Queries the list of intelligent behavior analytics alerting events.
Try it now
Test
RAM authorization
|
Action |
Access level |
Resource type |
Condition key |
Dependent action |
|
yundun-sas:ListUnknownThreatDetectEvent |
list |
*All Resource
|
None | None |
Request syntax
GET HTTP/1.1
Request parameters
|
Parameter |
Type |
Required |
Description |
Example |
| CurrentPage |
integer |
No |
The page number of the current page in a paged query. This parameter is used for paging. |
1 |
| PageSize |
integer |
No |
The maximum number of entries to return on each page in a paged query. This parameter is used for paging. |
10 |
| Remark |
string |
No |
The filter condition. You can filter by instance name or IP address. |
10.167.XX.XX |
| HashKey |
string |
No |
The unique identifier of the file. |
0a212417e65c26ff133cfff28f6c**** |
| ProcessPath |
string |
No |
The process path. |
/test |
| ParentProcessPath |
string |
No |
The parent process path. |
/bin/bash |
| Uuid |
string |
No |
The UUID of the server to query. |
18b7336e-d469-473b-af83-8e5420f9**** |
| Status |
integer |
No |
The event status. Valid values:
|
1 |
| Lang |
string |
No |
||
| AnalyzeResult |
string |
No |
Response elements
|
Element |
Type |
Description |
Example |
|
object |
Schema of Response |
||
| RequestId |
string |
Id of the request |
7532B7EE-7CE7-5F4D-BF04-B12447****** |
| PageInfo |
object |
The pagination information. |
|
| TotalCount |
integer |
The total number of entries. |
149 |
| CurrentPage |
integer |
The page number of the current page in a paged query. This parameter is used for paging. |
1 |
| PageSize |
integer |
The maximum number of entries displayed on each page in a paged query. This parameter is used for paging. |
20 |
| Count |
integer |
The number of alerting events displayed on the current page in a paged query. This parameter is used for paging. |
2 |
| Data |
array<object> |
The returned data details. |
|
|
object |
The returned data. |
||
| Uuid |
string |
The UUID of the asset instance. |
6690a46c-0edb-4663-a641-3629d1a9**** |
| ProcessPath |
string |
The process path. |
/usr/bin/tar |
| ParentProcessPath |
string |
The parent process path. |
/usr/bin/tar |
| HashKey |
string |
The unique identifier of the file. |
30368144069e7567bbb10eabc2****** |
| CmdChain |
string |
The process chain. |
[{"5133":"pickup -l -t unix -u"},{"1077":"/usr/libexec/postfix/master -w"},{"1":"/usr/lib/systemd/systemd --switched-root --system --deserialize 22"}] |
| Count |
integer |
The number of occurrences. |
5 |
| Status |
integer |
The event status. Valid values:
|
1 |
| Cmdline |
string |
The process command line. |
/usr/sbin/sshd -D |
| ParentCmdline |
string |
The parent command line. |
/usr/sbin/sshd -D |
| Md5 |
string |
The MD5 hash of the file. |
5b394b54ca632fe51c4ab4a6dbaf**** |
| Sha256 |
string |
The SHA-256 hash of the file. |
3a6fed5fc11392b3ee9f81caf017b48640d7458766a8eb0382899a605b41**** |
| Pid |
string |
The process ID. |
11 |
| ParentPid |
string |
The parent process ID. |
12 |
| InstanceName |
string |
The instance name. |
centos**** |
| InternetIp |
string |
The public IP address. |
172.16.XX.XX |
| IntranetIp |
string |
The private IP address. |
10.42.XX.XX |
| FirstTime |
integer |
The timestamp of the first occurrence. |
1694576692000 |
| LastTime |
integer |
The timestamp of the most recent occurrence. |
1694576692000 |
| Id |
string |
The event ID. |
1 |
| AnalyzeResult |
string |
||
| AnalyzeDesc |
string |
||
| HandleType |
string |
Examples
Success response
JSON format
{
"RequestId": "7532B7EE-7CE7-5F4D-BF04-B12447******",
"PageInfo": {
"TotalCount": 149,
"CurrentPage": 1,
"PageSize": 20,
"Count": 2
},
"Data": [
{
"Uuid": "6690a46c-0edb-4663-a641-3629d1a9****",
"ProcessPath": "/usr/bin/tar",
"ParentProcessPath": "/usr/bin/tar\n",
"HashKey": "30368144069e7567bbb10eabc2******",
"CmdChain": "[{\"5133\":\"pickup -l -t unix -u\"},{\"1077\":\"/usr/libexec/postfix/master -w\"},{\"1\":\"/usr/lib/systemd/systemd --switched-root --system --deserialize 22\"}]",
"Count": 5,
"Status": 1,
"Cmdline": "/usr/sbin/sshd -D",
"ParentCmdline": "/usr/sbin/sshd -D",
"Md5": "5b394b54ca632fe51c4ab4a6dbaf****",
"Sha256": "3a6fed5fc11392b3ee9f81caf017b48640d7458766a8eb0382899a605b41****",
"Pid": "11",
"ParentPid": "12",
"InstanceName": "centos****",
"InternetIp": "172.16.XX.XX",
"IntranetIp": "10.42.XX.XX",
"FirstTime": 1694576692000,
"LastTime": 1694576692000,
"Id": "1"
}
]
}
Error codes
See Error Codes for a complete list.
Release notes
See Release Notes for a complete list.