Queries the details of a specific exception. An alert event consists of alerts and exceptions. Each alert event is related to multiple exceptions.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes DescribeSuspEventDetail

The operation that you want to perform.

Set the value to DescribeSuspEventDetail.

From String Yes sas

The data source on which the exception is detected. Set the value to sas.

SourceIp String No 1.2.3.4

The source IP address of the request.

Lang String No zh

The natural language of the request and response. Valid values:

  • zh: Chinese
  • en: English
SuspiciousEventId Integer No 1

The ID of the exception to query.

Note To query the details of an exception, you must provide the ID of the exception. You can call the DescribeSuspEvents operation to query the IDs of exceptions.

Response parameters

Parameter Type Example Description
RequestId String 1

The ID of the request.

LastTime String 2018-10-30 11:43:46

The time when the exception last occurred.

Id Integer 1991

The ID of the exception.

InstanceName String ca_cpm_test1

The name of the associated instance.

InternetIp String 1.2.3.5

The public IP address of the associated instance.

IntranetIp String 1.2.3.1

The private IP address of the associated instance.

Uuid String bffb12c3-590a-4db2-b538-***

The ID of the associated instance.

EventDesc String This file may have been uploaded by an attacker who has intruded into your website. Check the validity of this file.

The description of the exception.

EventTypeDesc String Webshell - Webshell

The type of the exception.

Level String serious

The risk level of the exception. Valid values:

  • serious
  • suspicious
  • remind
EventStatus String 1

The status of the exception. Valid values:

  • 1: unhandled
  • 2: ignored
  • 4: confirmed
  • 8: marked as a false positive
  • 16: handling
  • 32: handled
  • 64: expired
SaleVersion String 1

The edition in which exception detection can be enabled. Valid values:

  • 0: the Basic edition
  • 1: the Enterprise edition
DataSource String aegis_suspicious_***

The data source on which the exception is detected.

OperateMsg String success

The operation remarks of the exception.

SasId String 1sdeswdd****

The product ID of Security Center.

EventName String WEBSHELL

The name of the exception.

CanBeDealOnLine Boolean true

Indicates whether the online processing of exceptions is supported. Valid values:

  • true: Online processing is supported.
  • false: Online processing is not supported.
Details Array

The details of the exception.

Name String Description.

The name in the exception details.

Type String html

The format in the exception details. Valid values:

  • text
  • html
InfoType String download_url

The type of the information that is displayed.

Value String 2018-12-12 12:00:00

The content in the exception details.

Examples

Sample requests

http(s)://[Endpoint]/?Action=DescribeSuspEventDetail
&From=sas
&<Common request parameters>

Sample success responses

XML format

<DescribeSuspEventDetailResponse>
  <RequestId>43F670F3-AB40-4E91-BC7D-C57468834F67</RequestId>
  <EventDesc>This file may have been uploaded by an attacker who has intruded into your website. Check the validity of this file. </EventDesc>
  <EventTypeDesc>Webshell - Webshell</EventTypeDesc>
  <EventStatus>1</EventStatus>
  <EventName>WEBSHELL</EventName>
  <SaleVersion>1</SaleVersion>
  <IntranetIp>1.2.3.4</IntranetIp>
  <DataSource>aegis_suspicious_***</DataSource>
  <InstanceName>ca_***</InstanceName>
  <CanBeDealOnLine>true</CanBeDealOnLine>
  <OperateMsg></OperateMsg>
  <Uuid>bffb12c3-590a-4db2-b538-***</Uuid>
  <Details>
        <Type>text</Type>
        <Value>/data/ftpUser/pub/***</Value>
        <InfoType>trojan_path</InfoType>
        <Name>Trojan file path</Name>
  </Details>
  <Details>
        <Type>text</Type>
        <Value>--</Value>
        <Name>Affected domain name</Name>
  </Details>
  <Details>
        <Type>text</Type>
        <Value>2018-10-30 05:00:56</Value>
        <InfoType>frist_found_time</InfoType>
        <Name>First detected time<Name>
  </Details>
  <Details>
        <Type>text</Type>
        <Value>2018-10-30 11:43:45</Value>
        <InfoType>update_time</InfoType>
        <Name>Update time</Name>
  </Details>
  <Details>
        <Type>text</Type>
        <Value>Webshell</Value>
        <InfoType>trojan_type</InfoType>
        <Name>Trojan type</Name>
  </Details>
  <Details>
        <Type>html</Type>
        <Value>&lt;a href="http://***"&gt; Download&lt;/a&gt;</Value>
        <InfoType>download_url</InfoType>
        <Name>Source file download</Name>
  </Details>
  <InternetIp>1.2.3.5</InternetIp>
  <Level>serious</Level>
  <Id>129636</Id>
  <LastTime>2018-10-30 11:43:46</LastTime>
  <SasId>39938056</SasId>
</DescribeSuspEventDetailResponse>

JSON format

{
    "RequestId": "43F670F3-AB40-4E91-BC7D-C57468834F67",
    "EventDesc": "This file may have been uploaded by an attacker who has intruded into your website. Check the validity of this file.",
    "EventTypeDesc": "Webshell - Webshell",
    "EventStatus": 1,
    "EventName": "WEBSHELL",
    "SaleVersion": "1",
    "IntranetIp": "1.2.3.4",
    "DataSource": "aegis_suspicious_***",
    "InstanceName": "ca_***",
    "CanBeDealOnLine": true,
    "OperateMsg": "",
    "Uuid": "bffb12c3-590a-4db2-b538-***",
    "Details": [
        {
            "Type": "text",
            "Value": "/data/ftpUser/pub/***",
            "InfoType": "trojan_path",
            "Name": "Trojan file path",
        },
        {
            "Type": "text",
            "Value": "--",
            "Name": "Affected domain name",
        },
        {
            "Type": "text",
            "Value": "2018-10-30 05:00:56",
            "InfoType": "frist_found_time",
            "Name": "First detected time",
        },
        {
            "Type": "text",
            "Value": "2018-10-30 11:43:45",
            "InfoType": "update_time",
            "Name": "Update time",
        },
        {
            "Type": "text",
            "Value": "Webshell",
            "InfoType": "trojan_type",
            "Name": "Trojan type",
        },
        {
            "Type": "html",
            "Value": "<a href=\"http://***\">Download</a>",
            "InfoType": "download_url",
            "Name": "Source file download",
        }
    ],
    "InternetIp": "1.2.3.5",
    "Level": "serious",
    "Id": 129636,
    "LastTime": "2018-10-30 11:43:46",
    "SasId": "39938056"
}

Error codes

For a list of error codes, visit the API Error Center.