tencent cloud

文档反馈

Data Types

最后更新时间:2024-12-06 15:42:42

    ABTestConfig

    Grayscale project configuration

    Used by actions: DescribeABTestConfig.

    Name Type Description
    ProjectName String Greyscale project name
    Status Boolean true: grayscale release in progress; false: grayscale release not in progress.

    AccountStatistics

    Account statistics data

    Used by actions: DescribeAccountStatistics.

    Name Type Description
    Username String Username
    MachineNum Integer Number of hosts

    AlarmInfo

    Information on alarms associated with the node

    Used by actions: DescribeVertexDetail.

    Name Type Description
    AlarmId String Table names of IDs of alarms associated with the node. Separate multiple pairs with commas. Example: t1:id1,t2:id2
    Status Integer Alarm status. This parameter takes effect when this node is an alarm node.

    AssetAppBaseInfo

    Basic information on the resource management process

    Used by actions: DescribeAssetAppList.

    Name Type Description
    MachineIp String Host private IP address
    MachineName String Host name
    MachineWanIp String Host public IP address
    Uuid String Host UUID
    Quuid String Host QUUID
    ProjectId Integer Host business group ID
    Tag Array of MachineTag Host tag
    Note: This field may return null, indicating that no valid values can be obtained.
    Name String Application name
    Type Integer Application type
    1: operations
    2: database
    3: Security
    4: suspicious application
    5: system architecture
    6: system application
    7: web service
    99: other
    BinPath String Binary path
    OsInfo String Operating System Information
    ProcessCount Integer Number of associated processes
    Desc String Application description
    Version String Version No.
    ConfigPath String Configuration file path
    FirstTime String First collection time
    UpdateTime String Data update time
    Note: This field may return null, indicating that no valid values can be obtained.
    IsNew Integer Whether the web service is newly added [0: no|1: yes]
    Note: This field may return null, indicating that no valid values can be obtained.
    MachineExtraInfo MachineExtraInfo Additional information
    Note: This field may return null, indicating that no valid values can be obtained.

    AssetAppProcessInfo

    Software application-related process information

    Used by actions: DescribeAssetAppProcessList, DescribeAssetJarInfo, DescribeAssetWebServiceProcessList.

    Name Type Description
    Name String Name
    Status String Process status
    Version String Process version
    Path String Path
    User String User
    StartTime String Startup time

    AssetCoreModuleBaseInfo

    List of information on the asset management kernel module

    Used by actions: DescribeAssetCoreModuleList.

    Name Type Description
    Name String Name
    Desc String Description
    Path String Path
    Version String Version
    MachineIp String Server IP
    MachineName String Server name
    OsInfo String Operating system
    Size Integer Module size
    ProcessCount Integer Number of dependent processes
    ModuleCount Integer Number of dependent modules
    Id String Module ID
    Quuid String Host QUUID
    Uuid String Host UUID
    UpdateTime String Data update time
    Note: This field may return null, indicating that no valid values can be obtained.
    FirstTime String First collection time
    IsNew Integer Whether new [0: no|1: yes]
    MachineWanIp String Server Public IP
    MachineExtraInfo MachineExtraInfo Additional information
    Note: This field may return null, indicating that no valid values can be obtained.

    AssetCoreModuleDetail

    Details of the asset management kernel module

    Used by actions: DescribeAssetCoreModuleInfo.

    Name Type Description
    Name String Name
    Desc String Description
    Path String Path
    Version String Version
    Size Integer Size
    Processes String Dependent processes
    Modules String Dependent modules
    Params Array of AssetCoreModuleParam Parameter information
    Note: This field may return null, indicating that no valid values can be obtained.
    UpdateTime String Data update time
    Note: This field may return null, indicating that no valid values can be obtained.

    AssetCoreModuleParam

    Parameters of the asset management kernel module

    Used by actions: DescribeAssetCoreModuleInfo.

    Name Type Description
    Name String Name
    Data String Data

    AssetDatabaseBaseInfo

    Resource management database list information

    Used by actions: DescribeAssetDatabaseList.

    Name Type Description
    MachineIp String Host private IP address
    MachineWanIp String Host public IP address
    Quuid String Host QUUID
    Uuid String Host UUID
    OsInfo String Operating System Information
    ProjectId Integer Host business group ID
    Tag Array of MachineTag Host tag
    Note: This field may return null, indicating that no valid values can be obtained.
    Name String Database name
    Version String Version
    Port String Listening port
    Proto String Protocol
    User String Running user
    Ip String Bound IP
    ConfigPath String Configuration file path
    LogPath String Log file path
    DataPath String Data path
    Permission String Running permission
    ErrorLogPath String Error log path
    PlugInPath String Plugin path
    BinPath String Binary path
    Param String Startup parameter
    Id String Database ID
    UpdateTime String Data update time
    Note: This field may return null, indicating that no valid values can be obtained.
    FirstTime String First collection time
    IsNew Integer Whether newly added [0: no|1: yes]
    MachineName String Host name
    MachineExtraInfo MachineExtraInfo Additional information
    Note: This field may return null, indicating that no valid values can be obtained.

    AssetDatabaseDetail

    Resource management database list information

    Used by actions: DescribeAssetDatabaseInfo.

    Name Type Description
    MachineIp String Host private IP address
    MachineWanIp String Host public IP address
    Quuid String Host QUUID
    Uuid String Host UUID
    OsInfo String Operating System Information
    Name String Database name
    Version String Version
    Port String Listening port
    Proto String Protocol
    User String Running user
    Ip String Bind IP
    ConfigPath String Configuration file path
    LogPath String Log file path
    DataPath String Data path
    Permission String Running permission
    ErrorLogPath String Error log path
    PlugInPath String Plugin path
    BinPath String Binary path
    Param String Startup parameter
    UpdateTime String Data update time
    Note: This field may return null, indicating that no valid values can be obtained.

    AssetDiskPartitionInfo

    Asset management disk partition information

    Used by actions: DescribeAssetDiskList, DescribeAssetMachineDetail.

    Name Type Description
    Name String Partition name
    Size Integer Partition size (unit: G)
    Percent Float Partition utilization
    Type String File system type
    Path String Mounting directory
    Used Integer Used space (unit: G)

    AssetEnvBaseInfo

    List of asset management environment variables

    Used by actions: DescribeAssetEnvList.

    Name Type Description
    Name String Name
    Type Integer Type:
    0: user variable
    1: system variable
    User String Startup user
    Value String Environment variable value
    MachineIp String Server IP
    MachineName String Server name
    OsInfo String Operating system
    Quuid String Host QUUID
    Uuid String Host UUID
    UpdateTime String Data update time
    Note: This field may return null, indicating that no valid values can be obtained.
    FirstTime String First collection time
    IsNew Integer Whether new [0: no|1: yes]
    MachineWanIp String Server Public IP
    MachineExtraInfo MachineExtraInfo Additional information

    Note: This field may return null, indicating that no valid values can be obtained.

    AssetFilters

    Container security
    Description key-value pair filter, which is used for conditional filtering queries. For example, filter by ID, name, and status.
    If there are multiple Filters, the logical relationship between them is AND.
    If there are multiple Values in the same Filter, the logical relationship between the Values under the same Filter is OR.

    Used by actions: DescribeAssetAppList, DescribeAssetCoreModuleList, DescribeAssetDatabaseList, DescribeAssetEnvList, DescribeAssetInitServiceList, DescribeAssetJarList, DescribeAssetPlanTaskList, DescribeAssetWebServiceInfoList, DescribeLoginWhiteHostList, ExportAssetAppList, ExportAssetCoreModuleList, ExportAssetDatabaseList, ExportAssetEnvList, ExportAssetInitServiceList, ExportAssetJarList, ExportAssetPlanTaskList, ExportAssetWebServiceInfoList.

    Name Type Required Description
    Name String Yes Name of filter key
    Values Array of String Yes One or more filter values
    ExactMatch Boolean No Whether to use fuzzy query

    AssetInitServiceBaseInfo

    List of asset management startup services

    Used by actions: DescribeAssetInitServiceList.

    Name Type Description
    Name String Name
    Type Integer Type:
    1: Encoder
    2: IE plugin
    3: Network provider
    4: Mirror hijacking
    5: LSA provider
    6:KnownDLLs
    7: Start execution
    8:WMI
    9: Scheduled task
    10: Winsock provider
    11: Print monitor
    12: Resource manager
    13: Driver service
    14: Log-in
    Status Integer Default enabling status: 0 - disabled; 1 - enabled
    User String Startup user
    Path String Path
    MachineIp String Server IP
    MachineName String Name
    OsInfo String Operating system
    Quuid String Host QUUID
    Uuid String Host UUID
    UpdateTime String Data update time
    FirstTime String First collection time
    IsNew Integer Whether newly added [0: no|1: yes]
    MachineWanIp String Server Public IP
    MachineExtraInfo MachineExtraInfo Additional information

    Note: This field may return null, indicating that no valid values can be obtained.
    IsAutoRun Integer Start at boot [0: No|1: Yes]

    AssetJarBaseInfo

    List of asset management JAR packages

    Used by actions: DescribeAssetJarList.

    Name Type Description
    Name String Name
    Type Integer Type. 1: application; 2: system class library; 3: web service built-in library; 8: others.
    Status Integer Whether it is executable. 0: unknown; 1: yes; 2: no.
    Version String Version
    Path String Path
    MachineIp String Server IP address
    MachineName String Server name
    OsInfo String Operating system
    Id String JAR package ID
    Md5 String JAR package Md5
    Quuid String Host QUUID
    Uuid String Host UUID
    UpdateTime String Data update time
    Note: This field may return null, indicating that no valid values can be obtained.
    FirstTime String First collection time
    IsNew Integer Whether it is newly added [0: no | 1: yes]
    MachineWanIp String Server public IP
    MachineExtraInfo MachineExtraInfo Additional information

    Note: This field may return null, indicating that no valid values can be obtained.

    AssetJarDetail

    Asset management jar package details

    Used by actions: DescribeAssetJarInfo.

    Name Type Description
    Name String Name
    Type Integer Type: 1: application; 2: system library; 3: Web service built-in library; 8: other
    Status Integer Whether executable: 0: unknown; 1: yes; 2: no
    Version String Version
    Path String Path
    MachineIp String Server IP
    MachineName String Server name
    OsInfo String Operating system
    Process Array of AssetAppProcessInfo Reference process list
    Note: This field may return null, indicating that no valid values can be obtained.
    Md5 String Jar package Md5
    Note: This field may return null, indicating that no valid values can be obtained.
    UpdateTime String Data update time
    Note: This field may return null, indicating that no valid values can be obtained.

    AssetKeyVal

    Generic data structure of Key-val type

    Used by actions: DescribeAssetAppCount, DescribeAssetDatabaseCount, DescribeAssetHostTotalCount, DescribeAssetMachineTagTop, DescribeAssetPortCount, DescribeAssetProcessCount, DescribeAssetRecentMachineInfo, DescribeAssetTotalCount, DescribeAssetTypeTop, DescribeAssetUserCount, DescribeAssetWebAppCount, DescribeAssetWebFrameCount, DescribeAssetWebLocationCount, DescribeAssetWebServiceCount.

    Name Type Description
    Key String Tag
    Value Integer Quantity
    Desc String Description information
    Note: This field may return null, indicating that no valid values can be obtained.
    NewCount Integer Number of additions today
    Note: This field may return null, indicating that no valid values can be obtained.

    AssetLoadDetail

    Asset management load information

    Used by actions: DescribeAssetLoadInfo.

    Name Type Description
    MachineName String Host name
    Desc String Description
    Value Float Load
    Quuid String Host QUUID
    Uuid String Host UUID

    AssetLoadSummary

    Resource load overview

    Used by actions: DescribeAssetLoadInfo.

    Name Type Description
    Counts Array of Integer Load amount array, in ascending order:
    [
    0% or unknown quantity
    0%~20%
    20%~50%
    50%~80%
    80%~100%
    ]
    Top5 Array of AssetLoadDetail Top 5 Load
    Note: This field may return null, indicating that no valid values can be obtained.

    AssetMachineBaseInfo

    Basic information on the server list in asset fingerprint

    Used by actions: DescribeAssetMachineList.

    Name Type Description
    Quuid String Server QUUID
    Uuid String Server UUID
    MachineIp String Private IP address of server
    MachineName String Server name
    OsInfo String Operating system name
    Cpu String CPU information
    MemSize Integer Memory capacity, in GB
    MemLoad String Memory utilization, in percentage
    DiskSize Integer Hard disk capacity, in GB
    DiskLoad String Hard disk utilization, in percentage
    PartitionCount Integer Number of partitions
    MachineWanIp String Host public IP address
    ProjectId Integer Business group ID
    CpuSize Integer CPU count
    CpuLoad String CPU utilization, in percentage
    Tag Array of MachineTag Tag
    Note: This field may return null, indicating that no valid values can be obtained.
    UpdateTime String Data update time
    Note: This field may return null, indicating that no valid values can be obtained.
    IsNew Integer Whether it is newly added [0 - no;1 - yes]
    FirstTime String First collection time
    MachineExtraInfo MachineExtraInfo Additional information
    Note: This field may return null, indicating that no valid values can be obtained.
    CpuLoadNum String CPU load readings (only valid for Linux systems)
    Note: This field may return null, indicating that no valid values can be obtained.

    AssetMachineDetail

    Basic information on the server list in asset fingerprint

    Used by actions: DescribeAssetMachineDetail.

    Name Type Description
    Quuid String Server QUUID
    Uuid String Server UUID
    MachineIp String Private IP address of server
    MachineName String Server name
    OsInfo String Operating system name
    Cpu String CPU information
    MemSize Integer Memory capacity, in GB
    MemLoad String Memory utilization, in percentage
    DiskSize Integer Hard disk capacity, in GB
    DiskLoad String Hard disk usage, in percentage
    PartitionCount Integer Number of partitions
    MachineWanIp String Host public IP address
    CpuSize Integer Number of CPU
    CpuLoad String CPU load
    ProtectLevel Integer Protection Level. 0 Basic Edition; 1 Professional Edition; 2 Premium Edition; 3 General Discount Edition
    RiskStatus String Risk status: UNKNOW - unknown; RISK - risky; SAFT - Safe
    ProtectDays Integer Days protected
    BuyTime String Professional edition activation time
    EndTime String Professional edition expiration time
    CoreVersion String Kernel version
    OsType String linux/windows
    AgentVersion String Agent version
    InstallTime String Installation time
    BootTime String System startup time
    LastLiveTime String Last online time
    Producer String Manufacturer
    SerialNumber String Serial number
    NetCards Array of AssetNetworkCardInfo Network interface
    Disks Array of AssetDiskPartitionInfo Partition
    Status Integer 0: online; 1: offline
    ProjectId Integer Business group ID
    DeviceVersion String Server model
    OfflineTime String Offline time
    Note: This field may return null, indicating that no valid values can be obtained.
    InstanceId String Host ID
    Note: This field may return null, indicating that no valid values can be obtained.
    UpdateTime String Data update time
    Note: This field may return null, indicating that no valid values can be obtained.
    MachineExtraInfo MachineExtraInfo Host Additional Information
    Note: This field may return null, indicating that no valid values can be obtained.
    CpuLoadVul String CpuLoadVul
    Note: This field may return null, indicating that no valid values can be obtained.
    FirstTime String Time
    Note: This field may return null, indicating that no valid values can be obtained.

    AssetNetworkCardInfo

    Asset management network interface information

    Used by actions: DescribeAssetMachineDetail.

    Name Type Description
    Name String Network interface name
    Ip String IPv4 address
    GateWay String Gateway
    Mac String MAC address
    Ipv6 String IPv6 address
    DnsServer String DNS server

    AssetPlanTask

    List of asset management plan tasks

    Used by actions: DescribeAssetPlanTaskList.

    Name Type Description
    Status Integer Default enabling status. 1 - enabled; 2 - not enabled
    Cycle String Execution cycle
    Command String Execute command or script
    User String Startup user
    ConfigPath String Configuration file path
    MachineIp String Server IP
    MachineName String Name
    OsInfo String Operating system
    Quuid String Host QUUID
    Uuid String Host UUID
    UpdateTime String Data update time
    Note: This field may return null, indicating that no valid values can be obtained.
    FirstTime String First collection time
    IsNew Integer Whether newly added [0: no|1: yes]
    MachineWanIp String Server Public IP
    MachineExtraInfo MachineExtraInfo Additional information
    Note: This field may return null, indicating that no valid values can be obtained.

    AssetPortBaseInfo

    Basic information of resource management account

    Used by actions: DescribeAssetPortInfoList.

    Name Type Description
    MachineIp String Private IP address of the host
    MachineWanIp String Public IP address of the host
    Quuid String Host QUUID
    Uuid String Host UUID
    OsInfo String Operating System Information
    ProjectId Integer Host business group ID
    Tag Array of MachineTag Host tag
    Note: This field may return null, indicating that no valid values can be obtained.
    ProcessName String Process name
    ProcessVersion String Process version
    ProcessPath String Process path
    Pid String Process ID
    User String Running user
    StartTime String Start time
    Param String Start parameter
    Teletype String Process TTY
    Port String Port
    GroupName String User group
    Md5 String Process MD5
    Ppid String Parent process ID
    ParentProcessName String Parent process name
    Proto String Port protocol
    BindIp String Bound IP
    MachineName String Host name
    UpdateTime String Data update time
    Note: This field may return null, indicating that no valid values can be obtained.
    FirstTime String First collection time
    IsNew Integer Whether to add [0: no | 1: yes]
    MachineExtraInfo MachineExtraInfo Additional information
    Note: This field may return null, indicating that no valid values can be obtained.

    AssetProcessBaseInfo

    Basic information on the resource management process

    Used by actions: DescribeAssetProcessInfoList.

    Name Type Description
    MachineIp String Host private IP address
    MachineWanIp String Host public IP address
    Quuid String Host QUUID
    Uuid String Host UUID
    OsInfo String Operating System Information
    ProjectId Integer Host business group ID
    Tag Array of MachineTag Host tag
    Note: This field may return null, indicating that no valid values can be obtained.
    Name String Process name
    Desc String Process description
    Path String Process path
    Pid String Process ID
    User String Running user
    StartTime String Startup time
    Param String Startup parameter
    Tty String Process TTY
    Version String Process version
    GroupName String Process user group
    Md5 String Process MD5
    Ppid String Parent process ID
    ParentProcessName String Parent process name
    Status String Process status
    HasSign Integer Digital signature. 0: no; 1: yes; 999: null (Windows only).
    InstallByPackage Integer Whether to install the package. 0: no; 1: yes; 999: null (Linux only).
    PackageName String Software package name
    MachineName String Host name
    UpdateTime String Data update time
    Note: This field may return null, indicating that no valid values can be obtained.
    FirstTime String First collection time
    IsNew Integer Whether new [0: no|1: yes]
    MachineExtraInfo MachineExtraInfo Additional information

    Note: This field may return null, indicating that no valid values can be obtained.

    AssetSystemPackageInfo

    Information on resource management system installation package list

    Used by actions: DescribeAssetSystemPackageList.

    Name Type Description
    Name String Database name
    Desc String Description
    Version String Version
    InstallTime String Installation time
    Type String Type
    MachineName String Host name
    MachineIp String Host IP
    OsInfo String Operating system
    UpdateTime String Data update time
    Note: This field may return null, indicating that no valid values can be obtained.
    FirstTime String First collection time
    IsNew Integer Whether newly added [0: no|1: yes]
    MachineExtraInfo MachineExtraInfo Additional information
    Quuid String Host ID
    Uuid String Agent Id

    AssetType

    Asset fingerprint type description

    Used by actions: DescribeAssetTypes.

    Name Type Description
    Id Integer Type ID
    Name String Type name

    AssetUserBaseInfo

    Resource management account basic information

    Used by actions: DescribeAssetUserList.

    Name Type Description
    MachineIp String Host private IP address
    MachineWanIp String Host public IP address
    MachineName String Host name
    OsInfo String Operating System Information
    Uuid String Host UUID
    Quuid String Host QUUID
    Uid String Account UID
    Gid String Account GID
    Status Integer Account status. 0: disabled; 1: enabled
    IsRoot Integer Whether there is root permission. 0: no; 1: yes; 999: null (Linux only)
    LoginType Integer Log-in method. 0: log-in not allowed; 1: only key-based log-in allowed; 2: only password-based log-in allowed; 3: both key-based log-in and password-based log-in allowed; 999: null (Linux only)
    LastLoginTime String Last log-in time
    Name String Account name
    ProjectId Integer Host business group ID
    UserType Integer Account type. 0: guest user; 1: standard user; 2: administrator user; 999: null (Windows only)
    IsDomain Integer Whether a domain account. 0: no; 1: yes; 2: no; 999: null (Windows only)
    IsSudo Integer Whether there is sudo permissions: 1: yes; 0: No; 999: null (Linux only)
    IsSshLogin Integer Whether ssh log-in allowed. 1: yes; 0: no; 999: null (Linux only)
    HomePath String Home directory
    Shell String Shell path (Linux only)
    ShellLoginStatus Integer Whether shell log-in allowed. 0: no; 1: yes (Linux only)
    PasswordChangeTime String Password modification time
    PasswordDueTime String Password expiration time (Linux only)
    PasswordLockDays Integer Password locking time (unit: day): -1 - never locked; 999 - null (Linux only)
    PasswordStatus Integer Password status: 1 - normal; 2 - expiring soon; 3 - expired; 4 - locked; 999 - null (Linux only)
    UpdateTime String Update time
    Note: This field may return null, indicating that no valid values can be obtained.
    FirstTime String First collection time
    IsNew Integer Whether new [0: no|1: yes]
    MachineExtraInfo MachineExtraInfo Additional information
    Note: This field may return null, indicating that no valid values can be obtained.

    AssetUserDetail

    Basic information for resource management account

    Used by actions: DescribeAssetUserInfo.

    Name Type Description
    MachineIp String Host private IP address
    MachineName String Host name
    Uuid String Host UUID
    Quuid String Host QUUID
    Uid String Account UID
    Gid String Account GID
    Status Integer Account status. 0: disabled; 1: enabled.
    IsRoot Integer Whether there is root permission. 0: no; 1: yes; 999: null (Linux only).
    LastLoginTime String Last log-in time
    Name String Account name
    UserType Integer Account type. 0: guest user; 1: standard user; 2: administrator user; 999: null (Windows only).
    IsDomain Integer Whether the account is a domain account. 0: no; 1: yes; 999: null (Windows only).
    IsSshLogin Integer Whether SSH log-in allowed. 1: yes; 0: no; 999: null (Linux only).
    HomePath String Home directory
    Shell String Shell path (Linux only)
    ShellLoginStatus Integer Whether shell log-in allowed. 0: no; 1: yes (Linux only).
    PasswordChangeTime String Password modification time
    PasswordDueTime String Password expiration time (Linux only)
    PasswordLockDays Integer Password locking time (unit: day). -1: never locked; 999: null (Linux only).
    Remark String Remarks
    GroupName String User group name
    DisableTime String Account expiration time
    LastLoginTerminal String Last log-in terminal
    LastLoginLoc String Last log-in location
    LastLoginIp String Last log-in IP address
    PasswordWarnDays Integer Password expiration reminder, in days
    PasswordChangeType Integer Password change settings. 0: not allowed; 1: allowed.
    Keys Array of AssetUserKeyInfo User public key listNote: This field may return null, indicating that no valid values can be obtained.
    UpdateTime String Data update time
    Note: This field may return null, indicating that no valid values can be obtained.

