DescribeRules - Data Security Center - Alibaba Cloud Documentation Center

Queries a list of sensitive data detection rules.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

yundun-sddp:DescribeRules

get

*All Resource

*

None

Request parameters

Parameter	Type	Required	Description	Example
Lang	string	No	The language of the request and response. Valid values: zh: Chinese en: English	zh
PageSize	integer	No	The number of entries to return on each page.	12
CurrentPage	integer	No	The page number of the page to return.	1
CustomType	integer	No	The type of the sensitive data detection rule. Valid values: 0: built-in 1: custom	1
Category	integer	No	The content type of the sensitive data detection rule. Valid values: 0: keyword 2: regular expression	2
Name	string	No	The name of the sensitive data detection rule. Fuzzy search is supported.	***规则
RiskLevelId	integer	No	The ID of the sensitivity level for the sensitive data detection rule. Valid values: 1: N/A. No sensitive data is detected. 2: S1. Level 1 sensitive data. 3: S2. Level 2 sensitive data. 4: S3. Level 3 sensitive data. 5: S4. Level 4 sensitive data.	2
RuleType	integer	No	The type of the sensitive data detection rule. Valid values: 1: data detection rule 2: audit policy 3: anomaly detection rule 99: custom rule	1
MatchType	integer	No	The match type. Valid values: 1: rule-based match 2: dictionary-based match	1
ProductCode	integer	No	The name of the service to which the data asset belongs. Valid values: MaxCompute OSS ADS OTS RDS SELF_DB	MaxCompute
ProductId	integer	No	The ID of the service to which the data asset belongs. Valid values: 1: MaxCompute 2: OSS 3: ADS 4: OTS 5: RDS 6: SELF_DB	1
WarnLevel	integer	No	The threat level. 1: low 2: medium 3: high	2
ContentCategory	integer	No	The content type. Valid values: 1: SQL injection exploit 2: SQL injection bypass 3: stored procedure abuse 4: buffer overflow 5: error-based SQL injection	1
Status	integer	No	The status. Valid values: 1: enabled 0: disabled	1
KeywordCompatible	boolean	No	Specifies whether the keyword is compatible with earlier versions. true: yes false: no Note The value of the Category parameter for the keyword type is 0 in earlier versions and 5 in the current version. Enable this compatibility as needed.	true
GroupId	string	No	The parent group of the rule.	4_1
SupportForm	integer	No	The type of data assets that the rule supports. Valid values: 0: all assets 1: structured assets 2: unstructured assets Note When you query for rules that support structured or unstructured assets, the response also includes rules that support all assets.	1
FeatureType	integer	No	This parameter is deprecated.	2
CooperationChannel	string	No	The source of the external request. DAS YAOCHI	DAS
Simplify	boolean	No	Specifies whether to return a simplified version of the rule. A simplified version contains only the rule name. true: yes false: no	false

