- 产品动态
- 产品简介
- 购买指南
- 快速入门
- 操作指南
- 故障处理
- API 文档
- History
- Introduction
- API Category
- Making API Requests
- Network Security APIs
- AddAndPublishNetworkFirewallPolicyDetail
- AddAndPublishNetworkFirewallPolicyYamlDetail
- AddNetworkFirewallPolicyDetail
- AddNetworkFirewallPolicyYamlDetail
- CheckNetworkFirewallPolicyYaml
- ConfirmNetworkFirewallPolicy
- CreateNetworkFirewallClusterRefresh
- CreateNetworkFirewallPolicyDiscover
- CreateNetworkFirewallPublish
- CreateNetworkFirewallUndoPublish
- DeleteNetworkFirewallPolicyDetail
- DescribeNetworkFirewallAuditRecord
- DescribeNetworkFirewallClusterList
- DescribeNetworkFirewallClusterRefreshStatus
- DescribeNetworkFirewallNamespaceLabelList
- DescribeNetworkFirewallPodLabelsList
- DescribeNetworkFirewallPolicyDetail
- DescribeNetworkFirewallPolicyDiscover
- DescribeNetworkFirewallPolicyList
- DescribeNetworkFirewallPolicyStatus
- DescribeNetworkFirewallPolicyYamlDetail
- UpdateAndPublishNetworkFirewallPolicyDetail
- UpdateAndPublishNetworkFirewallPolicyYamlDetail
- UpdateNetworkFirewallPolicyDetail
- UpdateNetworkFirewallPolicyYamlDetail
- Cluster Security APIs
- CreateCheckComponent
- CreateClusterCheckTask
- CreateRefreshTask
- DescribeAffectedClusterCount
- DescribeAffectedNodeList
- DescribeAffectedWorkloadList
- DescribeCheckItemList
- DescribeRefreshTask
- DescribeRiskList
- DescribeTaskResultSummary
- DescribeUnfinishRefreshTask
- DescribeUserCluster
- SetCheckMode
- DescribeClusterDetail
- DescribeClusterSummary
- Security Compliance APIs
- AddComplianceAssetPolicySetToWhitelist
- AddCompliancePolicyAssetSetToWhitelist
- AddCompliancePolicyItemToWhitelist
- CreateComplianceTask
- CreateExportComplianceStatusListJob
- DeleteComplianceAssetPolicySetFromWhitelist
- DeleteCompliancePolicyAssetSetFromWhitelist
- DeleteCompliancePolicyItemFromWhitelist
- DescribeComplianceAssetDetailInfo
- DescribeComplianceAssetList
- DescribeComplianceAssetPolicyItemList
- DescribeCompliancePeriodTaskList
- DescribeCompliancePolicyItemAffectedAssetList
- DescribeCompliancePolicyItemAffectedSummary
- DescribeComplianceScanFailedAssetList
- DescribeComplianceTaskAssetSummary
- DescribeComplianceTaskPolicyItemSummaryList
- DescribeComplianceWhitelistItemList
- InitializeUserComplianceEnvironment
- ModifyCompliancePeriodTask
- ScanComplianceAssets
- ScanComplianceAssetsByPolicyItem
- ScanCompliancePolicyItems
- ScanComplianceScanFailedAssets
- Runtime security - High-risk syscalls
- Runtime Security - Reverse Shell APIs
- Runtime Security APIs
- AddEditAbnormalProcessRule
- DescribeAssetImageBindRuleInfo
- AddEditAccessControlRule
- AddEditRiskSyscallWhiteList
- CreateDefenceVulExportJob
- CreateEmergencyVulExportJob
- CreateProcessEventsExportJob
