Canary project configuration
Used by actions: DescribeABTestConfig.
Name | Type | Description |
---|---|---|
ProjectName | String | Canary project name |
Status | Boolean | Valid values: true (in canary upgrade); false (not in canary upgrade). |
Container runtime security - Sub-policy information
Used by actions: AddEditAbnormalProcessRule, DescribeAbnormalProcessDetail, DescribeAbnormalProcessRuleDetail.
Name | Type | Required | Description |
---|---|---|---|
RuleMode | String | Yes | Policy mode. RULE_MODE_RELEASE : Allow.RULE_MODE_ALERT : Alert.RULE_MODE_HOLDUP : Block. |
ProcessPath | String | Yes | Process path |
RuleId | String | No | Sub-policy ID Note: This field may return null, indicating that no valid values can be obtained. |
RuleLevel | String | No | Severity. Valid values: HIGH (high); MIDDLE (medium); LOW (low).Note: This field may return null, indicating that no valid values can be obtained. |
Description of the abnormal container process event at runtime
Used by actions: DescribeAbnormalProcessDetail.
Name | Type | Description |
---|---|---|
Description | String | Event rule |
Solution | String | Solution |
Remark | String | Event remarks Note: This field may return null, indicating that no valid values can be obtained. |
MatchRule | AbnormalProcessChildRuleInfo | Details of the hit rule |
RuleName | String | Name of the hit rule. Valid values: PROXY_TOOL (proxy); TRANSFER_CONTROL (lateral movement); ATTACK_CMD (malicious command); REVERSE_SHELL (reverse shell); FILELESS (fileless execution); RISK_CMD (high-risk command); ABNORMAL_CHILD_PROC (unusual start found in the child process of the sensitive service); USER_DEFINED_RULE (custom rule). |
RuleId | String | ID of the hit rule |
OperationTime | String | Last processing time of the event Note: This field may return null, indicating that no valid values can be obtained. |
GroupName | String | Name of the hit policy. Valid values: SYSTEM_DEFINED_RULE (preset policy); name of the custom policy.Note: This field may return null, indicating that no valid values can be obtained. |
Container runtime security - Information of the abnormal process
Used by actions: DescribeAbnormalProcessEvents.
Name | Type | Description |
---|---|---|
ProcessPath | String | Process directory |
EventType | String | Event type. MALICE_PROCESS_START : Malicious process startup. |
MatchRuleName | String | Name of the hit rule. Valid values: PROXY_TOOL (proxy); TRANSFER_CONTROL (lateral movement); ATTACK_CMD (malicious command); REVERSE_SHELL (reverse shell); FILELESS (fileless execution); RISK_CMD (high-risk command); ABNORMAL_CHILD_PROC (unusual start found in the child process of the sensitive service); USER_DEFINED_RULE (custom rule). |
FoundTime | Timestamp | Generation time |
ContainerName | String | Container name |
ImageName | String | Image name |
Behavior | String | Action execution result. BEHAVIOR_NONE : None.BEHAVIOR_ALERT : Alert.BEHAVIOR_RELEASE : Allow.BEHAVIOR_HOLDUP_FAILED : Failed to block.BEHAVIOR_HOLDUP_SUCCESSED : Blocked. |
Status | String | Status. EVENT_UNDEAL : Pending.EVENT_DEALED : Processed.EVENT_INGNORE : Ignored. |
Id | String | Unique event ID |
ImageId | String | Image ID, which is used for redirect. |
ContainerId | String | Container ID, which is used for redirect. |
Solution | String | Event solution |
Description | String | Event description |
MatchRuleId | String | Hit policy ID |
MatchAction | String | Action of the hit rule:RULE_MODE_RELEASE : Allow.RULE_MODE_ALERT : Alert.RULE_MODE_HOLDUP : Block. |
MatchProcessPath | String | Information of the process that hits the rule |
RuleExist | Boolean | Whether the rule exists |
EventCount | Integer | Number of events |
LatestFoundTime | Timestamp | Last generation time |
RuleId | String | Rule group ID |
MatchGroupName | String | Name of the hit policy. Valid values: SYSTEM_DEFINED_RULE (preset policy); name of the custom policy. |
MatchRuleLevel | String | Level of the hit rule. Valid values: HIGH (high); MIDDLE (medium); LOW (low). |
ContainerNetStatus | String | Network statusNORMAL : Not isolated.ISOLATED : Isolated.ISOLATING : Isolating.ISOLATE_FAILED : Isolation failed.RESTORING : Recovering.RESTORE_FAILED : Recovery failed.Note: This field may return null, indicating that no valid values can be obtained. |
ContainerNetSubStatus | String | Sub-status of the container "AGENT_OFFLINE" // The agent is offline. "NODE_DESTROYED" // The node is terminated. "CONTAINER_EXITED" // The container exited. "CONTAINER_DESTROYED" // The container was terminated. "SHARED_HOST" // The container shares the network with the server. "RESOURCE_LIMIT" // The number of resources to be isolated exceeds the limit. "UNKNOW" // The reason is unknown. Note: This field may return null, indicating that no valid values can be obtained. |
ContainerIsolateOperationSrc | String | Container isolation operation source Note: This field may return null, indicating that no valid values can be obtained. |
ContainerStatus | String | Container statusRUNNING : Running.PAUSED : Paused.STOPPED : Stopped.CREATED : Created.DESTROYED : Terminated.RESTARTING : Restarting.REMOVING : Removing. |
ClusterID | String | Cluster ID |
NodeType | String | Node type. Values: NORMAL (general node), SUPER (super node). |
PodName | String | Pod name |
PodIP | String | Pod IP |
NodeUniqueID | String | Cluster ID |
PublicIP | String | Node public IP |
NodeName | String | Node name |
NodeID | String | Node ID |
HostID | String | uuid |
HostIP | String | Private IP of the node |
ClusterName | String | Cluster name |
Trend of pending abnormal process events
Used by actions: DescribeAbnormalProcessEventTendency.
Name | Type | Description |
---|---|---|
Date | Date | Date |
ProxyToolEventCount | Integer | Number of pending proxy events |
TransferControlEventCount | Integer | Number of pending lateral movement events |
AttackCmdEventCount | Integer | Number of pending malicious command events |
ReverseShellEventCount | Integer | Number of pending reverse shell events |
FilelessEventCount | Integer | Number of pending fileless execution events |
RiskCmdEventCount | Integer | Number of pending high-risk command events |
AbnormalChildProcessEventCount | Integer | Number of pending events of unusual startups found in the child process of the sensitive service |
UserDefinedRuleEventCount | Integer | Number of pending custom rule events |
Runtime security - Abnormal process detection policy
Used by actions: AddEditAbnormalProcessRule, DescribeAbnormalProcessRuleDetail.
Name | Type | Required | Description |
---|---|---|---|
IsEnable | Boolean | Yes | Valid values: true (enabled); false (disabled). |
ImageIds | Array of String | Yes | IDs of associated images. An empty array indicates all images. |
ChildRules | Array of AbnormalProcessChildRuleInfo | Yes | Array of sub-policies of the user policy |
RuleName | String | Yes | Policy name |
RuleId | String | No | Policy ID Note: This field may return null, indicating that no valid values can be obtained. |
SystemChildRules | Array of AbnormalProcessSystemChildRuleInfo | No | Array of sub-policies of the preset policy |
IsDefault | Boolean | No | Whether it is the default preset policy |
Information of the sub-policy of the preset policy for abnormal processes
Used by actions: AddEditAbnormalProcessRule, DescribeAbnormalProcessRuleDetail.
Name | Type | Required | Description |
---|---|---|---|
RuleId | String | Yes | Sub-policy ID |
IsEnable | Boolean | Yes | Sub-policy status. Valid values: true (enabled); false (disabled). |
RuleMode | String | Yes | Policy mode. RULE_MODE_RELEASE : Allow.RULE_MODE_ALERT : Alert.RULE_MODE_HOLDUP : Block. |
RuleType | String | Yes | Behavior type detected by the sub-policyPROXY_TOOL : Proxy.TRANSFER_CONTROL : Lateral movement.ATTACK_CMD : Malicious command.REVERSE_SHELL : Reverse shell.FILELESS : Fileless execution.RISK_CMD : High-risk command.ABNORMAL_CHILD_PROC : Unusual start found in the child process of the sensitive service. |
RuleLevel | String | No | Severity. Valid values: HIGH (high); MIDDLE (medium); LOW (low).Note: This field may return null, indicating that no valid values can be obtained. |
Container runtime security - Information of the access control sub-policy
Used by actions: AddEditAccessControlRule, DescribeAccessControlDetail, DescribeAccessControlRuleDetail.
Name | Type | Required | Description |
---|---|---|---|
RuleMode | String | Yes | Policy mode. RULE_MODE_RELEASE : Allow.RULE_MODE_ALERT : Alert.RULE_MODE_HOLDUP : Block. |
ProcessPath | String | Yes | Process path |
TargetFilePath | String | Yes | Accessed file path, which is valid only for access control. |
RuleId | String | No | Sub-policy ID Note: This field may return null, indicating that no valid values can be obtained. |
Description of the container access control event at runtime
Used by actions: DescribeAccessControlDetail.
Name | Type | Description |
---|---|---|
Description | String | Event rule |
Solution | String | Solution |
Remark | String | Event remarks Note: This field may return null, indicating that no valid values can be obtained. |
MatchRule | AccessControlChildRuleInfo | Details of the hit rule |
RuleName | String | Name of the hit rule |
RuleId | String | ID of the hit rule |
OperationTime | String | Last processing time of the event Note: This field may return null, indicating that no valid values can be obtained. |
Container runtime security - Information of the access control event
Used by actions: DescribeAccessControlEvents.
Name | Type | Description |
---|---|---|
ProcessName | String | Process name |
MatchRuleName | String | Name of the hit rule |
FoundTime | Timestamp | Generation time |
ContainerName | String | Container name |
ImageName | String | Image name |
Behavior | String | Action execution result. BEHAVIOR_NONE : None.BEHAVIOR_ALERT : Alert.BEHAVIOR_RELEASE : Allow.BEHAVIOR_HOLDUP_FAILED : Failed to block.BEHAVIOR_HOLDUP_SUCCESSED : Blocked. |
Status | String | Status. 0 : Pending. EVENT_UNDEAL : Pending.EVENT_DEALED : Processed.EVENT_INGNORE : Ignored. |
Id | String | Unique event ID |
FileName | String | Filename |
EventType | String | Event type. FILE_ABNORMAL_READ : Abnormal file read. |
ImageId | String | Image ID, which is used for redirect. |
ContainerId | String | Container ID, which is used for redirect. |
Solution | String | Event solution |
Description | String | Event description |
MatchRuleId | String | Hit policy ID |
MatchAction | String | Action of the hit rule:RULE_MODE_RELEASE : Allow.RULE_MODE_ALERT : Alert.RULE_MODE_HOLDUP : Block. |
MatchProcessPath | String | Information of the process that hits the rule |
MatchFilePath | String | Information of the file that hits the rule |
FilePath | String | File path containing the name |
RuleExist | Boolean | Whether the rule exists |
EventCount | Integer | Number of events |
LatestFoundTime | String | Last generation time |
RuleId | String | Rule group ID |
ContainerNetStatus | String | Network statusNORMAL : Not isolated.ISOLATED : Isolated.ISOLATING : Isolating.ISOLATE_FAILED : Isolation failed.RESTORING : Recovering.RESTORE_FAILED : Recovery failed. |
ContainerNetSubStatus | String | Sub-status of the container "AGENT_OFFLINE" // The agent is offline. "NODE_DESTROYED" // The node is terminated. "CONTAINER_EXITED" // The container exited. "CONTAINER_DESTROYED" // The container was terminated. "SHARED_HOST" // The container shares the network with the server. "RESOURCE_LIMIT" // The number of resources to be isolated exceeds the limit. "UNKNOW" // The reason is unknown. |
ContainerIsolateOperationSrc | String | Container isolation operation source |
ContainerStatus | String | Container statusRUNNING : Running.PAUSED : Paused.STOPPED : Stopped.CREATED : Created.DESTROYED : Terminated.RESTARTING : Restarting.REMOVING : Removing. |
NodeName | String | Node name: For super nodes, the node_id is displayed. |
PodName | String | Pod name |
PodIP | String | Pod IP |
NodeType | String | Node type. Values: NORMAL (general node), SUPER (super node). |
ClusterID | String | Cluster ID |
NodeUniqueID | String | Node unique ID. It's used for super nodes. |
PublicIP | String | Node public IP |
NodeID | String | Node ID |
HostID | String | uuid |
HostIP | String | Private IP of the node |
ClusterName | String | Cluster name |
Container runtime - Access control policy information
Used by actions: AddEditAccessControlRule, DescribeAccessControlRuleDetail.
Name | Type | Required | Description |
---|---|---|---|
IsEnable | Boolean | Yes | Switch. Valid values: true (on); false (off). |
ImageIds | Array of String | Yes | IDs of associated images. An empty array indicates all images. |
ChildRules | Array of AccessControlChildRuleInfo | Yes | Array of sub-policies of the user policy |
RuleName | String | Yes | Policy name |
RuleId | String | No | Policy ID Note: This field may return null, indicating that no valid values can be obtained. |
SystemChildRules | Array of AccessControlSystemChildRuleInfo | No | Array of sub-policies of the preset policy |
IsDefault | Boolean | No | Whether it is the default preset policy |
Container runtime security - Information of the sub-policy of the preset access control policy
Used by actions: AddEditAccessControlRule, DescribeAccessControlRuleDetail.
Name | Type | Required | Description |
---|---|---|---|
RuleId | String | Yes | Sub-policy ID |
RuleMode | String | Yes | Policy mode. RULE_MODE_RELEASE : Allow.RULE_MODE_ALERT : Alert.RULE_MODE_HOLDUP : Block. |
IsEnable | Boolean | Yes | Sub-policy status. Valid values: true (enabled); false (disabled). |
RuleType | String | Yes | Intrusion behavior type detected by the sub-policyCHANGE_CRONTAB : Tampering with the scheduled task.CHANGE_SYS_BIN : Tampering with the system program.CHANGE_USRCFG : Tampering with user configuration. |
Structure of the affected node type
Used by actions: DescribeAffectedNodeList.
Name | Type | Required | Description |
---|---|---|---|
ClusterId | String | Yes | Cluster ID |
ClusterName | String | Yes | Cluster name |
InstanceId | String | Yes | Instance ID |
PrivateIpAddresses | String | Yes | Private IP |
InstanceRole | String | Yes | Node role, such as Master and Work . |
ClusterVersion | String | Yes | K8s version |
ContainerRuntime | String | Yes | Runtime component. Valid values: docker , containerd . |
Region | String | Yes | Region |
VerifyInfo | String | Yes | Verification information of the check result |
NodeName | String | Yes | Node name |
Affected workload item in the cluster security check
Used by actions: DescribeAffectedWorkloadList.
Name | Type | Required | Description |
---|---|---|---|
ClusterId | String | Yes | Cluster ID |
ClusterName | String | Yes | Cluster name |
WorkloadName | String | Yes | Workload name |
WorkloadType | String | Yes | Workload type |
Region | String | Yes | Region |
VerifyInfo | String | Yes | Verification information of the check result |
List of clusters
Used by actions: DescribeAssetClusterList.
Name | Type | Description |
---|---|---|
ClusterID | String | Cluster ID |
ClusterName | String | Cluster name |
Status | String | Cluster statusCSR_RUNNING : RunningCSR_EXCEPTION : AbnormalCSR_DEL : Deleted |
BindRuleName | String | Bound rule name |
ClusterType | String | Cluster type:CT_TKE : TKE clusterCT_USER_CREATE : External clusterCT_TKE_SERVERLESS : TKE Serverless cluster |
ClusterVersion | String | Cluster version |
MemLimit | Integer | MEM usage |
CpuLimit | Integer | cpu |
TCSS
Key-value pair filter for conditional filtering queries, such as filter ID, name, and status
If more than one filter exists, the logical relationship between these filters is AND
.
If multiple values exist in one filter, the logical relationship between these values is OR
.
