You can call this operation to obtain a list of exceptions.
You can call this operation to obtain a list of exceptions.
Debugging
You can go to API Explorer to debug API operations online. API Explorer allows you to call API operations online, use dynamically generated SDK sample code, and search for API operations. This makes it easier to use cloud APIs.
Request parameters
| Name | Type | Required | Example | Description |
|---|---|---|---|---|
| Action | String | Yes | DescribeSuspEvents |
The operation that you want to perform. Set the value to DescribeSuspEvents. |
| From | String | Yes | sas |
The identifier of the request source. The fixed value is sas. |
| AlarmUniqueInfo | String | No | 8df914418f4211fbf756efe7a6f40cbc |
The unique identifier of the alert event. |
| CurrentPage | String | No | 1 |
The current page number. |
| Dealed | String | No | N |
The status of an exception. Valid values:
|
| Lang | String | No | zh |
The language in which the exception information is displayed. Valid values:
|
| Levels | String | No | serious |
The severities of the alert events. Separate multiple severities with commas (,). The following severity levels are listed in descending order.
|
| Name | String | No | Mining |
The name of the exception or the affected server. Fuzzy match is supported. |
| PageSize | String | No | 20 |
The maximum rows on each page. Default: 20. |
| ParentEventTypes | String | No | Webshells |
The type of an exception. |
| Remark | String | No | Test server |
The IP address or name of the server. |
| SourceIp | String | No | 1.1.1.1 |
The source IP address of the request. |
Response parameters
| Name | Type | Example | Description |
|---|---|---|---|
| Count | Integer | 1 |
The total number of exceptions. |
| CurrentPage | Integer | 1 |
The current page number. |
| PageSize | Integer | 20 |
The maximum number of exceptions on each page. |
| RequestId | String | 43F670F3-AB40-4E91-BC7D-C57400000000 |
The GUID generated by Alibaba Cloud for the request. |
| SuspEvents |
A list of the exceptions. |
||
| └AlarmEventName | String | Command Exceptions in Scheduled Linux Tasks |
The name of the alert event. |
| └AlarmEventType | String | Suspicious Process |
The type of the alert event. |
| └AlarmUniqueInfo | String | 8df914418f4211fbf756efe700000000 |
The unique identifier of the alert event. |
| └CanBeDealOnLine | Boolean | true |
Indicates whether you can quarantine an exception online. |
| └DataSource | String | N/A |
The data source. |
| └Desc | String | webshell |
The impact of an exception. |
| └EventStatus | Integer | 1 |
The status of an exception. Valid values:
|
| └EventSubType | String | XorDDoS Trojan |
The name of an exception. |
| └Id | Long | 1000 |
The unique identifier of an exception. |
| └InstanceName | String | nginx |
The name of the affected asset. |
| └InternetIp | String | 10.0.0.10 |
The public IP address of the affected asset. |
| └IntranetIp | String | 10.0.0.10 |
The internal IP address of the affected asset. |
| └LastTime | String | 2018-09-26 01:51:01 |
The time of an exception. |
| └Level | String | serious |
The severity of the alert event:
|
| └Name | String | Malicious Process - XOR DDoS Trojan |
The complete name of an exception. |
| └OccurrenceTime | String | 2018-09-26 01:51:01 |
