Server Guard is integrated with ActionTrail. You can query management events generated by Server Guard operations in the ActionTrail console. ActionTrail delivers management events to Log Service Logstores or Object Storage Service (OSS) buckets for real-time auditing and troubleshooting.
ActionTrail records management events when you manage cloud resources through APIs or the Alibaba Cloud Management Console. The following table lists Server Guard events available in ActionTrail. Some event descriptions are pending.
|
Event name |
Description |
|
Create |
Purchases Server Guard. |
|
CreateInstance |
Creates an instance. |
|
CreateScreenSetting |
Creates or modifies dashboard configurations. |
|
CreateSuspEventNote |
Adds remarks for an exception. |
|
CreateUserSetting |
Creates baseline check configurations. |
|
CreateVulWhitelist |
Creates a vulnerability whitelist. |
|
DeleteRule |
Deletes a rule. |
|
DeleteScreenSetting |
Deletes dashboard configurations. |
|
DeleteSuspEventNode |
Deletes the remarks for an exception. |
|
DeleteVulWhitelist |
Deletes a vulnerability whitelist. |
|
DescribeAccesskeyLeakList |
Queries AccessKey pair leak details. |
|
DescribeAgentInstallStatus |
Queries Server Guard agent installation status. |
|
DescribeAlarmEventDetail |
Queries the details of an alert event. |
|
DescribeAlarmEventList |
Queries alert events. |
|
DescribeAllRegionsStatistics |
Queries asset statistics across all regions. |
|
DescribeAnalysisCurve |
Queries attack analysis statistics by alert event. |
|
DescribeAnalysisHistograms |
Queries attack analysis statistics. |
|
DescribeAnalysisLogs |
Queries attack analysis logs. |
|
DescribeAnalysisShipperStatus |
Queries attack analysis status. |
|
DescribeAnalysisSlsIndex |
Queries the storage location of attack analysis logs. |
|
DescribeAnalysisStatistics |
Queries statistics. |
|
DescribeAppVulScanCycle |
Queries the scan cycle for application vulnerabilities. |
|
DescribeAssetDetailByUuid |
Queries server details and extended information by UUID. |
|
DescribeAttackAnalysisData |
Queries information about attack analysis. |
|
DescribeAutoDelConfig |
Queries automatic vulnerability deletion settings. |
|
DescribeBuySummary |
Queries Server Guard purchase information. |
|
DescribeCanTrySas |
Queries free trial eligibility. |
|
DescribeChartData |
Queries the details of a report. |
|
DescribeChartList |
Queries reports. |
|
DescribeCheckFixDetails |
Queries the fix details of a check item. |
|
DescribeCheckWarningCount |
Queries the number of alerts that are triggered by a check item. |
|
DescribeCheckWarningDetail |
Queries the details of a specified check item. |
|
DescribeCheckWarningMachines |
Queries the servers on which the same risk item is detected. |
|
DescribeCheckWarnings |
Queries risk items and check items on a specified server. |
|
DescribeCheckWarningSummary |
Queries baseline check result statistics. |
|
DescribeConcernNecessity |
Queries vulnerability fix priority. |
|
DescribeDataSource |
Queries a data source. |
|
DescribeDingTalk |
Queries DingTalk alert configurations. |
|
DescribeEcsStsStatus |
Queries information about access authentication. |
|
DescribeEmgUserAgreement |
Queries the user agreement status for urgent vulnerabilities. |
|
DescribeEntityList |
Queries information about assets. |
|
DescribeEventLevelCount |
Queries exception and alert event counts by risk level. |
|
DescribeExportInfo |
Queries the progress of an asset export task. |
|
DescribeFilterFields |
Queries filter fields. |
|
DescribeFrontVulPatchList |
Queries pre-patches required to fix specified Windows system vulnerabilities. |
|
DescribeGroupedVul |
Queries information about vulnerabilities by group. |
|
DescribeGroupList |
