- Release Notes and Announcements
- Product Introduction
- Purchase Guide
- Quick Start
- Operation Guide
- Security Dashboard
- Asset Overview
- Server List
- Asset Fingerprint
- Vulnerability Management
- Baseline Management
- Malicious File Scan
- Unusual Login
- Password Cracking
- Malicious Requests
- High-risk Commands
- Local Privilege Escalation
- Reverse Shell
- Java Webshell
- Critical File Monitor
- Network Attack
- A Ransomware Defense
- Log Analysis
- License Management
- Cloud Access Management
- Hybrid Cloud Installation Guide
- FAQs for Beginners
- Cloud Workload Protection Description
- Practical Tutorial
- Troubleshooting
- API Documentation
- History
- Introduction
- API Category
- Asset Management APIs
- DescribeAssetMachineList
- DescribeAssetMachineDetail
- DescribeAssetUserList
- DescribeAssetUserInfo
- DescribeAssetPortInfoList
- DescribeAssetProcessInfoList
- DescribeAssetAppList
- DescribeAssetAppProcessList
- DescribeAssetDatabaseList
- DescribeAssetDatabaseInfo
- DescribeAssetWebAppList
- DescribeAssetWebServiceInfoList
- DescribeAssetWebAppPluginList
- DescribeAssetWebServiceProcessList
- DescribeAssetWebFrameList
- DescribeAssetWebLocationList
- DescribeAssetWebLocationInfo
- DescribeAssetJarList
- DescribeAssetJarInfo
- DescribeAssetInitServiceList
- DescribeAssetPlanTaskList
- DescribeAssetCoreModuleList
- DescribeAssetCoreModuleInfo
- DescribeAssetSystemPackageList
- SyncAssetScan
- DescribeAssetRecentMachineInfo
- DescribeAssetMachineTagTop
- DescribeAssetLoadInfo
- DescribeAssetTypeTop
- ExportAssetRecentMachineInfo
- DescribeMachineGeneral
- DescribeMachineRegions
- DescribeMachineOsList
- DescribeMachineLicenseDetail
- DescribeMachinesSimple
- DescribeDirectConnectInstallCommand
- DescribeAgentInstallationToken
- RemoveMachine
- DescribeHostInfo
- EditTags
- DescribeTags
- DeleteTags
- DeleteMachineTag
- UpdateMachineTags
- DescribeTagMachines
- ExportAssetUserList
- DescribeAssetUserCount
- ExportAssetMachineList
- ExportAssetMachineDetail
- DescribeAssetPortCount
- ExportAssetPortInfoList
- DescribeAssetProcessCount
- DescribeProcessStatistics
- ExportAssetProcessInfoList
- DescribeAssetAppCount
- ExportAssetAppList
- DescribeAssetDatabaseCount
- ExportAssetDatabaseList
- DescribeAssetWebAppCount
- ExportAssetWebAppList
- DescribeAssetWebServiceCount
- ExportAssetWebServiceInfoList
- DescribeAssetWebLocationCount
- ExportAssetWebLocationList
- DescribeAssetWebLocationPathList
- DescribeAssetWebFrameCount
- ExportAssetWebFrameList
- ExportAssetCoreModuleList
- DescribeAssetDiskList
- DescribeFileTamperRules
- DescribeMachineFileTamperRules
- ExportAssetEnvList
- DescribeAssetHostTotalCount
- DescribeAssetTotalCount
- ExportAssetInitServiceList
- ExportAssetJarList
- ExportAssetPlanTaskList
- ExportAssetSystemPackageList
- DescribeAssetUserKeyList
- DescribeComponentStatistics
- DescribeHistoryAccounts
- DescribeAccountStatistics
- DeleteMachineClearHistory
- DescribeAssetInfo
- ModifyMachineAutoClearConfig
- DescribeExportMachines
- DescribeMachineClearHistory
- CreateIncidentBacktracking
- DescribeMachineRegionList
- DescribeProcesses
- DescribeProcessTaskStatus
- DescribeComponents
- DescribeComponentInfo
- DescribeAccounts
- CreateProcessTask
- DescribeOpenPortTaskStatus
- AddMachineTag
- CreateOpenPortTask
- Virus Scanning APIs
- DescribeMalWareList
- DescribeMalwareInfo
- DescribeMalwareWhiteList
- DescribeNetAttackWhiteList
- DescribeMalwareWhiteListAffectList
- DeleteMalwareWhiteList
- DeleteNetAttackWhiteList
- DescribeMalwareFile
- CreateScanMalwareSetting
- DeleteMalwareScanTask
- DescribeScanMalwareSchedule
- DescribeMalwareRiskWarning
- ModifyMalwareTimingScanSettings
- DescribeMalwareTimingScanSetting
- DescribeServersAndRiskAndFirstInfo
- DescribeVulDefenceSetting
- DescribeVulDefencePluginExceptionCount
- DescribeVulDefenceOverview
- DescribeJavaMemShellList
- ModifyJavaMemShellsStatus
- DescribeJavaMemShellPluginList
- DeleteAllJavaMemShells
- DescribeJavaMemShellInfo
- DescribeJavaMemShellPluginInfo
- ModifyJavaMemShellPluginSwitch
- CreateMalwareWhiteList
- CreateNetAttackWhiteList
- DescribeMalwareRiskOverview
- DescribeRiskProcessEvents
- ModifyMalwareWhiteList
- ModifyNetAttackWhiteList
- ExportJavaMemShellPlugins
- ExportJavaMemShells
- ExportRiskProcessEvents
- Abnormal Log-in APIs
- Password Cracking APIs
- Malicious Request APIs
- DescribeRiskDnsList
- CreateMaliciousRequestWhiteList
- ModifyMaliciousRequestWhiteList
- DeleteMaliciousRequestWhiteList
- DescribeMaliciousRequestWhiteList
- DeleteRiskDnsEvent
- DeleteRiskDnsPolicy
- DescribeRiskDnsEventInfo
- DescribeRiskDnsEventList
- DescribeRiskDnsPolicyList
- ExportRiskDnsPolicyList
- ModifyRiskDnsPolicy
- ModifyRiskDnsPolicyStatus
- DescribeRiskDnsInfo
- ExportRiskDnsEventList
- High-Risk Command APIs
- DescribeBashEvents
- DescribeBashEventsNew
- SetBashEventsStatus
- DeleteBashEvents
- DescribeBashPolicies
- DescribeBashRules
- EditBashRules
- ModifyBashPolicy
- DeleteBashPolicies
- DeleteBashRules
- ModifyBashPolicyStatus
- SwitchBashRules
- CheckBashPolicyParams
- CheckBashRuleParams
- DescribeBashEventsInfo
- DescribeBashEventsInfoNew
- ExportBashEvents
- ExportBashEventsNew
- ExportBashPolicies
- Local Privilege Escalation APIs
- Reverse Shell APIs
- Vulnerability Management APIs
- ScanVul
- DescribeScanSchedule
- ScanVulAgain
- DescribeVdbAndPocInfo
- DescribeVulEmergentMsg
- DescribeVulTop
- DescribeVulHostTop
- DescribeVulHostCountScanTime
- DescribeUndoVulCounts
- DescribeVulCountByDates
- DescribeVulLevelCount
- ExportVulList
- CreateEmergencyVulScan
- DescribeVulCveIdInfo
- DescribeVulInfoCvss
- DescribeVulEffectHostList
- DescribeVulEffectModules
- ExportVulEffectHostList
- ExportVulInfo
- IgnoreImpactedHosts
- CancelIgnoreVul
- ExportVulDetectionReport
- ModifyVulDefenceSetting
- ExportVulDefencePluginEvent
- DescribeVulDefencePluginDetail
- DescribeVulDefenceEvent
- ExportVulDefenceEvent
- ModifyVulDefenceEventStatus
- DescribeDefenceEventDetail
- CreateVulFix
- DescribeCanFixVulMachine
- DescribeMachineSnapshot
- DescribeVulDefenceList
- DescribeVulFixStatus
- ExportVulDefenceList
- RetryCreateSnapshot
- RetryVulFix
- DescribeScanVulSetting
- ScanVulSetting
- DescribeEmergencyVulList
- DescribeVulDefencePluginStatus
- ExportVulDetectionExcel
- DescribeVulList
- RescanImpactedHost
- DescribeVuls
- DescribeVulScanResult
- DescribeVulInfo
- DescribeImpactedHosts
- DescribeAgentVuls
- New Baseline Management APIs
- DeleteBaselinePolicy
- DescribeBaselineHostDetectList
- DescribeBaselineItemDetectList
