You can call the DescribeSimilarSecurityEvents operation to query alerts triggered by the same rule or rules of the same type.
Debugging
Request parameters
| Parameter | Type | Required | Example | Description |
|---|---|---|---|---|
| Action | String | Yes | DescribeSimilarSecurityEvents | The operation that you want to perform. Set the value to DescribeSimilarSecurityEvents. |
| SourceIp | String | No | 1.2.3.4 | The source IP address of the request. |
| Lang | String | No | zh | The language of the request and response. Valid values:
|
| TaskId | Long | No | 111 | The ID of the task. |
| CurrentPage | Integer | No | 1 | The page number of the returned page. |
| PageSize | Integer | No | 5 | The number of entries to return on each page. |
Response parameters
| Parameter | Type | Example | Description |
|---|---|---|---|
| RequestId | String | 97B9CBC6-F869-4860-9CBC-A7310F85AE8E | The ID of the request. |
| SecurityEventsResponse | Array | The list of alerts that are of the same type. |
|
| SecurityEventId | Long | 123 | The ID of the alert. |
| Uuid | String | qweeqq-13232-daweq-wqeqe | The UUID of the machine. |
| EventType | String | Abnormal network connections | The type of the alert. |
| EventName | String | Visits malicious domains | The name of the alert. |
| OccurrenceTime | Long | 1577379820000 | The first time when the exception occurred. |
| LastTime | Long | 1577441301000 | The latest time when the exception occurred. |
| PageInfo | Struct | The pagination information. |
|
| Count | Integer | 12 | The number of entries returned on the current page. |
| PageSize | Integer | 20 | The number of entries returned per page. |
| TotalCount | Integer | 23 | The number of alerts that are of the same type. |
| CurrentPage | Integer | 1 | The page number of the returned page. |
Examples
Sample requests
http(s)://[Endpoint]/? Action=DescribeSimilarSecurityEvents
&<Common request parameters>Sample success responses
XML format
<DescribeSimilarSecurityEvents>
<PageInfo>
<TotalCount>2</TotalCount>
<PageSize>5</PageSize>
<CurrentPage>1</CurrentPage>
<Count>2</Count>
</PageInfo>
<SecurityEventsResponse>
<OccurrenceTime>1576686364000</OccurrenceTime>
<SecurityEventId>124</SecurityEventId>
<Uuid>123-aasd-dsa-dadsa</Uuid>
<EventType>Abnormal network connections</EventType>
<EventName>Visits malicious domains</EventName>
<LastTime>1577063771000</LastTime>
</SecurityEventsResponse>
<SecurityEventsResponse>
<OccurrenceTime>1577379820000</OccurrenceTime>
<SecurityEventId>123</SecurityEventId>
<Uuid>ewqeqweq-12311-sdfasf-afafsa</Uuid>
<EventType>Abnormal network connections</EventType>
<EventName>Visits malicious domains</EventName>
<LastTime>1577441301000</LastTime>
</SecurityEventsResponse>
<requestId>97B9CBC6-F869-4860-9CBC-A7310F85AE8E</requestId>
</DescribeSimilarSecurityEventsResponse>JSON format
{
"PageInfo": {
"TotalCount": 2,
"PageSize": 5,
"CurrentPage": 1,
"Count": 2
},
"SecurityEventsResponse": [
{
"OccurrenceTime": 1576686364000,
"SecurityEventId": 124,
"Uuid": "123-aasd-dsa-dadsa",
"EventType": "Abnormal network connections",
"EventName": "Visits malicious domains",
"LastTime": 1577063771000
},
{
"OccurrenceTime": 1577379820000,
"SecurityEventId": 123,
"Uuid": "qweeqq-13232-daweq-wqeqe",
"EventType": "Abnormal network connections",
"EventName": "Visits malicious domains",
"LastTime": 1577441301000
}
],
"requestId": "97B9CBC6-F869-4860-9CBC-A7310F85AE8E"
}Error codes
For a list of error codes, visit the API Error Center.