    AssetUserKeyInfo

    Details of the asset management account key

    Used by actions: DescribeAssetUserInfo, DescribeAssetUserKeyList.

    Name Type Description
    Value String Public key value
    Comment String Public key remarks
    EncryptType String Encryption method

    AssetWebAppBaseInfo

    List of the information on the resource management web application

    Used by actions: DescribeAssetWebAppList.

    Name Type Description
    MachineIp String Host private IP address
    MachineWanIp String Host public IP address
    Quuid String Host QUUID
    Uuid String Host UUID
    OsInfo String Operating system information
    ProjectId Integer Host business group ID
    Tag Array of MachineTag Host tag
    Note: This field may return null, indicating that no valid values can be obtained.
    Name String Application name
    Version String Version
    RootPath String Root path
    ServiceType String Service type
    Domain String Site domain name
    VirtualPath String Virtual path
    PluginCount Integer Number of plugins
    Id String Application ID
    Desc String Application description
    MachineName String Host name
    UpdateTime String Data update time
    Note: This field may return null, indicating that no valid values can be obtained.
    FirstTime String First collection time
    IsNew Integer Whether it is newly added [0: no | 1: yes]
    MachineExtraInfo MachineExtraInfo Additional information
    Note: This field may return null, indicating that no valid values can be obtained.

    AssetWebAppPluginInfo

    Details of web application plugin for asset management

    Used by actions: DescribeAssetWebAppPluginList.

    Name Type Description
    Name String Name
    Desc String Description
    Version String Version
    Link String Link

    AssetWebFrameBaseInfo

    Resource management Web application list information

    Used by actions: DescribeAssetWebFrameList.

    Name Type Description
    MachineIp String Host private IP address
    MachineWanIp String Host public IP address
    Quuid String Host QUUID
    Uuid String Host UUID
    OsInfo String Operating System Information
    ProjectId Integer Host business group ID
    Tag Array of MachineTag Host tag
    Note: This field may return null, indicating that no valid values can be obtained.
    Name String Database name
    Version String Version
    Lang String Language
    ServiceType String Service type
    MachineName String Host name
    UpdateTime String Data update time
    FirstTime String First collection time
    IsNew Integer Whether new [0: no|1: yes]
    MachineExtraInfo MachineExtraInfo Additional information
    Note: This field may return null, indicating that no valid values can be obtained.
    Path String Application path

    AssetWebLocationBaseInfo

    Asset management Web site list information

    Used by actions: DescribeAssetWebLocationList.

    Name Type Description
    Uuid String Host UUID
    Quuid String Host QUUID
    MachineIp String Private IP address
    MachineWanIp String Public IP address
    MachineName String Host name
    OsInfo String Operating system
    Name String Domain name
    Port String Site port
    Proto String Site protocol
    ServiceType String Service type
    PathCount Integer Number of site paths
    User String Running user
    MainPath String Home directory
    MainPathOwner String Home directory owner
    Permission String Owner permissions
    ProjectId Integer Host business group ID
    Tag Array of MachineTag Host tag
    Id String Web site ID
    UpdateTime String Data update time
    Note: This field may return null, indicating that no valid values can be obtained.
    FirstTime String First collection time
    IsNew Integer Whether the web service is newly added [0 - no|1 - yes]
    Note: This field may return null, indicating that no valid values can be obtained.
    MachineExtraInfo MachineExtraInfo Additional information
    Note: This field may return null, indicating that no valid values can be obtained.

    AssetWebLocationInfo

    Asset management Web site list information

    Used by actions: DescribeAssetWebLocationInfo.

    Name Type Description
    Name String Domain name
    Port String Site port
    Proto String Site protocol
    ServiceType String Service type
    SafeStatus Integer Security module status. 0: not enabled; 1: enabled; 999: null (nginx only)
    User String Running user
    MainPath String Home directory
    Command String Startup command
    Ip String Bind IP
    UpdateTime String Data update time
    Note: This field may return null, indicating that no valid values can be obtained.

    AssetWebLocationPath

    Virtual directory of the asset management web site

    Used by actions: DescribeAssetWebLocationPathList.

    Name Type Description
    VirtualPath String Virtual path
    RealPath String Physical path
    User String File owner
    Group String File group
    Permission String File permission

    AssetWebServiceBaseInfo

    List information on resource management Web service

    Used by actions: DescribeAssetWebServiceInfoList.

    Name Type Description
    MachineIp String Private IP address of a host
    MachineWanIp String Public IP address of a host
    Quuid String Host QUUID
    Uuid String Host UUID
    OsInfo String Operating System Information
    ProjectId Integer Host business group ID
    Tag Array of MachineTag Host tag
    Note: This field may return null, indicating that no valid values can be obtained.
    Name String Database name
    Version String Version
    BinPath String Binary path
    User String Startup user
    InstallPath String Installation path
    ConfigPath String Configuration path
    ProcessCount Integer Number of associated processes
    Id String Web Service ID
    MachineName String Host name
    Desc String Description
    UpdateTime String Data update time
    Note: This field may return null, indicating that no valid values can be obtained.
    FirstTime String First collection time
    IsNew Integer Whether newly added [0: no|1: yes]
    MachineExtraInfo MachineExtraInfo Additional information
    Note: This field may return null, indicating that no valid values can be obtained.

    AttackSource

    Attack backtracking

    Used by actions: DescribeAttackSource.

    Name Type Description
    Nodes Array of AttackSourceNode Attack backtracking node description
    Note: This field may return null, indicating that no valid values can be obtained.
    Edges Array of AttackSourceEdge Attack backtracking node path
    Note: This field may return null, indicating that no valid values can be obtained.
    EventInfoParam String Parameters for requesting details on node-related events
    Note: This field may return null, indicating that no valid values can be obtained.

    AttackSourceEdge

    Attack backtracking path description

    Used by actions: DescribeAttackSource.

    Name Type Description
    From String Starting node
    To String Target node

    AttackSourceEvent

    Attack backtracking event

    Used by actions: DescribeAttackSourceEvents.

    Name Type Description
    EventType Integer Event type. 0: virus scanning; 1: abnormal log-in; 2: password cracking; 3: malicious request; 4: high-risk command.
    Content String [Virus scanning] Virus name: VirusName, file name: FileName, file path: FilePath, file size: FileSize, file MD5: MD5, first detection time: CreateTime, last detection time: LatestScanTime, severity description: HarmDescribe, fixing suggestion: SuggestScheme
    [Abnormal log-in] Source IP: SrcIp, location: Location, log-in username: UserName, log-in time: LoginTime
    [Password cracking] Source IP: SrcIp, location: City and Country, protocol: Protocol, log-in username: UserName, port: Port, attempt count: Count, first attack time: CreateTime, last attack time: ModifyTime
    [Malicious request] Malicious request domain name: Url, process: ProcessName, MD5: ProcessMd5, PID: Pid, request count: AccessCount, last request time: MergeTime, severity description: HarmDescribe, fixing suggestion: SuggestScheme
    [High-risk command] Hit rule name: RuleName, rule category: RuleCategory, command content: BashCmd, data source: DetectBy, Log-in user: User, PID: Pid, occurrence time: CreateTime, severity description: HarmDescribe, fixing suggestion: SuggestScheme
    CreatedTime String Intrusion time
    Level Integer Unified event risk level. 0: prompt; 1: low; 2: medium; 3: high; 4: critical.
    LevelZh String Risk level string in Chinese
    Id Integer Event ID
    Uuid String Host UUID

    AttackSourceNode

    Attack backtracking node

    Used by actions: DescribeAttackSource.

    Name Type Description
    EventId Integer Event ID. If this parameter is left blank, no corresponding event exists.
    EventType String BRUTEFORCE: password cracking; MALWARE: Trojan; BASH: high-risk command; RISK_DNS: malicious request; LOGIN: cross-region log-in; HOST: host node; TIME_ORDER: general node.
    Ip String Node IP address. When the node is HOST, the value is the IP address of this node.
    Level Integer Level. 0: prompt; 1: low-risk; 2: medium-risk; 3: high-risk; 4: critical.
    NodeId String Node ID
    StartTime String Start time
    EndTime String End time
    NodeDesc String General node description
    TimeLineNum Integer Timeline number. Nodes with the same number belong to the same timeline.
    NodeDetail String Node details

    BanWhiteList

    Block allowlist rules

    Used by actions: CreateBanWhiteList, ModifyBanWhiteList.

    Name Type Required Description
    Id String No Allowlist IDs
    Remark String No Allowlist aliases
    SrcIp String No Block source IP
    ModifyTime Timestamp No Time of modifying allowlists
    CreateTime Timestamp No Time of creating allowlists
    Uuid String No Machine associated with the allowlist
    Note: This field may return null, indicating that no valid values can be obtained.
    IsGlobal Boolean No Whether the allowlist is global
    Note: This field may return null, indicating that no valid values can be obtained.
    Quuids Array of String No Machine list associated with the allowlist
    Note: This field may return null, indicating that no valid values can be obtained.

    BanWhiteListDetail

    List of displayed blocking allowlist information, including the machine information

    Used by actions: DescribeBanWhiteList.

    Name Type Description
    Id String Allowlist ID
    Remark String Allowlist alias
    SrcIp String Blocking source IP address
    ModifyTime Timestamp Allowlist modification time
    CreateTime Timestamp Allowlist creation time
    IsGlobal Boolean Whether the allowlist takes effect globally
    Quuid String Machine UUID
    Uuid String CWPP program UUID
    MachineIp String Machine IP address
    MachineName String Machine name

    BaselineBasicInfo

    Basic baseline information

    Used by actions: DescribeBaselineBasicInfo.

    Name Type Description
    Name String Baseline name
    Note: This field may return null, indicating that no valid values can be obtained.
    BaselineId Integer Baseline ID
    Note: This field may return null, indicating that no valid values can be obtained.
    ParentId Integer Parent ID
    Note: This field may return null, indicating that no valid values can be obtained.

    BaselineCustomRuleIdName

    Baseline Custom Rule ID and Name

    Used by actions: DescribeIgnoreHostAndItemConfig.

    Name Type Description
    RuleId Integer Custom rule ID 
    Note: This field may return null, indicating that no valid values can be obtained.
    RuleName String Custom Rule Name
    Note: This field may return null, indicating that no valid values can be obtained.

    BaselineDetail

    Baseline details

    Used by actions: DescribeBaselineDetail.

    Name Type Description
    Description String Baseline description
    Note: This field may return null, indicating that no valid values can be obtained.
    Level Integer Severity level
    Note: This field may return null, indicating that no valid values can be obtained.
    PackageName String Package name
    Note: This field may return null, indicating that no valid values can be obtained.
    ParentId Integer Parent ID
    Note: This field may return null, indicating that no valid values can be obtained.
    Name String Baseline name
    Note: This field may return null, indicating that no valid values can be obtained.

    BaselineDetectParam

    Baseline check parameters

    Used by actions: StartBaselineDetect.

    Name Type Required Description
    PolicyIds Array of Integer No Collection of check policies
    RuleIds Array of Integer No Collection of check rules
    ItemIds Array of Integer No Collection of check items
    HostIds Array of String No Collection of checked server IDs

    BaselineEffectHost

    Information on the host affected by baseline

    Used by actions: DescribeBaselineEffectHostList.

    Name Type Description
    PassCount Integer Passed item
    Note: This field may return null, indicating that no valid values can be obtained.
    FailCount Integer Risky item
    Note: This field may return null, indicating that no valid values can be obtained.
    FirstScanTime String First check time
    Note: This field may return null, indicating that no valid values can be obtained.
    LastScanTime String Last check time
    Note: This field may return null, indicating that no valid values can be obtained.
    Status Integer Risky item processing status. 0: failed; 1: passed.
    Note: This field may return null, indicating that no valid values can be obtained.
    Quuid String Host QUUID
    Note: This field may return null, indicating that no valid values can be obtained.
    HostIp String Host IP address
    Note: This field may return null, indicating that no valid values can be obtained.
    AliasName String Host alias
    Note: This field may return null, indicating that no valid values can be obtained.
    Uuid String Host UUID
    Note: This field may return null, indicating that no valid values can be obtained.
    MaxStatus Integer Check status
    Note: This field may return null, indicating that no valid values can be obtained.

    BaselineEventLevelInfo

    Host information of Top server risks

    Used by actions: DescribeBaselineHostTop.

    Name Type Description
    EventLevel Integer Hazard level: 1-Low-risk; 2-Medium-risk; 3-High-risk; 4-Critical
    Note: This field may return null, indicating that no valid values can be obtained.
    EventCount Integer Number of vulnerabilities
    Note: This field may return null, indicating that no valid values can be obtained.

    BaselineHost

    Baseline host information

    Used by actions: DescribeIgnoreHostAndItemConfig.

    Name Type Description
    HostId String Host ID
    HostName String Host name
    Note: This field may return null, indicating that no valid values can be obtained.
    HostTag String Host tag
    Note: This field may return null, indicating that no valid values can be obtained.
    HostIp String Private IP address
    Note: This field may return null, indicating that no valid values can be obtained.
    WanIp String Public IP address
    Note: This field may return null, indicating that no valid values can be obtained.
    MachineExtraInfo MachineExtraInfo Host Additional Information
    Note: This field may return null, indicating that no valid values can be obtained.

    BaselineHostDetect

    Baseline Host Detection

    Used by actions: DescribeBaselineHostDetectList.

    Name Type Description
    HostId String Host ID
    HostIp String Private IP address
    HostName String Host name
    WanIp String Public IP address
    DetectStatus Integer 0: Failed; 1: Ignored; 3: Passed; 5: Under detection
    PassedItemCount Integer Number of Passed Tasks in Detection
    ItemCount Integer Associated Detection Item Count
    NotPassedItemCount Integer Detection Failure Count
    FirstTime String First detection time
    LastTime String Last detection Time
    Uuid String CWPP UUID
    Note: This field may return null, indicating that no valid values can be obtained.
    MachineExtraInfo MachineExtraInfo Host Additional Information
    Note: This field may return null, indicating that no valid values can be obtained.

    BaselineHostTopList

    Baseline affected servers list data

    Used by actions: DescribeBaselineHostTop.

    Name Type Description
    EventLevelList Array of BaselineEventLevelInfo List of event levels and occurrences
    Note: This field may return null, indicating that no valid values can be obtained.
    HostName String Host name
    Note: This field may return null, indicating that no valid values can be obtained.
    Quuid String Host QUUID
    Note: This field may return null, indicating that no valid values can be obtained.
    Score Integer Score for calculating weight
    Note: This field may return null, indicating that no valid values can be obtained.

    BaselineInfo

    Baseline Information

    Used by actions: DescribeBaselineList.

    Name Type Description
    Name String Baseline name
    Note: This field may return null, indicating that no valid values can be obtained.
    Level Integer Hazard level: 1-Low-risk; 2-Medium-risk; 3-High-risk; 4-Critical
    Note: This field may return null, indicating that no valid values can be obtained.
    RuleCount Integer Number of check items
    Note: This field may return null, indicating that no valid values can be obtained.
    HostCount Integer Number of affected servers
    Note: This field may return null, indicating that no valid values can be obtained.
    Status Integer Pass status. 0: passed; 1: failed.Note: This field may return null, indicating that no valid values can be obtained.
    CategoryId Integer Baseline ID
    Note: This field may return null, indicating that no valid values can be obtained.
    LastScanTime String Last check time
    Note: This field may return null, indicating that no valid values can be obtained.
    MaxStatus Integer 5: checking
    Note: This field may return null, indicating that no valid values can be obtained.
    BaselineFailCount Integer Baseline check items with risks
    Note: This field may return null, indicating that no valid values can be obtained.

    BaselineItem

    Baseline Item

    Used by actions: DescribeBaselineItemList.

    Name Type Description
    ItemId Integer Item ID
    ItemName String Item Name
    CategoryId Integer Detection Item Classification
    ItemDesc String Item Description
    FixMethod String Fixing Method
    RuleName String Rule
    DetectResultDesc String Check result description
    Note: This field may return null, indicating that no valid values can be obtained.
    Level Integer Risk level
    Note: This field may return null, indicating that no valid values can be obtained.
    DetectStatus Integer Detection Status. 0: Failed; 1: Ignored; 3: Passed; 5: Under detection
    Note: This field may return null, indicating that no valid values can be obtained.
    HostId String Host ID
    Note: This field may return null, indicating that no valid values can be obtained.
    HostName String Host name
    Note: This field may return null, indicating that no valid values can be obtained.
    HostIp String Host IP address
    Note: This field may return null, indicating that no valid values can be obtained.
    WanIp String Public IP address
    Note: This field may return null, indicating that no valid values can be obtained.
    FirstTime String First Occurrence Time
    Note: This field may return null, indicating that no valid values can be obtained.
    LastTime String Last Occurrence Time
    Note: This field may return null, indicating that no valid values can be obtained.
    CanBeFixed Integer Can Be Fixed or Not
    Note: This field may return null, indicating that no valid values can be obtained.
    Uuid String Host Security UUID
    Note: This field may return null, indicating that no valid values can be obtained.
    MachineExtraInfo MachineExtraInfo Host Additional Information
    Note: This field may return null, indicating that no valid values can be obtained.

    BaselineItemDetect

    Baseline detection item

    Used by actions: DescribeBaselineItemDetectList.

    Name Type Description
    ItemId Integer Item ID
    Note: This field may return null, indicating that no valid values can be obtained.
    ItemName String Item Name
    Note: This field may return null, indicating that no valid values can be obtained.
    ItemDesc String Item Description
    Note: This field may return null, indicating that no valid values can be obtained.
    FixMethod String Fixing Method
    Note: This field may return null, indicating that no valid values can be obtained.
    RuleName String Rule
    Note: This field may return null, indicating that no valid values can be obtained.
    DetectStatus Integer 0: Failed; 1: Ignored; 3: Passed; 5: Under detection
    Note: This field may return null, indicating that no valid values can be obtained.
    Level Integer Risk level
    Note: This field may return null, indicating that no valid values can be obtained.
    HostCount Integer Number of affected servers
    Note: This field may return null, indicating that no valid values can be obtained.
    FirstTime String First detection time
    Note: This field may return null, indicating that no valid values can be obtained.
    LastTime String Last Detection Time
    Note: This field may return null, indicating that no valid values can be obtained.
    DetectResult String Detection result, JSON string
    Note: This field may return null, indicating that no valid values can be obtained.
    RuleId Integer Rule ID
    Note: This field may return null, indicating that no valid values can be obtained.
    PassedHostCount Integer Number of servers passed
    Note: This field may return null, indicating that no valid values can be obtained.
    NotPassedHostCount Integer Number of servers failed
    Note: This field may return null, indicating that no valid values can be obtained.

    BaselineItemInfo

    Baseline Information

    Used by actions: DescribeIgnoreHostAndItemConfig.

    Name Type Description
    ItemId Integer Baseline Detection Item ID
    ItemName String Detection Item Name
    RuleId Integer ID of the Rule to Which the Detection Item Belongs
    Note: This field may return null, indicating that no valid values can be obtained.
    ItemDesc String Detection item description
    FixMethod String Remediation Method for Inspection Items
    RuleName String Rule Name of Detection Item
    Level Integer Risk level
    SysRuleId Integer System Rule ID
    Note: This field may return null, indicating that no valid values can be obtained.
    RelatedCustomRuleInfo Array of BaselineCustomRuleIdName Referenced Custom Rule Information
    Note: This field may return null, indicating that no valid values can be obtained.

    BaselinePolicy

    Baseline policy information

    Used by actions: DescribeBaselinePolicyList, ModifyBaselinePolicy.

    Name Type Required Description
    PolicyName String Yes Policy name, which is no more than 128 English characters in length.
    DetectInterval Integer Yes Detection interval [1: 1 day|3: 3 days|5: 5 days|7: 7 days]
    DetectTime String Yes Detection time
    IsEnabled Integer Yes Whether enabled [0: not enabled|1: enabled]
    AssetType Integer Yes Asset type [0: all Professional and Ultimate editions|1: ID | 2: IP]
    PolicyId Integer No Policy ID
    RuleCount Integer No Number of associated baseline items
    ItemCount Integer No Number of associated baseline items
    HostCount Integer No Number of associated baseline hosts
    RuleIds Array of Integer No Rule ID
    HostIds Array of String No Host ID
    HostIps Array of String No Host IP
    IsDefault Integer No Whether the system default

    BaselineRuleInfo

    Baseline detection information

    Used by actions: DescribeBaselineRule.

    Name Type Description
    RuleName String Detection item name
    Description String Detection item description
    FixMessage String Fixing suggestion
    Level Integer Severity level
    Status Integer Status
    RuleId Integer Detection Item ID
    LastScanAt String Last detection Time
    RuleRemark String Specific reason explanation
    Uuid String Unique UUID
    EventId Integer Unique event ID

    BaselineRuleTopInfo

    Information on TOP baseline detection item

    Used by actions: DescribeBaselineTop.

    Name Type Description
    RuleName String Baseline detection item name
    Note: This field may return null, indicating that no valid values can be obtained.
    Level Integer Detection item hazard level
    Note: This field may return null, indicating that no valid values can be obtained.
    EventCount Integer Total number of events
    Note: This field may return null, indicating that no valid values can be obtained.
    RuleId Integer Detection Item ID
    Note: This field may return null, indicating that no valid values can be obtained.

    BaselineWeakPassword

    Baseline weak password

    Used by actions: DescribeBaselineWeakPasswordList.

    Name Type Required Description
    PasswordId Integer Yes Password ID
    WeakPassword String Yes Password
    CreateTime String No Creation time
    ModifyTime String No Modification time

    BashEvent

    High-risk command data

    Used by actions: DescribeBashEvents.

    Name Type Description
    Id Integer Data ID
    Uuid String CWPP ID
    Quuid String Server ID
    Hostip String Host private IP address
    User String Username for execution
    Platform Integer Platform type
    BashCmd String Executed commands
    RuleId Integer Rule ID
    RuleName String Rule name
    RuleLevel Integer Rule level: 1 - high-risk 2 - medium-risk; 3 - low-risk
    Status Integer Processing status: 0 - pending; 1 - processed; 2 - allowlisted; 3 - ignored
    CreateTime String Occurrence time
    MachineName String Server name
    DetectBy Integer 0: bash log; 1: real-time monitoring (thunder edition)
    Note: This field may return null, indicating that no valid values can be obtained.
    Pid String Process ID
    Note: This field may return null, indicating that no valid values can be obtained.
    Exe String Process name
    Note: This field may return null, indicating that no valid values can be obtained.
    ModifyTime String Processing time
    Note: This field may return null, indicating that no valid values can be obtained.
    RuleCategory Integer Rule category: 0 - system rule; 1 - user rule
    Note: This field may return null, indicating that no valid values can be obtained.
    RegexBashCmd String Automatically generated regular expression\nNote: This field may return null, indicating that no valid values can be obtained.
    HostName String Host HostName
    Note: This field may return null, indicating that no valid values can be obtained.