- DescribeBaselineItemList
- DescribeBaselinePolicyList
- DescribeBaselineWeakPasswordList
- DescribeIgnoreHostAndItemConfig
- ExportBaselineFixList
- ExportBaselineHostDetectList
- ExportBaselineItemDetectList
- StartBaselineDetect
- StopBaselineDetect
- SyncBaselineDetectSummary
- DescribeHotVulTop
- DescribeVulStoreList
- ModifyBaselinePolicy
- Baseline Management APIs
- DescribeBaselineTop
- DescribeBaselineHostTop
- DescribeBaselineDefaultStrategyList
- CreateBaselineStrategy
- DescribeStrategyExist
- UpdateBaselineStrategy
- DeleteBaselineStrategy
- DescribeBaselineStrategyList
- DescribeBaselineStrategyDetail
- DescribeBaselineBasicInfo
- DescribeBaselineEffectHostList
- DescribeBaselineList
- DescribeBaselineDetail
- DescribeSecurityBroadcastInfo
- ScanBaseline
- DescribeBaselineScanSchedule
- CheckFirstScanBaseline
- ChangeStrategyEnableStatus
- ChangeRuleEventsIgnoreStatus
- DescribeIgnoreBaselineRule
- DescribeIgnoreRuleEffectHostList
- DescribeBaselineRule
- ExportBaselineEffectHostList
- ExportBaselineList
- ExportIgnoreBaselineRule
- ExportIgnoreRuleEffectHostList
- Advanced Defense APIs
- DescribeAttackEvents
- DescribeAttackLogs
- DescribeMachineDefenseCnt
- DescribeMachineRiskCnt
- ExportFileTamperEvents
- DescribeAttackVulTypeList
- DescribeVulLabels
- DescribeVulOverview
- CheckFileTamperRule
- DescribeRansomDefenseBackupList
- DescribeRansomDefenseEventsList
- DescribeRansomDefenseMachineList
- DescribeRansomDefenseRollBackTaskList
- DescribeRansomDefenseStrategyMachines
- ModifyWebPageProtectSwitch
- ModifyFileTamperEvents
- ModifyFileTamperRuleStatus
- DescribeFileTamperEventRuleInfo
- DescribeFileTamperRuleCount
- DescribeFileTamperRuleInfo
- ModifyRansomDefenseEventsStatus
- DescribeFileTamperEvents
- DescribeRansomDefenseStrategyList
- ExportRansomDefenseBackupList
- ExportRansomDefenseEventsList
- ExportRansomDefenseMachineList
- ExportRansomDefenseStrategyList
- ExportRansomDefenseStrategyMachines
- ModifyFileTamperRule
- ExportFileTamperRules
- ModifyNetAttackSetting
- DescribeAttackEventInfo
- DescribeAttackStatistics
- DescribeAttackTop
- DescribeAttackTrends
- DescribeNetAttackSetting
- ExportAttackEvents
- Security Operation APIs
- Expert Service APIs
- Other APIs
- DescribeOpenPortStatistics
- DeleteMachine
- DeleteNonlocalLoginPlaces
- DescribeUsualLoginPlaces
- DeleteBruteAttacks
- DescribeLogStorageConfig
- DescribeLogStorageRecord
- ModifyLogStorageConfig
- DescribeTrialReport
- DescribeAssetEnvList
- DescribeABTestConfig
- DescribeRiskBatchStatus
- ExportTasks
- DescribeGeneralStat
- DescribeScreenGeneralStat
- DescribeVersionStatistics
- DescribeSafeInfo
- CreateRansomDefenseStrategy
- DescribeRansomDefenseMachineStrategyInfo
- DescribeRansomDefenseState
- DescribeRansomDefenseStrategyDetail
- DescribeRansomDefenseTrend
- DescribeSecurityEventStat
- ModifyRansomDefenseStrategyStatus
- RansomDefenseRollback
- DescribeScreenAttackHotspot
- DescribeScreenBroadcasts
- DescribeScreenDefenseTrends
- DescribeScreenEmergentMsg
- DescribeScreenEventsCnt
- DescribeScreenHostInvasion
- DescribeScreenMachineRegions
- DescribeScreenMachines
- DescribeScreenProtectionCnt
- DescribeScreenRiskAssetsTop
- DescribeSecurityEventsCnt
- ExportSecurityTrends
- DescribeScanTaskDetails
- DescribeScanState
- DeleteScanTask
- DescribeScanTaskStatus
- ScanTaskAgain
- DescribeAgentInstallCommand
- DescribePublicProxyInstallCommand
- DescribeVersionCompareChart
- CreateBuyBindTask
- SyncMachines
- CheckLogKafkaConnectionState
- CreateLogExport
- DeleteLogExport
- DescribeAESKey
- DescribeAssetTypes
- DescribeAttackSource
- DescribeAttackSourceEvents
- DescribeCanNotSeparateMachine
- DescribeClientException
- DescribeFastAnalysis
- DescribeLogDeliveryKafkaOptions
- DescribeLogExports
- DescribeLogHistogram
- DescribeLogIndex
- DescribeLogKafkaDeliverInfo
- DescribeScreenProtectionStat
- DescribeWarningHostConfig
- ModifyLogKafkaAccess
- ModifyLogKafkaDeliverType
- ModifyLogKafkaState
- ModifyEventAttackStatus
- ModifyRiskEventsStatus
- ModifyWarningHostConfig
- SearchLog
- StopAssetScan
- ClearLocalStorage
- DescribeLicenseWhiteConfig
- DescribeProductStatus
- GetLocalStorageItem
- KeysLocalStorage
- RemoveLocalStorageItem
- SetLocalStorageExpire
- SetLocalStorageItem
- DescribeVulTrend
- ExportScanTaskDetails
- DescribeAlarmIncidentNodes
- DescribeAlarmVertexId
- DescribeEventByTable
- DescribeProVersionStatus
- DescribeVertexDetail
- DeleteWebHookPolicy
- DeleteWebHookReceiver
- DescribeRecommendedProtectCpu
- DescribeUsersConfig
- DescribeWebHookPolicy
- DescribeWebHookReceiver
- DescribeWebHookReceiverUsage
- ModifyUsersConfig
- ModifyWebHookPolicy
- ModifyWebHookPolicyStatus
- ModifyWebHookReceiver
- DeleteUsualLoginPlaces
- CreateUsualLoginPlaces
- CloseProVersion
- DescribeWeeklyReports
- DescribeWeeklyReportVuls
- DescribeWeeklyReportNonlocalLoginPlaces
- DescribeWeeklyReportMalwares
- DescribeWeeklyReportInfo
- DescribeWeeklyReportBruteAttacks
- DescribeOpenPorts
- RenewProVersion
- OpenProVersionPrepaid
- ModifyProVersionRenewFlag
- InquiryPriceOpenProVersionPrepaid
- OpenProVersion
- Overview Statistics APIs
- Settings Center APIs
- DescribeProVersionInfo
- DescribeWarningList
- ModifyWarningSetting
- ModifyAutoOpenProVersionConfig
- DescribeLicenseGeneral
- DescribeLicenseList
- DeleteLicenseRecord
- DescribeLicenseBindList
- ModifyLicenseBinds
- DescribeLicenseBindSchedule
- CreateLicenseOrder
- DeleteLicenseRecordAll
- DestroyOrder
- CreateWhiteListOrder
- DeleteWebHookRule
- DescribeLicense
- DescribeWebHookRule
- DescribeWebHookRules
- ExportLicenseDetail
- ModifyWebHookRule
- ModifyWebHookRuleStatus
- TestWebHookRule
- ModifyLicenseOrder
- DescribeAlarmAttribute
- Making API Requests
- Intrusion Detection APIs
- DeleteMalwares
- TrustMalwares
- UntrustMalwares
- SeparateMalwares
- RecoverMalwares
- ExportMalwares
- DescribeLoginWhiteList
- DeleteLoginWhiteList
- ExportNonlocalLoginPlaces
- ExportBruteAttacks
- DeleteMaliciousRequests
- ExportMaliciousRequests
- MisAlarmNonlocalLoginPlaces
- DescribeNonlocalLoginPlaces
- DescribeMalwares
- DescribeBruteAttacks
- UntrustMaliciousRequest
- TrustMaliciousRequest
- DescribeMaliciousRequests
- ModifyLoginWhiteList
- AddLoginWhiteList
- Data Types
- Error Codes
- FAQs
- Agreements
- Contact Us
- Glossary
- Release Notes and Announcements
- Product Introduction
- Purchase Guide
- Quick Start
- Operation Guide
- Security Dashboard
- Asset Overview
- Server List
- Asset Fingerprint
- Vulnerability Management
- Baseline Management
- Malicious File Scan
