Queries anomalous events.
Operation description
You can call this operation to query anomalous events that may involve data leaks. This helps you search for and handle anomalous events.
Limits
You can call this operation up to 10 times per second per account. If the number of the calls per second exceeds the limit, throttling is triggered. As a result, your business may be affected. We recommend that you take note of the limit when you call this operation.
Debugging
Authorization information
Request parameters
Parameter | Type | Required | Description | Example |
---|---|---|---|---|
Lang | string | No | The language of the content within the request and response. Default value: zh_cn. Valid values:
| zh_cn |
Id | long | No | The unique ID of the anomalous event. | 789026 |
UserId | long | No | The ID of the account that triggered the anomalous event. | 1978132506596*** |
DealUserId | string | No | The ID of the account that handles the anomalous event. | yundun-*** |
Status | string | No | The handling status of the anomalous event. Valid values:
| 1 |
TypeCode | string | No | The name of the anomalous event type. Valid values:
| 02 |
SubTypeCode | string | No | The name of the anomalous event subtype. Note
You can call the DescribeEventTypes operation to query the name of the anomalous event subtype.
| Anomalous volume of downloaded data |
StartTime | string | No | The beginning of the time range during which the anomalous events are detected. The value is a UNIX timestamp. Unit: milliseconds. | 1657900000 |
EndTime | string | No | The end of the time range during which the anomalous events are detected. The value is a UNIX timestamp. Unit: milliseconds. | 1698700000 |
PageSize | integer | No | The number of entries to return on each page. | 12 |
CurrentPage | integer | No | The page number of the page to return. | 1 |
InstanceName | string | No | The name of the data asset. | rm-uf6yzvbc2tg90iuxk.l**** |
ProductCode | string | No | The name of the service to which the table belongs. Valid values include MaxCompute, OSS, ADS, OTS, and RDS. | OSS |
TargetProductCode | string | No | The name of the destination service in an anomalous data flow. Valid values include MaxCompute, OSS, ADS, OTS, and RDS | RDS |
UserName | string | No | The username of the RAM user. | name |
WarnLevel | integer | No | The risk level of the alert that is triggered. Valid values:
| 1 |
Response parameters
Examples
Sample success responses
JSON
format
{
"CurrentPage": 1,
"RequestId": "769FB3C1-F4C9-42DF-9B72-7077A8989C13",
"PageSize": 12,
"TotalCount": 1,
"Items": [
{
"DisplayName": "yundunsr",
"Status": 0,
"WarnLevel": 2,
"UserId": 0,
"StatusName": "Pending\n",
"DealTime": 12223300,
"DealLoginName": "det1111",
"SubTypeName": "Anomalous volume of downloaded data\n",
"Backed": false,
"EventTime": 1545829129000,
"LoginName": "det1111",
"SubTypeCode": "020008",
"TargetProductCode": "RDS",
"TypeCode": "02",
"AlertTime": 154529000,
"DealUserId": 0,
"TypeName": "Anomalous data flow\n",
"DealDisplayName": "yundunsr",
"Id": 42233335555,
"ProductCode": "RDS"
}
]
}
Error codes
For a list of error codes, visit the Service error codes.
Change history
Change time | Summary of changes | Operation | ||||
---|---|---|---|---|---|---|
2024-01-16 | The request parameters of the API has changed | see changesets | ||||
|