Queries malicious files that are detected by agentless detection tasks.
Debugging
Authorization information
Request parameters
Parameter | Type | Required | Description | Example |
---|---|---|---|---|
Lang | string | No | The language of the content within the request and response. Default value: zh. Valid values:
| zh |
Levels | string | No | The severities of the malicious files. Separate multiple values with commas (,). Valid values:
| remind,suspicious |
FuzzyMaliciousName | string | No | The name of the malicious file that you want to query. Note
Fuzzy match is supported.
| WebShell |
CurrentPage | integer | Yes | The page number. | 1 |
PageSize | string | Yes | The number of entries per page. | 20 |
MaliciousMd5 | string | No | The MD5 hash value of the malicious file. | d836968041f7683b5459**** |
Uuid | string | No | The UUID of the asset. | d2d94e8b-bb25-4744-8004-1e08a53c**** |
EventId | long | No | The event ID. | 81**** |
Remark | string | No | The remarks for the asset affected by the vulnerability. The value can be the private IP address, public IP address, or name of the asset. Fuzzy match is supported. | 192.168.XX.XX |
Dealed | string | No | Specifies whether the vulnerability is handled. Valid values:
| Y |
MaliciousType | string | No | The alert type. Valid values when Lang is set to zh:
Valid values when Lang is set to en:
| WebShell |
Response parameters
Examples
Sample success responses
JSON
format
{
"RequestId": "CE343162-35BF-565E-B85E-8E3B7A2B****",
"PageInfo": {
"CurrentPage": 1,
"PageSize": 20,
"TotalCount": 23,
"Count": 20
},
"List": [
{
"Id": 0,
"FirstScanTimestamp": 0,
"LatestScanTimestamp": 0,
"Level": "serious",
"MaliciousMd5": "1f2e13a7c51ee89316ae50066515****",
"FilePath": 0,
"Uuid": "49e25e0f-bb51-4a5a-a1b3-13a4ddaa****",
"InstanceName": "sql-test-001****",
"InternetIp": "8.210.XX.XX",
"IntranetIp": "172.25.XX.XX",
"TargetId": "m-****",
"TargetName": "jenkins****",
"TargetType": "2",
"DownloadUrl": "https://upgrade-rule-pkg.oss-cn-beijing.aliyuncs.com/totalpackage/rule/V3.166.2/totalpackage_rule_V3.16_6.2_tip_20230220110****",
"HighLight": "{\\\"highlight\\\":{\\\"ruleVersion\\\":\\\"20230223\\\",\\\"ruleId\\\":600139,\\\"events\\\":[[207,284]]}}",
"Notes": [
{
"Note": "Serious***",
"NoteId": "50****",
"NoteTime": "2023-04-27 14:49:21"
}
],
"Details": [
{
"Name": "MD5",
"Type": "text",
"Value": "1",
"NameKey": "${suspicious.mp.db.maliciousfilemd5}"
}
],
"MaliciousName": "WebShell",
"Partition": "/dev/xvda1",
"OperateResult": "addWhitelist.USER.Success",
"OperateTimestamp": "168257753****",
"MaliciousType": "WebShell"
}
]
}
Error codes
HTTP status code | Error code | Error message | Description |
---|---|---|---|
403 | NoPermission | caller has no permission | You are not authorized to do this operation. |
500 | ServerError | ServerError | - |
For a list of error codes, visit the Service error codes.
Change history
Change time | Summary of changes | Operation | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2023-09-12 | The Error code has changed. The request parameters of the API has changed. The response structure of the API has changed | see changesets | ||||||||||||
|