- Unusual Login
- Password Cracking
- Malicious Requests
- High-risk Commands
- Local Privilege Escalation
- Reverse Shell
- Java Webshell
- Critical File Monitor
- Network Attack
- A Ransomware Defense
- Log Analysis
- License Management
- Cloud Access Management
- Hybrid Cloud Installation Guide
- FAQs for Beginners
- Cloud Workload Protection Description
- Practical Tutorial
- Troubleshooting
- API Documentation
- History
- Introduction
- API Category
- Asset Management APIs
- DescribeAssetMachineList
- DescribeAssetMachineDetail
- DescribeAssetUserList
- DescribeAssetUserInfo
- DescribeAssetPortInfoList
- DescribeAssetProcessInfoList
- DescribeAssetAppList
- DescribeAssetAppProcessList
- DescribeAssetDatabaseList
- DescribeAssetDatabaseInfo
- DescribeAssetWebAppList
- DescribeAssetWebServiceInfoList
- DescribeAssetWebAppPluginList
- DescribeAssetWebServiceProcessList
- DescribeAssetWebFrameList
- DescribeAssetWebLocationList
- DescribeAssetWebLocationInfo
- DescribeAssetJarList
- DescribeAssetJarInfo
- DescribeAssetInitServiceList
- DescribeAssetPlanTaskList
- DescribeAssetCoreModuleList
- DescribeAssetCoreModuleInfo
- DescribeAssetSystemPackageList
- SyncAssetScan
- DescribeAssetRecentMachineInfo
- DescribeAssetMachineTagTop
- DescribeAssetLoadInfo
- DescribeAssetTypeTop
- ExportAssetRecentMachineInfo
- DescribeMachineGeneral
- DescribeMachineRegions
- DescribeMachineOsList
- DescribeMachineLicenseDetail
- DescribeMachinesSimple
- DescribeDirectConnectInstallCommand
- DescribeAgentInstallationToken
- RemoveMachine
- DescribeHostInfo
- EditTags
- DescribeTags
- DeleteTags
- DeleteMachineTag
- UpdateMachineTags
- DescribeTagMachines
- ExportAssetUserList
- DescribeAssetUserCount
- ExportAssetMachineList
- ExportAssetMachineDetail
- DescribeAssetPortCount
- ExportAssetPortInfoList
- DescribeAssetProcessCount
- DescribeProcessStatistics
- ExportAssetProcessInfoList
- DescribeAssetAppCount
- ExportAssetAppList
- DescribeAssetDatabaseCount
- ExportAssetDatabaseList
- DescribeAssetWebAppCount
- ExportAssetWebAppList
- DescribeAssetWebServiceCount
- ExportAssetWebServiceInfoList
- DescribeAssetWebLocationCount
- ExportAssetWebLocationList
- DescribeAssetWebLocationPathList
- DescribeAssetWebFrameCount
- ExportAssetWebFrameList
- ExportAssetCoreModuleList
- DescribeAssetDiskList
- DescribeFileTamperRules
- DescribeMachineFileTamperRules
- ExportAssetEnvList
- DescribeAssetHostTotalCount
- DescribeAssetTotalCount
- ExportAssetInitServiceList
- ExportAssetJarList
- ExportAssetPlanTaskList
- ExportAssetSystemPackageList
- DescribeAssetUserKeyList
- DescribeComponentStatistics
- DescribeHistoryAccounts
- DescribeAccountStatistics
- DeleteMachineClearHistory
- DescribeAssetInfo
- ModifyMachineAutoClearConfig
- DescribeExportMachines
- DescribeMachineClearHistory
- CreateIncidentBacktracking
- DescribeMachineRegionList
- DescribeProcesses
- DescribeProcessTaskStatus
- DescribeComponents
- DescribeComponentInfo
- DescribeAccounts
- CreateProcessTask
- DescribeOpenPortTaskStatus
- AddMachineTag
- CreateOpenPortTask
- Virus Scanning APIs
- DescribeMalWareList
- DescribeMalwareInfo
- DescribeMalwareWhiteList
- DescribeNetAttackWhiteList
- DescribeMalwareWhiteListAffectList
- DeleteMalwareWhiteList
- DeleteNetAttackWhiteList
- DescribeMalwareFile
- CreateScanMalwareSetting
- DeleteMalwareScanTask
- DescribeScanMalwareSchedule
- DescribeMalwareRiskWarning
- ModifyMalwareTimingScanSettings
- DescribeMalwareTimingScanSetting
- DescribeServersAndRiskAndFirstInfo
- DescribeVulDefenceSetting
- DescribeVulDefencePluginExceptionCount
- DescribeVulDefenceOverview
- DescribeJavaMemShellList
- ModifyJavaMemShellsStatus
- DescribeJavaMemShellPluginList
- DeleteAllJavaMemShells
- DescribeJavaMemShellInfo
- DescribeJavaMemShellPluginInfo
- ModifyJavaMemShellPluginSwitch
- CreateMalwareWhiteList
- CreateNetAttackWhiteList
- DescribeMalwareRiskOverview
- DescribeRiskProcessEvents
- ModifyMalwareWhiteList
- ModifyNetAttackWhiteList
- ExportJavaMemShellPlugins
- ExportJavaMemShells
- ExportRiskProcessEvents
- Abnormal Log-in APIs
- Password Cracking APIs
- Malicious Request APIs
- DescribeRiskDnsList
- CreateMaliciousRequestWhiteList
- ModifyMaliciousRequestWhiteList
- DeleteMaliciousRequestWhiteList
- DescribeMaliciousRequestWhiteList
- DeleteRiskDnsEvent
- DeleteRiskDnsPolicy
- DescribeRiskDnsEventInfo
- DescribeRiskDnsEventList
- DescribeRiskDnsPolicyList
- ExportRiskDnsPolicyList
- ModifyRiskDnsPolicy
- ModifyRiskDnsPolicyStatus
- DescribeRiskDnsInfo
- ExportRiskDnsEventList
- High-Risk Command APIs
- DescribeBashEvents
- DescribeBashEventsNew
- SetBashEventsStatus
- DeleteBashEvents
- DescribeBashPolicies
- DescribeBashRules
- EditBashRules
- ModifyBashPolicy
- DeleteBashPolicies
- DeleteBashRules
- ModifyBashPolicyStatus
- SwitchBashRules
- CheckBashPolicyParams
- CheckBashRuleParams
- DescribeBashEventsInfo
- DescribeBashEventsInfoNew
- ExportBashEvents
- ExportBashEventsNew
- ExportBashPolicies
- Local Privilege Escalation APIs
- Reverse Shell APIs
- Vulnerability Management APIs
- ScanVul
- DescribeScanSchedule
- ScanVulAgain
- DescribeVdbAndPocInfo
- DescribeVulEmergentMsg
- DescribeVulTop
- DescribeVulHostTop
- DescribeVulHostCountScanTime
- DescribeUndoVulCounts
- DescribeVulCountByDates
- DescribeVulLevelCount
- ExportVulList
- CreateEmergencyVulScan
- DescribeVulCveIdInfo
- DescribeVulInfoCvss
- DescribeVulEffectHostList
- DescribeVulEffectModules
- ExportVulEffectHostList
- ExportVulInfo
- IgnoreImpactedHosts
- CancelIgnoreVul
- ExportVulDetectionReport
- ModifyVulDefenceSetting
- ExportVulDefencePluginEvent
- DescribeVulDefencePluginDetail
- DescribeVulDefenceEvent
- ExportVulDefenceEvent
- ModifyVulDefenceEventStatus
- DescribeDefenceEventDetail
- CreateVulFix
- DescribeCanFixVulMachine
- DescribeMachineSnapshot
- DescribeVulDefenceList
- DescribeVulFixStatus
- ExportVulDefenceList
- RetryCreateSnapshot
- RetryVulFix
- DescribeScanVulSetting
- ScanVulSetting
- DescribeEmergencyVulList
- DescribeVulDefencePluginStatus
- ExportVulDetectionExcel
- DescribeVulList
- RescanImpactedHost
- DescribeVuls
- DescribeVulScanResult
- DescribeVulInfo
- DescribeImpactedHosts
- DescribeAgentVuls
- New Baseline Management APIs
- DeleteBaselinePolicy
- DescribeBaselineHostDetectList
- DescribeBaselineItemDetectList
- DescribeBaselineItemList
- DescribeBaselinePolicyList
- DescribeBaselineWeakPasswordList
- DescribeIgnoreHostAndItemConfig
- ExportBaselineFixList
- ExportBaselineHostDetectList
- ExportBaselineItemDetectList
- StartBaselineDetect
