The following tables list the API operations available for use in Security Center.

Note
  • For more information about the request methods and endpoints for log analysis operations, see Endpoints.
  • For more information about the request methods and endpoints for other types of operations, see Make API requests.

Asset management

Operation Description
DescribeAllEntity Queries information about all assets. The information includes asset group IDs and asset names.
DescribeFieldStatistics Queries the statistics of assets.
DescribeGroupedTags Queries the statistics of asset tags.
DescribeAllGroups Queries grouping information about all servers.
DescribeAssetSummary Queries the cores of servers that are protected by Security Center.
DescribeInstanceStatistics Queries risk information about an asset.
QueryGroupIdByGroupName Queries the ID of an asset group by using the name of the asset group.
RefreshAssets Synchronizes the most recent statistics of assets on the Assets page.
DeleteGroup Deletes a server group.
CreateOrUpdateAssetGroup Creates a server group, or adds servers to or removes servers from a server group.
DescribeGroupedInstances Queries the statistics of assets based on a specified filter condition.
ModifyTagWithUuid Changes the names of the tags that are added to servers, or modifies tags for servers.
ModifyPushAllTask Performs security check tasks on servers.
ModifyLoginSwitchConfig Enables or disables the logon security settings for a specific asset.
ModifyLoginBaseConfig Modifies basic configurations in the logon security settings for a specific asset.
ModifyGroupProperty Modifies the name of a server group.
ModifyAssetGroup Modifies the server group to which one or more servers belong.
DescribeCloudProductFieldStatistics Queries the statistics of cloud services whose instances are protected by Security Center.
DescribeDomainCount Queries the number of domain assets.
DescribeDomainList Queries information about domain assets.
DescribeDomainDetail Queries the details about a domain asset.
DescribeCloudCenterInstances Queries asset information.
DescribeSummaryInfo Queries the security information about all assets. The information includes the security score and the numbers of protected and unprotected assets.
DescribeSearchCondition Queries the filter conditions that are used to search for specific assets.
DescribeAssetDetailByUuid Queries the details about a server by using the UUID of the server.
DeleteTagWithUuid Removes custom tags from assets.
DescribeCriteria Queries the search conditions when you query an asset. You can specify a keyword for fuzzy search.
DescribeExportInfo Queries the progress of an asset export task.
DeleteLoginBaseConfig Deletes basic configurations from the logon security settings for a specific asset.
DescribeAssetDetailByUuids Queries the details about ECS instances.
DescribeImageStatistics Queries the risk statistics of container images.
DescribeContainerStatistics Queries the alert statistics of containers.
RefreshContainerAsserts Refreshes the statistics of containers on the Assets page.

Container management

Operation Description
DescribeGroupedContainerInstances Queries the details about containers by group type.

Asset exposure analysis

Operation Description
DescribeExposedStatistics Queries the exposure statistics of the assets on the Internet.
DescribeExposedInstanceList Queries the information about servers that are exposed to the Internet.
DescribeExposedInstanceDetail Queries the details about a specific server that is exposed to the Internet.
DescribeExposedInstanceCriteria Queries the search conditions that are used to search for exposed assets.
DescribeExposedStatisticsDetail Queries the information about the gateways, ports, server components, or public IP addresses that are exposed to the Internet.

Security score

Operation Description
DescribeSecureSuggestion Queries suggestions on how to handle the security risks that affect the security score.

Virus defense

Operation Description
StartVirusScanTask Performs a virus scan task on a server or multiple servers.
DescribeSuspiciousUUIDConfig Queries the UUIDs of servers on which proactive defense takes effect based on a specified defense type.
DescribeScanTaskProgress Queries the progress of a virus scan task.