- CreateRiskDnsEventExportJob
- CreateSystemVulExportJob
- CreateVulContainerExportJob
- CreateVulImageExportJob
- CreateVulScanTask
- CreateWebVulExportJob
- DeleteAbnormalProcessRules
- DeleteAccessControlRules
- DescribeAbnormalProcessEventTendency
- DescribeAbnormalProcessEventsExport
- DescribeAbnormalProcessLevelSummary
- DescribeAbnormalProcessRuleDetail
- DescribeAbnormalProcessRules
- DescribeAbnormalProcessRulesExport
- DescribeAccessControlRuleDetail
- DescribeAccessControlRules
- DescribeAccessControlRulesExport
- DescribeEmergencyVulList
- DescribeSupportDefenceVul
- DescribeVulContainerList
- DescribeVulDetail
- DescribeVulImageList
- DescribeVulScanInfo
- DescribeVulScanLocalImageList
- DescribeWebVulList
- ModifyAbnormalProcessRuleStatus
- ModifyAbnormalProcessStatus
- ModifyAccessControlRuleStatus
- ModifyAccessControlStatus
- OpenTcssTrial
- StopVulScanTask
- DescribeAccessControlEventsExport
- DescribeAbnormalProcessDetail
- DescribeAbnormalProcessEvents
- DescribeAccessControlDetail
- DescribeAccessControlEvents
- DescribeRiskSyscallDetail
- Alert Settings APIs
- Advanced prevention - K8s API abnormal requests
- CreateAccessControlsRuleExportJob
- CreateK8sApiAbnormalEventExportJob
- CreateK8sApiAbnormalRuleExportJob
- CreateK8sApiAbnormalRuleInfo
- DeleteK8sApiAbnormalRule
- DescribeAssetClusterList
- DescribeK8sApiAbnormalEventInfo
- DescribeK8sApiAbnormalEventList
- DescribeK8sApiAbnormalRuleInfo
- DescribeK8sApiAbnormalRuleList
- DescribeK8sApiAbnormalRuleScopeList
- DescribeK8sApiAbnormalSummary
- DescribeK8sApiAbnormalTendency
- ModifyK8sApiAbnormalEventStatus
- ModifyK8sApiAbnormalRuleInfo
- ModifyK8sApiAbnormalRuleStatus
- Asset Management APIs
- CreateAssetImageScanSetting
- CreateAssetImageVirusExportJob
- CreateHostExportJob
- DeleteMachine
- DescribeABTestConfig
- DescribeAgentDaemonSetCmd
- DescribeAgentInstallCommand
- DescribeAssetSyncLastTime
- DescribeExportJobDownloadURL
- DescribeExportJobManageList
- DescribeInspectionReport
- DescribePromotionActivity
- DescribeTcssSummary
- DescribeUnauthorizedCoresTendency
- ModifyContainerNetStatus
- Security Operations - Log Analysis APIs
- CreateSearchTemplate
- DeleteSearchTemplate
- DescribeESAggregations
- DescribeESHits
- DescribeIndexList
- DescribeLogStorageStatistic
- DescribePublicKey
- DescribeSearchExportList
- DescribeSearchLogs
- DescribeSearchTemplates
- DescribeSecLogAlertMsg
- DescribeSecLogCleanSettingInfo
- DescribeSecLogDeliveryClsOptions
- DescribeSecLogDeliveryClsSetting
- DescribeSecLogDeliveryKafkaOptions
- DescribeSecLogDeliveryKafkaSetting
- DescribeSecLogJoinTypeList
- DescribeSecLogKafkaUIN
- ModifySecLogCleanSettingInfo
- ModifySecLogDeliveryClsSetting
- ModifySecLogDeliveryKafkaSetting
- ModifySecLogJoinState