- StopBaselineDetect
- SyncBaselineDetectSummary
- DescribeHotVulTop
- DescribeVulStoreList
- ModifyBaselinePolicy
- Baseline Management APIs
- DescribeBaselineTop
- DescribeBaselineHostTop
- DescribeBaselineDefaultStrategyList
- CreateBaselineStrategy
- DescribeStrategyExist
- UpdateBaselineStrategy
- DeleteBaselineStrategy
- DescribeBaselineStrategyList
- DescribeBaselineStrategyDetail
- DescribeBaselineBasicInfo
- DescribeBaselineEffectHostList
- DescribeBaselineList
- DescribeBaselineDetail
- DescribeSecurityBroadcastInfo
- ScanBaseline
- DescribeBaselineScanSchedule
- CheckFirstScanBaseline
- ChangeStrategyEnableStatus
- ChangeRuleEventsIgnoreStatus
- DescribeIgnoreBaselineRule
- DescribeIgnoreRuleEffectHostList
- DescribeBaselineRule
- ExportBaselineEffectHostList
- ExportBaselineList
- ExportIgnoreBaselineRule
- ExportIgnoreRuleEffectHostList
- Advanced Defense APIs
- DescribeAttackEvents
- DescribeAttackLogs
- DescribeMachineDefenseCnt
- DescribeMachineRiskCnt
- ExportFileTamperEvents
- DescribeAttackVulTypeList
- DescribeVulLabels
- DescribeVulOverview
- CheckFileTamperRule
- DescribeRansomDefenseBackupList
- DescribeRansomDefenseEventsList
- DescribeRansomDefenseMachineList
- DescribeRansomDefenseRollBackTaskList
- DescribeRansomDefenseStrategyMachines
- ModifyWebPageProtectSwitch
- ModifyFileTamperEvents
- ModifyFileTamperRuleStatus
- DescribeFileTamperEventRuleInfo
- DescribeFileTamperRuleCount
- DescribeFileTamperRuleInfo
- ModifyRansomDefenseEventsStatus
- DescribeFileTamperEvents
- DescribeRansomDefenseStrategyList
- ExportRansomDefenseBackupList
- ExportRansomDefenseEventsList
- ExportRansomDefenseMachineList
- ExportRansomDefenseStrategyList
- ExportRansomDefenseStrategyMachines
- ModifyFileTamperRule
- ExportFileTamperRules
- ModifyNetAttackSetting
- DescribeAttackEventInfo
- DescribeAttackStatistics
- DescribeAttackTop
- DescribeAttackTrends
- DescribeNetAttackSetting
- ExportAttackEvents
- Security Operation APIs
- Expert Service APIs
- Other APIs
- DescribeOpenPortStatistics
- DeleteMachine
- DeleteNonlocalLoginPlaces
- DescribeUsualLoginPlaces
- DeleteBruteAttacks
- DescribeLogStorageConfig
- DescribeLogStorageRecord
- ModifyLogStorageConfig
- DescribeTrialReport
- DescribeAssetEnvList
- DescribeABTestConfig
- DescribeRiskBatchStatus
- ExportTasks
- DescribeGeneralStat
- DescribeScreenGeneralStat
- DescribeVersionStatistics
- DescribeSafeInfo
- CreateRansomDefenseStrategy
- DescribeRansomDefenseMachineStrategyInfo
- DescribeRansomDefenseState
- DescribeRansomDefenseStrategyDetail
- DescribeRansomDefenseTrend
- DescribeSecurityEventStat
- ModifyRansomDefenseStrategyStatus
- RansomDefenseRollback
- DescribeScreenAttackHotspot
- DescribeScreenBroadcasts
- DescribeScreenDefenseTrends
- DescribeScreenEmergentMsg
- DescribeScreenEventsCnt
- DescribeScreenHostInvasion
- DescribeScreenMachineRegions
- DescribeScreenMachines
- DescribeScreenProtectionCnt
- DescribeScreenRiskAssetsTop
- DescribeSecurityEventsCnt
- ExportSecurityTrends
- DescribeScanTaskDetails
- DescribeScanState
- DeleteScanTask
- DescribeScanTaskStatus
- ScanTaskAgain
- DescribeAgentInstallCommand
- DescribePublicProxyInstallCommand
- DescribeVersionCompareChart
- CreateBuyBindTask
- SyncMachines
- CheckLogKafkaConnectionState
- CreateLogExport
- DeleteLogExport
- DescribeAESKey
- DescribeAssetTypes
- DescribeAttackSource
- DescribeAttackSourceEvents
- DescribeCanNotSeparateMachine
- DescribeClientException
- DescribeFastAnalysis
- DescribeLogDeliveryKafkaOptions
- DescribeLogExports
- DescribeLogHistogram
- DescribeLogIndex
- DescribeLogKafkaDeliverInfo
- DescribeScreenProtectionStat
- DescribeWarningHostConfig
- ModifyLogKafkaAccess
- ModifyLogKafkaDeliverType
- ModifyLogKafkaState
- ModifyEventAttackStatus
- ModifyRiskEventsStatus
- ModifyWarningHostConfig
- SearchLog
- StopAssetScan
- ClearLocalStorage
- DescribeLicenseWhiteConfig
- DescribeProductStatus
- GetLocalStorageItem
- KeysLocalStorage
- RemoveLocalStorageItem
- SetLocalStorageExpire
- SetLocalStorageItem
- DescribeVulTrend
- ExportScanTaskDetails
- DescribeAlarmIncidentNodes
- DescribeAlarmVertexId
- DescribeEventByTable
- DescribeProVersionStatus
- DescribeVertexDetail
- DeleteWebHookPolicy
- DeleteWebHookReceiver
- DescribeRecommendedProtectCpu
- DescribeUsersConfig
- DescribeWebHookPolicy
- DescribeWebHookReceiver
- DescribeWebHookReceiverUsage
- ModifyUsersConfig
- ModifyWebHookPolicy
- ModifyWebHookPolicyStatus
- ModifyWebHookReceiver
- DeleteUsualLoginPlaces
- CreateUsualLoginPlaces
- CloseProVersion
- DescribeWeeklyReports
- DescribeWeeklyReportVuls
- DescribeWeeklyReportNonlocalLoginPlaces
- DescribeWeeklyReportMalwares
- DescribeWeeklyReportInfo
- DescribeWeeklyReportBruteAttacks
- DescribeOpenPorts
- RenewProVersion
- OpenProVersionPrepaid
- ModifyProVersionRenewFlag
- InquiryPriceOpenProVersionPrepaid
- OpenProVersion
- Overview Statistics APIs
- Settings Center APIs
- DescribeProVersionInfo
- DescribeWarningList
- ModifyWarningSetting
- ModifyAutoOpenProVersionConfig
- DescribeLicenseGeneral
- DescribeLicenseList
- DeleteLicenseRecord
- DescribeLicenseBindList
- ModifyLicenseBinds
- DescribeLicenseBindSchedule
- CreateLicenseOrder
- DeleteLicenseRecordAll
- DestroyOrder
- CreateWhiteListOrder
- DeleteWebHookRule
- DescribeLicense
- DescribeWebHookRule
- DescribeWebHookRules
- ExportLicenseDetail
- ModifyWebHookRule
- ModifyWebHookRuleStatus
- TestWebHookRule
- ModifyLicenseOrder
- DescribeAlarmAttribute
- Making API Requests
- Intrusion Detection APIs
- DeleteMalwares
- TrustMalwares
- UntrustMalwares
- SeparateMalwares
- RecoverMalwares
- ExportMalwares
- DescribeLoginWhiteList
- DeleteLoginWhiteList
- ExportNonlocalLoginPlaces
- ExportBruteAttacks
- DeleteMaliciousRequests
- ExportMaliciousRequests
- MisAlarmNonlocalLoginPlaces
- DescribeNonlocalLoginPlaces
- DescribeMalwares
- DescribeBruteAttacks
- UntrustMaliciousRequest
- TrustMaliciousRequest
- DescribeMaliciousRequests
- ModifyLoginWhiteList
- AddLoginWhiteList
- Data Types
- Error Codes
- FAQs
- Agreements
- Contact Us
- Glossary
Global Specification
Log contents are in JSON format.
Log character encoding is in UTF-8 format.
Logs contain common fields and type-specific fields. Refer to Fields Description for details.
Currently, logs are divided into three types: event logs, asset logs, and client logs
Log Type
The log type is determined by the common field cls_event_type, and currently, the log type values are defined as follows:
Event Logs
cls_event_type | Log Type Values |
malware | |
risk_process | |
hostlogin | |
