All Products
Document Center

Elastic Desktop Service:DescribeSecurityEventOperations

Last Updated:Jan 18, 2023

Authorization information

There is currently no authorization information disclosed in the API.

Request parameters

Parameter Type Required Description Example
RegionId string Yes

The ID of the region.

SecurityEventId long Yes

The ID of the alert.


Response parameters

Parameter Type Description Example
RequestId string

The ID of the request.

SecurityEventOperations array

The operations performed on the alert.

OperationParams string

The parameters of the operation.

OperationCode string

The code of the operation performed on the alert. Valid values:

  • mark_mis_info: adds the alert to the whitelist without configuring rules. This operation is triggered by adding multiple alerts to the whitelist at a time.
  • advance_mark_mis_inf: adds the alert to the whitelist by configuring advanced rules.
  • defense_mark_mis_info: adds the alert to the whitelist by configuring precise defense rules.
  • rm_mark_mis_info: removes the alert from the whitelist.
  • rm_defense_mark_mis_info: removes the alert from the whitelist configured with precise defense rules.
  • manual_handled: manually handles the alert.
  • ignore: ignores the alert.
  • quara: quarantines the source file of the malicious process.
  • block_ip: blocks access from the source IP address.
  • kill_and_quara: terminates the malicious process and quarantines the source file.
UserCanOperate boolean

Indicates whether the alert can be handled. Valid values:

  • true: The alert can be handled.
  • false: The alert cannot be handled.


Normal return example


  "RequestId": "1CBAFFAB-B697-4049-A9B1-67E1FC5F****",
  "SecurityEventOperations": [
      "OperationParams": "qqqqq",
      "OperationCode": "ignore",
      "UserCanOperate": true

Error codes

For a list of error codes, visit the API error center.