Retrieves the details of a file protection event.
Try it now
Test
RAM authorization
Request parameters
|
Parameter |
Type |
Required |
Description |
Example |
| Id |
integer |
No |
The unique ID of the alert event. |
131231 |
Response elements
|
Element |
Type |
Description |
Example |
|
object |
Schema of Response |
||
| RequestId |
string |
Id of the request |
1383B0DB-D5D6-4B0C-9E6B-75939C8**** |
| Data |
object |
The data details. |
|
| Uuid |
string |
The UUID of the asset instance. |
6690a46c-0edb-4663-a641-3629d1a9**** |
| RuleName |
string |
The rule name. |
test-000 |
| FirstTime |
integer |
The timestamp when the event first occurred. |
1694576692000 |
| LatestTime |
integer |
The time when the event most recently occurred. |
1694576692000 |
| Status |
integer |
The event status. Valid values:
|
1 |
| ProcPath |
string |
The process path. |
/bin/bash33 |
| FilePath |
string |
The file path. |
/usr/local |
| CmdLine |
string |
The command line of the event. |
["touch","/usr/local/aaaa"] |
| FilePermission |
string |
The process permissions. |
rwxr-xr-x |
| Operation |
string |
The operation that the process performed on the file. |
DELETE |
| Id |
integer |
The event ID. |
3454 |
| AlertLevel |
integer |
The alert notification level. Valid values:
|
0 |
| InstanceName |
string |
The instance name. |
i-wz92q7m5hsbgfhdss*** |
| InternetIp |
string |
The public IP address of the associated instance. |
17.16.XX.XX |
| IntranetIp |
string |
The private IP address of the associated instance. |
10.42.XX.XX |
| HandleTime |
integer |
The time when the event was handled. |
1694576692000 |
| Remark |
string |
The remarks. |
test |
| ProcessId |
string |
The process ID of the event. |
3453 |
| Platform |
string |
The operating system type. |
linux |
| UserId |
string |
The user ID of the event. |
12 |
| UserName |
string |
The username of the event. |
root |
| RuleAction |
string |
The action of the blocking rule. |
block |
| Count |
integer |
The number of times the alert occurred. |
2 |
Examples
Success response
JSON format
{
"RequestId": "1383B0DB-D5D6-4B0C-9E6B-75939C8****",
"Data": {
"Uuid": "6690a46c-0edb-4663-a641-3629d1a9****",
"RuleName": "test-000",
"FirstTime": 1694576692000,
"LatestTime": 1694576692000,
"Status": 1,
"ProcPath": "/bin/bash33",
"FilePath": "/usr/local",
"CmdLine": "[\"touch\",\"/usr/local/aaaa\"]",
"FilePermission": "rwxr-xr-x",
"Operation": "DELETE",
"Id": 3454,
"AlertLevel": 0,
"InstanceName": "i-wz92q7m5hsbgfhdss***",
"InternetIp": "17.16.XX.XX",
"IntranetIp": "10.42.XX.XX",
"HandleTime": 1694576692000,
"Remark": "test",
"ProcessId": "3453",
"Platform": "linux",
"UserId": "12",
"UserName": "root",
"RuleAction": "block",
"Count": 2
}
}
Error codes
|
HTTP status code |
Error code |
Error message |
Description |
|---|---|---|---|
| 400 | IllegalParameter | Illegal parameter, please check the param. | Parameter error, please check the input parameters. |
| 500 | ServerError | ServerError | |
| 403 | NoPermission | caller has no permission | You are not authorized to do this operation. |
See Error Codes for a complete list.
Release notes
See Release Notes for a complete list.