bruteattack | |
risk_dns | |
bash | |
privilege_escalation | |
reverse_shell | |
emergency_vul | |
linux_app_vul | |
windows_sys_vul | |
Web-CMS_vul | |
application_vul | |
baseline | |
attack_logs | |
java_shell | |
file_tamper | |
tamper_protect_logs | |
tamper_protect_exceptions | |
client_uninstall | |
client_offline |
Asset Logs
cls_event_type | Log Type Values |
machines | |
asset_system | |
asset_account | |
asset_netstat | |
asset_process | |
asset_app | |
asset_database | |
asset_web_app | |
asset_web_service | |
asset_web_frame | |
asset_web_location | |
asset_jar | |
asset_init_service | |
asset_scheduled_task | |
asset_env | |
asset_core_module | |
asset_package |
Client Report Logs
cls_event_type | Log Type Values |
client_log | |
dns_log | |
process_snapshot | |
net_log | |
file_log | |
login_log |
Event Log Fields Description
Common Fields Description
Field | Type | Description |
id | string | Database Record id |
appid | string | User appid |
create_time | string | Event Creation Time |
modify_time | string | Event Modification Time |
cls_event_type | string | Event Type |
event_status | string | Event Status (Create, Modify, and Delete) |
Malicious File Scan Fields Description
Field | Type | Description |
uuid | string | Machine uuid |
hostip | string | Host IP |
file_path | string | File Path |
md5 | string | File md5 |
filesize | string | File Size |
file_create_time | string | File Creation Time |
file_modify_time | string | File Modification Time |
file_access_time | string | File Access Time |
status | string | Status (Pending, Trusted, Isolated, Allowlisted File, File Deleted, In Quarantine, In Restoration, and Event Record Deleted) |
virus_name | string | Virus Name |
bwtype | string | Sample Attributes (10: Allowlisted; 20~29: Blocklisted) |
path_md5 | string | File Path md5 |
Abnormal Process Fields Description
Field | Type | Description |
uuid | string | Machine uuid |
hostip | string | Host IP |
pid | int | Process ID |
exe_path | string | Process Path |
exe_md5 | string | Process md5 |
exe_desc | string | Process Details |
exe_argv | string | Process Parameters |
exe_create_time | string | Process Creation Time |
exe_modify_time | string | Process Modification Time |
exe_access_time | string | Process Access Time |
status | string | Status (Pending, Trusted, Cleaned Up, and Exited) |
start_time | string | Process Start Time |
virus_name | string | Virus Name |
latest_scan_time | string | Latest Scan Time |
pstree | string | Process Tree Details (json Format) |
risk_level | string | Risk Level (Advisory, Low, Medium, High, and Critical) |
pay_version | string | Machine Version (Basic Edition, Professional Edition, Ultimate Edition, and Universal Edition) |
rss | int | Process Memory |
permission | string | Process Permissions |
Abnormal Log-in Fields Description
Field | Type | Description |
uuid | string | Machine uuid |
hostip | string | Host IP |
username | string | Log-in Username |
count | string | Log-in Attempts (Aggregated Once per Minute) |
src_ip | string | Log-in Source IP |
dst_port | string | Log-in Port |
src_machine_name | string | Log-in Source Machine Name |
login_time | string | Log-in Time |
status | string | Status (Normal Log-in, Abnormal Log-in, Allowlisted, Deleted, Confirmed Intrusion Log-in, Processed, and Ignored) |
location | string | Location |
Password Cracking Fields Description
Field | Type | Description |
uuid | string | Machine uuid |
hostip | string | Host IP |
username | string | Username |
count | string | Attempt Count |
event_type | string | Event Type (Brute Force Failure, Brute Force Success, and Brute Force on Non-existent Account) |
src_ip | string | Source IP |
dst_port | string | Source Port |
src_machine_name | string | Source Machine Name |
status | string | Status (Pending, Ignored, False Positive, Deleted, Hit Allowlist, Processed, and Allowlisted) |
location | string | Location |
banned | string | Blocking Status (Not Blocked, Blocked, Not Blocked (Blocking Not Enabled), Not Blocked (Non-Professional Edition), Not Blocked (Allowlisted), Not Blocked (No Public IP Bound), Blocking Failed (Interface Anomaly), Blocking Failed (Private Network Not Supported), and Blocking Failed (Available Zone Not Supported)) |
Malicious Request Fields Description
Field | Type | Description |
uuid | string | Machine uuid |
hostip | string | Host IP |
url | string | Domain Name |
pid | string | Process ID |
process_name | string | Process Name |
cmd_line | string | Command Line |
status | string | Status (Pending, Deleted, Allowlisted, Trust Revoked by User, Processed, and Ignored) |
access_count | string | Request Count |
query_time | string | First Request Time |
merge_time | string | Recent Request Time |
High-risk Command Fields Description
Field | Type | Description |
uuid | string | Machine uuid |
hostip | string | Host IP |
user | string | Executing User |
platform | string | Platform |
exec_time | string | Command Execution Time |
bash_cmd | string | Executed Command |
status | string | Status (Pending, Hazardous Command, Normal Command, Ignored, and Deleted) |
rule_name | string | Hit Rule Name |
rule_level | string | Command Hazard Level (High, Medium, and Low) |
Local Privilege Escalation Fields Description
Field | Type | Description |
uuid | string | Machine uuid |
hostip | string | Host IP |
process_name | string | Process Name |
full_path | string | File Path |
pid | string | Process ID |
cmd_line | string | Command Line |
user_name | string | Executing User |
user_group | string | Group to Which the Executing User Belongs |
proc_file_privilege | string | Process File Permission Information |
ppid | string | Parent Process ID |
parent_proc_name | string | Parent Process Name |
parent_proc_user | string | User Executing the Parent Process |
parent_proc_group | string | Group to Which the Executing User of Parent Process Belongs |
parent_proc_path | string | Parent Process Path |
find_time | string | Execution Time |
proc_tree | string | Process Tree |
sid | string | User sessionid (Currently Default to 0) |
uid | string | User ID |
gid | string | User Group ID |
euid | string | Effective User ID |
egid | string | Effective User Group ID |
status | string | Status (Pending, Privilege Escalation Event, Allowlisted, Processed, Ignored, and Deleted) |
Reverse Shell Fields Description
Field | Type | Description |
uuid | string | Machine uuid |
hostip | string | Host IP |
dst_ip | string | Destination IP |
dst_port | string | Destination Port |
