All Products
Search
Document Center

Security Center:DescribeCloudCenterInstances

Last Updated:Jan 28, 2023

Queries the information about assets that meet specified search conditions. For example, you can search for an asset by using the instance name or region of the asset.

Operation Description

You can search for assets by using search conditions, such as the instance ID, instance name, virtual private cloud (VPC) ID, region, and public IP address. You can also configure a logical relationship between multiple search conditions to search for the assets that meet the search conditions.

Authorization information

There is currently no authorization information disclosed in the API.

Request parameters

ParameterTypeRequiredDescriptionExample
RegionIdstringNo

The ID of the region in which the asset resides.

cn-hangzhou
CriteriastringNo

The search conditions that are used to filter assets. The value of this parameter is in the JSON format and is case-sensitive.

NoteA search condition can be an instance ID, instance name, VPC ID, region, or public IP address. You can call the DescribeCriteria operation to query the supported search conditions.
[{"name":"riskStatus","value":"YES"},{"name":"internetIp","value":"1.2.XX.XX"}]
MachineTypesstringNo

The type of the assets that you want to query. Valid values:

  • ecs: servers
  • cloud_product: Alibaba Cloud services
ecs
LogicalExpstringNo

The logical relationship among multiple search conditions. Valid values:

  • OR: The search conditions are evaluated by using a logical OR.
  • AND: The search conditions are evaluated by using a logical AND.
OR
PageSizeintegerNo

The number of entries to return on each page. Default value: 20.

100
CurrentPageintegerNo

The number of the page to return. Default value: 1.

1
ImportanceintegerNo

The importance of the asset. Valid values:

  • 2: an important asset
  • 1: a common asset
  • 0: a test asset
2
NoGroupTracebooleanNo

Specifies whether to internationalize the name of the default group. Default value: false . Valid values:

  • true: The system returns the Chinese name of the default group for the GroupTrace response parameter.************
  • false: The system returns default for the GroupTrace response parameter.
false
LangstringNo

The language of the content within the request and response. Default value: zh. Valid values:

  • zh: Chinese
  • en: English
zh

Response parameters

ParameterTypeDescriptionExample
object
Successboolean

Indicates whether the request was successful. Valid values:

  • true: The request was successful.
  • false: The request failed.
true
RequestIdstring

The ID of the request, which is used to locate and troubleshoot issues.

32A73759-4C0F-4801-BE98-901223ACEE9A
PageInfoobject

The pagination information.

CurrentPageinteger

The page number of the returned page.

1
PageSizeinteger

The number of entries returned per page. Default value: 20.

20
TotalCountinteger

The total number of entries returned.

50
Countinteger

The number of entries returned on the current page.

10
Instancesarray

An array that consists of the details about the assets.

object
Statusstring

The status of the asset. Valid values:

  • Running: running
  • notRunning: stopped
Running
CpuInfostring

The CPU information about the asset.

Intel(R) Xeon(R) Platinum 8269CY CPU @ 2.50GHz
InternetIpstring

The public IP address of the asset.

1.2.XX.XX
Kernelstring

The version of the kernel.

3.10.0-1127.19.1.el7.x86_64
Bindboolean

Indicates whether Security Center is authorized to scan the asset. Valid values:

  • true: yes
  • false: no
true
OsNamestring

The kernel version of the asset.

-
Tagstring

The name of the asset tag.

InternetIp,test
ClientStatusstring

The status of the Security Center agent installed on the asset. Valid values:

  • online: The Security Center agent is enabled.
  • offline: The Security Center agent is disabled.
  • pause: The Security Center agent is suspended.
online
Meminteger

The size of the memory. Unit: MB.

1024
VpcInstanceIdstring

The ID of the VPC to which the asset belongs.

vpc-uf60agqq65bs98zoo****
TagIdstring

The ID of the asset tag.

121313,41412
Flaginteger

Indicates whether the asset is an Alibaba Cloud asset. Valid values:

  • 0: yes
  • 1: no
0
LastLoginTimestamplong

The timestamp when the Security Center agent was last online. Unit: milliseconds.