Queries groups. |
|
DescribeGroupStruct |
Queries the group structure. |
|
DescribeInstanceStatistics |
Queries statistics about an Anti-DDoS Pro or Anti-DDoS Premium instance. |
|
DescribeJoinRuleList |
Queries alert rules. |
|
DescribeLogInfo |
Queries log information. |
|
DescribeLoginLogs |
Queries logs on unusual logons. |
|
DescribeLogMeta |
Queries log metadata. |
|
DescribeLogQuery |
Queries a log retrieval item. |
|
DescribeLogShipperStatus |
Queries the delivery status of logs. |
|
DescribeLogstoreStorage |
Queries the log storage capacity. |
|
DescribeNsasSuspEventType |
Queries information about alert types. |
|
DescribeQuaraFile |
Queries a quarantined file. |
|
DescribeResultList |
Queries the handling result of an alert event. |
|
DescribeRisks |
Queries baseline check risk items by name using fuzzy match. |
|
DescribeRiskType |
Queries the types of baselines. |
|
DescribeRiskWhiteList |
Queries the whitelist of risk items. |
|
DescribeRuleList |
Queries attack analysis rules. |
|
DescribeScreenAlarmEventList |
Queries alert events. |
|
DescribeScreenAttackAnalysisData |
Queries attack analysis data. |
|
DescribeScreenCloudHcRisk |
Queries the baseline risks of cloud services. |
|
DescribeScreenDataMap |
Queries displayable dashboard data. |
|
DescribeScreenEmerRisk |
Queries the baseline risks of cloud services. |
|
DescribeScreenHostStatistics |
Queries the urgent vulnerabilities of each application. |
|
DescribeScreenOperateInfo |
Queries security operations information. |
|
DescribeScreenOssUploadInfo |
Queries the upload information. |
|
DescribeScreenScoreThread |
Queries historical security scores. |
|
DescribeScreenSecurityStatInfo |
Queries the number of events processed for each service. |
|
DescribeScreenSetting |
Queries the configurations of a single-screen dashboard. |
|
DescribeScreenSettings |
Queries the configurations of a dashboard. |
|
DescribeScreenSummaryInfo |
Queries security scores. |
|
DescribeScreenTitles |
Queries dashboard configurations. |
|
DescribeScreenVersionConfig |
Queries version configurations. |
|
DescribeSecureSuggestion |
Queries reinforcement suggestions. |
|
DescribeSecurityStatInfo |
Queries the number of unprocessed events for each service. |
|
DescribeSlsProject |
Queries the details of a Log Service project. |
|
DescribeStrategyExecDetail |
Queries the results of a baseline check. |
|
DescribeStratety |
Queries the details of a baseline check policy. |
|
DescribeSummaryInfo |
Queries the security score of an asset. |
|
DescribeSupervisonInfo |
Queries information about security supervision. |
|
DescribeSuspEventDetail |
Queries exception details. |
|
DescribeSuspEventExportInfo |
Queries exception export task details. |
|
DescribeSuspEventQuaraFiles |
Queries quarantined files by page. |
|
DescribeSuspEvents |
Queries exceptions. |
|
DescribeSuspEventTypes |
Queries the types of exceptions. |
|
DescribeSuspEventUserSetting |
Queries the user configurations of exceptions. |
|
DescribeSuspiciousEvents |
Queries host exception data. |
|
DescribeSuspiciousExportInfo |
Queries the export configurations of host exception data. |
|
DescribeSuspiciousOverallConfig |
Queries the configurations of a specified feature. |
|
DescribeSuspiciousUUIDConfig |
Queries server UUIDs where a specified proactive defense type is active. |
|
DescribeTarget |
Queries the global vulnerability detection configuration. |
|
DescribeTopicList |
Queries topics for the current account. |
|
DescribeTotalStatistics |
Queries event statistics. |
|
DescribeTraceInfoDetail |
Queries the tracing information about an exception. |
|
DescribeTraceInfoNode |
Queries the tracing node information about an exception. |
|
DescribeTrailReportInfo |