    BashEventNew

    High-risk command data (new)

    Used by actions: DescribeBashEventsNew.

    Name Type Description
    Id Integer Data ID
    Uuid String CWPP ID
    Quuid String Host ID
    HostIp String Host private IP address
    User String Username for execution
    Platform Integer Platform type
    BashCmd String Execute commands
    RuleId Integer Rule ID
    RuleName String Rule name
    RuleLevel Integer Rule level: 1: high-risk 2: medium-risk; 3: low-risk
    Status Integer Processing status: 0: pending; 1: processed; 2: allowlisted; 3: ignored
    CreateTime String Occurrence time
    MachineName String Host name
    DetectBy Integer 0: bash log; 1: real-time monitoring (Leiting edition)
    Note: This field may return null, indicating that no valid values can be obtained.
    Pid String Process ID
    Note: This field may return null, indicating that no valid values can be obtained.
    Exe String Process name
    Note: This field may return null, indicating that no valid values can be obtained.
    ModifyTime String Processing time
    Note: This field may return null, indicating that no valid values can be obtained.
    RuleCategory Integer Rule category. 0: system rule; 1: user rule
    Note: This field may return null, indicating that no valid values can be obtained.
    RegexBashCmd String Automatically generated regular expression
    Note: This field may return null, indicating that no valid values can be obtained.
    MachineType Integer 0: normal; 1: Professional edition; 2: Ultimate edition
    Note: This field may return null, indicating that no valid values can be obtained.
    MachineExtraInfo MachineExtraInfo Additional Information on Machine
    Note: This field may return null, indicating that no valid values can be obtained.

    BashEventsInfo

    Details of high-risk command data

    Used by actions: DescribeBashEventsInfo.

    Name Type Description
    Id Integer Data ID
    Uuid String Yunjing ID
    Quuid String Host ID
    HostIp String Host private IP address
    Platform Integer Platform type
    BashCmd String Executed commands
    RuleId Integer Rule ID equals 0 indicating that the rule has been deleted or the effective scope has been modified.
    RuleName String Rule name
    RuleLevel Integer Rule level: 1 - high-risk 2 - medium-risk; 3 - low-risk
    Status Integer Processing status. 0: Pending; 1: Processed; 2: Whitelisted; 3: Ignored
    CreateTime String Occurrence time
    MachineName String Host name
    Exe String Process name
    Note: This field may return null, indicating that no valid values can be obtained.
    ModifyTime String Processing time
    Note: This field may return null, indicating that no valid values can be obtained.
    RuleCategory Integer Rule category: 0 - system rule; 1 - user rule
    Note: This field may return null, indicating that no valid values can be obtained.
    RegexBashCmd String Automatically generated regular expression
    Note: This field may return null, indicating that no valid values can be obtained.
    PsTree String Process tree json pid: process ID; exe: file path; account: groups and users to which the process belongs; cmdline: command execution; ssh_service: ssh service IP, ssh_source: log-in source
    Note: This field may return null, indicating that no valid values can be obtained.
    SuggestScheme String Recommended solution
    Note: This field may return null, indicating that no valid values can be obtained.
    HarmDescribe String Description
    Note: This field may return null, indicating that no valid values can be obtained.
    Tags Array of String Tag
    Note: This field may return null, indicating that no valid values can be obtained.
    References Array of String Reference link
    Note: This field may return null, indicating that no valid values can be obtained.
    MachineWanIp String Host public IP address
    Note: This field may return null, indicating that no valid values can be obtained.
    MachineStatus String Host online status: OFFLINE ONLINE
    Note: This field may return null, indicating that no valid values can be obtained.
    User String Log-in user
    Note: This field may return null, indicating that no valid values can be obtained.
    Pid String Process ID
    Note: This field may return null, indicating that no valid values can be obtained.
    DetectBy String Data source
    Note: This field may return null, indicating that no valid values can be obtained.

    BashEventsInfoNew

    Details of high-risk command data (new)

    Used by actions: DescribeBashEventsInfoNew.

    Name Type Description
    Id Integer Data ID
    Uuid String CWPP ID
    Quuid String Host ID
    HostIp String Host private IP address
    Platform Integer Platform type
    BashCmd String Executed commands
    RuleId Integer Rule ID equals 0 indicating that the rule has been deleted or the effective scope has been modified.
    RuleName String Rule name
    RuleLevel Integer Rule level: 1 - high-risk 2 - medium-risk; 3 - low-risk
    Status Integer Processing status: 0: Pending; 1: Processed; 2: Whitelisted; 3: Ignored
    CreateTime String Occurrence time
    MachineName String Host name
    Exe String Process name
    Note: This field may return null, indicating that no valid values can be obtained.
    ModifyTime String Processing time
    Note: This field may return null, indicating that no valid values can be obtained.
    RuleCategory Integer Rule category. 0 - system rule; 1 - user rule
    Note: This field may return null, indicating that no valid values can be obtained.
    RegexBashCmd String Automatically generated regular expression
    Note: This field may return null, indicating that no valid values can be obtained.
    PsTree String Process tree json pid: process ID; exe: file path; account: groups and users to which the process belongs; cmdline: command execution; ssh_service: ssh service IP, ssh_source: log-in source
    Note: This field may return null, indicating that no valid values can be obtained.
    SuggestScheme String Recommended solution
    Note: This field may return null, indicating that no valid values can be obtained.
    HarmDescribe String Description
    Note: This field may return null, indicating that no valid values can be obtained.
    Tags Array of String Tag
    Note: This field may return null, indicating that no valid values can be obtained.
    References Array of String Reference link
    Note: This field may return null, indicating that no valid values can be obtained.
    MachineWanIp String Host public IP address
    Note: This field may return null, indicating that no valid values can be obtained.
    MachineStatus String Host online status: OFFLINE; ONLINE
    Note: This field may return null, indicating that no valid values can be obtained.
    User String Log-in user
    Note: This field may return null, indicating that no valid values can be obtained.
    Pid String Process ID
    Note: This field may return null, indicating that no valid values can be obtained.
    MachineType Integer 0: normal; 1: professional version; 2: ultimate edition
    Note: This field may return null, indicating that no valid values can be obtained.
    DetectBy Integer Source of Detection: 0: bash log; 1: real-time monitoring
    Note: This field may return null, indicating that no valid values can be obtained.

    BashPolicy

    High-risk command policy

    Used by actions: DescribeBashPolicies, ModifyBashPolicy.

    Name Type Required Description
    Name String Yes Policy name
    Enable Integer Yes 1: valid; 0: invalid
    White Integer Yes 0: blocklist; 1: allowlist
    BashAction Integer Yes 0: alarm; 1: allowlist; 2: intercept
    Rule String Yes Regular expression
    Level Integer Yes Risk level (0: none; 1: high-risk; 2: medium-risk; 3: low-risk)
    Scope Integer Yes Effective scope (0: a group of QUUID; 1: all professional editions (including ultimate edition); 2: all ultimate editions; 3: all hosts)
    Id Integer No Policy ID
    Descript String No Policy description
    Note: This field may return null, indicating that no valid values can be obtained.
    EventId Integer No When it is added to the allowlist, the EventId needs to be passed in.Note: This field may return null, indicating that no valid values can be obtained.
    DealOldEvents Integer No Whether to process old events as allowlisted ones: 0 - no; 1 - yes
    Note: This field may return null, indicating that no valid values can be obtained.
    Quuids Array of String No A collection of QUUIDs for effective hosts
    Note: This field may return null, indicating that no valid values can be obtained.
    Category Integer No Policy type: 0 - system; 1 - user
    CreateTime String No Creation time
    ModifyTime String No Modification time
    Uuids Array of String No Compatibility with older versions may be needed.

    BashRule

    High-risk command rules

    Used by actions: DescribeBashRules.

    Name Type Description
    Id Integer Rule ID
    Uuid String Client ID
    Name String Rule name
    Level Integer Risk level (0: none, 1: high-risk, 2: medium-risk, 3: low-risk)
    Rule String Regular expression
    Operator String Operator
    IsGlobal Integer Whether a global rule
    Status Integer Status (0: valid; 1: invalid)
    CreateTime String Creation time
    ModifyTime String Modification time
    Hostip String Host IP
    Uuids Array of String Arrays of UUIDs for servers to be effective
    Note: This field may return null, indicating that no valid values can be obtained.
    White Integer 0= blocklist; 1= allowlist
    Note: This field may return null, indicating that no valid values can be obtained.
    DealOldEvents Integer Whether to process previous events: 0: do not process; 1: process
    Note: This field may return null, indicating that no valid values can be obtained.
    Description String Rule description
    Note: This field may return null, indicating that no valid values can be obtained.

    BroadcastInfo

    Security report article details

    Used by actions: DescribeSecurityBroadcastInfo.

    Name Type Description
    Title String Article name
    Note: This field may return null, indicating that no valid values can be obtained.
    GotoType Integer Redirection location: 0: no redirection; 1: virus scanning; 2: vulnerability scan; 3: security baseline
    Note: This field may return null, indicating that no valid values can be obtained.
    Subtitle String Subtitle
    CreateTime String Release time
    Content String Rich text content information
    Id Integer Article unique ID
    Type Integer Type: 0: emergency notification; 1: feature update; 2: industry honor; 3: version release

    Broadcasts

    Security report list

    Used by actions: DescribeSecurityBroadcasts.

    Name Type Description
    Title String Article name
    Note: This field may return null, indicating that no valid values can be obtained.
    Type Integer Type: 0: emergency notification; 1: feature update; 2: industry honor; 3: version release
    Note: This field may return null, indicating that no valid values can be obtained.
    Subtitle String Subtitle
    CreateTime String Release time
    Id Integer Article unique ID
    Level Integer Severity level. 0: none; 1: critical; 2: high-risk; 3: medium-risk; 4: low-risk

    BruteAttackInfo

    Password cracking list entity

    Used by actions: DescribeBruteAttackList.

    Name Type Description
    Id Integer Unique ID
    Uuid String CWPP client UUID
    Note: This field may return null, indicating that no valid values can be obtained.
    MachineIp String Host IP address
    Note: This field may return null, indicating that no valid values can be obtained.
    MachineName String Host name
    Note: This field may return null, indicating that no valid values can be obtained.
    UserName String Username
    Note: This field may return null, indicating that no valid values can be obtained.
    SrcIp String Source IP address
    Note: This field may return null, indicating that no valid values can be obtained.
    Status String SUCCESS: cracking successful; FAILED: cracking failed
    Note: This field may return null, indicating that no valid values can be obtained.
    Country Integer Country/Region ID
    Note: This field may return null, indicating that no valid values can be obtained.
    City Integer City ID
    Note: This field may return null, indicating that no valid values can be obtained.
    Province Integer Province ID
    Note: This field may return null, indicating that no valid values can be obtained.
    CreateTime String Creation time
    Note: This field may return null, indicating that no valid values can be obtained.
    BanStatus Integer 0: no blocking (not supported for the client version)1: blocked
    2: blocking failed (program exception)
    3: no blocking (do not block for the private network)
    4: availability zone does not support blocking
    10: blocking
    81: no blocking (blocking disabled)
    82: no blocking (non-Pro Edition)
    83: no blocking (added to the allowlist)
    86: no blocking (system allowlist)
    87: no blocking (client offline)
    Note: This field may return null, indicating that no valid values can be obtained.
    EventType Integer Event type. 200: brute force cracking event; 300: event of successful brute force cracking (page display); 400: event of brute force cracking on a non-existent account.Note: This field may return null, indicating that no valid values can be obtained.
    Count Integer Occurrence count
    Note: This field may return null, indicating that no valid values can be obtained.
    Quuid String Machine UUID
    Note: This field may return null, indicating that no valid values can be obtained.
    IsProVersion Boolean Whether it is of the Pro Edition (true/false)
    Note: This field may return null, indicating that no valid values can be obtained.
    Protocol String Username of the attacked service
    Note: This field may return null, indicating that no valid values can be obtained.
    Port Integer Port
    Note: This field may return null, indicating that no valid values can be obtained.
    ModifyTime String Last attack time
    Note: This field may return null, indicating that no valid values can be obtained.
    InstanceId String Instance ID
    Note: This field may return null, indicating that no valid values can be obtained.
    DataStatus Integer 0: pending; 1: ignored; 5: fixed; 6: added to allowlist
    Note: This field may return null, indicating that no valid values can be obtained.
    MachineExtraInfo MachineExtraInfo Additional information
    Note: This field may return null, indicating that no valid values can be obtained.
    Location String Geo-location in Chinese
    Note: This field may return null, indicating that no valid values can be obtained.
    RiskLevel Integer Threat level. 0: low-risk; 1: medium-risk; 2: high-risk.Note: This field may return null, indicating that no valid values can be obtained.
    DataFrom Integer Event source. 0: blocking rule; 1: threat intelligence.Note: This field may return null, indicating that no valid values can be obtained.
    AttackStatusDesc String Description of the brute force cracking status
    Note: This field may return null, indicating that no valid values can be obtained.
    BanExpiredTime String Blocking expiration time (valid only for events in blocking status)
    Note: This field may return null, indicating that no valid values can be obtained.

    BruteAttackRule

    Standard blocking mode rule

    Used by actions: ModifyBruteAttackRules.

    Name Type Required Description
    TimeRange Integer Yes Timeframe of the brute force event (unit: second)
    LoginFailTimes Integer Yes Number of failed attempts during the brute force event

    BruteAttackRuleList

    List of rules for determining brute force cracking

    Used by actions: DescribeBruteAttackRules.

    Name Type Description
    TimeRange Integer Timeframe of the brute force cracking event (unit: second)
    LoginFailTimes Integer Number of failed attempts during the brute force cracking event
    Enable Boolean Whether the rule is empty. If yes, fill in the default rule.
    TimeRangeDefault Integer Occurrence time range of brute force cracking events, in seconds (default rule)
    LoginFailTimesDefault Integer Number of failed brute force cracking events (default rule)

    CKafkaInstanceInfo

    CKafka instance information

    Used by actions: DescribeLogDeliveryKafkaOptions.

    Name Type Description
    InstanceID String Instance ID
    InstanceName String Instance name
    KafkaVersion String Version No.
    TopicList Array of CKafkaTopicInfo Topic list
    Note: This field may return null, indicating that no valid values can be obtained.
    RouteList Array of CKafkaRouteInfo Routing List
    DiskSize Integer Disk capacity (unit: GB)
    VpcId String vpcId. Leaving it blank indicates a basic network.
    SubnetId String Subnet ID
    Healthy Integer Status: 1 - healthy; 2 - alarm; 3 - abnormal instance status
    Zone String Availability zone
    Az String Region
    Bandwidth Integer Instance bandwidth (unit: Mbps)

    CKafkaRouteInfo

    CKafka domain name information

    Used by actions: DescribeLogDeliveryKafkaOptions.

    Name Type Description
    RouteID Integer Routing ID
    Domain String Domain name
    DomainPort Integer Domain Port
    Vip String Virtual IP
    VipType Integer Virtual IP Type
    AccessType Integer Access type

    CKafkaTopicInfo

    CKafka topic name

    Used by actions: DescribeLogDeliveryKafkaOptions.

    Name Type Description
    TopicID String Topic ID
    TopicName String Topic name

    CanFixVulInfo

    Host information for batch vulnerability fixing

    Used by actions: DescribeCanFixVulMachine.

    Name Type Description
    VulId Integer Vulnerability ID
    Note: This field may return null, indicating that no valid values can be obtained.
    VulName String Vulnerability name
    Note: This field may return null, indicating that no valid values can be obtained.
    HostList Array of VulInfoHostInfo Information on hosts where this vulnerability can be fixed
    Note: This field may return null, indicating that no valid values can be obtained.
    FixTag Array of String Fixing prompt tag
    Note: This field may return null, indicating that no valid values can be obtained.
    VulCategory Integer

    CanNotSeparateInfo

    Information on machine with non-isolatable Trojan

    Used by actions: DescribeCanNotSeparateMachine.

    Name Type Description
    Quuid String Host QUUID
    Uuid String Host UUID
    Alias String Server name
    PrivateIp String Private IP address
    PublicIp String Public IP
    Reason Integer Reason for isolation failure: 1 - agent offline

    ComponentStatistics

    Component statistics

    Used by actions: DescribeComponentStatistics.

    Name Type Description
    Id Integer Component ID
    MachineNum Integer Number of hosts
    ComponentName String Component name
    ComponentType String Component type
  • WEB: Web component
  • SYSTEM: system component
  • Description String Component description

    CreateVulFixTaskQuuids

    Create QUUIDs for fixing tasks

    Used by actions: CreateVulFix.

    Name Type Required Description
    VulId Integer Yes Vulnerability ID
    Quuids Array of String Yes Hosts that need to fix vulnerabilities. All hosts need to have the vulnerability with the ID of VulId and be in a pending fix status.
    FixMethod Integer No

    DefaultStrategyInfo

    Default policy basic information

    Used by actions: DescribeBaselineDefaultStrategyList.

    Name Type Description
    StrategyName String Policy name
    StrategyId Integer Policy ID

    DefendAttackLog

    Network attack log

    Used by actions: DescribeAttackLogs.

    Name Type Description
    Id Integer Log ID
    Uuid String Client ID
    SrcIp String Source IP
    SrcPort Integer Source port
    HttpMethod String Attack method
    HttpCgi String Attack description
    HttpParam String Attack parameter
    VulType String Threat type
    CreatedAt String Attack time
    MachineIp String Target server IP
    MachineName String Target server name
    DstIp String Target IP
    DstPort Integer Target port
    HttpContent String Attack content
    MachineExtraInfo MachineExtraInfo Host Additional Information
    Note: This field may return null, indicating that no valid values can be obtained.

    DeliverTypeDetails

    Log shipping type details

    Used by actions: DescribeLogKafkaDeliverInfo, ModifyLogKafkaAccess.

    Name Type Required Description
    SecurityType Integer Yes Security module type. 1: intrusion detection; 2: vulnerability management; 3: baseline management; 4: advanced defense; 5: client security; 6: asset fingerprint; 7: host list; 8: client reporting.
    LogType Array of Integer Yes Type of logs of the security module
    TopicId String Yes Topic ID
    TopicName String Yes Topic name
    Switch Integer Yes Shipping enabling status. 0: disabled; 1: enabled.
    Status Integer No Shipping status. 0: disabled; 1: normal; 2: abnormal.
    ErrInfo String No Error message
    StatusTime Integer No Timestamp of last status reporting
    LogName String No Logset name
    LogSetId String No Logset ID
    Region String No Logset region

    DuplicateHosts

    Batch add to allowlists

    Used by actions: AddLoginWhiteLists, CreateBanWhiteList.

    Name Type Description
    Quuid String Quuid
    Note: This field may return null, indicating that no valid values can be obtained.
    Uuid String Uuid
    Note: This field may return null, indicating that no valid values can be obtained.
    Id Integer Id

    EmergencyResponseInfo

    Expert service - emergency response information

    Used by actions: DescribeEmergencyResponseList.

    Name Type Description
    TaskId String Task ID
    HostNum Integer Number of hosts
    Status Integer
    StartTime String Service start time
    EndTime String Service end time
    ReportPath String Report download link

    EmergencyVul

    Emergency vulnerability information

    Used by actions: DescribeEmergencyVulList.

    Name Type Description
    VulId Integer Vulnerability ID
    Level Integer Vulnerability level
    VulName String Vulnerability name
    PublishDate String Release date
    Category Integer Vulnerability category
    Status Integer Vulnerability status. 0: not detected; 1: at risk; 2: not at risk; 3: show progress during check
    LastScanTime String Last scan time
    Progress Integer Scan progress
    CveId String CVE ID
    Note: This field may return null, indicating that no valid values can be obtained.
    CvssScore Float CVSS score
    Note: This field may return null, indicating that no valid values can be obtained.
    Labels String Vulnerability Tags, Separated by Multiple Commas
    Note: This field may return null, indicating that no valid values can be obtained.
    HostCount Integer Number of affected machines
    Note: This field may return null, indicating that no valid values can be obtained.
    IsSupportDefense Integer Whether to support defense: 0: no; 1: yes
    Note: This field may return null, indicating that no valid values can be obtained.
    DefenseAttackCount Integer Number of Attacks Defended
    Note: This field may return null, indicating that no valid values can be obtained.
    Method Integer Detection rule: 0: version comparison; 1: POC verification
    Note: This field may return null, indicating that no valid values can be obtained.
    AttackLevel Integer Attack intensity level
    Note: This field may return null, indicating that no valid values can be obtained.
    DefenseState Boolean Whether vulnerability defense is enabled on hosts with vulnerabilities
    Note: This field may return null, indicating that no valid values can be obtained.

    EventStat

    Unprocessed security event statistics

    Used by actions: DescribeSecurityEventStat.

    Name Type Description
    EventsNum Integer Number of events
    MachineAffectNum Integer Number of affected hosts

    ExpertServiceOrderInfo

    Expert service order information

    Used by actions: DescribeAvailableExpertServiceDetail, DescribeExpertServiceOrderList.

    Name Type Description
    OrderId Integer Order ID
    InquireType Integer Order type. 1: emergency; 2: Ultimate Edition important period guarantee; 3: security manager.
    InquireNum Integer Number of services
    BeginTime String Service start time
    EndTime String Service end time
    ServiceTime Integer Service duration, in months
    Status Integer Order status. 0: not started; 1: in service; 2: expired; 3: completed; 4: refunded and terminated.

    ExportInfo

    Task list of downloaded logs

    Used by actions: DescribeLogExports.

    Name Type Description
    ExportId String Task ID of exported logs
    Query String Query statements of log export
    FileName String Filenames of exported logs
    FileSize Integer Log file size
    Order String Sorting of log export time
    Format String Log export format
    Count Integer Number of logs to be exported
    Status String Log download status. Processing: export in progress; Completed: export completed; Failed: export failed; Expired: log export expired (valid for 3 days).
    StartTime Integer Start time of log export, with a millisecond-level UNIX timestamp
    EndTime Integer End time of log export, with a millisecond-level UNIX timestamp
    CosPath String Log export path
    CreateTime String Creation time of log export

    FieldValueRatioInfo

    Quick analysis of statistics data

    Used by actions: DescribeFastAnalysis.

    Name Type Description
    Count Integer Number
    Ratio Float Ratio
    Value String Value

    FileTamperEvent

    Core file monitoring event

    Used by actions: DescribeFileTamperEvents.

