Server Guard is integrated with ActionTrail. In the ActionTrail console, you can query the management events that are generated when you manage Server Guard resources. ActionTrail can deliver management events to Logstores in Log Service or Object Storage Service (OSS) buckets. This way, you can audit the events in real time and locate the causes of issues.
ActionTrail generates management events when you manage cloud resources by using APIs or the Alibaba Cloud Management Console. The following table describes the management events of Server Guard that you can query in the ActionTrail console. The missing descriptions will be provided in the future.
Event name | Description |
Create | Purchases Server Guard on the buy page. |
CreateInstance | Creates an instance. |
CreateScreenSetting | Creates or modifies dashboard configurations. |
CreateSuspEventNote | Adds remarks for an exception. |
CreateUserSetting | Creates baseline check configurations. |
CreateVulWhitelist | Creates a vulnerability whitelist. |
DeleteRule | Deletes a rule. |
DeleteScreenSetting | Deletes dashboard configurations. |
DeleteSuspEventNode | Deletes the remarks for an exception. |
DeleteVulWhitelist | Deletes a vulnerability whitelist. |
DescribeAccesskeyLeakList | Queries the details of AccessKey pair leaks in your assets. |
DescribeAgentInstallStatus | Queries the installation results of the Server Guard agent. |
DescribeAlarmEventDetail | Queries the details of an alert event. |
DescribeAlarmEventList | Queries alert events. |
DescribeAllRegionsStatistics | Queries the statistics of assets in all regions. |
DescribeAnalysisCurve | Queries the statistics provided by the attack analysis feature by alert event. |
DescribeAnalysisHistograms | Queries the statistics provided by the attack analysis feature. |
DescribeAnalysisLogs | Queries the logs generated for the attack analysis feature. |
DescribeAnalysisShipperStatus | Queries the status of the attack analysis feature. |
DescribeAnalysisSlsIndex | Queries the storage location of the logs generated for the attack analysis feature. |
DescribeAnalysisStatistics | Queries statistics. |
DescribeAppVulScanCycle | Queries the scan cycle for application vulnerabilities. |
DescribeAssetDetailByUuid | Queries the details and the extended information about a server by using the UUID of the server. |
DescribeAttackAnalysisData | Queries information about attack analysis. |
DescribeAutoDelConfig | Queries the configurations of automatic vulnerability deletion. |
DescribeBuySummary | Queries the purchase information about Server Guard. |
DescribeCanTrySas | Queries whether you are qualified for a free trial. |
DescribeChartData | Queries the details of a report. |
DescribeChartList | Queries reports. |
DescribeCheckFixDetails | Queries the fix details of a check item. |
DescribeCheckWarningCount | Queries the number of alerts that are triggered by a check item. |
DescribeCheckWarningDetail | Queries the details of a specified check item. |
DescribeCheckWarningMachines | Queries the servers on which the same risk item is detected. |
DescribeCheckWarnings | Queries specified risk items and check items on a specified server. |
DescribeCheckWarningSummary | Queries statistical information about baseline check results. |
DescribeConcernNecessity | Queries the priority to fix a vulnerability. |
DescribeDataSource | Queries a data source. |
DescribeDingTalk | Queries DingTalk alert configurations. |
DescribeEcsStsStatus | Queries information about access authentication. |
DescribeEmgUserAgreement | Queries the user agreement status for urgent vulnerabilities. |
DescribeEntityList | Queries information about assets. |
DescribeEventLevelCount | Queries the total numbers of exceptions or alert events by risk level. |