- ModifySecLogKafkaUIN
- ResetSecLogTopicConfig
- DescribeSecLogJoinObjectList
- ModifySecLogJoinObjects
- Runtime Security - Trojan Call APIs
- CreateVirusScanAgain
- DescribeExportJobResult
- DescribeVirusAutoIsolateSampleDetail
- DescribeVirusAutoIsolateSampleDownloadURL
- DescribeVirusAutoIsolateSampleList
- DescribeVirusAutoIsolateSetting
- DescribeVirusEventTendency
- DescribeVirusManualScanEstimateTimeout
- DescribeVirusSampleDownloadUrl
- DescribeVirusScanTaskStatus
- DescribeVirusScanTimeoutSetting
- DescribeVirusSummary
- ExportVirusList
- ModifyVirusAutoIsolateExampleSwitch
- ModifyVirusAutoIsolateSetting
- ModifyVirusFileStatus
- ModifyVirusScanTimeoutSetting
- StopVirusScanTask
- DescribeVirusMonitorSetting
- DescribeVirusScanSetting
- ModifyVirusMonitorSetting
- ModifyVirusScanSetting
- DescribeVirusList
- DescribeVirusTaskList
- CreateVirusScanTask
- DescribeVirusDetail
- Runtime Security - Container Escape APIs
- DeleteEscapeWhiteList
- CreateEscapeWhiteListExportJob
- CreateEscapeEventsExportJob
- AddEscapeWhiteList
- DescribeEscapeEventTendency
- DescribeEscapeEventsExport
- DescribeEscapeRuleInfo
- DescribeEscapeSafeState
- DescribeEscapeWhiteList
- DescribeEscapeEventTypeSummary
- ModifyEscapeEventStatus
- ModifyEscapeRule
- ModifyEscapeWhiteList
- DescribeEscapeEventDetail
- DescribeEscapeEventInfo
- Image Security APIs
- AddAssetImageRegistryRegistryDetail
- AddEditImageAutoAuthorizedRule
- AddIgnoreVul
- CheckRepeatAssetImageRegistry
- CreateAssetImageRegistryScanTask
- CreateAssetImageRegistryScanTaskOneKey
- CreateAssetImageScanTask
- CreateComponentExportJob
- CreateImageExportJob
- CreateOrModifyPostPayCores
- CreateVulDefenceEventExportJob
- CreateVulDefenceHostExportJob
- CreateVulExportJob
- DeleteIgnoreVul
- DescribeAssetAppServiceList
- DescribeAssetComponentList
- DescribeAssetDBServiceList
- DescribeAssetHostList
- DescribeAssetImageDetail
- DescribeAssetImageHostList
- DescribeAssetImageList
- DescribeAssetImageListExport
- DescribeAssetImageRegistryAssetStatus
- DescribeAssetImageRegistryDetail
- DescribeAssetImageRegistryList
- DescribeAssetImageRegistryListExport
- DescribeAssetImageRegistryRegistryDetail
- DescribeAssetImageRegistryRegistryList
- DescribeAssetImageRegistryRiskInfoList
- DescribeAssetImageRegistryRiskListExport
- DescribeAssetImageRegistryScanStatusOneKey
- DescribeAssetImageRegistrySummary
- DescribeAssetImageRegistryVirusList
- DescribeAssetImageRegistryVirusListExport
- DescribeAssetImageRegistryVulList
- DescribeAssetImageRegistryVulListExport
- DescribeAssetImageRiskList
- DescribeAssetImageRiskListExport
- DescribeAssetImageScanSetting
- DescribeAssetImageScanStatus
- DescribeAssetImageScanTask
- DescribeAssetImageSimpleList
