You can call the DescribeSimilarSecurityEvents operation to query alerts triggered by the same rule or rules of the same type.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes DescribeSimilarSecurityEvents

The operation that you want to perform.

Set the value to DescribeSimilarSecurityEvents.

SourceIp String No 1.2.3.4

The source IP address of the request.

Lang String No zh

The language of the request and response. Valid values:

  • zh: Chinese
  • en: English
TaskId Long No 111

The ID of the task.

CurrentPage Integer No 1

The page number of the returned page.

PageSize Integer No 5

The number of entries to return on each page.

Response parameters

Parameter Type Example Description
RequestId String 97B9CBC6-F869-4860-9CBC-A7310F85AE8E

The ID of the request.

SecurityEventsResponse Array

The list of alerts that are of the same type.

SecurityEventId Long 123

The ID of the alert.

Uuid String qweeqq-13232-daweq-wqeqe

The UUID of the machine.

EventType String Abnormal network connections

The type of the alert.

EventName String Visits malicious domains

The name of the alert.

OccurrenceTime Long 1577379820000

The first time when the exception occurred.

LastTime Long 1577441301000

The latest time when the exception occurred.

PageInfo Struct

The pagination information.

Count Integer 12

The number of entries returned on the current page.

PageSize Integer 20

The number of entries returned per page.

TotalCount Integer 23

The number of alerts that are of the same type.

CurrentPage Integer 1

The page number of the returned page.

Examples

Sample requests

http(s)://[Endpoint]/? Action=DescribeSimilarSecurityEvents
&<Common request parameters>

Sample success responses

XML format

<DescribeSimilarSecurityEvents>
    <PageInfo>
        <TotalCount>2</TotalCount>
        <PageSize>5</PageSize>
        <CurrentPage>1</CurrentPage>
        <Count>2</Count>
    </PageInfo>
    <SecurityEventsResponse>
        <OccurrenceTime>1576686364000</OccurrenceTime>
        <SecurityEventId>124</SecurityEventId>
        <Uuid>123-aasd-dsa-dadsa</Uuid>
        <EventType>Abnormal network connections</EventType>
        <EventName>Visits malicious domains</EventName>
        <LastTime>1577063771000</LastTime>
    </SecurityEventsResponse>
    <SecurityEventsResponse>
        <OccurrenceTime>1577379820000</OccurrenceTime>
        <SecurityEventId>123</SecurityEventId>
        <Uuid>ewqeqweq-12311-sdfasf-afafsa</Uuid>
        <EventType>Abnormal network connections</EventType>
        <EventName>Visits malicious domains</EventName>
        <LastTime>1577441301000</LastTime>
    </SecurityEventsResponse>
    <requestId>97B9CBC6-F869-4860-9CBC-A7310F85AE8E</requestId>
</DescribeSimilarSecurityEventsResponse>

JSON format

{
    "PageInfo": {
      "TotalCount": 2,
      "PageSize": 5,
      "CurrentPage": 1,
      "Count": 2
    },
    "SecurityEventsResponse": [
      {
        "OccurrenceTime": 1576686364000,
        "SecurityEventId": 124,
        "Uuid": "123-aasd-dsa-dadsa",
        "EventType": "Abnormal network connections",
        "EventName": "Visits malicious domains",
        "LastTime": 1577063771000
      },
      {
        "OccurrenceTime": 1577379820000,
        "SecurityEventId": 123,
        "Uuid": "qweeqq-13232-daweq-wqeqe",
        "EventType": "Abnormal network connections",
        "EventName": "Visits malicious domains",
        "LastTime": 1577441301000
      }
    ],
  "requestId": "97B9CBC6-F869-4860-9CBC-A7310F85AE8E"
}

Error codes

For a list of error codes, visit the API Error Center.