process_name | string | Executed Process |
full_path | string | Process Path |
pid | string | Process ID |
cmd_line | string | Executed Command |
user_name | string | Executing User |
user_group | string | Group to Which the Executing User Belongs |
ppid | string | Parent Process ID |
parent_proc_name | string | Parent Process Name |
parent_proc_user | string | User Executing the Parent Process |
parent_proc_group | string | Group to Which the Executing User of Parent Process Belongs |
parent_proc_path | string | Parent Process Path |
find_time | string | Execution Time |
proc_tree | string | Process Tree |
status | string | Status (Pending, Reverse Shell Event, Allowlisted, Processed, Ignored, and Deleted) |
Vulnerability Fields Description
Field | Type | Description |
uuid | string | Machine uuid |
hostip | string | Host IP |
status | string | Vulnerability Status (Pending, Ignored, Fixed, Under Detection, Fix In Progress, Rolling Back, Fix Failed, Expired, and Offline) |
vul_category | string | Vulnerability Classification (Web Application Vulnerability, System Component Vulnerability, Linux System Vulnerability, and Windows System Vulnerability) |
descript | string | Vulnerability Event Details |
path | string | The File Path of the Vulnerability |
remark | string | Vulnerability Remarks |
name | string | Vulnerability Name |
fix | string | Remediation Description |
cve_id | string | cve Number |
reference | string | Reference Description |
level | string | Vulnerability Severity Level (Low, Medium, High, and Advisory) |
is_emergency | string | Urgent or Not |
Baseline Fields Description
Field | Type | Description |
name | string | Baseline Name |
uuid | string | Machine uuid |
hostip | string | Host IP |
status | string | Status (Failed, Ignored, Passed, Deleted, and Under Detection) |
level | string | Severity Level (Low, Medium, High, and Critical) |
descript | string | Description |
remark | string | Remarks |
rule_id | string | Baseline Category ID |
category_name | string | Baseline Category Name |
item_id | string | Baseline Rule ID |
fix | string | Suggestions for Fix |
Network Attack Fields Description
Field | Type | Description |
uuid | string | Machine uuid |
dst_port | int | Destination Port |
src_ip | string | Source IP |
type | string | Type (Attack Attempt/Successful Attack) |
status | string | Event Status (Pending, Processed, Allowlisted, Ignored, Deleted, and Defense Enabled) |
count | int | Event Merging Count |
svc_ps | string | Service Process Details (json Format) |
net_payload | string | Attack Packet (Plaintext Format) |
merge_time | string | Event Merging Time (Latest Detection Time) |
host_op_type | string | Abnormal Behavior Type (No Compromised Behavior/rce (Command Execution)/dnslog/writefile) |
host_op_pstree | string | Abnormal Behavior Process Tree (json Format) |
host_op | string | Abnormal Behavior Content |
hostip | string | Host IP |
Java Webshell Fields Description
Field | Type | Description |
uuid | string | Machine uuid |
type | string | Trojan Type (Filter, Listener, Servlet, Interceptors, Client, etc.) |
exe | string | Java Process Path |
argv | string | Java Process Command Line |
pid | string | Java Process Process ID |
class_name | string | Memory Shellcode class_name |
loader_class_name | string | Memory Shellcode loader_class_name |
super_class_name | string | Memory Shellcode Parent Class super_class_name |
interfaces | string | Memory Shellcode interfaces |
recent_found_time | string | Last Detection Time |
status | string | Status (Pending, Allowlisted, Deleted, Ignored, and Manually Processed) |
file_exist | string | File Exists or Not (File Does Not Exist, File Exists) |
class_file | string | The File Path of class |
Kernel File Monitoring Fields Description
Field | Type | Description |
uuid | string | Machine uuid |
hostip | string | Host IP |
hostname | string | Host name |
process_exe | string | Process Path |
process_argv | string | Process Command Line Parameters |
target | string | The File Path of the Destination |
status | string | Status (Pending, Allowlisted, Deleted, Ignored, and Manually Processed) |
event_count | string | Event Occurrence Count |
rule_name | string | Rule Name |
event_detail | string | Event Details (json Format) |
pstree | string | Process Tree |
rule | string | Rule Group Details (json Format) |
level | string | Severity Level (None, High, Medium, and Low) |
Web Tamper Protection Event Fields Description
Field | Type | Description |
uuid | string | Machine uuid |
path | string | File Path |
recover_type | string | Recovery Type (Recovery for Content Modification, Recovery for Permission Modification, Recovery for Ownership Modification, Recovery for Deletion, and Deletion for Addition) |
has_recovered | string | Deleted or Not (Not Deleted, Deleted) |
recover_time | string | Restoration Time |
is_manual_recover | string | Whether Manually Restored by User (No, Yes) |
is_deleted | string | Deleted or Not (Not Deleted, Deleted) |
status | string | Status (Pending, Confirm Malicious, and Confirm False Positive) |
file_type | string | File Type (Regular File, Directory, and Symbolic Link) |
Web Tamper Protection Anomaly Fields Description
Field | Type | Description |
quuid | string | Machine uuid |
exception | string | Exception Type (No Exception, Beyond Limit, Client Offline, Timed Out, Insufficient Disk Space, Machine Destroyed, File Changed During Backup, File Not Found During Backup, Beyond Limit (Monitoring Path is not a Directory), Beyond Limit (File Type not Supported), Beyond Limit (Number of Files Exceeded the Limit), Beyond Limit (Path Too Long), Beyond Limit (File Too Large), Beyond Limit (Failed to Read File), Beyond Limit (Too Many Protected Directories/Subdirectories), etc.) |
exception_message | string | Exception Prompt |
Client Uninstallation Fields Description
Field | Type | Description |
uuid | string | Machine uuid |
pstree | string | Process Tree |
uninstall_time | string | Uninstallation Time |
Offline Client Fields Description
Field | Type | Description |
uuid | string | Machine uuid |
offline_time | string | Machine Offline Time |
Asset Log Fields Description
Common Fields Description
Field | Type | Description |
id | string | Database Record ID |
appid | string | User appid |
host_name | string | Host name |
host_ip | string | Host Private IP |
wan_ip | string | Host Public IP |
instance_id | string | Instance ID |
os_name | string | Operating System Name |
os_type | string | Operating System Type (Unknow, CentOS, Debian, Gentoo, RedHat, Ubuntu, WindowsServer, TencentOS, CoreOS, FreeBSD, and SUSE) |