- DescribeAssetImageVirusList
- DescribeAssetImageVirusListExport
- DescribeAssetImageVulList
- DescribeAssetImageVulListExport
- DescribeAssetPortList
- DescribeAssetProcessList
- DescribeAssetWebServiceList
- DescribeAutoAuthorizedRuleHost
- DescribeContainerSecEventSummary
- DescribeImageAutoAuthorizedLogList
- DescribeImageAutoAuthorizedRule
- DescribeImageAutoAuthorizedTaskList
- DescribeImageComponentList
- DescribeImageRegistryNamespaceList
- DescribeImageRegistryTimingScanTask
- DescribeImageRiskSummary
- DescribeImageRiskTendency
- DescribeImageSimpleList
- DescribeNewestVul
- DescribePostPayDetail
- DescribeScanIgnoreVulList
- DescribeSecEventsTendency
- DescribeSystemVulList
- DescribeValueAddedSrvInfo
- DescribeVulDefenceEventTendency
- DescribeVulIgnoreLocalImageList
- DescribeVulIgnoreRegistryImageList
- DescribeVulImageSummary
- DescribeVulLevelImageSummary
- DescribeVulLevelSummary
- DescribeVulRegistryImageList
- DescribeVulScanAuthorizedImageSummary
- DescribeVulTendency
- DescribeVulTopRanking
- ModifyAsset
- ModifyAssetImageRegistryScanStop
- ModifyAssetImageRegistryScanStopOneKey
- ModifyAssetImageScanStop
- ModifyImageAuthorized
- ModifyVulDefenceEventStatus
- RemoveAssetImageRegistryRegistryDetail
- RenewImageAuthorizeState
- SwitchImageAutoAuthorizedRule
- SyncAssetImageRegistryAsset
- UpdateAssetImageRegistryRegistryDetail
- UpdateImageRegistryTimingScanTask
- DescribeAssetHostDetail
- DescribeAssetSummary
- DescribeContainerAssetSummary
- DescribeVulDefenceEventDetail
- DescribeVulSummary
- ModifyVulDefenceSetting
- DescribeAssetContainerDetail
- DescribeAssetContainerList
- DescribeVulDefenceEvent
- DescribeVulDefenceHost
- DescribeVulDefencePlugin
- DescribeVulDefenceSetting
- Billing APIs
- Data Types
- Error Codes
- 常见问题
- TCSS 政策
- 联系我们
- 词汇表
- 产品动态
- 产品简介
- 购买指南
- 快速入门
- 操作指南
- 故障处理
- API 文档
- History
- Introduction
- API Category
- Making API Requests
- Network Security APIs
- AddAndPublishNetworkFirewallPolicyDetail
- AddAndPublishNetworkFirewallPolicyYamlDetail
- AddNetworkFirewallPolicyDetail
- AddNetworkFirewallPolicyYamlDetail
- CheckNetworkFirewallPolicyYaml
- ConfirmNetworkFirewallPolicy
- CreateNetworkFirewallClusterRefresh
- CreateNetworkFirewallPolicyDiscover
- CreateNetworkFirewallPublish
- CreateNetworkFirewallUndoPublish
- DeleteNetworkFirewallPolicyDetail
- DescribeNetworkFirewallAuditRecord
- DescribeNetworkFirewallClusterList
- DescribeNetworkFirewallClusterRefreshStatus
- DescribeNetworkFirewallNamespaceLabelList
- DescribeNetworkFirewallPodLabelsList
- DescribeNetworkFirewallPolicyDetail
- DescribeNetworkFirewallPolicyDiscover
- DescribeNetworkFirewallPolicyList
- DescribeNetworkFirewallPolicyStatus
- DescribeNetworkFirewallPolicyYamlDetail