1637592907000
AuthVersioninteger

The edition of Security Center that is authorized to protect the asset. Valid values:

  • 1: Basic edition
  • 6: Anti-virus edition
  • 5: Advanced edition
  • 3: Enterprise edition
  • 7: Ultimate edition
1
Regionstring

The region ID of the asset.

cn-hangzhou-cm***-***
InstanceNamestring

The name of the asset.

yztest-l***
PodCountinteger

The number of pods.

1
VulCountinteger

The number of vulnerabilities that are detected on the asset.

2
HcStatusstring

Indicates whether baseline risks are detected on the asset. Valid values:

  • YES
  • NO
YES
CreatedTimelong

The timestamp when the cluster was created. Unit: milliseconds.

1607365213000
GroupTracestring

The name of the group to which the asset belongs.

default
ClusterIdstring

The ID of the cluster.

c690a0789419f4284a4e0a29e12fe****
RiskStatusstring

Indicates whether risks are detected on the asset. Valid values:

  • YES
  • NO
NO
Coresinteger

The number of the CPU cores used by the asset.

4
VulStatusstring

Indicates whether vulnerabilities are detected on the asset. Valid values:

  • YES
  • NO
YES
AlarmStatusstring

Indicates whether alerts are generated on the asset. Valid values:

  • YES
  • NO
NO
MacListStringstring

The MAC address of the system.

00:13:3e:31:13:39,02:12:67:b8:**:**
Importanceinteger

The importance of the asset. Valid values:

  • 2: an important asset
  • 1: a common asset
  • 0: a test asset
2
HealthCheckCountinteger

The number of baseline risks that are detected on the asset.

1
Ipstring

The public IP address of the asset.

1.2.XX.XX
Osstring

The operating system of the asset.

Linux
AuthModifyTimelong

The timestamp when Security Center is authorized to scan the asset.

1627974044000
SafeEventCountinteger

The number of alerts that are generated on the asset.

5
InstanceIdstring

The ID of the asset.

i-m5***
AssetTypestring

The type of the asset. Valid values:

  • 0: an ECS instance
  • 1: a Server Load Balancer (SLB) instance
  • 2: a NAT gateway
  • 3: an ApsaraDB RDS instance
  • 4: an ApsaraDB for MongoDB instance
  • 5: an ApsaraDB for Redis instance
  • 6: a container image
  • 7: a container
0
IntranetIpstring

The private IP address of the asset.

1.2.XX.XX
Vendorinteger

The type of the asset by source. Valid values:

  • 0: an asset provided by Alibaba Cloud.
  • 1: a third-party cloud server
  • 2: a server in a data center
  • 3, 4, 5, and 7: other cloud asset
  • 8: a lightweight asset
0
RegionIdstring

The ID of the region in which the asset resides.

cn-hanghzou
Uuidstring

The UUID of the asset.

c9107c04-942f-40c1-981a-f1c1***
GroupIdlong

The ID of the asset group to which the asset belongs.

4120080
RegionNamestring

The name of the region in which the asset resides.

China (Hangzhou)
VendorNamestring

The name of the service provider (SP) for the asset.

Valid values:

  • ALIYUN: Alibaba Cloud
  • OUT: a third-party service provider
  • IDC: a data center
  • TENCENT: Tencent Cloud
  • HUAWEICLOUD: Huawei Cloud
  • Microsoft: Microsoft
  • AWS: Amazon Web Services (AWS)
  • TRIPARTITE: a lightweight server
IDC
AuthVersionNamestring

The name of the Security Center edition that is authorized to scan the asset. Valid values:

  • Basic edition
  • Anti-virus edition
  • Advanced edition
  • Enterprise edition
  • Ultimate edition
  • Value-added Plan edition
Ultimate Edition
ClusterNamestring

The name of the cluster.

cluster1
ExposedStatusinteger

Indicates whether the asset is exposed. Valid values:

  • 0: no
  • 1: yes
0
RiskCountstring

The total number of baseline risks that are detected on the asset. The value of this parameter is in the JSON format and contains the following fields:

