
Used by actions: DescribeRiskSyscallDetail.
| Name |
Type |
Description |
| Description |
String |
Description |
| Solution |
String |
Solution |
| Remark |
String |
Event remarks
Note: This field may return null, indicating that no valid values can be obtained. |
| SyscallName |
String |
Syscall name |
| OperationTime |
String |
Last processing time of the event
Note: This field may return null, indicating that no valid values can be obtained. |
RiskSyscallEventInfo
Container runtime security - Information of the high-risk syscall
Used by actions: DescribeRiskSyscallEvents.
| Name |
Type |
Description |
| ProcessName |
String |
Process name |
| ProcessPath |
String |
Process path |
| ImageId |
String |
Image ID |
| ContainerId |
String |
Container ID |
| ImageName |
String |
Image name |
| ContainerName |
String |
Container name |
| FoundTime |
String |
Generation time |
| Solution |
String |
Event solution |
| Description |
String |
Event description |
| SyscallName |
String |
Syscall name |
| Status |
String |
Status. EVENT_UNDEAL: Pending.
EVENT_DEALED: Processed.
EVENT_INGNORE: Ignored.
EVENT_ADD_WHITE: Allowed. |
| EventId |
String |
Event ID |
| NodeName |
String |
Node name |
| PodName |
String |
Pod (instance) name |
| Remark |
String |
Remarks |
| RuleExist |
Boolean |
Whether the system monitoring rule name exists |
| EventCount |
Integer |
Number of events |
| LatestFoundTime |
String |
Last generation time |
| ContainerNetStatus |
String |
Network status
NORMAL: Not isolated.
ISOLATED: Isolated.
ISOLATING: Isolating.
ISOLATE_FAILED: Isolation failed.
RESTORING: Recovering.
RESTORE_FAILED: Recovery failed. |
| ContainerNetSubStatus |
String |
Sub-status of the container
"AGENT_OFFLINE" // The agent is offline.
"NODE_DESTROYED" // The node is terminated.
"CONTAINER_EXITED" // The container exited.
"CONTAINER_DESTROYED" // The container was terminated.
"SHARED_HOST" // The container shares the network with the server.
"RESOURCE_LIMIT" // The number of resources to be isolated exceeds the limit.
"UNKNOW" // The reason is unknown. |
| ContainerIsolateOperationSrc |
String |
Container isolation operation source |
| ContainerStatus |
String |
Container status
RUNNING: Running.
PAUSED: Paused.
STOPPED: Stopped.
CREATED: Created.
DESTROYED: Terminated.
RESTARTING: Restarting.
REMOVING: Removing. |
| NodeType |
String |
Node type. Values: NORMAL (general node), SUPER (super node). |
| ClusterID |
String |
Cluster ID |
| PodIP |
String |
Pod IP |
| NodeUniqueID |
String |
Unique node ID |
| PublicIP |
String |
Node public IP |
| NodeID |
String |
Node ID |
| HostID |
String |
uuid |
| HostIP |
String |
Private IP of the node |
| ClusterName |
String |
Cluster name |
RiskSyscallWhiteListBaseInfo
Information of the allowlist of high-risk syscalls
Used by actions: DescribeRiskSyscallWhiteLists.
| Name |
Type |
Description |
| Id |
String |
Allowed item ID |
| ImageCount |
Integer |
Number of images |
| ProcessPath |
String |
Connection process path |
| SyscallNames |
Array of String |
List of syscall names |
| CreateTime |
Timestamp |
Creation time |
| UpdateTime |
Timestamp |
Update time |
| IsGlobal |
Boolean |
Whether it is allowed globally. true: Yes. |
| ImageIds |
Array of String |
Array of image IDs |
RiskSyscallWhiteListInfo
Information of the allowlist of high-risk syscalls
Used by actions: AddEditRiskSyscallWhiteList, DescribeRiskSyscallWhiteListDetail.
| Name |
Type |
Required |
Description |
| ImageIds |
Array of String |
Yes |
Array of image IDs. An empty array indicates all. |
| SyscallNames |
Array of String |
No |
Syscall name. The DescribeRiskSyscallNames API can be called to get the list of enumerated values. |
| ProcessPath |
String |
No |
Target process |
| Id |
String |
No |
Allowed item ID, which is empty if the item is newly created. |
RuleBaseInfo
Runtime security - Basic policy information
Used by actions: DescribeAbnormalProcessRules, DescribeAccessControlRules.
| Name |
Type |
Description |
| IsDefault |
Boolean |
Valid values: true (default policy); false (custom policy). |
| EffectImageCount |
Integer |
Number of associated images |
| RuleId |
String |
Policy ID |
| UpdateTime |
String |
Policy update time, which can be empty.
Note: This field may return null, indicating that no valid values can be obtained. |
| RuleName |
String |
Policy name |
| EditUserName |
String |
Name of the editing user |
| IsEnable |
Boolean |
Valid values: true (enable the policy); false (disable the policy). |
RunTimeEventBaseInfo
Runtime security - Basic event information
Used by actions: DescribeAbnormalProcessDetail, DescribeAccessControlDetail, DescribeEscapeEventDetail, DescribeReverseShellDetail, DescribeRiskSyscallDetail.
| Name |
Type |
Description |
| EventId |
String |
Unique event ID |
| FoundTime |
Timestamp |
Event discovery time |
| ContainerId |
String |
Container ID |
| ContainerName |
String |
Container name |
| ImageId |
String |
Image ID |
| ImageName |
String |
Image name |
| NodeName |
String |
Node name |
| Status |
String |
Status. EVENT_UNDEAL: Pending.
EVENT_DEALED: Processed.
