DescribeGraph4InvestigationOnline - Security Center - Alibaba Cloud Documentation Center

This topic is generated by a machine translation engine without any human intervention. ALIBABA CLOUD DOES NOT GUARANTEE THE ACCURACY OF MACHINE TRANSLATED CONTENT. To request a human-translated version of this topic or provide feedback on this translation, please include it in the feedback form.

Alert Event Investigation

Debugging

You can run this interface directly in OpenAPI Explorer, saving you the trouble of calculating signatures. After running successfully, OpenAPI Explorer can automatically generate SDK code samples.

Debug

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

Operation: the value that you can use in the Action element to specify the operation on a resource.
Access level: the access level of each operation. The levels are read, write, and list.
Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
- For mandatory resource types, indicate with a prefix of * .
- If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
Condition Key: the condition key that is defined by the cloud service.
Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.

Operation	Access level	Resource type	Condition key	Associated operation
yundun-sas:DescribeGraph4InvestigationOnline	get	All Resources ``	none	none

Request parameters

Parameter	Type	Required	Description	Example
Namespace	string	Yes	The namespace of the graph, which is fixed as: hundun_dc_online.	hundun_dc_online
AnomalyUuid	string	No	The UUID of the alert event asset. You can call DescribeSuspEvents to obtain the asset UUID, with the value path being: data.SuspEvents[index].Uuid.	3502e4b0-f362-4059-84a2-f47fa2b5exxx
AnomalyId	string	No	The ID of the alert event. You can call DescribeSuspEvents to obtain the alert event ID, with the value path being: data.SuspEvents[index].UniqueInfo.	786fc80896b25422b5324cb6e57bxxxx
VertexId	string	No	Vertex ID. This does not need to be proactively provided.	29872354f741b1b044b8a9b4e2ab****
Lang	string	No	Sets the language type for the request and response messages. The default is zh. Values: zh: Chinese en: English	zh

Response parameters

Parameter	Type	Description	Example
	object	PlainResult
Data	object	Data
EntityTypeList	array<object>	List of vertex types.
EntityType	object
DisplayOrder	integer	Display order	1
DisplayColor	string	Vertex rendering color.	#fff
DisplayIcon	string	Vertex icon.	https://img.alicdn.com/tfs/TB176P5OgDqK1RjSZSyXXaxEVXa-49-48.png
Name	string	Vertex name.	alert
Id	string	Node type ID.	1
EdgeList	array<object>	List of edges.
Edge	object	End of the edge.
Name	string	Edge name.	bash->apt-get
EndId	string	ID of the end point of the edge.	f944c2362c7e111dee16f0e70ad2xxxx
EndType	string	The type of the end point of the current edge. Possible values include but are not limited to: process: Process file: File alert: Alert ip: IP address domain: Domain	process
StartId	string	Start vertex id of edge.	f944c2362c7e111dee16f0e70ad2xxxx
StartType	string	The type of the starting point of the edge. Possible values include, but are not limited to: process： Process file： File alert： Alert ip： IP address domain： Domain	file
Time	string	The time when the edge was established.	2024-07-01 15:25:46
Type	string	The type of the edge.	process_spawn_process
VertexList	array<object>	List of vertices.
Vertex	object
Uuid	string	Asset UUID.	5c081b02-f66a-47a4-bd2f-79ee3eafxxxx
Type	string	Vertex type.	alert
Name	string	Vertex name.	1a79b3a10ad5e6cad090dd697a7axxxxx
Time	string	Time.	2024-07-02 16:14:01
Properties	string	Properties.	{'DomainName': {'SupportScratchDetection': False, 'Description': 'The name of the domain.', 'Required': True, 'UpdateAllowed': False, 'Type': 'string', 'Immutable': False}}
NeighborList	array<object>	List of neighboring vertices of the current vertex.
Neighbor	object
HasMore	boolean	Indicates whether there are more neighboring vertices.	False
Count	integer	Number of neighboring nodes.	1
Type	string	Neighbor node type.	alert
RelationTypeList	array<object>	List of edge types.
RelationType	object
Name	string	Name of the edge.	spawn process
Directed	integer	Direction of the edge. Possible values: 1 ： Forward 0： Reverse	1
DisplayColor	string	Render color of the edge.	#fff
DisplayIcon	string	Icon style of the edge	https://img.alicdn.com/imgextra/i4/O1CN01ft6rvQ22uUX2JsTmv_!!6000000007180-55-tps-12-12.svg
Success	boolean	The result status of the API call. Values: true: The API call was successful. false: The API call failed.	true
Code	string	Result code, where 200 indicates success. Any other value indicates failure, and the caller can use this field to determine the reason for the failure.	200
Message	string	The response message from the request.	successful
RequestId	string	A unique identifier generated by Alibaba Cloud for this request.	C699E4E4-F2F4-58FC-A949-457FFE59****

Examples

Sample success responses

JSONformat

{
  "Data": {
    "EntityTypeList": [
      {
        "DisplayOrder": 1,
        "DisplayColor": "#fff",
        "DisplayIcon": "https://img.alicdn.com/tfs/TB176P5OgDqK1RjSZSyXXaxEVXa-49-48.png",
        "Name": "alert",
        "Id": 1
      }
    ],
    "EdgeList": [
      {
        "Name": "bash->apt-get",
        "EndId": "f944c2362c7e111dee16f0e70ad2xxxx",
        "EndType": "process",
        "StartId": "f944c2362c7e111dee16f0e70ad2xxxx",
        "StartType": "file",
        "Time": "2024-07-01 15:25:46",
        "Type": "process_spawn_process"
      }
    ],
    "VertexList": [
      {
        "Uuid": "5c081b02-f66a-47a4-bd2f-79ee3eafxxxx",
        "Type": "alert",
        "Name": "1a79b3a10ad5e6cad090dd697a7axxxxx",
        "Time": "2024-07-02 16:14:01",
        "Properties": "{'DomainName': {'SupportScratchDetection': False, 'Description': 'The name of the domain.', 'Required': True, 'UpdateAllowed': False, 'Type': 'string', 'Immutable': False}}",
        "NeighborList": [
          {
            "HasMore": true,
            "Count": 1,
            "Type": "alert"
          }
        ]
      }
    ],
    "RelationTypeList": [
      {
        "Name": "spawn process",
        "Directed": 1,
        "DisplayColor": "#fff",
        "DisplayIcon": "https://img.alicdn.com/imgextra/i4/O1CN01ft6rvQ22uUX2JsTmv_!!6000000007180-55-tps-12-12.svg"
      }
    ]
  },
  "Success": true,
  "Code": 200,
  "Message": "successful",
  "RequestId": "C699E4E4-F2F4-58FC-A949-457FFE59****"
}

Error codes

HTTP status code	Error code	Error message	Description
403	NoPermission	caller has no permission	You are not authorized to do this operation.
500	ServerError	ServerError	-

For a list of error codes, visit the Service error codes.

Change history

Change time	Summary of changes	Operation

No change history