Handles multiple exceptions at a time.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes OperationSuspEvents

The operation that you want to perform. Set the value to OperationSuspEvents.

If operation-specific request parameters contain only this parameter, Security Center does not handle exceptions.

SourceIp String No 1.2.XX.XX

The source IP address of the request.

SuspiciousEventIds String No 290852

The IDs of alerts.

Note You can call the DescribeAlarmEventList operation and obtain the IDs of alerts from the SecurityEventIds response parameter.
Operation String No deal

The operation that you want to perform on alerts. Valid values:

  • deal: quarantines the source file of the malicious process.
  • ignore: ignores the alerts.
  • mark_mis_info: marks the alerts as false positives by adding the alerts to the whitelist.
  • rm_mark_mis_info: cancels false positives by removing the alerts from the whitelist.
  • offline_handled: marks the alerts as handled.
SubOperation String No killAndQuaraFileByPidAndMd5andPath

The suboperation that you want to perform when you quarantine the source file of the malicious process. Valid values:

  • killAndQuaraFileByPidAndMd5andPath: terminates the process based on its process ID (PID) and quarantines the source file of the process.
  • quaraFileByMd5andPath: quarantines the source file of the process.
  • killAndQuaraFileByMd5andPath: terminates the process and quarantines the source file of the process.
From String No sas

The ID of the request.

Set the value to sas, which indicates that the request is sent from Security Center.

WarnType String No alarm

The type of the event that you want to handle. Valid values:

  • alarm: alerts
  • null: exceptions

Response parameters

Parameter Type Example Description
RequestId String 7E0618A9-D5EF-4220-9471-C42B5E92719F

The ID of the request, which is used to locate and troubleshoot issues.

AccessCode String pass

Indicates whether you have access permissions. Valid values:

  • pass: yes
  • no_permission: no
Success Boolean true

The result of handling exceptions. Valid values:

  • true: The exceptions are handled.
  • false: The exceptions fail to be handled.

Examples

Sample requests

http(s)://[Endpoint]/?Action=OperationSuspEvents
&SourceIp=1.2.XX.XX
&SuspiciousEventIds=290852
&Operation=deal
&SubOperation=killAndQuaraFileByPidAndMd5andPath
&From=sas
&WarnType=alarm
&Common request parameters

Sample success responses

XML format 

HTTP/1.1 200 OK
Content-Type:application/xml

<OperationSuspEventsResponse>
    <RequestId>7E0618A9-D5EF-4220-9471-C42B5E92719F</RequestId>
    <AccessCode>pass</AccessCode>
    <Success>true</Success>
</OperationSuspEventsResponse>

JSON format 

HTTP/1.1 200 OK
Content-Type:application/json

{
  "RequestId" : "7E0618A9-D5EF-4220-9471-C42B5E92719F",
  "AccessCode" : "pass",
  "Success" : true
}

Error codes

HTTP status code Error code Error message Description
400 ClientOffline Client offline The error message returned because the Security Center agent is offline.
400 UnknownError UnknownError The error message returned because an unknown error occurred.
400 IllegalParam Illegal param The error message returned because the specified parameters are invalid.
500 ServerError ServerError The error message returned because a server error occurred.

For a list of error codes, visit the API Error Center.