EVENT_INGNORE: Ignored. |
| EventName |
String |
Event name:
Host file access escape
Syscall escape
Mount namespace escape
Program privilege escalation escape
Privileged container startup escape
Sensitive path mount
Malicious process startup
File tampering |
| EventType |
String |
Event type
ESCAPE_HOST_ACESS_FILE: Host file access escape.
ESCAPE_MOUNT_NAMESPACE: Mount namespace escape.
ESCAPE_PRIVILEDGE: Program privilege escalation escape.
ESCAPE_PRIVILEDGE_CONTAINER_START: Privileged container startup escape.
ESCAPE_MOUNT_SENSITIVE_PTAH: Sensitive path mount.
ESCAPE_SYSCALL: Syscall escape. |
| EventCount |
Integer |
Number of events |
| LatestFoundTime |
String |
Last generation time |
| HostIP |
String |
Private IP
Note: This field may return null, indicating that no valid values can be obtained. |
| ClientIP |
String |
Public IP
Note: This field may return null, indicating that no valid values can be obtained. |
| ContainerNetStatus |
String |
Network status
NORMAL: Not isolated.
ISOLATED: Isolated.
ISOLATING: Isolating.
ISOLATE_FAILED: Isolation failed.
RESTORING: Recovering.
RESTORE_FAILED: Recovery failed.
Note: This field may return null, indicating that no valid values can be obtained. |
| ContainerNetSubStatus |
String |
Sub-status of the container
"AGENT_OFFLINE" // The agent is offline.
"NODE_DESTROYED" // The node is terminated.
"CONTAINER_EXITED" // The container exited.
"CONTAINER_DESTROYED" // The container was terminated.
"SHARED_HOST" // The container shares the network with the server.
"RESOURCE_LIMIT" // The number of resources to be isolated exceeds the limit.
"UNKNOW" // The reason is unknown.
Note: This field may return null, indicating that no valid values can be obtained. |
| ContainerIsolateOperationSrc |
String |
Container isolation operation source
Note: This field may return null, indicating that no valid values can be obtained. |
| NodeID |
String |
Node ID |
| NodeType |
String |
Node type. Valid values: NORMAL (general node), SUPER (super node) |
| NodeSubNetID |
String |
Node subnet ID |
| NodeSubNetName |
String |
Node subnet name |
| NodeSubNetCIDR |
String |
Subnet IP range |
| PodName |
String |
Pod name |
| PodIP |
String |
Pod IP |
| PodStatus |
String |
Pod status |
| ClusterID |
String |
Cluster ID |
| ClusterName |
String |
Cluster name |
| NodeUniqueID |
String |
Unique node ID |
| HostID |
String |
uuid |
| Namespace |
String |
|
| WorkloadType |
String |
|
RunTimeFilters
TCSS
Key-value pair filter for conditional filtering queries, such as filter ID, name, and status
If more than one filter exists, the logical relationship between these filters is AND.
If multiple values exist in one filter, the logical relationship between these values is OR.
Used by actions: CreateAbnormalProcessRulesExportJob, CreateAccessControlsRuleExportJob, CreateDefenceVulExportJob, CreateEmergencyVulExportJob, CreateEscapeEventsExportJob, CreateEscapeWhiteListExportJob, CreateImageExportJob, CreateK8sApiAbnormalEventExportJob, CreateK8sApiAbnormalRuleExportJob, CreateRiskDnsEventExportJob, CreateSystemVulExportJob, CreateVulContainerExportJob, CreateVulDefenceEventExportJob, CreateVulDefenceHostExportJob, CreateVulImageExportJob, CreateWebVulExportJob, DescribeAbnormalProcessEvents, DescribeAbnormalProcessEventsExport, DescribeAbnormalProcessRules, DescribeAbnormalProcessRulesExport, DescribeAccessControlEvents, DescribeAccessControlEventsExport, DescribeAccessControlRules, DescribeAccessControlRulesExport, DescribeAssetClusterList, DescribeAssetImageBindRuleInfo, DescribeEmergencyVulList, DescribeEscapeEventInfo, DescribeEscapeEventsExport, DescribeEscapeWhiteList, DescribeExportJobManageList, DescribeImageSimpleList, DescribeK8sApiAbnormalEventList, DescribeK8sApiAbnormalRuleList, DescribeK8sApiAbnormalRuleScopeList, DescribeReverseShellEvents, DescribeReverseShellEventsExport, DescribeReverseShellWhiteLists, DescribeRiskSyscallEvents, DescribeRiskSyscallEventsExport, DescribeRiskSyscallWhiteLists, DescribeScanIgnoreVulList, DescribeSecLogJoinObjectList, DescribeSupportDefenceVul, DescribeSystemVulList, DescribeVirusAutoIsolateSampleList, DescribeVirusList, DescribeVirusTaskList, DescribeVulContainerList, DescribeVulDefenceEvent, DescribeVulDefenceHost, DescribeVulDefencePlugin, DescribeVulImageList, DescribeVulScanLocalImageList, DescribeVulSummary, DescribeWebVulList, ExportVirusList.
| Name |
Type |
Required |
Description |
| Name |
String |
Yes |
Filter name |
| Values |
Array of String |
Yes |
One or more filter values |
| ExactMatch |
Boolean |
No |
Whether to use fuzzy query |
RunTimeRiskInfo
Runtime risk information
Used by actions: DescribeImageRiskSummary.
| Name |
Type |
Description |
| Cnt |
Integer |
Number |
| Level |
String |
Risk level:
CRITICAL: Critical.
HIGH: High.
MEDIUM: Medium.