Used by actions: AddEditImageAutoAuthorizedRule, CreateAssetImageRegistryScanTask, CreateAssetImageScanTask, CreateAssetImageVirusExportJob, CreateComponentExportJob, CreateHostExportJob, CreateProcessEventsExportJob, CreateVulExportJob, DescribeAssetAppServiceList, DescribeAssetComponentList, DescribeAssetContainerList, DescribeAssetDBServiceList, DescribeAssetHostList, DescribeAssetImageHostList, DescribeAssetImageList, DescribeAssetImageListExport, DescribeAssetImageRegistryList, DescribeAssetImageRegistryListExport, DescribeAssetImageRegistryRegistryList, DescribeAssetImageRegistryRiskInfoList, DescribeAssetImageRegistryRiskListExport, DescribeAssetImageRegistrySummary, DescribeAssetImageRegistryVirusList, DescribeAssetImageRegistryVirusListExport, DescribeAssetImageRegistryVulList, DescribeAssetImageRegistryVulListExport, DescribeAssetImageRiskList, DescribeAssetImageRiskListExport, DescribeAssetImageSimpleList, DescribeAssetImageVirusList, DescribeAssetImageVirusListExport, DescribeAssetImageVulList, DescribeAssetImageVulListExport, DescribeAssetPortList, DescribeAssetProcessList, DescribeAssetWebServiceList, DescribeImageAutoAuthorizedLogList, DescribeImageAutoAuthorizedTaskList, DescribeImageComponentList, DescribeImageRegistryNamespaceList, DescribeVulRegistryImageList, ModifyAssetImageRegistryScanStop, ModifyAssetImageScanStop, ModifyImageAuthorized.
Name | Type | Required | Description |
---|---|---|---|
Name | String | Yes | Filter name |
Values | Array of String | Yes | One or more filter values |
ExactMatch | Boolean | No | Whether to use fuzzy query |
Brief information of the image
Used by actions: DescribeAssetImageSimpleList.
Name | Type | Description |
---|---|---|
ImageID | String | Image ID |
ImageName | String | Image name |
ContainerCnt | Integer | Number of associated containers |
ScanTime | String | Last scan time |
Size | Integer | Image size |
Result of the automatic image licensing
Used by actions: DescribeImageAutoAuthorizedLogList.
Name | Type | Description |
---|---|---|
ImageId | String | Image ID |
ImageName | String | Image name |
AuthorizedTime | String | Licensing time |
Status | String | Licensing result. Valid values: SUCCESS (success); REACH_LIMIT (reaching the upper limit on licenses); LICENSE_INSUFFICIENT (insufficient licenses). |
IsAuthorized | Integer | Whether it is licensed. Valid values: 1 (yes); 0 (no). |
List of servers licensed based on the automatic image licensing rule
Used by actions: DescribeAutoAuthorizedRuleHost.
Name | Type | Description |
---|---|---|
HostID | String | Server ID |
HostIP | String | Server IP, which is the private IP |
HostName | String | Server name |
ImageCnt | Integer | Number of images |
ContainerCnt | Integer | Number of containers |
PublicIp | String | Public IP |
InstanceID | String | Server instance ID |
MachineType | String | Server source. Valid values: CVM , ECM , LH , BM , Other . The first four values indicate Tencent Cloud instances, while the last one indicates non-Tencent Cloud instances. |
DockerVersion | String | Docker version |
Status | String | Agent status |
Optional information of the security log Kafka
Used by actions: DescribeSecLogDeliveryKafkaOptions.
Name | Type | Required | Description |
---|---|---|---|
InstanceID | String | No | Instance ID Note: This field may return null, indicating that no valid values can be obtained. |
InstanceName | String | No | Instance name Note: This field may return null, indicating that no valid values can be obtained. |
TopicList | Array of CKafkaTopicInfo | No | Topic list Note: This field may return null, indicating that no valid values can be obtained. |
RouteList | Array of CkafkaRouteInfo | No | Route list Note: This field may return null, indicating that no valid values can be obtained. |
KafkaVersion | String | No | Kafka version number Note: This field may return null, indicating that no valid values can be obtained. |
CKafka topic information
Used by actions: DescribeSecLogDeliveryKafkaOptions.
Name | Type | Required | Description |
---|---|---|---|
TopicID | String | Yes | Topic ID |
TopicName | String | Yes | Topic name |
CKafka route details
Used by actions: DescribeSecLogDeliveryKafkaOptions.
Name | Type | Required | Description |
---|---|---|---|
RouteID | Integer | No | Route ID Note: This field may return null, indicating that no valid values can be obtained. |
Domain | String | No | Domain name Note: This field may return null, indicating that no valid values can be obtained. |
DomainPort | Integer | No | Domain port Note: This field may return null, indicating that no valid values can be obtained. |
Vip | String | No | VIP Note: This field may return null, indicating that no valid values can be obtained. |
VipType | Integer | No | VIP type Note: This field may return null, indicating that no valid values can be obtained. |
AccessType | Integer | No | Access type // 0 : PLAINTEXT (plaintext method, which does not carry user information and is supported for legacy versions and Community Edition)// 1 : SASL_PLAINTEXT (plaintext method, which authenticates the login through SASL before data start and is supported only for Community Edition)// 2 : SSL (SSL-encrypted communication, which does not carry user information and is supported for legacy versions and Community Edition)// 3 : SASL_SSL (SSL-encrypted communication, which authenticates the login through SASL before data start and is supported only for Community Edition)Note: This field may return null, indicating that no valid values can be obtained. |
CLS logset information
Used by actions: DescribeSecLogDeliveryClsOptions.
Name | Type | Required | Description |
---|---|---|---|
LogsetID | String | Yes | Logset ID |
LogsetName | String | No | Logset name Note: This field may return null, indicating that no valid values can be obtained. |
TopicList | Array of ClsTopicInfo | No | List of CLS topics Note: This field may return null, indicating that no valid values can be obtained. |
CLS topic information
Used by actions: DescribeSecLogDeliveryClsOptions.
Name | Type | Required | Description |
---|---|---|---|
TopicID | String | No | Topic ID |
TopicName | String | No | Topic name |
Details of a cluster security check item
Used by actions: DescribeCheckItemList, DescribeRiskList.
Name | Type | Description |
---|---|---|
CheckItemId | Integer | Unique ID of the check item Note: This field may return null, indicating that no valid values can be obtained. |
Name | String | Name of the risk item |
ItemDetail | String | Detailed description of the check item Note: This field may return null, indicating that no valid values can be obtained. |
RiskLevel | String | Severity. Valid values: Serious (critical); High (high); Middle (medium); Hint (prompt).Note: This field may return null, indicating that no valid values can be obtained. |
RiskTarget | String | Check target and risky target. Valid values: Runc , Kubelet , Containerd , Pods .Note: This field may return null, indicating that no valid values can be obtained. |
RiskType | String | Risk type. Valid values: CVERisk (vulnerability risk); ConfigRisk (configuration risk).Note: This field may return null, indicating that no valid values can be obtained. |
RiskAttribute | String | Risk type of the check item. Valid values: PrivilegePromotion (privilege escalation); RefuseService (service rejected); DirectoryEscape (directory traversal); UnauthorizedAccess (unauthorized access); PrivilegeAndAccessControl (permissions, privileges, and access controls); SensitiveInfoLeak (sensitive data leakage).Note: This field may return null, indicating that no valid values can be obtained. |
RiskProperty | String | Risk characteristic and tag. Valid values: ExistEXP (an EXP exists); ExistPOC (a POC exists); NoNeedReboot (restart not required); ServerRestart (service restart); RemoteInfoLeak (remote information leakage); RemoteRefuseService (remote denial of service); RemoteExploit (remote exploit); RemoteExecute (remote execution).Note: This field may return null, indicating that no valid values can be obtained. |
CVENumber | String | CVE No. Note: This field may return null, indicating that no valid values can be obtained. |
DiscoverTime | String | Disclosure time Note: This field may return null, indicating that no valid values can be obtained. |
Solution | String | Solution Note: This field may return null, indicating that no valid values can be obtained. |
CVSS | String | CVSS information, which is used for drawing. Note: This field may return null, indicating that no valid values can be obtained. |
CVSSScore | String | CVSS score Note: This field may return null, indicating that no valid values can be obtained. |
RelateLink | String | Reference link Note: This field may return null, indicating that no valid values can be obtained. |
AffectedType | String | Affected type. Valid values: Node , Workload .Note: This field may return null, indicating that no valid values can be obtained. |
AffectedVersion | String | Affected version information Note: This field may return null, indicating that no valid values can be obtained. |
IgnoredAssetNum | Integer | Number of ignored assets Note: This field may return null, indicating that no valid values can be obtained. |
IsIgnored | Boolean | Whether to ignore the check item Note: This field may return null, indicating that no valid values can be obtained. |
RiskAssessment | String | Impact assessment Note: This field may return null, indicating that no valid values can be obtained. |
Input parameters for a cluster check task
Used by actions: CreateClusterCheckTask.
Name | Type | Required | Description |
---|---|---|---|
ClusterId | String | Yes | ID of the specified cluster to be scanned |
ClusterRegion | String | Yes | Cluster region |
NodeIp | String | No | IP of the specified node to be scanned |
WorkloadName | String | No | Name of the specified workload to be scanned |
Input parameters for CreateCheckComponent
, which are used to batch install defenders.
Used by actions: CreateCheckComponent.
Name | Type | Required | Description |
---|---|---|---|
ClusterId | String | Yes | ID of the cluster for which to install the component |
ClusterRegion | String | Yes | Cluster region |
Custom parameters of the cluster
Used by actions: DescribeAgentDaemonSetCmd.
Name | Type | Required | Description |
---|---|---|---|
Name | String | Yes | Parameter name |
Values | Array of String | Yes | Parameter value |
Response parameters structure of the cluster asset
Used by actions: DescribeUserCluster.
Name | Type | Description |
---|---|---|
ClusterId | String | Cluster ID |
ClusterName | String | Cluster name |
ClusterVersion | String | Cluster version |
ClusterOs | String | Cluster OS |
ClusterType | String | Cluster type |
ClusterNodeNum | Integer | Number of nodes in the cluster |
Region | String | Cluster region |
DefenderStatus | String | Status of the monitoring component. Valid values: Defender_Uninstall , Defender_Normal , Defender_Error , Defender_Installing . |
ClusterStatus | String | Cluster status |
ClusterCheckMode | String | Cluster check mode. Valid values: Cluster_Normal , Cluster_Actived . |
ClusterAutoCheck | Boolean | Whether automatic and regular check is enabled |
DefenderErrorReason | String | Cause of the failure to deploy the defender. When it is UserDaemonSetNotReady , UnreadyNodeNum is changed to "The defenders on N nodes are ready". If it is another value, the error message is directly displayed. |
UnreadyNodeNum | Integer | Number of nodes where the defender is not ready |
SeriousRiskCount | Integer | Number of critical check items |
HighRiskCount | Integer | Number of high-risk check items |
MiddleRiskCount | Integer | Number of medium-risk check items |
HintRiskCount | Integer | Number of prompt-risk check items |
CheckFailReason | String | Check failure cause |
CheckStatus | String | Check status. Valid values: Task_Running , NoRisk , HasRisk , Uncheck , Task_Error . |
TaskCreateTime | String | Task creation time and check time |
A risk item is a check item with an issue found in the check, with certain information of the check result.
Used by actions: DescribeRiskList.
Name | Type | Description |
---|---|---|
CheckItem | ClusterCheckItem | Check item information |
VerifyInfo | String | Verification information |
ErrorMessage | String | Event description and check error message |
AffectedClusterCount | Integer | Number of affected clusters |
AffectedNodeCount | Integer | Number of affected nodes |
Information of the asset affected by the check item
Used by actions: DescribeCompliancePolicyItemAffectedAssetList.
Name | Type | Description |
---|---|---|
CustomerAssetId | Integer | Unique ID of the customer asset |
AssetName | String | Asset name |
AssetType | String | Asset type |
CheckStatus | String | Check statusCHECK_INIT : To be checked.CHECK_RUNNING : Checking.CHECK_FINISHED : Checked.CHECK_FAILED : Check failed. |
NodeName | String | Node name |
LastCheckTime | String | Last check time in the format of "YYYY-MM-DD HH:m::SS" It is "0000-00-00 00:00:00" if no check has been performed. |
CheckResult | String | Check result. Valid values:RESULT_FAILED : Failed.RESULT_PASSED : Passed. |
HostIP | String | Server IP Note: This field may return null, indicating that no valid values can be obtained. |
ImageTag | String | Image tag Note: This field may return null, indicating that no valid values can be obtained. |
VerifyInfo | String | Verification information of the check item Note: This field may return null, indicating that no valid values can be obtained. |
InstanceId | String | Instance ID Note: This field may return null , indicating that no valid values can be obtained. |
Asset details
Used by actions: DescribeComplianceAssetDetailInfo.
Name | Type | Description |
---|---|---|
CustomerAssetId | Integer | Customer asset ID |
AssetType | String | Asset type |
AssetName | String | Asset name |
NodeName | String | Node name of the asset |
HostName | String | Server name of the asset |
HostIP | String | Server IP of the asset |
CheckStatus | String | Check statusCHECK_INIT : To be checked.CHECK_RUNNING : Checking.CHECK_FINISHED : Checked.CHECK_FAILED : Check failed. |
PassedPolicyItemCount | Integer | Number of check items that the asset passed |
FailedPolicyItemCount | Integer | Number of check items that the asset failed |
LastCheckTime | Timestamp | Last check time Note: This field may return null, indicating that no valid values can be obtained. |
CheckResult | String | Check result. Valid values:RESULT_FAILED : Failed.RESULT_PASSED : Passed.Note: This field may return null, indicating that no valid values can be obtained. |
AssetStatus | String | Asset status |
AssetCreateTime | Timestamp | Asset creation timeASSET_NORMAL : Running.ASSET_PAUSED : Suspended.ASSET_STOPPED : Stopped.ASSET_ABNORMAL : Abnormal. |
Asset information
Used by actions: DescribeComplianceAssetList.
Name | Type | Description |
---|---|---|
CustomerAssetId | Integer | Customer asset ID |
AssetType | String | Asset type |
AssetName | String | Asset name |
ImageTag | String | This field is the image tag when the asset is an image. Note: This field may return null, indicating that no valid values can be obtained. |
HostIP | String | Server IP of the asset |
NodeName | String | Node name of the asset |
CheckStatus | String | Check statusCHECK_INIT : To be checked.CHECK_RUNNING : Checking.CHECK_FINISHED : Checked.CHECK_FAILED : Check failed. |
PassedPolicyItemCount | Integer | Number of check items that the asset passed Note: This field may return null, indicating that no valid values can be obtained. |
FailedPolicyItemCount | Integer | Number of check items that the asset failed Note: This field may return null, indicating that no valid values can be obtained. |
LastCheckTime | Timestamp | Last check time Note: This field may return null, indicating that no valid values can be obtained. |
CheckResult | String | Check result. Valid values:RESULT_FAILED : Failed.RESULT_PASSED : Passed.Note: This field may return null, indicating that no valid values can be obtained. |
InstanceId | String | Node instance ID Note: This field may return null , indicating that no valid values can be obtained. |
Information of a check item
Used by actions: DescribeComplianceAssetPolicyItemList.
Name | Type | Description |
---|---|---|
CustomerPolicyItemId | Integer | Unique ID of the customer check item |
BasePolicyItemId | Integer | Original ID of the check item |
Name | String | Check item name |
Category | String | Category of the check item |
BenchmarkStandardId | Integer | Compliance standard ID |
BenchmarkStandardName | String | Compliance standard name |
RiskLevel | String | Severity |
CheckStatus | String | Check statusCHECK_INIT : To be checked.CHECK_RUNNING : Checking.CHECK_FINISHED : Checked.CHECK_FAILED : Check failed. |
CheckResult | String | Check resultRESULT_PASSED : Passed.RESULT_FAILED : Failed.Note: This field may return null, indicating that no valid values can be obtained. |
WhitelistId | Integer | Allowed item ID of the check item. If it exists and is not 0 , the check item is ignored.Note: This field may return null, indicating that no valid values can be obtained. |
FixSuggestion | String | Handling suggestion |
LastCheckTime | String | Last check time Note: This field may return null, indicating that no valid values can be obtained. |
VerifyInfo | String | Verification information Note: This field may return null, indicating that no valid values can be obtained. |
List of asset IDs and check item IDs
Used by actions: AddComplianceAssetPolicySetToWhitelist.