Anti-ransomware

Operation Description
AutoBuyBackupProduct Enables the anti-ransomware feature.
InstallBackupClient Installs the anti-ransomware agent on a server.
UninstallBackupClient Uninstalls the anti-ransomware agent from a server.
CreateBackupPolicy Creates an anti-ransomware policy.
DeleteBackupPolicy Deletes an anti-ransomware policy.
DeleteBackupPolicyMachine Removes a server from a specific anti-ransomware policy.
ModifyBackupPolicy Modifies an anti-ransomware policy.
ModifyBackupPolicyStatus Enables or disables an anti-ransomware policy.
DescribeBackupRestoreCount Queries the statistics of a restoration task.
DescribeRestoreJobs Queries the details about a restoration task.
DescribeUserBackupMachines Queries the information about the servers to which an anti-ransomware policy is applied.
DescribeSupportRegion Queries the region in which the anti-ransomware feature is supported.
DescribeBackupFiles Queries backup files that you can restore.
DescribeBackupPolicies Queries anti-ransomware policies.
DescribeBackupClients Queries the servers on which the anti-ransomware agent is installed in a specific region.
GetBackupStorageCount Queries the anti-ransomware capacity that is used.

Alert management

Operation Description
HandleSecurityEvents Handles alerts.
DescribeSecurityStatInfo Queries the statistics of each security check item and the daily statistics in the trend chart based on each security check item.
DescribeAlarmEventList Queries the details about alert events.
DescribeAlarmEventDetail Queries the details about an alert event. An alert event consists of an alert and exceptions. Each alert event is associated with multiple exceptions.
DescribeSuspEvents Queries the information about exceptions. An alert event consists of an alert and exceptions. Each alert event is associated with multiple exceptions.
DescribeAttackAnalysisData Queries the statistics of attack analysis.
DescribeSuspEventDetail Queries the details about an exception. An alert event consists of an alert and exceptions. Each alert event is associated with multiple exceptions.
HandleSimilarSecurityEvents Handles the alerts that are triggered by the same rule or rules of the same type at a time.
DescribeSecurityEventOperations Queries operations that can be performed to handle alerts.
DescribeSecurityEventOperationStatus Queries the handling results of alerts that are triggered by the same rule or rules of the same type and are handled at a time.
CreateSimilarSecurityEventsQueryTask Creates a task to query alerts that are triggered by the same rule or rules of the same type.
DescribeSimilarSecurityEvents Queries the alerts that are triggered by the same rule or rules of the same type.
DescribeSimilarEventScenarios Queries the scenarios in which alerts triggered by the same rule or rules of the same type are handled.
DescribeUserLayoutAuthorization Queries whether the required permissions to implement protection against brute-force attacks are obtained.
RollbackSuspEventQuaraFile Restores a quarantined file.
DescribeSuspEventQuaraFiles Queries quarantined files by page.
OperationSuspEvents Handles multiple exceptions at a time.
CheckSecurityEventId Checks whether one or more alerts are generated on a specific server based on alert IDs.
GetSuspiciousStatistics Queries the statistics of alerts in one or more asset groups.

Configuration assessment

Operation Description
DescribeRiskItemType Queries the types of check items for cloud service configurations. Each check item is categorized into a type. The types of check items include identity authentication and permissions, network access control, log audit, data security, monitoring and alerting, and basic security protection.
StartBaselineSecurityCheck Checks cloud service configurations. You can check all items or a specific item, and you can verify whether an item is already checked.
DescribeRiskCheckSummary Queries the summary information about the check results of cloud service configurations. The summary information includes the number of risk items, the risk rate, the number of affected assets, the last check time, and the statistics on each type of check item.
ModifyRiskCheckStatus Modifies the status of a check result. You can ignore the result or mark the result as a false positive.
DescribeRiskCheckResult Queries the check results of configuration assessment for your cloud services.
DescribeSecurityCheckScheduleConfig Queries the custom check cycles and time ranges.
ModifyRiskSingleResultStatus Handles the risk item that affects an asset. You can ignore the risk item or mark the risk item as false positive.
ModifySecurityCheckScheduleConfig Specifies the time to automatically check cloud service configurations. For example, you can specify the time period during a day of the week.
DescribeRiskCheckItemResult Queries the assets on which the configuration risks are detected based on a specific check item.
DescribeRiskListCheckResult Queries the number of risk items for one or more cloud services in cloud assessment results based on the instance IDs of the cloud services.