- UpdateAndPublishNetworkFirewallPolicyDetail
- UpdateAndPublishNetworkFirewallPolicyYamlDetail
- UpdateNetworkFirewallPolicyDetail
- UpdateNetworkFirewallPolicyYamlDetail
- Cluster Security APIs
- CreateCheckComponent
- CreateClusterCheckTask
- CreateRefreshTask
- DescribeAffectedClusterCount
- DescribeAffectedNodeList
- DescribeAffectedWorkloadList
- DescribeCheckItemList
- DescribeRefreshTask
- DescribeRiskList
- DescribeTaskResultSummary
- DescribeUnfinishRefreshTask
- DescribeUserCluster
- SetCheckMode
- DescribeClusterDetail
- DescribeClusterSummary
- Security Compliance APIs
- AddComplianceAssetPolicySetToWhitelist
- AddCompliancePolicyAssetSetToWhitelist
- AddCompliancePolicyItemToWhitelist
- CreateComplianceTask
- CreateExportComplianceStatusListJob
- DeleteComplianceAssetPolicySetFromWhitelist
- DeleteCompliancePolicyAssetSetFromWhitelist
- DeleteCompliancePolicyItemFromWhitelist
- DescribeComplianceAssetDetailInfo
- DescribeComplianceAssetList
- DescribeComplianceAssetPolicyItemList
- DescribeCompliancePeriodTaskList
- DescribeCompliancePolicyItemAffectedAssetList
- DescribeCompliancePolicyItemAffectedSummary
- DescribeComplianceScanFailedAssetList
- DescribeComplianceTaskAssetSummary
- DescribeComplianceTaskPolicyItemSummaryList
- DescribeComplianceWhitelistItemList
- InitializeUserComplianceEnvironment
- ModifyCompliancePeriodTask
- ScanComplianceAssets
- ScanComplianceAssetsByPolicyItem
- ScanCompliancePolicyItems
- ScanComplianceScanFailedAssets
- Runtime security - High-risk syscalls
- Runtime Security - Reverse Shell APIs
- Runtime Security APIs
- AddEditAbnormalProcessRule
- DescribeAssetImageBindRuleInfo
- AddEditAccessControlRule
- AddEditRiskSyscallWhiteList
- CreateDefenceVulExportJob
- CreateEmergencyVulExportJob
- CreateProcessEventsExportJob
- CreateRiskDnsEventExportJob
- CreateSystemVulExportJob
- CreateVulContainerExportJob
- CreateVulImageExportJob
- CreateVulScanTask
- CreateWebVulExportJob
- DeleteAbnormalProcessRules
- DeleteAccessControlRules
- DescribeAbnormalProcessEventTendency
- DescribeAbnormalProcessEventsExport
- DescribeAbnormalProcessLevelSummary
- DescribeAbnormalProcessRuleDetail
- DescribeAbnormalProcessRules
- DescribeAbnormalProcessRulesExport
- DescribeAccessControlRuleDetail
- DescribeAccessControlRules
- DescribeAccessControlRulesExport
- DescribeEmergencyVulList
- DescribeSupportDefenceVul
- DescribeVulContainerList
- DescribeVulDetail
- DescribeVulImageList
- DescribeVulScanInfo
- DescribeVulScanLocalImageList
- DescribeWebVulList
- ModifyAbnormalProcessRuleStatus
- ModifyAbnormalProcessStatus
- ModifyAccessControlRuleStatus
- ModifyAccessControlStatus
- OpenTcssTrial
- StopVulScanTask
- DescribeAccessControlEventsExport
- DescribeAbnormalProcessDetail