create_time | int | Creation Time (Timestamp Format) |
update_time | int | Asset Update Time (Timestamp Format) |
cls_event_type | string | Event Type |
event_status | string | Event Status (create, modify, and delete) |
Host List Fields Description
Field | Type | Description |
quuid | string | Machine quuid |
machine_type | string | Machine Type (CVM, LH, Other, and ECM) |
region | string | Region |
project_id | int | Instance Project ID |
instance_id | string | Instance ID |
instance_state | string | Instance Status (PENDING, LAUNCH_FAILED, RUNNING, STOPPED, STARTING, STOPPING, REBOOTING, SHUTDOWN, TERMINATING, and TERMINATED) |
restrict_state | string | Business Status (NORMAL, EXPIRED, PROTECTIVELY_ISOLATED, and TERMINATED_PRO_VERSION) |
instance_name | string | Instance Name |
private_ip_addresses | string | Instance Private IP Address |
public_ip_addresses | string | Instance Public IP Address |
ipv6_addresses | string | Instance IPv6 Address |
vpc_id | string | vpc id |
os_name | string | Operating System Name |
os_type | string | Operating System Type (Unknow, CentOS, Debian, Gentoo, RedHat, Ubuntu, WindowsServer, TencentOS, CoreOS, FreeBSD, and SUSE) |
installed_cwp | int | Whether or Not Installed CWPP Client (0: Not Installed; 1: Installed) |
latest_sync_time | string | Last Synchronization Time |
Resource Monitoring Fields Description
Field | Type | Description |
core_version | string | Kernel Version |
boot_time | int | System Boot Time (unix Timestamp) |
cpu_info | string | CPU Information |
cpu_size | int | Number of CPUs |
cpu_load | float | CPU Utilization |
memory_size | int | Memory Size (MB) |
memory_load | float | Memory Utilization |
disk_size | int | Disk Size (MB) |
disk_load | float | Disk Utilization |
Account Fields Description
Field | Type | Description |
group_name | string | Account GroupName |
status | string | Account Status (Disabled, Enabled) |
is_root | string | Whether or Not Have Root Privilege |
name | string | Account Name |
type | string | Account Type (Guest User, Standard User, and Administrator User) |
home_path | string | Home Directory |
shell | string | Shell Path |
password_change_time | string | Password Change Time |
password_due_days | int | Password Due Days (-1 means that it never expires.) |
password_lock_days | int | Password Lockout Duration in Days (-1 means that it is infinite.) |
password_warn_days | int | Password Expiration Reminder in Days |
password_change_type | string | Password Change Settings (Not Modifiable, Modifiable) |
password_status | string | Password Status (Normal, Expiring Soon, Expired, and Locked) |
login_type | string | Log-in Method (No Log-in Allowed, Key-only Log-in, Password-only Log-in, and Key and Password Allowed) |
last_login_time | int | Last Log-in Time |
last_login_terminal | string | Last Log-in Terminal |
last_login_ip | string | Last Log-in IP |
disable_time | string | Account Expiration Time |
Port Fields Description
Field | Type | Description |
name | string | Process Name |
version | string | Process Version |
path | string | Process Path |
parent_process_name | string | Parent Process Name |
pid | string | Process ID |
user | string | Running User |
group_name | string | Belonging User Group |
start_time | int | Start Time (unix Timestamp) |
param | string | Startup Parameters |
tty | string | Process TTY |
port | string | Port |
ppid | string | Parent Process ID |
proto | string | Port Protocol |
Software Application Fields Description
Field | Type | Description |
name | string | Application Name |
type | string | Application Type (Ops Tool, Database, Secure Application, Suspicious Application, System Architecture, System Application, WEB Ops, etc.) |
bin_path | string | Binary Path |
config_path | string | The File Path of the Configuration |
process_count | int | Associated Process Count |
version | string | Version Number |
Process Fields Description
Field | Type | Description |
name | string | Process Name |
group_name | string | Process User Group |
desc | string | Process Description |
path | string | Process Path |
pid | string | Process ID |
ppid | string | Parent Process ID |
parent_process_name | string | Parent Process Name |
user | string | Running User |
start_time | int | Start Time |
param | string | Startup Parameters |
tty | string | Process TTY |
version | string | Process Version |
status | string | Process Status (None, Executable, Interruptible, Not Interruptible, Paused or Traced, Zombie, To Be Destroyed, Idle, and Waiting for Memory Allocation) |
package_name | string | Software Package Name |
Database Fields Description
Field | Type | Description |
name | string | Database Name |
version | string | Version |
port | string | Port |
proto | string | Protocol |
user | string | Running User |
ip | string | Bound IP |
config_path | string | The File Path of the Configuration |
log_path | string | The File Path of Logs |
data_path | string | Data Path |
permission | string | Running Permission |
error_log_path | string | Error Log Path |
plugin_path | string | Plugin Path |
bin_path | string | Binary Path |
param | string | Startup Parameters |
Web Application Fields Description
Field | Type | Description |
name | string | Application Name |
desc | string | Application Description |
version | string | Version |
root_path | string | Root Path |
service_type | string | Service Type |
domain | string | Site Domain Name |
virtual_path | string | Virtual Path |
plugin_count | int | Plugin Count |
Web Servie Fields Description
Field | Type | Description |
name | string | Framework Name |
version | string | Version |
bin_path | string | Binary Path |
service_type | string | Service Type |
user | string | Starting User |
install_path | string | Installation Path |
config_path | string | Configuration Path |
process_count | int | Associated Process Count |
Web Framework Fields Description
Field | Type | Description |
name | string | Framework Name |
version | string | Version |
lang | string | Language |
service_type | string | Service Type |
path | string | Application Path |
Web Site Fields Description
Field | Type | Description |
name | string | Domain Name |
port | string | Site Port |
proto | string | Site Protocol |
service_type | string | Service Type |
path_count | int | Site Path Count |
user | string | Running User |
ip | string | Bound IP |
command | string | Startup Command |
jar File Fields Description
Field | Type | Description |