LOW: Low. |
RunTimeTendencyInfo
Runtime trend information
Used by actions: DescribeImageRiskTendency, DescribeSecEventsTendency, DescribeVulTendency.
| Name |
Type |
Description |
| CurTime |
Date |
The time of the day |
| Cnt |
Integer |
Current quantity |
ScanIgnoreVul
Scan for ignored vulnerabilities
Used by actions: DescribeScanIgnoreVulList.
| Name |
Type |
Description |
| VulName |
String |
Vulnerability name |
| CVEID |
String |
Vulnerability CVE ID |
| PocID |
String |
POC ID |
| RegistryImageCount |
Integer |
Number of ignored repository images |
| UpdateTime |
String |
Update time |
| IsIgnoreAll |
Integer |
Whether to ignore all images. Valid values: 0 (no); 1 (yes). |
| LocalImageCount |
Integer |
Number of ignored local images |
SearchTemplate
Quick search template
Used by actions: CreateSearchTemplate, DescribeSearchTemplates.
| Name |
Type |
Required |
Description |
| Name |
String |
Yes |
Search name |
| LogType |
String |
Yes |
Search index type |
| Condition |
String |
Yes |
Search statement |
| TimeRange |
String |
Yes |
Time range |
| Query |
String |
Yes |
Converted search statement content |
| Flag |
String |
Yes |
Search method. Valid values: standard (search in the search box); simple (search by filter). |
| DisplayData |
String |
Yes |
Displayed data |
| Id |
Integer |
No |
Rule ID |
SecLogAlertMsgInfo
Security log alert message
Used by actions: DescribeSecLogAlertMsg.
| Name |
Type |
Description |
| MsgType |
String |
Alert type |
| MsgValue |
String |
Alert value |
| State |
Boolean |
Status. Valid values: 0 (disabled); 1 (enabled). |
SecLogDeliveryClsSettingInfo
Security log - Settings of delivery to CLS
Used by actions: DescribeSecLogDeliveryClsSetting, ModifySecLogDeliveryClsSetting.
| Name |
Type |
Required |
Description |
| LogType |
String |
Yes |
Log type |
| State |
Boolean |
Yes |
Delivery status. Valid values: true (enabled); false (disabled). |
| Region |
String |
Yes |
Region |
| LogSet |
String |
Yes |
Logset |
| TopicID |
String |
Yes |
Topic ID |
| LogSetName |
String |
No |
Logset name
Note: This field may return null, indicating that no valid values can be obtained. |
| TopicName |
String |
No |
Topic name
Note: This field may return null, indicating that no valid values can be obtained. |
SecLogDeliveryKafkaSettingInfo
Settings of security log delivery to Kafka
Used by actions: DescribeSecLogDeliveryKafkaSetting, ModifySecLogDeliveryKafkaSetting.
| Name |
Type |
Required |
Description |
| LogType |
String |
Yes |
Log type |
| TopicID |
String |
Yes |
Topic ID |
| TopicName |
String |
Yes |
Topic name
Note: This field may return null, indicating that no valid values can be obtained. |
| State |
Boolean |
Yes |
Delivery status. Valid values: false (disabled); true (enabled). |
SecLogJoinInfo
Security log access details
Used by actions: DescribeSecLogJoinTypeList.
| Name |
Type |
Description |
| Count |
Integer |
Number of connected general nodes |
| SuperNodeCount |
Integer |
Number of connected super nodes |
| IsJoined |
Boolean |
Whether it is accessed. Valid values: true (accessed); false (not accessed). |
| LogType |
String |
Log type (
Container bash: "container_bash"
Container startup: "container_launch"
K8s API: "k8s_api"
) |
SecLogJoinObjectInfo
Details of the accessed security log object
Used by actions: DescribeSecLogJoinObjectList.
| Name |
Type |
Description |
| HostID |
String |
Server ID |
| HostName |
String |
Server name
Note: This field may return null, indicating that no valid values can be obtained. |
| HostIP |
String |
Server IP
Note: This field may return null, indicating that no valid values can be obtained. |
| HostStatus |
String |
Server status |
| ClusterID |
String |
Cluster ID
Note: This field may return null, indicating that no valid values can be obtained. |
| ClusterName |
String |
Cluster name
Note: This field may return null, indicating that no valid values can be obtained. |
| PublicIP |
String |
Public IP
Note: This field may return null, indicating that no valid values can be obtained. |
| JoinState |
Boolean |
Access status. Valid values: true (accessed); false (not accessed). |
| ClusterVersion |
String |
Cluster version
Note: This field may return null, indicating that no valid values can be obtained. |
| ClusterMainAddress |
String |
Master node address of the cluster |
SecTendencyEventInfo
Trend information of security events at runtime
Used by actions: DescribeSecEventsTendency.
| Name |
Type |
Description |
| EventSet |
Array of RunTimeTendencyInfo |
List of trends |
| EventType |
String |
Event type:
ET_ESCAPE: Container escape
ET_REVERSE_SHELL: Reverse shell
ET_RISK_SYSCALL: High-risk system calls
ET_ABNORMAL_PROCESS: Abnormal process
ET_ACCESS_CONTROL: File tampering
ET_VIRUS: Trojan event
ET_MALICIOUS_CONNECTION: Malicious connection event |
ServiceInfo
Information list of TCSS
Used by actions: DescribeAssetAppServiceList, DescribeAssetDBServiceList, DescribeAssetWebServiceList.
