Queries the details of a specific exception. An alert event consists of alerts and exceptions. Each alert event is related to multiple exceptions.
Debugging
Request parameters
| Parameter | Type | Required | Example | Description |
|---|---|---|---|---|
| Action | String | Yes | DescribeSuspEventDetail | The operation that you want to perform. Set the value to DescribeSuspEventDetail. |
| From | String | Yes | sas | The data source on which the exception is detected. Set the value to sas. |
| SourceIp | String | No | 1.2.3.4 | The source IP address of the request. |
| Lang | String | No | zh | The natural language of the request and response. Valid values:
|
| SuspiciousEventId | Integer | No | 1 | The ID of the exception to query.
Note To query the details of an exception, you must provide the ID of the exception. You can call the DescribeSuspEvents operation to query the IDs of exceptions.
|
Response parameters
| Parameter | Type | Example | Description |
|---|---|---|---|
| RequestId | String | 1 | The ID of the request. |
| LastTime | String | 2018-10-30 11:43:46 | The time when the exception last occurred. |
| Id | Integer | 1991 | The ID of the exception. |
| InstanceName | String | ca_cpm_test1 | The name of the associated instance. |
| InternetIp | String | 1.2.3.5 | The public IP address of the associated instance. |
| IntranetIp | String | 1.2.3.1 | The private IP address of the associated instance. |
| Uuid | String | bffb12c3-590a-4db2-b538-*** | The ID of the associated instance. |
| EventDesc | String | This file may have been uploaded by an attacker who has intruded into your website. Check the validity of this file. | The description of the exception. |
| EventTypeDesc | String | Webshell - Webshell | The type of the exception. |
| Level | String | serious | The risk level of the exception. Valid values:
|
| EventStatus | String | 1 | The status of the exception. Valid values:
|
| SaleVersion | String | 1 | The edition in which exception detection can be enabled. Valid values:
|
| DataSource | String | aegis_suspicious_*** | The data source on which the exception is detected. |
| OperateMsg | String | success | The operation remarks of the exception. |
| SasId | String | 1sdeswdd**** | The product ID of Security Center. |
| EventName | String | WEBSHELL | The name of the exception. |
| CanBeDealOnLine | Boolean | true | Indicates whether the online processing of exceptions is supported. Valid values:
|
| Details | Array | The details of the exception. |
|
| Name | String | Description. | The name in the exception details. |
| Type | String | html | The format in the exception details. Valid values:
|
| InfoType | String | download_url | The type of the information that is displayed. |
| Value | String | 2018-12-12 12:00:00 | The content in the exception details. |
Examples
Sample requests
http(s)://[Endpoint]/?Action=DescribeSuspEventDetail
&From=sas
&<Common request parameters>Sample success responses
XML format
<DescribeSuspEventDetailResponse>
<RequestId>43F670F3-AB40-4E91-BC7D-C57468834F67</RequestId>
<EventDesc>This file may have been uploaded by an attacker who has intruded into your website. Check the validity of this file. </EventDesc>
<EventTypeDesc>Webshell - Webshell</EventTypeDesc>
<EventStatus>1</EventStatus>
<EventName>WEBSHELL</EventName>
<SaleVersion>1</SaleVersion>
<IntranetIp>1.2.3.4</IntranetIp>
<DataSource>aegis_suspicious_***</DataSource>
<InstanceName>ca_***</InstanceName>
<CanBeDealOnLine>true</CanBeDealOnLine>
<OperateMsg></OperateMsg>
<Uuid>bffb12c3-590a-4db2-b538-***</Uuid>
<Details>
<Type>text</Type>
<Value>/data/ftpUser/pub/***</Value>
<InfoType>trojan_path</InfoType>
<Name>Trojan file path</Name>
</Details>
<Details>
<Type>text</Type>
<Value>--</Value>
<Name>Affected domain name</Name>
</Details>
<Details>
<Type>text</Type>
<Value>2018-10-30 05:00:56</Value>
<InfoType>frist_found_time</InfoType>
<Name>First detected time<Name>
</Details>
<Details>
<Type>text</Type>
<Value>2018-10-30 11:43:45</Value>
<InfoType>update_time</InfoType>
<Name>Update time</Name>
</Details>
<Details>
<Type>text</Type>
<Value>Webshell</Value>
<InfoType>trojan_type</InfoType>
<Name>Trojan type</Name>
</Details>
<Details>
<Type>html</Type>
<Value><a href="http://***"> Download</a></Value>
<InfoType>download_url</InfoType>
<Name>Source file download</Name>
</Details>
<InternetIp>1.2.3.5</InternetIp>
<Level>serious</Level>
<Id>129636</Id>
<LastTime>2018-10-30 11:43:46</LastTime>
<SasId>39938056</SasId>
</DescribeSuspEventDetailResponse>JSON format
{
"RequestId": "43F670F3-AB40-4E91-BC7D-C57468834F67",
"EventDesc": "This file may have been uploaded by an attacker who has intruded into your website. Check the validity of this file.",
"EventTypeDesc": "Webshell - Webshell",
"EventStatus": 1,
"EventName": "WEBSHELL",
"SaleVersion": "1",
"IntranetIp": "1.2.3.4",
"DataSource": "aegis_suspicious_***",
"InstanceName": "ca_***",
"CanBeDealOnLine": true,
"OperateMsg": "",
"Uuid": "bffb12c3-590a-4db2-b538-***",
"Details": [
{
"Type": "text",
"Value": "/data/ftpUser/pub/***",
"InfoType": "trojan_path",
"Name": "Trojan file path",
},
{
"Type": "text",
"Value": "--",
"Name": "Affected domain name",
},
{
"Type": "text",
"Value": "2018-10-30 05:00:56",
"InfoType": "frist_found_time",
"Name": "First detected time",
},
{
"Type": "text",
"Value": "2018-10-30 11:43:45",
"InfoType": "update_time",
"Name": "Update time",
},
{
"Type": "text",
"Value": "Webshell",
"InfoType": "trojan_type",
"Name": "Trojan type",
},
{
"Type": "html",
"Value": "<a href=\"http://***\">Download</a>",
"InfoType": "download_url",
"Name": "Source file download",
}
],
"InternetIp": "1.2.3.5",
"Level": "serious",
"Id": 129636,
"LastTime": "2018-10-30 11:43:46",
"SasId": "39938056"
}Error codes
For a list of error codes, visit the API Error Center.