name | string | Name |
type | string | Type (Application, System Class Library, Web Service Built-in Library, and Other) |
status | string | Executable or Not |
version | string | Version |
path | string | Path |
Startup Service Fields Description
Field | Type | Description |
name | string | Name |
type | string | Type |
status | string | Default Enablement Status (Enabled, Not Enabled) |
user | string | Starting User |
path | string | Path |
Scheduled Task Fields Description
Field | Type | Description |
status | string | Default Enablement Status (Enabled, Not Enabled) |
cycle | string | Execution Cycle |
command | string | Execute Command or Script |
user | string | Starting User |
config_path | string | The File Path of the Configuration |
os_info | string | Operating System |
Environment Variable Fields Description
Field | Type | Description |
name | string | Name |
type | string | Type (User, System) |
user | string | Starting User |
value | string | Environment Variable Value |
Kernel Module Fields Description
Field | Type | Description |
name | string | Name |
desc | string | Description |
path | string | Path |
version | string | Version |
size | int | Size |
System Installation Package Fields Description
Field | Type | Description |
name | string | Installation Package Name |
desc | string | Description |
version | string | Version |
install_time | int | Installation Time (unix Timestamp) |
type | string | Type |
Client Reporting Log Fields Description
Original Log Fields Description
Field | Type | Description |
appid | int | User appid |
uuid | string | Machine uuid |
path | string | The File Path of Logs |
tag | string | Tag (To be Defined by User) |
time | string | Log Time |
log | string | Log Content |
DNS Log Fields Description
Field | Type | Description |
appid | int | User appid |
quuid | string | Machine quuid |
uuid | string | Machine uuid |
recv_time | int | Timestamp |
domain | string | Domain Name |
hostip | string | Host IP |
platform | string | Platform: Linux, Windows |
pid | int | Process ID |
process_path | string | Process Path |
cmdline | string | Process Command Line Parameters |
count | int | Number of Accesses during Reporting Period |
Process Snapshot Fields Description
Field | Type | Filed Description |
appid | string | Account appid |
quuid | string | Host quuid (Corresponding cvm uuid) |
uuid | string | Host uuid |
hostip | string | Host ip (ip Connected with the Backend) |
instance_id | string | Instance id |
event_name | string | Event Type: process - Process Event |
pid | int | Process ID |
ppid | int | Parent Process ID |
sid | int | Process Session ID (Linux Only) |
uid | int | Process uid (Linux Only) |
gid | int | Process gid (Linux Only) |
euid | int | Process euid (Linux Only) |
egid | int | Process egid (Linux Only) |
report_type | int | Report Type: 0: - Real-time Process; 1: - Process Snapshot |
parent_proc_name | string | Parent Process Name |
process_name | string | Process Name |
process_path | string | Process Path |
cmdline | string | Process Command Line |
user_name | string | Process Starting User |
process_md5 | string | Process md5 |
platform | string | Platform: Linux and Windows |
time | int | Event Collection Timestamp |
timestamp | string | Event Storage Date and Time |
insert_time | int | Event Storage Timestamp |
Network Quintuple Log Fields Description
Field | Type | Filed Description |
appid | string | Account appid |
quuid | string | Host quuid (Corresponding cvm uuid) |
uuid | string | Host uuid |
hostip | string | Host ip (ip Connected with the Backend) |
instance_id | string | Instance id |
event_name | string | Event Type: net - Network Quintuple Logs |
pid | int | Process pid |
proc_path | string | Process Path |
argv | string | Process Execution Parameters |
username | string | User to Which the Process Belongs: User Group |
src_ip | string | Source ip |
src_port | int | Source Port |
dst_ip | string | Destination ip |
dst_port | int | Destination Port |
first_time | int | First Trigger Time during Reporting Period |
last_time | int | Last Trigger Time during Reporting Period |
count | int | Number of Triggers during Reporting Period |
time | int | Event Collection Timestamp |
timestamp | string | Event Storage Date and Time |
insert_time | int | Event Storage Timestamp |
File Monitoring Log Fields Description
Field | Type | Filed Description |
appid | string | Account appid |
quuid | string | Host quuid (Corresponding cvm uuid) |
uuid | string | Host uuid |
hostip | string | Host ip (ip Connected with the Backend) |
instance_id | string | Instance id |
event_name | string | Event Type: file - File Operation Event |
pid | int | Process ID |
ppid | int | Parent Process ID |
session_id | int | Process Session ID (Linux Only) |
uid | int | Process uid (Linux Only) |
gid | int | Process gid (Linux Only) |
file_path | string | Operation File Path |
cwd | string | Current Execution Path of the Process |
proc_path | string | Process Path |
argv | string | Process Command Line |
username | string | File Operation User |
parent_proc_name | string | Parent Process Name |
proc_name | string | Process Name |
proc_md5 | string | Process md5 |
proc_perm | string | Process File Execution Permissions |
proc_mtime | int | Process File modify time |
proc_ctime | int | Process File change time |
proc_atime | int | Process File access time |
operation | string | File Operation Type: write; rename |
file_size | int | File Size |
file_mtime | int | Operation File modify time |
file_ctime | int | Operation File change time |
file_atime | int | Operation File access time |
file_perm | string | Operation File Permissions |
file_owner | string | Operation File Owner |
time | int | Event Collection Timestamp |
timestamp | string | Event Storage Date and Time |
insert_time | int | Event Storage Timestamp |
Log-in Activity Log Fields Description
Field | Type | Filed Description |
appid | string | Account appid |
quuid | string | Host quuid (Corresponding cvm uuid) |
uuid | string | Host uuid |
hostip | string | Host ip (ip Connected with the Backend) |
instance_id | string | Instance id |
event_name | string | Event Type: login - Log-in Event |
src_ip | string | Log-in Source ip |
dst_port | int | Log-in Target Port |
protocol | string | Log-in Protocol |
count | int | Log-in Count |
event_type | string | Event Status: success: Log-in succeeded; fail: Log-in failed. |
time | int | Event Collection Timestamp |
insert_time | int | Event Storage Timestamp |
Yes
No
Was this page helpful?