- DescribeAbnormalProcessEvents
- DescribeAccessControlDetail
- DescribeAccessControlEvents
- DescribeRiskSyscallDetail
- Alert Settings APIs
- Advanced prevention - K8s API abnormal requests
- CreateAccessControlsRuleExportJob
- CreateK8sApiAbnormalEventExportJob
- CreateK8sApiAbnormalRuleExportJob
- CreateK8sApiAbnormalRuleInfo
- DeleteK8sApiAbnormalRule
- DescribeAssetClusterList
- DescribeK8sApiAbnormalEventInfo
- DescribeK8sApiAbnormalEventList
- DescribeK8sApiAbnormalRuleInfo
- DescribeK8sApiAbnormalRuleList
- DescribeK8sApiAbnormalRuleScopeList
- DescribeK8sApiAbnormalSummary
- DescribeK8sApiAbnormalTendency
- ModifyK8sApiAbnormalEventStatus
- ModifyK8sApiAbnormalRuleInfo
- ModifyK8sApiAbnormalRuleStatus
- Asset Management APIs
- CreateAssetImageScanSetting
- CreateAssetImageVirusExportJob
- CreateHostExportJob
- DeleteMachine
- DescribeABTestConfig
- DescribeAgentDaemonSetCmd
- DescribeAgentInstallCommand
- DescribeAssetSyncLastTime
- DescribeExportJobDownloadURL
- DescribeExportJobManageList
- DescribeInspectionReport
- DescribePromotionActivity
- DescribeTcssSummary
- DescribeUnauthorizedCoresTendency
- ModifyContainerNetStatus
- Security Operations - Log Analysis APIs
- CreateSearchTemplate
- DeleteSearchTemplate
- DescribeESAggregations
- DescribeESHits
- DescribeIndexList
- DescribeLogStorageStatistic
- DescribePublicKey
- DescribeSearchExportList
- DescribeSearchLogs
- DescribeSearchTemplates
- DescribeSecLogAlertMsg
- DescribeSecLogCleanSettingInfo
- DescribeSecLogDeliveryClsOptions
- DescribeSecLogDeliveryClsSetting
- DescribeSecLogDeliveryKafkaOptions
- DescribeSecLogDeliveryKafkaSetting
- DescribeSecLogJoinTypeList
- DescribeSecLogKafkaUIN
- ModifySecLogCleanSettingInfo
- ModifySecLogDeliveryClsSetting
- ModifySecLogDeliveryKafkaSetting
- ModifySecLogJoinState
- ModifySecLogKafkaUIN
- ResetSecLogTopicConfig
- DescribeSecLogJoinObjectList
- ModifySecLogJoinObjects
- Runtime Security - Trojan Call APIs
- CreateVirusScanAgain
- DescribeExportJobResult
- DescribeVirusAutoIsolateSampleDetail
- DescribeVirusAutoIsolateSampleDownloadURL
- DescribeVirusAutoIsolateSampleList
- DescribeVirusAutoIsolateSetting
- DescribeVirusEventTendency
- DescribeVirusManualScanEstimateTimeout
- DescribeVirusSampleDownloadUrl
- DescribeVirusScanTaskStatus
- DescribeVirusScanTimeoutSetting
- DescribeVirusSummary
- ExportVirusList
- ModifyVirusAutoIsolateExampleSwitch
- ModifyVirusAutoIsolateSetting
- ModifyVirusFileStatus
- ModifyVirusScanTimeoutSetting
- StopVirusScanTask
- DescribeVirusMonitorSetting
- DescribeVirusScanSetting
- ModifyVirusMonitorSetting
- ModifyVirusScanSetting
- DescribeVirusList
- DescribeVirusTaskList
- CreateVirusScanTask
- DescribeVirusDetail
- Runtime Security - Container Escape APIs