| Name |
Type |
Description |
| ServiceID |
String |
Service ID |
| HostID |
String |
Server ID |
| HostIP |
String |
Server IP |
| ContainerName |
String |
Container name |
| Type |
String |
Service name, such as nginx and redis |
| Version |
String |
Version |
| RunAs |
String |
Account |
| Listen |
Array of String |
Listened port |
| Config |
String |
Configuration |
| ProcessCnt |
Integer |
Number of associated processes |
| AccessLog |
String |
Access log |
| ErrorLog |
String |
Error log |
| DataPath |
String |
Data directory |
| WebRoot |
String |
Web directory |
| Pids |
Array of Integer |
ID of the associated process |
| MainType |
String |
Service type. Valid values: app, web, db. |
| Exe |
String |
Execution file |
| Parameter |
String |
Service command line parameter |
| ContainerId |
String |
Container ID |
| HostName |
String |
Server name |
| PublicIp |
String |
Public IP |
| NodeID |
String |
Node ID |
| PodIP |
String |
Pod IP |
| PodName |
String |
Pod name |
| NodeType |
String |
Node type. |
| NodeUniqueID |
String |
UID of the super node |
SoftQuotaDayInfo
Pay-as-you-go billing details
Used by actions: DescribePostPayDetail.
| Name |
Type |
Description |
| PayTime |
String |
Deduction time |
| CoresCnt |
Integer |
Number of billed cores |
SupportDefenceVul
Vulnerability that can be prevented
Used by actions: DescribeSupportDefenceVul.
| Name |
Type |
Description |
| PocID |
String |
POC ID |
| Name |
String |
Vulnerability name |
| Tags |
Array of String |
Vulnerability tag |
| CVSSV3Score |
Float |
Vulnerability CVSS |
| Level |
String |
Vulnerability severity |
| CVEID |
String |
Vulnerability CVE ID |
| SubmitTime |
String |
Vulnerability disclosure time |
TagInfo
Host tag information
Used by actions: DescribeAssetHostDetail, DescribeAssetHostList.
| Name |
Type |
Description |
| TagKey |
String |
Tag key |
| TagValue |
String |
Tag value |
UnauthorizedCoresTendency
Trend of unlicensed cores
Used by actions: DescribeUnauthorizedCoresTendency.
| Name |
Type |
Description |
| DateTime |
String |
Date |
| CoresCount |
Integer |
Number of unlicensed cores |
VirusAutoIsolateSampleInfo
Information of the automatically isolated trojan sample
Used by actions: DescribeVirusAutoIsolateSampleList.
| Name |
Type |
Description |
| MD5 |
String |
MD5 checksum of the file |
| VirusName |
String |
Virus name |
| ModifyTime |
Timestamp ISO8601 |
Last edit time |
| AutoIsolateSwitch |
Boolean |
Automatic isolation switch. Valid values: true (on); false (off). |
VirusInfo
List of trojans at runtime
Used by actions: DescribeVirusList.
| Name |
Type |
Description |
| FileName |
String |
Filename |
| FilePath |
String |
File path |
| VirusName |
String |
Virus name |
| CreateTime |
String |
Creation time |
| ModifyTime |
String |
Update time |
| ContainerName |
String |
Container name |
| ContainerId |
String |
Container ID |
| ContainerStatus |
String |
Container status
RUNNING: Running.
PAUSED: Paused.
STOPPED: Stopped.
CREATED: Created.
DESTROYED: Terminated.
RESTARTING: Restarting.
REMOVING: Removing. |
| ImageName |
String |
Image name |
| ImageId |
String |
Image ID |
| Status |
String |
DEAL_NONE: Pending.
DEAL_IGNORE: Ignored.
DEAL_ADD_WHITELIST: Allowed.
DEAL_DEL: Deleted.
DEAL_ISOLATE: Isolated.
DEAL_ISOLATING: Isolating.
DEAL_ISOLATE_FAILED: Isolation failed.
DEAL_RECOVERING: Recovering.
DEAL_RECOVER_FAILED: Recovery failed. |
| Id |
String |
Event ID |
| HarmDescribe |
String |
Event description |
| SuggestScheme |
String |
Solution |
| SubStatus |
String |
Sub-status of the failure:
FILE_NOT_FOUND: The file does not exist.
FILE_ABNORMAL: The file is abnormal.
FILE_ABNORMAL_DEAL_RECOVER: The file is abnormal when recovered.
BACKUP_FILE_NOT_FOUND: The backup file does not exist.
CONTAINER_NOT_FOUND_DEAL_ISOLATE: The container does not exist during isolation.
CONTAINER_NOT_FOUND_DEAL_RECOVER: The container does not exist during recovery.
TIMEOUT: Timed out.
TOO_MANY: Too many tasks.
OFFLINE: Offline.
INTERNAL: Internal service error.
VALIDATION: Invalid parameter. |
| ContainerNetStatus |
String |
Network status
NORMAL: Not isolated.
ISOLATED: Isolated.
ISOLATING: Isolating.
ISOLATE_FAILED: Isolation failed.
RESTORING: Recovering.
RESTORE_FAILED: Recovery failed. |
| ContainerNetSubStatus |
String |
Sub-status of the container
"AGENT_OFFLINE" // The agent is offline.
"NODE_DESTROYED" // The node is terminated.
"CONTAINER_EXITED" // The container exited.
"CONTAINER_DESTROYED" // The container was terminated.
"SHARED_HOST" // The container shares the network with the server.
"RESOURCE_LIMIT" // The number of resources to be isolated exceeds the limit.
"UNKNOW" // The reason is unknown. |
| ContainerIsolateOperationSrc |
String |
Container isolation operation source |
| MD5 |
String |
MD5 checksum
Note: This field may return null, indicating that no valid values can be obtained. |
| RiskLevel |
String |
Risk level. Valid values: RISK_CRITICAL, RISK_HIGH, RISK_MEDIUM, RISK_LOW, RISK_NOTICE.
Note: This field may return null, indicating that no valid values can be obtained. |
| CheckPlatform |
Array of String |
Check platform
1: Tencent Cloud Security Engine.
2: tav.
3: binaryAi.
4: Unusual behavior.
5: Threat intelligence.