  • account: the number of accounts that are used to log on from unapproved logon locations and whose passwords are cracked
  • appNum: the number of scanners
  • asapVulCount: the total number of high-risk vulnerabilities
  • baselineHigh: the number of high-risk baseline risks
  • baselineLow: the number of low-risk baseline risks
  • baselineMedium: the number of medium-risk baseline risks
  • baselineNum: the total number of configuration risks
  • cmsNum: the number of Web-CMS vulnerabilities
  • containerAsap: the number of high-risk vulnerabilities that are detected on containers
  • containerLater: the number of medium-risk vulnerabilities that are detected on containers
  • containerNntf: the number of low-risk vulnerabilities that are detected on containers
  • containerRemind: the number of alerts whose Emergency level is Reminder on containers
  • containerSerious: the number of alerts whose Emergency level is Urgent on containers
  • containerSuspicious: the number of alerts whose Emergency level is Suspicious on containers
  • cveNum: the number of Linux software vulnerabilities
  • emgNum: the number of urgent vulnerabilities
  • health: the number of baseline alerts that are unhandled
  • imageBaselineHigh: the number of high-risk baseline risks that are detected on images
  • imageBaselineLow: the number of low-risk baseline risks that are detected on images
  • imageBaselineMedium: the number of medium-risk baseline risks that are detected on images
  • imageBaselineNum: the total number of baseline risks that are detected on images
  • imageMaliciousFileRemind: the number of malicious files that are detected on images and have the Emergency level of Reminder
  • imageMaliciousFileSerious: the number of malicious files that are detected on images and have the Emergency level of Urgent
  • imageMaliciousFileSuspicious: the number of malicious files that are detected on images and have the Emergency level of Suspicious
  • imageVulAsap: the number of high-risk vulnerabilities that are detected on images
  • imageVulLater: the number of medium-risk vulnerabilities that are detected on an image
  • imageVulNntf: the number of low-risk vulnerabilities that are detected on an image
  • laterVulCount: the number of medium-risk vulnerabilities
  • newSuspicious: the number of alerts
  • nntfVulCount: the number of low-risk vulnerabilities.
  • remindNum: the number of alerts whose Emergency level is Reminder
  • scaNum: the number of vulnerabilities that are detected based on software component analysis
  • seriousNum: the number of alerts whose Emergency level is Urgent
  • suspNum: the number of alerts whose Emergency level is Suspicious
  • suspicious: the total number of alerts
  • sysNum: the number of Windows system vulnerabilities
  • trojan: the number of trojans
  • uuid: the UUIDs of assets
  • vul: the number of vulnerabilities
  • weakPWNum: the number of weak passwords
{ "account": 0, "appNum": 0, "asapVulCount": 0, "baselineHigh": 0, "baselineLow": 0, "baselineMedium": 0, "baselineNum": 0, "cmsNum": 0, "containerAsap": 0, "containerLater": 0, "containerNntf": 0, "containerRemind": 0, "containerSerious": 0, "containerSuspicious": 0, "cveNum": 0, "emgNum": 0, "health": 0, "imageBaselineHigh": 0, "imageBaselineLow": 0, "imageBaselineMedium": 0, "imageBaselineNum": 0, "imageMaliciousFileRemind": 0, "imageMaliciousFileSerious": 0, "imageMaliciousFileSuspicious": 0, "imageVulAsap": 0, "imageVulLater": 0, "imageVulNntf": 0, "laterVulCount": 0, "newSuspicious": 0, "nntfVulCount": 0, "remindNum": 0, "scaNum": 0, "seriousNum": 0, "suspNum": 0, "suspicious": 0, "sysNum": 0, "trojan": 0, "uuid": "inet-37316411-37fe-4b72-b245-346a2721****", "vul": 0, "weakPWNum": 0 }
IpListStringstring

The IP addresses of the system.