Brute-force attacks protection

Operation Description
CreateAntiBruteForceRule Creates a defense rule against brute-force attacks.
ModifyAntiBruteForceRule Modifies a defense rule against brute-force attacks.
ModifyInstanceAntiBruteForceRule Modifies the defense rule against brute-force attacks for a specific server.
DescribeAntiBruteForceRules Queries the existing defense rules against brute-force attacks.
DescribeBruteForceSummary Queries the statistics of defense rules against brute-force attacks that trigger alerts.
DescribeInstanceAntiBruteForceRules Queries the information about servers to which the defense rules against brute-force attacks are applied.

Vulnerability fixing

Operation Description
ModifyVulTargetConfig Configures vulnerability detection for a server.
ModifyStartVulScan Enables the quick scan feature on the Vulnerabilities page.
DescribeEmgVulItem Queries the details about urgent vulnerabilities.
DescribeFrontVulPatchList Queries the pre-patches that are required to fix specific Windows system vulnerabilities.
GetVulStatistics Queries the statistics of vulnerabilities in one or more asset groups.
OperateVuls Fixes Linux software vulnerabilities.
DescribeVulExportInfo Queries the progress of a vulnerability export task.
ExportVul Exports a list of vulnerabilities.
ModifyDeleteVulWhitelist Removes a vulnerability from the whitelist. After you remove the vulnerability from the whitelist, Security Center can detect the vulnerability and generate alerts for the vulnerability.
DescribeVulList Queries vulnerabilities by type.
DescribeVulWhitelist Queries the whitelist of vulnerabilities by page.
DescribeConcernNecessity Queries the priority to fix a vulnerability.
DescribeGroupedVul Queries the details about vulnerabilities by group.
ModifyCreateVulWhitelist Creates a vulnerability whitelist. The vulnerabilities that are added to the whitelist no longer trigger alerts.
ModifyEmgVulSubmit Scans for urgent vulnerabilities.
DescribeAutoDelConfig Queries the number of days during which a detected vulnerability is retained before the vulnerability is automatically deleted.
ModifyAutoDelConfig Specifies the number of days after which a detected vulnerability is automatically deleted.
ModifyOperateVul Handles detected vulnerabilities. You can fix or ignore vulnerabilities. You can also verify the vulnerability fixes.

Container image scan

Operation Description
DescribeGroupedMaliciousFiles Queries malicious image samples.
DescribeImageBaselineCheckSummary Queries the image baseline risks that are detected by container image scan.
DescribeAffectedMaliciousFileImages Queries the details about malicious image files.
DescribeImageScanAuthCount Queries the details about the quota for container image scan.
DescribeTaskErrorLog Queries the error logs that record tasks failed to fix image vulnerabilities.
DescribeImageFixTask Queries the tasks that you create to fix image risks.
DescribeImageGroupedVulList Queries image vulnerabilities.
DescribeImageListWithBaselineName Queries the details about the image baseline risks that are detected.
PublicPreCheckImageScanTask Queries the number of images to scan in an image scan task and the quota for container image scan to be consumed by the task.
PublicCreateImageScanTask Creates an image scan task.
PublicSyncAndCreateImageScanTask Adds images to Security Center on the Assets page and creates an image scan task to scan the images.
DescribeImageVulList Queries the details about the image vulnerabilities and affected images.

Baseline check

Operation Description
DescribeCheckWarningSummary Queries the statistical information of baseline check results. The information includes the number of servers on which a baseline check is performed, the number of baseline check items, and the pass rate of check items in the last baseline check.
DescribeStratety Queries the configurations of baseline check policies.
DescribeStrategyExecDetail Queries the details of the latest baseline check result that is generated based on a baseline check policy. The details include the last time when the check was performed, the number of detected risk items, and the baseline risk details.
DeleteStrategy Deletes a baseline check policy.
DescribeCheckWarnings Queries specific risk items and check items of a specific server.
DescribeStrategyTarget Queries the information about the assets that are added to a baseline check policy.
DescribeCheckWarningDetail Queries the details about a specific check item.
DescribeStrategy Queries the details about a baseline check policy.
DescribeWarningMachines Queries information about servers on which a baseline check is performed. The information includes the statistics and status of risk items and IDs of the servers.
DescribeUserBaselineAuthorization Queries whether the required permissions to perform baseline checks are obtained.
ValidateHcWarnings Verifies whether multiple baseline risks that are detected in baseline checks are fixed at a time.
FixCheckWarnings Fixes baseline risks in a baseline check.
DescribeCheckEcsWarnings Queries the number of weak passwords that can cause high risks on your assets.
IgnoreHcCheckWarnings Adds multiple risk items to a whitelist or removes them from a whitelist at a time during baseline checks.