- DeleteEscapeWhiteList
- CreateEscapeWhiteListExportJob
- CreateEscapeEventsExportJob
- AddEscapeWhiteList
- DescribeEscapeEventTendency
- DescribeEscapeEventsExport
- DescribeEscapeRuleInfo
- DescribeEscapeSafeState
- DescribeEscapeWhiteList
- DescribeEscapeEventTypeSummary
- ModifyEscapeEventStatus
- ModifyEscapeRule
- ModifyEscapeWhiteList
- DescribeEscapeEventDetail
- DescribeEscapeEventInfo
- Image Security APIs
- AddAssetImageRegistryRegistryDetail
- AddEditImageAutoAuthorizedRule
- AddIgnoreVul
- CheckRepeatAssetImageRegistry
- CreateAssetImageRegistryScanTask
- CreateAssetImageRegistryScanTaskOneKey
- CreateAssetImageScanTask
- CreateComponentExportJob
- CreateImageExportJob
- CreateOrModifyPostPayCores
- CreateVulDefenceEventExportJob
- CreateVulDefenceHostExportJob
- CreateVulExportJob
- DeleteIgnoreVul
- DescribeAssetAppServiceList
- DescribeAssetComponentList
- DescribeAssetDBServiceList
- DescribeAssetHostList
- DescribeAssetImageDetail
- DescribeAssetImageHostList
- DescribeAssetImageList
- DescribeAssetImageListExport
- DescribeAssetImageRegistryAssetStatus
- DescribeAssetImageRegistryDetail
- DescribeAssetImageRegistryList
- DescribeAssetImageRegistryListExport
- DescribeAssetImageRegistryRegistryDetail
- DescribeAssetImageRegistryRegistryList
- DescribeAssetImageRegistryRiskInfoList
- DescribeAssetImageRegistryRiskListExport
- DescribeAssetImageRegistryScanStatusOneKey
- DescribeAssetImageRegistrySummary
- DescribeAssetImageRegistryVirusList
- DescribeAssetImageRegistryVirusListExport
- DescribeAssetImageRegistryVulList
- DescribeAssetImageRegistryVulListExport
- DescribeAssetImageRiskList
- DescribeAssetImageRiskListExport
- DescribeAssetImageScanSetting
- DescribeAssetImageScanStatus
- DescribeAssetImageScanTask
- DescribeAssetImageSimpleList
- DescribeAssetImageVirusList
- DescribeAssetImageVirusListExport
- DescribeAssetImageVulList
- DescribeAssetImageVulListExport
- DescribeAssetPortList
- DescribeAssetProcessList
- DescribeAssetWebServiceList
- DescribeAutoAuthorizedRuleHost
- DescribeContainerSecEventSummary
- DescribeImageAutoAuthorizedLogList
- DescribeImageAutoAuthorizedRule
- DescribeImageAutoAuthorizedTaskList
- DescribeImageComponentList
- DescribeImageRegistryNamespaceList
- DescribeImageRegistryTimingScanTask
- DescribeImageRiskSummary
- DescribeImageRiskTendency
- DescribeImageSimpleList
- DescribeNewestVul
- DescribePostPayDetail
- DescribeScanIgnoreVulList
- DescribeSecEventsTendency
- DescribeSystemVulList
- DescribeValueAddedSrvInfo
- DescribeVulDefenceEventTendency
- DescribeVulIgnoreLocalImageList
- DescribeVulIgnoreRegistryImageList
- DescribeVulImageSummary
- DescribeVulLevelImageSummary
- DescribeVulLevelSummary
- DescribeVulRegistryImageList