Name | Type | Required | Description |
---|---|---|---|
CustomerAssetItemId | Integer | Yes | Asset ID |
CustomerPolicyItemIdSet | Array of Integer | No | List of IDs of check items to be ignored in the specified asset. If it is empty, it indicates all. |
Asset overview
Used by actions: DescribeComplianceTaskAssetSummary.
Name | Type | Description |
---|---|---|
AssetType | String | Asset type |
IsCustomerFirstCheck | Boolean | Whether it is the first check. This parameter is used together with CheckStatus . |
CheckStatus | String | Check statusCHECK_UNINIT : Feature not enabled.CHECK_INIT : To be checked.CHECK_RUNNING : Checking.CHECK_FINISHED : Checked.CHECK_FAILED : Check failed. |
CheckProgress | Float | Check progress. Value range: 0-100. This field is valid only if the check is running. Note: This field may return null, indicating that no valid values can be obtained. |
PassedPolicyItemCount | Integer | Number of check items that the asset passed |
FailedPolicyItemCount | Integer | Number of check items that the asset failed |
FailedCriticalPolicyItemCount | Integer | Number of critical check items that the asset failed |
FailedHighRiskPolicyItemCount | Integer | Number of high-risk check items that the asset failed |
FailedMediumRiskPolicyItemCount | Integer | Number of medium-risk check items that the asset failed |
FailedLowRiskPolicyItemCount | Integer | Number of low-risk check items that the asset failed |
NoticePolicyItemCount | Integer | Number of prompt check items of the asset |
PassedAssetCount | Integer | Number of assets that passed the check |
FailedAssetCount | Integer | Number of assets that failed the check |
AssetPassedRate | Float | Asset compliance rate. Value range: 0-100. |
ScanFailedAssetCount | Integer | Number of assets that failed the check |
CheckCostTime | Float | Last check duration in seconds Note: This field may return null, indicating that no valid values can be obtained. |
LastCheckTime | Timestamp | Last check time Note: This field may return null, indicating that no valid values can be obtained. |
PeriodRule | CompliancePeriodTaskRule | Scheduled check rule |
OpenPolicyItemCount | Integer | Total number of enabled check items Note: This field may return null, indicating that no valid values can be obtained. |
IgnoredPolicyItemCount | Integer | Total number of ignored check items Note: This field may return null, indicating that no valid values can be obtained. |
Information of a compliance standard
Used by actions: DescribeCompliancePeriodTaskList.
Name | Type | Description |
---|---|---|
StandardId | Integer | Compliance standard ID |
Name | String | Compliance standard name |
PolicyItemCount | Integer | Number of items contained in the compliance standard |
Enabled | Boolean | Whether to enable the standard |
Description | String | Description of the standard |
Whether to enable the compliance standard
Used by actions: ModifyCompliancePeriodTask.
Name | Type | Required | Description |
---|---|---|---|
StandardId | Integer | Yes | Compliance standard ID |
Enable | Boolean | Yes | Whether to enable the compliance standard |
Container asset details
Used by actions: DescribeComplianceAssetDetailInfo.
Name | Type | Description |
---|---|---|
ContainerId | String | Container ID on the server |
PodName | String | Pod name of the container Note: This field may return null, indicating that no valid values can be obtained. |
Key-value pair filter for conditional filtering queries, such as filter ID, name, and status. If more than one filter exists, the logical relationship between these filters is AND
. If multiple values exist in one filter, the logical relationship between these values is OR
.
Used by actions: DescribeAffectedNodeList, DescribeAffectedWorkloadList, DescribeCheckItemList, DescribeComplianceAssetList, DescribeComplianceAssetPolicyItemList, DescribeCompliancePolicyItemAffectedAssetList, DescribeComplianceScanFailedAssetList, DescribeComplianceTaskPolicyItemSummaryList, DescribeComplianceWhitelistItemList, DescribeNetworkFirewallAuditRecord, DescribeNetworkFirewallClusterList, DescribeNetworkFirewallNamespaceLabelList, DescribeNetworkFirewallPodLabelsList, DescribeNetworkFirewallPolicyList, DescribeRiskList, DescribeUserCluster.
Name | Type | Required | Description |
---|---|---|---|
Name | String | Yes | Filter name |
Values | Array of String | Yes | One or more filter values |
ExactMatch | Boolean | No | Whether to use fuzzy query. Default value: true . |
Server asset details
Used by actions: DescribeComplianceAssetDetailInfo.
Name | Type | Description |
---|---|---|
DockerVersion | String | Docker version on the server Note: This field may return null, indicating that no valid values can be obtained. |
K8SVersion | String | K8s version on the server Note: This field may return null, indicating that no valid values can be obtained. |
Image asset details
Used by actions: DescribeComplianceAssetDetailInfo.
Name | Type | Description |
---|---|---|
ImageId | String | Image ID on the server |
ImageName | String | Image name |
ImageTag | String | Image tag |
Repository | String | Path of the remote repository of the image Note: This field may return null, indicating that no valid values can be obtained. |
K8s asset details
Used by actions: DescribeComplianceAssetDetailInfo.
Name | Type | Description |
---|---|---|
ClusterName | String | K8s cluster name Note: This field may return null, indicating that no valid values can be obtained. |
ClusterVersion | String | K8s cluster version Note: This field may return null, indicating that no valid values can be obtained. |
Information of a scheduled task of the compliance baseline check
Used by actions: DescribeCompliancePeriodTaskList.
Name | Type | Description |
---|---|---|
PeriodTaskId | Integer | Scheduled task ID |
AssetType | String | Asset typeASSET_CONTAINER : Container.ASSET_IMAGE : Image.ASSET_HOST : Server.ASSET_K8S : K8s asset. |
LastTriggerTime | Timestamp | Last trigger time Note: This field may return null, indicating that no valid values can be obtained. |
TotalPolicyItemCount | Integer | Total number of check items |
PeriodRule | CompliancePeriodTaskRule | Cycle settings |
BenchmarkStandardSet | Array of ComplianceBenchmarkStandard | List of compliance standards |
Cycle of a scheduled task
Used by actions: DescribeCompliancePeriodTaskList, DescribeComplianceTaskAssetSummary, ModifyCompliancePeriodTask.
Name | Type | Required | Description |
---|---|---|---|
Frequency | Integer | Yes | Execution frequency (days). Valid values: 1 , 3 , 7 . |
ExecutionTime | String | Yes | Execution time in the format of "HH:mm:SS" |
Enable | Boolean | No | Whether to enable Note: This field may return null, indicating that no valid values can be obtained. |
List of check item IDs and asset IDs
Used by actions: DeleteCompliancePolicyAssetSetFromWhitelist.
Name | Type | Required | Description |
---|---|---|---|
CustomerPolicyItemId | Integer | Yes | Check item ID |
CustomerAssetItemIdSet | Array of Integer | No | List of IDs of assets to be ignored in the specified check item. If it is empty, it indicates all. |
Aggregated information of a check item
Used by actions: DescribeCompliancePolicyItemAffectedSummary, DescribeComplianceTaskPolicyItemSummaryList.
Name | Type | Description |
---|---|---|
CustomerPolicyItemId | Integer | Unique ID of the customer check item |
BasePolicyItemId | Integer | Original ID of the check item |
Name | String | Check item name |
Category | String | Category of the check item, which is an enumerated string. |
BenchmarkStandardName | String | Compliance standard |
RiskLevel | String | Severity. Valid values: RISK_CRITICAL , RISK_HIGH , RISK_MEDIUM , RISK_LOW , RISK_NOTICE . |
AssetType | String | Asset type of the check item |
LastCheckTime | Timestamp | Last check time Note: This field may return null, indicating that no valid values can be obtained. |
CheckStatus | String | Check statusCHECK_INIT : To be checked.CHECK_RUNNING : Checking.CHECK_FINISHED : Checked.CHECK_FAILED : Check failed. |
CheckResult | String | Check result. Valid values: RESULT_PASSED : Passed.RESULT_FAILED : Failed.Note: This field may return null, indicating that no valid values can be obtained. |
PassedAssetCount | Integer | Number of assets that passed the check Note: This field may return null, indicating that no valid values can be obtained. |
FailedAssetCount | Integer | Number of assets that failed the check Note: This field may return null, indicating that no valid values can be obtained. |
WhitelistId | Integer | Allowed item ID of the check item. If it exists and is not 0 , the check item is ignored.Note: This field may return null, indicating that no valid values can be obtained. |
FixSuggestion | String | Handling suggestion |
BenchmarkStandardId | Integer | Compliance standard ID |
ApplicableVersion | String | TCSS editions that support this check item Note: This field may return null , indicating that no valid value was found. |
Information of the asset that failed the check
Used by actions: DescribeComplianceScanFailedAssetList.
Name | Type | Description |
---|---|---|
CustomerAssetId | Integer | Customer asset ID |
AssetType | String | Asset type |
CheckStatus | String | Check statusCHECK_INIT : To be checked.CHECK_RUNNING : Checking.CHECK_FINISHED : Checked.CHECK_FAILED : Check failed. |
AssetName | String | Asset name |
FailureReason | String | Cause of the asset check failure |
Suggestion | String | Suggestion for handling the check failure |
CheckTime | Timestamp | Check time |
Allowed item
Used by actions: DescribeComplianceWhitelistItemList.
Name | Type | Description |
---|---|---|
WhitelistItemId | Integer | Allowed item ID |
CustomerPolicyItemId | Integer | ID of the customer check item |
Name | String | Check item name |
StandardName | String | Compliance standard name |
StandardId | Integer | Compliance standard ID |
AffectedAssetCount | Integer | Number of assets affected by the check item |
LastUpdateTime | Timestamp | Last update time |
InsertTime | Timestamp | Allowed time |
Container component information
Used by actions: DescribeAssetComponentList.
Name | Type | Description |
---|---|---|
Name | String | Name |
Version | String | Version |
Component information
Used by actions: DescribeAssetImageRegistryVulList.
Name | Type | Description |
---|---|---|
Version | String | Component version information Note: This field may return null, indicating that no valid values can be obtained. |
FixedVersion | String | Fixed version Note: This field may return· null , indicating that no valid values can be obtained. |
Path | String | Path Note: This field may return· null , indicating that no valid values can be obtained. |
Type | String | Type Note: This field may return· null , indicating that no valid values can be obtained. |
Name | String | Add-on name Note: This field may return null, indicating that no valid values can be obtained. |
List of containers
Used by actions: DescribeAssetContainerList.
Name | Type | Description |
---|---|---|
ContainerID | String | Container ID |
ContainerName | String | Container name |
Status | String | Container status |
CreateTime | String | Creation time |
RunAs | String | Operator |
Cmd | String | Command line |
CPUUsage | Integer | CPU utilization * 1000 |
RamUsage | Integer | Memory usage in KB |
ImageName | String | Image name |
ImageID | String | Image ID |
POD | String | Image ID |
HostID | String | Server ID |
HostIP | String | Server IP |
UpdateTime | String | Update time |
HostName | String | Server name |
PublicIp | String | Public IP |
NetStatus | String | Network statusNORMAL : Not isolated.ISOLATED : Isolated.ISOLATING : Isolating.ISOLATE_FAILED : Isolation failed.RESTORING : Recovering.RESTORE_FAILED : Recovery failed. |
NetSubStatus | String | Sub-status of the network |
IsolateSource | String | Isolation source Note: This field may return null, indicating that no valid values can be obtained. |
IsolateTime | String | Isolation time Note: This field may return null, indicating that no valid values can be obtained. |
NodeID | String | Super node ID |
PodIP | String | Pod IP |
PodName | String | Pod name |
NodeType | String | Node type. Valid values: NORMAL (general node), SUPER (super node) |
NodeUniqueID | String | UID of the super node |
PodCpu | Integer | Number of CPU cores used by the pod |
PodMem | Integer | Memory specification of the Pod |
ClusterName | String | |
ClusterID | String | |
PodUid | String |
Container mount information
Used by actions: DescribeAssetContainerDetail.
Name | Type | Description |
---|---|---|
Type | String | Mount type: bind . |
Source | String | Host path |
Destination | String | Path in the container |
Mode | String | Mode |
RW | Boolean | Read/Write permission |
Propagation | String | Propagation type |
Name | String | Name |
Driver | String | Driver |
Container network information
Used by actions: DescribeAssetContainerDetail.
Name | Type | Description |
---|---|---|
EndpointID | String | Endpoint ID |
Mode | String | Mode: bridge . |
Name | String | Network name |
NetworkID | String | Network ID |
Gateway | String | Gateway |
Ipv4 | String | IPv4 address |
Ipv6 | String | IPv6 address |
MAC | String | MAC address |
List of emergency vulnerabilities
Used by actions: DescribeEmergencyVulList.
Name | Type | Description |
---|---|---|
Name | String | Vulnerability name |
Tags | Array of String | Vulnerability tag Note: This field may return null, indicating that no valid values can be obtained. |
CVSSV3Score | Float | CVSS V3 score Note: This field may return null, indicating that no valid values can be obtained. |
Level | String | Risk level Note: This field may return null, indicating that no valid values can be obtained. |
CVEID | String | CVE No. |
Category | String | Vulnerability type Note: This field may return null, indicating that no valid values can be obtained. |
SubmitTime | String | Vulnerability disclosure time Note: This field may return null, indicating that no valid values can be obtained. |
LatestFoundTime | String | Last discovery time Note: This field may return null, indicating that no valid values can be obtained. |
Status | String | Emergency vulnerability risk information. Valid values: NOT_SCAN (not scanned); SCANNING (scanning); SCANNED_NOT_RISK (scanned and at no risk); SCANNED_RISK (scanned and at risk). |
ID | Integer | Vulnerability ID |
PocID | String | POC ID |
DefenceStatus | String | Defense status. Valid values: NO_DEFENDED , DEFENDED .Note: This field may return null, indicating that no valid values can be obtained. |
DefenceScope | String | Scope of servers with exploit prevention enabled. Valid values: MANUAL (specified servers); ALL (all servers).Note: This field may return null, indicating that no valid values can be obtained. |
DefenceHostCount | Integer | Number of servers with exploit prevention enabled Note: This field may return null, indicating that no valid values can be obtained. |
DefendedCount | Integer | Number of attacks defended against Note: This field may return null, indicating that no valid values can be obtained. |
Description of the container escape event at runtime
Used by actions: DescribeEscapeEventDetail.
Name | Type | Description |
---|---|---|
Description | String | Event rule |
Solution | String | Solution |
Remark | String | Event remarks Note: This field may return null, indicating that no valid values can be obtained. |
OperationTime | String | Last processing time of the event Note: This field may return null, indicating that no valid values can be obtained. |
List of container escape events
Used by actions: DescribeEscapeEventInfo.
