Queries the details of an anomalous event. The details include the time when the anomalous event occurred, and the description and handling status of the anomalous event.
Debugging
Authorization information
There is currently no authorization information disclosed in the API.
Request parameters
Parameter | Type | Required | Description | Example |
---|---|---|---|---|
Lang | string | No | The language of the content within the request and response. Valid values:
| zh |
Id | long | Yes | The ID of the anomalous event. Note
You can call the DescribeEvents operation to query the ID of the anomalous event.
| 13456723343 |
Response parameters
Examples
Sample success responses
JSON
format
{
"RequestId": "69FB3C1-F4C9-42DF-9B72-7077A8989C13",
"Event": {
"DisplayName": "yundunsr",
"Status": 0,
"DealReason": "Anomaly confirmed\n",
"UserId": 0,
"StatusName": "Pending\n",
"DealTime": 1230000,
"DealLoginName": "det1111",
"SubTypeName": "Anomalous volume of downloaded data\n",
"Backed": false,
"DataInstance": "in-222***",
"EventTime": 1545829129000,
"LoginName": "det1111",
"SubTypeCode": "020008",
"LogDetail": "{\"client_ip\": [\"106.11.XX.XX\", \"106.11.XX.XX\", \"106.11.XX.XX\", \"106.11.XX.XX\", \"106.11.XX.XX\", \"106.11.XX.XX\", \"106.11.XX.XX\", \"106.11.XX.XX\", \"106.11.XX.XX\"], \"start_time\": \"2020-05-10 00:00:01\", \"instance\": [\"omniscience-data\", \"punish-beaver-data\"], \"end_time\": \"2020-05-10 00:21:22\", \"client_ua\": [\"Java/1.8.0_152\", \"Java/1.8.0_92\", \"aliyun-sdk-java/2.0.0\", \"aliyun-sdk-java/2.8.0(Linux/4.9.151-015.ali3000.alios7.x86_64/amd64;1.8.0_152)\"], \"user_name\": 1512222261295262}",
"TypeCode": "02",
"AlertTime": 1545829129000,
"DealUserId": 0,
"TypeName": "Anomalous data flow\n",
"DealDisplayName": "yundunsr",
"Id": 52234,
"ProductCode": "MaxCompute",
"HandleInfoList": [
{
"Status": 1,
"EnableTime": 1611139155000,
"HandlerValue": 10,
"DisableTime": 1611139155000,
"HandlerName": "Remove from the whitelist\n",
"HandlerType": "rds_security_ip",
"CurrentValue": "sddp-test2",
"Id": 11
}
],
"Detail": {
"Content": [
{
"Label": "Anomaly description\n",
"Value": "The account was used to access OSS from an unusual terminal whose IP address is 1.2.3.4 from 00:06:45 on September 9, 2019 to 00:57:37 on September 9, 2019.\n",
"Name": "daliaoyuncom"
}
],
"Chart": [
{
"Type": "1",
"Label": "Baseline behavior chart\n",
"XLabel": "Number of days\n",
"YLabel": "Value\n",
"Data": {
"Y": [
"[1,2,3,...]"
],
"X": [
"[test1,test2,...]"
],
"Z": [
"[5,7,...]\n"
]
},
"ChatType": 1,
"Name": "misskingm",
"ZLabel": "chart description\n"
}
],
"ResourceInfo": [
{
"Label": "Risk\n",
"Value": "Based on the record of authentication by using an unusual terminal, an attacker may have obtained the access permission of the account, or an employee accessed data from a personal terminal.\n"
}
]
},
"NewAlarm": true
}
}
Error codes
For a list of error codes, visit the Service error codes.
Change history
Change time | Summary of changes | Operation |
---|---|---|
2024-04-22 | The API operation is not deprecated.. The response structure of the API has changed | View Change Details |
2022-04-18 | The response structure of the API has changed | View Change Details |