DescribeExportInfo | Queries the progress of an asset export task. |
DescribeFilterFields | Queries filter fields. |
DescribeFrontVulPatchList | Queries the pre-patches that are required to fix the specified Windows system vulnerabilities. |
DescribeGroupedVul | Queries information about vulnerabilities by group. |
DescribeGroupList | Queries groups. |
DescribeGroupStruct | Query the group structure. |
DescribeInstanceStatistics | Queries statistics about an Anti-DDoS Pro or Anti-DDoS Premium instance. |
DescribeJoinRuleList | Queries alert rules. |
DescribeLogInfo | Queries log information. |
DescribeLoginLogs | Queries logs on unusual logons. |
DescribeLogMeta | Queries log metadata. |
DescribeLogQuery | Queries a log retrieval item. |
DescribeLogShipperStatus | Queries the delivery status of logs. |
DescribeLogstoreStorage | Queries the log storage capacity. |
DescribeNsasSuspEventType | Queries information about alert types. |
DescribeQuaraFile | Queries a quarantined file. |
DescribeResultList | Queries the handling result of an alert event. |
DescribeRisks | Queries risk items for a baseline check by using the names of the risk items and fuzzy match. |
DescribeRiskType | Queries the types of baselines. |
DescribeRiskWhiteList | Queries the whitelist of risk items. |
DescribeRuleList | Queries attack analysis rules. |
DescribeScreenAlarmEventList | Queries alert events. |
DescribeScreenAttackAnalysisData | Queries attack analysis data. |
DescribeScreenCloudHcRisk | Queries the baseline risks of cloud services. |
DescribeScreenDataMap | Queries the data that can be displayed on a dashboard. |
DescribeScreenEmerRisk | Queries the baseline risks of cloud services. |
DescribeScreenHostStatistics | Queries the urgent vulnerabilities of each application. |
DescribeScreenOperateInfo | Queries information about security operations. |
DescribeScreenOssUploadInfo | Queries the upload information. |
DescribeScreenScoreThread | Queries historical security scores. |
DescribeScreenSecurityStatInfo | Queries the number of events processed for each service. |
DescribeScreenSetting | Queries the configurations of a single-screen dashboard. |
DescribeScreenSettings | Queries the configurations of a dashboard. |
DescribeScreenSummaryInfo | Queries security scores. |
DescribeScreenTitles | Queries dashboard configurations. |
DescribeScreenVersionConfig | Queries version configurations. |
DescribeSecureSuggestion | Queries reinforcement suggestions. |
DescribeSecurityStatInfo | Queries the number of unprocessed events for each service. |
DescribeSlsProject | Queries the details of a Log Service project. |
DescribeStrategyExecDetail | Queries the results of a baseline check. |
DescribeStratety | Queries the details of a baseline check policy. |
DescribeSummaryInfo | Queries the security score of an asset. |
DescribeSupervisonInfo | Queries information about security supervision. |
DescribeSuspEventDetail | Queries the details of an exception. |
DescribeSuspEventExportInfo | Queries the details of an exception export task. |
DescribeSuspEventQuaraFiles | Queries quarantined files by page. |
DescribeSuspEvents | Queries exceptions. |
DescribeSuspEventTypes | Queries the types of exceptions. |
DescribeSuspEventUserSetting | Queries the user configurations of exceptions. |
DescribeSuspiciousEvents | Queries host exception data. |
DescribeSuspiciousExportInfo | Queries the export configurations of host exception data. |
DescribeSuspiciousOverallConfig | Queries the configurations of a specified feature. |
DescribeSuspiciousUUIDConfig | Queries the UUIDs of servers on which proactive defense of a specified type takes effect. |
DescribeTarget | Queries the global vulnerability detection configuration. |
DescribeTopicList | Queries information about topics that belong to the current account. |
