HandleSecurityEvents
Description
call HandleSecurityEvents to handle security alarms.
Request Method
POST
Request Path
/apsara/route/aegis/HandleSecurityEvents
Request Parameters Common Parameters
| Name | Location | Type | Required | Sample value | Description |
|---|---|---|---|---|---|
| SourceIp | BODY | string | No | 1.2.3.4 | access the IP address of the source. |
| SecurityEventIds.N | BODY | repeatlist | No | ["909361"] | security alarm ID. |
| regionId | BODY | string | Yes | No sample value for this parameter. | region id |
| OperationParams | BODY | string | No | {"expireTime":1578475919533} | parameter values returned by operations that process similar alarm events in batch. except that the OperationCode value is kill_and_quara and block_ip , if the OperationCode is another value, the parameter value can be empty. |
| OperationCode | BODY | string | No | ignore | the type of operation for batch processing of similar alarm events. deal: handle alarms (quarantine) kill_and_quara: virus killing kill_virus: deep kill block_ip: block ignore: Ignore mark_mis_info: marked as false positive (whitelist) rm_mark_mis_info: unmark as false positive (cancel whitelist) offline_handled: marked as processed |
| version | BODY | string | No | 2016-01-01 | version of api |
Return data
| Name | Type | Sample value | Description |
|---|---|---|---|
| HandleSecurityEventsResponse | struct | No sample value for this parameter. | returns the result of handling the security alarm. |
| TaskId | long | 3187 | task ID for handling security alerts. |
| RequestId | string | D929B6F9-EE5E-4F26-A22F-65D4088B6F24 | request ID of the result. |
Example
Successful Response example
{
"HandleSecurityEventsResponse":"",
"TaskId":"3187",
"RequestId":"D929B6F9-EE5E-4F26-A22F-65D4088B6F24"
}
Failed Response example
{
"errorSample":
{
"resultCode":-1,
"resultMsg":"system error",
"result":null
}
}