Handles alerts.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes HandleSecurityEvents

The operation that you want to perform. Set the value to HandleSecurityEvents.

SourceIp String No 1.2.XX.XX

The source IP address of the request.

OperationCode String No advance_mark_mis_info

The operation to handle alerts of the same type at a time. Valid values:

  • deal: quarantines the source file of the malicious process.
  • kill_and_quara: terminates the malicious process and quarantines the source file.
  • kill_virus: deletes the source file of the malicious process.
  • block_ip: blocks the source IP address.
  • ignore: ignores the alerts.
  • mark_mis_info: marks the alerts as false positives by adding the alerts to the whitelist.
  • rm_mark_mis_info: cancels false positives by removing the alerts from the whitelist.
  • offline_handled: marks the alerts as handled.
OperationParams String No null

The parameter values of the operation to handle alerts of the same type at a time.

Note Values of OperationCode include:
kill_and_quara
and
block_ip
If OperationCode is set to other values, OperationParams can be left empty.
MarkMissParam String No {"field":"md5","operate":"contains","fieldValue":"{"field":"md5","operate":"contains","fieldValue":"aa"}"}

The rule condition based on which alerts are added to the whitelist. For example, if you want to add a file that contains the string ato the whitelist based on the MD5 hash value, set this parameter to {"field":"md5","operate":"contains","fieldValue":"aa"}.

MarkBatch String No true

Specifies whether to add multiple alerts to the whitelist.

  • true: yes
  • false: no
SecurityEventIds.N String No 909361

The IDs of alerts.

Response parameters

Parameter Type Example Description
RequestId String FF0020B9-999F-5DE2-985F-DB282BDA5311

The ID of the request, which is used to locate and troubleshoot issues.

HandleSecurityEventsResponse Object

The response of the processing result.

TaskId Long 15411

The ID of the task to handle alerts.

Examples

Sample requests

http(s)://[Endpoint]/?Action=HandleSecurityEvents
&SourceIp=1.2.XX.XX
&ResourceOwnerId=25631
&OperationCode=advance_mark_mis_info
&OperationParams={}
&MarkMissParam={"field":"md5","operate":"contains","fieldValue":"{"field":"md5","operate":"contains","fieldValue":"aa"}"}
&MarkBatch=true
&SecurityEventIds=["909361"]
&Common request parameters

Sample success responses

XML format

HTTP/1.1 200 OK
Content-Type:application/xml

<RequestId>FF0020B9-999F-5DE2-985F-DB282BDA5311</RequestId>
<HandleSecurityEventsResponse>
    <TaskId>15411</TaskId>
</HandleSecurityEventsResponse>

JSON format

HTTP/1.1 200 OK
Content-Type:application/json

{
  "RequestId" : "FF0020B9-999F-5DE2-985F-DB282BDA5311",
  "HandleSecurityEventsResponse" : {
    "TaskId" : 15411
  }
}

Error codes

For a list of error codes, visit the API Error Center.