Handles multiple alerts at a time.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes HandleSecurityEvents

The operation that you want to perform. Set the value to HandleSecurityEvents.

OperationCode String Yes deal

The operation to perform to batch handle alerts. Valid values:

  • deal: quarantines the source file of the malicious process.
  • kill_and_quara: terminates the malicious process and quarantines the source file.
  • kill_virus: removes the source file of the malicious process.
  • block_ip: blocks access from the source IP address.
  • ignore: ignores the alerts.
  • mark_mis_info: marks the alerts as false positives by adding them to the whitelist.
  • rm_mark_mis_info: cancels false positives by removing the alerts from the whitelist.
  • offline_handled: marks the alerts as handled.
RegionId String Yes cn-hangzhou

The ID of the region.

SecurityEvent.N.SecurityEventId String No 123456

The ID of alert N.

SecurityEvent.N.DesktopId String No ecd-blbmpzpqjdrdy****

The ID of the cloud desktop that is affected by alert N.

OperationParams String No {"expireTime":1578475919533}

The parameter value returned by the operation to perform to batch handle alerts.

This parameter is required only when the OperationCode parameter is set to kill_and_quara or block_ip. This parameter is not required if the OperationCode parameter is set to other values.

Response parameters

Parameter Type Example Description
RequestId String 269BDB16-2CD8-4865-84BD-11C40BC21DB0

The ID of the request.

TaskId Long 1234

The ID of the task to handle the alerts.

Examples

Sample requests

https://ecd.cn-hangzhou.aliyuncs.com/?Action=HandleSecurityEvents
&OperationCode=deal
&RegionId=cn-hangzhou
&<Common request parameters>

Sample success responses

XML format

<HandleSecurityEventsResponse>
      <TaskId>1234</TaskId>
      <RequestId>269BDB16-2CD8-4865-84BD-11C40BC21DB0</RequestId>
</HandleSecurityEventsResponse>

JSON format

{
	"TaskId": "1234",
	"RequestId": "269BDB16-2CD8-4865-84BD-11C40BC21DB0"
}