Queries the trial information. |
|
DescribeUserSetting |
Queries the baseline configurations of a user. |
|
DescribeUuidConfig |
Queries the whitelist configurations for a baseline check. |
|
DescribeVersionConfig |
Queries version configurations. |
|
DescribeVulBatch |
Queries the names of vulnerabilities by batch. |
|
DescribeVulConfig |
Queries the global detection configurations of vulnerabilities. |
|
DescribeVulDetails |
Queries vulnerability details by name and type. |
|
DescribeVulExportInfo |
Queries vulnerability export task details. |
|
DescribeVulFixStatistics |
Queries the statistics on vulnerability fixes. |
|
DescribeVulLevelStatistics |
Queries the statistics on vulnerability levels. |
|
DescribeVulList |
Queries vulnerabilities by type. |
|
DescribeVulNumStatistics |
Queries vulnerability statistics. |
|
DescribeVulTargetStatistics |
Queries statistics about vulnerability detection configurations. |
|
DescribeVulWhitelist |
Queries the whitelist of vulnerabilities by page. |
|
DescribeWarning |
Queries baseline check risk data, including issue descriptions and fix suggestions. |
|
DescribeWarningMachines |
Queries servers on which baseline checks are performed. |
|
DescribeWebLockBindList |
Queries servers for which web tamper proofing is enabled. |
|
DescribeWebLockConfigList |
Queries the configurations of web tamper proofing for a specified server. |
|
DescribeWebLockEvents |
Queries web tamper proofing events. |
|
DescribeWebLockStatus |
Queries the status of web tamper proofing. |
|
DescribeWebshell |
Queries webshell file details, including detection time and file path. |
|
DescribeWebshellList |
Queries webshell files. |
|
ExportSuspEvents |
Exports alert information. |
|
ExportVul |
Exports vulnerability details. |
|
ExportWarning |
Exports baseline check results. |
|
FixCheckWarnings |
Fixes a baseline risk. |
|
GetStatistics |
Queries a statistical report. |
|
IgnoreHcCheckWarnings |
Ignores or unignores multiple baseline risks in bulk. |
|
Modify |
Modifies Server Guard specifications. |
|
ModifyAppVulScanCycle |
Modifies the scan cycle for application vulnerabilities. |
|
ModifyAutoDelConfig |
Queries the configurations of automatic vulnerability deletion. |
|
ModifyBatchIgnoreVul |
Ignores multiple vulnerabilities at a time. |
|
ModifyClearLogstoreStorage |
Deletes all logs. |
|
ModifyConcernNecessity |
Changes vulnerability fix priority. |
|
ModifyEmgVulSubmit |
Scans for urgent vulnerabilities. |
|
ModifyLogMetaStatus |
Modifies the collection status of logs. |
|
ModifyOpenLogShipper |
Enables log delivery. |
|
ModifyRefreshProcessInfo |
Updates vulnerability-related process data. |
|
ModifyVulConfig |
Modifies vulnerability scan configurations. |
|
ModifyVulTarget |
Configures the vulnerability type for asset scan. |
|
ModifyWebLockCreateConfig |
Adds a directory to protect for a specified server. |
|
ModifyWebLockMachineList |
Changes the servers for which web tamper proofing is enabled. |
|
ModifyWebLockRefresh |
Modifies web tamper proofing configurations for a server. |
|
ModifyWebLockStatus |
Changes web tamper proofing status for a server. |
|
ModifyWebLockUpdateConfig |
Modifies a protection policy for a specified server. |
|
OpenSasTrial |
Starts a trial of Server Guard. |
|
OperateAgentClientInstall |
Installs the Server Guard agent. |
|
OperateSuspiciousOverallConfig |
Enables or disables a feature that detects exceptions. |
|
OperateSuspiciousTargetConfig |
Configures the scope within which proactive defense takes effect. |
|
OperateVul |
Handles detected vulnerabilities. |
|
OperationSuspEvents |
Handles multiple exceptions at a time. |
|
Renew |
Renews an instance or resource plan. |
|
RenewInstance |
Renews an instance. |
