All Products
Search

This Product

    Security Center:ListAttackEventInfo

    Document Center

    Security Center:ListAttackEventInfo

    Last Updated:Mar 24, 2026

    Get Attack Analysis Event List

    Try it now

    Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

    Test

    RAM authorization

    No authorization for this operation. If you encounter issues with this operation, contact technical support.

    Request parameters

    Parameter

    Type

    Required

    Description

    Example
    EndTime

    integer

    No

    Timestamp of the end time.

    1753152532550
    StartTime

    integer

    No

    Timestamp of the start time.

    1752547732549
    AttackInstance

    string

    No

    Attacked asset. You can fill in the machine instance name, public IP, or private IP.

    instance_**
    AttackType

    string

    No

    Attack type. Values:

    • 9: SQL Server brute force attack

    • 5: SSH brute force attack

    • 6: RDP brute force attack

    • 101: Java Struts2 attack interception

    • 102: Redis attack interception

    • 103: Chinese AntSword WebShell communication

    • 104: Chinese Chopper WebShell communication

    • 133: XISE WebShell communication

    • 161: WebShell upload

    • 209: PHP WebShell upload

    • 210: JSP WebShell upload

    • 211: ASP WebShell upload

    • 215: Special suffix WebShell upload

    • ai_webshell: Intelligent defense for WebShell upload

    • java_common_rce: Java common RCE vulnerability interception

    • alinet_webrce: Adaptive web attack defense

    9
    SrcIp

    string

    No

    Source IP of the attack.

    185.237.96.***
    DstPort

    string

    No

    Target port of the attack.

    9085
    Lang

    string

    No

    Set the language type for request and response messages. Default is zh. Values:

    • zh: Chinese

    • en: English

    zh
    CurrentPage

    integer

    No

    Page number to display in a paginated query.

    1
    PageSize

    integer

    No

    Maximum number of records per page in a paginated query.

    10

    Response elements

    Element

    Type

    Description

    Example

    object

    PageResult

    List

    array<object>

    List of attack events.

    object

    Attack event.

    Status

    string

    Attack status. Values:

    • block: Blocked (defended)

    block
    FirstTime

    integer

    First occurrence time of the attack event, in timestamp format.

    1752731615000
    FirstTimeStr

    string

    String representation of the first occurrence time of the attack event.

    2025-07-17 13:53:35
    AttackType

    string

    Attack type. Values:

    • 9: SQL Server brute force attack

    • 5: SSH brute force attack

    • 6: RDP brute force attack

    • 101: Java Struts2 attack interception

    • 102: Redis attack interception

    • 103: Chinese AntSword WebShell communication

    • 104: Chinese Chopper WebShell communication

    • 133: XISE WebShell communication

    • 161: WebShell upload

    • 209: PHP WebShell upload

    • 210: JSP WebShell upload

    • 211: ASP WebShell upload

    • 215: Special suffix WebShell upload

    • ai_webshell: Intelligent defense for WebShell upload

    • java_common_rce: Java common RCE vulnerability interception

    • alinet_webrce: Adaptive web attack defense

    • other: Other

    9
    DstPort

    string

    Target port of the attack.

    8000
    Count

    integer

    Number of attacks.

    2
    SrcIp

    string

    Source IP of the attack.

    140.205.11.**
    IntranetIp

    string

    Private IP of the attacked asset.

    10.1.0.**
    PayloadMd5

    string

    MD5 string of the attack payload.

    a57b0d657369e4201eed8d47a4dc****
    InstanceName

    string

    Instance name of the attacked asset.

    sql-test-0****
    Uuid

    string

    UUID of the attacked asset instance.

    49e25e0f-bb51-4a5a-a1b3-13a4ddaa****
    InternetIp

    string

    Public IP of the attacked asset.

    101.37.86.**
    LatestTime

    integer

    Timestamp of the most recent occurrence of the attack event.

    1752731618000
    LatestTimeStr

    string

    String representation of the most recent occurrence time of the attack event.

    2025-07-17 13:53:38
    Id

    string

    ID of the attack event.

    18825544674********
    AttackTypeName

    string

    Mapped name of the attack type. Values:

    • 9: SQL Server brute force

    • 5: SSH brute force

    • 6: RDP brute force

    • 101: Java Struts2 attack interception

    • 102: Redis attack interception

    • 103: Chinese AntSword WebShell communication

    • 104: Chinese Chopper WebShell communication

    • 133: XISE WebShell communication

    • 161: WebShell upload

    • 209: PHP WebShell upload

    • 210: JSP WebShell upload

    • 211: ASP WebShell upload

    • 215: Special suffix WebShell upload

    • ai_webshell: Intelligent defense for WebShell upload

    • java_common_rce: Java common RCE vulnerability interception

    • alinet_webrce: Adaptive web attack defense

    • other: Other

    SQL Server brute-force attack
    PageInfo

    object

    Pagination information.

    CurrentPage

    integer

    Page number in pagination queries.

    1
    PageSize

    integer

    Maximum number of items per page in pagination queries.

    10
    TotalCount

    integer

    Total number of items.

    253
    Count

    integer

    Number of items displayed on the current page in pagination queries.

    3
    Success

    boolean

    Indicates whether the API call was successful. Values:

    • true: Success

    • false: Failure

    true
    Code

    string

    Result code, 200 indicates success, any other value indicates failure. The caller can use this field to determine the reason for the failure.

    200
    Message

    string

    Return message of the request result.

    successful
    RequestId

    string

    The ID of this call request, a unique identifier generated by Alibaba Cloud for the request, which can be used to troubleshoot and pinpoint issues.

    52870893-48A7-5A9E-9E05-6253E5B6****
    HttpStatusCode

    integer

    HTTP status code, 200 indicates a successful request.

    200

    Examples

    Success response

    JSON format

    {
  "List": [
    {
      "Status": "block",
      "FirstTime": 1752731615000,
      "FirstTimeStr": "2025-07-17 13:53:35",
      "AttackType": "9",
      "DstPort": "8000",
      "Count": 2,
      "SrcIp": "140.205.11.**",
      "IntranetIp": "10.1.0.**",
      "PayloadMd5": "a57b0d657369e4201eed8d47a4dc****",
      "InstanceName": "sql-test-0****",
      "Uuid": "49e25e0f-bb51-4a5a-a1b3-13a4ddaa****",
      "InternetIp": "101.37.86.**",
      "LatestTime": 1752731618000,
      "LatestTimeStr": "2025-07-17 13:53:38",
      "Id": "18825544674********",
      "AttackTypeName": "SQL Server brute-force attack"
    }
  ],
  "PageInfo": {
    "CurrentPage": 1,
    "PageSize": 10,
    "TotalCount": 253,
    "Count": 3
  },
  "Success": true,
  "Code": "200",
  "Message": "successful",
  "RequestId": "52870893-48A7-5A9E-9E05-6253E5B6****",
  "HttpStatusCode": 200
}

    Error codes

    HTTP status code

    Error code

    Error message

    Description
    500 ServerError ServerError
    403 NoPermission caller has no permission You are not authorized to do this operation.

    See Error Codes for a complete list.

    Release notes

    See Release Notes for a complete list.