Note: This field may return null, indicating that no valid values can be obtained. |
| NodeID |
String |
Node ID. |
| NodeName |
String |
Node name |
| PodIP |
String |
Pod IP |
| PodName |
String |
Pod (instance) name |
| ClusterID |
String |
ID of the cluster where the node resides |
| NodeType |
String |
Node type. Values: NORMAL (general node), SUPER (super node). |
| PublicIP |
String |
Public IP of the node |
| InnerIP |
String |
Node private IP |
| NodeUniqueID |
String |
UID of the node |
| HostID |
String |
ID for the general node |
| ClusterName |
String |
Cluster name |
VirusTaskInfo
List of containers in the virus scanning task at runtime
Used by actions: DescribeVirusTaskList.
| Name |
Type |
Description |
| ContainerName |
String |
Container name |
| ContainerId |
String |
Container ID |
| ImageName |
String |
Image name |
| ImageId |
String |
Image ID |
| HostName |
String |
Node name |
| HostIp |
String |
Private IP of the node |
| Status |
String |
Scanning status:
WAIT: Pending scanning.
FAILED: Failed.
SCANNING: Scanning.
FINISHED: Ended.
CANCELING: Canceling.
CANCELED: Canceled.
CANCEL_FAILED: Failed to cancel. |
| StartTime |
String |
Check start time |
| EndTime |
String |
Check end time |
| RiskCnt |
Integer |
Number of risks |
| Id |
String |
Event ID |
| ErrorMsg |
String |
Cause:
SEND_SUCCESSED: Task submitted.
SCAN_WAIT: Waiting to scan...
OFFLINE: Offline.
SEND_FAILED: Failed to deploy.
TIMEOUT: Timed out.
LOW_AGENT_VERSION: The Agent version is too old.
AGENT_NOT_FOUND: The image's agent doesn't exist.
TOO_MANY: Too many tasks.
VALIDATION: Invalid parameter.
INTERNAL: Internal service error.
MISC: Other errors.
UNAUTH: The image is not assigned with a license.
SEND_CANCEL_SUCCESSED: Task submitted. |
| NodeType |
String |
Node type. Values: NORMAL (general node), SUPER (super node). |
| PublicIP |
String |
Public IP of the node |
| NodeID |
String |
Node ID |
VirusTendencyInfo
Trojan trend details
Used by actions: DescribeVirusEventTendency.
| Name |
Type |
Description |
| Date |
Date |
Date |
| PendingEventCount |
Integer |
Total number of pending events |
| RiskContainerCount |
Integer |
Total number of containers at risk |
| EventCount |
Integer |
Total number of events |
| IsolateEventCount |
Integer |
Total number of isolated events |
VulAffectedComponentInfo
Information of the component affected by the vulnerability
Used by actions: DescribeVulDetail.
| Name |
Type |
Description |
| Name |
String |
Component name
Note: This field may return null, indicating that no valid values can be obtained. |
| Version |
Array of String |
Component version
Note: This field may return null, indicating that no valid values can be obtained. |
| FixedVersion |
Array of String |
Fixed component version
Note: This field may return null, indicating that no valid values can be obtained. |
VulAffectedContainerInfo
Information of the container affected by the vulnerability
Used by actions: DescribeVulContainerList.
| Name |
Type |
Description |
| HostIP |
String |
Private IP |
| ContainerID |
String |
Container ID |
| ContainerName |
String |
Container name |
| PodName |
String |
Pod name |
| PodIP |
String |
Pod IP |
| HostName |
String |
Server name |
| HostID |
String |
Server ID |
| PublicIP |
String |
Public IP |
| ClusterID |
String |
Cluster ID |
| ClusterName |
String |
Cluster name |
| NodeType |
String |
Node type. Values: NORMAL (general node), SUPER (super node). |
| NodeUniqueID |
String |
UID of a super node |
| NodeID |
String |
ID of a super node |
| NodeName |
String |
Super node name |
VulAffectedImageComponentInfo
Information of the component affected by the vulnerability
Used by actions: DescribeVulImageList, DescribeVulRegistryImageList.
| Name |
Type |
Description |
| Name |
String |
Component name
Note: This field may return null, indicating that no valid values can be obtained. |
| Version |
String |
Component version
Note: This field may return null, indicating that no valid values can be obtained. |
| FixedVersion |
String |
Fixed component version
Note: This field may return null, indicating that no valid values can be obtained. |
| Path |
String |
Component path
Note: This field may return null, indicating that no valid values can be obtained. |
VulAffectedImageInfo
Information of the image affected by the vulnerability
Used by actions: DescribeVulImageList.
| Name |
Type |
Description |
| ImageID |
String |
Image ID |
| ImageName |
String |
Image name |
| HostCount |
Integer |
Number of associated servers |
| ContainerCount |
Integer |
Number of associated containers |
| ComponentList |
Array of VulAffectedImageComponentInfo |
List of components |
VulAffectedRegistryImageInfo
This API is used to query the list of repository images affected by a specific vulnerability.
Used by actions: DescribeVulRegistryImageList.
| Name |
Type |
Description |
| ImageID |
String |
Image ID |
| ImageName |
String |
Image name |
| ImageTag |
String |
Image tag |
| Namespace |
String |
Image namespace |
| ImageRepoAddress |
String |
Image address |
| ComponentList |
Array of VulAffectedImageComponentInfo |
List of components |
| IsLatestImage |
Boolean |
Whether it is the latest image tag |
| ImageAssetId |
Integer |
Internal image asset ID |
VulDefenceEvent
Exploit prevention event details
Used by actions: DescribeVulDefenceEvent.
| Name |
Type |
Description |
| CVEID |
String |
Vulnerability CVE ID |
| VulName |
String |
Vulnerability name |
| PocID |
String |
POC ID |
| EventType |
String |
Intrusion status |
| SourceIP |
String |
Attacker IP |
| City |
String |
Region of the attacker IP |
| EventCount |
Integer |
Number of events |
| ContainerID |
String |
Container ID |
| ContainerName |
String |
Container name |
| ImageID |
String |
Image ID |
| ImageName |
String |
Image name |
| Status |
String |
Processing status |
| EventID |
Integer |
Event ID |
| CreateTime |
String |
First discovery time
Note: This field may return null, indicating that no valid values can be obtained. |
| ContainerNetStatus |
String |
Isolation status
NORMAL: Not isolated.