    Name Type Description
    HostName String Machine Name
    HostIp String Machine IP
    CreateTime String Occurrence time
    ModifyTime String Last occurrence time
    Id Integer Event ID
    Uuid String Host UUID
    Quuid String cvm id
    Type Integer Event Type/Action. 0 - Alarm
    ProcessExe String Process path
    ProcessArgv String Process parameter
    Target String Target file path
    Status Integer Processing Status. 0 - Pending; 1 - Allowlisted; 2 - Deleted; 3 - Ignored; 4 - Manually Processed
    EventCount Integer Event Occurrences
    RuleId Integer Rule ID
    RuleName String Rule name
    Pstree String Event Details: JSON Format
    RuleCategory Integer Rule Type. 0 - System Rule; 1 - Custom Rule
    MachineStatus String Host Online Information: ONLINE, OFFLINE
    Description String Severity description
    Suggestion String Remediation Suggestions
    PrivateIp String Private IP address
    ExePermission String Process permission
    UserName String Username
    UserGroup String User group
    ExeMd5 String Process name
    ExeSize Integer Process File Size
    ExeTime Integer Process Execution Duration
    TargetSize Integer Target file size
    TargetPermission String Target File Permissions
    TargetModifyTime String Target File Update Time
    Note: This field may return null, indicating that no valid values can be obtained.
    TargetCreatTime String Target File Creation Time
    Note: This field may return null, indicating that no valid values can be obtained.
    ExePid Integer Process PID
    TargetName String File name
    Reference String Reference link
    Level Integer Risk Level. 0: None; 1: High-Risk; 2: Medium-Risk; 3: Low-Risk
    ExeName String Process name
    Note: This field may return null, indicating that no valid values can be obtained.
    MachineExtraInfo MachineExtraInfo Host Additional Information
    Note: This field may return null, indicating that no valid values can be obtained.
    FileAction String File threat behavior
  • read: read file
  • write: modify file

  • Note: This field may return null, indicating that no valid values can be obtained.

    FileTamperRule

    Core file monitoring rules

    Used by actions: DescribeFileTamperEventRuleInfo, DescribeFileTamperRuleInfo, DescribeMachineFileTamperRules, ModifyFileTamperRule.

    Name Type Required Description
    ProcessPath String Yes Process path
    Target String Yes Accessed file path
    Action String Yes Recommended action: skip: skip; alarm: alert
    FileAction String No Monitoring behavior
  • read: read file
  • write: modify file
  • read-write: read and modify file

  • Note: This field may return null, indicating that no valid values can be obtained.

    FileTamperRuleCount

    Information on Number of Host-associated Core File Rules

    Used by actions: DescribeFileTamperRuleCount.

    Name Type Description
    Uuid String Host UUID
    Count Integer Number of Association Rules
    Name String Name of the Association Rule (Show Only One of Them)
    Note: This field may return null, indicating that no valid values can be obtained.

    FileTamperRuleDetail

    Core File Monitoring Rule Details

    Used by actions: DescribeFileTamperEventRuleInfo, DescribeFileTamperRuleInfo.

    Name Type Description
    Name String Rule name
    Note: This field may return null, indicating that no valid values can be obtained.
    ModifyTime String Update time
    CreateTime String Creation time
    Status Integer Status. 0: Enabled; 1: Disabled
    Rule Array of FileTamperRule Rule
    Uuids Array of String Effective Host UUID. Empty means all hosts, and returned number of entries can be controlled through parameters.
    Note: This field may return null, indicating that no valid values can be obtained.
    Id Integer Rule ID
    IsGlobal Integer Global Rule or Not (No by Default). 0: No; 1: Yes
    Level Integer Risk Level. 0: None; 1: High-Risk; 2: Medium-Risk; 3: Low-Risk
    UuidTotalCount Integer Total Number of Effective Hosts
    AddWhiteType String Allowlisted processing type
  • cur: add the current items to the allowlist
  • all: add all items that meet the conditions to the allowlist

  • Note: This field may return null, indicating that no valid values can be obtained.

    FileTamperRuleInfo

    List of core file monitoring rules

    Used by actions: DescribeFileTamperRules.

    Name Type Description
    Name String Rule name
    Note: This field may return null, indicating that no valid values can be obtained.
    RuleCategory Integer Rule Type. 0: System Rule; 1: User Rule
    HostCount Integer Number of affected hosts
    Note: This field may return null, indicating that no valid values can be obtained.
    ModifyTime String Update time
    CreateTime String Creation time
    Status Integer Status. 0: Enabled; 1: Disabled
    Id Integer Rule ID, which is set to 0 for system rules
    IsGlobal Integer Whether global 0: no; 1: yes
    Level Integer Risk Level. 0: None; 1: High-Risk; 2: Medium-Risk; 3: Low-Risk
    WriteRuleCount Integer Number of write entries for the sub-rule
    Note: This field may return null, indicating that no valid values can be obtained.
    ReadRuleCount Integer Number of read entries for the sub-rule
    Note: This field may return null, indicating that no valid values can be obtained.
    ReadWriteRuleCount Integer Number of read and write entries for the sub-rule
    Note: This field may return null, indicating that no valid values can be obtained.
    FileAction String Monitoring behavior
  • read: read file
  • write: modify file
  • read-write: read and modify file

  • Note: This field may return null, indicating that no valid values can be obtained.
    AddWhiteType String Allowlisted processing type
  • cur: add the current items to the allowlist
  • all: add all items that meet the conditions to the allowlist

  • Note: This field may return null, indicating that no valid values can be obtained.

    Filter

    Description key-value pair filter, which is used for conditional filtering queries. For example, filter by ID, name, and status.

    If there are multiple Filters, the logical relationship between them is AND.
    If multiple values exist in one filter, the logical relationship between these values is OR.

    • A maximum of 5 filters are allowed.
    • If a single filter has multiple values, the number of values cannot exceed 5.

    Used by actions: DescribeAccountStatistics, DescribeAssetMachineList, DescribeAssetPortInfoList, DescribeAssetProcessInfoList, DescribeAssetSystemPackageList, DescribeAssetUserList, DescribeAssetWebAppList, DescribeAssetWebFrameList, DescribeAssetWebLocationList, DescribeAttackEvents, DescribeAttackLogs, DescribeAttackTop, DescribeAttackTrends, DescribeBanWhiteList, DescribeBaselineHostDetectList, DescribeBaselineItemDetectList, DescribeBaselineItemList, DescribeBaselinePolicyList, DescribeBaselineWeakPasswordList, DescribeBashEvents, DescribeBashEventsNew, DescribeBashPolicies, DescribeBashRules, DescribeBruteAttackList, DescribeComponentStatistics, DescribeExportMachines, DescribeHistoryAccounts, DescribeHostLoginList, DescribeIgnoreHostAndItemConfig, DescribeLicenseBindSchedule, DescribeLoginWhiteCombinedList, DescribeLoginWhiteList, DescribeMachineDefenseCnt, DescribeMachineRiskCnt, DescribeMachines, DescribeMachinesSimple, DescribeMalWareList, DescribeMalwareWhiteList, DescribeMalwareWhiteListAffectList, DescribeNetAttackWhiteList, DescribeOpenPortStatistics, DescribePrivilegeRules, DescribeProcessStatistics, DescribeReverseShellEvents, DescribeReverseShellRules, DescribeRiskDnsEventList, DescribeRiskDnsList, DescribeRiskDnsPolicyList, DescribeRiskProcessEvents, DescribeSecurityEventStat, DescribeVulDefenceEvent, DescribeVulDefenceList, DescribeVulDefencePluginDetail, DescribeVulDefencePluginStatus, DescribeVulEffectHostList, DescribeVulEffectModules, DescribeVulStoreList, DescribeWebHookPolicy, DescribeWebHookReceiver, DescribeWebHookRules, ExportAssetMachineList, ExportAssetPortInfoList, ExportAssetProcessInfoList, ExportAssetSystemPackageList, ExportAssetUserList, ExportAssetWebAppList, ExportAssetWebFrameList, ExportAssetWebLocationList, ExportBaselineFixList, ExportBaselineHostDetectList, ExportBaselineItemDetectList, ExportJavaMemShellPlugins, ExportJavaMemShells, ExportNonlocalLoginPlaces, ExportRiskDnsEventList, ExportRiskDnsPolicyList, ExportRiskProcessEvents, ExportVulDefenceEvent, ExportVulDefenceList, ExportVulDefencePluginEvent, ExportVulEffectHostList, ExportVulList, ModifyBaselinePolicy.

    Name Type Required Description
    Name String Yes Name of filter key
    Values Array of String Yes One or more filter values
    ExactMatch Boolean No Fuzzy search

    Filters

    Description of key-value pair filter, which is used for conditional filtering queries. For example, filter by ID, name, and status.

    If there are multiple Filters, the logical relationship between them is AND.
    If there are multiple Values in the same Filter, the logical relationship between the Values under the same Filter is OR.

    Used by actions: DescribeBaselineEffectHostList, DescribeBaselineList, DescribeCanNotSeparateMachine, DescribeEmergencyResponseList, DescribeEmergencyVulList, DescribeExpertServiceList, DescribeExpertServiceOrderList, DescribeFileTamperEvents, DescribeFileTamperRules, DescribeIgnoreRuleEffectHostList, DescribeJavaMemShellList, DescribeJavaMemShellPluginInfo, DescribeJavaMemShellPluginList, DescribeLicenseBindList, DescribeLicenseList, DescribeMachineClearHistory, DescribeMaliciousRequestWhiteList, DescribeRansomDefenseBackupList, DescribeRansomDefenseEventsList, DescribeRansomDefenseMachineList, DescribeRansomDefenseRollBackTaskList, DescribeRansomDefenseStrategyList, DescribeRansomDefenseStrategyMachines, DescribeScanState, DescribeScanTaskDetails, DescribeTags, DescribeVulList, ExportAttackEvents, ExportBaselineEffectHostList, ExportBaselineList, ExportBashEvents, ExportBashEventsNew, ExportBashPolicies, ExportBruteAttacks, ExportFileTamperEvents, ExportFileTamperRules, ExportIgnoreRuleEffectHostList, ExportLicenseDetail, ExportMaliciousRequests, ExportMalwares, ExportPrivilegeEvents, ExportRansomDefenseBackupList, ExportRansomDefenseEventsList, ExportRansomDefenseMachineList, ExportRansomDefenseStrategyList, ExportRansomDefenseStrategyMachines, ExportReverseShellEvents, ExportScanTaskDetails, ExportVulDetectionReport, ModifyEventAttackStatus, ModifyRiskEventsStatus.

    Name Type Required Description
    Name String Yes Name of filter key
    Values Array of String Yes One or more filter values
    ExactMatch Boolean No Whether to use fuzzy match. It will be handled by the front-end and can be ignored.

    FullTextInfo

    Configuration for full-text index

    Used by actions: DescribeLogIndex.

    Name Type Description
    CaseSensitive Boolean Whether case-sensitive
    Tokenizer String Delimiter
    ContainZH Boolean Whether Chinese characters are contained.

    HistoryAccount

    Account change history data

    Used by actions: DescribeHistoryAccounts.

    Name Type Description
    Id Integer Unique ID
    Uuid String CWPP client UUID
    MachineIp String Private IP address of the host
    MachineName String Host name
    Username String Username
    ModifyType String Account change type
  • CREATE: account creation
  • MODIFY: account modification
  • DELETE: account deletion
  • ModifyTime Timestamp Change time

    HostDesc

    Host information entity of the log-in audit allowlist

    Used by actions: DescribeLoginWhiteHostList.

    Name Type Description
    Quuid String Yunjing client ID
    Uuid String Host ID
    MachineName String Machine name
    MachineIp String Machine IP address. This parameter is left blank for terminated servers.
    MachineWanIp String Public IP address. This parameter is left blank for terminated servers.
    Tags Array of MachineTag Tag information array

    HostInfo

    Add the host information entity of the log-in audit allowlist.

    Used by actions: AddLoginWhiteLists, ModifyLoginWhiteRecord.

    Name Type Required Description
    Quuid String Yes Quuid
    Uuid String Yes Uuid

    HostLoginList

    Log-in audit list entity

    Used by actions: DescribeHostLoginList.

    Name Type Description
    Id Integer Record ID
    Uuid String UUID string
    Note: This field may return null, indicating that no valid values can be obtained.
    MachineIp String Host IP
    Note: This field may return null, indicating that no valid values can be obtained.
    MachineName String Host name
    Note: This field may return null, indicating that no valid values can be obtained.
    UserName String Username
    Note: This field may return null, indicating that no valid values can be obtained.
    SrcIp String Source IP
    Note: This field may return null, indicating that no valid values can be obtained.
    Status Integer 1: normal log-in; 2: cross-region log-in; 5: allowlisted; 14: processed; 15: ignored
    Country Integer Country/Region ID
    Note: This field may return null, indicating that no valid values can be obtained.
    City Integer City ID
    Note: This field may return null, indicating that no valid values can be obtained.
    Province Integer Province ID
    Note: This field may return null, indicating that no valid values can be obtained.
    LoginTime String Log-in time
    Note: This field may return null, indicating that no valid values can be obtained.
    ModifyTime String Modification time
    Note: This field may return null, indicating that no valid values can be obtained.
    IsRiskArea Integer Whether hit the exception of cross-region log-in: 1: yes; 0: no
    Note: This field may return null, indicating that no valid values can be obtained.
    IsRiskUser Integer Whether hit the exception of abnormal user: 1: yes; 0: no
    Note: This field may return null, indicating that no valid values can be obtained.
    IsRiskTime Integer Whether hit the exception of abnormal time: 1: yes; 0: no
    Note: This field may return null, indicating that no valid values can be obtained.
    IsRiskSrcIp Integer Whether hit the exception of abnormal IP: 1: yes; 0: no
    Note: This field may return null, indicating that no valid values can be obtained.
    RiskLevel Integer Risk level:
    0: high
    1: suspicious
    Note: This field may return null, indicating that no valid values can be obtained.
    Location String Location name
    Note: This field may return null, indicating that no valid values can be obtained.
    Quuid String Host QUUID
    Note: This field may return null, indicating that no valid values can be obtained.
    Desc String High-risk information description:
    ABROAD - overseas IP
    XTI - threat intelligence
    Note: This field may return null, indicating that no valid values can be obtained.
    MachineExtraInfo MachineExtraInfo Additional information
    Note: This field may return null, indicating that no valid values can be obtained.
    Port Integer Request destination port
    Note: This field may return null, indicating that no valid values can be obtained.

    HostLoginWhiteObj

    Add log-in audit allowlist entity

    Used by actions: AddLoginWhiteLists.

    Name Type Required Description
    Places Array of Place Yes Allowlisted region
    SrcIp String Yes Allowlisted source IP address. IP ranges are supported. Multiple IPs are separated by commas.
    UserName String Yes Allowlisted username separated by commas
    IsGlobal Integer Yes Whether the allowlist is effective globally. 1: all hosts; 0: only a single host.
    HostInfos Array of HostInfo Yes List of information on machines where the allowlist is effective
    Remark String No Remarks
    StartTime String No Start time
    EndTime String No End time

    HostTagInfo

    Host and host tag information

    Used by actions: DescribeHostInfo.

    Name Type Description
    Quuid String Host QUUID
    Note: This field may return null, indicating that no valid values can be obtained.
    TagList Array of String Host tag name array
    Note: This field may return null, indicating that no valid values can be obtained.
    HostIp String Host intranet IP
    Note: This field may return null, indicating that no valid values can be obtained.
    AliasName String Host name
    Note: This field may return null, indicating that no valid values can be obtained.
    MachineWanIp String Host public IP address
    Note: This field may return null, indicating that no valid values can be obtained.
    Uuid String Host UUID
    Note: This field may return null, indicating that no valid values can be obtained.
    KernelVersion String Kernel version number
    Note: This field may return null, indicating that no valid values can be obtained.
    MachineStatus String Host online status: ONLINE; OFFLINE
    Note: This field may return null, indicating that no valid values can be obtained.
    ProtectType String Protection version: BASIC_VERSION - Basic Edition PRO_VERSION - Professional Edition; Flagship: Ultimate Edition
    Note: This field may return null, indicating that no valid values can be obtained.
    VulNum Integer Number of vulnerabilities
    Note: This field may return null, indicating that no valid values can be obtained.
    CloudTags Array of Tags Cloud Tag Information
    Note: This field may return null, indicating that no valid values can be obtained.
    InstanceID String Host Instance ID
    Note: This field may return null, indicating that no valid values can be obtained.

    IgnoreBaselineRule

    Information on the ignored baseline check item

    Used by actions: DescribeIgnoreBaselineRule.

    Name Type Description
    RuleName String Baseline check item name
    Note: This field may return null, indicating that no valid values can be obtained.
    RuleId Integer Baseline check item ID
    Note: This field may return null, indicating that no valid values can be obtained.
    ModifyTime String Update time
    Note: This field may return null, indicating that no valid values can be obtained.
    Fix String Fixing suggestions
    Note: This field may return null, indicating that no valid values can be obtained.
    EffectHostCount Integer Number of affected hosts
    Note: This field may return null, indicating that no valid values can be obtained.

    IgnoreRuleEffectHostInfo

    Information of hosts affected by ignoring detection items

    Used by actions: DescribeIgnoreRuleEffectHostList.

    Name Type Description
    HostName String Host name
    Note: This field may return null, indicating that no valid values can be obtained.
    Level Integer Severity level: 1: low-risk; 2: medium-risk; 3: high-risk; 4: critical
    Note: This field may return null, indicating that no valid values can be obtained.
    TagList Array of String Host tag array
    Note: This field may return null, indicating that no valid values can be obtained.
    Status Integer Status: 0: failed; 1: ignore; 3: passed; 5: detecting
    Note: This field may return null, indicating that no valid values can be obtained.
    LastScanTime String Last check time
    Note: This field may return null, indicating that no valid values can be obtained.
    EventId Integer Event ID
    Note: This field may return null, indicating that no valid values can be obtained.
    Quuid String Host QUUID
    Note: This field may return null, indicating that no valid values can be obtained.

    IncidentVertexInfo

    Event point information

    Used by actions: DescribeAlarmIncidentNodes.

    Name Type Description
    IncidentId String Event ID
    Note: This field may return null, indicating that no valid values can be obtained.
    TableName String The name of the table where the event occurred
    Note: This field may return null, indicating that no valid values can be obtained.
    Vertex Array of VertexInfo A list of node information, with array items containing detailed node information
    Note: This field may return null, indicating that no valid values can be obtained.
    VertexCount Integer Total number of nodes
    Note: This field may return null, indicating that no valid values can be obtained.

    JavaMemShellDetail

    Java webshell event details

    Used by actions: DescribeJavaMemShellInfo.

    Name Type Description
    InstanceName String Container name
    InstanceState String Instance Status: RUNNING, STOPPED, SHUTDOWN...
    PrivateIp String Private IP address
    PublicIp String Public IP
    Type Integer Memory Trojan Type. 0: Filter Type; 1: Listener Type; 2: Servlet Type; 3: Interceptors Type; 4: Agent Type; 5: Other
    Description String Description
    CreateTime String First detection time
    RecentFoundTime String Last detection time
    Status Integer Processing Status. 0 - Pending; 1 - Allowlisted; 2 - Deleted; 3 - Ignored; 4 - Manually Processed
    ClassLoaderName String Java Loader Class Name
    SuperClassName String Parent class name
    Md5 String Class file MD5
    Interfaces String Inherited API
    Annotations String Annotation
    Pid Integer Process ID
    Exe String Java Process Path
    Args String Java process command line parameters
    ClassName String Class name
    ClassContent String Java Memory Horse Binary Code (base64)
    ClassContentPretty String Java Memory Trojan Decompilation Code
    EventDescription String Event description
    SecurityAdvice String Security advice
    MachineExtraInfo MachineExtraInfo Additional host information
    Note: This field may return null, indicating that no valid values can be obtained.
    MachineState String Instance status: RUNNING, STOPPED, SHUTDOWN...

    JavaMemShellInfo

    Java webshell event information

    Used by actions: DescribeJavaMemShellList.

    Name Type Description
    Id Integer Event ID
    Alias String Server name
    Note: This field may return null, indicating that no valid values can be obtained.
    HostIp String Server IP address
    Note: This field may return null, indicating that no valid values can be obtained.
    Type Integer Memory Trojan Type. 0: Filter Type; 1: Listener Type; 2: Servlet Type; 3: Interceptors Type; 4: Agent Type; 5: Other
    Description String Description
    CreateTime String First detection time
    RecentFoundTime String Last detection time
    Status Integer Processing Status. 0 - Pending; 1 - Allowlisted; 2 - Deleted; 3 - Ignored; 4 - Manually Processed
    Quuid String Server QUUID
    MachineExtraInfo MachineExtraInfo Host Additional Information
    Note: This field may return null, indicating that no valid values can be obtained.
    Uuid String Server UUID
    Note: This field may return null, indicating that no valid values can be obtained.

    JavaMemShellPluginInfo

    Java Memory Trojan Plugin Information

    Used by actions: DescribeJavaMemShellPluginInfo.

    Name Type Description
    Pid Integer Injection Process PID
    MainClass String Injection Process Main Class
    Status Integer Injection Status. 0: Injecting; 1: Injection Succeeded; 2: Plugin Timeout; 3: Plugin Exits; 4: Injection Failed; 5: Soft-delete
    ErrorLog String Error logs

    JavaMemShellPluginSetting

    Java Memory Trojan Plugin Configuration

    Used by actions: DescribeJavaMemShellPluginList.

    Name Type Description
    Quuid String Container QUUID
    Alias String Server name
    HostIp String Server IP address
    JavaShellStatus Integer Javashell Plugin Switch. 0: Off; 1: On
    Exception Integer Plugin Exception Status. 0: Normal; 1: Abnormal
    CreateTime String Creation time
    ModifyTime String Modification time
    Uuid String Server UUID
    Note: This field may return null, indicating that no valid values can be obtained.
    MachineExtraInfo MachineExtraInfo Host Additional Information
    Note: This field may return null, indicating that no valid values can be obtained.

    KeyValueArrayInfo

    Index key-value information

    Used by actions: DescribeLogIndex.

    Name Type Description
    Key String Field requiring Key-Value or Meta Field Index configuration
    Value ValueInfo Field index description

    KeyValueInfo

    Key-value index configuration

    Used by actions: DescribeLogIndex.

    Name Type Description
    CaseSensitive Boolean Whether case-sensitive
    KeyValues Array of KeyValueArrayInfo Information about the key-value pair to be indexed
    Note: This field may return null, indicating that no valid values can be obtained.

    LicenseBindDetail

    Authorize binding details

    Used by actions: DescribeLicenseBindList.

    Name Type Description
    MachineName String Machine Alias
    MachineWanIp String Machine Public IP address
    MachineIp String Machine Private IP address
    Quuid String CVM UUID
    Uuid String CWPP client UUID
    Tags Array of String Tag information
    AgentStatus String CWPP client status: OFFLINE, ONLINE, and UNINSTALL.
    IsUnBind Boolean Whether unbinding is allowed: false - unbinding is not allowed.
    IsSwitchBind Boolean Whether rebinding is allowed: false - rebinding is not allowed.
    MachineExtraInfo MachineExtraInfo Host Additional Information
    Note: This field may return null, indicating that no valid values can be obtained.

    LicenseBindTaskDetail

    Authorization binding task details

    Used by actions: DescribeLicenseBindSchedule.

    Name Type Description
    Quuid String CVM UUID
    ErrMsg String Error message
    Status Integer 0-in progress; 1-succeeded; 2-failed
    FixMessage String Fix suggestion
    MachineExtraInfo MachineExtraInfo Additional information of machine
    Note: This field may return null, indicating that no valid values can be obtained.

    LicenseDetail

    Authorization order list object

    Used by actions: DescribeLicenseList.

