DescribeAlarmEventDetail
Description
call DescribeAlarmEventDetail to get details of alarm events. Alarm events are divided into two dimensions: alarm and exception. An alarm event contains multiple exception events.
Request Method
POST
Request Path
/apsara/route/Sas/DescribeAlarmEventDetail
Request Parameters Common Parameters
| Name | Location | Type | Required | Sample value | Description |
|---|---|---|---|---|---|
| SourceIp | BODY | string | No | 1.2.3.4 | access the IP address of the source. |
| regionId | BODY | string | Yes | No sample value for this parameter. | region id |
| AlarmUniqueInfo | BODY | string | Yes | 8df914418f4211fbf756efe7a6f40cbc | unique identifier of alarm event. description to query the detailed information of the alarm event, you need to provide the unique identification information of the alarm event, which can be obtained by DescribeAlarmEventList interface. |
| Lang | BODY | string | No | zh | the language type of the request and receive message. Valid values include: zh: Chinese en: English |
| From | BODY | string | Yes | sas | request source identification, fixed as sas. |
| version | BODY | string | No | 2016-01-01 | version of api |
Return data
| Name | Type | Sample value | Description |
|---|---|---|---|
| CanCancelFault | boolean | false | can it be unmarked as a false positive. Value: true: It can be unmarked as a false positive. false: cannot be unmarked as a false positive. |
| EndTime | long | 1542366542000 | alarm event end time. |
| RequestId | string | 5A1DDB3C-798C-4A84-BF6E-3DC700000000 | the unique identifier generated by alibaba cloud for this request. |
| CauseDetails | array | No sample value for this parameter. | the cause of the alarm event (traceability information). |
| StartTime | long | 1542378601000 | the start time of the alarm event. |
| Data | struct | No sample value for this parameter. | alarm event details. |
| IntranetIp | string | 1.2.3.5 | the private IP of the associated instance. |
| Name | string | troubleshooting scheme | Key of traceability information field. |
| DataSource | string | aegis_*** | data source. |
| InstanceName | string | test server | the name of the associated instance. |
| CanBeDealOnLine | boolean | false | whether to handle alarm events online, such as blocking isolation, adding whitelist, ignoring, etc. Value: true: online processing is supported. false: online processing is not supported. |
| Type | string | abnormal network connection | alarm event type. |
| Uuid | string | 47900178-885d-4fa4-9d77-XXXXXXXXXXXX | unique identifier ID of the associated instance. |
| InternetIp | string | 1.2.3.1 | the public network IP of the associated instance. |
| AlarmEventDesc | string | After hackers invade the server, in order to allow malicious backdoor programs to run persistently, hackers often write malicious SHELL scripts to planned tasks such as crontab and systemd. | alarm event description. |
| AlarmUniqueInfo | string | 8df914418f4211fbf756efe700000000 | unique identifier of alarm event. |
| Value | string | please check whether the pages and parameters of your WEB service are vulnerable according to the above information and fix them in time. | the value of the traceability information field. |
| AlarmEventAliasName | string | process exception behavior-Linux scheduled task execution exception instruction | the full name of the alarm event. |
| Level | string | serious | the risk level of the alarm event. Value: serious: emergency suspicious: Suspicious mind: reminder |
| Key | string | item | how to display the text. Value: text: text method html: rich text method |
| Solution | string | please check the malicious URL prompted in the alarm and the malicious files in the downloaded directory in time. And clean up the malicious processes that have been running in time. If the instruction is executed on your own initiative, you can click on the console to mark it as a false positive and feed it back to our security engineer through the work order. | method for handling alarm events. |
Example
Successful Response example
{
"CanCancelFault":"false",
"EndTime":"1542366542000",
"RequestId":"5A1DDB3C-798C-4A84-BF6E-3DC700000000",
"CauseDetails":"",
"StartTime":"1542378601000",
"Data":"",
"IntranetIp":"1.2.3.5",
"Name":"troubleshooting scheme",
"DataSource":"aegis_***",
"InstanceName":"test server",
"CanBeDealOnLine":"false",
"Type":"abnormal network connection",
"Uuid":"47900178-885d-4fa4-9d77-XXXXXXXXXXXX",
"InternetIp":"1.2.3.1",
"AlarmEventDesc":"After hackers invade the server,
in order to allow malicious backdoor programs to run persistently,
hackers often write malicious SHELL scripts to planned tasks such as crontab and systemd.",
"AlarmUniqueInfo":"8df914418f4211fbf756efe700000000",
"Value":"please check whether the pages and parameters of your WEB service are vulnerable according to the above information and fix them in time.",
"AlarmEventAliasName":"process exception behavior-Linux scheduled task execution exception instruction",
"Level":"serious",
"Key":"item",
"Solution":"please check the malicious URL prompted in the alarm and the malicious files in the downloaded directory in time. And clean up the malicious processes that have been running in time. If the instruction is executed on your own initiative,
you can click on the console to mark it as a false positive and feed it back to our security engineer through the work order."
}
Failed Response example
{
"errorSample":
{
"resultCode":-1,
"resultMsg":"system error",
"result":null
}
}