ISOLATED: Isolated.
ISOLATING: Isolating.
ISOLATE_FAILED: Isolation failed.
RESTORING: Recovering.
RESTORE_FAILED: Recovery failed. |
| MergeTime |
String |
Last discovery time
Note: This field may return null, indicating that no valid values can be obtained. |
| ContainerStatus |
String |
Container status
RUNNING: Running.
PAUSED: Paused.
STOPPED: Stopped.
CREATED: Created.
DESTROYED: Terminated.
RESTARTING: Restarting.
REMOVING: Removing.
Note: This field may return null, indicating that no valid values can be obtained. |
| ContainerNetSubStatus |
String |
Sub-status of the container
"AGENT_OFFLINE" // The agent is offline.
"NODE_DESTROYED" // The node is terminated.
"CONTAINER_EXITED" // The container exited.
"CONTAINER_DESTROYED" // The container was terminated.
"SHARED_HOST" // The container shares the network with the server.
"RESOURCE_LIMIT" // The number of resources to be isolated exceeds the limit.
"UNKNOW" // The reason is unknown.
Note: This field may return null, indicating that no valid values can be obtained. |
| ContainerIsolateOperationSrc |
String |
Container isolation operation source
Note: This field may return null, indicating that no valid values can be obtained. |
| QUUID |
String |
Node QUuid/Super node ID
Note: This field may return·null, indicating that no valid values can be obtained. |
| HostIP |
String |
Server private IP
Note: This field may return null, indicating that no valid values can be obtained. |
| HostName |
String |
General node/Super node name
Note: This field may return·null, indicating that no valid values can be obtained. |
| NodeType |
String |
Node type. Values: NORMAL (general node), SUPER (super node). |
| PublicIP |
String |
Public IP |
| NodeUniqueID |
String |
UID of a super node |
| NodeID |
String |
ID of a super node |
| ClusterID |
String |
Cluster ID |
| ClusterName |
String |
Cluster name |
VulDefenceEventDetail
Exploit prevention event details
Used by actions: DescribeVulDefenceEventDetail.
| Name |
Type |
Description |
| CVEID |
String |
Vulnerability CVE ID |
| VulName |
String |
Vulnerability name |
| PocID |
String |
POC ID |
| EventType |
String |
Intrusion status |
| SourceIP |
String |
Attacker IP |
| City |
String |
Region of the attacker IP |
| EventCount |
Integer |
Number of events |
| ContainerID |
String |
Container ID |
| ContainerName |
String |
Container name |
| ImageID |
String |
Image ID |
| ImageName |
String |
Image name |
| Status |
String |
Processing status |
| SourcePort |
Array of String |
Attacker port |
| EventID |
Integer |
Event ID |
| HostName |
String |
General node/Super node name |
| HostIP |
String |
Server private IP |
| PublicIP |
String |
Server public IP |
| PodName |
String |
Pod name |
| Description |
String |
Harm description |
| OfficialSolution |
String |
Fix suggestion |
| NetworkPayload |
String |
Attack packet |
| PID |
Integer |
Process PID
Note: This field may return null, indicating that no valid values can be obtained. |
| MainClass |
String |
Main class name of the process
Note: This field may return null, indicating that no valid values can be obtained. |
| StackTrace |
String |
Stack information
Note: This field may return null, indicating that no valid values can be obtained. |
| ServerAccount |
String |
Listened account
Note: This field may return null, indicating that no valid values can be obtained. |
| ServerPort |
String |
Listened port
Note: This field may return null, indicating that no valid values can be obtained. |
| ServerExe |
String |
Process path
Note: This field may return null, indicating that no valid values can be obtained. |
| ServerArg |
String |
Process command line parameter
Note: This field may return null, indicating that no valid values can be obtained. |
| QUUID |
String |
Node QUuid/Super node ID
Note: This field may return·null, indicating that no valid values can be obtained. |
| ContainerNetStatus |
String |
Isolation status
NORMAL: Not isolated.
ISOLATED: Isolated.
ISOLATING: Isolating.
ISOLATE_FAILED: Isolation failed.
RESTORING: Recovering.
RESTORE_FAILED: Recovery failed.
Note: This field may return null, indicating that no valid values can be obtained. |
| ContainerNetSubStatus |
String |
Sub-status of the container
"AGENT_OFFLINE" // The agent is offline.
"NODE_DESTROYED" // The node is terminated.
"CONTAINER_EXITED" // The container exited.
"CONTAINER_DESTROYED" // The container was terminated.
"SHARED_HOST" // The container shares the network with the server.
"RESOURCE_LIMIT" // The number of resources to be isolated exceeds the limit.
"UNKNOW" // The reason is unknown.
Note: This field may return null, indicating that no valid values can be obtained. |
| ContainerIsolateOperationSrc |
String |
Container isolation operation source
Note: This field may return null, indicating that no valid values can be obtained. |
| ContainerStatus |
String |
Container status
RUNNING: Running.
PAUSED: Paused.
STOPPED: Stopped.
CREATED: Created.
DESTROYED: Terminated.
RESTARTING: Restarting.
REMOVING: Removing.
