Parsing of JSON Format Alarm Data

Recent Pages

Parsing of JSON Format Alarm Data

Last updated: 2024-08-13 16:31:31

This document will introduce the transmission fields and descriptions of various alarms received after you set JSON format alarm data reception in alarm settings > Robot Notification.
Note
Currently, robot notification is in a grayscale status and is only open to customers with a clear demand for it. If you want to receive CWPP webhook robot alarms in real-time, you can contact us to apply for use.
Alarm settings > Robot Notification is independent of the message center robot and is not related to it.
Public Fields
Sample
{
    "uin": "1000xxxxxx21",
    "nickname": "Test Account",
    "server": "172.x.x.41 [Test Machine]",
    "instance_id": "ins-xxxxxxxx",
    "region": "Southwest China (Chengdu)",
    "time": "October 30, 2023 09:24:20"
}
Field Description
Field name
Description
uin
User UIN
nickname
User's nickname
server
Machine IP [Machine alias]
instance_id
Machine instance ID
region
Region where the machine located
time
Event time
Exceptional Log-in
Sample
{
    "event_type": "Exceptional Log-in",
    "src_ip": "43.x.x.41",
    "area": "Hong Kong (China)",
    "level": "High-risk"
}
Field Description
Field name
Description
src_ip
Source IP
area
Source location
level
Risk level
Password Cracking
Sample
{
    "event_type": "Password Cracking",
    "src_ip": "43.x.x.41",
    "area": "Hong Kong (China)",
    "count": "3",
    "banned": "Block Success"
}
Field Description
Field name
Description
src_ip
Source IP
area
Source location
count
Number of attempts
banned
Blocking status
Malicious File Scan
Malicious Files
Sample
{
    "event_type": "Malicious Files",
    "file_type": "Malicious",
    "path": "/root/bebinder_shell.jsp",
    "level": "Severe. Your server may have been hacked. It is recommended to verify promptly to avoid serious damage."
}
Field Description
Field name
Description
file_type
File type
path
File path
level
Danger level
Exceptional Processes
Sample
{
    "event_type": "Exceptional Processes",
    "pid": "5916",
    "path": "/root/2/ISHELL-v0.2/ishd"
}
Field Description
Field name
Description
pid
Process ID
path
Process path
Malicious Requests
Sample
{
    "event_type": "Malicious Requests",
    "url": "massdns.ran6066.com",
    "count": "1"
}
Field Description
Field name
Description
url
Malicious domain
count
Number of requests
High Risk Commands
Sample
{
    "event_type": "High Risk Commands",
    "cmd": "iptables-restore -w 5 --noflush",
    "level": "High-risk",
    "status": "Processing"
}
Field Description
Field name
Description
cmd
Command content
level
Threat level
status
Processing status
Local Privilege Escalation
Sample
{
    "event_type": "Local Privilege Escalation",
    "user": "0",
    "process": "Privilege"
}
Field Description
Field name
Description
user
Privilege escalation user
process
Privilege escalation process
Reverse Shell
Sample
{
    "event_type": "Reverse Shell",
    "process": "mass_0",
    "dst_ip": "125.x.x.220",
    "dst_port": "8888"
}
Field Description
Field name
Description
process
Process name
dst_ip
Target host
dst_port
Target port
Java Webshell
Sample
{
    "event_type": "Java Webshell",
    "type": "Java Webshell - Servlet",
    "pid": "3333",
    "argv": "masstest",
    "class_name": "massTest"
}
Field Description
Field name
Description
type
Java Webshell type
pid
Process ID
argv
Process parameters
class_name
Java Webshell class name
Core File Monitoring
Sample
{
    "event_type": "CoreFiles",
    "rule_name": "adwqdadwqd",
    "exe_path": "/usr/bin/systemd-tmpfiles",
    "file_path": "/home",
    "count": "1",
    "level": "High-risk"
}
Field Description
Field name
Description
rule_name
Hit rule name
exe_path
Process path
file_path
File path
count
Event count
level
Threat level
Network Attacks
Sample
{
    "event_type": "Network Attacks",
    "src_ip": "129.x.x.166",
    "city": "Nanjing City, Jiangsu Province",
    "vul_name": "showdoc File Upload Vulnerability",
    "dst_port": "80",
    "status": "Attempted Attacks"
}
Field Description
Field name
Description
src_ip
Source IP
city
Source city
vul_name
Vulnerability name
dst_port
Target port
status
Attack status
Offline Client
Sample
{
    "event_type": "Offline Client",
    "offline_hour": "1"
}
Field Description
Field name
Description
offline_hour
Client offline duration
##Client Uninstallation
{
    "event_type": "Client Uninstallation"
}
Vulnerability Notification
Sample
{
    "event_type": "Vulnerability",
    "category": "Linux Software Vulnerabilities",
    "vul_name": "libexpat Code Execution Vulnerability (CVE-2022-40674)",
    "level": "Critical"
}
Field Description
Field name
Description
category
Vulnerability category
vul_name
Vulnerability name
level
Threat level
Baseline Notification
Sample
{
    "event_type": "Baseline",
    "category": "Linux System Weak Password Detection",
    "rule_name": "Linux System Weak Password Detection",
    "level": "High-risk"
}
Field Description
Field name
Description
category
Baseline category
rule_name
Rule name
level
Threat level
Ransomware Defense
Sample
{
    "event_type": "Ransomware Defense",
    "file_path": "/usr/bin/vi"
}
Field Description
Field name
Description
file_path
File directory
Web Tamper Protection
Successful Tampering
Sample
﻿
{
    "event_type": "Web Tamper Protection (Successful Tampering)",
    "protect_name": "Important File",
    "protect_path": "/tmp",
    "recover_type": "New File Creation",
    "recovered_status": "Not Recovered",
}
Field Description
Field name
Description
protect_name
Protection name
protect_path
Protection directory
recover_type
Event type
recovered_status
Event status
Recovery Failed
Sample
{
    "event_type": "Web Tamper Protection (Recovery Failed)",
    "protect_name": "Important File",
    "protect_path": "/tmp",
    "exception": "Client Offline"
}
Field Description
Field name
Description
protect_name
Protection name
protect_path
Protection directory
exception
Reason for failure
﻿