Name | Type | Description |
---|---|---|
EventType | String | Event type.ESCAPE_CGROUPS : Cgroup escape.ESCAPE_TAMPER_SENSITIVE_FILE : File tamper escape.ESCAPE_DOCKER_API : Docker API access escape.ESCAPE_VUL_OCCURRED : Vulnerability exploit.MOUNT_SENSITIVE_PTAH : Sensitive path mount.PRIVILEGE_CONTAINER_START : Privileged container.PRIVILEGE : Program privilege escalation escape. |
ContainerName | String | Container name |
ImageName | String | Image name |
Status | String | Status. Valid values: EVENT_UNDEAL (pending); EVENT_DEALED (processed); EVENT_INGNORE (ignored). |
EventId | String | Unique event ID |
NodeName | String | Node name |
PodName | String | Pod (instance) name |
FoundTime | Timestamp | Generation time |
EventName | String | Event name Host file access escape Syscall escape Mount namespace escape Program privilege escalation escape Privileged container startup escape Sensitive path mount |
ImageId | String | Image ID, which is used for redirect. |
ContainerId | String | Container ID, which is used for redirect. |
Solution | String | Event solution |
Description | String | Event description |
EventCount | Integer | Number of events |
LatestFoundTime | Timestamp | Last generation time |
NodeIP | String | Node IP Note: This field may return null, indicating that no valid values can be obtained. |
HostID | String | Server IP Note: This field may return null, indicating that no valid values can be obtained. |
ContainerNetStatus | String | Network statusNORMAL : Not isolated.ISOLATED : Isolated.ISOLATING : Isolating.ISOLATE_FAILED : Isolation failed.RESTORING : Recovering.RESTORE_FAILED : Recovery failed.Note: This field may return null, indicating that no valid values can be obtained. |
ContainerNetSubStatus | String | Sub-status of the container "AGENT_OFFLINE" // The agent is offline. "NODE_DESTROYED" // The node is terminated. "CONTAINER_EXITED" // The container exited. "CONTAINER_DESTROYED" // The container was terminated. "SHARED_HOST" // The container shares the network with the server. "RESOURCE_LIMIT" // The number of resources to be isolated exceeds the limit. "UNKNOW" // The reason is unknown. Note: This field may return null, indicating that no valid values can be obtained. |
ContainerIsolateOperationSrc | String | Container isolation operation source Note: This field may return null, indicating that no valid values can be obtained. |
ContainerStatus | String | Container statusRUNNING : Running.PAUSED : Paused.STOPPED : Stopped.CREATED : Created.DESTROYED : Terminated.RESTARTING : Restarting.REMOVING : Removing. |
ClusterID | String | ID of the cluster where the node resides |
NodeType | String | Node type. Values: NORMAL (general node), SUPER (super node). |
PodIP | String | Pod IP |
NodeUniqueID | String | Unique node ID |
PublicIP | String | Node public IP |
NodeID | String | Node ID |
HostIP | String | Private IP of the node |
ClusterName | String | Cluster name |
Trend of pending escape events
Used by actions: DescribeEscapeEventTendency.
Name | Type | Description |
---|---|---|
RiskContainerEventCount | Integer | Total number of pending containers at risk |
ProcessPrivilegeEventCount | Integer | Total number of pending program privilege escalation events |
ContainerEscapeEventCount | Integer | Total number of pending container escape events |
Date | Date | Date |
Enablement/Disablement of the container escape scan policy
Used by actions: DescribeEscapeRuleInfo.
Name | Type | Description |
---|---|---|
Type | String | Rule type ESCAPE_HOST_ACESS_FILE : Host file access escape.ESCAPE_MOUNT_NAMESPACE : Mount namespace escape.ESCAPE_PRIVILEDGE : Program privilege escalation escape.ESCAPE_PRIVILEDGE_CONTAINER_START : Privileged container startup escape.ESCAPE_MOUNT_SENSITIVE_PTAH : Sensitive path mount.ESCAPE_SYSCALL : Syscall escape. |
Name | String | Rule name Host file access escape Syscall escape Mount namespace escape Program privilege escalation escape Privileged container startup escape Sensitive path mount |
IsEnable | Boolean | Whether to enable. Valid values: false (no); true (yes). |
Group | String | Rule group. Valid values: RISK_CONTAINER (container in risk); PROCESS_PRIVILEGE (program privilege escalation); CONTAINER_ESCAPE (container escape). |
Enablement/Disablement of the container escape scan policy
Used by actions: ModifyEscapeRule.
Name | Type | Required | Description |
---|---|---|---|
Type | String | Yes | Rule typeESCAPE_HOST_ACESS_FILE : Host file access escape.ESCAPE_MOUNT_NAMESPACE : Mount namespace escape.ESCAPE_PRIVILEDGE : Program privilege escalation escape.ESCAPE_PRIVILEDGE_CONTAINER_START : Privileged container startup escape.ESCAPE_MOUNT_SENSITIVE_PTAH : Sensitive path mount.ESCAPE_SYSCALL : Syscall escape. |
IsEnable | Boolean | Yes | Whether to enable. Valid values: false (no); true (yes). |
Escape allowlist
Used by actions: DescribeEscapeWhiteList.
Name | Type | Description |
---|---|---|
ImageID | String | Image ID |
ImageName | String | Image name |
ID | Integer | Allowed item ID |
HostCount | Integer | Number of associated servers |
ContainerCount | Integer | Number of associated containers |
EventType | Array of String | Allowed event type |
InsertTime | String | Creation time |
UpdateTime | String | Update time |
ImageSize | Integer | Image size |
Export job details
Used by actions: DescribeExportJobManageList.
Name | Type | Description |
---|---|---|
JobID | String | Job ID |
JobName | String | Job name |
Source | String | Source |
ExportStatus | String | Export status |
ExportProgress | Integer | Export progress |
FailureMsg | String | Reason for failure |
Timeout | String | Timeout threshold |
InsertTime | String | Insertion time |
Container runtime security - File attribute information
Used by actions: DescribeAccessControlDetail.
Name | Type | Description |
---|---|---|
FileName | String | Filename |
FileType | String | File type |
FileSize | Integer | File size in bytes |
FilePath | String | File path |
FileCreateTime | Timestamp | File creation time |
LatestTamperedFileMTime | Timestamp | Time when the file is last tampered with |
NewFile | String | Content of the new file |
FileDiff | String | Differences between old and new files |
List of server IDs
Used by actions: DescribeAssetHostList.
Name | Type | Description |
---|---|---|
HostID | String | Server ID |
HostIP | String | Server IP, which is the private IP |
HostName | String | Server name |
Group | String | Project |
DockerVersion | String | Docker version |
DockerFileSystemDriver | String | Docker file system type |
ImageCnt | Integer | Number of images |
ContainerCnt | Integer | Number of containers |
Status | String | Agent status |
IsContainerd | Boolean | Whether it is Containerd |
MachineType | String | Server source. Valid values: CVM , ECM , LH , BM , Other . The first four values indicate Tencent Cloud instances, while the last one indicates non-Tencent Cloud instances. |
PublicIp | String | Public IP |
Uuid | String | Server UUID |
InstanceID | String | Server instance ID |
RegionID | Integer | Region ID |
Project | ProjectInfo | Project Note: This field may return null , indicating that no valid value was found. |
Tags | Array of TagInfo | Tags Note: This field may return null , indicating that no valid value was found. |
ClusterID | String | Cluster ID |
ClusterName | String | |
ClusterAccessedStatus | String |
Information of the automatic image licensing task
Used by actions: DescribeImageAutoAuthorizedTaskList.
Name | Type | Description |
---|---|---|
TaskId | Integer | Task ID |
Type | String | Licensing method. Valid values: AUTO (automatic licensing); MANUAL (manual licensing). |
AuthorizedDate | Date | Task date |
Source | String | Image source. Valid values: LOCAL (local image); REGISTRY (repository image). |
LastAuthorizedTime | String | Last licensing time |
SuccessCount | Integer | Number of images automatically licensed successfully |
FailCount | Integer | Number of images failed to be automatically licensed |
LatestFailCode | String | Error code for the last task. Valid values: REACH_LIMIT (reaching the upper limit on licenses); LICENSE_INSUFFICIENT (insufficient licenses). |
Information of a component in the image
Used by actions: DescribeImageComponentList.
Name | Type | Description |
---|---|---|
Name | String | Component name |
Version | String | Component version |
Path | String | Component path |
Type | String | Component type |
VulCount | Integer | Number of component vulnerabilities Note: This field may return null, indicating that no valid values can be obtained. |
ImageID | String | Image ID Note: This field may return null, indicating that no valid values can be obtained. |
List of images associated with servers
Used by actions: DescribeAssetImageHostList.
Name | Type | Description |
---|---|---|
ImageID | String | Image ID |
HostID | String | Server ID |
Basic image information
Used by actions: CreateAssetImageRegistryScanTask, CreateAssetImageRegistryScanTaskOneKey, DescribeAssetImageRegistryRiskInfoList, DescribeAssetImageRegistryRiskListExport, DescribeAssetImageRegistryScanStatusOneKey, DescribeAssetImageRegistryVirusList, DescribeAssetImageRegistryVirusListExport, DescribeAssetImageRegistryVulList, DescribeAssetImageRegistryVulListExport, DescribeImageRegistryTimingScanTask, ModifyAssetImageRegistryScanStop, ModifyAssetImageRegistryScanStopOneKey, UpdateImageRegistryTimingScanTask.
Name | Type | Required | Description |
---|---|---|---|
InstanceName | String | Yes | Instance name |
Namespace | String | Yes | Namespace |
ImageName | String | Yes | Image name |
ImageTag | String | Yes | Image tag |
Force | String | Yes | Forced scan |
ImageDigest | String | No | Image ID |
RegistryType | String | No | Repository type |
ImageRepoAddress | String | No | Image repository address |
InstanceId | String | No | Instance ID |
Basic image information
Used by actions: DescribeAssetImageRegistryScanStatusOneKey.
Name | Type | Description |
---|---|---|
ImageId | String | Image ID Note: This field may return null, indicating that no valid values can be obtained. |
RegistryType | String | Repository type Note: This field may return null, indicating that no valid values can be obtained. |
ImageRepoAddress | String | Image repository address Note: This field may return null, indicating that no valid values can be obtained. |
InstanceId | String | Instance ID Note: This field may return null, indicating that no valid values can be obtained. |
InstanceName | String | Instance name Note: This field may return null, indicating that no valid values can be obtained. |
Namespace | String | Namespace Note: This field may return null, indicating that no valid values can be obtained. |
ImageName | String | Repository name Note: This field may return null, indicating that no valid values can be obtained. |
ImageTag | String | Image tag Note: This field may return null, indicating that no valid values can be obtained. |
ScanStatus | String | Image scanning status Note: This field may return null, indicating that no valid values can be obtained. |
CveProgress | Integer | CVE scanning progress of the image Note: This field may return null, indicating that no valid values can be obtained. |
RiskProgress | Integer | Sensitive data scanning progress of the image Note: This field may return null, indicating that no valid values can be obtained. |
VirusProgress | Integer | Trojan scanning progress of the image Note: This field may return null, indicating that no valid values can be obtained. |
List of image repositories
Used by actions: DescribeAssetImageRegistryList.
Name | Type | Description |
---|---|---|
ImageDigest | String | Image digest |
ImageRepoAddress | String | Image repository address |
RegistryType | String | Repository type |
ImageName | String | Image name |
ImageTag | String | Image tag |
ImageSize | Integer | Image size |
ScanTime | String | Last scan time |
ScanStatus | String | Scanning status |
VulCnt | Integer | Number of vulnerabilities |
VirusCnt | Integer | Number of viruses and trojans |
RiskCnt | Integer | Number of risky behaviors |
IsTrustImage | Boolean | Whether it is a trusted image |
OsName | String | Image system |
ScanVirusError | String | Trojan scan error Note: This field may return null, indicating that no valid values can be obtained. |
ScanVulError | String | Vulnerability scan error Note: This field may return null, indicating that no valid values can be obtained. |
InstanceId | String | Instance ID |
InstanceName | String | Instance name |
Namespace | String | Namespace |
ScanRiskError | String | High-risk scan error Note: This field may return null, indicating that no valid values can be obtained. |
ScanVirusProgress | Integer | Sensitive data scanning progress Note: This field may return null, indicating that no valid values can be obtained. |
ScanVulProgress | Integer | Trojan scanning progress Note: This field may return null, indicating that no valid values can be obtained. |
ScanRiskProgress | Integer | Vulnerability scanning progress Note: This field may return null, indicating that no valid values can be obtained. |
ScanRemainTime | Integer | Remaining scan time in seconds Note: This field may return null, indicating that no valid values can be obtained. |
CveStatus | String | CVE scanning status Note: This field may return null, indicating that no valid values can be obtained. |
RiskStatus | String | High-risk scanning status Note: This field may return null, indicating that no valid values can be obtained. |
VirusStatus | String | Trojan scanning status Note: This field may return null, indicating that no valid values can be obtained. |
Progress | Integer | Overall progress Note: This field may return null, indicating that no valid values can be obtained. |
IsAuthorized | Integer | Licensing status |
RegistryRegion | String | Repository region |
Id | Integer | List of IDs |
ImageId | String | Image ID Note: This field may return null, indicating that no valid values can be obtained. |
ImageCreateTime | Timestamp ISO8601 | Image creation time Note: This field may return null, indicating that no valid values can be obtained. |
IsLatestImage | Boolean | Whether it is the latest image tag Note: This field may return null, indicating that no valid values can be obtained. |
Used by actions: DescribeAssetImageRegistryRegistryList.
Name | Type | Description |
---|---|---|
RegistryId | Integer | |
Name | String | |
RegistryType | String | |
Url | String | |
NetType | String | |
RegistryRegion | String | |
RegistryVersion | String | |
ConnectMsg | String | |
ConnDetectType | String | |
ConnDetectHostCount | Integer | |
ConnDetectDetail | Array of RegistryConnDetectResult | |
InstanceID | String | |
LatestSyncTime | String | |
SyncStatus | String | |
SyncFailReason | String | |
SyncSolution | String | |
SyncMessage | String |
Information of a high-risk behavior in the image
Used by actions: DescribeAssetImageRegistryRiskInfoList.
Name | Type | Description |
---|---|---|
Behavior | Integer | High-risk behavior Note: This field may return null, indicating that no valid values can be obtained. |
Type | Integer | Type Note: This field may return null, indicating that no valid values can be obtained. |
Level | String | Risk level Note: This field may return null, indicating that no valid values can be obtained. |
Desc | String | Description Note: This field may return null, indicating that no valid values can be obtained. |
InstructionContent | String | Solution Note: This field may return null, indicating that no valid values can be obtained. |
Image risk details
Used by actions: DescribeAssetImageRiskList.
Name | Type | Description |
---|---|---|
Behavior | Integer | Behavior |
Type | Integer | Type |
Level | Integer | Level |
Desc | String | Details |
InstructionContent | String | Solution |
Trend information of security events at runtime
Used by actions: DescribeImageRiskTendency.
Name | Type | Description |
---|---|---|
ImageRiskSet | Array of RunTimeTendencyInfo | List of trends |
ImageRiskType | String | Risk type:IRT_VULNERABILITY : Vulnerability.IRT_MALWARE_VIRUS : Virus and trojan.IRT_RISK : Sensitive data. |
List of images
Used by actions: DescribeImageSimpleList.
Name | Type | Description |
---|---|---|
ImageID | String | Image ID |
ImageName | String | Image name |
Size | Integer | Image size |
ImageType | String | Type |
ContainerCnt | Integer | Number of associated containers |
Information of a virus in the image
Used by actions: DescribeAssetImageRegistryVirusList.
Name | Type | Description |
---|---|---|
Path | String | Path Note: This field may return null, indicating that no valid values can be obtained. |
RiskLevel | String | Risk level Note: This field may return null, indicating that no valid values can be obtained. |
Category | String | Category Note: This field may return null, indicating that no valid values can be obtained. |
VirusName | String | Virus name Note: This field may return null, indicating that no valid values can be obtained. |
Tags | Array of String | Tag Note: This field may return null, indicating that no valid values can be obtained. |
Desc | String | Description Note: This field may return null, indicating that no valid values can be obtained. |
Solution | String | Solution Note: This field may return null, indicating that no valid values can be obtained. |
FileType | String | File type Note: This field may return null, indicating that no valid values can be obtained. |
FileName | String | File path Note: This field may return null, indicating that no valid values can be obtained. |
FileMd5 | String | MD5 checksum of the file Note: This field may return null, indicating that no valid values can be obtained. |
FileSize | Integer | Size Note: This field may return null, indicating that no valid values can be obtained. |
FirstScanTime | String | First discovery time Note: This field may return null, indicating that no valid values can be obtained. |
LatestScanTime | String | Last scan time Note: This field may return null, indicating that no valid values can be obtained. |
Information of a virus in the image
Used by actions: DescribeAssetImageVirusList.