Note: This field may return null, indicating that no valid values can be obtained. |
| JNDIUrl |
String |
API URL
Note: This field may return null, indicating that no valid values can be obtained. |
| RaspDetail |
Array of RaspInfo |
RASP details
Note: This field may return null, indicating that no valid value was found. |
| NodeSubNetName |
String |
Super node subnet name |
| NodeSubNetCIDR |
String |
Super node subnet IP range |
| PodIP |
String |
Pod IP |
| NodeType |
String |
Node type. Values: NORMAL (general node), SUPER (super node). |
| NodeID |
String |
ID of a super node |
| NodeUniqueID |
String |
UID of a super node |
| NodeSubNetID |
String |
Super node subnet ID |
| ClusterID |
String |
Cluster ID |
| ClusterName |
String |
Cluster name |
| Namespace |
String |
|
| WorkloadType |
String |
|
VulDefenceEventTendency
Trend of exploit prevention events
Used by actions: DescribeVulDefenceEventTendency.
| Name |
Type |
Description |
| Date |
Date |
Date |
| EventCount |
Integer |
Number of events |
VulDefenceHost
Information of the server with exploit prevention enabled
Used by actions: DescribeVulDefenceHost.
| Name |
Type |
Description |
| HostName |
String |
General node/Super node name |
| HostIP |
String |
Server IP, which is the private IP |
| HostID |
String |
Node QUuid/Super node ID |
| Status |
String |
Plugin status. Valid values: SUCCESS (normal); FAIL (abnormal); NO_DEFENDED (not defended). |
| PublicIP |
String |
Public IP |
| CreateTime |
String |
First enablement time |
| ModifyTime |
String |
Update time |
| NodeType |
String |
Node type. Values: NORMAL (general node), SUPER (super node). |
| NodeSubNetName |
String |
Super node subnet name |
| NodeSubNetCIDR |
String |
Super node subnet IP range |
| NodeSubNetID |
String |
Super node subnet ID |
| NodeUniqueID |
String |
UID of a super node |
| NodeID |
String |
ID of a super node |
| PodIP |
String |
Pod IP |
| PodName |
String |
Pod name |
VulDefencePlugin
Vulnerability protection plugin information
Used by actions: DescribeVulDefencePlugin.
| Name |
Type |
Description |
| PID |
Integer |
PID of the Java process |
| MainClass |
String |
Main class name of the process |
| Status |
String |
Plugin status. Valid values: INJECTING (injecting); SUCCESS (injected successfully); FAIL (injection failed); TIMEOUT (plugin timed out); QUIT (plugin exited). |
| ErrorLog |
String |
Error log |
VulDetailInfo
Vulnerability details
Used by actions: DescribeVulDetail.
| Name |
Type |
Description |
| CVEID |
String |
CVE No. |
| Name |
String |
Vulnerability name |
| Tags |
Array of String |
Vulnerability tag
Note: This field may return null, indicating that no valid values can be obtained. |
| CategoryType |
String |
Vulnerability type
Note: This field may return null, indicating that no valid values can be obtained. |
| Level |
String |
Vulnerability severity
Note: This field may return null, indicating that no valid values can be obtained. |
| SubmitTime |
String |
Vulnerability disclosure time
Note: This field may return null, indicating that no valid values can be obtained. |
| Description |
String |
Vulnerability description |
| CVSSV3Desc |
String |
CVSS V3 description |
| OfficialSolution |
String |
Vulnerability fix suggestion |
| DefenseSolution |
String |
Mitigation measure |
| Reference |
Array of String |
Reference link |
| CVSSV3Score |
Float |
CVSS V3 score |
| ComponentList |
Array of VulAffectedComponentInfo |
List of components affected by vulnerabilities |
| LocalImageCount |
Integer |
Number of affected local images |
| ContainerCount |
Integer |
Number of affected containers |
| RegistryImageCount |
Integer |
Number of affected repository images |
| Category |
String |
Vulnerability sub-category |
| LocalNewestImageCount |
Integer |
Number of affected local images on the latest version |
| RegistryNewestImageCount |
Integer |
Number of affected repository images on the latest version |
| PocID |
String |
POC ID |
| DefenceStatus |
String |
Defense status. Valid values: NO_DEFENDED, DEFENDED.
Note: This field may return null, indicating that no valid values can be obtained. |
| DefenceScope |
String |
Scope of servers with exploit prevention enabled. Valid values: MANUAL (specified servers); ALL (all servers).
Note: This field may return null, indicating that no valid values can be obtained. |
| DefenceHostCount |
Integer |
Number of servers with exploit prevention enabled
Note: This field may return null, indicating that no valid values can be obtained. |
| DefendedCount |
Integer |
Number of attacks defended against
Note: This field may return null, indicating that no valid values can be obtained. |
| ScanStatus |
String |
Whether it is scanned. Valid values: NOT_SCAN (not scanned); SCANNED (scanned).
Note: This field may return null, indicating that no valid values can be obtained. |
VulIgnoreLocalImage
Local images ignored by the vulnerability scan
Used by actions: DescribeVulIgnoreLocalImageList.
| Name |
Type |
Description |
| ID |
Integer |
Record ID |
| ImageID |
String |
Image ID |
| ImageName |
String |
Image name |
| ImageSize |
Integer |
Image size |
| PocID |
String |
POC ID |
VulIgnoreRegistryImage
Repository images ignored by the vulnerability scan
Used by actions: DescribeVulIgnoreRegistryImageList.
| Name |
Type |
Description |
| ID |
Integer |
Record ID |
| RegistryName |
String |
Repository name |
| ImageVersion |
String |
Image tag |
| RegistryPath |
String |
Repository address |
| ImageID |
String |
Image ID |
| PocID |
String |
POC ID |
VulInfo
List of vulnerabilities
Used by actions: DescribeSystemVulList, DescribeWebVulList.