Response elements

Element	Type	Description	Example
	object
CurrentPage	integer	The number of the returned page.	1
RequestId	string	The ID of the request.	769FB3C1-F4C9-42DF-9B72-7077A8989C13
PageSize	integer	The number of entries returned on each page.	12
TotalCount	integer	The total number of entries.	23
Items	array<object>	A list of sensitive data detection rules.
	object	The details of a sensitive data detection rule.
DisplayName	string	The display name of the user who created the sensitive data detection rule.	****test
Status	integer	The status of the sensitive data detection rule. Valid values: 0: disabled 1: enabled	1
SupportForm	integer	The type of data assets that the rule supports. Valid values: 0: all assets 1: structured assets 2: unstructured assets	2
WarnLevel	integer	The threat level. 1: low 2: medium 3: high	2
UserId	integer	The ID of the user who created the sensitive data detection rule.	0
StatExpress	string	The statistical expression.	1
GmtModified	integer	The time when the sensitive data detection rule was last modified. This value is a UNIX timestamp. Unit: milliseconds.	1545277010000
RiskLevelId	integer	The ID of the sensitivity level for the sensitive data detection rule. Valid values: 1: N/A. No sensitive data is detected. 2: S1. Level 1 sensitive data. 3: S2. Level 2 sensitive data. 4: S3. Level 3 sensitive data. 5: S4. Level 4 sensitive data.	2
Description	string	The description of the sensitive data detection rule.	用于识别IP地址
ProductId	integer	The ID of the service to which the data asset belongs. Valid values: 1: MaxCompute 2: OSS 3: ADS 4: OTS 5: RDS 6: SELF_DB	2
Name	string	The name of the sensitive data detection rule.	IP地址
Content	string	The content of the sensitive data detection rule. Note The content of a built-in rule (where CustomType is 0) is not returned.	(?:\\D\|^)((?:(?:25[0-4]\|2[0-4]\\d\|1\\d{2}\|[1-9]\\d{1})\\.)(?:(?:25[0-5]\|2[0-4]\\d\|[01]?\\d?\\d)\\.){2}(?:25[0-5]\|2[0-4]\\d\|1[0-9]\\d\|[1-9]\\d\|[1-9]))(?:\\D\|$)
Target	string	The name of the service to which the data asset belongs. Valid values: MaxCompute OSS ADS OTS RDS SELF_DB	MaxCompute
LoginName	string	The logon name of the user who created the sensitive data detection rule.	det1111
CategoryName	string	The name of the content type.	正则表达式
ContentCategory	string	The content type. Valid values: 1: SQL injection exploit 2: SQL injection bypass 3: stored procedure abuse 4: buffer overflow 5: error-based SQL injection	1
HitTotalCount	integer	The total number of matches for the rule.	3
GroupId	string	The parent group of the rule.	4_1
CustomType	integer	The type of the sensitive data detection rule. 0: built-in 1: custom	1
RiskLevelName	string	The name of the sensitivity level. Valid values: N/A: No sensitive data is detected. S1: Level 1 sensitive data. S2: Level 2 sensitive data. S3: Level 3 sensitive data. S4: Level 4 sensitive data.	S2
GmtCreate	integer	The time when the sensitive data detection rule was created. This value is a UNIX timestamp. Unit: milliseconds.	1545277010000
Category	integer	The content type of the sensitive data detection rule. Valid values: 0: keyword 2: regular expression	2
MajorKey	string	The key of the primary dimension.	key
Id	integer	The unique ID of the sensitive data detection rule.	20000
ProductCode	string	The name of the service to which the data asset belongs. Valid values: MaxCompute OSS ADS OTS RDS SELF_DB	MaxCompute
MatchType	integer	The match type. Valid values: 1: rule-based match 2: dictionary-based match	1
TemplateRuleIds	string	The IDs of templates that are associated with the sensitive data audit rule.	1
ModelRuleIds	string	The IDs of models that are associated with the sensitive data audit rule.	1452

Examples

Success response

JSON format

{
  "CurrentPage": 1,
  "RequestId": "769FB3C1-F4C9-42DF-9B72-7077A8989C13",
  "PageSize": 12,
  "TotalCount": 23,
  "Items": [
    {
      "DisplayName": "****test",
      "Status": 1,
      "SupportForm": 2,
      "WarnLevel": 2,
      "UserId": 0,
      "StatExpress": "1",
      "GmtModified": 1545277010000,
      "RiskLevelId": 2,
      "Description": "用于识别IP地址",
      "ProductId": 2,
      "Name": "IP地址",
      "Content": "(?:\\\\D|^)((?:(?:25[0-4]|2[0-4]\\\\d|1\\\\d{2}|[1-9]\\\\d{1})\\\\.)(?:(?:25[0-5]|2[0-4]\\\\d|[01]?\\\\d?\\\\d)\\\\.){2}(?:25[0-5]|2[0-4]\\\\d|1[0-9]\\\\d|[1-9]\\\\d|[1-9]))(?:\\\\D|$)",
      "Target": "MaxCompute",
      "LoginName": "det1111",
      "CategoryName": "正则表达式",
      "ContentCategory": "1",
      "HitTotalCount": 3,
      "GroupId": "4_1",
      "CustomType": 1,
      "RiskLevelName": "S2",
      "GmtCreate": 1545277010000,
      "Category": 2,
      "MajorKey": "key",
      "Id": 20000,
      "ProductCode": "MaxCompute",
      "MatchType": 1,
      "TemplateRuleIds": "1",
      "ModelRuleIds": "1452"
    }
  ]
}

Error codes

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.