    Name Type Description
    LicenseId Integer Authorization ID
    LicenseType Integer Authorization type. 0: Pro Edition - pay-as-you-go; 1: Pro Edition - monthly subscription; 2: Ultimate Edition - monthly subscription.
    LicenseStatus Integer Authorization status. 0: not in use; 1: partially in use; 2: used up; 3: unavailable.
    Note: This field may return null, indicating that no valid values can be obtained.
    LicenseCnt Integer Total number of authorizations
    UsedLicenseCnt Integer Number of used authorizations
    OrderStatus Integer Order status. 1: normal; 2: isolated; 3: terminated.
    Deadline String Deadline
    ResourceId String Order resource ID
    AutoRenewFlag Integer 0: initialization; 1: automatic renewal; 2: no automatic renewal.
    ProjectId Integer Project ID
    TaskId Integer Task ID. Default value: 0. It is used to query the binding progress.
    BuyTime String Time of purchase
    SourceType Integer Whether the order is a trial order
    Alias String Resource alias
    Tags Array of Tags Platform Tag
    Note: This field may return null, indicating that no valid values can be obtained.
    FreezeNum Integer Number of frozen authorizations. 0: no authorization is frozen; other values: actual number of frozen authorizations.
    Note: This field may return null, indicating that no valid values can be obtained.

    LicenseOrder

    Authorization Order Object Content

    Used by actions: DescribeMachinesSimple.

    Name Type Description
    LicenseId Integer Authorization ID
    LicenseType Integer Authorization type
    Status Integer Authorization Order Resource Status
    SourceType Integer Order type
    ResourceId String Resource ID

    LogHistogram

    Result details of statistics within the histogram period

    Used by actions: DescribeLogHistogram.

    Name Type Description
    Count Integer Number of logs within the statistical period
    TimeStamp Integer Unix timestamp rounded by period, in ms

    LogInfo

    Log details

    Used by actions: SearchLog.

    Name Type Description
    Content String JSON serialized string of the log content
    FileName String Log file name
    Source String Log source IP address
    TimeStamp Integer Log time, in milliseconds

    LogStorageRecord

    Record of stored log size

    Used by actions: DescribeLogStorageRecord.

    Name Type Description
    Month String Year and month
    Note: This field may return null, indicating that no valid values can be obtained.
    UsedSize Integer Used storage capacity, in bytes
    Note: This field may return null, indicating that no valid values can be obtained.
    InquireSize Integer Total capacity, in bytes
    Note: This field may return null, indicating that no valid values can be obtained.

    LoginWhiteCombinedInfo

    Merge cross-region log-in allowlists

    Used by actions: DescribeLoginWhiteCombinedList.

    Name Type Description
    Places Array of Place Allowlist region
    Note: This field may return null, indicating that no valid values can be obtained.
    UserName String Allowlisted users (Multiple users are separated by commas.)
    SrcIp String Allowlisted IPs (Multiple IPs are separated by commas.)
    Locale String Region string
    Remark String Remarks
    StartTime String Start time
    EndTime String End time
    IsGlobal Integer Whether the settings take effect globally. 1: take effect globally; 0: take effect on the specified host list.
    Name String Allowlist name. If IsLocal is set to 1, the name is fixed as All servers. If the allowlist applies to only a single server, the name is the server's private IP Address. If the allowlist applies to multiple servers, the name is the number of servers, such as 11.
    Desc String Return the server name when the allowlist applies to only one server.
    Id Integer Allowlist ID
    CreateTime String Creation time
    ModifyTime String Last modification time
    Uuid String Server UUID
    Locations String Login Location

    LoginWhiteLists

    Cross-region log-in allowlist

    Used by actions: DescribeLoginWhiteList.

    Name Type Description
    Id Integer Record ID
    Uuid String Yunjing client ID
    Places Array of Place Allowlisted regions
    UserName String Allowlisted users (Multiple users are separated by commas.)
    SrcIp String Allowlisted IPs (Multiple IPs are separated by commas.)
    IsGlobal Boolean Whether a global rule
    CreateTime Timestamp Time of creating the allowlist
    ModifyTime Timestamp Time of modifying the allowlist
    MachineName String Machine name
    HostIp String Machine IP
    StartTime String Start time
    EndTime String End time

    Machine

    Host list

    Used by actions: DescribeMachines.

    Name Type Description
    MachineName String Host name.
    MachineOs String Host System.
    MachineStatus String Host status
  • OFFLINE: Offline
  • ONLINE: Online
  • SHUTDOWN: Shut down
  • UNINSTALLED: Unprotected
  • Uuid String Yunjing client UUID. If the client is offline for a long time, an empty string is returned.
    Quuid String CVM or BM Machine Unique UUID.
    VulNum Integer Number of vulnerabilities
    MachineIp String Host IP.
    IsProVersion Boolean Whether the edition is Pro Edition
  • true: yes
  • false: no
  • MachineWanIp String Public IP address of a host
    PayMode String Host status
  • POSTPAY: postpaid, indicating pay-as-you-go mode
  • PREPAY: prepaid, indicating monthly subscription mode
  • MalwareNum Integer Number of Trojans
    Tag Array of MachineTag Tag information
    BaselineNum Integer Number of baseline risks
    CyberAttackNum Integer Number of network risks
    SecurityStatus String Risk status
  • SAFE: Safe
  • RISK: Risk
  • UNKNOWN: Unknown
  • InvasionNum Integer Number of intrusion events
    RegionInfo RegionInfo Region information
    InstanceState String Instance status: TERMINATED_PRO_VERSION - terminated
    LicenseStatus Integer Tamper-proof; authorization status: 1 - authorized; 0 - unauthorized
    ProjectId Integer Project ID
    HasAssetScan Integer Whether there is an available asset scanning API: 0 - no; 1 - yes
    MachineType String Machine Zone Type. CVM - Cloud Virtual Machine; BM: Bare Metal; ECM: Edge Computing Machine; LH: Lightweight Application Server; Other: Hybrid Cloud Zone
    KernelVersion String Kernel version
    ProtectType String Protection version: BASIC_VERSION - Basic Edition; PRO_VERSION - Professional Edition; Flagship - Ultimate Edition; GENERAL_DISCOUNT - Inclusive Edition
    CloudTags Array of Tags Cloud Tag Information
    Note: This field may return null, indicating that no valid values can be obtained.
    IsAddedOnTheFifteen Integer Whether a host added within the last 15 days: 0: no; 1: yes
    Note: This field may return null, indicating that no valid values can be obtained.
    IpList String Host IP List
    Note: This field may return null, indicating that no valid values can be obtained.
    VpcId String Network
    Note: This field may return null, indicating that no valid values can be obtained.
    MachineExtraInfo MachineExtraInfo Additional information
    Note: This field may return null, indicating that no valid values can be obtained.
    InstanceId String Instance ID
    Remark String Remarks
    Note: This field may return null, indicating that no valid values can be obtained.

    MachineClearHistory

    Machine Cleanup Record Object

    Used by actions: DescribeMachineClearHistory.

    Name Type Description
    Id Integer ID Value
    InstanceId String Instance ID
    InstanceName String Instance name
    PublicIp String Public IP address
    PrivateIp String Private IP address
    AgentLastOfflineTime String Client Last Offline Time
    CreateTime String Creation time

    MachineExtraInfo

    Server Basic Information

    Used by actions: DescribeAssetAppList, DescribeAssetCoreModuleList, DescribeAssetDatabaseList, DescribeAssetEnvList, DescribeAssetInitServiceList, DescribeAssetJarList, DescribeAssetMachineDetail, DescribeAssetMachineList, DescribeAssetPlanTaskList, DescribeAssetPortInfoList, DescribeAssetProcessInfoList, DescribeAssetSystemPackageList, DescribeAssetUserList, DescribeAssetWebAppList, DescribeAssetWebFrameList, DescribeAssetWebLocationList, DescribeAssetWebServiceInfoList, DescribeAttackEventInfo, DescribeAttackEvents, DescribeAttackLogs, DescribeBaselineHostDetectList, DescribeBaselineItemList, DescribeBashEventsNew, DescribeBruteAttackList, DescribeDefenceEventDetail, DescribeFileTamperEvents, DescribeHostLoginList, DescribeIgnoreHostAndItemConfig, DescribeJavaMemShellInfo, DescribeJavaMemShellList, DescribeJavaMemShellPluginList, DescribeLicenseBindList, DescribeLicenseBindSchedule, DescribeMachines, DescribeMalWareList, DescribeMalwareInfo, DescribeReverseShellEvents, DescribeRiskDnsEventInfo, DescribeRiskDnsEventList, DescribeRiskProcessEvents, DescribeScanTaskDetails, DescribeScreenMachines, DescribeVulDefenceEvent, DescribeVulEffectHostList.

    Name Type Description
    WanIP String Public IP address
    Note: This field may return null, indicating that no valid values can be obtained.
    PrivateIP String Private IP address
    Note: This field may return null, indicating that no valid values can be obtained.
    NetworkType Integer Network Type. 1: VPC network; 2: Basic Network; 3: Non-Tencent Cloud Network
    Note: This field may return null, indicating that no valid values can be obtained.
    NetworkName String Network Name, returns vpc_id in the case of a VPC network
    Note: This field may return null, indicating that no valid values can be obtained.
    InstanceID String Instance ID
    Note: This field may return null, indicating that no valid values can be obtained.
    HostName String Host name
    Note: This field may return null, indicating that no valid values can be obtained.

    MachineFileTamperRule

    Query Details of Host-related Core File Monitoring Rules

    Used by actions: DescribeMachineFileTamperRules.

    Name Type Description
    Name String Rule name
    Note: This field may return null, indicating that no valid values can be obtained.
    RuleCategory Integer Rule Type. 0: System Rule; 1: User Rule
    Rule Array of FileTamperRule Rule
    Id Integer Unique ID

    MachineLicenseDetail

    Information on the authorization bound to the machine

    Used by actions: DescribeMachineLicenseDetail.

    Name Type Description
    Quuid String Host QUUID
    PayMode Integer xx
    ResourceId String xxx
    InquireKey String xxx
    SourceType Integer xxx

    MachineSimple

    Host List Shuttle Box

    Used by actions: DescribeMachinesSimple.

    Name Type Description
    MachineName String Host name.
    MachineOs String Host System.
    Uuid String Yunjing client UUID. If the client is offline for a long time, an empty string is returned.
    Quuid String CVM or BM Machine Unique UUID.
    MachineIp String Host IP.
    IsProVersion Boolean Whether the edition is Pro Edition
  • true: yes
  • false: no
  • MachineWanIp String Public IP address of the host
    PayMode String Host status
  • POSTPAY: postpaid, indicating pay-as-you-go mode
  • PREPAY: prepaid, indicating monthly subscription mode
  • Tag Array of MachineTag Tag information
    RegionInfo RegionInfo Region information
    InstanceState String Instance status. TERMINATED_PRO_VERSION: terminated.
    ProjectId Integer Project ID
    MachineType String Machine Zone Type. CVM - Cloud Virtual Machine; BM: Bare Metal; ECM: Edge Computing Machine; LH: Lightweight Application Server; Other: Hybrid Cloud Zone
    KernelVersion String Kernel version
    ProtectType String Protection Edition. BASIC_VERSION: Basic Edition; PRO_VERSION: Professional Edition; Flagship: Premium Edition; GENERAL_DISCOUNT: General Discount Edition
    LicenseOrder LicenseOrder Authorization order object
    Note: This field may return null, indicating that no valid values can be obtained.
    CloudTags Array of Tags Cloud Tag Information
    Note: This field may return null, indicating that no valid values can be obtained.
    InstanceId String Instance ID
    Note: This field may return null, indicating that no valid values can be obtained.

    MachineSnapshotInfo

    Machine snapshot information

    Used by actions: DescribeMachineSnapshot.

    Name Type Description
    Quuid String cvm id
    HostName String Host name
    HostIp String Host IP address
    SnapshotName String Snapshot name
    CreateTime String Snapshot creation time
    DiskId String Disk ID
    InstanceId String Instance ID
    RegionId Integer Region ID
    SnapshotId String Snapshot ID

    MachineTag

    Server tag information

    Used by actions: DescribeAssetAppList, DescribeAssetDatabaseList, DescribeAssetMachineList, DescribeAssetPortInfoList, DescribeAssetProcessInfoList, DescribeAssetWebAppList, DescribeAssetWebFrameList, DescribeAssetWebLocationList, DescribeAssetWebServiceInfoList, DescribeLoginWhiteHostList, DescribeMachines, DescribeMachinesSimple, DescribeRansomDefenseMachineList, DescribeRansomDefenseStrategyMachines.

    Name Type Description
    Rid Integer Associated tag ID
    Name String Tag name
    TagId Integer Tag ID

    MalWareList

    Trojan list

    Used by actions: DescribeMalWareList.

    Name Type Description
    HostIp String Server IP address
    Uuid String UUID
    FilePath String Path
    VirusName String Description
    Status Integer Status: 4-Pending, 5-Trusted, 6-Isolated, 8-Files Deleted, 14-Processed.
    Id Integer Unique ID
    Note: This field may return null, indicating that no valid values can be obtained.
    Alias String Host alias
    Tags Array of String Feature tag. This field has been deprecated, and no tag will be returned. Tags are returned in the details.
    Note: This field may return null, indicating that no valid values can be obtained.
    FileCreateTime String First running time
    Note: This field may return null, indicating that no valid values can be obtained.
    FileModifierTime String Last running time
    Note: This field may return null, indicating that no valid values can be obtained.
    CreateTime String Creation time
    LatestScanTime String Last scan time
    Level Integer Risk level. 0: unknown; 1: low; 2: medium; 3: high; 4: critical.
    CheckPlatform String Trojan detection platforms, separated with commas. 1: cloud security engine; 2: TAV; 3: BinaryAI; 4: abnormal behavior; 5: threat intelligence.
    ProcessExists Integer Whether the Trojan process exists. 0: no; 1: yes.
    FileExists Integer Whether the Trojan file exists. 0: no; 1: yes.
    Quuid String cvm quuid
    MD5 String Trojan sample MD5
    MachineExtraInfo MachineExtraInfo Additional information
    Note: This field may return null, indicating that no valid values can be obtained.

    MaliciousRequestWhiteListInfo

    Malicious request allowlist information

    Used by actions: DescribeMaliciousRequestWhiteList.

    Name Type Description
    Id Integer Allowlist ID
    Domain String Domain name
    Mark String Remarks
    CreateTime String Creation time
    ModifyTime String Update time

    MalwareInfo

    Malicious file details

    Used by actions: DescribeMalwareInfo.

    Name Type Description
    VirusName String Virus name
    FileSize Integer File size
    MD5 String File MD5
    FilePath String File address
    FileCreateTime String First running time
    FileModifierTime String Last running time
    HarmDescribe String Severity description
    SuggestScheme String Recommended solution
    ServersName String Server name
    HostIp String Server IP
    ProcessName String Process name
    ProcessID String Process ID
    Tags Array of String Tag Features
    Breadth String Impact breadth // Not provided currently
    Note: This field may return null, indicating that no valid values can be obtained.
    Heat String Search popularity // Not provided currently
    Note: This field may return null, indicating that no valid values can be obtained.
    Id Integer Unique ID
    FileName String File name
    CreateTime String First detection time
    LatestScanTime String Last scan time
    Reference String Reference link
    MachineWanIp String Public IP address
    Note: This field may return null, indicating that no valid values can be obtained.
    PsTree String Process tree in JSON format. pid: process ID; exe: file path; account: groups and users to which the process belongs; cmdline: executed commands; ssh_service: SSH service IP; ssh_source: log-in source
    .Note: This field may return null, indicating that no valid values can be obtained.
    MachineStatus String Online status of a host: OFFLINE and ONLINE
    Note: This field may return null, indicating that no valid values can be obtained.
    Status Integer Status. 4: pending; 5: trusted; 6: isolated.
    Note: This field may return null, indicating that no valid values can be obtained.
    Level Integer Risk level. 0: prompt; 1: low; 2: medium; 3: high; 4: critical.Note: This field may return null, indicating that no valid values can be obtained.
    CheckPlatform String Trojan detection platforms, separated with commas. 1: cloud security engine; 2: TAV; 3: BinaryAI; 4: abnormal behavior; 5: threat intelligence.Note: This field may return null, indicating that no valid values can be obtained.
    Uuid String Host UUID
    Note: This field may return null, indicating that no valid values can be obtained.
    ModifyTime String Last modification time
    Note: This field may return null, indicating that no valid values can be obtained.
    StrFileAccessTime String Last access time
    Note: This field may return null, indicating that no valid values can be obtained.
    MachineExtraInfo MachineExtraInfo Additional information
    Note: This field may return null, indicating that no valid values can be obtained.

    MalwareRisk

    List of information on malicious file risks

    Used by actions: DescribeMalwareRiskWarning.

    Name Type Description
    MachineIp String Machine IP
    VirusName String Virus name
    CreateTime String Detection time
    Id Integer Unique ID

    MalwareRiskOverview

    File Scan Overview Information

    Used by actions: DescribeMalwareRiskOverview.

    Name Type Description
    HostCount Integer Number of affected hosts
    ProcessCount Integer Exceptional Process Count
    FileCount Integer Number of Malicious Files
    IsFirstScan Boolean Is it the first Scan [false: No | true: Yes].
    ScanTime String Last scan time

    MalwareWhiteListAffectEvent

    Number of events hitting allowlists

    Used by actions: DescribeMalwareWhiteListAffectList.

    Name Type Description
    Id Integer Unique ID
    HostIp String Host IP
    Md5 String Affected md5
    FilePath String File path
    CreateTime String Add time

    MalwareWhiteListInfo

    Trojan allowlist information

    Used by actions: DescribeMalwareWhiteList.

    Name Type Description
    Id Integer Unique ID
    QuuidList String CVM QUUID (Separate multiple items with commas.)
    Md5List String md5 list (Separate multiple items with commas.)
    IsGlobal Integer Whether applies all hosts: 0 - no; 1 - yes
    Mode Integer Allowlist mode: 0 - MD5; 1 - customization
    MatchType Integer Match mode: 0 - precise match; 1 - fuzzy match
    FileName String File name (Separate multiple items with commas.)
    FileDirectory String File directory (Separate multiple items with commas.)
    FileExtension String File suffix (Separate multiple items with commas.)
    CreateTime String Rule creation time
    EventsCount Integer Affected records

    MonthInspectionReport

    Expert service - monthly inspection report

    Used by actions: DescribeMonthInspectionReport.

    Name Type Description
    ReportName String Inspection report name
    ReportPath String Inspection report download link
    ModifyTime String Inspection report update time

    NetAttackEvent

    Network attack event

    Used by actions: DescribeAttackEvents.

    Name Type Description
    Id Integer Log ID
    Uuid String Client ID
    DstPort Integer Target port
    SrcIP String Source IP
    Location String Source location
    VulId Integer Vulnerability ID
    VulName String Vulnerability name
    MergeTime String Attack time
    MachineExtraInfo MachineExtraInfo Host Additional Information
    Note: This field may return null, indicating that no valid values can be obtained.
    Type Integer Attack Status: 0: Attack Attempt 1: Confirmed Attack (Successful Attack).
    Status Integer Processing Status: 0 Pending, 1 Processed, 2 Allowlisted, 3 Ignored, 4 Deleted, 5: Defense Enabled.
    VulSupportDefense Integer Whether vulnerabilities support defense. 0: No 1: Yes
    VulDefenceStatus Integer Whether to enable vulnerability defense: 0 - No, 1 - Yes
    PayVersion Integer Machine payment edition. 0: Basic Edition; 1: Professional Edition; 2: Premium Edition; 3: General Discount Edition
    Quuid String cvm uuid
    Count Integer Attacks
    New Boolean Whether to add new hosts today

    NetAttackEventInfo

    Details of Network Attack Events

    Used by actions: DescribeAttackEventInfo.

    Name Type Description
    Status Integer Processing Status: 0 Pending, 1 Processed, 2 Allowlisted, 3 Ignored, 4 Deleted, 5: Defense Enabled.
    SrcIP String Attack source IP address
    Location String Attack Source
    VulName String Vulnerability name
    VulId Integer Vulnerability ID
    CVEId String Vulnerability CVE ID
    AttackLevel Integer Vulnerability attack level
    VulDefenceStatus Integer Vulnerability Defense Status: 0 Disabled, 1 Enabled.
    VulSupportDefense Integer Whether vulnerabilities support defense. 0: No 1: Yes
    SvcPs String Service Process Base64
    NetPayload String Attack packet
    AbnormalAction String Abnormal behavior
    Uuid String Host UUID
    Id Integer Event ID
    MachineExtraInfo MachineExtraInfo Host Additional Information
    Note: This field may return null, indicating that no valid values can be obtained.
    DstPort Integer Target port
    Count Integer Attack count
    PayVersion Integer Machine payment edition. 0: Basic Edition; 1: Professional Edition; 2: Premium Edition; 3: General Discount Edition
    Quuid String cvm uuid
    Note: This field may return null, indicating that no valid values can be obtained.
    MergeTime String Time of Attack
    Note: This field may return null, indicating that no valid values can be obtained.
    Type Integer 0: Attack Attempt 1: Successful Attack
    Note: This field may return null, indicating that no valid values can be obtained.
    HostOpType Integer 0: No Compromised Behavior 1: RCE (command execution) 2: Dnslog 3: Writefile
    Note: This field may return null, indicating that no valid values can be obtained.
    HostOpProcessTree String Process Tree, needs to be decoded with base64.
    Note: This field may return null, indicating that no valid values can be obtained.

    NetAttackTopInfo

    Statistics on top network attacks

    Used by actions: DescribeAttackTop.

    Name Type Description
    Agent Array of TopInfo Top Statistical Data on Network Attack Host Dimension
    Note: This field may return null, indicating that no valid values can be obtained.
    SrcIp Array of TopInfo Top Statistical Data on Network Attack IP Source Dimension
    Note: This field may return null, indicating that no valid values can be obtained.
    DstPort Array of TopInfo Top Statistical Data on Network Attack Target Port Dimension
    Note: This field may return null, indicating that no valid values can be obtained.
    Vul Array of TopInfo Top Statistical Data on Network Attack Vulnerability Dimension
    Note: This field may return null, indicating that no valid values can be obtained.

    NetAttackTrend

    Attack trend statistics

    Used by actions: DescribeAttackTrends.

    Name Type Description
    DateTime String Time Point, e.g., 2023-05-06
    Note: This field may return null, indicating that no valid values can be obtained.
    AttackCount Integer Number of attacks
    Note: This field may return null, indicating that no valid values can be obtained.
    TryAttackCount Integer Attack Attempts
    Note: This field may return null, indicating that no valid values can be obtained.
    SuccAttackCount Integer Attack Success Count
    Note: This field may return null, indicating that no valid values can be obtained.

    NetAttackWhiteRule

    Network attack allowlist rules

    Used by actions: DescribeNetAttackWhiteList.

    Name Type Description
    Id Integer Rule ID
    Note: This field may return null, indicating that no valid values can be obtained.
    Description String Rule description
    Note: This field may return null, indicating that no valid values can be obtained.
    Scope Integer 0: A group of Quuid 1: All hosts
    Note: This field may return null, indicating that no valid values can be obtained.
    DealOldEvents Integer Whether to process previous events: 0: do not process; 1: process
    Note: This field may return null, indicating that no valid values can be obtained.
    Quuids String Host QUUIDs, separated by semicolons (;).
    Note: This field may return null, indicating that no valid values can be obtained.
    SrcIP String Source IP. Single IP: 1.1.1.1, IP Range: 1.1.1.1-1.1.2.1, IP Range: 1.1.1.0/24, separated by semicolons (;)
    Note: This field may return null, indicating that no valid values can be obtained.
    CreateTime String Creation time
    Note: This field may return null, indicating that no valid values can be obtained.
    ModifyTime String Modification time
    Note: This field may return null, indicating that no valid values can be obtained.