| Name |
Type |
Description |
| Name |
String |
Vulnerability name |
| Tags |
Array of String |
Vulnerability tag
Note: This field may return null, indicating that no valid values can be obtained. |
| CVSSV3Score |
Float |
CVSS V3 score
Note: This field may return null, indicating that no valid values can be obtained. |
| Level |
String |
Risk level
Note: This field may return null, indicating that no valid values can be obtained. |
| CVEID |
String |
CVE No. |
| Category |
String |
Vulnerability sub-category
Note: This field may return null, indicating that no valid values can be obtained. |
| FoundTime |
String |
First discovery time
Note: This field may return null, indicating that no valid values can be obtained. |
| LatestFoundTime |
String |
Last discovery time
Note: This field may return null, indicating that no valid values can be obtained. |
| ID |
Integer |
Vulnerability ID |
| LocalImageCount |
Integer |
Number of affected local images |
| ContainerCount |
Integer |
Number of affected containers
Note: This field may return null, indicating that no valid values can be obtained. |
| RegistryImageCount |
Integer |
Number of affected repository images
Note: This field may return null, indicating that no valid values can be obtained. |
| PocID |
String |
POC ID
Note: This field may return null, indicating that no valid values can be obtained. |
| DefenceStatus |
String |
Defense status. Valid values: NO_DEFENDED, DEFENDED.
Note: This field may return null, indicating that no valid values can be obtained. |
| DefenceScope |
String |
Scope of servers with exploit prevention enabled. Valid values: MANUAL (specified servers); ALL (all servers).
Note: This field may return null, indicating that no valid values can be obtained. |
| DefenceHostCount |
Integer |
Number of servers with exploit prevention enabled
Note: This field may return null, indicating that no valid values can be obtained. |
| DefendedCount |
Integer |
Number of attacks defended against
Note: This field may return null, indicating that no valid values can be obtained. |
VulScanImageInfo
Information of the scanned image
Used by actions: DescribeVulScanLocalImageList.
| Name |
Type |
Description |
| ImageID |
String |
Image ID |
| ImageName |
String |
Image name |
| Size |
Float |
Image size |
| ScanStatus |
String |
Task status. Valid values: SCANNING (scanning); FAILED (failed); FINISHED (completed); CANCELED (canceled). |
| ScanDuration |
Float |
Scan duration
Note: This field may return null, indicating that no valid values can be obtained. |
| HighLevelVulCount |
Integer |
Number of high-risk vulnerabilities |
| MediumLevelVulCount |
Integer |
Number of medium-risk vulnerabilities |
| LowLevelVulCount |
Integer |
Number of low-risk vulnerabilities |
| CriticalLevelVulCount |
Integer |
Number of critical vulnerabilities |
| TaskID |
Integer |
ID of the task to scan local images for vulnerabilities |
| ScanStartTime |
String |
Start time of the vulnerability scan |
| ScanEndTime |
String |
End time of the vulnerability scan |
| ErrorStatus |
String |
Cause of the failure. Valid values: TIMEOUT (timeout); TOO_MANY (too many tasks); OFFLINE (offline). |
VulTendencyInfo
Vulnerability trend information
Used by actions: DescribeVulTendency.
| Name |
Type |
Description |
| VulSet |
Array of RunTimeTendencyInfo |
List of vulnerability trends |
| ImageType |
String |
Image type affected by vulnerabilities:
LOCAL: Local image.
REGISTRY: Repository image. |
VulTopRankingInfo
Ranking of top vulnerabilities
Used by actions: DescribeVulTopRanking.
| Name |
Type |
Description |
| VulName |
String |
Vulnerability name |
| Level |
String |
Severity. Valid values: CRITICAL (critical); HIGH (high);MIDDLE (medium);LOW (low). |
| AffectedImageCount |
Integer |
Number of affected images |
| AffectedContainerCount |
Integer |
Number of affected containers |
| ID |
Integer |
Vulnerability ID |
| PocID |
String |
POC ID |
WarningRule
Alert configuration policy
Used by actions: AddEditWarningRules, DescribeWarningRules.
| Name |
Type |
Required |
Description |
| Type |
String |
Yes |
Alert event type:
Image repository security - Trojan: IMG_REG_VIRUS.
Image repository security - Vulnerability: IMG_REG_VUL.
Image repository security - Sensitive data: IMG_REG_RISK.
Image security - Trojan: IMG_VIRUS.
Image security - Vulnerability: IMG_VUL.
Image security - Sensitive data: IMG_RISK.
Image security - Image blocking: IMG_INTERCEPT.
Runtime security - Container escape: RUNTIME_ESCAPE.
Runtime security - Abnormal process: RUNTIME_FILE.
Runtime security - Abnormal file access: RUNTIME_PROCESS.
Runtime security - High-risk syscall: RUNTIME_SYSCALL.
Runtime security - Reverse shell: RUNTIME_REVERSE_SHELL.
Runtime security - Trojan: RUNTIME_VIRUS. |
| Switch |
String |
Yes |
Switch status:
ON: On.
OFF: Off. |
| BeginTime |
String |
Yes |
Alert start time in the format of "HH:mm" |
| EndTime |
String |
Yes |
Alert end time in the format of "HH:mm" |
| ControlBits |
String |
Yes |
Alert level policy control. Each binary bit represents a meaning, and the value is passed as a string.
The control switch can be high, medium, or low, corresponding to the third, second, and first binary bit, respectively. Valid values: 0 (off); 1 (on).
For example, if the high and medium levels indicate to enable the alert and the low level indicates to disable it, the binary value is 110.
If level control does not take effect for the alert type, pass in 1. |
