Queries quarantined files in the quarantine panel.

Description

When alerts are handled, the system quarantines the files that contain detected threats to the quarantine panel. You can call this operation to view the quarantined files.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes DescribeSuspEventQuaraFiles

The operation that you want to perform. Set the value to DescribeSuspEventQuaraFiles.

OfficeSiteId String Yes cn-hangzhou+dir-363353****

The ID of the workspace.

RegionId String Yes cn-hangzhou

The ID of the region.

Status String No quaraDone

The status of the quarantined file. Valid values:

  • quaraFailed: The file failed to be quarantined.
  • quaraDone: The file is quarantined.
  • quaraing: The file is being quarantined.
  • rollbackFailed: Quarantine for the file failed to be canceled.
  • rollbackDone: Quarantine for the file is canceled.
  • rollbacking: Quarantine for the file is being canceled.
CurrentPage Integer No 1

The number of the page to return.

Pages start from page 1.

Default value: 1.

PageSize Integer No 20

The maximum number of entries to return on each page.

Default value: 20.

Response parameters

Parameter Type Example Description
CurrentPage Integer 1

The page number of the returned page.

PageSize Integer 20

The maximum number of entries returned per page.

QuaraFiles Array of QuaraFile

The quarantined files.

DesktopId String ecd-138dsptkrt00u****

The ID of the cloud desktop.

DesktopName String test

The name of the cloud desktop.

EventName String WEBSHELL

The name of the alert.

EventType String WebshellQuaraEventTyp

The type of the alert.

Id Integer 3920516

The ID of the quarantined file.

Md5 String 5ddebe926acc7ed39a664409bfd0ec10

The message-digest algorithm 5 (MD5) value of the quarantined file.

ModifyTime String 2021-05-18 20:37:08

The time when the quarantined file was updated.

Path String /var/www/html/webshell-sample-master/others/def.jpg

The path where the quarantined file is stored on the cloud desktop.

Status String rollbackDone

The status of the quarantined file. Valid values:

  • quaraFailed: The file failed to be quarantined.
  • quaraDone: The file is quarantined.
  • quaraing: The file is being quarantined.
  • rollbackFailed: Quarantine for the file failed to be canceled.
  • rollbackDone: Quarantine for the file is canceled.
  • rollbacking: Quarantine for the file is being canceled.
Tag String 228f890e56eae9eec6a42c7ea801b538

The tag of the alert.

RequestId String 6AD0BA1B-0129-498F-B82A-17C7B8368A08

The ID of the request.

TotalCount Integer 1

The total number of quarantined files.

Examples

Sample requests

https://ecd.cn-hangzhou.aliyuncs.com/?Action=DescribeSuspEventQuaraFiles
&OfficeSiteId=cn-hangzhou+dir-363353****
&RegionId=cn-hangzhou
&<Common request parameters>

Sample success responses

XML format

<DescribeSuspEventQuaraFilesResponse>
    <TotalCount>1</TotalCount>
    <PageSize>20</PageSize>
    <RequestId>6AD0BA1B-0129-498F-B82A-17C7B8368A08</RequestId>
    <CurrentPage>1</CurrentPage>
    <QuaraFiles>
        <Status>rollbackDone</Status>
        <Path>/var/www/html/webshell-sample-master/others/def.jpg</Path>
        <ModifyTime>2021-05-18 20:37:08</ModifyTime>
        <EventType>WebshellQuaraEventTyp</EventType>
        <DesktopName>test</DesktopName>
        <DesktopId>ecd-138dsptkrt00u****</DesktopId>
        <Tag>228f890e56eae9eec6a42c7ea801b538</Tag>
        <Id>3920516</Id>
        <EventName>WEBSHELL</EventName>
        <Md5>5ddebe926acc7ed39a664409bfd0ec10</Md5>
    </QuaraFiles>
<DescribeSuspEventQuaraFilesResponse>

JSON format

{
    "TotalCount": "1",
    "PageSize": "20",
    "RequestId": "6AD0BA1B-0129-498F-B82A-17C7B8368A08",
    "CurrentPage": "1",
    "QuaraFiles": [{
        "Status": "rollbackDone",
        "Path": "/var/www/html/webshell-sample-master/others/def.jpg",
        "ModifyTime": "2021-05-18 20:37:08",
        "EventType": "WebshellQuaraEventTyp",
        "DesktopName": "test",
        "DesktopId": "ecd-138dsptkrt00u****",
        "Tag": "228f890e56eae9eec6a42c7ea801b538",
        "Id": "3920516",
        "EventName": "WEBSHELL",
        "Md5": "5ddebe926acc7ed39a664409bfd0ec10"
    }]
}