GetFileDetectReport - Security Center - Alibaba Cloud Documentation Center

Queries the cloud sandbox check results of malicious files.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer.

Debug

Authorization information

There is currently no authorization information disclosed in the API.

Request parameters

Parameter	Type	Required	Description	Example
Field	string	No	The field that you want to query. You can enter multiple fields and separate them with commas (,). Valid values: ThreatTypes: the type of the threat intelligence event Intelligences: the threat intelligence event ThreatLevel: the level of the threat intelligence event Basic: the basic information about the report (the scan result) Sandbox: the cloud sandbox check report	Basic,,ThreatTypes,Intelligences,Sandbox
EventId	long	No	The event ID that corresponds to the file to be detected.	81****
FileHash	string	No	The hash value of the file to be detected.	b63917332950e5d219d0737ffe31****
Lang	string	No	The language of the content within the request and response. Valid values: zh: Chinese en: English	en
SourceType	string	No	The data source type. Valid values: machine: host alerts object_scan: file detection alerts	object_scan

Response parameters

Parameter	Type	Description	Example
	object
Data	object	The response parameters.
FileHash	string	The hash value of the file.	c42b5f6bde0b730ece2923266333****
ThreatLevel	long	The threat level. Valid values: 0: normal 1: suspicious 2: high	2
Sandbox	string	The details of the cloud sandbox check results.	{'BehaviorData': {}, 'ProcessData': {}, 'SandboxData': {}, 'AttackData': [], 'NetworkData': {}, 'SolutionData': {}, 'FileData': {}}
Basic	string	The basic information about the detected file.	{ "sha256": "", "sha512": "", "source": "aegis", "gmt_first_submit": "", "sha1": "", "virus_result": "", "webshell_result": "", "gmt_update": "", "sandbox_result": "2", "fileSize": "363752", "virus_name": "", }
Filename	string	The name of the file.	test.zip
HasData	boolean	Indicates whether the file data exists in the cloud sandbox. Valid values: true false	true
Intelligences	string	The threat intelligence event, which is a JSON array. Valid values: The threat type. The value is an array. The elements in the array can be DDoS trojans, mining programs, network layer intrusions, network service scans, network sharing and discovery, mining pools, exploits, dark webs, malicious logons, malicious download sources, C&C servers, webshells, and web attacks.	["The threat type"]
ThreatTypes	string	The risk tags and server tags that are generated by analyzing threat intelligence and security events. The value is a string array. The array includes the following elements: threat_type_desc: the threat type. last_find_time: the last time the threat was detected. risk_type: indicates whether the tag is malicious. The value 0 indicates that the tag is not malicious. The value 1 indicates that the tag is malicious. The value -1 indicates that whether the tag type is malicious is unknown. threat_type: the threat type. The value is an array. The elements in the array can be network layer intrusion, network service scanning, network sharing and discovery, mining pool, exploits, darknet, malicious logon, malicious download source, central control, web shell, and web attack.	[{"threat_type_desc": "test","risk_type": 1,"threat_type": ""}]
ShowTab	boolean	Indicates whether the check report is displayed. Valid values: true false	true
RequestId	string	The request ID.	A4EB8B1C-1DEC-5E18-BCD0-D1BBB393XXXX
Code	string	The status code that is returned. The status code 200 indicates that the request was successful. Other status codes indicate that the request failed. You can identify the cause of the failure based on the status code.	200
Message	string	The returned message.	successful
Success	boolean	Indicates whether the request was successful. Valid values: true false	true

Examples

Sample success responses

JSONformat

{
  "Data": {
    "FileHash": "c42b5f6bde0b730ece2923266333****",
    "ThreatLevel": 2,
    "Sandbox": "{'BehaviorData': {}, 'ProcessData': {}, 'SandboxData': {}, 'AttackData': [], 'NetworkData': {}, 'SolutionData': {}, 'FileData': {}}",
    "Basic": "    {\n        \"sha256\": \"\",\n        \"sha512\": \"\",\n        \"source\": \"aegis\",\n        \"gmt_first_submit\": \"\",\n        \"sha1\": \"\",\n        \"virus_result\": \"\",\n        \"webshell_result\": \"\",\n        \"gmt_update\": \"\",\n        \"sandbox_result\": \"2\",\n        \"fileSize\": \"363752\",\n        \"virus_name\": \"\",\n    }",
    "Filename": "test.zip",
    "HasData": true,
    "Intelligences": "[\"The threat type\"]",
    "ThreatTypes": "[{\"threat_type_desc\": \"test\",\"risk_type\": 1,\"threat_type\": \"\"}]",
    "ShowTab": true
  },
  "RequestId": "A4EB8B1C-1DEC-5E18-BCD0-D1BBB393XXXX",
  "Code": "200",
  "Message": "successful",
  "Success": true
}

Error codes

HTTP status code	Error code	Error message	Description
403	NoPermission	caller has no permission	You are not authorized to do this operation.
500	ServerError	ServerError	-

For a list of error codes, visit the Service error codes.