All Products
Search
Document Center

Security Center:DescribeInstanceStatistics

Last Updated:Jun 16, 2026

Queries the statistics information of server asset instances.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

  • Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.

  • API: The API that you can call to perform the action.

  • Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.

  • Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.

    • For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.

    • For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.

  • Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.

  • Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

yundun-sas:DescribeInstanceStatistics

get

*All Resource

*

None None

Request parameters

Parameter

Type

Required

Description

Example

SourceIp

string

No

The IP address of the access source.

1.2.XX.XX

Lang

string

No

The language type of the request and response. Default value: zh. Valid values:

  • zh: Chinese

  • en: English.

zh

Uuid

string

Yes

The UUIDs of the assets that you want to query. Separate multiple UUIDs with commas (,). You can call the DescribeCloudCenterInstances operation to obtain the UUIDs of asset instances.

6690a46c-0edb-4663-a641-3629d1a9****

From

string

Yes

The source of the request. Set the value to sas, which indicates that the request is sent from Security Center.

sas

Response elements

Element

Type

Description

Example

object

RequestId

string

The ID of the request. The ID is a unique identifier that Alibaba Cloud generates for the request. You can use the ID to troubleshoot issues.

8F035A9D-D19F-5430-8CA5-1497991B7C61

Data

array<object>

The statistics information of asset risks.

object

The statistics information of asset risks.

Account

integer

The number of unusual logon events on the asset.

0

AppNum

integer

The number of application vulnerabilities on the asset.

1

ScaNum

integer

The number of middleware vulnerabilities on the asset.

1

Trojan

integer

The number of trojans detected on the asset.

1

CveNum

integer

The number of common vulnerabilities on the asset.

1

EmgNum

integer

The number of urgent vulnerabilities on the asset.

6

CmsNum

integer

The number of Web-CMS vulnerabilities on the asset.

5

Uuid

string

The UUID of the asset instance.

6690a46c-0edb-4663-a641-3629d1a9****

Vul

integer

The total number of vulnerabilities on the asset.

17

Health

integer

The number of baseline risk issues on the asset.

2

SysNum

integer

The number of Windows system vulnerabilities on the asset.

3

WeakPWNum

integer

The number of weak passwords.

22

AgentlessAll

integer

The number of security alerts detected by agentless detection.

13

AgentlessMalicious

integer

The number of malicious samples detected by agentless detection.

3

AgentlessVulCve

integer

The number of system vulnerabilities detected by agentless detection.

1

AgentlessVulSca

integer

The number of application vulnerabilities detected by agentless detection.

1

AgentlessBaseline

integer

The number of baseline issues detected by agentless detection.

2

CspmNum

integer

The number of Cloud Security Posture Management (CSPM) risk issues on the asset.

1

AgentlessVulSys

integer

The number of Windows system vulnerabilities detected by agentless detection.

1

AgentlessSensitiveFile

integer

The number of sensitive file alerts detected by agentless detection.

1

Suspicious

integer

The number of security alerts on the asset.

2

RemindSuspiciousNum

string

The number of reminder-level security alerts on the asset.

1

SuspectSuspiciousNum

string

The number of suspicious security alerts on the asset.

1

SeriousSuspiciousNum

string

The number of high-risk security alerts on the asset.

2

SysAsapVulCount

string

The number of system vulnerabilities on the asset.

1

CspmHighRiskNum

string

The number of high-risk CSPM issues on the system.

1

Examples

Success response

JSON format

{
  "RequestId": "8F035A9D-D19F-5430-8CA5-1497991B7C61",
  "Data": [
    {
      "Account": 0,
      "AppNum": 1,
      "ScaNum": 1,
      "Trojan": 1,
      "CveNum": 1,
      "EmgNum": 6,
      "CmsNum": 5,
      "Uuid": "6690a46c-0edb-4663-a641-3629d1a9****",
      "Vul": 17,
      "Health": 2,
      "SysNum": 3,
      "WeakPWNum": 22,
      "AgentlessAll": 13,
      "AgentlessMalicious": 3,
      "AgentlessVulCve": 1,
      "AgentlessVulSca": 1,
      "AgentlessBaseline": 2,
      "CspmNum": 1,
      "AgentlessVulSys": 1,
      "AgentlessSensitiveFile": 1,
      "Suspicious": 2,
      "RemindSuspiciousNum": "1",
      "SuspectSuspiciousNum": "1",
      "SeriousSuspiciousNum": "2",
      "SysAsapVulCount": "1",
      "CspmHighRiskNum": "1"
    }
  ]
}

Error codes

HTTP status code

Error code

Error message

Description

400 NoPermission no permission
500 ServerError ServerError
403 NoPermission caller has no permission

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.