All Products
Search
Document Center

Security Center:GetFileProtectClientEvent

Last Updated:Jun 12, 2026

Retrieves the details of a file protection event.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

No authorization for this operation. If you encounter issues with this operation, contact technical support.

Request parameters

Parameter

Type

Required

Description

Example

Id

integer

No

The unique ID of the alert event.

131231

Response elements

Element

Type

Description

Example

object

Schema of Response

RequestId

string

Id of the request

1383B0DB-D5D6-4B0C-9E6B-75939C8****

Data

object

The data details.

Uuid

string

The UUID of the asset instance.

6690a46c-0edb-4663-a641-3629d1a9****

RuleName

string

The rule name.

test-000

FirstTime

integer

The timestamp when the event first occurred.

1694576692000

LatestTime

integer

The time when the event most recently occurred.

1694576692000

Status

integer

The event status. Valid values:

  • 0: unhandled

  • 1: handled

  • 2: whitelisted.

1

ProcPath

string

The process path.

/bin/bash33

FilePath

string

The file path.

/usr/local

CmdLine

string

The command line of the event.

["touch","/usr/local/aaaa"]

FilePermission

string

The process permissions.

rwxr-xr-x

Operation

string

The operation that the process performed on the file.

DELETE

Id

integer

The event ID.

3454

AlertLevel

integer

The alert notification level. Valid values:

  • 0: no alert

  • 1: reminder

  • 2: suspicious

  • 3: high-risk.

0

InstanceName

string

The instance name.

i-wz92q7m5hsbgfhdss***

InternetIp

string

The public IP address of the associated instance.

17.16.XX.XX

IntranetIp

string

The private IP address of the associated instance.

10.42.XX.XX

HandleTime

integer

The time when the event was handled.

1694576692000

Remark

string

The remarks.

test

ProcessId

string

The process ID of the event.

3453

Platform

string

The operating system type.

linux

UserId

string

The user ID of the event.

12

UserName

string

The username of the event.

root

RuleAction

string

The action of the blocking rule.

block

Count

integer

The number of times the alert occurred.

2

Examples

Success response

JSON format

{
  "RequestId": "1383B0DB-D5D6-4B0C-9E6B-75939C8****",
  "Data": {
    "Uuid": "6690a46c-0edb-4663-a641-3629d1a9****",
    "RuleName": "test-000",
    "FirstTime": 1694576692000,
    "LatestTime": 1694576692000,
    "Status": 1,
    "ProcPath": "/bin/bash33",
    "FilePath": "/usr/local",
    "CmdLine": "[\"touch\",\"/usr/local/aaaa\"]",
    "FilePermission": "rwxr-xr-x",
    "Operation": "DELETE",
    "Id": 3454,
    "AlertLevel": 0,
    "InstanceName": "i-wz92q7m5hsbgfhdss***",
    "InternetIp": "17.16.XX.XX",
    "IntranetIp": "10.42.XX.XX",
    "HandleTime": 1694576692000,
    "Remark": "test",
    "ProcessId": "3453",
    "Platform": "linux",
    "UserId": "12",
    "UserName": "root",
    "RuleAction": "block",
    "Count": 2
  }
}

Error codes

HTTP status code

Error code

Error message

Description

400 IllegalParameter Illegal parameter, please check the param. Parameter error, please check the input parameters.
500 ServerError ServerError
403 NoPermission caller has no permission You are not authorized to do this operation.

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.