Queries the details of an anomalous activity, including the time when the anomalous activity occurred, description of the anomalous activity, and processing status of the anomalous activity.
Authorization information
There is currently no authorization information disclosed in the API.
Request parameters
Parameter | Type | Required | Description | Example |
---|---|---|---|---|
Lang | string | No | The natural language of the request and response. Valid values:
| zh |
Id | long | Yes | The unique ID of the anomalous activity. NoteYou can call the DescribeEvents operation to query the unique ID of the anomalous activity. | 13456723343 |
Response parameters
Example
Normal return example
JSON
Format
{
"RequestId": "69FB3C1-F4C9-42DF-9B72-7077A8989C13",
"Event": {
"DisplayName": "yundunsr",
"Status": 0,
"DealReason": "Anomaly confirmed",
"UserId": 0,
"StatusName": "To be processed",
"DealTime": 1230000,
"DealLoginName": "det1111",
"SubTypeName": "Anomalous volume of downloaded data",
"Backed": true,
"DataInstance": "in-222***",
"EventTime": 1545829129000,
"LoginName": "det1111",
"SubTypeCode": "020008",
"LogDetail": "{\"client_ip\": [\"106.11.XX.XX\", \"106.11.XX.XX\", \"106.11.XX.XX\", \"106.11.XX.XX\", \"106.11.XX.XX\", \"106.11.XX.XX\", \"106.11.XX.XX\", \"106.11.XX.XX\", \"106.11.XX.XX\"], \"start_time\": \"2020-05-10 00:00:01\", \"instance\": [\"omniscience-data\", \"punish-beaver-data\"], \"end_time\": \"2020-05-10 00:21:22\", \"client_ua\": [\"Java/1.8.0_152\", \"Java/1.8.0_92\", \"aliyun-sdk-java/2.0.0\", \"aliyun-sdk-java/2.8.0(Linux/4.9.151-015.ali3000.alios7.x86_64/amd64;1.8.0_152)\"], \"user_name\": 1512222261295262}",
"TypeCode": "02",
"AlertTime": 1545829129000,
"DealUserId": 0,
"TypeName": "Anomalous data flow",
"DealDisplayName": "yundunsr",
"Id": 52234,
"ProductCode": "MaxCompute",
"HandleInfoList": [
{
"Status": 1,
"EnableTime": 1611139155000,
"HandlerValue": 10,
"DisableTime": 1611139155000,
"HandlerName": "Remove from the whitelist",
"HandlerType": "rds_security_ip",
"CurrentValue": "sddp-test2",
"Id": 11
}
],
"Detail": {
"Content": [
{
"Label": "Anomaly description",
"Value": "The account was used to access OSS from an unusual terminal whose IP address is 1.2.3.4 from 00:06:45 on September 9, 2019, to 00:57:37 on September 9, 2019."
}
],
"Chart": [
{
"Type": "1",
"Label": "Baseline behavior profile",
"XLabel": "Number of days",
"YLabel": "Value",
"Data": {
"Y": [
""
],
"X": [
""
]
}
}
],
"ResourceInfo": [
{
"Label": "Activity risk",
"Value": "An external attacker may obtain the logon credentials of an account and use the account to log on to the service, or an employee may log on to the service on a personal terminal."
}
]
}
}
}
Error codes
For a list of error codes, visit the API error center.
Change history
Change time | Summary of changes | Operate | ||
---|---|---|---|---|
2022-04-18 | The response structure of the API operation has changed | |||
|