Queries operations that can be performed to handle alerts.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes DescribeSecurityEventOperations

The operation that you want to perform. Set the value to DescribeSecurityEventOperations.

RegionId String Yes cn-hangzhou

The ID of the region.

SecurityEventId Long Yes 12345

The ID of the alert.

Response parameters

Parameter Type Example Description
RequestId String 269BDB16-2CD8-4865-84BD-11C40BC21DB0

The ID of the request.

SecurityEventOperations Array of SecurityEventOperation

The operations performed on the alert.

OperationCode String ignore

The code of the operation performed on the alert. Valid values:

  • mark_mis_info: adds the alert to the whitelist without configuring rules. This operation is triggered by adding multiple alerts to the whitelist at a time.
  • advance_mark_mis_inf: adds the alert to the whitelist by configuring advanced rules.
  • defense_mark_mis_info: adds the alert to the whitelist by configuring precise defense rules.
  • rm_mark_mis_info: removes the alert from the whitelist.
  • rm_defense_mark_mis_info: removes the alert from the whitelist configured with precise defense rules.
  • manual_handled: manually handles the alert.
  • ignore: ignores the alert.
  • quara: quarantines the source file of the malicious process.
  • block_ip: blocks access from the source IP address.
  • kill_and_quara: terminates the malicious process and quarantines the source file.
OperationParams String qqqqq

The parameters of the operation.

UserCanOperate Boolean true

Indicates whether the alert can be handled. Valid values:

  • true: The alert can be handled.
  • false: The alert cannot be handled.

Examples

Sample requests

https://ecd.cn-hangzhou.aliyuncs.com/?Action=DescribeSecurityEventOperations
&RegionId=cn-hangzhou
&SecurityEventId=12345
&<Common request parameters>

Sample success responses

XML format

<DescribeSecurityEventOperationsResponse>
      <RequestId>269BDB16-2CD8-4865-84BD-11C40BC21DB0</RequestId>
      <SecurityEventOperations>
            <OperationParams>qqqqq</OperationParams>
            <OperationCode>ignore</OperationCode>
            <UserCanOperate>true</UserCanOperate>
      </SecurityEventOperations>
</DescribeSecurityEventOperationsResponse>

JSON format

{
    "RequestId": "269BDB16-2CD8-4865-84BD-11C40BC21DB0",
    "SecurityEventOperations": [{
        "OperationParams": "qqqqq",
        "OperationCode": "ignore",
        "UserCanOperate": "true"
    }]
}