172.31.XX.XX,172.171.XX.XX

Example

Normal return example

JSONFormat

{
  "Success": true,
  "RequestId": "32A73759-4C0F-4801-BE98-901223ACEE9A",
  "PageInfo": {
    "CurrentPage": 1,
    "PageSize": 20,
    "TotalCount": 50,
    "Count": 10
  },
  "Instances": [
    {
      "Status": "Running",
      "CpuInfo": "Intel(R) Xeon(R) Platinum 8269CY CPU @ 2.50GHz",
      "InternetIp": "1.2.XX.XX",
      "Kernel": "3.10.0-1127.19.1.el7.x86_64",
      "Bind": true,
      "OsName": "-",
      "Tag": "InternetIp,test",
      "ClientStatus": "online",
      "Mem": 1024,
      "VpcInstanceId": "vpc-uf60agqq65bs98zoo****",
      "TagId": "121313,41412",
      "Flag": 0,
      "LastLoginTimestamp": 1637592907000,
      "AuthVersion": 1,
      "Region": "cn-hangzhou-cm***-***",
      "InstanceName": "yztest-l***",
      "PodCount": 1,
      "VulCount": 2,
      "HcStatus": "YES",
      "CreatedTime": 1607365213000,
      "GroupTrace": "default",
      "ClusterId": "c690a0789419f4284a4e0a29e12fe****",
      "RiskStatus": "NO",
      "Cores": 4,
      "VulStatus": "YES",
      "AlarmStatus": "NO",
      "MacListString": "00:13:3e:31:13:39,02:12:67:b8:**:**",
      "Importance": 2,
      "HealthCheckCount": 1,
      "Ip": "1.2.XX.XX",
      "Os": "Linux",
      "AuthModifyTime": 1627974044000,
      "SafeEventCount": 5,
      "InstanceId": "i-m5***",
      "AssetType": "0",
      "IntranetIp": "1.2.XX.XX",
      "Vendor": 0,
      "RegionId": "cn-hanghzou",
      "Uuid": "c9107c04-942f-40c1-981a-f1c1***",
      "GroupId": 4120080,
      "RegionName": "China (Hangzhou)",
      "VendorName": "IDC",
      "AuthVersionName": "Ultimate Edition",
      "ClusterName": "cluster1",
      "ExposedStatus": 0,
      "RiskCount": "{\n      \"account\": 0,\n      \"appNum\": 0,\n      \"asapVulCount\": 0,\n      \"baselineHigh\": 0,\n      \"baselineLow\": 0,\n      \"baselineMedium\": 0,\n      \"baselineNum\": 0,\n      \"cmsNum\": 0,\n      \"containerAsap\": 0,\n      \"containerLater\": 0,\n      \"containerNntf\": 0,\n      \"containerRemind\": 0,\n      \"containerSerious\": 0,\n      \"containerSuspicious\": 0,\n      \"cveNum\": 0,\n      \"emgNum\": 0,\n      \"health\": 0,\n      \"imageBaselineHigh\": 0,\n      \"imageBaselineLow\": 0,\n      \"imageBaselineMedium\": 0,\n      \"imageBaselineNum\": 0,\n      \"imageMaliciousFileRemind\": 0,\n      \"imageMaliciousFileSerious\": 0,\n      \"imageMaliciousFileSuspicious\": 0,\n      \"imageVulAsap\": 0,\n      \"imageVulLater\": 0,\n      \"imageVulNntf\": 0,\n      \"laterVulCount\": 0,\n      \"newSuspicious\": 0,\n      \"nntfVulCount\": 0,\n      \"remindNum\": 0,\n      \"scaNum\": 0,\n      \"seriousNum\": 0,\n      \"suspNum\": 0,\n      \"suspicious\": 0,\n      \"sysNum\": 0,\n      \"trojan\": 0,\n      \"uuid\": \"inet-37316411-37fe-4b72-b245-346a2721****\",\n      \"vul\": 0,\n      \"weakPWNum\": 0\n}",
      "IpListString": "172.31.XX.XX,172.171.XX.XX"
    }
  ]
}

Error codes

Http codeError codeError messageDescription
400AccountIdNotExistAccountIdNotExist-
400NoPermissionno permission-
403NoPermissioncaller has no permissionYou are not authorized to do this operation.
500ServerErrorServerError-

For a list of error codes, visit the API error center.

Change history

Change timeSummary of changesOperate
2022-12-23API Description Update, The API operation is not deprecated., The error codes of the API operation has changed
Change itemChange content
API DescriptionAPI Description Update
API Deprecation DescriptionThe API operation is not deprecated.
Error CodesThe error codes of the API operation has changed
    delete Error Codes: 400
    delete Error Codes: 500