All Products
Search
Document Center

Data Security Center:DescribeEvents

Last Updated:Feb 27, 2024

Queries anomalous events.

Operation description

You can call this operation to query anomalous events that may involve data leaks. This helps you search for and handle anomalous events.

Limits

You can call this operation up to 10 times per second per account. If the number of the calls per second exceeds the limit, throttling is triggered. As a result, your business may be affected. We recommend that you take note of the limit when you call this operation.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer.

Authorization information

There is currently no authorization information disclosed in the API.

Request parameters

ParameterTypeRequiredDescriptionExample
LangstringNo

The language of the content within the request and response. Default value: zh_cn. Valid values:

  • zh_cn: Chinese
  • en_us: English
zh_cn
IdlongNo

The unique ID of the anomalous event.

789026
UserIdlongNo

The ID of the account that triggered the anomalous event.

1978132506596***
DealUserIdstringNo

The ID of the account that handles the anomalous event.

yundun-***
StatusstringNo

The handling status of the anomalous event. Valid values:

  • 0: unhandled
  • 1: confirmed
  • 2: marked as false positive
1
TypeCodestringNo

The name of the anomalous event type. Valid values:

  • 01: anomalous permission usage
  • 02: anomalous data flow
  • 03: anomalous data operation
02
SubTypeCodestringNo

The name of the anomalous event subtype.

Note You can call the DescribeEventTypes operation to query the name of the anomalous event subtype.
Anomalous volume of downloaded data
StartTimestringNo

The beginning of the time range during which the anomalous events are detected. The value is a UNIX timestamp. Unit: milliseconds.

1657900000
EndTimestringNo

The end of the time range during which the anomalous events are detected. The value is a UNIX timestamp. Unit: milliseconds.

1698700000
PageSizeintegerNo

The number of entries to return on each page.

12
CurrentPageintegerNo

The page number of the page to return.

1
InstanceNamestringNo

The name of the data asset.

rm-uf6yzvbc2tg90iuxk.l****
ProductCodestringNo

The name of the service to which the table belongs. Valid values include MaxCompute, OSS, ADS, OTS, and RDS.

OSS
TargetProductCodestringNo

The name of the destination service in an anomalous data flow. Valid values include MaxCompute, OSS, ADS, OTS, and RDS

RDS
UserNamestringNo

The username of the RAM user.

name
WarnLevelintegerNo

The risk level of the alert that is triggered. Valid values:

  • 1: low
  • 2: medium
  • 3: high
1

Response parameters

ParameterTypeDescriptionExample
object

The result of the request.

CurrentPageinteger

The page number of the returned page.

1
RequestIdstring

The ID of the request.

769FB3C1-F4C9-42DF-9B72-7077A8989C13
PageSizeinteger

The number of entries returned per page.

12
TotalCountinteger

The total number of entries returned.

1
Itemsobject []

An array that consists of the anomalous events.

DisplayNamestring

The display name of the account that triggered the anomalous event.

yundunsr
Statusinteger

The handling status for the anomalous event. Valid values:

  • 0: unhandled
  • 1: confirmed
  • 2: marked as false positive
0
WarnLevelinteger

The severity of the anomalous event.

  • 1: low
  • 2: medium
  • 3: high
2
UserIdlong

The ID of the account that triggered the anomalous event.

1978132506596***
StatusNamestring

The name of the handling status for the anomalous event.

Pending
DealTimelong

The time when the anomalous event was handled. The value is a UNIX timestamp. Unit: milliseconds.

12223300
DealLoginNamestring

The username of the account that is used to handle the anomalous event.

det1111
SubTypeNamestring

The name of the anomalous event subtype.

Anomalous volume of downloaded data
Backedboolean

Indicates whether the detection of anomalous events is enhanced. If the detection of anomalous events is enhanced, the detection accuracy and the rate of triggering alerts for anomalous events are improved. Valid values:

  • true: yes
  • false: no
false
EventTimelong

The time when the anomalous event occurred. The value is a UNIX timestamp. Unit: milliseconds.

1545829129000
LoginNamestring

The username of the account that triggered the anomalous event.

det1111
SubTypeCodestring

The code of the anomalous event subtype.

020008
TargetProductCodestring

The name of the destination service in an anomalous data flow.

RDS
TypeCodestring

The code of the anomalous event type.

02
AlertTimelong

The time when an alert was triggered for the anomalous event. The value is a UNIX timestamp. Unit: milliseconds.

154529000
DealUserIdlong

The ID of the account that is used to handle the anomalous event.

229157443385014***
TypeNamestring

The name of the anomalous event type.

Anomalous data flow
DealDisplayNamestring

The display name of the account that is used to handle the anomalous event.

yundunsr
Idlong

The ID of the anomalous event.

42233335555
ProductCodestring

The name of the service in which the anomalous event was detected.

RDS

Examples

Sample success responses

JSONformat

{
  "CurrentPage": 1,
  "RequestId": "769FB3C1-F4C9-42DF-9B72-7077A8989C13",
  "PageSize": 12,
  "TotalCount": 1,
  "Items": [
    {
      "DisplayName": "yundunsr",
      "Status": 0,
      "WarnLevel": 2,
      "UserId": 0,
      "StatusName": "Pending\n",
      "DealTime": 12223300,
      "DealLoginName": "det1111",
      "SubTypeName": "Anomalous volume of downloaded data\n",
      "Backed": false,
      "EventTime": 1545829129000,
      "LoginName": "det1111",
      "SubTypeCode": "020008",
      "TargetProductCode": "RDS",
      "TypeCode": "02",
      "AlertTime": 154529000,
      "DealUserId": 0,
      "TypeName": "Anomalous data flow\n",
      "DealDisplayName": "yundunsr",
      "Id": 42233335555,
      "ProductCode": "RDS"
    }
  ]
}

Error codes

For a list of error codes, visit the Service error codes.

Change history

Change timeSummary of changesOperation
2024-01-16The request parameters of the API has changedsee changesets
Change itemChange content
Input ParametersThe request parameters of the API has changed.
    Added Input Parameters: WarnLevel