QueryIncidentTracingDetail - Security Center - Alibaba Cloud Documentation Center

Queries the provenance graph of an event by using the event ID.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer.

Debug

Authorization information

There is currently no authorization information disclosed in the API.

Request parameters

Parameter	Type	Required	Description	Example
IncidentId	string	Yes	The ID of the event. Note You can call the DescribeCloudSiemEvents operation to query the IDs of events.	184892fc5245b3ce8c3316434c94261f

Response parameters

Parameter	Type	Description	Example
	object	The provenance graph.
TracingDetail	object	The information about the provenance graph.
VertexList	object []	The nodes.
Id	string	The ID of the current node.	383044
Name	string	The name of the current node.	auto-test-attestor
Type	string	The type of the current node. Valid values include the following values: process file alert ip domain	alidetect
Time	string	The time when the current node was created.	2021-11-26
Timestamp	long	The UNIX timestamp when the current node was created. Unit: milliseconds.	1663048980
Uuid	string	The UUID of the current node. The security information and event management (SIEM) system generates UUIDs for nodes and edges in the provenance graph to help you locate the nodes or edges.	32e36d8a-2b5d-4f71-98a8-12775685a3b4
RuleId	string	The ID of the rule based on which the current node is generated.	301425
Properties	string	The text that contains the properties of the current node.	[{'PropertyValues': [{'PropertyValueId': 239, 'PropertyValue': '121'}, {'PropertyValueId': 240, 'PropertyValue': '6666'}], 'PropertyKey': '22222222', 'PropertyId': 203}]
Property	object	The property of the current node.	{\"coverage\":\"global\"}
UpdateTime	string	The time when the current node was updated.	2022-01-13 12:49:33
Aliuid	string	The ID of the Alibaba Cloud account to which the current node belongs.	1487146717137516
NeighborList	object []	The nodes that are adjacent to the current node.
Type	string	The type of the node. Valid values include the following values: process file alert ip domain	2
Count	integer	The number of nodes.	0
HasMore	boolean	Indicates whether more nodes are adjacent to the current node. Valid values: true false	True
DisplayInfo	object []	The display information of the current node.
Name	string	The name of the property that needs to be displayed for the current node.	scan:ACSV-2020-111301
Value	string	The value of the property that needs to be displayed for the current node.	10.16.1
Lang	string	The rendering language of the current node.	zh
EdgeList	object []	The edges.
StartId	string	The ID of the start node for the current edge.	23003
StartType	string	The type of the start node for the current edge. Valid values include the following values: process file alert: ip domain	process
EndId	string	The ID of the end node for the current edge.	223a185f05e5fc3c637
EndType	string	The type of the end node for the current edge. Valid values include the following values: process file alert ip domain	process_test_process
Name	string	The name of the current edge.	mongod
Type	string	The type of the current edge. Valid values include the following values: process_exec_file: The relationship indicates an executable file that is run by a process. process_connect_ip: The relationship indicates an IP address that is connected by a process. domain_trgger_alert: The relationship indicates an alert that is triggered for a domain name.	elf
Time	string	The time when the current edge was created.	1652941117
Timestamp	long	The UNIX timestamp when the current edge was created. Unit: milliseconds.	1636092632
Aliuid	string	The ID of the Alibaba Cloud account to which the current edge belongs.	1277498600854739
Uuid	string	The UUID of the current edge. The SIEM system generates UUIDs for nodes and edges in the provenance graph to help you locate the nodes or edges.	678e29f4-d78f-4a7c-a2bc-38434a138538
Origin	string	The origin vertex ID of the current edge.	distribution
Properties	string	The text that contains the properties of the current edge.	{\"bandWidth\":\"8192\",\"internetIp\":\"8.211.13.50\",\"changeReason\":\"EIP_BIND\",\"bindInstanceId\":\"i-gw887xhzjvyjfv7vdfs3\",\"bindType\":\"EIP_ECS\"}
Property	object	The property of the current edge.	{\"coverage\":\"global\"}
ShowType	string	The display type of the current edge.	0
RuleId	string	The ID of the rule based on which the current edge is generated.	136
UpdateTime	string	The time when the current edge was updated.	2022-01-13 12:49:33
TypeName	string	The type of the current edge.	cis
EntityTypeList	object []	The entities.
Id	string	The ID of the current entity.	1425
Name	string	The type of the current entity. Valid values include the following values: process file alert ip domain	auto-test-policy-name
GmtCreate	string	The time when the current entity was created.	2022-10-09T10:53Z
GmtModified	string	The time when the current entity was updated.	1585816811000
Namespace	string	The namespace of the current entity.	78
DisplayTemplate	string	The display template of the current entity.	[]
DisplayColor	string	The display color of the current entity.	#FFF
SyncId	integer	The synchronization ID of the current entity.	e2fdf402-b4ed-4e1a-9e95-44d6069600b0
CurrentVersionId	string	The version ID of the current entity.	1768
DisplayIcon	string	The display icon of the current entity.	-
DisplayOrder	integer	The display sequence of the current entity.	2
TraceSuccessFlag	integer	The tag that indicates whether tracing was successful. Valid values: 1: successful 0: failed	1
IsVirtualNode	integer	Indicates whether the entity is a virtual node. Valid values: 1: yes 0: no	1
RelationTypeList	object []	The relationships.
Id	string	The ID of the current relationship.	1514
Name	string	The type of the current relationship. Valid values include the following values: process_exec_file: The relationship indicates an executable file that is run by a process. process_connect_ip: The relationship indicates an IP address that is connected by a process. domain_trgger_alert: The relationship indicates an alert that is triggered for a domain name.	wusa
Directed	integer	The direction of the current relationship. Valid values: 1: forward 0: reverse	1
GmtCreate	string	The time when the current relationship was created.	2022-09-23T10:50Z
GmtModified	string	The time when the current relationship was updated.	2022-07-12T07:58:49Z
Namespace	string	The namespace of the current relationship.	default
DisplayTemplate	string	The display template of the current relationship.	[]
DisplayColor	string	The display color of the current relationship.	#FFF
SyncId	integer	The synchronization ID of the current relationship.	sync-0000aws50gyy2ocisbmx
CurrentVersionId	string	The version ID of the current relationship.	1487
ShowType	string	The display type of the current relationship.	0
DisplayIcon	string	The display icon of the current relationship.	https://img.alicdn.com/imgextra/i2/O1CN01jpZwD31G56XYPEJv2_!!600000000****-55-tps-25-28.svg
Lang	string	The rendering language of the returned result. Valid values: zh: Chinese en: English	zh
Success	boolean	Indicates whether the request was successful. Valid values: true false	True
RequestId	string	The request ID.	D2956025-4E5C-529D-92B4-B2591DDED067