- DescribeVulScanAuthorizedImageSummary
- DescribeVulTendency
- DescribeVulTopRanking
- ModifyAsset
- ModifyAssetImageRegistryScanStop
- ModifyAssetImageRegistryScanStopOneKey
- ModifyAssetImageScanStop
- ModifyImageAuthorized
- ModifyVulDefenceEventStatus
- RemoveAssetImageRegistryRegistryDetail
- RenewImageAuthorizeState
- SwitchImageAutoAuthorizedRule
- SyncAssetImageRegistryAsset
- UpdateAssetImageRegistryRegistryDetail
- UpdateImageRegistryTimingScanTask
- DescribeAssetHostDetail
- DescribeAssetSummary
- DescribeContainerAssetSummary
- DescribeVulDefenceEventDetail
- DescribeVulSummary
- ModifyVulDefenceSetting
- DescribeAssetContainerDetail
- DescribeAssetContainerList
- DescribeVulDefenceEvent
- DescribeVulDefenceHost
- DescribeVulDefencePlugin
- DescribeVulDefenceSetting
- Billing APIs
- Data Types
- Error Codes
- 常见问题
- TCSS 政策
- 联系我们
- 词汇表
创建拦截策略后,约3-5分钟左右生效。生效后,如命中的风险镜像存在启动容器行为,系统将按照策略配置的告警、拦截要求,对镜像启动行为进行告警、或拦截容器启动并上报拦截记录。
目前支持拦截的镜像类型:存在严重&高危漏洞、木马病毒、敏感信息风险的镜像,特权模式启动镜像。
拦截特权模式镜像仅支持配置一条规则,如需修改拦截镜像的范围,可编辑调整已配置规则。
查看策略概览
用户配置告警和拦截策略后,系统将统计开启的策略总数,以及其包含的已生效拦截策略和观察期策略数量。
查看事件概览
用户配置镜像启动拦截策略后,如策略立即生效,则目标风险镜像启动容器时,将实时拦截镜像启动行为并上报事件记录;如策略配置了观察期,观察期仅告警不拦截,则目标风险镜像启动容器时,将实时上报镜像启动行为记录。两种情况均会产生事件记录。
在事件概览中,将对每日镜像启动拦截事件和仅告警的事件进行统计,展示近7日两类事件的趋势图和当前的事件总数。单击查看事件详情,跳转镜像风险管理 > 镜像拦截事件页面查看镜像拦截事件详情。
创建策略
1. 登录 容器安全服务控制台,在左侧导航中,选择策略管理 > 镜像拦截策略。
2. 在镜像拦截策略页面,单击创建策略,配置相关参数,单击保存。
注意
根据设置的策略,对节点上启动的容器进行拦截,镜像拦截可能对业务造成影响,请谨慎操作。
新建风险镜像拦截策略
参数类别 | 参数名称 | 参数详情 |
基本信息 | 策略模板 | 必选,选择“拦截存在严重&高危风险的镜像”。 |
| 策略名称 | 必填,不超过128字符。 |
| 策略描述 | 非必填,不超过256字符。 |
| 启用状态 | 开启:开始执行镜像拦截动作,或观察期开始倒计时。 关闭:策略不生效。 |
| 策略生效状态 | 立即生效:即策略下发完成后,命中目标镜像时,立即执行拦截动作。 观察 n 天生效:即观察期仅告警不拦截,观察期结束立即执行拦截动作。 |
拦截策略详情 | 策略类型 | 策略模板选择“拦截存在严重&高危风险的镜像”,策略类型为风险镜像拦截;如需修改策略类型,需调整策略模板。 |
| 拦截详情 | 存在漏洞、存在木马病毒、存在敏感信息这三类至少需配置一项。 配置“存在漏洞”,可按CVE编号、组件名称及版本号、或按漏洞分类进行配置。 配置“存在木马病毒”,可按文件 MD5、或按木马病毒类型进行配置。 配置“存在敏感信息”,可按威胁等级和敏感信息的类型进行配置。 |
策略生效范围 | 选择镜像 | 配置风险镜像拦截时,策略生效的范围需为已扫描镜像,未扫描镜像系统无法判断是否存在漏洞、木马病毒或敏感信息风险。 |
新建特权模式镜像拦截策略
新建特权模式镜像拦截策略时,如已创建过特权镜像拦截策略,则无法新建,需对已创建策略进行编辑新增;未新建时,可单击创建策略直接配置。
参数类别 | 参数名称 | 参数详情 |
基本信息 | 策略模板 | 必选,选择“拦截以特权模式启动的容器镜像”。 |
| 策略名称 | 必填,不超过128字符。 |
| 策略描述 | 非必填,不超过256字符。 |
| 启用状态 | 开启:开始执行镜像拦截动作,或观察期开始倒计时。 关闭:策略不生效。 |
| 策略生效状态 | 立即生效:即策略下发完成后,命中目标镜像时,立即执行拦截动作。 观察 n 天生效:即观察期仅告警不拦截,观察期结束立即执行拦截动作。 |
拦截策略详情 | 策略类型 | 策略模板选择“拦截以特权模式启动的容器镜像”,策略类型为特权镜像拦截;如需修改策略类型,需调整策略模板。 |
| 拦截详情 | 用户可对特权启动参数进行勾选,默认选择全部。系统将特权参数类型分为5大类,基础权限、文件操作权限、系统操作、网络操作和高危权限。用户可对大类,或某种大类中的具体分类进行调整。 |
策略生效范围 | 生效方式 | 配置特权镜像拦截策略时,生效方式包括“选中的镜像不允许以特权模式运行”,或“仅选中的镜像允许以特权模式运行(其他镜像特权启动将阻止运行)”。 |
| 选择镜像 | 用户可选择全部镜像或自选镜像。 |
管理策略
查看:在镜像拦截策略页面,单击镜像拦截策略名称,查看拦截策略详情,
开启或关闭:通过开启或关闭启动状态列的按钮调整策略是否生效。
开启后,开始执行镜像拦截动作,或观察期开始倒计时。
关闭时,策略不生效。
编辑:单击编辑,对策略的名称、描述、启动状态、策略生效状态、拦截策略详情、策略生效范围进行调整;策略模板不可调整。
是
否
本页内容是否解决了您的问题?