All Products
Search

This Product

    Security Center:ListDisposeStrategy

    Document Center

    Security Center:ListDisposeStrategy

    Last Updated:Feb 09, 2026

    Retrieve a list of system-recommended disposal strategies.

    Try it now

    Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

    Test

    RAM authorization

    The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

    • Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.

    • API: The API that you can call to perform the action.

    • Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.

    • Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.

      • For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.

      • For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.

    • Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.

    • Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

    Action

    Access level

    Resource type

    Condition key

    Dependent action

    yundun-sas:ListDisposeStrategy

    list

    *All Resource

    *

    		 None None

    Request parameters

    Parameter

    Type

    Required

    Description

    Example
    SophonTaskId

    string

    No

    ID of the security orchestration and automated response disposal strategy.

    a50a49b7-6044-4593-ab15-2b46567c****
    EntityIdentity

    string

    No

    Entity feature value. Use this to perform a fuzzy search on entities.

    test22.php
    EntityType

    string

    No

    Entity type. Valid values:

    • ip

    • process

    • file

    ip
    PlaybookName

    string

    No

    Unique name of the playbook.

    WafBlockIP
    PlaybookUuid

    string

    No

    UUID of the playbook.

    system_aliyun_clb_process_book
    PlaybookTypes

    string

    No

    Playbook type. Valid values:

    • system: manual disposal

    • custom: event-triggered playbook

    • custom_alert: alert-triggered playbook

    • soar-manual: manually run playbook

    • soar-mdr: MDR-run playbook

    system
    EffectiveStatus

    integer

    No

    Strategy status. Valid values:

    • 0: disabled

    • 1: enabled

    0
    OrderField

    string

    No

    Sort field. Valid values:

    • GmtModified: sort by last modified time

    • GmtCreate: sort by creation time

    • FinishTime: sort by strategy end time

    GmtModified
    Order

    string

    No

    Sort order. Valid values:

    • desc: descending

    • asc: ascending

    desc
    StartTime

    integer

    Yes

    Start time of the query, in milliseconds.

    1577808000000
    EndTime

    integer

    Yes

    End time of the query, in milliseconds.

    1577808000000
    Status

    integer

    No

    Disposal strategy status.

    200
    CurrentPage

    integer

    Yes

    Current page number. Must be greater than or equal to 1.

    1
    PageSize

    integer

    Yes

    Number of entries per page. Maximum value is 100.

    10
    RoleType

    integer

    No

    View type. Valid values:

    • 0: view for the current Alibaba Cloud account

    • 1: view for all accounts under the enterprise

    1
    RoleFor

    integer

    No

    Alibaba Cloud account ID when an administrator switches to another member's perspective.

    113091674488****
    RegionId

    string

    No

    Location of the Data Management center for Threat Analysis and Response. Select the location based on where your assets are deployed. Valid values:

    • cn-hangzhou: assets in the Chinese mainland or Hong Kong (China)

    • ap-southeast-1: assets outside China

    cn-hangzhou
    IncidentUuid

    string

    No

    Event ID.

    49670d3bbf7aa9556a2fff3dbaa9****

    Response elements

    Element

    Type

    Description

    Example

    object

    PageResponse<List<disposestrategy>>

    Success

    boolean

    Indicates whether the request succeeded. Valid values:

    • true

    • false

    true
    Code

    integer

    HTTP status code.

    200
    Message

    string

    Response message.

    success
    RequestId

    string

    Request ID.

    9AAA9ED9-78F4-5021-86DC-D51C7511****
    Data

    object

    Response data.

    123456
    PageInfo

    object

    Paging information.

    CurrentPage

    integer

    Current page number.

    1
    PageSize

    integer

    Number of entries returned per page.

    10
    TotalCount

    integer

    Total number of entries.

    100
    ResponseData

    array<object>

    Detailed data.

    object

    Id

    integer

    Strategy ID.

    123
    GmtCreate

    string

    Creation time.

    2021-01-06 16:37:29
    GmtModified

    string

    Last modified time.

    2021-01-06 16:37:29
    Aliuid

    integer

    SIEM root account ID associated with the strategy.

    127608589417****
    SubAliuid

    integer

    The Alibaba Cloud account ID associated with the configuration policy.

    176555323***
    IncidentName

    string

    Event name.

    Multiple type of alerts, including Miner Network, Command line download and run malicious files, Backdoor Process, etc
    Scope

    array

    Disposal scope.

    [{ aliUid: 1766185894104675 }]

    any

    Disposal scope.

    [{ aliUid: 176618589410**** }]
    IncidentUuid

    string

    Global unique UUID of the event.

    85ea4241-798f-4684-a876-65d4f0c3****
    AlertUuid

    string

    Alert UUID.

    sas_71e24437d2797ce8fc59692905a4****
    SophonTaskId

    string

    ID of the security orchestration and automated response disposal strategy.

    577bbf90-a770-44a7-8154-586aa2d3****
    PlaybookName

    string

    Unique name of the playbook.

    WafBlockIP
    PlaybookUuid

    string

    UUID of the playbook.

    system_aliyun_clb_process_book
    PlaybookType

    string

    Playbook type. Valid values:

    • system: manual disposal

    • custom: event-triggered playbook

    • custom_alert: alert-triggered playbook

    • soar-manual: manually run playbook

    • soar-mdr: MDR-run playbook

    system
    TaskUrl

    string

    Playbook URL.