Examples

Sample success responses

JSONformat

{
  "TracingDetail": {
    "VertexList": [
      {
        "Id": "383044",
        "Name": "auto-test-attestor",
        "Type": "alidetect",
        "Time": "2021-11-26",
        "Timestamp": 1663048980,
        "Uuid": "32e36d8a-2b5d-4f71-98a8-12775685a3b4",
        "RuleId": "301425",
        "Properties": "[{'PropertyValues': [{'PropertyValueId': 239, 'PropertyValue': '121'}, {'PropertyValueId': 240, 'PropertyValue': '6666'}], 'PropertyKey': '22222222', 'PropertyId': 203}]",
        "Property": {
          "test": "test",
          "test2": 1
        },
        "UpdateTime": "2022-01-13 12:49:33",
        "Aliuid": "1487146717137516",
        "NeighborList": [
          {
            "Type": "2",
            "Count": 0,
            "HasMore": true
          }
        ],
        "DisplayInfo": [
          {
            "Name": "scan:ACSV-2020-111301",
            "Value": "10.16.1"
          }
        ],
        "Lang": "zh"
      }
    ],
    "EdgeList": [
      {
        "StartId": "23003",
        "StartType": "process",
        "EndId": "223a185f05e5fc3c637",
        "EndType": "process_test_process",
        "Name": "mongod",
        "Type": "elf",
        "Time": "1652941117",
        "Timestamp": 1636092632,
        "Aliuid": "1277498600854739",
        "Uuid": "678e29f4-d78f-4a7c-a2bc-38434a138538",
        "Origin": "distribution",
        "Properties": "{\\\"bandWidth\\\":\\\"8192\\\",\\\"internetIp\\\":\\\"8.211.13.50\\\",\\\"changeReason\\\":\\\"EIP_BIND\\\",\\\"bindInstanceId\\\":\\\"i-gw887xhzjvyjfv7vdfs3\\\",\\\"bindType\\\":\\\"EIP_ECS\\\"}",
        "Property": {
          "test": "test",
          "test2": 1
        },
        "ShowType": "0",
        "RuleId": "136",
        "UpdateTime": "2022-01-13 12:49:33",
        "TypeName": "cis"
      }
    ],
    "EntityTypeList": [
      {
        "Id": "1425",
        "Name": "auto-test-policy-name",
        "GmtCreate": "2022-10-09T10:53Z",
        "GmtModified": "1585816811000",
        "Namespace": "78",
        "DisplayTemplate": "[]",
        "DisplayColor": "#FFF",
        "SyncId": 0,
        "CurrentVersionId": "1768",
        "DisplayIcon": "-",
        "DisplayOrder": 2,
        "TraceSuccessFlag": 1,
        "IsVirtualNode": 1
      }
    ],
    "RelationTypeList": [
      {
        "Id": "1514",
        "Name": "wusa",
        "Directed": 1,
        "GmtCreate": "2022-09-23T10:50Z",
        "GmtModified": "2022-07-12T07:58:49Z",
        "Namespace": "default",
        "DisplayTemplate": "[]",
        "DisplayColor": "#FFF",
        "SyncId": 0,
        "CurrentVersionId": "1487",
        "ShowType": "0",
        "DisplayIcon": "https://img.alicdn.com/imgextra/i2/O1CN01jpZwD31G56XYPEJv2_!!600000000****-55-tps-25-28.svg"
      }
    ],
    "Lang": "zh"
  },
  "Success": true,
  "RequestId": "D2956025-4E5C-529D-92B4-B2591DDED067"
}

Error codes

HTTP status code	Error code	Error message	Description
400	TracingDetailError	The Incident tracing detail error, please try again.	-
403	NoPermission	caller has no permission	You are not authorized to do this operation.
500	ServerError	ServerError	-

For a list of error codes, visit the Service error codes.

Change history

Change time	Summary of changes	Operation

No change history