Log analysis

Operation Description
Overview Full logs of Security Center are stored in a dedicated Logstore named sas-log. You can find the Logstore in the project that stores Security Center logs in the Log Service console. The name of the project is in the sas-log-ID of your Alibaba Cloud account-Region ID format.

For more information about operations for log analysis, see Overview.

ModifyOpenLogShipper Activates Log Service.
DescribeLogstoreStorage Queries the purchased log storage capacity.
ModifyClearLogstoreStorage Deletes all logs that occupy your log storage.

Asset fingerprints

Operation Description
DescribePropertyCount Queries the statistical information about asset fingerprints. The information includes the numbers of processes, ports, software, users, and scheduled tasks.
DescribePropertyPortDetail Queries the details about a port.
DescribePropertyProcDetail Queries the details about a process in the process list.
DescribePropertyPortItem Queries the details about all ports.
DescribePropertyProcItem Queries the details about all processes.
DescribePropertySoftwareDetail Queries the details about a software asset in the software list.
DescribePropertySoftwareItem Queries the details about all software assets.
DescribePropertyUserDetail Queries the details about an account in the account list.
DescribePropertyUserItem Queries the account information about an asset.
DescribeModuleConfig Queries the configurations of the asset fingerprints module.
DescribePropertyCronDetail Queries the scheduled task fingerprints of a server.
DescribePropertyScaDetail Queries the following types of asset fingerprints: middleware, databases, and web services.
DescribePropertyUsageNewest Queries the information about five most recently created accounts.
ModifyPropertyScheduleConfig Modifies the collection frequency of asset fingerprints for an automatic periodic collection task.

Notification

Operation Description
DescribeDingTalk Queries DingTalk notifications.
DescribeNoticeConfig Queries notification settings.

Security Center agent

Operation Description
SasInstallCode Queries the verification key that is used to run the installation command of the Security Center agent.
PauseClient Enables or disables the Security Center agent.
OperateAgentClientInstall Installs the Security Center agent on a server.
DescribeInstallCaptcha Queries the verification code for you to manually install the Security Center agent.
DescribeInstallCodes Queries the commands that are used to manually install the Security Center agent.
UnbindAegis Unbinds servers that are not deployed on Alibaba Cloud from Security Center.

Check result export

Operation Description
ExportRecord Exports the results of baseline checks, asset security checks, and AccessKey pair leak detection to Excel files.

Virus query

Operation Description
OperateSuspiciousTargetConfig Configures proactive defense.

Web tamper proofing

Operation Description
ModifyWebLockStart Enables and configures web tamper proofing for a specific server.
ModifyWebLockStatus Enables or disables web tamper proofing for a server.
DescribeWebLockConfigList Queries the configurations of web tamper proofing for a specific server.
DescribeWebLockBindList Queries the servers for which web tamper proofing is enabled.
ModifyWebLockDeleteConfig Deletes the protected directory for a specific server.
ModifyWebLockCreateConfig Adds a directory to protect for a specific server.
ModifyWebLockUpdateConfig Modifies the protected directory for a specific server.

Detection of AccessKey pair leaks

Operation Description
DescribeAccesskeyLeakList Queries the details about AccessKey pair leaks in your assets.
DescribeAccessKeyLeakDetail Queries the details about AccessKey pair leaks.

Service-linked role

Operation Description
CreateServiceLinkedRole Creates a service-linked role and authorizes Security Center to access cloud resources.
DescribeServiceLinkedRoleStatus Checks whether a service-linked role is created for Security Center.