QueryIncidentVertexExtendInfo - Security Center - Alibaba Cloud Documentation Center

Queries the extended information about an event node.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer.

Debug

Authorization information

There is currently no authorization information disclosed in the API.

Request parameters

Parameter	Type	Required	Description	Example
VertexId	string	Yes	The ID of the node that you want to query. Note You can call the QueryIncidentTracingDetail operation to query the node ID.	29872354f741b1b044b8a9b4e2ab0535
VertexLabel	string	Yes	The node label. Valid values include but are not limited to: process file alert ip domain	process
RelationType	string	Yes	The type of the edge that you want to query. Valid values include but are not limited to: process_exec_file: A process executes a file. process_connect_ip: A process connects to an IP address. domain_trgger_alert: A domain name triggers an alert.	process_connect_ip
Offset	long	No	The page number. Valid values start from 1.	0
Size	integer	No	The number of entries per page. Valid values start from 1.	10

Response parameters

Parameter	Type	Description	Example
	object	The response parameters.
VertexExtendInfo	object []	The returned extended information about the node.
Id	string	The node ID.	1377
Name	string	The node name.	oval:com.redhat.rhsa:def:20193878
Type	string	The node type. Valid values include but are not limited to: process file alert ip domain	cve
Time	string	The time when the node was created.	2021-11-06 11:00:00
Timestamp	long	The UNIX timestamp when the node was created. Unit: milliseconds.	1645168444
Uuid	string	The node UUID.	678e29f4-d78f-4a7c-a2bc-38434a138538
RuleId	string	The ID of the rule for which the node was created.	400035
Properties	string	The node properties. The value is in the text format.	DIRECTORY
Property	object	The node property.
AlertDesc	string	The alert description.	exploit
LogUuid	string	The log ID.	abc4990f2e1948eb960a2bb7ac0f****
GmtModified	string	The modification time.	2023-05-08 20:06:07
AlertUuid	string	The alert ID.	alert-abc4990f2e1948eb960a2bb7ac0****
AlertType	string	The alert type.	attack_alert
AlertSrcProdModule	string	The module of the service that generates the alert.	aegis
AttCk	string	ATT&CK	Keychain
AlertNameCode	string	The code of the alert name.	6367
AlertDetail	string	The details of the alert.	{}
OccurTime	string	The time when the alert was generated.	2022-11-24T10:13Z
AlertTypeCode	string	The code of the alert type.	112
AlertLevel	string	The alert level. Valid values: serious suspicious remind	serious
AssetList	string	The assets.	[]
GmtCreate	string	The creation time.	2022-11-24T10:13Z
AlertTypeEn	string	The alert type. The value is in English.	attack_alert
LogTime	string	The time when the log was generated.	2022-11-24T10:13Z
AlertTitle	string	The alert title.	login_common_account
AlertNameEn	string	The alert name. The value is in English.	attack_alert
AlertSrcProd	string	The service that generates the alert.	sas
MainUserId	string	The ID of the master account.	168370268****
CloudCode	string	The code of the cloud service provider.	alibaba_cloud
AlertName	string	The alert name.	pt_device_in_bps_down_alert
EntityList	string	The instance.	[ "003d544744249351****" ]
SubUserId	string	The ID of the sub-account.	11689082709****
Aliuid	string	The ID of the Alibaba Cloud account.	1168908270980461
NeighborList	object []	The neighboring nodes.
Type	string	The node type. Valid values include but are not limited to: process file alert ip domain	alidetect
Count	integer	The number of nodes.	2
HasMore	boolean	Indicates whether more neighboring nodes exist. Valid values: true false	True
DisplayInfo	object []	The display information.
Name	string	The display name of the property.	IDA
Value	string	The display value of the property.	app:nxueo
Lang	string	The language of the content within the response. Valid values: zh: Chinese en: English	zh
Success	boolean	Indicates whether the request was successful. Valid values: true false	True
RequestId	string	The request ID.	0BCDBBF1-0048-535A-8529-67EA0CD1A807
Count	string	The total number of entries returned.	2

Examples

Sample success responses

JSONformat

{
  "VertexExtendInfo": [
    {
      "Id": "1377",
      "Name": "oval:com.redhat.rhsa:def:20193878",
      "Type": "cve",
      "Time": "2021-11-06 11:00:00",
      "Timestamp": 1645168444,
      "Uuid": "678e29f4-d78f-4a7c-a2bc-38434a138538",
      "RuleId": "400035",
      "Properties": "DIRECTORY",
      "Property": {
        "AlertDesc": "exploit",
        "LogUuid": "abc4990f2e1948eb960a2bb7ac0f****",
        "GmtModified": "2023-05-08 20:06:07",
        "AlertUuid": "alert-abc4990f2e1948eb960a2bb7ac0****",
        "AlertType": "attack_alert",
        "AlertSrcProdModule": "aegis",
        "AttCk": "Keychain",
        "AlertNameCode": "6367",
        "AlertDetail": "{}",
        "OccurTime": "2022-11-24T10:13Z",
        "AlertTypeCode": "112",
        "AlertLevel": "serious",
        "AssetList": "[]",
        "GmtCreate": "2022-11-24T10:13Z",
        "AlertTypeEn": "attack_alert",
        "LogTime": "2022-11-24T10:13Z\n",
        "AlertTitle": "login_common_account",
        "AlertNameEn": "attack_alert",
        "AlertSrcProd": "sas",
        "MainUserId": "168370268****",
        "CloudCode": "alibaba_cloud",
        "AlertName": "pt_device_in_bps_down_alert",
        "EntityList": "[\n      \"003d544744249351****\"\n]",
        "SubUserId": "11689082709****"
      },
      "Aliuid": "1168908270980461",
      "NeighborList": [
        {
          "Type": "alidetect",
          "Count": 2,
          "HasMore": true
        }
      ],
      "DisplayInfo": [
        {
          "Name": "IDA",
          "Value": "app:nxueo"
        }
      ],
      "Lang": "zh"
    }
  ],
  "Success": true,
  "RequestId": "0BCDBBF1-0048-535A-8529-67EA0CD1A807",
  "Count": "2"
}

Error codes

HTTP status code	Error code	Error message	Description
400	VertexExtendInfoError	Get Vertex extend information error, please try again	-
403	NoPermission	caller has no permission	You are not authorized to do this operation.
500	ServerError	ServerError	-

For a list of error codes, visit the Service error codes.

Change history

Change time	Summary of changes	Operation

No change history