|
RollbackSuspEventQuaraFile |
Restores a quarantined file. |
|
SaveSuspEventUserSetting |
Modifies exception notification settings, including attention level, time, and method. |
|
UpgradeInstance |
Upgrades an instance. |
|
ValidateHcWarnings |
Verifies whether baseline risks are fixed. |
|
AutoUpgradeSas |
None. |
|
CopyCustomizeReportConfig |
None. |
|
CreateOrUpdateDingTalk |
None. |
|
CreateOrUpdateGroup |
None. |
|
CreateOrUpdateJoinRule |
None. |
|
CreateOrUpdateRule |
None. |
|
DeleteDingTalk |
None. |
|
DeleteJoinRule |
None. |
|
DeleteStrategy |
None. |
|
DeleteVulBatch |
None. |
|
DescribeAccessKeyLeakDetail |
None. |
|
DescribeAccesskeyRunInfo |
None. |
|
DescribeApiBuySummary |
None. |
|
DescribeAssetList |
None. |
|
DescribeAssetSummary |
None. |
|
DescribeCanUpgradeSas |
None. |
|
DescribeCustomizeReportConfigDetail |
None. |
|
DescribeCustomizeReportList |
None. |
|
DescribeDefenceThread |
None. |
|
DescribeEmgNotice |
None. |
|
DescribeEmgVulGroup |
None. |
|
DescribeEventCountCurve |
None. |
|
DescribeHistogram |
None. |
|
DescribeImageGroupedVulList |
None. |
|
DescribeImageVulList |
None. |
|
DescribeListAccessKeyIdAuth |
None. |
|
DescribeLogItems |
None. |
|
DescribeMacConfig |
None. |
|
DescribeMachineConfig |
None. |
|
DescribeMetaData |
None. |
|
DescribeOperateInfo |
None. |
|
DescribeSasAssetStatistics |
None. |
|
DescribeSasAssetStatisticsColumn |
None. |
|
DescribeSasLeftCondition |
None. |
|
DescribeScreenBizStatSimpleQueryResult |
None. |
|
DescribeScreenRequestTopType |
None. |
|
DescribeSearchCondition |
None. |
|
DescribeStatistics |
None. |
|
DescribeStrategyProcess |
None. |
|
DescribeStrategyTarget |
None. |
|
DescribeStratetyDetail |
None. |
|
Describesummary |
None. |
|
DescribeSuspTrendStatistics |
None. |
|
DescribeTargetConfig |
None. |
|
DescribeTopRiskyAssets |
None. |
|
DescribeTraceInfoNodeList |
None. |
|
DescribeVulLevel |
None. |
|
DescribeVulMachineList |
None. |
|
DescribeVulnerabilitySummary |
None. |
|
DescribeWebLockAssetList |
None. |
|
DescribeWebLockExclusiveFileType |
None. |
|
DescribeWebLockFileChangeStatistics |
None. |
|
DescribeWebLockFileEvents |
None. |
|
DescribeWebLockFileTypeSummary |
None. |
|
DescribeWebLockInclusiveFileType |
None. |
|
DescribeWebLockMachineList |
None. |
|
DescribeWebLockProcessBlockStatistics |
None. |
|
DescribeWebLockProcessList |
None. |
|
DescribeWhiteListAsset |
None. |
|
DescribeWhiteListAuthorize |
None. |
|
DescribeWhiteListEffectiveAssets |
None. |
|
DescribeWhiteListProcess |
None. |
|
DescribeWhiteListStrategyCount |
None. |
|
DescribeWhiteListStrategyList |
None. |
|
DescribeWhiteListStrategyStatistics |
None. |
|
DescribeWhiteListStrategyUuidCount |
None. |
|
DescribeYesterdayStatistics |
None. |
|
ExecStrategy |
None. |
|
ExecuteRuleEngineActualTime |
None. |
|
GetEntityList |
None. |
|
GetSummary |
None. |
|
JoinWebLockProcessWhiteList |
None. |
|
ModifyAccessKeyLeakDeal |
None. |
|
ModifyAccessKeyLeakInstRun |
None. |
|
ModifyAssetGroup |
None. |
|
ModifyProcessWhiteList |
None. |
|
ModifySasAssetStatisticsColumn |
None. |
|
ModifySaveVulBatch |
None. |
|
ModifySearchCondition |
None. |
|
ModifyStartVulScan |
None. |
|
ModifyStrategy |
None. |
|
ModifyStrategyTarget |
None. |
|
ModifyWebLockDeleteConfig |
None. |
|
ModifyWebLockProcessStatus |
None. |
|
ModifyWebLockStart |
None. |
|
ModifyWebLockUnbind |
None. |
|
OpenService |
None. |
|
OperateResult |
None. |
|
OperationCustomizeReportChart |
None. |
|
SaveCustomizeReportConfig |
None. |
|
SaveWhiteListStrategy |
None. |
|
SaveWhiteListStrategyAssets |
None. |
|
SendCustomizeReport |
None. |
|
TransformLeakage |
None. |
|
UpdateCustomizeReportStatus |
None. |
|
UpdateWhiteListStrategyStatus |
None. |