Name | Type | Description |
---|---|---|
Path | String | Path Note: This field may return null, indicating that no valid values can be obtained. |
RiskLevel | Integer | Risk level Note: This field may return null, indicating that no valid values can be obtained. |
VirusName | String | Virus name Note: This field may return null, indicating that no valid values can be obtained. |
Tags | Array of String | Tag Note: This field may return null, indicating that no valid values can be obtained. |
Desc | String | Description Note: This field may return null, indicating that no valid values can be obtained. |
Solution | String | Fix suggestion Note: This field may return null, indicating that no valid values can be obtained. |
Size | Integer | Size Note: This field may return null, indicating that no valid values can be obtained. |
FirstScanTime | String | First discovery time Note: This field may return null, indicating that no valid values can be obtained. |
LatestScanTime | String | Last scan time Note: This field may return null, indicating that no valid values can be obtained. |
Md5 | String | MD5 checksum of the file Note: This field may return null, indicating that no valid values can be obtained. |
FileName | String | Filename Note: This field may return null, indicating that no valid values can be obtained. |
CheckPlatform | Array of String | Check platform1 : Tencent Cloud Security Engine.2 : tav.3 : binaryAi.4 : Unusual behavior.5 : Threat intelligence.Note: This field may return null, indicating that no valid values can be obtained. |
Information of a vulnerability in the image
Used by actions: DescribeAssetImageRegistryVulList.
Name | Type | Description |
---|---|---|
CVEID | String | Vulnerability ID Note: This field may return null, indicating that no valid values can be obtained. |
POCID | String | POC ID Note: This field may return null, indicating that no valid values can be obtained. |
Name | String | Vulnerability name Note: This field may return null, indicating that no valid values can be obtained. |
Components | Array of ComponentsInfo | Component information Note: This field may return null, indicating that no valid values can be obtained. |
Category | String | Category Note: This field may return null, indicating that no valid values can be obtained. |
CategoryType | String | Category 2 Note: This field may return null, indicating that no valid values can be obtained. |
Level | String | Risk level Note: This field may return null, indicating that no valid values can be obtained. |
Des | String | Description Note: This field may return null, indicating that no valid values can be obtained. |
OfficialSolution | String | Solution Note: This field may return null, indicating that no valid values can be obtained. |
Reference | String | Reference Note: This field may return null, indicating that no valid values can be obtained. |
DefenseSolution | String | Defense solution Note: This field may return null, indicating that no valid values can be obtained. |
SubmitTime | String | Submission time Note: This field may return null, indicating that no valid values can be obtained. |
CvssScore | String | CVSS score Note: This field may return null, indicating that no valid values can be obtained. |
CvssVector | String | CVSS information Note: This field may return null, indicating that no valid values can be obtained. |
IsSuggest | String | Whether fix is suggested Note: This field may return null, indicating that no valid values can be obtained. |
FixedVersions | String | Number of the fixed version Note: This field may return null, indicating that no valid values can be obtained. |
Tag | Array of String | Vulnerability tag. Valid values: CanBeFixed , DynamicLevelPoc , DynamicLevelExp .Note: This field may return null, indicating that no valid values can be obtained. |
Component | String | Component name Note: This field may return null, indicating that no valid values can be obtained. |
Version | String | Component version Note: This field may return null, indicating that no valid values can be obtained. |
Information of the runtime rule bound to the image
Used by actions: DescribeAssetImageBindRuleInfo.
Name | Type | Description |
---|---|---|
ImageId | String | Image ID |
ImageName | String | Image name |
ContainerCnt | Integer | Number of associated containers |
RuleId | String | Bound rule ID Note: This field may return null, indicating that no valid values can be obtained. |
RuleName | String | Rule name Note: This field may return null, indicating that no valid values can be obtained. |
ImageSize | Integer | Image size Note: This field may return null, indicating that no valid values can be obtained. |
ScanTime | String | Last scan time Note: This field may return null, indicating that no valid values can be obtained. |
List of image IDs
Used by actions: DescribeAssetImageList.
Name | Type | Description |
---|---|---|
ImageID | String | Image ID |
ImageName | String | Image name |
CreateTime | String | Creation time |
Size | Integer | Image size |
HostCnt | Integer | Number of servers |
ContainerCnt | Integer | Number of containers |
ScanTime | String | Scan time |
VulCnt | Integer | Number of vulnerabilities |
VirusCnt | Integer | Number of viruses |
RiskCnt | Integer | Number of sensitive data items |
IsTrustImage | Boolean | Whether it is a trusted image |
OsName | String | Image system |
AgentError | String | Image scan error in the agent |
ScanError | String | Image scan error on the backend |
ScanStatus | String | Scanning status |
ScanVirusError | String | Trojan scan error message |
ScanVulError | String | Vulnerability scan error message |
ScanRiskError | String | Risk scan error message |
IsSuggest | Integer | Whether the image is of high priority. Valid values: 0 (no); others (yes). |
IsAuthorized | Integer | Whether it is licensed. Valid values: 1 (yes); 0 (no). |
ComponentCnt | Integer | Number of components |
Vulnerability in the image
Used by actions: DescribeAssetImageVulList.
Name | Type | Description |
---|---|---|
CVEID | String | Vulnerability ID |
Name | String | Vulnerability name |
Component | String | Component |
Version | String | Version |
Category | String | Category |
CategoryType | String | Category 2 |
Level | Integer | Risk level |
Des | String | Description |
OfficialSolution | String | Solution |
Reference | String | Reference |
DefenseSolution | String | Defense solution |
SubmitTime | String | Submission time |
CVSSV3Score | Float | CVSS V3 score |
CVSSV3Desc | String | CVSS V3 description |
IsSuggest | Boolean | Whether it is of high priority. Valid values: true (yes); false (no). |
FixedVersions | String | Number of the fixed version Note: This field may return null, indicating that no valid values can be obtained. |
Tag | Array of String | Vulnerability tag. Valid values: CanBeFixed , DynamicLevelPoc , DynamicLevelExp .Note: This field may return null, indicating that no valid values can be obtained. |
K8sApi api abnormal event details
Used by actions: DescribeK8sApiAbnormalEventInfo.
Name | Type | Description |
---|---|---|
MatchRuleName | String | Hit rule name |
MatchRuleType | String | Hit rule type |
RiskLevel | String | Alarm level |
ClusterID | String | Cluster ID |
ClusterName | String | Cluster name |
ClusterRunningStatus | String | Cluster running status |
FirstCreateTime | String | First creation time |
LastCreateTime | String | Last creation time |
AlarmCount | Integer | Number of alarms |
Status | String | StatusEVENT_UNDEAL : UnhandledEVENT_DEALED : HandledEVENT_IGNORE : IgnoredEVENT_DEL : DeletedEVENT_ADD_WHITE : Added to an allowlist |
ClusterMasterIP | String | The master IP of a cluster |
K8sVersion | String | K8s version |
RunningComponent | Array of String | Runtime component |
Desc | String | Description |
Suggestion | String | Suggestion |
Info | String | Request information |
MatchRuleID | String | Rule ID |
HighLightFields | Array of String | An array of highlighted fields |
MatchRule | K8sApiAbnormalRuleScopeInfo | Hit rule |
Items in the K8sApi abnormal event list
Used by actions: DescribeK8sApiAbnormalEventList.
Name | Type | Description |
---|---|---|
ID | Integer | Event ID |
MatchRuleType | String | Hit rule type |
RiskLevel | String | Threat level |
ClusterID | String | Cluster ID |
ClusterName | String | Cluster name |
ClusterRunningStatus | String | Cluster running status |
FirstCreateTime | String | First creation time |
LastCreateTime | String | Last creation time |
AlarmCount | Integer | Number of alarms |
Status | String | Status |
RuleType | String | Rule type |
Desc | String | Description |
Suggestion | String | Solution |
RuleName | String | Rule name |
MatchRule | K8sApiAbnormalRuleScopeInfo | Hit rule |
K8sApi abnormal request rule details
Used by actions: CreateK8sApiAbnormalRuleInfo, DescribeK8sApiAbnormalRuleInfo, ModifyK8sApiAbnormalRuleInfo.
Name | Type | Required | Description |
---|---|---|---|
RuleName | String | Yes | Rule name |
Status | Boolean | Yes | Status |
RuleInfoList | Array of K8sApiAbnormalRuleScopeInfo | Yes | Rule information list |
EffectClusterIDSet | Array of String | Yes | Effective cluster IDSet |
RuleType | String | Yes | Rule type RT_SYSTEM: System rules RT_USER: User-defined rules |
EffectAllCluster | Boolean | Yes | Whether all clusters are effective |
RuleID | String | No | Rule ID |
Items in the list of K8sApi abnormal request rules
Used by actions: DescribeK8sApiAbnormalRuleList.
Name | Type | Description |
---|---|---|
RuleID | String | Rule ID |
RuleName | String | Rule name |
RuleType | String | Rule type RT_SYSTEM System rules RT_USER User defined |
EffectClusterCount | Integer | Total number of affected clusters |
UpdateTime | String | Update time |
OprUin | String | Edit account |
Status | Boolean | Status |
Configuration range of K8sApi abnormal event rules
Used by actions: CreateK8sApiAbnormalRuleInfo, DescribeK8sApiAbnormalEventInfo, DescribeK8sApiAbnormalEventList, DescribeK8sApiAbnormalRuleInfo, DescribeK8sApiAbnormalRuleScopeList, ModifyK8sApiAbnormalRuleInfo.
Name | Type | Required | Description |
---|---|---|---|
Scope | String | Yes | Range System event: ANONYMOUS_ACCESS: Anonymous access ABNORMAL_UA_REQ: Abnormal UA request ANONYMOUS_ABNORMAL_PERMISSION: Abnormal changes on permissions of an anonymous user GET_CREDENTIALS: Credential information acquisition MOUNT_SENSITIVE_PATH: Sensitive path mounting COMMAND_RUN: Command execution PRIVILEGE_CONTAINER: Privilege container EXCEPTION_CRONTAB_TASK: Aabnormal scheduled task STATICS_POD: Static pod creation ABNORMAL_CREATE_POD: Abnormal pod creation USER_DEFINED: User defined |
Action | String | Yes | Action (RULE_MODE_ALERT: Alarm RULE_MODE_RELEASE: Release) |
RiskLevel | String | No | Threat level: "HIGH": High-risk level; "MIDDLE": Middle-risk level; "LOW": Low-risk level; "NOTICE": Notice level Note: This field may return null , indicating that no valid value was found. |
Status | Boolean | No | Switch status (true: On; false: Off): applicable to system rules. Note: This field may return null , indicating that no valid value was found. |
IsDelete | Boolean | No | Whether to delete: applicable to custom rule input parameters. Note: This field may return null , indicating that no valid value was found. |
Items in the list of K8sApi abnormal request trends
Used by actions: DescribeK8sApiAbnormalTendency.
Name | Type | Description |
---|---|---|
Date | String | Date |
ExceptionUARequestCount | Integer | The number of abnormal UA request events |
AnonymousUserRightCount | Integer | The number of anonymous user permission events |
CredentialInformationObtainCount | Integer | The number of credential information acquisition events |
SensitiveDataMountCount | Integer | The number of sensitive data mounting events |
CmdExecCount | Integer | The number of command execution events |
AbnormalScheduledTaskCount | Integer | The number of abnormal scheduled task events |
StaticsPodCreateCount | Integer | The number of static pods created |
DoubtfulContainerCreateCount | Integer | The number of suspicious containers created |
UserDefinedRuleCount | Integer | The number of custom rule events |
AnonymousAccessCount | Integer | The number of anonymous access events |
PrivilegeContainerCount | Integer | The number of privilege container events |
Input parameters for adding and unignoring vulnerabilities in the scan
Used by actions: AddIgnoreVul, DeleteIgnoreVul.
Name | Type | Required | Description |
---|---|---|---|
PocID | String | Yes | POC ID |
ImageIDs | Array of String | No | IDs of images to be ignored. If it is not specified, it indicates to ignore all. |
ImageType | String | No | When there is an image Image type. Valid values: LOCAL (local image); REGISTRY (repository image). |
The structure returned by the audit of the network cluster asset
Used by actions: DescribeNetworkFirewallAuditRecord.
Name | Type | Description |
---|---|---|
ClusterId | String | Cluster ID |
ClusterName | String | Cluster name |
Region | String | Cluster region |
Action | String | Action |
Operation | String | Operator |
NetworkPolicyName | String | Policy name |
OperationTime | String | Operation time |
AppId | Integer | Operator appid Note: This field may return null, indicating that no valid values can be obtained. |
Uin | String | Operator UIN |
PolicyId | Integer | The policy ID. Note: This field may return· null , indicating that no valid values can be obtained. |
Response parameters structure of the network cluster asset
Used by actions: DescribeNetworkFirewallClusterList.
Name | Type | Description |
---|---|---|
ClusterId | String | Cluster ID |
ClusterName | String | Cluster name |
ClusterVersion | String | Cluster version |
ClusterOs | String | Cluster OS |
ClusterType | String | Cluster type |
Region | String | Cluster region |
NetworkPolicyPlugin | String | Cluster network plugin |
ClusterStatus | String | Cluster status |
TotalRuleCount | Integer | Total number of policies |
EnableRuleCount | Integer | Number of enabled policies |
NetworkPolicyPluginStatus | String | Status of the cluster network plugin. Valid values: Running (normal); Error (abnormal). |
NetworkPolicyPluginError | String | Error message of the cluster network plugin Note: This field may return null, indicating that no valid values can be obtained. |
ClusterNetworkSettings | String | Cluster network plugin Note: This field may return· null , indicating that no valid values can be obtained. |
Response parameters structure of the network space label
Used by actions: DescribeNetworkFirewallNamespaceLabelList.
Name | Type | Description |
---|---|---|
Labels | String | Network space label |
Name | String | Network space name |
Response parameters structure of the network cluster Pod
Used by actions: DescribeNetworkFirewallPodLabelsList.
Name | Type | Description |
---|---|---|
PodName | String | Pod name |
Namespace | String | Pod space Note: This field may return null, indicating that no valid values can be obtained. |
Labels | String | Pod label Note: This field may return null, indicating that no valid values can be obtained. |
WorkloadKind | String | Pod type Note: This field may return null, indicating that no valid values can be obtained. |
Custom rule of the network cluster policy
Used by actions: AddAndPublishNetworkFirewallPolicyDetail, AddNetworkFirewallPolicyDetail, DescribeNetworkFirewallPolicyDetail, UpdateAndPublishNetworkFirewallPolicyDetail, UpdateNetworkFirewallPolicyDetail.
Name | Type | Required | Description |
---|---|---|---|
Direction | String | Yes | Network policy direction. Valid values: FROM , TO . |
Ports | Array of NetworkPorts | No | Network policy port Note: This field may return null, indicating that no valid values can be obtained. |
Peer | Array of NetworkPeer | No | Network policy objectPublishedNoConfirm : Enabled and to be confirmed.PublishedConfirmed : Enabled and confirmed.unPublishing : Disabled.Publishing : Enabled.unPublishEdit : To be enabled.Note: This field may return null, indicating that no valid values can be obtained. |
Custom rule of the network cluster policy
Used by actions: AddAndPublishNetworkFirewallPolicyDetail, AddNetworkFirewallPolicyDetail, DescribeNetworkFirewallPolicyDetail, UpdateAndPublishNetworkFirewallPolicyDetail, UpdateNetworkFirewallPolicyDetail.
Name | Type | Required | Description |
---|---|---|---|
PeerType | String | Yes | Object type: Namespace: NamespaceSelector , which indicates that NamespaceSelector has a value.Pod type: PodSelector , which indicates that both NamespaceSelector and PodSelector have values.IP type: IPBlock , which indicates that only IPBlock has a value. |
NamespaceSelector | String | No | Namespace selector Note: This field may return null, indicating that no valid values can be obtained. |
PodSelector | String | No | Pod selector Note: This field may return null, indicating that no valid values can be obtained. |
IPBlock | String | No | IP selector Note: This field may return null, indicating that no valid values can be obtained. |
Response parameters structure of the network cluster policy
Used by actions: DescribeNetworkFirewallPolicyList.