    OpenPortStatistics

    Port statistics list

    Used by actions: DescribeOpenPortStatistics.

    Name Type Description
    Port Integer Port number
    MachineNum Integer Number of Hosts

    OrderModifyObject

    Order Modification Parameter Object

    Used by actions: CreateLicenseOrder.

    Name Type Required Description
    ResourceId String No Resource ID
    NewSubProductCode String No New Product Identification. PRO_VERSION: Professional Edition; FLAGSHIP: Premium Edition
    InquireNum Integer No Scale-up/Scale-down Count, which is ignored for reconfiguration sub-product

    OrderResource

    Order resources

    Used by actions: CreateWhiteListOrder.

    Name Type Description
    Id Integer Resource primary key ID
    ResourceId String Resource ID
    BeginTime String Start time
    EndTime String Expiration time
    LicenseType Integer Authorization type

    OsName

    Operating System Name

    Used by actions: DescribeMachineOsList.

    Name Type Description
    Name String System name
    MachineOSType Integer Operating system type enumeration value

    Place

    Log-in location information

    Used by actions: AddLoginWhiteLists, DescribeLoginWhiteCombinedList, DescribeLoginWhiteList, ModifyLoginWhiteInfo, ModifyLoginWhiteRecord.

    Name Type Required Description
    CityId Integer Yes City ID
    ProvinceId Integer Yes Province ID
    CountryId Integer Yes Country ID. Currently, only 1 is supported, indicating China.
    Location String No Location name

    PrivilegeEventInfo

    Local privilege escalation data

    Used by actions: DescribePrivilegeEventInfo.

    Name Type Description
    Id Integer Data ID
    Uuid String Yunjing ID
    Quuid String Host ID
    HostIp String Host private IP address
    ProcessName String Process name
    FullPath String Process path
    CmdLine String Execute commands
    UserName String Username
    UserGroup String User group
    ProcFilePrivilege String Process file permission
    ParentProcName String Parent process name
    ParentProcUser String Parent process username
    ParentProcGroup String Parent process user group
    ParentProcPath String Parent process path
    PsTree String Process tree json pid: process ID; exe: file path; account: groups and users to which the process belongs; cmdline: execute commands; ssh_service: SSH service IP; ssh_source: log-in source
    Status Integer Processing status: 0: pending; 2: allowlisted; 3: processed; 4: ignored
    CreateTime String Occurrence time
    MachineName String Machine name
    SuggestScheme String Recommended solution
    HarmDescribe String Hazard description information
    Tags Array of String Tag
    References Array of String Reference link
    MachineWanIp String Host public IP address
    NewCaps String Permission list (Separate multiple items with |.)
    MachineStatus String Host online status: OFFLINE; ONLINE
    ModifyTime String Processing time

    PrivilegeRule

    Local privilege escalation rule

    Used by actions: DescribePrivilegeRules.

    Name Type Description
    Id Integer Rule ID
    Uuid String Client ID
    ProcessName String Process name
    SMode Integer Whether the mode is S mode
    Operator String Operator
    IsGlobal Integer Whether the rule is global
    Status Integer Status. 0: valid; 1: invalid.
    CreateTime String Creation time
    ModifyTime String Modification time
    Hostip String Host IP

    ProcessStatistics

    Process statistics data

    Used by actions: DescribeProcessStatistics.

    Name Type Description
    ProcessName String Process name
    MachineNum Integer Number of hosts

    ProductStatusInfo

    Product trial status query API Data output parameter

    Used by actions: DescribeProductStatus.

    Name Type Description
    FWUserStatus Integer Protection status. 1: unprotected; 2: protecting; 3: in trial; 4 expired
    CanApplyTrial Boolean Whether application for trial is available. True indicates yes.
    CanNotApplyReason String Reason for unavailable trial (Leave it blank if the trial is available.)
    LastTrialTime String Last trial end time (Leave it blank if no trial record exists.)

    RansomDefenseBackup

    List of host snapshot backup

    Used by actions: DescribeRansomDefenseBackupList.

    Name Type Description
    BackupTime String Backup time
    EventStatus Integer Ransom Status: 0 - No Alarm, 1 - Alarm Present
    BackupStatus Integer Backup Status: 0 - Backing up, 1 - Normal, 2, 3 - Failed, 4 - Snapshot expired, 9 - Snapshot deleted
    DiskCount Integer Number of backup disk
    Disks String Hard Disk Information, separated by semicolons (;).
    SnapshotIds String Snapshot List, separated by semicolons (;)
    StrategyId Integer Policy ID
    StrategyStatus Integer Policy Status: 0 Disabled, 1 Enabled, 9 Deleted
    StrategyName String Policy name

    RansomDefenseEvent

    Prevention of Ransomware, Bait and Tamper Events

    Used by actions: DescribeRansomDefenseEventsList.

    Name Type Description
    Id Integer Event ID
    Uuid String Host UUID
    Quuid String cvm uuid
    HostName String Host name
    Status Integer Event Status: 0-Pending, 1-Processed, 2-Trusted, 3-In Process, 4-Backup Resumed
    BaitFilePath String Tampered File Path
    FilePath String Malicious File Path
    Pid Integer Malicious Process ID
    PidParam String Malicious Process Parameters
    FileSize Integer Malicious File Size
    FileMd5 String Malicious File MD5
    Type Integer Event Type: 0 Encrypted Ransom, 1 File Tampering
    CreateTime String Event Sending Time
    InstanceId String CVM Instance ID
    ModifyTime String Event Modification Event
    StrategyId Integer Policy ID
    StrategyName String Policy name
    HostIp String Host public IP address
    WanIp String Host Intranet IP
    PsTree String Process Tree Base64 Json
    ProcessStartTime String Process startup time
    SnapshotNum Integer Number of Snapshot Backups Owned by the Host

    RansomDefenseRollbackTask

    Anti-ransomware rollback task

    Used by actions: DescribeRansomDefenseRollBackTaskList.

    Name Type Description
    Id Integer Task ID
    Uuid String Host UUID
    Quuid String Host QUUID
    MachineName String Host name
    Status Integer Rollback Task Status: 0 - In Progress, 1 - Succeeded, 2 - Failed
    Disks String Hard drive ID list, separated by semicolons (;)
    CreateTime String Operation time
    BackupTime String Snapshot time
    ModifyTime String Status!=0 indicates the completion time.
    RegionInfo RegionInfo Availability zone information

    RansomDefenseStrategy

    The TagList node in the data HostList corresponding to the host list query API

    Used by actions: DescribeRansomDefenseStrategyList.

    Name Type Description
    Id Integer Policy ID
    Uin String Operating UIN
    Note: This field may return null, indicating that no valid values can be obtained.
    Name String Policy name
    Description String Policy Remarks
    Note: This field may return null, indicating that no valid values can be obtained.
    Status Integer Enabling Status: 0 Disabled, 1 Enabled.
    IsAll Integer Whether it takes effect for all hosts.
    IncludeDir String Includes directories, separated by semicolons (;).
    Note: This field may return null, indicating that no valid values can be obtained.
    ExcludeDir String Includes directories, separated by semicolons (;).
    Note: This field may return null, indicating that no valid values can be obtained.
    BackupType Integer Backup pattern: 0 weekly, 1 daily.
    Note: This field may return null, indicating that no valid values can be obtained.
    Weekday String Backup days in a week (1-7): 1; 2; 3; 4.
    Note: This field may return null, indicating that no valid values can be obtained.
    Hour String Backup Execution Time Point (0-23): 11:00; 12:00
    SaveDay Integer Storage Days, 0 for Permanent
    CreateTime String Creation time
    Note: This field may return null, indicating that no valid values can be obtained.
    ModifyTime String Last modification time
    Note: This field may return null, indicating that no valid values can be obtained.
    MachineCount Integer Number of Bound Machines
    Note: This field may return null, indicating that no valid values can be obtained.

    RansomDefenseStrategyDetail

    The TagList node in the data HostList corresponding to the host list query API

    Used by actions: DescribeRansomDefenseStrategyDetail.

    Name Type Description
    Id Integer Policy ID
    Uin String Operating UIN
    Note: This field may return null, indicating that no valid values can be obtained.
    Name String Policy name
    Description String Policy Remarks
    Note: This field may return null, indicating that no valid values can be obtained.
    Status Integer Enabling Status: 0 Disabled, 1 Enabled.
    IsAll Integer Whether it takes effect for all hosts.
    IncludeDir String Includes directories, separated by semicolons (;).
    Note: This field may return null, indicating that no valid values can be obtained.
    ExcludeDir String Includes directories, separated by semicolons (;).
    Note: This field may return null, indicating that no valid values can be obtained.
    BackupType Integer Backup pattern: 0 weekly, 1 daily.
    Note: This field may return null, indicating that no valid values can be obtained.
    Weekday String Backup days in a week (1-7): 1; 2; 3; 4.
    Note: This field may return null, indicating that no valid values can be obtained.
    Hour String Backup Execution Time Point (0-23): 11:00; 12:00
    SaveDay Integer Storage Days, 0 for Permanent
    CreateTime String Creation time
    Note: This field may return null, indicating that no valid values can be obtained.
    ModifyTime String Last modification time
    Note: This field may return null, indicating that no valid values can be obtained.
    MachineCount Integer Number of Bound Machines
    Note: This field may return null, indicating that no valid values can be obtained.
    EventCount Integer Policy Associated Event Count
    Note: This field may return null, indicating that no valid values can be obtained.

    RansomDefenseStrategyMachineBackupInfo

    Details of Host Backup Bound to Anti-Ransomware Policy

    Used by actions: DescribeRansomDefenseMachineList.

    Name Type Description
    Uuid String Host UUID
    Quuid String Host QUUID
    MachineName String Host name
    InstanceId String Host Instance ID
    MachineIp String Private IP address
    MachineWanIp String Public IP address
    Note: This field may return null, indicating that no valid values can be obtained.
    CloudTags Array of Tag Cloud tag
    Note: This field may return null, indicating that no valid values can be obtained.
    RegionInfo RegionInfo Availability zone information
    Note: This field may return null, indicating that no valid values can be obtained.
    Tag Array of MachineTag CWPP tag
    Note: This field may return null, indicating that no valid values can be obtained.
    Status Integer Protection status: 0 Disabled, 1 Enabled.
    Note: This field may return null, indicating that no valid values can be obtained.
    StrategyId Integer Policy ID. 0 indicates no binding to any policy.
    Note: This field may return null, indicating that no valid values can be obtained.
    DiskInfo String Hard disk information, all hard disks take effect when left blank:
    Separate diskId1|diskName1;diskId2|diskName2
    Note: This field may return null, indicating that no valid values can be obtained.
    StrategyName String Policy name
    Note: This field may return null, indicating that no valid values can be obtained.
    BackupCount Integer Number of Backups
    Note: This field may return null, indicating that no valid values can be obtained.
    LastBackupStatus Integer Latest Backup Status: 0 - Backing Up, 1 - Normal, 2 - Failed, 9 - No Backup Yet
    Note: This field may return null, indicating that no valid values can be obtained.
    LastBackupMessage String Reason for the Last Backup Failure
    Note: This field may return null, indicating that no valid values can be obtained.
    LastBackupTime String Last Backup Time
    Note: This field may return null, indicating that no valid values can be obtained.
    RollBackPercent Integer Latest Rollback Progress Percentage
    Note: This field may return null, indicating that no valid values can be obtained.
    RollBackStatus Integer Latest Rollback Status: 0 - In Progress, 1 - Succeeded, 2 - Failed
    Note: This field may return null, indicating that no valid values can be obtained.
    BackupSuccessCount Integer Backup Success Count
    Note: This field may return null, indicating that no valid values can be obtained.

    RansomDefenseStrategyMachineDetail

    Anti-Ransomware Host List

    Used by actions: DescribeRansomDefenseStrategyMachines.

    Name Type Description
    Uuid String Host UUID
    Quuid String Host QUUID
    MachineName String Host name
    InstanceId String Host Instance ID
    MachineIp String Private IP address
    MachineWanIp String Public IP address
    Note: This field may return null, indicating that no valid values can be obtained.
    CloudTags Array of Tag Cloud tag
    Note: This field may return null, indicating that no valid values can be obtained.
    RegionInfo RegionInfo Availability zone information
    Note: This field may return null, indicating that no valid values can be obtained.
    Tag Array of MachineTag CWPP tag
    Note: This field may return null, indicating that no valid values can be obtained.
    Status Integer Protection status: 0 Disabled, 1 Enabled.
    Note: This field may return null, indicating that no valid values can be obtained.
    StrategyId Integer Policy ID. 0 indicates no binding to any policy.
    Note: This field may return null, indicating that no valid values can be obtained.
    DiskInfo String Hard disk information, all hard disks take effect when left blank:
    Separate diskId1|diskName1;diskId2|diskName2
    Note: This field may return null, indicating that no valid values can be obtained.
    HostVersion Integer Edition information. 0: Basic Edition; 1: Pro Edition; 2: Ultimate Edition; 3: Inclusive Edition.Note: This field may return null, indicating that no valid values can be obtained.
    StrategyName String Policy name
    Note: This field may return null, indicating that no valid values can be obtained.

    RansomDefenseStrategyMachineInfo

    Anti-Ransomware Machine Hard Disk Configuration

    Used by actions: CreateRansomDefenseStrategy.

    Name Type Required Description
    Uuid String Yes Host UUID
    DiskInfo String No Specified Hard Disk List. When it is empty, it means all hard disks: disk_id1|disk_name1;disk_id2|disk_name2.
    Note: This field may return null, indicating that no valid values can be obtained.

    RecordInfo

    Client Exception Information Structure

    Used by actions: DescribeClientException.

    Name Type Description
    HostIP String Host IP
    InstanceID String Host Instance ID
    OfflineTime String Client Offline Time
    UninstallTime String Client Uninstallation Time
    UninstallCmd String Client Uninstallation Call Chain
    Uuid String Client UUID

    RegionInfo

    Region information

    Used by actions: DescribeMachineRegionList, DescribeMachineRegions, DescribeMachines, DescribeMachinesSimple, DescribeRansomDefenseMachineList, DescribeRansomDefenseRollBackTaskList, DescribeRansomDefenseStrategyMachines.

    Name Type Description
    Region String Region identifiers, such as ap-guangzhou, ap-shanghai, and ap-beijing
    RegionName String Chinese name of a region, such as South China (Guangzhou), East China (Shanghai Finance), and North China (Beijing)
    RegionId Integer Region ID
    RegionCode String Region code, such as gz, sh, and bj
    RegionNameEn String English name of the region

    RegionListDetail

    Details of the region list

    Used by actions: DescribeMachineRegionList.

    Name Type Description
    MachineType String Machine type
    CVM, Tencent Cloud Virtual Machine
    LH, TencentCloud Lighthouse
    ECM, Tencent Cloud Edge Computing Machine
    BM, Tencent BM 1.0
    Other, Other servers (non-Tencent Cloud)
    Note: This field may return null, indicating that no valid values can be obtained.
    CloudFrom Integer 0 Tencent Cloud
    1 IDC
    2 Alibaba Cloud
    3 Huawei Cloud
    4 Amazon
    5 Microsoft
    6 Google
    7 Oracle
    8 Digital Ocean
    Note: This field may return null, indicating that no valid values can be obtained.
    RegionList Array of RegionInfo List of regions
    Note: This field may return null, indicating that no valid values can be obtained.

    RegionSet

    Region information

    Used by actions: DescribeBanRegions.

    Name Type Description
    RegionName String Region name
    ZoneSet Array of ZoneInfo AZ information

    ReverseShell

    Reverse Shell data

    Used by actions: DescribeReverseShellEvents.

    Name Type Description
    Id Integer ID primary key
    Uuid String CWPP UUID
    Quuid String Server ID
    Hostip String Host private IP address
    DstIp String Target IP
    DstPort Integer Target port
    ProcessName String Process name
    FullPath String Process path
    CmdLine String Command details
    UserName String Executing user
    UserGroup String Executing user group
    ParentProcName String Parent process name
    ParentProcUser String Parent process user
    ParentProcGroup String Parent process user group
    ParentProcPath String Parent process path
    Status Integer Processing status: 0 - pending; 2 - allowlisted; 3 - processed; 4 - ignored
    CreateTime String Occurrence time
    MachineName String Server name
    ProcTree String Process tree
    DetectBy Integer Detection method: 0: behavior analysis; 1 command feature detection
    MachineExtraInfo MachineExtraInfo Host Additional Information
    Note: This field may return null, indicating that no valid values can be obtained.
    Pid Integer Process ID
    Note: This field may return null, indicating that no valid values can be obtained.
    RiskLevel Integer Threat level: 0 - medium-risk; 1 - high-risk
    Note: This field may return null, indicating that no valid values can be obtained.

    ReverseShellEventInfo

    Reverse Shell data details

    Used by actions: DescribeReverseShellEventInfo.

    Name Type Description
    Id Integer ID primary key
    Uuid String Yunjing UUID
    Quuid String Host ID
    HostIp String Host private IP address
    DstIp String Target IP
    DstPort Integer Target port
    ProcessName String Process name
    FullPath String Process path
    CmdLine String Command details
    UserName String User for execution
    UserGroup String User group for execution
    ParentProcName String Parent process name
    ParentProcUser String Parent process user
    ParentProcGroup String Parent process user group
    ParentProcPath String Parent process path
    Status Integer Processing status: 0: pending; 2: allowlisted; 3: processed; 4: ignored
    CreateTime String Occurrence time
    MachineName String Host name
    DetectBy Integer Detection method
    PsTree String Process tree json; pid: process ID; exe: file path; account: groups and users to which the process belongs; cmdline: execute commands; ssh_service: ssh service IP, ssh_source: log-in source
    Note: This field may return null, indicating that no valid values can be obtained.
    SuggestScheme String Recommended solution
    HarmDescribe String Description
    Tags Array of String Tag
    References Array of String Reference link
    MachineWanIp String Host public IP address
    MachineStatus String Host online status: OFFLINE; ONLINE
    ModifyTime String Processing time

    ReverseShellRule

    Reverse Shell rule

    Used by actions: DescribeReverseShellRules.

    Name Type Description
    Id Integer Rule ID
    Uuid String Client ID
    ProcessName String Process name
    DestIp String Target IP
    DestPort String Target port
    Operator String Operator
    IsGlobal Integer Whether a global rule
    Status Integer Status (0: valid; 1: invalid)
    CreateTime String Creation time
    ModifyTime String Modification time
    Hostip String Host IP

    RiskDnsEvent

    Malicious request event

    Used by actions: DescribeRiskDnsEventInfo, DescribeRiskDnsEventList.

    Name Type Description
    Id Integer Event ID
    PolicyId Integer Policy ID
    PolicyType Integer Type of hit policy [-1: unknown|0: system|1: user]
    PolicyName String Name of hit policy
    ProtectLevel Integer Protection level [0: basic edition|1: professional edition|2: ultimate edition]
    HostId String Server ID
    HostName String Host name
    HostIp String Host IP
    WanIp String Public IP address
    AgentId String Client ID
    Domain String Access domain name
    Tags Array of String Tag Features
    AccessCount Integer Access count
    ThreatDesc String Threat description
    SuggestSolution String Fixing solution
    ReferenceLink String Reference link
    HandleStatus Integer Processing status [0: pending|2: allowlisted|3: untrusted status|4: processed|5: ignored]
    Pid Integer Process ID
    ProcessName String Process name
    ProcessMd5 String Process MD5
    CmdLine String Command line
    FirstTime String First access time
    LastTime String Last access Time
    HostStatus String Host online status [OFFLINE: offline|ONLINE: online|UNKNOWN: unknown]
    MachineExtraInfo MachineExtraInfo Additional information
    Note: This field may return null, indicating that no valid values can be obtained.
    OsType Integer [1:CentOS|2:Debian|3:Gentoo|4:Redhat|5:Ubuntu|6:Windows|7:TencentOS|8:CoreOS|9:FreeBSD|10:SUSE]

    RiskDnsList

    Malicious request list

    Used by actions: DescribeRiskDnsInfo, DescribeRiskDnsList.

    Name Type Description
    Url String External access domain name
    AccessCount Integer Access count
    ProcessName String Process name
    ProcessMd5 String Process MD5
    GlobalRuleId Integer Whether the rule is global. 0: no; 1: yes.
    UserRuleId Integer User rule ID
    Status Integer Status. 0: pending; 2: added to allowlist; 3: untrusted; 4: processed; 5: ignored.
    CreateTime String First access time
    MergeTime String Last access Time
    Quuid String Unique QUUID
    HostIp String Host IP
    Alias String Alias
    Description String Description
    Id Integer Unique ID
    Reference String Reference
    CmdLine String Command line
    Pid Integer Process ID
    Uuid String UUID
    SuggestScheme String Recommended solution
    Tags Array of String Tag Features
    MachineWanIp String Public IP address
    Note: This field may return null, indicating that no valid values can be obtained.
    MachineStatus String Host online status. OFFLINE: offline; ONLINE: online; UNKNOWN: unknown.
    Note: This field may return null, indicating that no valid values can be obtained.

    RiskDnsPolicy

    Malicious request policy

    Used by actions: DescribeRiskDnsPolicyList, ModifyRiskDnsPolicy.

    Name Type Required Description
    PolicyName String Yes Policy name
    PolicyType Integer Yes Policy type [0: system; 1: user]
    PolicyAction Integer Yes Policy action [0: alarm; 1: allow; 2:intercept + alarm]
    HostScope Integer Yes Host range [1: all Professional + Ultimate Editions|2: all Ultimate Editions|0: partial hosts]
    HostIds Array of String Yes Host ID
    Domains Array of String Yes Domain name (when used as an input parameter, it needs base64 encode.)
    IsEnabled Integer Yes Whether effective [0: effective,1: not effective]
    PolicyId Integer No Policy ID
    PolicyDesc String No Policy description
    IsDealOldEvent Integer No Whether to process previous events [0: no|1: yes]
    UpdateTime String No Update time
    EventId Integer No Event ID

    RiskProcessEvent

    Abnormal Process Event

    Used by actions: DescribeRiskProcessEvents.

    Name Type Description
    EventId Integer Event ID
    HostName String Host name
    HostIp String Host IP
    WanIp String Public IP address
    ProcessId Integer Process ID
    FilePath String File path
    CmdLine String Executed commands
    StartTime String Process startup time
    DetectTime String Last detection time
    VirusName String Virus name
    CheckPlatform Array of String Trojan detection platform [1: Cloud search engine |2:TAV | 3: Binary Ai | 4: Abnormal behavior | 5: threat intelligence]
    VirusTags Array of String Virus tag
    ThreatDesc String Threat description
    SuggestSolution String Recommended solution
    ReferenceLink String Reference link
    HandleStatus Integer Processing Status [0 Pending; 1 Processed; 2 Scanning; 3 Scanned; 4 Exited; 5 Ignore]
    OnlineStatus Integer Host Online Status
    MachineExtraInfo MachineExtraInfo Additional information
    Note: This field may return null, indicating that no valid values can be obtained.
    Uuid String Host UUID

    RuleInfo

    Index Rule

    Used by actions: DescribeLogIndex.

