Queries custom rules.
Debugging
Authorization information
Request parameters
Parameter | Type | Required | Description | Example |
---|---|---|---|---|
Id | string | No | The ID of the custom rule. | 10223 |
StartTime | long | No | The beginning of the time range to query. Unit: milliseconds. | 1577808000000 |
EndTime | long | No | The end of the time range to query. Unit: milliseconds. | 1577808000000 |
ThreatLevel | array | No | The threat level. The value must be a JSON array. Valid values:
| |
string | No | The threat level. The value must be a JSON array. Valid values:
| ["remind","serious"] | |
AlertType | string | No | The alert type. | scan |
RuleName | string | No | The name of the rule. The name can contain letters, digits, underscores (_), and periods (.). | waf_scan |
RuleType | string | No | The type of the rule. Valid values:
| customize |
Status | integer | No | The status of the rule. Valid values:
| 0 |
OrderField | string | No | The field that is used to sort the rules. Valid values:
| Id |
Order | string | No | The sort method. Valid values:
| desc |
CurrentPage | integer | Yes | The page number. Pages start from page 1. | 1 |
PageSize | integer | Yes | The number of entries per page. The value can be up to 100. | 10 |
RoleType | integer | No | The type of the view. Valid values:
| 0 |
RoleFor | long | No | The ID of the destination account to which you switch the view from the management account. | 113091674488**** |
RegionId | string | No | The data management center of the threat analysis feature. Specify this parameter based on the regions in which your assets reside. Valid values:
| cn-hangzhou |
Response parameters
Examples
Sample success responses
JSON
format
{
"Success": true,
"Code": 200,
"Message": "success",
"RequestId": "9AAA9ED9-78F4-5021-86DC-D51C7511****",
"Data": {
"PageInfo": {
"CurrentPage": 1,
"PageSize": 10,
"TotalCount": 100
},
"ResponseData": [
{
"Id": 123456789,
"GmtCreate": "2021-01-06 16:37:29",
"GmtModified": "2021-01-06 16:37:29",
"Aliuid": 0,
"RuleName": "waf_scan",
"RuleDesc": "this rule is for waf scan",
"RuleType": "customize",
"ThreatLevel": "remind",
"AlertType": "WEBSHELL",
"AlertTypeMds": "${siem_rule_type_process_abnormal_command}",
"LogType": "ALERT_ACTIVITY",
"LogTypeMds": "${sas.cloudsiem.prod.alert_activity}",
"LogSource": "cloud_siem_aegis_sas_alert",
"LogSourceMds": "${sas.cloudsiem.prod.cloud_siem_aegis_sas_alert}",
"RuleCondition": "[[{"not":false,"left":"alert_name","operator":"=","right":"WEBSHELL"}]]",
"RuleGroup": "["asset_id"]",
"RuleThreshold": "{"aggregateFunction":"count","aggregateFunctionName":"count","field":"activity_name","operator":"<=","value":1}",
"QueryCycle": "{"time":"1","unit":"HOUR"}",
"AttCk": "T1595.002 Vulnerability Scanning",
"EventTransferSwitch": 1,
"EventTransferType": "allToSingle",
"EventTransferExt": "{"time":"1","unit":"MINUTE"}",
"Status": 0,
"DataType": 1
}
]
}
}
Error codes
HTTP status code | Error code | Error message |
---|---|---|
500 | InternalError | The request processing has failed due to some unknown error. |
For a list of error codes, visit the Service error codes.
Change history
Change time | Summary of changes | Operation | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2024-04-17 | The Error code has changed. The request parameters of the API has changed. The response structure of the API has changed | see changesets | ||||||||||||||||||
|