Name | Type | Description |
---|---|---|
Name | String | Network policy name |
Description | String | Network policy description Note: This field may return null, indicating that no valid values can be obtained. |
PublishStatus | String | Publishing status:PublishedNoConfirm : Enabled and to be confirmed.PublishedConfirmed : Enabled and confirmed.unPublishing : Disabled.Publishing : Enabled.unPublishEdit : To be enabled. |
PolicySourceType | String | Policy type:System : Synched from the cluster.Manual : Added manually. |
Namespace | String | Policy space |
PolicyCreateTime | String | Policy creation date |
NetworkPolicyPlugin | String | Policy type kube-router: KubeRouter cilium: Cilium |
PublishResult | String | Policy publishing result Note: This field may return null, indicating that no valid values can be obtained. |
FromPolicyRule | Integer | Inbound rule1 : Allow all.2 : Reject all.3 : Custom. |
ToPolicyRule | Integer | Inbound rule1 : Allow all.2 : Reject all.3 : Custom. |
PodSelector | String | Object Note: This field may return null, indicating that no valid values can be obtained. |
Id | Integer | Network policy ID |
Port of the custom rule of the network cluster policy
Used by actions: AddAndPublishNetworkFirewallPolicyDetail, AddNetworkFirewallPolicyDetail, DescribeNetworkFirewallPolicyDetail, UpdateAndPublishNetworkFirewallPolicyDetail, UpdateNetworkFirewallPolicyDetail.
Name | Type | Required | Description |
---|---|---|---|
Protocol | String | No | Protocol of the network policy Note: This field may return null, indicating that no valid values can be obtained. |
Port | String | No | Port of the network policy Note: This field may return null, indicating that no valid values can be obtained. |
List of ports
Used by actions: DescribeAssetPortList.
Name | Type | Description |
---|---|---|
Type | String | Type |
PublicIP | String | Public IP |
PublicPort | Integer | Server port |
ContainerPort | Integer | Container port |
ContainerPID | Integer | Container PID |
ContainerName | String | Container name |
HostID | String | Server ID |
HostIP | String | Server IP |
ProcessName | String | Process name |
ListenContainer | String | Monitored address in the container |
ListenHost | String | Monitored address outside the container |
RunAs | String | Operating account |
HostName | String | Server name |
PublicIp | String | Public IP |
NodeID | String | Node ID |
PodIP | String | Pod IP |
PodName | String | Pod name |
NodeType | String | Node type. |
NodeUniqueID | String | UID of the super node |
Runtime security - Basic process information
Used by actions: DescribeAbnormalProcessDetail, DescribeAccessControlDetail, DescribeEscapeEventDetail, DescribeReverseShellDetail, DescribeRiskSyscallDetail.
Name | Type | Description |
---|---|---|
ProcessStartUser | String | Process initiator Note: This field may return null, indicating that no valid values can be obtained. |
ProcessUserGroup | String | Process user group Note: This field may return null, indicating that no valid values can be obtained. |
ProcessPath | String | Process path Note: This field may return null, indicating that no valid values can be obtained. |
ProcessParam | String | Process command line parameter Note: This field may return null, indicating that no valid values can be obtained. |
Runtime security details - Basic process information
Used by actions: DescribeAbnormalProcessDetail, DescribeReverseShellDetail, DescribeRiskSyscallDetail.
Name | Type | Description |
---|---|---|
ProcessName | String | Process name |
ProcessId | Integer | Process PID |
ProcessStartUser | String | Process initiator |
ProcessUserGroup | String | Process user group |
ProcessPath | String | Process path |
ProcessParam | String | Process command line parameter |
Runtime security details - Process information
Used by actions: DescribeAbnormalProcessDetail, DescribeAccessControlDetail, DescribeEscapeEventDetail, DescribeReverseShellDetail, DescribeRiskSyscallDetail.
Name | Type | Description |
---|---|---|
ProcessName | String | Process name |
ProcessAuthority | String | Process permission |
ProcessId | Integer | Process PID |
ProcessStartUser | String | Process initiator |
ProcessUserGroup | String | Process user group |
ProcessPath | String | Process path |
ProcessTree | String | Process tree |
ProcessMd5 | String | Process MD5 |
ProcessParam | String | Process command line parameter |
List of processes
Used by actions: DescribeAssetProcessList.
Name | Type | Description |
---|---|---|
StartTime | String | Process start time |
RunAs | String | Operator |
CmdLine | String | Command line parameter |
Exe | String | Exe path |
PID | Integer | Server PID |
ContainerPID | Integer | Container PID |
ContainerName | String | Container name |
HostID | String | Server ID |
HostIP | String | Server IP |
ProcessName | String | Process name |
HostName | String | Server name |
PublicIp | String | Public IP |
NodeID | String | Node ID |
PodIP | String | Pod IP |
PodName | String | Pod name |
NodeType | String | Node type. |
NodeUniqueID | String | UID of the super node |
The project to which the host belongs
Used by actions: DescribeAssetHostDetail, DescribeAssetHostList.
Name | Type | Description |
---|---|---|
ProjectName | String | Project name |
ProjectID | Integer | Project ID |
Promotion content
Used by actions: DescribePromotionActivity.
Name | Type | Description |
---|---|---|
MonthNum | Integer | Number of months |
CoresCountLimit | Integer | Minimum number of cores |
ProfessionalDiscount | Integer | Discount on the Pro Edition |
ImageAuthorizationNum | Integer | Number of free images |
RASP information of vulnerability defense plugin
Used by actions: DescribeVulDefenceEventDetail.
Name | Type | Description |
---|---|---|
Name | String | RASP name |
Value | String | RASP description |
Region information
Used by actions: DescribeSecLogDeliveryClsOptions, DescribeSecLogDeliveryKafkaOptions.
Name | Type | Description |
---|---|---|
Region | String | Region identifier |
RegionName | String | Region name |
Used by actions: DescribeAssetImageRegistryRegistryList.
Name | Type | Description |
---|---|---|
Quuid | String | |
Uuid | String | |
ConnDetectStatus | String | |
ConnDetectMessage | String | |
Solution | String | |
FailReason | String |
Description of the container reverse shell event at runtime
Used by actions: DescribeReverseShellDetail.
Name | Type | Description |
---|---|---|
Description | String | Description |
Solution | String | Solution |
Remark | String | Event remarks Note: This field may return null, indicating that no valid values can be obtained. |
DstAddress | String | Destination address |
OperationTime | String | Last processing time of the event Note: This field may return null, indicating that no valid values can be obtained. |
Container runtime security - Information of the reverse shell
Used by actions: DescribeReverseShellEvents.
Name | Type | Description |
---|---|---|
ProcessName | String | Process name |
ProcessPath | String | Process path |
ImageId | String | Image ID |
ContainerId | String | Container ID |
ImageName | String | Image name |
ContainerName | String | Container name |
FoundTime | String | Generation time |
Solution | String | Event solution |
Description | String | Event description |
Status | String | Status. EVENT_UNDEAL : Pending.EVENT_DEALED : Processed.EVENT_INGNORE : Ignored.EVENT_ADD_WHITE : Allowed. |
EventId | String | Event ID |
Remark | String | Remarks |
PProcessName | String | Parent process name |
EventCount | Integer | Number of events |
LatestFoundTime | String | Last generation time |
DstAddress | String | Destination address |
ContainerNetStatus | String | Network statusNORMAL : Not isolated.ISOLATED : Isolated.ISOLATING : Isolating.ISOLATE_FAILED : Isolation failed.RESTORING : Recovering.RESTORE_FAILED : Recovery failed. |
ContainerNetSubStatus | String | Sub-status of the container "AGENT_OFFLINE" // The agent is offline. "NODE_DESTROYED" // The node is terminated. "CONTAINER_EXITED" // The container exited. "CONTAINER_DESTROYED" // The container was terminated. "SHARED_HOST" // The container shares the network with the server. "RESOURCE_LIMIT" // The number of resources to be isolated exceeds the limit. "UNKNOW" // The reason is unknown. |
ContainerIsolateOperationSrc | String | Container isolation operation source |
ContainerStatus | String | Container statusRUNNING : Running.PAUSED : Paused.STOPPED : Stopped.CREATED : Created.DESTROYED : Terminated.RESTARTING : Restarting.REMOVING : Removing. |
Information of an allowed reverse shell
Used by actions: DescribeReverseShellWhiteLists.
Name | Type | Description |
---|---|---|
Id | String | Allowed item ID |
ImageCount | Integer | Number of images |
ProcessName | String | Connection process name |
DstIp | String | Destination address IP |
CreateTime | Timestamp | Creation time |
UpdateTime | Timestamp | Update time |
DstPort | String | Target port |
IsGlobal | Boolean | Whether it is allowed globally. true : Yes. |
ImageIds | Array of String | Array of image IDs. An empty array indicates all. |
Information of an allowed reverse shell
Used by actions: AddEditReverseShellWhiteList, DescribeReverseShellWhiteListDetail.
Name | Type | Required | Description |
---|---|---|---|
DstIp | String | Yes | Target IP |
DstPort | String | Yes | Target port |
ProcessName | String | Yes | Target process |
ImageIds | Array of String | Yes | Array of image IDs. An empty array indicates all. |
Id | String | No | Allowed item ID, which is empty if the item is newly created. |
Description of the high-risk container syscall event at runtime
Used by actions: DescribeRiskSyscallDetail.
Name | Type | Description |
---|---|---|
Description | String | Description |
Solution | String | Solution |
Remark | String | Event remarks Note: This field may return null, indicating that no valid values can be obtained. |
SyscallName | String | Syscall name |
OperationTime | String | Last processing time of the event Note: This field may return null, indicating that no valid values can be obtained. |
Container runtime security - Information of the high-risk syscall
Used by actions: DescribeRiskSyscallEvents.
Name | Type | Description |
---|---|---|
ProcessName | String | Process name |
ProcessPath | String | Process path |
ImageId | String | Image ID |
ContainerId | String | Container ID |
ImageName | String | Image name |
ContainerName | String | Container name |
FoundTime | String | Generation time |
Solution | String | Event solution |
Description | String | Event description |
SyscallName | String | Syscall name |
Status | String | Status. EVENT_UNDEAL : Pending.EVENT_DEALED : Processed.EVENT_INGNORE : Ignored.EVENT_ADD_WHITE : Allowed. |
EventId | String | Event ID |
NodeName | String | Node name |
PodName | String | Pod (instance) name |
Remark | String | Remarks |
RuleExist | Boolean | Whether the system monitoring rule name exists |
EventCount | Integer | Number of events |
LatestFoundTime | String | Last generation time |
ContainerNetStatus | String | Network statusNORMAL : Not isolated.ISOLATED : Isolated.ISOLATING : Isolating.ISOLATE_FAILED : Isolation failed.RESTORING : Recovering.RESTORE_FAILED : Recovery failed. |
ContainerNetSubStatus | String | Sub-status of the container "AGENT_OFFLINE" // The agent is offline. "NODE_DESTROYED" // The node is terminated. "CONTAINER_EXITED" // The container exited. "CONTAINER_DESTROYED" // The container was terminated. "SHARED_HOST" // The container shares the network with the server. "RESOURCE_LIMIT" // The number of resources to be isolated exceeds the limit. "UNKNOW" // The reason is unknown. |
ContainerIsolateOperationSrc | String | Container isolation operation source |
ContainerStatus | String | Container statusRUNNING : Running.PAUSED : Paused.STOPPED : Stopped.CREATED : Created.DESTROYED : Terminated.RESTARTING : Restarting.REMOVING : Removing. |
NodeType | String | Node type. Values: NORMAL (general node), SUPER (super node). |
ClusterID | String | Cluster ID |
PodIP | String | Pod IP |
NodeUniqueID | String | Unique node ID |
PublicIP | String | Node public IP |
NodeID | String | Node ID |
HostID | String | uuid |
HostIP | String | Private IP of the node |
ClusterName | String | Cluster name |
Information of the allowlist of high-risk syscalls
Used by actions: DescribeRiskSyscallWhiteLists.
Name | Type | Description |
---|---|---|
Id | String | Allowed item ID |
ImageCount | Integer | Number of images |
ProcessPath | String | Connection process path |
SyscallNames | Array of String | List of syscall names |
CreateTime | Timestamp | Creation time |
UpdateTime | Timestamp | Update time |
IsGlobal | Boolean | Whether it is allowed globally. true : Yes. |
ImageIds | Array of String | Array of image IDs |
Information of the allowlist of high-risk syscalls
Used by actions: AddEditRiskSyscallWhiteList, DescribeRiskSyscallWhiteListDetail.
Name | Type | Required | Description |
---|---|---|---|
ImageIds | Array of String | Yes | Array of image IDs. An empty array indicates all. |
SyscallNames | Array of String | No | Syscall name. The DescribeRiskSyscallNames API can be called to get the list of enumerated values. |
ProcessPath | String | No | Target process |
Id | String | No | Allowed item ID, which is empty if the item is newly created. |
Runtime security - Basic policy information
Used by actions: DescribeAbnormalProcessRules, DescribeAccessControlRules.
Name | Type | Description |
---|---|---|
IsDefault | Boolean | Valid values: true (default policy); false (custom policy). |
EffectImageCount | Integer | Number of associated images |
RuleId | String | Policy ID |
UpdateTime | String | Policy update time, which can be empty. Note: This field may return null, indicating that no valid values can be obtained. |
RuleName | String | Policy name |
EditUserName | String | Name of the editing user |
IsEnable | Boolean | Valid values: true (enable the policy); false (disable the policy). |
Runtime security - Basic event information
Used by actions: DescribeAbnormalProcessDetail, DescribeAccessControlDetail, DescribeEscapeEventDetail, DescribeReverseShellDetail, DescribeRiskSyscallDetail.
Name | Type | Description |
---|---|---|
EventId | String | Unique event ID |
FoundTime | Timestamp | Event discovery time |
ContainerId | String | Container ID |
ContainerName | String | Container name |
ImageId | String | Image ID |
ImageName | String | Image name |
NodeName | String | Node name |
Status | String | Status. EVENT_UNDEAL : Pending.EVENT_DEALED : Processed.EVENT_INGNORE : Ignored. |
EventName | String | Event name: Host file access escape Syscall escape Mount namespace escape Program privilege escalation escape Privileged container startup escape Sensitive path mount Malicious process startup File tampering |
EventType | String | Event typeESCAPE_HOST_ACESS_FILE : Host file access escape.ESCAPE_MOUNT_NAMESPACE : Mount namespace escape.ESCAPE_PRIVILEDGE : Program privilege escalation escape.ESCAPE_PRIVILEDGE_CONTAINER_START : Privileged container startup escape.ESCAPE_MOUNT_SENSITIVE_PTAH : Sensitive path mount.ESCAPE_SYSCALL : Syscall escape. |
EventCount | Integer | Number of events |
LatestFoundTime | String | Last generation time |
HostIP | String | Private IP Note: This field may return null, indicating that no valid values can be obtained. |
ClientIP | String | Public IP Note: This field may return null, indicating that no valid values can be obtained. |
ContainerNetStatus | String | Network statusNORMAL : Not isolated.ISOLATED : Isolated.ISOLATING : Isolating.ISOLATE_FAILED : Isolation failed.RESTORING : Recovering.RESTORE_FAILED : Recovery failed.Note: This field may return null, indicating that no valid values can be obtained. |
ContainerNetSubStatus | String | Sub-status of the container "AGENT_OFFLINE" // The agent is offline. "NODE_DESTROYED" // The node is terminated. "CONTAINER_EXITED" // The container exited. "CONTAINER_DESTROYED" // The container was terminated. "SHARED_HOST" // The container shares the network with the server. "RESOURCE_LIMIT" // The number of resources to be isolated exceeds the limit. "UNKNOW" // The reason is unknown. Note: This field may return null, indicating that no valid values can be obtained. |
ContainerIsolateOperationSrc | String | Container isolation operation source Note: This field may return null, indicating that no valid values can be obtained. |
NodeID | String | Node ID |
NodeType | String | Node type. Valid values: NORMAL (general node), SUPER (super node) |
NodeSubNetID | String | Node subnet ID |
NodeSubNetName | String | Node subnet name |
NodeSubNetCIDR | String | Subnet IP range |
PodName | String | Pod name |
PodIP | String | Pod IP |
PodStatus | String | Pod status |
ClusterID | String | Cluster ID |
ClusterName | String | Cluster name |
NodeUniqueID | String | Unique node ID |
HostID | String | uuid |
Namespace | String | |
WorkloadType | String |
TCSS
Key-value pair filter for conditional filtering queries, such as filter ID, name, and status
If more than one filter exists, the logical relationship between these filters is AND
.
If multiple values exist in one filter, the logical relationship between these values is OR
.