    Name Type Description
    FullText FullTextInfo Full-text index configurations
    KeyValue KeyValueInfo Key-value index configurations
    Tag KeyValueInfo Meta field index configuration

    ScanTaskDetails

    List of scan task details

    Used by actions: DescribeScanTaskDetails.

    Name Type Description
    HostIp String Server IP
    HostName String Server name
    OsName String Operating system
    RiskNum Integer Number of risks
    ScanBeginTime String Scan start time
    ScanEndTime String Scan end time
    Uuid String UUID
    Quuid String QUUID
    Status String Status code
    Description String Description
    Id Integer Unique ID
    FailType Integer Failure details
    MachineWanIp String Public IP address
    MachineExtraInfo MachineExtraInfo Additional information
    Note: This field may return null, indicating that no valid values can be obtained.

    ScreenAttackHotspot

    Attack hot spots across the entire network on the large screen

    Used by actions: DescribeScreenAttackHotspot.

    Name Type Description
    EventName String Event name
    SrcIp String Attacker IP address
    DstIp String Victim IP address
    Region String Region
    CreatedTime String Time

    ScreenBaselineInfo

    Large screen baseline information

    Used by actions: DescribeScreenHostInvasion.

    Name Type Description
    Name String Baseline name
    Note: This field may return null, indicating that no valid values can be obtained.
    Level Integer Hazard level: 1-Low-risk; 2-Medium-risk; 3-High-risk; 4-Critical
    Note: This field may return null, indicating that no valid values can be obtained.
    CategoryId Integer Baseline ID
    Note: This field may return null, indicating that no valid values can be obtained.
    LastScanTime String Last check time
    Note: This field may return null, indicating that no valid values can be obtained.
    BaselineFailCount Integer Baseline check items with risks
    Note: This field may return null, indicating that no valid values can be obtained.
    Uuid String Host UUID
    Note: This field may return null, indicating that no valid values can be obtained.

    ScreenBroadcasts

    Visualized security report on the large screen

    Used by actions: DescribeScreenBroadcasts.

    Name Type Description
    Title String Security report article title
    Level Integer Severity level of security report article: 0: none; 1: critical; 2: high-risk; 3: medium-risk; 4: low-risk
    Time String Release time
    Id Integer Article ID

    ScreenDefendAttackLog

    Network attack logs on the large screen

    Used by actions: DescribeScreenHostInvasion.

    Name Type Description
    Id Integer Log ID
    Uuid String Client ID
    SrcIp String Source IP
    SrcPort Integer Source port
    HttpMethod String Attack method
    VulType String Threat type
    CreatedTime String Attack time
    DstPort Integer Target port
    Quuid String Host quuid
    DstIp String Target IP

    ScreenEmergentMsg

    Visualized emergency notification on the large screen

    Used by actions: DescribeScreenEmergentMsg.

    Name Type Description
    Title String Notification tag/title
    Text String Notification content
    Type Integer Redirection type: 0=vulnerability management

    ScreenEventsCnt

    Intrusion detection statistics

    Used by actions: DescribeScreenEventsCnt.

    Name Type Description
    Title String Displayed content: Total number of pending risks and total number of affected assets
    Total Integer Total number of events
    Category Array of ScreenNameValue name: Specific type of the displayed content, including attack event, potential risk, compromised asset, and potentially risky asset
    Value: event count after statistics

    ScreenInvasion

    Details of large screen intrusion event

    Used by actions: DescribeScreenHostInvasion.

    Name Type Description
    CreatedTime String Intrusion time
    EventType Integer Event type. 0: virus scanning; 1: abnormal log-in; 2: password cracking; 3: malicious request; 4: high-risk command; 5: local privilege escalation; 6: reverse shell.
    Content String JSON file of the event data, which varies by event.
    [Virus scanning] Virus name: VirusName, file name: FileName, file path: FilePath, file size: FileSize, file MD5: MD5, first detection time: CreateTime, last detection time: LatestScanTime, severity description: HarmDescribe, fixing suggestion: SuggestScheme
    [Abnormal log-in] Source IP: SrcIp, location: Location, log-in username: UserName, log-in time: LoginTime
    [Password cracking]Source IP: SrcIp, location: City and Country, protocol: Protocol, log-in username: UserName, port: Port, attempt count: Count, first attack time: CreateTime, last attack time: ModifyTime
    [Malicious request] Malicious request domain name: Url, process: ProcessName, MD5: ProcessMd5, PID: Pid, request count: AccessCount, last request time: MergeTime, severity description: HarmDescribe, fixing suggestion: SuggestScheme
    [High-risk command] Hit rule name: RuleName, rule category: RuleCategory, command content: BashCmd, data source: DetectBy, Log-in user: User, PID: Pid, occurrence time: CreateTime, severity description: HarmDescribe, fixing suggestion: SuggestScheme
    [Local privilege escalation] Privilege escalation user: UserName, parent process: ParentProcName, user of parent process: ParentProcGroup, Detection time: CreateTime, severity description: HarmDescribe, fixing suggestion: SuggestScheme
    [Reverse shell] Connected process: ProcessName, executed command: CmdLine, parent process: ParentProcName, target host: DstIp, target port: DstPort, detection time: CreateTime, severity description: HarmDescribe, fixing suggestion: SuggestScheme
    Level Integer Unified event risk level. 0: prompt; 1: low; 2: medium; 3: high; 4: critical.
    LevelZh String Level in Chinese
    Id Integer Event ID
    Uuid String Host UUID

    ScreenMachine

    Data of listed hosts on the large screen

    Used by actions: DescribeScreenMachines.

    Name Type Description
    MachineName String Host name.
    MachineOs String Host System.
    Uuid String Yunjing client UUID. If the client is offline for a long time, an empty string is returned.
    MachineStatus Integer Status of a host on the large screen. 0: agent not installed; 1: offline; 2: offline - risky; 3: offline - critical;
    4: device installed - normal; 5: device installed - normal and of either Pro Edition or Ultimate Edition; 6: device installed - risky (network attack events > 0);
    7: device installed - risky (network attack events > 0) and of either Pro Edition or Ultimate Edition; 8: device installed - critical (intrusion detection events > 0);
    9: device installed - critical (intrusion detection events > 0) and of either Pro Edition or Ultimate Edition
    Quuid String CVM or BM Machine Unique UUID.
    VulNum Integer Number of vulnerabilities
    MachineIp String Host IP.
    MachineWanIp String Public IP address of the host
    BaselineNum Integer Number of baseline risks
    CyberAttackNum Integer Number of network risks
    SecurityStatus String Risk status
  • SAFE: Safe
  • RISK: Risk
  • UNKNOWN: Unknown
  • InvasionNum Integer Number of intrusion events
    MachineType String Machine Zone Type. CVM - Cloud Virtual Machine; BM: Bare Metal; ECM: Edge Computing Machine; LH: Lightweight Application Server; Other: Hybrid Cloud Zone
    CpuLoad String CPU load status
    CpuSize Float Number of CPU cores
    DiskLoad String Hard disk utilization (%)
    DiskSize Float Hard disk capacity (GB)
    MemLoad String Memory utilization (%)
    MemSize Float Memory capacity (GB)
    CoreVersion String Kernel version
    MachineExtraInfo MachineExtraInfo Additional information
    Note: This field may return null, indicating that no valid values can be obtained.

    ScreenNameValue

    [Cloud security alarm] Visualized data Name Value Data on the large screen

    Used by actions: DescribeScreenEventsCnt, DescribeScreenGeneralStat, DescribeScreenRiskAssetsTop.

    Name Type Description
    Name String Statistics type: Different APIs correspond to different content
    Value Integer Statistics quantity

    ScreenProtection

    Visualized attack and defense status on large screen

    Used by actions: DescribeScreenProtectionStat.

    Name Type Description
    Name String Type value: virus scanning, brute force cracking, vulnerability scan, baseline check
    Status Integer Virus scanning: 0: never scanned or asset not paid; 1: scanned and malicious files found; 2: scanned but isolation protection disabled; 3: scanned, protection enabled, and no risk found.
    Brute force cracking: 0: protection disabled (asset not paid); 1: automatic blocking enabled.
    Vulnerability scan: 0: never scanned or asset not paid; 1: vulnerability found; 2: no risk found.
    Baseline check: 0: never checked or asset not paid; 1: baseline risks found; 2: no risk found.

    ScreenProtectionCnt

    CWPP security trend data

    Used by actions: DescribeScreenProtectionCnt.

    Name Type Description
    Type String cloud: Cloud Security Engine; detect: detection engine; defend: attack defense; threat: threat intelligence; analysis: abnormal analysis; ai: AI engine
    Name String cloud: Cloud Security Engine; detect: detection engine; defend: attack defense; threat: threat intelligence; analysis: abnormal analysis; ai: AI engine
    Count Integer Total number

    ScreenRegionInfo

    Region information

    Used by actions: DescribeScreenMachineRegions.

    Name Type Description
    Region String Region identifiers, such as ap-guangzhou, ap-shanghai, and ap-beijing
    RegionName String Chinese name of region, such as South China (Guangzhou), East China (Shanghai Finance), and North China (Beijing)
    RegionId Integer Region ID
    RegionCode String Region code, such as gz, sh, and bj
    RegionNameEn String English name of the region

    ScreenRegionMachines

    3D image of the host on the large screen

    Used by actions: DescribeScreenMachines.

    Name Type Description
    Region String All regions
    RegionName String Region description in Chinese
    Machines Array of ScreenMachine Host list
    TotalCount Integer Total number of hosts in this region
    RiskCnt Integer Number of risky hosts
    AttackCnt Integer Number of potentially risky hosts
    SafetyCnt Integer Number of risk-free hosts
    UnAgentOfflineCnt Integer Number of hosts in offline/uninstalled status
    IgnoreCnt Integer Number of hosts that are omitted from displaying. When it is equal to 0, no hosts are omitted.

    ScreenTrendsChart

    Attack and defense trend chart on the large screen

    Used by actions: DescribeScreenDefenseTrends.

    Name Type Description
    X String Time on the X-axis
    Y Integer Numerical value on the Y-axis
    Type String Statistical type: defense count, attack count

    ScreenVulInfo

    Vulnerability list on big screen

    Used by actions: DescribeScreenHostInvasion.

    Name Type Description
    Id Integer Vulnerability Event ID
    Name String Vulnerability name
    VulId Integer Vulnerability ID
    LastTime String Last detection Time
    Level Integer Vulnerability level 1: low-risk; 2: medium-risk; 3: high-risk; 4: prompt
    Category Integer Vulnerability type: 1 - web-cms vulnerabilities; 2 - application vulnerabilities; 4 - Linux software vulnerabilities; 5 - Windows system vulnerabilities
    Note: This field may return null, indicating that no valid values can be obtained.
    Uuid String Host UUID
    Note: This field may return null, indicating that no valid values can be obtained.

    SearchTemplate

    Quick search template

    Used by actions: CreateSearchTemplate, DescribeSearchTemplates.

    Name Type Required Description
    Name String Yes Name for search
    LogType String Yes Index type for search
    Condition String Yes Statement for search
    TimeRange String Yes Time range
    Query String Yes Converted search statement content
    Flag String Yes Search method. Input box: standard filtering. Search: simple.
    DisplayData String Yes Displayed data
    Id Integer No Rule ID

    SecurityButlerInfo

    List of security manager information

    Used by actions: DescribeExpertServiceList.

    Name Type Description
    Id Integer Data ID
    OrderId Integer Order ID
    Quuid String cvm id
    Status Integer Service status. 0: in service; 1: expired; 2: terminated.
    StartTime String Service start time
    EndTime String Service end time
    HostName String Host name
    HostIp String Host IP address
    Uuid String Host UUID
    RiskCount Integer Number of host risks

    SecurityDynamic

    Security event message data

    Used by actions: DescribeSecurityDynamics.

    Name Type Description
    Uuid String CWPP client UUID
    EventTime Timestamp Security event occurrence time
    EventType String Security event type
  • MALWARE: Trojan event
  • NON_LOCAL_LOGIN: cross-region log-in
  • BRUTEATTACK_SUCCESS: successful password cracking
  • VUL: vulnerability
  • BASELINE: security baseline
  • Message String Security event message
    SecurityLevel String Security event level
  • RISK: critical
  • HIGH: high-risk
  • NORMAL: medium-risk
  • LOW: low-risk
  • UNKNOWNED: suspicious
  • SecurityEventInfo

    List of security event statistics

    Used by actions: DescribeSecurityEventsCnt.

    Name Type Description
    EventCnt Integer Number of security events
    UuidCnt Integer Number of affected machines

    SecurityTrend

    Security trend statistics

    Used by actions: DescribeSecurityTrends.

    Name Type Description
    Date Date Event time
    EventNum Integer Number of events

    StandardModeConfig

    Blocking configuration in the standard mode

    Used by actions: DescribeBanMode.

    Name Type Description
    Ttl Integer Blocking duration (unit: second)

    Strategy

    Baseline security user policy information

    Used by actions: DescribeBaselineStrategyList.

    Name Type Description
    StrategyName String Policy name
    Note: This field may return null, indicating that no valid values can be obtained.
    StrategyId Integer Policy ID
    Note: This field may return null, indicating that no valid values can be obtained.
    RuleCount Integer Total number of baseline detection items
    Note: This field may return null, indicating that no valid values can be obtained.
    HostCount Integer Number of Hosts
    Note: This field may return null, indicating that no valid values can be obtained.
    ScanCycle Integer Scan cycle
    Note: This field may return null, indicating that no valid values can be obtained.
    ScanAt String Scan time
    Note: This field may return null, indicating that no valid values can be obtained.
    Enabled Integer Available or not?
    Note: This field may return null, indicating that no valid values can be obtained.
    PassRate Integer Pass rate
    Note: This field may return null, indicating that no valid values can be obtained.
    CategoryIds String Baseline ID
    Note: This field may return null, indicating that no valid values can be obtained.
    IsDefault Integer Whether a default policy
    Note: This field may return null, indicating that no valid values can be obtained.

    Tag

    Tag information

    Used by actions: DescribeRansomDefenseMachineList, DescribeRansomDefenseStrategyMachines, DescribeTags.

    Name Type Description
    Id Integer Tag ID
    Name String Tag name
    Count Integer Number of servers

    TagMachine

    Information on tag-related servers

    Used by actions: DescribeTagMachines.

    Name Type Description
    Id String ID
    Quuid String Host ID
    MachineName String Host name
    MachineIp String Host private IP address
    MachineWanIp String Host public IP address
    MachineRegion String Host region
    MachineType String Host region type

    Tags

    Platform tag

    Used by actions: CreateLicenseOrder, DescribeHostInfo, DescribeLicenseList, DescribeMachines, DescribeMachinesSimple, DescribeVulEffectHostList, ExportLicenseDetail.

    Name Type Required Description
    TagKey String Yes Tag key
    TagValue String Yes Tag value

    TaskStatus

    Scan status list

    Used by actions: DescribeScanTaskStatus.

    Name Type Description
    Scanning String Scanning (including initializing)
    Ok String Scan terminated (including terminating)
    Fail String Scan failed
    Stop String Scan failed, with specific reason displayed: scan timeout, low client version, or client offline
    Note: This field may return null, indicating that no valid values can be obtained.

    TopInfo

    Statistics data of top network attacks

    Used by actions: DescribeAttackTop.

    Name Type Description
    Value String Top statistical data, such as IP, and vulnerability name
    Count Integer Top statistical count

    UpdateHostLoginWhiteObj

    Edit allowlisted entities

    Used by actions: ModifyLoginWhiteInfo.

    Name Type Required Description
    Places Array of Place Yes Region information array
    SrcIp String Yes Source IP
    UserName String Yes Username
    Remark String Yes Remarks
    Id Integer Yes Data ID to be updated
    StartTime String No Start time
    EndTime String No End time

    UsualPlace

    Frequently used log-in location

    Used by actions: DescribeUsualLoginPlaces.

    Name Type Description
    Id Integer ID
    Uuid String CWPP client UUID
    CountryId Integer Country ID
    ProvinceId Integer Province ID
    CityId Integer City ID

    ValueInfo

    Index value description

    Used by actions: DescribeLogIndex.

    Name Type Description
    Tokenizer String Field delimiter
    Type String Field type
    SqlFlag Boolean Whether the analysis feature is enabled for the field
    ContainZH Boolean Whether Chinese characters are contained

    VersionWhiteConfig

    Allowlist configuration of the authorized edition

    Used by actions: DescribeLicenseWhiteConfig.

    Name Type Description
    Deadline Integer Number of days before expiration
    LicenseNum Integer Number of authorizations
    IsApplyFor Boolean Whether application can be made
    SourceType Integer Type

    VertexDetail

    Detailed node information

    Used by actions: DescribeVertexDetail.

    Name Type Description
    Type Integer Node type. process - 1; network - 2; file - 3; SSH - 4
    Note: This field may return null, indicating that no valid values can be obtained.
    Time String Time used for each node type, which is in the format of 2022-11-29 00:00:00.
    Note: This field may return null, indicating that no valid values can be obtained.
    AlarmInfo Array of AlarmInfo Alarm information
    Note: This field may return null, indicating that no valid values can be obtained.
    ProcName String Process name, which is effective when the node type is process.
    Note: This field may return null, indicating that no valid values can be obtained.
    CmdLine String Command line, which is effective when the node type is process.
    Note: This field may return null, indicating that no valid values can be obtained.
    Pid String Process ID, which is effective when the node type is process.
    Note: This field may return null, indicating that no valid values can be obtained.
    FileMd5 String File MD5, which is effective when the node type is file.
    Note: This field may return null, indicating that no valid values can be obtained.
    FileContent String Content written to the file, which is effective when the node type is file.
    Note: This field may return null, indicating that no valid values can be obtained.
    FilePath String File path, which is effective when the node type is file.
    Note: This field may return null, indicating that no valid values can be obtained.
    FileCreateTime String File creation time, which is effective when the node type is file.
    Note: This field may return null, indicating that no valid values can be obtained.
    Address String Request destination address, which is effective when the node type is network.
    Note: This field may return null, indicating that no valid values can be obtained.
    DstPort Integer Target port, which is effective when the node type is network.
    Note: This field may return null, indicating that no valid values can be obtained.
    SrcIP String Log-in source IP, which is effective when the node type is SSH.
    Note: This field may return null, indicating that no valid values can be obtained.
    User String Log-in username and user group, which is effective when the node type is SSH.
    Note: This field may return null, indicating that no valid values can be obtained.
    VulName String Vulnerability name, which is effective when the node type is vulnerability.
    Note: This field may return null, indicating that no valid values can be obtained.
    VulTime String Vulnerability exploitation time, which is effective when the node type is vulnerability.
    Note: This field may return null, indicating that no valid values can be obtained.
    HttpContent String HTTP request content, which is effective when the node type is vulnerability.
    Note: This field may return null, indicating that no valid values can be obtained.
    VulSrcIP String Vulnerability exploiter source IP, which is effective when the node type is vulnerability.
    Note: This field may return null, indicating that no valid values can be obtained.
    VertexId String Node ID
    Note: This field may return null, indicating that no valid values can be obtained.

    VertexInfo

    Attack backtracking node information

    Used by actions: DescribeAlarmIncidentNodes.

    Name Type Description
    Type Integer Node type: process: 1; network: 2; file: 3; ssh: 4;
    Vid String VID contained in this node
    ParentVid String Parent node VID of this node
    IsLeaf Boolean Whether a leaf node
    ProcNamePrefix String Process name, used when Type=1
    Note: This field may return null, indicating that no valid values can be obtained.
    ProcNameMd5 String Process name MD5, used when Type=1
    Note: This field may return null, indicating that no valid values can be obtained.
    CmdLinePrefix String Command line, used when Type=1
    Note: This field may return null, indicating that no valid values can be obtained.
    CmdLineMd5 String Command line MD5, used when Type=1
    Note: This field may return null, indicating that no valid values can be obtained.
    FilePathPrefix String File path, used when Type=3
    Note: This field may return null, indicating that no valid values can be obtained.
    AddressPrefix String Request destination address, used when Type=2
    Note: This field may return null, indicating that no valid values can be obtained.
    IsWeDetect Boolean Whether a vulnerability node
    IsAlarm Boolean Whether an alarm node
    FilePathMd5 String File path MD5, used when Type=3
    Note: This field may return null, indicating that no valid values can be obtained.
    AddressMd5 String Request destination address MD5, used when Type=2
    Note: This field may return null, indicating that no valid values can be obtained.

    VulDefenceEvent

    Vulnerability details

    Used by actions: DescribeVulDefenceEvent.

    Name Type Description
    VulId Integer Vulnerability ID
    VulName String Vulnerability name
    CveId String CVE ID
    Id Integer Vulnerability event ID
    Quuid String Host QUUID
    Alias String Host name
    PrivateIp String Private IP address
    PublicIp String Public IP address
    EventType Integer 0: Attack Attempt (WeDetect); 1: Successful Attack Attempt (WeDetect); 2: RASP Defense Event
    SourceIp String Attack source IP address
    City String City of the attack source IP address
    SourcePort Array of Integer Attack source port
    CreateTime String Event Creation Time
    MergeTime String Update Event Time
    Count Integer Number of Occurrences
    Status Integer Status. 0: Pending; 1: Defended; 2: Processed; 3: Ignored; 4: Deleted
    UpgradeType Integer 0: Pro Edition; 1: Ultimate Edition; 2: LH Inclusive Edition (for Lighthouse only); 3: CVM Inclusive Edition (for CVM only).
    FixType Integer 0: do not support fixing; 1: support fixing.
    Uuid String Host UUID
    MachineExtraInfo MachineExtraInfo Host Additional Information
    Note: This field may return null, indicating that no valid values can be obtained.

    VulDefenceEventDetail

    Vulnerability details

    Used by actions: DescribeDefenceEventDetail.

    Name Type Description
    VulName String Vulnerability name
    CveId String CVE ID
    Id Integer Vulnerability Event ID
    Quuid String Host QUUID
    Alias String Host name
    PrivateIp String Private IP address
    PublicIp String Public IP address
    EventType Integer 0: Attack Attempt (WeDetect); 1: Successful Attack Attempt (WeDetect); 2: RASP Defense Event
    SourceIp String Attack source IP address
    City String City of the attack source IP address
    SourcePort Array of Integer Attack source port
    Note: This field may return null, indicating that no valid values can be obtained.
    CreateTime String Event Creation Time
    MergeTime String Update Event Time
    Count Integer Number of Occurrences
    Status Integer Status. 0: Pending; 1: Defended; 2: Processed; 3: Ignored; 4: Deleted
    MachineStatus String ONLINE OFFLINE
    Description String Vulnerability Description Information
    Fix String Fixing suggestion
    NetworkPayload String Attack Payload
    Pid Integer Associated Process PID
    MainClass String Associated Process Main Class Name
    StackTrace String Stack Information (Unique for RASP)
    EventDetail String Vulnerability ID-Related Event Details (JSON array format, unique to RASP)
    ExceptionPstree String Host Compromise Event Process Tree (JSON format, unique to WeDetect)
    MachineExtraInfo MachineExtraInfo Host Additional Information
    Note: This field may return null, indicating that no valid values can be obtained.

