DescribeApisecEventDetail - Web Application Firewall - Alibaba Cloud Documentation Center

Queries the details of an API security event.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

No authorization for this operation. If you encounter issues with this operation, contact technical support.

Request parameters

Parameter	Type	Required	Description	Example
InstanceId	string	Yes	The ID of the WAF instance. Note Call the DescribeInstance operation to query the ID of the current WAF instance.	waf_elasticity-cn-0xldbqtm005
RegionId	string	No	The region where the WAF instance resides. Valid values: cn-hangzhou: the Chinese mainland. ap-southeast-1: outside the Chinese mainland.	cn-hangzhou
ResourceManagerResourceGroupId	string	No	The ID of the Alibaba Cloud resource group.	rg-acfm***q
EventId	string	Yes	The ID of the API security event.	18ba94fea9***e66ba0557b7b91
EventScope	string	No	The dimension of the security event. Valid values: ip (default): IP security event. account: account security event.	ip
DetailType	string	No	The type of details for the security event. Valid values: event_info (default): attack description. api_info: information about the attacked API. cnt_info: attack trend information. ip_info: attacker IP information. sensitive_info: information about access to sensitive data. request_data: request information. response_data: response information.	event_info
ClusterId	string	No	The ID of the hybrid cloud cluster. Note This parameter is available only for hybrid cloud scenarios. Call the DescribeHybridCloudClusters operation to obtain information about hybrid cloud clusters.	428

Response elements

Element	Type	Description	Example
	object	The result of the request.
RequestId	string	The ID of the request.	D7861F61-5B61-46CE-A47C-6B19160D5EB0
EventId	string	The ID of the API security event.	18ba94fea9***e66ba0557b7b91
EventTag	string	The event type. Note Call the DescribeApisecRules operation to obtain the supported event types.	ObtainSensitiveUnauthorized
AttackerList	array	The list of attackers.
	string	The attacker information. Note If the EventScope parameter is set to ip, this parameter indicates the IP address of the attacker. If the EventScope parameter is set to account, this parameter indicates the account of the attacker.	104.234.140.**
AttackCnt	string	The number of attacks.	345
StartTs	string	The beginning of the time range to query. This value is a UNIX timestamp. Unit: seconds.	1683648000
EndTs	string	The end of the time range to query. This value is a UNIX timestamp. Unit: seconds.	1683703260
Origin	string	The source of the event type. Valid values: custom: custom. default: built-in.	custom
EventLevel	string	The event level. Valid values: high: important. medium: medium. low: low.	low
UserStatus	string	The event status. Valid values: toBeConfirmed: to be confirmed. confirmed: confirmed. actioned: handled. ignored: ignored.	toBeConfirmed
Note	string	The note.	already confirmed.
EventScope	string	The dimension of the security event. Valid values: ip (default): IP security event. account: account security event.	ip
DetailValue	string	The details of the security event, in a JSON string format.	{\"location\":[\"FR\",\"CN\"],\"location_type\":\"country\"}

Examples

Success response

JSON format

{
  "RequestId": "D7861F61-5B61-46CE-A47C-6B19160D5EB0",
  "EventId": "18ba94fea9***e66ba0557b7b91",
  "EventTag": "ObtainSensitiveUnauthorized",
  "AttackerList": [
    "104.234.140.**"
  ],
  "AttackCnt": "345",
  "StartTs": "1683648000",
  "EndTs": "1683703260",
  "Origin": "custom",
  "EventLevel": "low",
  "UserStatus": "toBeConfirmed",
  "Note": "already confirmed.",
  "EventScope": "ip",
  "DetailValue": "{\\\"location\\\":[\\\"FR\\\",\\\"CN\\\"],\\\"location_type\\\":\\\"country\\\"}"
}

Error codes

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.