Used by actions: CreateAbnormalProcessRulesExportJob, CreateAccessControlsRuleExportJob, CreateDefenceVulExportJob, CreateEmergencyVulExportJob, CreateEscapeEventsExportJob, CreateEscapeWhiteListExportJob, CreateImageExportJob, CreateK8sApiAbnormalEventExportJob, CreateK8sApiAbnormalRuleExportJob, CreateRiskDnsEventExportJob, CreateSystemVulExportJob, CreateVulContainerExportJob, CreateVulDefenceEventExportJob, CreateVulDefenceHostExportJob, CreateVulImageExportJob, CreateWebVulExportJob, DescribeAbnormalProcessEvents, DescribeAbnormalProcessEventsExport, DescribeAbnormalProcessRules, DescribeAbnormalProcessRulesExport, DescribeAccessControlEvents, DescribeAccessControlEventsExport, DescribeAccessControlRules, DescribeAccessControlRulesExport, DescribeAssetClusterList, DescribeAssetImageBindRuleInfo, DescribeEmergencyVulList, DescribeEscapeEventInfo, DescribeEscapeEventsExport, DescribeEscapeWhiteList, DescribeExportJobManageList, DescribeImageSimpleList, DescribeK8sApiAbnormalEventList, DescribeK8sApiAbnormalRuleList, DescribeK8sApiAbnormalRuleScopeList, DescribeReverseShellEvents, DescribeReverseShellEventsExport, DescribeReverseShellWhiteLists, DescribeRiskSyscallEvents, DescribeRiskSyscallEventsExport, DescribeRiskSyscallWhiteLists, DescribeScanIgnoreVulList, DescribeSecLogJoinObjectList, DescribeSupportDefenceVul, DescribeSystemVulList, DescribeVirusAutoIsolateSampleList, DescribeVirusList, DescribeVirusTaskList, DescribeVulContainerList, DescribeVulDefenceEvent, DescribeVulDefenceHost, DescribeVulDefencePlugin, DescribeVulImageList, DescribeVulScanLocalImageList, DescribeVulSummary, DescribeWebVulList, ExportVirusList.
Name | Type | Required | Description |
---|---|---|---|
Name | String | Yes | Filter name |
Values | Array of String | Yes | One or more filter values |
ExactMatch | Boolean | No | Whether to use fuzzy query |
Runtime risk information
Used by actions: DescribeImageRiskSummary.
Name | Type | Description |
---|---|---|
Cnt | Integer | Number |
Level | String | Risk level:CRITICAL : Critical.HIGH : High.MEDIUM : Medium.LOW : Low. |
Runtime trend information
Used by actions: DescribeImageRiskTendency, DescribeSecEventsTendency, DescribeVulTendency.
Name | Type | Description |
---|---|---|
CurTime | Date | The time of the day |
Cnt | Integer | Current quantity |
Scan for ignored vulnerabilities
Used by actions: DescribeScanIgnoreVulList.
Name | Type | Description |
---|---|---|
VulName | String | Vulnerability name |
CVEID | String | Vulnerability CVE ID |
PocID | String | POC ID |
RegistryImageCount | Integer | Number of ignored repository images |
UpdateTime | String | Update time |
IsIgnoreAll | Integer | Whether to ignore all images. Valid values: 0 (no); 1 (yes). |
LocalImageCount | Integer | Number of ignored local images |
Quick search template
Used by actions: CreateSearchTemplate, DescribeSearchTemplates.
Name | Type | Required | Description |
---|---|---|---|
Name | String | Yes | Search name |
LogType | String | Yes | Search index type |
Condition | String | Yes | Search statement |
TimeRange | String | Yes | Time range |
Query | String | Yes | Converted search statement content |
Flag | String | Yes | Search method. Valid values: standard (search in the search box); simple (search by filter). |
DisplayData | String | Yes | Displayed data |
Id | Integer | No | Rule ID |
Security log alert message
Used by actions: DescribeSecLogAlertMsg.
Name | Type | Description |
---|---|---|
MsgType | String | Alert type |
MsgValue | String | Alert value |
State | Boolean | Status. Valid values: 0 (disabled); 1 (enabled). |
Security log - Settings of delivery to CLS
Used by actions: DescribeSecLogDeliveryClsSetting, ModifySecLogDeliveryClsSetting.
Name | Type | Required | Description |
---|---|---|---|
LogType | String | Yes | Log type |
State | Boolean | Yes | Delivery status. Valid values: true (enabled); false (disabled). |
Region | String | Yes | Region |
LogSet | String | Yes | Logset |
TopicID | String | Yes | Topic ID |
LogSetName | String | No | Logset name Note: This field may return null, indicating that no valid values can be obtained. |
TopicName | String | No | Topic name Note: This field may return null, indicating that no valid values can be obtained. |
Settings of security log delivery to Kafka
Used by actions: DescribeSecLogDeliveryKafkaSetting, ModifySecLogDeliveryKafkaSetting.
Name | Type | Required | Description |
---|---|---|---|
LogType | String | Yes | Log type |
TopicID | String | Yes | Topic ID |
TopicName | String | Yes | Topic name Note: This field may return null, indicating that no valid values can be obtained. |
State | Boolean | Yes | Delivery status. Valid values: false (disabled); true (enabled). |
Security log access details
Used by actions: DescribeSecLogJoinTypeList.
Name | Type | Description |
---|---|---|
Count | Integer | Number of connected general nodes |
SuperNodeCount | Integer | Number of connected super nodes |
IsJoined | Boolean | Whether it is accessed. Valid values: true (accessed); false (not accessed). |
LogType | String | Log type ( Container bash: "container_bash" Container startup: "container_launch" K8s API: "k8s_api" ) |
Details of the accessed security log object
Used by actions: DescribeSecLogJoinObjectList.
Name | Type | Description |
---|---|---|
HostID | String | Server ID |
HostName | String | Server name Note: This field may return null, indicating that no valid values can be obtained. |
HostIP | String | Server IP Note: This field may return null, indicating that no valid values can be obtained. |
HostStatus | String | Server status |
ClusterID | String | Cluster ID Note: This field may return null, indicating that no valid values can be obtained. |
ClusterName | String | Cluster name Note: This field may return null, indicating that no valid values can be obtained. |
PublicIP | String | Public IP Note: This field may return null, indicating that no valid values can be obtained. |
JoinState | Boolean | Access status. Valid values: true (accessed); false (not accessed). |
ClusterVersion | String | Cluster version Note: This field may return null, indicating that no valid values can be obtained. |
ClusterMainAddress | String | Master node address of the cluster |
Trend information of security events at runtime
Used by actions: DescribeSecEventsTendency.
Name | Type | Description |
---|---|---|
EventSet | Array of RunTimeTendencyInfo | List of trends |
EventType | String | Event type: ET_ESCAPE: Container escape ET_REVERSE_SHELL: Reverse shell ET_RISK_SYSCALL: High-risk system calls ET_ABNORMAL_PROCESS: Abnormal process ET_ACCESS_CONTROL: File tampering ET_VIRUS: Trojan event ET_MALICIOUS_CONNECTION: Malicious connection event |
Information list of TCSS
Used by actions: DescribeAssetAppServiceList, DescribeAssetDBServiceList, DescribeAssetWebServiceList.
Name | Type | Description |
---|---|---|
ServiceID | String | Service ID |
HostID | String | Server ID |
HostIP | String | Server IP |
ContainerName | String | Container name |
Type | String | Service name, such as nginx and redis |
Version | String | Version |
RunAs | String | Account |
Listen | Array of String | Listened port |
Config | String | Configuration |
ProcessCnt | Integer | Number of associated processes |
AccessLog | String | Access log |
ErrorLog | String | Error log |
DataPath | String | Data directory |
WebRoot | String | Web directory |
Pids | Array of Integer | ID of the associated process |
MainType | String | Service type. Valid values: app , web , db . |
Exe | String | Execution file |
Parameter | String | Service command line parameter |
ContainerId | String | Container ID |
HostName | String | Server name |
PublicIp | String | Public IP |
NodeID | String | Node ID |
PodIP | String | Pod IP |
PodName | String | Pod name |
NodeType | String | Node type. |
NodeUniqueID | String | UID of the super node |
Pay-as-you-go billing details
Used by actions: DescribePostPayDetail.
Name | Type | Description |
---|---|---|
PayTime | String | Deduction time |
CoresCnt | Integer | Number of billed cores |
Vulnerability that can be prevented
Used by actions: DescribeSupportDefenceVul.
Name | Type | Description |
---|---|---|
PocID | String | POC ID |
Name | String | Vulnerability name |
Tags | Array of String | Vulnerability tag |
CVSSV3Score | Float | Vulnerability CVSS |
Level | String | Vulnerability severity |
CVEID | String | Vulnerability CVE ID |
SubmitTime | String | Vulnerability disclosure time |
Host tag information
Used by actions: DescribeAssetHostDetail, DescribeAssetHostList.
Name | Type | Description |
---|---|---|
TagKey | String | Tag key |
TagValue | String | Tag value |
Trend of unlicensed cores
Used by actions: DescribeUnauthorizedCoresTendency.
Name | Type | Description |
---|---|---|
DateTime | String | Date |
CoresCount | Integer | Number of unlicensed cores |
Information of the automatically isolated trojan sample
Used by actions: DescribeVirusAutoIsolateSampleList.
Name | Type | Description |
---|---|---|
MD5 | String | MD5 checksum of the file |
VirusName | String | Virus name |
ModifyTime | Timestamp ISO8601 | Last edit time |
AutoIsolateSwitch | Boolean | Automatic isolation switch. Valid values: true (on); false (off). |
List of trojans at runtime
Used by actions: DescribeVirusList.
Name | Type | Description |
---|---|---|
FileName | String | Filename |
FilePath | String | File path |
VirusName | String | Virus name |
CreateTime | String | Creation time |
ModifyTime | String | Update time |
ContainerName | String | Container name |
ContainerId | String | Container ID |
ContainerStatus | String | Container statusRUNNING : Running.PAUSED : Paused.STOPPED : Stopped.CREATED : Created.DESTROYED : Terminated.RESTARTING : Restarting.REMOVING : Removing. |
ImageName | String | Image name |
ImageId | String | Image ID |
Status | String | DEAL_NONE : Pending.DEAL_IGNORE : Ignored.DEAL_ADD_WHITELIST : Allowed.DEAL_DEL : Deleted.DEAL_ISOLATE : Isolated.DEAL_ISOLATING : Isolating.DEAL_ISOLATE_FAILED : Isolation failed.DEAL_RECOVERING : Recovering.DEAL_RECOVER_FAILED : Recovery failed. |
Id | String | Event ID |
HarmDescribe | String | Event description |
SuggestScheme | String | Solution |
SubStatus | String | Sub-status of the failure:FILE_NOT_FOUND : The file does not exist.FILE_ABNORMAL : The file is abnormal.FILE_ABNORMAL_DEAL_RECOVER : The file is abnormal when recovered.BACKUP_FILE_NOT_FOUND : The backup file does not exist.CONTAINER_NOT_FOUND_DEAL_ISOLATE : The container does not exist during isolation.CONTAINER_NOT_FOUND_DEAL_RECOVER : The container does not exist during recovery.TIMEOUT : Timed out.TOO_MANY : Too many tasks.OFFLINE : Offline.INTERNAL : Internal service error.VALIDATION : Invalid parameter. |
ContainerNetStatus | String | Network statusNORMAL : Not isolated.ISOLATED : Isolated.ISOLATING : Isolating.ISOLATE_FAILED : Isolation failed.RESTORING : Recovering.RESTORE_FAILED : Recovery failed. |
ContainerNetSubStatus | String | Sub-status of the container "AGENT_OFFLINE" // The agent is offline. "NODE_DESTROYED" // The node is terminated. "CONTAINER_EXITED" // The container exited. "CONTAINER_DESTROYED" // The container was terminated. "SHARED_HOST" // The container shares the network with the server. "RESOURCE_LIMIT" // The number of resources to be isolated exceeds the limit. "UNKNOW" // The reason is unknown. |
ContainerIsolateOperationSrc | String | Container isolation operation source |
MD5 | String | MD5 checksum Note: This field may return null, indicating that no valid values can be obtained. |
RiskLevel | String | Risk level. Valid values: RISK_CRITICAL , RISK_HIGH , RISK_MEDIUM , RISK_LOW , RISK_NOTICE .Note: This field may return null, indicating that no valid values can be obtained. |
CheckPlatform | Array of String | Check platform1 : Tencent Cloud Security Engine.2 : tav.3 : binaryAi.4 : Unusual behavior.5 : Threat intelligence.Note: This field may return null, indicating that no valid values can be obtained. |
NodeID | String | Node ID. |
NodeName | String | Node name |
PodIP | String | Pod IP |
PodName | String | Pod (instance) name |
ClusterID | String | ID of the cluster where the node resides |
NodeType | String | Node type. Values: NORMAL (general node), SUPER (super node). |
PublicIP | String | Public IP of the node |
InnerIP | String | Node private IP |
NodeUniqueID | String | UID of the node |
HostID | String | ID for the general node |
ClusterName | String | Cluster name |
List of containers in the virus scanning task at runtime
Used by actions: DescribeVirusTaskList.
Name | Type | Description |
---|---|---|
ContainerName | String | Container name |
ContainerId | String | Container ID |
ImageName | String | Image name |
ImageId | String | Image ID |
HostName | String | Node name |
HostIp | String | Private IP of the node |
Status | String | Scanning status:WAIT : Pending scanning.FAILED : Failed.SCANNING : Scanning.FINISHED : Ended.CANCELING : Canceling.CANCELED : Canceled.CANCEL_FAILED : Failed to cancel. |
StartTime | String | Check start time |
EndTime | String | Check end time |
RiskCnt | Integer | Number of risks |
Id | String | Event ID |
ErrorMsg | String | Cause:SEND_SUCCESSED : Task submitted.SCAN_WAIT : Waiting to scan...OFFLINE : Offline.SEND_FAILED : Failed to deploy.TIMEOUT : Timed out.LOW_AGENT_VERSION : The Agent version is too old.AGENT_NOT_FOUND : The image's agent doesn't exist.TOO_MANY : Too many tasks.VALIDATION : Invalid parameter.INTERNAL : Internal service error.MISC : Other errors.UNAUTH : The image is not assigned with a license.SEND_CANCEL_SUCCESSED : Task submitted. |
NodeType | String | Node type. Values: NORMAL (general node), SUPER (super node). |
PublicIP | String | Public IP of the node |
NodeID | String | Node ID |
Trojan trend details
Used by actions: DescribeVirusEventTendency.
Name | Type | Description |
---|---|---|
Date | Date | Date |
PendingEventCount | Integer | Total number of pending events |
RiskContainerCount | Integer | Total number of containers at risk |
EventCount | Integer | Total number of events |
IsolateEventCount | Integer | Total number of isolated events |
Information of the component affected by the vulnerability
Used by actions: DescribeVulDetail.
Name | Type | Description |
---|---|---|
Name | String | Component name Note: This field may return null, indicating that no valid values can be obtained. |
Version | Array of String | Component version Note: This field may return null, indicating that no valid values can be obtained. |
FixedVersion | Array of String | Fixed component version Note: This field may return null, indicating that no valid values can be obtained. |
Information of the container affected by the vulnerability
Used by actions: DescribeVulContainerList.
Name | Type | Description |
---|---|---|
HostIP | String | Private IP |
ContainerID | String | Container ID |
ContainerName | String | Container name |
PodName | String | Pod name |
PodIP | String | Pod IP |
HostName | String | Server name |
HostID | String | Server ID |
PublicIP | String | Public IP |
ClusterID | String | Cluster ID |
ClusterName | String | Cluster name |
NodeType | String | Node type. Values: NORMAL (general node), SUPER (super node). |
NodeUniqueID | String | UID of a super node |
NodeID | String | ID of a super node |
NodeName | String | Super node name |
Information of the component affected by the vulnerability
Used by actions: DescribeVulImageList, DescribeVulRegistryImageList.
Name | Type | Description |
---|---|---|
Name | String | Component name Note: This field may return null, indicating that no valid values can be obtained. |
Version | String | Component version Note: This field may return null, indicating that no valid values can be obtained. |
FixedVersion | String | Fixed component version Note: This field may return null, indicating that no valid values can be obtained. |
Path | String | Component path Note: This field may return null, indicating that no valid values can be obtained. |
Information of the image affected by the vulnerability
Used by actions: DescribeVulImageList.