The time when an exception first occurs. |
| └OperateMsg | String | success |
Remarks about an operation. |
| └SaleVersion | String | 1 |
Required service edition:
|
| └Uuid | String | bf6b30d3-eea8-4924-9f0a-XXXXXXXXXXXX |
The unique identifier of the affected asset. |
| TotalCount | Integer | 100 |
The total number of the returned exceptions. |
Examples
Sample requests
http(s)://[Endpoint]/? Action=DescribeSuspEvents
&From=sas
&<Common request parameters>
Successful response examples
XML format
<DescribeSuspEventsResponse>
<TotalCount>3</TotalCount>
<Count>2</Count>
<PageSize>20</PageSize>
<RequestId>0C7FAD74-83FA-4671-9250-A5F2A64F437A</RequestId>
<CurrentPage>1</CurrentPage>
<SuspEvents>
<EventStatus>1</EventStatus>
<SaleVersion>1</SaleVersion>
<IntranetIp>10.0.0.0</IntranetIp>
<EventSubType>XOR DDoS Trojan</EventSubType>
<Name>Malicious Process - XOS DDoS Trojan</Name>
<DataSource>aegis_suspicious_event</DataSource>
<OccurrenceTime>2018-09-26 01:51:01</OccurrenceTime>
<InstanceName>server01</InstanceName>
<Desc>After accessing your server, the XOR DDoS trojan may have injected malicious code into Linux crontab files. </Desc>
<CanBeDealOnLine>false</CanBeDealOnLine>
<Uuid>bf6b30d3-eea8-4924-9f0a-XXXXXXXXXXXX</Uuid>
<InternetIp>10.0.0.0</InternetIp>
<Level>Urgency</Level>
<Id>3682</Id>
<LastTime>2018-10-24 21:06:01</LastTime>
</SuspEvents>
<SuspEvents>
<EventStatus>1</EventStatus>
<SaleVersion>1</SaleVersion>
<IntranetIp>172.24.40.51</IntranetIp>
<EventSubType>XOR DDoS Trojan</EventSubType>
<Name>Malicious Process - XOS DDoS Trojan</Name>
<DataSource>aegis_suspicious_event</DataSource>
<OccurrenceTime>2018-09-26 02:01:01</OccurrenceTime>
<InstanceName>server01</InstanceName>
<Desc>After accessing your server, the XOR DDoS trojan may have injected malicious code into Linux crontab files. </Desc>
<CanBeDealOnLine>false</CanBeDealOnLine>
<Uuid>bf6b30d3-eea8-4924-9f0a-98461cb8ffeb</Uuid>
<InternetIp>10.0.0.0</InternetIp>
<Level>Urgency</Level>
<Id>3683</Id>
<LastTime>2018-10-24 21:01:01</LastTime>
</SuspEvents>
</DescribeSuspEventsResponse>
JSON format
{
"Count":2,
"TotalCount":3,
"PageSize":20,
"RequestId":"0C7FAD74-83FA-4671-9250-A5F2A64F437A",
"SuspEvents":[
{
"Uuid":"bf6b30d3-eea8-4924-9f0a-XXXXXXXXXXXX",
"EventStatus":1,
"LastTime":"2018-10-24 21:06:01",
"InternetIp":"10.0.0.0",
"Name":"Malicious Process - XOS DDoS Trojan",
"DataSource":"aegis_suspicious_event",
"OccurrenceTime":"2018-09-26 01:51:01",
"IntranetIp":"10.0.0.0",
"Id":3682,
"Level":"serious",
"SaleVersion":"1",
"CanBeDealOnLine":false,
"InstanceName":"server01",
"Desc":"After accessing your server, the XOR DDoS trojan may have injected malicious code into Linux crontab files.",
"EventSubType":"XOR DDoS Trojan"
},
{
"Uuid":"bf6b30d3-eea8-4924-9f0a-XXXXXXXXXXXX",
"EventStatus":1,
"LastTime":"2018-10-24 21:01:01",
"InternetIp":"10.0.0.0",
"Name":"Malicious Process - XOR DDoS Trojan",
"DataSource":"aegis_suspicious_event",
"OccurrenceTime":"2018-09-26 02:01:01",
"IntranetIp":"172.24.40.51",
"Id":3683,
"Level":"serious",
"SaleVersion":"1",
"CanBeDealOnLine":false,
"InstanceName":"server01",
"Desc":"After accessing your server, the XOR DDoS trojan may have injected malicious code into Linux crontab files.",
"EventSubType":"XOR DDoS Trojan"
}
],
"CurrentPage":1
}