    VulDefenceOverview

    Vulnerability defense trend page, which includes plugin status and attack defense trends. Trends are stored in three arrays of equal length, with elements corresponding one-to-one. If a certain day is missed, there will be missing data.

    Used by actions: DescribeVulDefenceOverview.

    Name Type Description
    Enable Integer Defense switch: 0 - disable; 1 - enable
    DefendHostCount Integer Number of hosts with defense enabled
    ExceptionCount Integer Number of plugin exceptions
    AttackCounts Array of Integer Daily attack trends
    Note: This field may return null, indicating that no valid values can be obtained.
    DefendCounts Array of Integer Daily defense trends
    Note: This field may return null, indicating that no valid values can be obtained.
    Date Array of String Date
    Note: This field may return null, indicating that no valid values can be obtained.

    VulDefencePluginDetail

    vulnerability defense plugin status of a single process

    Used by actions: DescribeVulDefencePluginDetail.

    Name Type Description
    Pid Integer ID of the injected process
    MainClass String Main class name of the injected process
    Status Integer Plugin status. 0: injecting; 1: injection successful; 2: plugin timed out, 3: plugin exited; 4: injection failed; 5: logically deleted.
    ErrorLog String Error log
    InjectLog String Injection log

    VulDefencePluginStatus

    Host vulnerability defense plugin information

    Used by actions: DescribeVulDefencePluginStatus.

    Name Type Description
    Quuid String Host QUUID
    Alias String Host alias
    PrivateIp String Private IP address
    PublicIp String Public IP address
    Exception Integer Plugin status: 0 - normal; 1 - abnormal
    CreateTime String Creation time
    ModifyTime String Last update time

    VulDefenceRangeDetail

    Vulnerability defense scope details

    Used by actions: DescribeVulDefenceList.

    Name Type Description
    VulName String Vulnerability name
    Label String Tag
    Level Integer Vulnerability level. 1: low-risk; 2: medium-risk; 3: high-risk; 4: critical.
    CvssScore Float CVSS score
    CveId String cve id
    PublishTime String Release time
    VulId Integer Vulnerability ID

    VulDetailInfo

    Vulnerability details

    Used by actions: DescribeScanTaskDetails.

    Name Type Description
    VulId Integer Vulnerability ID
    Level Integer Vulnerability level
    Name String Vulnerability name
    CveId String CVE ID
    VulCategory Integer 1: web-cms vulnerabilities; 2: application vulnerabilities; 4: Linux software vulnerabilities; 5: Windows system vulnerabilities; 0: emergency vulnerabilities
    Descript String Vulnerability description
    Fix String Fixing suggestion
    Reference String Reference link
    CvssScore Float CVSS score
    Cvss String CVSS details
    PublishTime String Release time

    VulEffectHostList

    List of hosts affected by vulnerabilities

    Used by actions: DescribeVulEffectHostList.

    Name Type Description
    EventId Integer Event ID
    Note: This field may return null, indicating that no valid values can be obtained.
    Status Integer Status. 0: pending; 1: ignored; 3: fixed; 5: detecting; 6: fixing; 7: rolling back; 8: fixing failed.Note: This field may return null, indicating that no valid values can be obtained.
    LastTime String Last detection time
    Note: This field may return null, indicating that no valid values can be obtained.
    Level Integer Hazard level: 1-Low-risk; 2-Medium-risk; 3-High-risk; 4-Critical
    Note: This field may return null, indicating that no valid values can be obtained.
    Quuid String Host QUUID
    Note: This field may return null, indicating that no valid values can be obtained.
    Uuid String Host UUID
    Note: This field may return null, indicating that no valid values can be obtained.
    HostIp String Host IP address
    Note: This field may return null, indicating that no valid values can be obtained.
    AliasName String Host alias
    Note: This field may return null, indicating that no valid values can be obtained.
    Tags Array of String Host tag
    Note: This field may return null, indicating that no valid values can be obtained.
    Description String Description
    Note: This field may return null, indicating that no valid values can be obtained.
    HostVersion Integer Edition information. 0: Basic Edition; 1: Pro Edition; 2: Ultimate Edition; 3: Inclusive Edition.Note: This field may return null, indicating that no valid values can be obtained.
    IsSupportAutoFix Integer Whether automatic fixing is supported. 0: not supported; 1: supported; 2: client offline; 3: manual fixing supported for Ultimate Edition hosts; 4: not supported for this model; 5: fixing, 6: fixed; 7: detecting; 9: fixing failed; 10: ignored; 11: supported for Linux but not Windows; 12: supported for Windows but not Linux; 13: fixing failed but host is offline; 14: fixing failed but host is not of the Ultimate edition; 15: manually fixed.Note: This field may return null, indicating that no valid values can be obtained.
    FixStatusMsg String Failure cause
    Note: This field may return null, indicating that no valid values can be obtained.
    FirstDiscoveryTime String First detection time
    Note: This field may return null, indicating that no valid values can be obtained.
    InstanceState String Instance status. "PENDING": creating; "LAUNCH_FAILED" : creation failed; "RUNNING": running; "STOPPED": shut down; "STARTING": starting; "STOPPING": shutting down; "REBOOTING": restarting; "SHUTDOWN": shut down and pending termination; "TERMINATING": terminating.Note: This field may return null, indicating that no valid values can be obtained.
    PublicIpAddresses String Public IP address
    Note: This field may return null, indicating that no valid values can be obtained.
    CloudTags Array of Tags Cloud tag information
    Note: This field may return null, indicating that no valid values can be obtained.
    MachineExtraInfo MachineExtraInfo Host additional information
    Note: This field may return null, indicating that no valid values can be obtained.

    VulEffectModuleInfo

    Details of components affected by vulnerabilities

    Used by actions: DescribeVulEffectModules.

    Name Type Description
    Name String Component name
    Uuids Array of String Affected host uuid
    Rule String Affected component version
    Path String Component path
    Version String Component version
    FixCmd String Fix Command
    Quuids Array of String Affected host quuid

    VulEmergentMsgInfo

    Emergency notification entity

    Used by actions: DescribeVulEmergentMsg.

    Name Type Description
    VulId Integer Vulnerability ID
    PublishTime String Vulnerability publish time
    Name String Vulnerability name

    VulFixStatusHostInfo

    View the fixing status of each vulnerability on each host.

    Used by actions: DescribeVulFixStatus.

    Name Type Description
    HostName String Host name
    HostIp String Host IP
    Quuid String Host QUUID
    Status Integer Status. 0: initial status; 1: task issued (fixing); 2: completed (successful); 3: fixing failed (failed); 4: fixing failed due to snapshot creation failure (unfixed).
    ModifyTime String Fixing time
    FailReason String Fixing failure cause
    Note: This field may return null, indicating that no valid values can be obtained.

    VulFixStatusInfo

    View vulnerability fixing details

    Used by actions: DescribeVulFixStatus.

    Name Type Description
    VulId Integer Vulnerability ID
    Note: This field may return null, indicating that no valid values can be obtained.
    VulName String Vulnerability name
    Note: This field may return null, indicating that no valid values can be obtained.
    Progress Integer Vulnerability fixing progress: 1-100;
    HostList Array of VulFixStatusHostInfo Vulnerability fixing status for corresponding hosts
    Note: This field may return null, indicating that no valid values can be obtained.
    FailCnt Integer Number of hosts with failed vulnerability fixing
    Note: This field may return null, indicating that no valid values can be obtained.
    FixSuccessCnt Integer Number of hosts with successful vulnerability fixing
    Note: This field may return null, indicating that no valid values can be obtained.
    FixMethod Integer

    VulFixStatusSnapshotInfo

    Machine snapshot information

    Used by actions: DescribeVulFixStatus.

    Name Type Description
    Quuid String cvm id
    HostName String Host name
    Note: This field may return null, indicating that no valid values can be obtained.
    HostIp String Host IP address
    Note: This field may return null, indicating that no valid values can be obtained.
    SnapshotName String Snapshot name
    Note: This field may return null, indicating that no valid values can be obtained.
    ModifyTime String Snapshot creation time
    Note: This field may return null, indicating that no valid values can be obtained.
    SnapshotId String Snapshot ID
    Note: This field may return null, indicating that no valid values can be obtained.
    Id Integer Unique record ID
    Status Integer Snapshot status. 0: initial; 1: created successfully; 2: creation failed.
    FailReason String Snapshot creation failure reason
    Note: This field may return null, indicating that no valid values can be obtained.

    VulHostTopInfo

    Top 5 server risk entities

    Used by actions: DescribeVulHostTop.

    Name Type Description
    HostName String Host name
    Note: This field may return null, indicating that no valid values can be obtained.
    VulLevelList Array of VulLevelCountInfo Vulnerability level and quantity statistics list
    Note: This field may return null, indicating that no valid values can be obtained.
    Quuid String Host QUUID
    Note: This field may return null, indicating that no valid values can be obtained.
    Score Integer Top ratings
    Note: This field may return null, indicating that no valid values can be obtained.

    VulInfoByCveId

    Query vulnerability details by cve_id

    Used by actions: DescribeVulCveIdInfo.

    Name Type Description
    VulId Integer Vulnerability ID
    FixSwitch Integer Repair Support Status. 0-Neither Windows nor Linux supports for repair; 1-Both Windows and Linux support for repair; 2-Only Linux supports for repair; 3-Only Windows supports for repair.

    VulInfoHostInfo

    Fix vulnerability second popup in batch

    Used by actions: DescribeCanFixVulMachine.

    Name Type Description
    HostName String Host name
    Note: This field may return null, indicating that no valid values can be obtained.
    HostIp String Host IP
    Note: This field may return null, indicating that no valid values can be obtained.
    Tags Array of String Host tag
    Note: This field may return null, indicating that no valid values can be obtained.
    Quuid String Host QUUID
    Note: This field may return null, indicating that no valid values can be obtained.
    IsSupportAutoFix Integer 0 - the vulnerability cannot be fixed automatically; 1 - the vulnerability can be fixed automatically; 2 - the client has been offline; 3 - the host is not the ultimate edition and can only be fixed manually; 4 - the model does not allow automatic fix; 5 - fixing; 6 - fixed; 7 - under detection; 9 - fix failed; 10 - ignored; 11 - the vulnerability is supported only on Linux, not on Windows; 12 - the vulnerability is supported only on Windows, not on Linux.
    Note: This field may return null, indicating that no valid values can be obtained.
    Uuid String Host UUID
    Note: This field may return null, indicating that no valid values can be obtained.
    InstanceId String Host InstanceId
    Note: This field may return null, indicating that no valid values can be obtained.

    VulInfoList

    Vulnerability list on the vulnerability management page of CWPP

    Used by actions: DescribeVulList.

    Name Type Description
    Ids String IDs of events corresponding to a vulnerability, separated by commas (,)
    Name String Vulnerability name
    Status Integer 0: pending; 1: ignored; 3: fixed; 5: detecting; 6: fixing; 8: fixing failed
    VulId Integer Vulnerability ID
    PublishTime String Vulnerability disclosure time
    LastTime String Last detection time
    HostCount Integer Number of affected hosts
    Level Integer Vulnerability level. 1: low-risk; 2: medium-risk; 3: high-risk; 4: critical.
    From Integer This field has been deprecated.
    Note: This field may return null, indicating that no valid values can be obtained.
    Descript String Description
    Note: This field may return null, indicating that no valid values can be obtained.
    PublishTimeWisteria String This field has been deprecated.
    Note: This field may return null, indicating that no valid values can be obtained.
    NameWisteria String This field has been deprecated.
    Note: This field may return null, indicating that no valid values can be obtained.
    DescriptWisteria String This field has been deprecated.
    Note: This field may return null, indicating that no valid values can be obtained.
    StatusStr String Event status after aggregation
    Note: This field may return null, indicating that no valid values can be obtained.
    CveId String CVE ID
    Note: This field may return null, indicating that no valid values can be obtained.
    CvssScore Float CVSS score
    Note: This field may return null, indicating that no valid values can be obtained.
    Labels String Vulnerability tags, separated by multiple commas
    Note: This field may return null, indicating that no valid values can be obtained.
    FixSwitch Integer Whether automatic fixing is supported and hosts that support automatic fixing are included. 0: no; 1: yes.Note: This field may return null, indicating that no valid values can be obtained.
    TaskId Integer ID of the last scan task
    Note: This field may return null, indicating that no valid values can be obtained.
    IsSupportDefense Integer Whether defense is supported. 0: not supported; 1: supported.Note: This field may return null, indicating that no valid values can be obtained.
    DefenseAttackCount Integer Number of attacks defended
    Note: This field may return null, indicating that no valid values can be obtained.
    FirstAppearTime String First occurrence time
    Note: This field may return null, indicating that no valid values can be obtained.
    VulCategory Integer Vulnerability category. 1: web CMS vulnerability; 2: application vulnerability; 4: Linux software vulnerability; 5: Windows system vulnerability.Note: This field may return null, indicating that no valid values can be obtained.
    AttackLevel Integer Attack intensity
    Note: This field may return null, indicating that no valid values can be obtained.
    FixNoNeedRestart Boolean Whether a restart is required after the vulnerability is fixed
    Note: This field may return null, indicating that no valid values can be obtained.
    Method Integer Detection method. 0: version comparison; 1: POC verification.Note: This field may return null, indicating that no valid values can be obtained.

    VulLevelCountInfo

    Number of vulnerability levels

    Used by actions: DescribeVulHostTop.

    Name Type Description
    VulLevel Integer Vulnerability level
    VulCount Integer Number of vulnerabilities

    VulLevelInfo

    The statistical entity representing the distribution of vulnerabilities by severity level

    Used by actions: DescribeVulLevelCount.

    Name Type Description
    VulLevel Integer // Severity level: 1 - low-risk; 2 - medium-risk; 3 - high-risk; 4 - critical
    Count Integer Quantity

    VulOverview

    Vulnerability overview

    Used by actions: DescribeVulOverview.

    Name Type Description
    TotalCount Integer Total number
    TodayCount Integer Number of new key-value pairs today

    VulStoreListInfo

    Information on the vulnerability database list

    Used by actions: DescribeHotVulTop, DescribeVulStoreList.

    Name Type Description
    VulId Integer Vulnerability ID
    Level Integer Vulnerability level
    Name String Vulnerability name
    CveId String CVE ID
    VulCategory Integer 1: web-cms vulnerabilities; 2: application vulnerabilities; 4: Linux software vulnerabilities; 5: Windows system vulnerabilities; 0: emergency vulnerabilities.
    PublishDate String Release time
    Method Integer Vulnerability Detection Method: 0 - Version Comparison, 1 - POC Verification
    AttackLevel Integer Vulnerability attack level
    FixSwitch Integer Whether automatic vulnerability fixing is supported
    0: not supported on Windows/Linux; 1: supported on Windows/Linux; 2: supported on Linux only; 3: supported on Windows only.
    SupportDefense Integer Whether defense against vulnerabilities is supported
    0: not supported; 1: supported.

    VulTopInfo

    The statistical entity representing top vulnerabilities

    Used by actions: DescribeVulTop.

    Name Type Description
    VulName String Vulnerability name
    Note: This field may return null, indicating that no valid values can be obtained.
    VulLevel Integer Hazard level: 1-Low-risk; 2-Medium-risk; 3-High-risk; 4-Critical
    Note: This field may return null, indicating that no valid values can be obtained.
    VulCount Integer Number of vulnerabilities
    Note: This field may return null, indicating that no valid values can be obtained.
    VulId Integer Vulnerability ID
    Note: This field may return null, indicating that no valid values can be obtained.

    WarningInfoObj

    List of alarm settings

    Used by actions: DescribeWarningList.

    Name Type Description
    Type Integer Event alarm type. 1: offline; 2: Trojan; 3: abnormal log-in; 4: brute force cracking; 5: vulnerability (including types of values 9, 10, 11, and 12); 6: high-risk command; 7: reverse shell; 8: local privilege escalation; 9: application vulnerability; 10: web CMS vulnerability; 11: emergency vulnerability; 12: security baseline; 13: tampering prevention; 14: malicious request; 15: network attack; 16: Windows system vulnerability; 17: Linux software vulnerability; 18: core file monitoring; 19: client uninstallation; 20: client offline.
    DisablePhoneWarning Integer 1: disable alarm; 0: enable alarm
    BeginTime String Start time. Format: HH:mm.
    EndTime String End time. Format: HH:mm.
    TimeZone String Time zone information
    ControlBit Integer Vulnerability level control bit (corresponding to the decimal storage in the database)
    ControlBits String Vulnerability level control bits in binary. Each bit indicates the enabling status of the corresponding vulnerability level on the page: low, medium, and high (0: disabled; 1: enabled). For example, 101 indicates that both low and high levels are enabled.
    HostRange Integer Alarm Host Range Type. 0: All Hosts; 1: By Project; 2: By Tencent Cloud Tag; 3: By Host Security Tag; 4: Custom Hosts
    Note: This field may return null, indicating that no valid values can be obtained.
    Count Integer Configured Number of Hosts in the Range of Alarm, used by the frontend to decide when to display prompt information.
    Note: This field may return null, indicating that no valid values can be obtained.

    WarningObject

    Parameters used to update alarms or inserted into alarms

    Used by actions: ModifyWarningSetting.

    Name Type Required Description
    Type Integer No Event Alarm Type. 1: Offline; 2: Trojan; 3: Exceptional login; 4: Brute force; 5: Vulnerability (split into four types ranging from 9 to 12); 6: High-risk command; 7: Reverse sell; 8: Local privilege escalation;, 9: System component vulnerabilities; 10: Web application vulnerabilities; 11: Emergency vulnerabilities; 12: Security baseline; 14: Malicious request; 15: Network attack; 16: Windows system vulnerabilities; 17: Linux software vulnerabilities
    DisablePhoneWarning Integer No 1: disable alarm; 0: enable alarm.
    BeginTime String No Start time. Format: HH:mm.
    EndTime String No End time. Format: HH:mm.
    ControlBits String No 1. Vulnerability level control bits in binary. Each bit corresponds to the vulnerability level enabling status on the corresponding page. Level: low, medium, high (0: disabled; 1: enabled). Example: 101, indicating both the low and high levels are enabled. 2. Brute force cracking control bits in binary. 01: notify upon successful brute force cracking; 10: notify upon brute force cracking failure.
    HostRange Integer No Alarm Host Range Type. 0: All Hosts; 1: By Project; 2: By Tencent Cloud Tag; 3: By Host Security Tag; 4: Custom Hosts

    WebHookCustomField

    Custom passthrough field structure

    Used by actions: DescribeWebHookPolicy, ModifyWebHookPolicy.

    Name Type Required Description
    Key String Yes key
    Note: This field may return null, indicating that no valid values can be obtained.
    Value String Yes value
    Note: This field may return null, indicating that no valid values can be obtained.

    WebHookEventKv

    Enterprise WeChat Robot Event Types

    Used by actions: DescribeWebHookPolicy, DescribeWebHookRule, DescribeWebHookRules, ModifyWebHookPolicy, ModifyWebHookRule.

    Name Type Required Description
    Type Integer Yes Event type
    ControlBit String Yes Event content

    WebHookHostLabel

    Enterprise WeChat Robot Host Range

    Used by actions: DescribeWebHookPolicy, DescribeWebHookRule, DescribeWebHookRules, ModifyWebHookPolicy, ModifyWebHookRule.

    Name Type Required Description
    Type Integer Yes Host Range [1: Project |2: Tencent Cloud Tag | 3: Host Security Tag | 4: Optional] Empty array means all.
    Values Array of String Yes Host Project or Tag Content

    WebHookPolicy

    Policy

    Used by actions: DescribeWebHookPolicy.

    Name Type Description
    Id Integer id
    Note: This field may return null, indicating that no valid values can be obtained.
    Name String Policy name
    Note: This field may return null, indicating that no valid values can be obtained.
    Events Array of WebHookEventKv Event type
    Note: This field may return null, indicating that no valid values can be obtained.
    HostLabels Array of WebHookHostLabel Host range
    Note: This field may return null, indicating that no valid values can be obtained.
    Receivers Array of WebHookReceiver Recipient
    Note: This field may return null, indicating that no valid values can be obtained.
    Format Integer Format. 0: text; 1: JSON.
    Note: This field may return null, indicating that no valid values can be obtained.
    CustomFields Array of WebHookCustomField Custom passthrough field
    Note: This field may return null, indicating that no valid values can be obtained.
    IsDisabled Integer Enable/Disable [1-Disable, 0-Enable]
    Note: This field may return null, indicating that no valid values can be obtained.
    Quuids Array of String Host list
    Note: This field may return null, indicating that no valid values can be obtained.
    HostCount Integer Number of hosts
    Note: This field may return null, indicating that no valid values can be obtained.

    WebHookReceiver

    Alarm recipient

    Used by actions: DescribeWebHookPolicy, DescribeWebHookReceiver, DescribeWebHookReceiverUsage, ModifyWebHookPolicy.

    Name Type Required Description
    Id Integer No id
    Note: This field may return null, indicating that no valid values can be obtained.
    Name String No Recipient name
    Note: This field may return null, indicating that no valid values can be obtained.
    Addr String No Webhook URL
    Note: This field may return null, indicating that no valid values can be obtained.

    WebHookReceiverUsage

    Usage information on associated policies of the alarm recipient

    Used by actions: DescribeWebHookReceiverUsage.

    Name Type Description
    ReceiverId Integer Recipient ID
    Note: This field may return null, indicating that no valid values can be obtained.
    ReceiverName String Recipient name
    Note: This field may return null, indicating that no valid values can be obtained.
    PolicyName String Policy name
    Note: This field may return null, indicating that no valid values can be obtained.

    WebHookRuleDetail

    Enterprise WeChat Robot Rule Details

    Used by actions: DescribeWebHookRule, ModifyWebHookRule.

    Name Type Required Description
    RuleName String Yes Rule name
    HookAddr String Yes Chatbot address
    RuleItems Array of WebHookEventKv Yes Event type
    RuleId Integer No Rule ID
    RuleRemark String No Remarks
    HostLabels Array of WebHookHostLabel No Host scope
    HostIds Array of String No Host ID List
    IsDisabled Integer No Whether it is disabled [1: disabled|0: enabled]

    WebHookRuleSummary

    Enterprise WeChat Robot Rule Summary

    Used by actions: DescribeWebHookRules.

    Name Type Description
    RuleId Integer Rule ID
    RuleName String Rule name
    HookAddr String Robot Address
    RuleRemark String Remarks
    RuleItems Array of WebHookEventKv Event type
    HostLabels Array of WebHookHostLabel Host range
    IsDisabled Integer Enable/Disable [1-Disable, 0-Enable]
    CreateTime String Creation time
    UpdateTime String Update time
    HostCount Integer Number of hosts

    ZoneInfo

    Availability zone information

    Used by actions: DescribeBanRegions.

    Name Type Description
    ZoneName String Availability zone name
    联系我们

    联系我们,为您的业务提供专属服务。

    技术支持

    如果你想寻求进一步的帮助,通过工单与我们进行联络。我们提供7x24的工单服务。

    7x24 电话支持