Name | Type | Description |
---|---|---|
ImageID | String | Image ID |
ImageName | String | Image name |
HostCount | Integer | Number of associated servers |
ContainerCount | Integer | Number of associated containers |
ComponentList | Array of VulAffectedImageComponentInfo | List of components |
This API is used to query the list of repository images affected by a specific vulnerability.
Used by actions: DescribeVulRegistryImageList.
Name | Type | Description |
---|---|---|
ImageID | String | Image ID |
ImageName | String | Image name |
ImageTag | String | Image tag |
Namespace | String | Image namespace |
ImageRepoAddress | String | Image address |
ComponentList | Array of VulAffectedImageComponentInfo | List of components |
IsLatestImage | Boolean | Whether it is the latest image tag |
ImageAssetId | Integer | Internal image asset ID |
Exploit prevention event details
Used by actions: DescribeVulDefenceEvent.
Name | Type | Description |
---|---|---|
CVEID | String | Vulnerability CVE ID |
VulName | String | Vulnerability name |
PocID | String | POC ID |
EventType | String | Intrusion status |
SourceIP | String | Attacker IP |
City | String | Region of the attacker IP |
EventCount | Integer | Number of events |
ContainerID | String | Container ID |
ContainerName | String | Container name |
ImageID | String | Image ID |
ImageName | String | Image name |
Status | String | Processing status |
EventID | Integer | Event ID |
CreateTime | String | First discovery time Note: This field may return null, indicating that no valid values can be obtained. |
ContainerNetStatus | String | Isolation statusNORMAL : Not isolated.ISOLATED : Isolated.ISOLATING : Isolating.ISOLATE_FAILED : Isolation failed.RESTORING : Recovering.RESTORE_FAILED : Recovery failed. |
MergeTime | String | Last discovery time Note: This field may return null, indicating that no valid values can be obtained. |
ContainerStatus | String | Container statusRUNNING : Running.PAUSED : Paused.STOPPED : Stopped.CREATED : Created.DESTROYED : Terminated.RESTARTING : Restarting.REMOVING : Removing.Note: This field may return null, indicating that no valid values can be obtained. |
ContainerNetSubStatus | String | Sub-status of the container "AGENT_OFFLINE" // The agent is offline. "NODE_DESTROYED" // The node is terminated. "CONTAINER_EXITED" // The container exited. "CONTAINER_DESTROYED" // The container was terminated. "SHARED_HOST" // The container shares the network with the server. "RESOURCE_LIMIT" // The number of resources to be isolated exceeds the limit. "UNKNOW" // The reason is unknown. Note: This field may return null, indicating that no valid values can be obtained. |
ContainerIsolateOperationSrc | String | Container isolation operation source Note: This field may return null, indicating that no valid values can be obtained. |
QUUID | String | Node QUuid/Super node ID Note: This field may return· null , indicating that no valid values can be obtained. |
HostIP | String | Server private IP Note: This field may return null, indicating that no valid values can be obtained. |
HostName | String | General node/Super node name Note: This field may return· null , indicating that no valid values can be obtained. |
NodeType | String | Node type. Values: NORMAL (general node), SUPER (super node). |
PublicIP | String | Public IP |
NodeUniqueID | String | UID of a super node |
NodeID | String | ID of a super node |
ClusterID | String | Cluster ID |
ClusterName | String | Cluster name |
Exploit prevention event details
Used by actions: DescribeVulDefenceEventDetail.
Name | Type | Description |
---|---|---|
CVEID | String | Vulnerability CVE ID |
VulName | String | Vulnerability name |
PocID | String | POC ID |
EventType | String | Intrusion status |
SourceIP | String | Attacker IP |
City | String | Region of the attacker IP |
EventCount | Integer | Number of events |
ContainerID | String | Container ID |
ContainerName | String | Container name |
ImageID | String | Image ID |
ImageName | String | Image name |
Status | String | Processing status |
SourcePort | Array of String | Attacker port |
EventID | Integer | Event ID |
HostName | String | General node/Super node name |
HostIP | String | Server private IP |
PublicIP | String | Server public IP |
PodName | String | Pod name |
Description | String | Harm description |
OfficialSolution | String | Fix suggestion |
NetworkPayload | String | Attack packet |
PID | Integer | Process PID Note: This field may return null, indicating that no valid values can be obtained. |
MainClass | String | Main class name of the process Note: This field may return null, indicating that no valid values can be obtained. |
StackTrace | String | Stack information Note: This field may return null, indicating that no valid values can be obtained. |
ServerAccount | String | Listened account Note: This field may return null, indicating that no valid values can be obtained. |
ServerPort | String | Listened port Note: This field may return null, indicating that no valid values can be obtained. |
ServerExe | String | Process path Note: This field may return null, indicating that no valid values can be obtained. |
ServerArg | String | Process command line parameter Note: This field may return null, indicating that no valid values can be obtained. |
QUUID | String | Node QUuid/Super node ID Note: This field may return· null , indicating that no valid values can be obtained. |
ContainerNetStatus | String | Isolation statusNORMAL : Not isolated.ISOLATED : Isolated.ISOLATING : Isolating.ISOLATE_FAILED : Isolation failed.RESTORING : Recovering.RESTORE_FAILED : Recovery failed.Note: This field may return null, indicating that no valid values can be obtained. |
ContainerNetSubStatus | String | Sub-status of the container "AGENT_OFFLINE" // The agent is offline. "NODE_DESTROYED" // The node is terminated. "CONTAINER_EXITED" // The container exited. "CONTAINER_DESTROYED" // The container was terminated. "SHARED_HOST" // The container shares the network with the server. "RESOURCE_LIMIT" // The number of resources to be isolated exceeds the limit. "UNKNOW" // The reason is unknown. Note: This field may return null, indicating that no valid values can be obtained. |
ContainerIsolateOperationSrc | String | Container isolation operation source Note: This field may return null, indicating that no valid values can be obtained. |
ContainerStatus | String | Container statusRUNNING : Running.PAUSED : Paused.STOPPED : Stopped.CREATED : Created.DESTROYED : Terminated.RESTARTING : Restarting.REMOVING : Removing.Note: This field may return null, indicating that no valid values can be obtained. |
JNDIUrl | String | API URL Note: This field may return null, indicating that no valid values can be obtained. |
RaspDetail | Array of RaspInfo | RASP details Note: This field may return null , indicating that no valid value was found. |
NodeSubNetName | String | Super node subnet name |
NodeSubNetCIDR | String | Super node subnet IP range |
PodIP | String | Pod IP |
NodeType | String | Node type. Values: NORMAL (general node), SUPER (super node). |
NodeID | String | ID of a super node |
NodeUniqueID | String | UID of a super node |
NodeSubNetID | String | Super node subnet ID |
ClusterID | String | Cluster ID |
ClusterName | String | Cluster name |
Namespace | String | |
WorkloadType | String |
Trend of exploit prevention events
Used by actions: DescribeVulDefenceEventTendency.
Name | Type | Description |
---|---|---|
Date | Date | Date |
EventCount | Integer | Number of events |
Information of the server with exploit prevention enabled
Used by actions: DescribeVulDefenceHost.
Name | Type | Description |
---|---|---|
HostName | String | General node/Super node name |
HostIP | String | Server IP, which is the private IP |
HostID | String | Node QUuid/Super node ID |
Status | String | Plugin status. Valid values: SUCCESS (normal); FAIL (abnormal); NO_DEFENDED (not defended). |
PublicIP | String | Public IP |
CreateTime | String | First enablement time |
ModifyTime | String | Update time |
NodeType | String | Node type. Values: NORMAL (general node), SUPER (super node). |
NodeSubNetName | String | Super node subnet name |
NodeSubNetCIDR | String | Super node subnet IP range |
NodeSubNetID | String | Super node subnet ID |
NodeUniqueID | String | UID of a super node |
NodeID | String | ID of a super node |
PodIP | String | Pod IP |
PodName | String | Pod name |
Vulnerability protection plugin information
Used by actions: DescribeVulDefencePlugin.
Name | Type | Description |
---|---|---|
PID | Integer | PID of the Java process |
MainClass | String | Main class name of the process |
Status | String | Plugin status. Valid values: INJECTING (injecting); SUCCESS (injected successfully); FAIL (injection failed); TIMEOUT (plugin timed out); QUIT (plugin exited). |
ErrorLog | String | Error log |
Vulnerability details
Used by actions: DescribeVulDetail.
Name | Type | Description |
---|---|---|
CVEID | String | CVE No. |
Name | String | Vulnerability name |
Tags | Array of String | Vulnerability tag Note: This field may return null, indicating that no valid values can be obtained. |
CategoryType | String | Vulnerability type Note: This field may return null, indicating that no valid values can be obtained. |
Level | String | Vulnerability severity Note: This field may return null, indicating that no valid values can be obtained. |
SubmitTime | String | Vulnerability disclosure time Note: This field may return null, indicating that no valid values can be obtained. |
Description | String | Vulnerability description |
CVSSV3Desc | String | CVSS V3 description |
OfficialSolution | String | Vulnerability fix suggestion |
DefenseSolution | String | Mitigation measure |
Reference | Array of String | Reference link |
CVSSV3Score | Float | CVSS V3 score |
ComponentList | Array of VulAffectedComponentInfo | List of components affected by vulnerabilities |
LocalImageCount | Integer | Number of affected local images |
ContainerCount | Integer | Number of affected containers |
RegistryImageCount | Integer | Number of affected repository images |
Category | String | Vulnerability sub-category |
LocalNewestImageCount | Integer | Number of affected local images on the latest version |
RegistryNewestImageCount | Integer | Number of affected repository images on the latest version |
PocID | String | POC ID |
DefenceStatus | String | Defense status. Valid values: NO_DEFENDED , DEFENDED .Note: This field may return null, indicating that no valid values can be obtained. |
DefenceScope | String | Scope of servers with exploit prevention enabled. Valid values: MANUAL (specified servers); ALL (all servers).Note: This field may return null, indicating that no valid values can be obtained. |
DefenceHostCount | Integer | Number of servers with exploit prevention enabled Note: This field may return null, indicating that no valid values can be obtained. |
DefendedCount | Integer | Number of attacks defended against Note: This field may return null, indicating that no valid values can be obtained. |
ScanStatus | String | Whether it is scanned. Valid values: NOT_SCAN (not scanned); SCANNED (scanned).Note: This field may return null, indicating that no valid values can be obtained. |
Local images ignored by the vulnerability scan
Used by actions: DescribeVulIgnoreLocalImageList.
Name | Type | Description |
---|---|---|
ID | Integer | Record ID |
ImageID | String | Image ID |
ImageName | String | Image name |
ImageSize | Integer | Image size |
PocID | String | POC ID |
Repository images ignored by the vulnerability scan
Used by actions: DescribeVulIgnoreRegistryImageList.
Name | Type | Description |
---|---|---|
ID | Integer | Record ID |
RegistryName | String | Repository name |
ImageVersion | String | Image tag |
RegistryPath | String | Repository address |
ImageID | String | Image ID |
PocID | String | POC ID |
List of vulnerabilities
Used by actions: DescribeSystemVulList, DescribeWebVulList.
Name | Type | Description |
---|---|---|
Name | String | Vulnerability name |
Tags | Array of String | Vulnerability tag Note: This field may return null, indicating that no valid values can be obtained. |
CVSSV3Score | Float | CVSS V3 score Note: This field may return null, indicating that no valid values can be obtained. |
Level | String | Risk level Note: This field may return null, indicating that no valid values can be obtained. |
CVEID | String | CVE No. |
Category | String | Vulnerability sub-category Note: This field may return null, indicating that no valid values can be obtained. |
FoundTime | String | First discovery time Note: This field may return null, indicating that no valid values can be obtained. |
LatestFoundTime | String | Last discovery time Note: This field may return null, indicating that no valid values can be obtained. |
ID | Integer | Vulnerability ID |
LocalImageCount | Integer | Number of affected local images |
ContainerCount | Integer | Number of affected containers Note: This field may return null, indicating that no valid values can be obtained. |
RegistryImageCount | Integer | Number of affected repository images Note: This field may return null, indicating that no valid values can be obtained. |
PocID | String | POC ID Note: This field may return null, indicating that no valid values can be obtained. |
DefenceStatus | String | Defense status. Valid values: NO_DEFENDED , DEFENDED .Note: This field may return null, indicating that no valid values can be obtained. |
DefenceScope | String | Scope of servers with exploit prevention enabled. Valid values: MANUAL (specified servers); ALL (all servers).Note: This field may return null, indicating that no valid values can be obtained. |
DefenceHostCount | Integer | Number of servers with exploit prevention enabled Note: This field may return null, indicating that no valid values can be obtained. |
DefendedCount | Integer | Number of attacks defended against Note: This field may return null, indicating that no valid values can be obtained. |
Information of the scanned image
Used by actions: DescribeVulScanLocalImageList.
Name | Type | Description |
---|---|---|
ImageID | String | Image ID |
ImageName | String | Image name |
Size | Float | Image size |
ScanStatus | String | Task status. Valid values: SCANNING (scanning); FAILED (failed); FINISHED (completed); CANCELED (canceled). |
ScanDuration | Float | Scan duration Note: This field may return null, indicating that no valid values can be obtained. |
HighLevelVulCount | Integer | Number of high-risk vulnerabilities |
MediumLevelVulCount | Integer | Number of medium-risk vulnerabilities |
LowLevelVulCount | Integer | Number of low-risk vulnerabilities |
CriticalLevelVulCount | Integer | Number of critical vulnerabilities |
TaskID | Integer | ID of the task to scan local images for vulnerabilities |
ScanStartTime | String | Start time of the vulnerability scan |
ScanEndTime | String | End time of the vulnerability scan |
ErrorStatus | String | Cause of the failure. Valid values: TIMEOUT (timeout); TOO_MANY (too many tasks); OFFLINE (offline). |
Vulnerability trend information
Used by actions: DescribeVulTendency.
Name | Type | Description |
---|---|---|
VulSet | Array of RunTimeTendencyInfo | List of vulnerability trends |
ImageType | String | Image type affected by vulnerabilities:LOCAL : Local image.REGISTRY : Repository image. |
Ranking of top vulnerabilities
Used by actions: DescribeVulTopRanking.
Name | Type | Description |
---|---|---|
VulName | String | Vulnerability name |
Level | String | Severity. Valid values: CRITICAL (critical); HIGH (high);MIDDLE (medium);LOW (low). |
AffectedImageCount | Integer | Number of affected images |
AffectedContainerCount | Integer | Number of affected containers |
ID | Integer | Vulnerability ID |
PocID | String | POC ID |
Alert configuration policy
Used by actions: AddEditWarningRules, DescribeWarningRules.
Name | Type | Required | Description |
---|---|---|---|
Type | String | Yes | Alert event type: Image repository security - Trojan: IMG_REG_VIRUS .Image repository security - Vulnerability: IMG_REG_VUL .Image repository security - Sensitive data: IMG_REG_RISK .Image security - Trojan: IMG_VIRUS .Image security - Vulnerability: IMG_VUL .Image security - Sensitive data: IMG_RISK .Image security - Image blocking: IMG_INTERCEPT .Runtime security - Container escape: RUNTIME_ESCAPE .Runtime security - Abnormal process: RUNTIME_FILE .Runtime security - Abnormal file access: RUNTIME_PROCESS .Runtime security - High-risk syscall: RUNTIME_SYSCALL .Runtime security - Reverse shell: RUNTIME_REVERSE_SHELL .Runtime security - Trojan: RUNTIME_VIRUS . |
Switch | String | Yes | Switch status:ON : On.OFF : Off. |
BeginTime | String | Yes | Alert start time in the format of "HH:mm" |
EndTime | String | Yes | Alert end time in the format of "HH:mm" |
ControlBits | String | Yes | Alert level policy control. Each binary bit represents a meaning, and the value is passed as a string. The control switch can be high, medium, or low, corresponding to the third, second, and first binary bit, respectively. Valid values: 0 (off); 1 (on).For example, if the high and medium levels indicate to enable the alert and the low level indicates to disable it, the binary value is 110 .If level control does not take effect for the alert type, pass in 1 . |
本页内容是否解决了您的问题?