Contact Us

Contact our sales team or business advisors to help your business.

Technical Support

Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

7x24 Phone Support

Field name	Description
uin	User UIN
nickname	User's nickname
server	Machine IP [Machine alias]
instance_id	Machine instance ID
region	Region where the machine located
time	Event time

Field name	Description
src_ip	Source IP
area	Source location
level	Risk level

Field name	Description
file_type	File type
path	File path
level	Danger level

Field name	Description
url	Malicious domain
count	Number of requests

Field name	Description
cmd	Command content
level	Threat level
status	Processing status

Field name	Description
user	Privilege escalation user
process	Privilege escalation process

Field name	Description
type	Java Webshell type
pid	Process ID
argv	Process parameters
class_name	Java Webshell class name

Field name	Description
rule_name	Hit rule name
exe_path	Process path
file_path	File path
count	Event count
level	Threat level

Field name	Description
category	Vulnerability category
vul_name	Vulnerability name
level	Threat level

Field name	Description
protect_name	Protection name
protect_path	Protection directory
recover_type	Event type
recovered_status	Event status

tencent cloud

Sign Up

Log in

Recent Pages

Parsing of JSON Format Alarm Data

Public Fields

Sample

Field Description

Exceptional Log-in

Sample

Field Description

Password Cracking

Sample

Field Description

Malicious File Scan

Malicious Files

Sample

Field Description

Exceptional Processes

Sample

Field Description

Malicious Requests

Sample

Field Description

High Risk Commands

Sample

Field Description

Local Privilege Escalation

Sample

Field Description

Reverse Shell

Sample

Field Description

Java Webshell

Sample

Field Description

Core File Monitoring

Sample

Field Description

Network Attacks

Sample

Field Description

Offline Client

Sample

Field Description

##Client Uninstallation

Vulnerability Notification

Sample

Field Description

Baseline Notification

Sample

Field Description

Ransomware Defense

Sample

Field Description

Web Tamper Protection

Successful Tampering

Sample

Field Description

Recovery Failed

Sample

Field Description

Was this page helpful?

Was this page helpful?