All Products
Search
Document Center

Security Center:Call Security Center APIs with Alibaba Cloud CLI

Last Updated:Jun 08, 2026

Use Alibaba Cloud CLI to call Security Center APIs. This example calls the DescribeCloudCenterInstances operation to query Security Center asset information.

Overview

  • Alibaba Cloud CLI is a command-line tool built on OpenAPI. You can use Security Center to automate managing Security Center. What is Alibaba Cloud CLI.

  • Alibaba Cloud CLI does not currently support calling Security Center (Agentic SOC) or Security Center (SOAR). To request this feature, submit a ticket.

Step 1: Install the CLI

Install Alibaba Cloud CLI for your operating system:

You can also debug Alibaba Cloud CLI commands in Cloud Shell. Cloud Shell has Alibaba Cloud CLI pre-installed and regularly updated. What is Cloud Shell.

Step 2: Configure the CLI

Important

An Alibaba Cloud account has full permissions to all product APIs, which creates a high security risk. Use a RAM user with the principle of least privilege for API access. Supported Security Center policies: Security Center system access policy reference and Custom policies for Security Center.

Before using the CLI, configure identity credentials and a default region. The CLI supports multiple credential types (Credential types). The following steps use a RAM user AccessKey:

  1. Create a RAM user and Create an AccessKey pair.

  2. Grant the RAM user read-only access to Security Center by attaching the AliyunYundunSASReadOnlyAccess policy. Grant permissions to a RAM user.

  3. Obtain an available region ID. The CLI sends API calls to the specified region. Available Security Center regions: Endpoints.

    Note

    Add the --region option to override the default region from your credential configuration and environment variables. Command-line options.

  4. Use the RAM user's AccessKey to configure a profile named AkProfile. Configuration examples.

Step 3: Generate a CLI command

  1. In OpenAPI Explorer, go to the DescribeCloudCenterInstances debugging page.

    image

  2. On the Parameters tab, enter the request parameters. Click the CLI Example tab to view the generated CLI command.

  3. Copy the CLI command or run it in Cloud Shell:

    • Click the Run Command image button to open Cloud Shell and run the command.

    • Click Copy image to copy the command to your clipboard for local execution or scripting.

    Note

    When running the command locally, verify the parameter format. Parameter formats.

    OpenAPI Explorer adds the --region option by default, which overrides the region in your credential configuration or environment variables. Remove it if not needed.

Step 4: Call a Security Center API

Example 1: List Security Center APIs

Use the --help option to list Security Center APIs. API overview.

  1. Run the following command:

    aliyun sas --help
  2. The command returns the following output:

    image

Example 2: Query assets

Call the Security Center DescribeCloudCenterInstances API to query at-risk Elastic Compute Service (ECS) assets.

  1. Run the following command:

    aliyun sas DescribeCloudCenterInstances --Criteria '[{"name":"riskStatus","value":"YES"}]' --MachineTypes ecs
  2. The command returns the following output:

    {
      "Success": true,
      "PageInfo": {
        "Count": 10,
        "CurrentPage": 1,
        "PageSize": 20,
        "TotalCount": 10,
        "NextToken": "B604532DEF982B875E8360A6EFA3B***"
      },
      "RequestId": "7D6FD965-745C-5580-A3E8-83FEC3BE1FE8",
      "Instances": [
        {
          "AlarmStatus": "NO",
          "AssetType": "0",
          "AssetTypeName": "Cloud server",
          "AuthVersionName": "Basic Edition",
          "Bind": false,
          "ClientStatus": "online",
          "Cores": 4,
          "CpuInfo": "Intel(R) Xeon(R) Platinum 8269CY CPU @ 2.50GHz",
          "ExposedStatus": 0,
          "Flag": 0,
          "FlagName": "ALIYUN",
          "GroupId": 1355****,
          "GroupTrace": "Ungrouped",
          "HcStatus": "YES",
          "HealthCheckCount": 0,
          "Importance": 1,
          "InstanceId": "i-bp1b84nxki0g2cyg****",
          "InstanceName": "example",
          "InternetIp": "",
          "IntranetIp": "172.16.****",
          "Ip": "172.16.****",
          "IpListString": "172.16.****",
          "Kernel": "5.10.134-16.3.al8.x86_64",
          "LastLoginTimestamp": 1729840886000,
          "MacListString": "00:16:3e:**:**:**",
          "Mem": 16384,
          "Os": "linux",
          "OsName": "Alibaba Cloud Linux 3.2104 LTS 64-bit",
          "Region": "cn-hangzhou-dg-a01",
          "RegionId": "cn-hangzhou",
          "RegionName": "China (Hangzhou)",
          "RiskCount": "{\"account\":0,\"agentlessAll\":0,\"agentlessBaseline\":0,\"agentlessMalicious\":0,\"agentlessSensitiveFile\":0,\"agentlessVulCve\":0,\"agentlessVulSca\":0,\"agentlessVulSys\":0,\"appNum\":0,\"asapVulCount\":0,\"baselineHigh\":0,\"baselineLow\":0,\"baselineMedium\":0,\"baselineNum\":1,\"cmsNum\":0,\"containerAsap\":0,\"containerLater\":0,\"containerNntf\":0,\"containerRemind\":0,\"containerSerious\":0,\"containerSuspicious\":0,\"cveNum\":4,\"emgNum\":0,\"health\":0,\"imageBaselineHigh\":0,\"imageBaselineLow\":0,\"imageBaselineMedium\":0,\"imageBaselineNum\":0,\"imageMaliciousFileRemind\":0,\"imageMaliciousFileSerious\":0,\"imageMaliciousFileSuspicious\":0,\"imageVulAsap\":0,\"imageVulLater\":0,\"imageVulNntf\":0,\"laterVulCount\":1,\"newSuspicious\":0,\"nntfVulCount\":3,\"remindNum\":0,\"scaNum\":0,\"seriousNum\":0,\"suspNum\":0,\"suspicious\":0,\"sysNum\":0,\"trojan\":0,\"uuid\":\"11c50347-4745-4a7a-b8dd-405f276201ff\",\"vul\":4,\"weakPWNum\":0}",
          "RiskStatus": "YES",
          "SafeEventCount": 0,
          "Status": "Running",
          "Uuid": "11c50347-4745-4a7a-b8dd-405f****",
          "Vendor": 0,
          "VendorName": "ALIYUN",
          "VpcInstanceId": "vpc-bp132a80775r3d7kz****",
          "VulCount": 4,
          "VulStatus": "YES"
        }
      ]
    }
    Note

    If a Security Center API call returns an error, check the error code against your request parameters.

    Record the RequestId or SDK error message and use the Alibaba Cloud OpenAPI Diagnostic Platform for self-service diagnosis.