DescribeTotalStatistics | Queries event statistics. |
DescribeTraceInfoDetail | Queries the tracing information about an exception. |
DescribeTraceInfoNode | Queries the tracing node information about an exception. |
DescribeTrailReportInfo | Queries the trial information. |
DescribeUserSetting | Queries the baseline configurations of a user. |
DescribeUuidConfig | Queries the whitelist configurations for a baseline check. |
DescribeVersionConfig | Queries version configurations. |
DescribeVulBatch | Queries the names of vulnerabilities by batch. |
DescribeVulConfig | Queries the global detection configurations of vulnerabilities. |
DescribeVulDetails | Queries the details of a vulnerability by using the name and type of the vulnerability. |
DescribeVulExportInfo | Queries the details of an vulnerability export task. |
DescribeVulFixStatistics | Queries the statistics on vulnerability fixes. |
DescribeVulLevelStatistics | Queries the statistics on vulnerability levels. |
DescribeVulList | Queries vulnerabilities by type. |
DescribeVulNumStatistics | Queries vulnerability statistics. |
DescribeVulTargetStatistics | Queries statistics about vulnerability detection configurations. |
DescribeVulWhitelist | Queries the whitelist of vulnerabilities by page. |
DescribeWarning | Queries the risk result data of a baseline check, including the issue description and suggestions on how to fix issues. |
DescribeWarningMachines | Queries information about the servers on which a baseline check is performed. |
DescribeWebLockBindList | Queries servers for which web tamper proofing is enabled. |
DescribeWebLockConfigList | Queries the configurations of web tamper proofing for a specified server. |
DescribeWebLockEvents | Queries information about events on web tamper proofing. |
DescribeWebLockStatus | Queries the status of web tamper proofing. |
DescribeWebshell | Queries information about a webshell file, including the detection time and file path. |
DescribeWebshellList | Queries webshell files. |
ExportSuspEvents | Exports alert information. |
ExportVul | Exports vulnerability details. |
ExportWarning | Exports baseline check results. |
FixCheckWarnings | Fixes a baseline risk. |
GetStatistics | Queries a statistical report. |
IgnoreHcCheckWarnings | Ignores or cancels ignoring multiple baseline risks at a time. |
Modify | Modifies the specifications on the buy page. |
ModifyAppVulScanCycle | Modifies the scan cycle for application vulnerabilities. |
ModifyAutoDelConfig | Queries the configurations of automatic vulnerability deletion. |
ModifyBatchIgnoreVul | Ignores multiple vulnerabilities at a time. |
ModifyClearLogstoreStorage | Deletes all logs. |
ModifyConcernNecessity | Changes the priority to fix a vulnerability. |
ModifyEmgVulSubmit | Scans for urgent vulnerabilities. |
ModifyLogMetaStatus | Modifies the collection status of logs. |
ModifyOpenLogShipper | Enables log delivery. |
ModifyRefreshProcessInfo | Updates vulnerability-related process data. |
ModifyVulConfig | Modifies vulnerability scan configurations. |
ModifyVulTarget | Configures the vulnerability type for asset scan. |
ModifyWebLockCreateConfig | Adds a directory to protect for a specified server. |
ModifyWebLockMachineList | Changes the servers for which web tamper proofing is enabled. |
ModifyWebLockRefresh | Modifies the configurations of a server for which web tamper proofing is enabled. |
ModifyWebLockStatus | Changes the status of a server for which web tamper proofing is enabled. |
ModifyWebLockUpdateConfig | Modifies a protection policy for a specified server. |
OpenSasTrial | Starts a trial of Server Guard. |
OperateAgentClientInstall | Installs the Server Guard agent. |
OperateSuspiciousOverallConfig | Enables or disables a feature that detects exceptions. |
