CreateSuspiciousExport
Description
'export' host exception event information according to query conditions.
Request Method
POST
Request Path
/apsara/route/aegis/CreateSuspiciousExport
Request Parameters Common Parameters
| Name | Location | Type | Required | Sample value | Description |
|---|---|---|---|---|---|
| EventType | BODY | string | No | No sample value for this parameter. | Exception event category name, value range: abnormal login abnormal process behavior abnormal account sensitive file tampering abnormal network connection exception event suspicious file malicious process (cloud killing) |
| regionId | BODY | string | Yes | No sample value for this parameter. | region id |
| StatusList | BODY | string | No | No sample value for this parameter. | Exception event processing status, value range: 1: indicates pending processing 2: indicates that it has been ignored 3: indicates confirmed 8: indicates that it has been marked as a false positive 16: indicates that processing 32: indicates that the processing is complete supports specifying multiple states separated. |
| Level | BODY | string | No | No sample value for this parameter. | Event level, value range: serious: indicates serious high: indicates high risk medium: indicates medium risk low: indicates low risk supports specifying multiple event levels separated. |
| Tag | BODY | string | No | No sample value for this parameter. | host label. |
| EventNameRemark | BODY | string | No | No sample value for this parameter. | exception event name, supports fuzzy query matching. |
| Uuids | BODY | string | No | No sample value for this parameter. | host asset UUID, specifying multiple host asset UUIDs separated. |
| Dealed | BODY | string | No | No sample value for this parameter. | Whether the exception event has been processed, the value range: Y: indicates processed N: indicates unprocessed |
| version | BODY | string | No | 2016-01-01 | version of api |
| GroupId | BODY | string | No | No sample value for this parameter. | asset group ID. |
| Remark | BODY | string | No | No sample value for this parameter. | host name or host IP, supports fuzzy query matching. |
Return data
| Name | Type | Sample value | Description |
|---|---|---|---|
| RequestId | string | no demo value | request ID. |
| FileName | string | no demo value | 'export' file name. |
| Id | long | no demo value | 'export' task record ID. |
Example
Successful Response example
{
"RequestId":"no demo value",
"FileName":"no demo value",
"Id":"no demo value"
}
Failed Response example
{
"errorSample":
{
"resultCode":-1,
"resultMsg":"system error",
"result":null
}
}