You can call this operation to query anomalous activities.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes DescribeEvents

The operation that you want to perform. Set the value to DescribeEvents.
CurrentPage Integer No 1

The number of the page to return.
DealUserId String No yundun-***

The ID of the account used to process the anomalous activity.
EndTime String No 1698700000

The end of the time range to query anomalous activities. This value is a UNIX timestamp representing the number of milliseconds that have elapsed since the epoch time January 1, 1970, 00:00:00 UTC.

Lang String No zh

The language of the request and response. Valid values:

  • zh: Chinese
  • en: English
PageSize Integer No 12

The number of entries to return on each page.
ProductCode String No OSS

The name of the service where the anomalous activity was detected. Valid values:

  • MaxCompute
  • OSS
  • RDS
StartTime String No 1657900000

The beginning of the time range to query anomalous activities. This value is a UNIX timestamp representing the number of milliseconds that have elapsed since the epoch time January 1, 1970, 00:00:00 UTC.

Status String No 1

The ID of the processing status of the anomalous activity. Valid values:

  • 0: unprocessed
  • 1: confirmed as an anomaly
  • 2: excluded as a false positive
SubTypeCode String No Anomalous downloaded data volume

The name of the anomalous activity subtype.

Note You can call the DescribeEventTypes operation to query the name of the anomalous activity subtype.
TargetProductCode String No RDS

The name of the destination service to which data is transferred during an anomalous data flow. Valid values:

  • MaxCompute
  • OSS
  • RDS
TypeCode String No 02

The code of the anomalous activity type. Valid values:

  • 01: anomalous permission access
  • 02: anomalous data flow
  • 03: anomalous data operation
UserId Long No 1978132506596529

The ID of the account that triggered the anomalous activity.

Response parameters

Parameter Type Example Description
CurrentPage Integer 1

The page number of the returned page.
Items

The list of anomalous activities that were queried.
AlertTime Long 154529000

The time when an alert was triggered for the anomalous activity. This value is a UNIX timestamp representing the number of milliseconds that have elapsed since the epoch time January 1, 1970, 00:00:00 UTC.

Backed Boolean false

Indicates whether the processing result of the anomalous activity was used to enhance the detection of anomalous activities. By enhancing the detection, you can improve the detection accuracy and the rate of triggering alerts for anomalous activities. Valid values:

  • true: The detection was enhanced.
  • false: The detection was not enhanced.
DealDisplayName String yundunsr

The display name of the account used to process the anomalous activity.
DealLoginName String det1111

The username of the account used to process the anomalous activity.
DealTime Long 12223300

The time when the anomalous activity was processed. This value is a UNIX timestamp representing the number of milliseconds that have elapsed since the epoch time January 1, 1970, 00:00:00 UTC.

DealUserId Long 229157443385014140

The ID of the account used to process the anomalous activity.
DisplayName String yundunsr

The display name of the account that triggered the anomalous activity.
EventTime Long 1545829129000

The time when the anomalous activity occurred. This value is a UNIX timestamp representing the number of milliseconds that have elapsed since the epoch time January 1, 1970, 00:00:00 UTC.

Id Long 42233335555

The unique ID of the anomalous activity.
LoginName String det1111

The username of the account that triggered the anomalous activity.
ProductCode String RDS

The name of the service where the anomalous activity was detected.
Status Integer 0

The ID of the processing status of the anomalous activity. Valid values:

  • 0: unprocessed
  • 1: confirmed as an anomaly
  • 2: excluded as a false positive
StatusName String Unprocessed

The name of the processing status of the anomalous activity.
SubTypeCode String 020008

The code of the anomalous activity subtype.
SubTypeName String Anomalous downloaded data volume

The name of the anomalous activity subtype.
TargetProductCode String RDS

The name of the destination service to which data is transferred during an anomalous data flow.

TypeCode String 02

The code of the anomalous activity type.
TypeName String Anomalous data flow

The name of the anomalous activity type.
UserId Long 229157443385014140

The ID of the account that triggered the anomalous activity.
PageSize Integer 12

The number of entries returned per page.
RequestId String 769FB3C1-F4C9-42DF-9B72-7077A8989C13

The ID of the request.
TotalCount Integer 1

The total number of returned entries.

Examples

Sample requests


http(s)://[Endpoint]/? Action=DescribeEvents
&<Common request parameters>

Sample success responses

XML format 

<DescribeEvents>
  <RequestId>769FB3C1-F4C9-42DF-9B72-7077A8989C13</RequestId>
  <PageSize>10</PageSize>
  <CurrentPage>1</CurrentPage>
  <TotalCount>1</TotalCount>
  <Items>
        <Status>0</Status>
        <TypeName>Anomalous data flow</TypeName>
        <Backed>false</Backed>
        <TypeCode>02</TypeCode>
        <ProductCode>RDS</ProductCode>
        <SubTypeName>Anomalous downloaded data volume</SubTypeName>
        <EventTime>1545829129000</EventTime>
        <UserId>229157443385014140</UserId>
        <LoginName>det1111</LoginName>
        <DisplayName>yundunsr</DisplayName>
        <Id>54122244</Id>
        <SubTypeCode>020008</SubTypeCode>
        <AlertTime>1545829129000</AlertTime>
        <StatusName>Unprocessed</StatusName>
        <DealUserId>229157443385014140</DealUserId>
        <DealLoginName>det1111</DealLoginName>
        <DeaulDisplayName>yundunsr</DeaulDisplayName>
        <DepartName>test</DepartName>
  </Items>
</DescribeEvents>

JSON format 

{
	"Items":[
		{
			"ProductCode":"RDS",
			"LoginName":"det1111",
			"DepartName":"test",
			"Backed":false,
			"TypeName":"Anomalous data flow",
			"UserId":229157443385014132,
			"DisplayName":"yundunsr",
			"Status":0,
			"DeaulDisplayName":"yundunsr",
			"TypeCode":"02",
			"EventTime":1545829129000,
			"AlertTime":1545829129000,
			"StatusName":"Unprocessed",
			"Id":54122244,
			"DealLoginName":"det1111",
			"SubTypeName":"Anomalous downloaded data volume",
			"SubTypeCode":"020008",
			"DealUserId":229157443385014132
		}
	],
	"TotalCount":1,
	"PageSize":10,
	"RequestId":"769FB3C1-F4C9-42DF-9B72-7077A8989C13",
	"CurrentPage":1
}

Error codes

For a list of error codes, visit the API Error Center.