You can call the DescribeSimilarSecurityEvents operation to query alerts triggered by the same rule or rules of the same type.
Debugging
Request parameters
Parameter | Type | Required | Example | Description |
---|---|---|---|---|
Action | String | Yes | DescribeSimilarSecurityEvents |
The operation that you want to perform. Set the value to DescribeSimilarSecurityEvents. |
SourceIp | String | No | 1.2.3.4 |
The source IP address of the request. |
Lang | String | No | zh |
The language of the request and response. Valid values:
|
TaskId | Long | No | 111 |
The ID of the task. |
CurrentPage | Integer | No | 1 |
The page number of the returned page. |
PageSize | Integer | No | 5 |
The number of entries to return on each page. |
Response parameters
Parameter | Type | Example | Description |
---|---|---|---|
RequestId | String | 97B9CBC6-F869-4860-9CBC-A7310F85AE8E |
The ID of the request. |
SecurityEventsResponse | Array |
The list of alerts that are of the same type. |
|
SecurityEventId | Long | 123 |
The ID of the alert. |
Uuid | String | qweeqq-13232-daweq-wqeqe |
The UUID of the machine. |
EventType | String | Abnormal network connections |
The type of the alert. |
EventName | String | Visits malicious domains |
The name of the alert. |
OccurrenceTime | Long | 1577379820000 |
The first time when the exception occurred. |
LastTime | Long | 1577441301000 |
The latest time when the exception occurred. |
PageInfo | Struct |
The pagination information. |
|
Count | Integer | 12 |
The number of entries returned on the current page. |
PageSize | Integer | 20 |
The number of entries returned per page. |
TotalCount | Integer | 23 |
The number of alerts that are of the same type. |
CurrentPage | Integer | 1 |
The page number of the returned page. |
Examples
Sample requests
http(s)://[Endpoint]/? Action=DescribeSimilarSecurityEvents
&<Common request parameters>
Sample success responses
XML
format
<DescribeSimilarSecurityEvents>
<PageInfo>
<TotalCount>2</TotalCount>
<PageSize>5</PageSize>
<CurrentPage>1</CurrentPage>
<Count>2</Count>
</PageInfo>
<SecurityEventsResponse>
<OccurrenceTime>1576686364000</OccurrenceTime>
<SecurityEventId>124</SecurityEventId>
<Uuid>123-aasd-dsa-dadsa</Uuid>
<EventType>Abnormal network connections</EventType>
<EventName>Visits malicious domains</EventName>
<LastTime>1577063771000</LastTime>
</SecurityEventsResponse>
<SecurityEventsResponse>
<OccurrenceTime>1577379820000</OccurrenceTime>
<SecurityEventId>123</SecurityEventId>
<Uuid>ewqeqweq-12311-sdfasf-afafsa</Uuid>
<EventType>Abnormal network connections</EventType>
<EventName>Visits malicious domains</EventName>
<LastTime>1577441301000</LastTime>
</SecurityEventsResponse>
<requestId>97B9CBC6-F869-4860-9CBC-A7310F85AE8E</requestId>
</DescribeSimilarSecurityEventsResponse>
JSON
format
{
"PageInfo": {
"TotalCount": 2,
"PageSize": 5,
"CurrentPage": 1,
"Count": 2
},
"SecurityEventsResponse": [
{
"OccurrenceTime": 1576686364000,
"SecurityEventId": 124,
"Uuid": "123-aasd-dsa-dadsa",
"EventType": "Abnormal network connections",
"EventName": "Visits malicious domains",
"LastTime": 1577063771000
},
{
"OccurrenceTime": 1577379820000,
"SecurityEventId": 123,
"Uuid": "qweeqq-13232-daweq-wqeqe",
"EventType": "Abnormal network connections",
"EventName": "Visits malicious domains",
"LastTime": 1577441301000
}
],
"requestId": "97B9CBC6-F869-4860-9CBC-A7310F85AE8E"
}
Error codes
For a list of error codes, visit the API Error Center.