DescribeSuspEventDetail
Description
call the DescribeSuspEventDetail interface to query the details of a single exception event. Alarm events are divided into two dimensions: alarm and exception. An alarm event contains multiple exception events.
Request Method
POST
Request Path
/apsara/route/Sas/DescribeSuspEventDetail
Request Parameters Common Parameters
| Name | Location | Type | Required | Sample value | Description |
|---|---|---|---|---|---|
| SourceIp | BODY | string | No | 1.2.3.4 | access the IP address of the source. |
| regionId | BODY | string | Yes | No sample value for this parameter. | region id |
| Lang | BODY | string | No | zh | the language type of the request and receive message. Valid values include: zh: Chinese en: English |
| From | BODY | string | Yes | sas | The source of abnormal event data is fixed as sas. |
| version | BODY | string | No | 2016-01-01 | version of api |
| SuspiciousEventId | BODY | integer | No | 1 | unique identification ID for recording abnormal events. description to query the information of a single abnormal event, you need to provide a unique identification ID that records the abnormal event, which can be obtained by the DescribeSuspEvents interface. |
Return data
| Name | Type | Sample value | Description |
|---|---|---|---|
| EventDesc | string | this file is most likely planted after hackers successfully invaded the website. it is recommended that you confirm the legality of the file and process | exception event description. |
| RequestId | string | 1 | request ID of the result. |
| EventTypeDesc | string | website backdoor-found backdoor (Webshell) file | description of exception event types. |
| EventStatus | string | 1 | abnormal event status. Valid values include: 1:PENDING (to be processed) 2:IGNORE (ignored) 4:HANDLED (confirmed) 8:FAULT (marked false positive) 16:DEALING (in process) 32:DONE (processed) 64:EXPIRE (expired) |
| EventName | string | WEBSHELL | the name of the exception event. |
| SaleVersion | string | 1 | product sales version supported by abnormal event detection. Valid values include: 0: basic version 1: enterprise version |
| IntranetIp | string | 1.2.3.1 | the private IP of the associated instance. |
| DataSource | string | aegis_suspicious_*** | the data source of the exception event. |
| Name | string | update time | the title of the copy. |
| InstanceName | string | ca_cpm_test1 | the name of the associated instance. |
| OperateMsg | string | success | remarks on abnormal event operations. |
| CanBeDealOnLine | boolean | true | whether online handling of exception events is supported. Valid values include: true: supports online processing false: online processing is not supported |
| Type | string | html | the way the copy is displayed. Valid values include: text: text method html: the way of rich text |
| Uuid | string | bffb12c3-590a-4db2-b538-*** | the unique identifier of the associated instance. |
| Details | array | No sample value for this parameter. | details of abnormal events. |
| InternetIp | string | 1.2.3.5 | the public network IP of the associated instance. |
| Value | string | 2018-12-12 12:00:00 | the content of the copy. |
| Level | string | serious | the risk level of abnormal events. Valid values include: serious: emergency suspicious: Suspicious mind: reminder |
| Id | integer | 1991 | unique identification ID for recording abnormal events. |
| InfoType | string | download_url | the type of icon displayed. |
| LastTime | string | 2018-10-30 11:43:46 | the latest occurrence time of the abnormal event. |
| SasId | string | 1sdeswdd**** | cloud security center product ID. |
Example
Successful Response example
{
"EventDesc":"this file is most likely planted after hackers successfully invaded the website. it is recommended that you confirm the legality of the file and process",
"RequestId":"1",
"EventTypeDesc":"website backdoor-found backdoor (Webshell) file",
"EventStatus":"1",
"EventName":"WEBSHELL",
"SaleVersion":"1",
"IntranetIp":"1.2.3.1",
"DataSource":"aegis_suspicious_***",
"Name":"update time",
"InstanceName":"ca_cpm_test1",
"OperateMsg":"success",
"CanBeDealOnLine":"true",
"Type":"html",
"Uuid":"bffb12c3-590a-4db2-b538-***",
"Details":"",
"InternetIp":"1.2.3.5",
"Value":"2018-12-12 12:00:00",
"Level":"serious",
"Id":"1991",
"InfoType":"download_url",
"LastTime":"2018-10-30 11:43:46",
"SasId":"1sdeswdd****"
}
Failed Response example
{
"errorSample":
{
"resultCode":-1,
"resultMsg":"system error",
"result":null
}
}