OperateSuspiciousTargetConfig | Configures the scope within which proactive defense takes effect. |
OperateVul | Handles detected vulnerabilities. |
OperationSuspEvents | Handles multiple exceptions at a time. |
Renew | Renews resources such as an instance or a resource plan. |
RenewInstance | Renews an instance. |
RollbackSuspEventQuaraFile | Restores a quarantined file. |
SaveSuspEventUserSetting | Modifies the attention level, notification time, and notification method for exceptions. |
UpgradeInstance | Upgrades an instance. |
ValidateHcWarnings | Verifies whether baseline risks are fixed. |
AutoUpgradeSas | None. |
CopyCustomizeReportConfig | None. |
CreateOrUpdateDingTalk | None. |
CreateOrUpdateGroup | None. |
CreateOrUpdateJoinRule | None. |
CreateOrUpdateRule | None. |
DeleteDingTalk | None. |
DeleteJoinRule | None. |
DeleteStrategy | None. |
DeleteVulBatch | None. |
DescribeAccessKeyLeakDetail | None. |
DescribeAccesskeyRunInfo | None. |
DescribeApiBuySummary | None. |
DescribeAssetList | None. |
DescribeAssetSummary | None. |
DescribeCanUpgradeSas | None. |
DescribeCustomizeReportConfigDetail | None. |
DescribeCustomizeReportList | None. |
DescribeDefenceThread | None. |
DescribeEmgNotice | None. |
DescribeEmgVulGroup | None. |
DescribeEventCountCurve | None. |
DescribeHistogram | None. |
DescribeImageGroupedVulList | None. |
DescribeImageVulList | None. |
DescribeListAccessKeyIdAuth | None. |
DescribeLogItems | None. |
DescribeMacConfig | None. |
DescribeMachineConfig | None. |
DescribeMetaData | None. |
DescribeOperateInfo | None. |
DescribeSasAssetStatistics | None. |
DescribeSasAssetStatisticsColumn | None. |
DescribeSasLeftCondition | None. |
DescribeScreenBizStatSimpleQueryResult | None. |
DescribeScreenRequestTopType | None. |
DescribeSearchCondition | None. |
DescribeStatistics | None. |
DescribeStrategyProcess | None. |
DescribeStrategyTarget | None. |
DescribeStratetyDetail | None. |
Describesummary | None. |
DescribeSuspTrendStatistics | None. |
DescribeTargetConfig | None. |
DescribeTopRiskyAssets | None. |
DescribeTraceInfoNodeList | None. |
DescribeVulLevel | None. |
DescribeVulMachineList | None. |
DescribeVulnerabilitySummary | None. |
DescribeWebLockAssetList | None. |
DescribeWebLockExclusiveFileType | None. |
DescribeWebLockFileChangeStatistics | None. |
DescribeWebLockFileEvents | None. |
DescribeWebLockFileTypeSummary | None. |
DescribeWebLockInclusiveFileType | None. |
DescribeWebLockMachineList | None. |
DescribeWebLockProcessBlockStatistics | None. |
DescribeWebLockProcessList | None. |
DescribeWhiteListAsset | None. |
DescribeWhiteListAuthorize | None. |
DescribeWhiteListEffectiveAssets | None. |
DescribeWhiteListProcess | None. |
DescribeWhiteListStrategyCount | None. |
DescribeWhiteListStrategyList | None. |
DescribeWhiteListStrategyStatistics | None. |
DescribeWhiteListStrategyUuidCount | None. |
DescribeYesterdayStatistics | None. |
ExecStrategy | None. |
ExecuteRuleEngineActualTime | None. |
GetEntityList | None. |
GetSummary | None. |
JoinWebLockProcessWhiteList | None. |
ModifyAccessKeyLeakDeal | None. |
ModifyAccessKeyLeakInstRun | None. |
ModifyAssetGroup | None. |
ModifyProcessWhiteList | None. |
ModifySasAssetStatisticsColumn | None. |
ModifySaveVulBatch | None. |
ModifySearchCondition | None. |
ModifyStartVulScan | None. |
ModifyStrategy | None. |
ModifyStrategyTarget | None. |
ModifyWebLockDeleteConfig | None. |
ModifyWebLockProcessStatus | None. |
ModifyWebLockStart | None. |
ModifyWebLockUnbind | None. |
OpenService | None. |
OperateResult | None. |
OperationCustomizeReportChart | None. |
SaveCustomizeReportConfig | None. |
SaveWhiteListStrategy | None. |
SaveWhiteListStrategyAssets | None. |
SendCustomizeReport | None. |
TransformLeakage | None. |
UpdateCustomizeReportStatus | None. |
UpdateWhiteListStrategyStatus | None. |