Handles multiple suspicious events at a time.
Debugging
Request parameters
Parameter | Type | Required | Example | Description |
---|---|---|---|---|
Action | String | Yes | OperationSuspEvents |
The operation that you want to perform. Set the value to OperationSuspEvents. Note If operation-specific request parameters contain only this parameter, Security Center
does not handle suspicious events.
|
SourceIp | String | No | 1.2.3.4 |
The source IP address of the request. |
SuspiciousEventIds | String | No | 290852 |
The list of alert IDs. Note You can call theDescribeAlarmEventList operation and obtain the IDs from the SecurityEventIds response parameter.
|
Operation | String | No | deal |
The operation that you want to perform on alerts. Valid values:
|
SubOperation | String | No | killAndQuaraFileByPidAndMd5andPath |
The suboperation that you want to perform when you quarantine the source file of the malicious process. Valid values:
|
From | String | No | aqs |
The ID of the request. Set the value to aqs, which specifies the request from the Security Center client. |
WarnType | String | No | alarm |
The type of the event. Valid values:
|
Response parameters
Parameter | Type | Example | Description |
---|---|---|---|
AccessCode | String | pass |
Indicates whether you have access permissions. Valid values:
|
RequestId | String | 7E0618A9-D5EF-4220-9471-C42B5E92719F |
The ID of the request. |
Success | Boolean | true |
The result of handling suspicious events. Valid values:
|
Examples
Sample requests
http(s)://[Endpoint]/?Action=OperationSuspEvents
&<Common request parameters>
Sample success responses
XML
format
<OperationSuspEventsResponse>
<AccessCode>pass</AccessCode>
<requestId>7E0618A9-D5EF-4220-9471-C42B5E92719F</requestId>
<success>true</success>
</OperationSuspEventsResponse>
JSON
format
{
"AccessCode": "pass",
"requestId": "7E0618A9-D5EF-4220-9471-C42B5E92719F",
"success": true
}
Error codes
For a list of error codes, visit the API Error Center.