    {"playbookUuid":"system_aliyun_aegis_stop_container_book","requestUuid":"e8924356-448b-4301-aee9-*******"}
    EntityId

    integer

    Entity ID.

    123456789
    Entity

    array

    Entity details in JSON array format.

    [{"ip":"1.1.1.1"}]

    any

    Entity details in JSON array format.

    [{"ip":"1.1.XX.XX"}]
    EntityType

    string

    Entity type. Valid values:

    • ip

    • process

    • file

    ip
    TaskParam

    string

    Parameters used to trigger the playbook, in JSON format.

    { "file": { "op_code": "2", "file_path": "/root/alert0913/a886.jsp", "entity_type": "file", "entity_name": "a886.jsp", "file_name": "a886.jsp", "file_owner": "USER:,GROUP:", "hash_value": "5def10c9a4287d0920d86b42420b20b0", "op_level": "2", "entity_id": "/root/alert0913/a886.jsp", "host_uuid": { "entity_type": "host", "entity_name": "N/A", "is_comprised": "1", "os_type": "linux", "entity_id": "5f58ef67-8803-4314-8d67-c87dc92b****", "host_uuid": "5f58ef67-8803-4314-8d67-c87dc92b****", "host_name": "N/A" }, "malware_type": "${aliyun.siem.sas.alert_tag.webshell}" }, "_sys_siem": { "cloudCode": "aliyun", "alertId": "89416745494****" }, "scope": [ { "aliUid": 1766185894104**** } ] }
    ErrorMessage

    string

    Summary of task failure.

    DisposalEntity failed which description is Aegis Quarantine File , return_info failed which description is Check Aegis Process Result , [ERROR DETAIL] *******.php:file not found
    FinishTime

    string

    Task completion time.

    2021-08-10 21:34:07
    EffectiveStatus

    integer

    Strategy status. Valid values:

    • 0: disabled

    • 1: enabled

    0
    Status

    integer

    Playbook invocation status. Valid values:

    • 200: succeeded

    • 10: deleted

    • 5: failed

    • 0: initial state

    10

    Examples

    Success response

    JSON format

    {
  "Success": true,
  "Code": 200,
  "Message": "success",
  "RequestId": "9AAA9ED9-78F4-5021-86DC-D51C7511****",
  "Data": {
    "PageInfo": {
      "CurrentPage": 1,
      "PageSize": 10,
      "TotalCount": 100
    },
    "ResponseData": [
      {
        "Id": 123,
        "GmtCreate": "2021-01-06 16:37:29",
        "GmtModified": "2021-01-06 16:37:29",
        "Aliuid": 0,
        "SubAliuid": 0,
        "IncidentName": "Multiple type of alerts, including Miner Network, Command line download and run malicious files, Backdoor Process, etc",
        "Scope": [
          "[{ aliUid: 176618589410**** }]"
        ],
        "IncidentUuid": "85ea4241-798f-4684-a876-65d4f0c3****",
        "AlertUuid": "sas_71e24437d2797ce8fc59692905a4****",
        "SophonTaskId": "577bbf90-a770-44a7-8154-586aa2d3****",
        "PlaybookName": "WafBlockIP",
        "PlaybookUuid": "system_aliyun_clb_process_book",
        "PlaybookType": "system",
        "TaskUrl": "{\"playbookUuid\":\"system_aliyun_aegis_stop_container_book\",\"requestUuid\":\"e8924356-448b-4301-aee9-*******\"}",
        "EntityId": 123456789,
        "Entity": [
          "[{\"ip\":\"1.1.XX.XX\"}]"
        ],
        "EntityType": "ip",
        "TaskParam": "{\n      \"file\": {\n            \"op_code\": \"2\",\n            \"file_path\": \"/root/alert0913/a886.jsp\",\n            \"entity_type\": \"file\",\n            \"entity_name\": \"a886.jsp\",\n            \"file_name\": \"a886.jsp\",\n            \"file_owner\": \"USER:,GROUP:\",\n            \"hash_value\": \"5def10c9a4287d0920d86b42420b20b0\",\n            \"op_level\": \"2\",\n            \"entity_id\": \"/root/alert0913/a886.jsp\",\n            \"host_uuid\": {\n                  \"entity_type\": \"host\",\n                  \"entity_name\": \"N/A\",\n                  \"is_comprised\": \"1\",\n                  \"os_type\": \"linux\",\n                  \"entity_id\": \"5f58ef67-8803-4314-8d67-c87dc92b****\",\n                  \"host_uuid\": \"5f58ef67-8803-4314-8d67-c87dc92b****\",\n                  \"host_name\": \"N/A\"\n            },\n            \"malware_type\": \"${aliyun.siem.sas.alert_tag.webshell}\"\n      },\n      \"_sys_siem\": {\n            \"cloudCode\": \"aliyun\",\n            \"alertId\": \"89416745494****\"\n      },\n      \"scope\": [\n            {\n                  \"aliUid\": 1766185894104****\n            }\n      ]\n}",
        "ErrorMessage": "DisposalEntity failed which description is Aegis Quarantine File , return_info failed which description is Check Aegis Process Result , [ERROR DETAIL] *******.php:file not found",
        "FinishTime": "2021-08-10 21:34:07",
        "EffectiveStatus": 0,
        "Status": 10
      }
    ]
  }
}

    Error codes

    HTTP status code

    Error code

    Error message

    Description
    500 InternalError The request processing has failed due to some unknown error.

    See Error Codes for a complete list.

    Release notes

    See Release Notes for a complete list.