HandleSimilarSecurityEvents
Description
call HandleSimilarSecurityEvents batch process all alarms triggered by the same rule or type.
Request Method
POST
Request Path
/apsara/route/Sas/HandleSimilarSecurityEvents
Request Parameters Common Parameters
| Name | Location | Type | Required | Sample value | Description |
|---|---|---|---|---|---|
| SourceIp | BODY | string | No | 1.2.3.4 | access the IP address of the source. |
| TaskId | BODY | long | No | 113 | ID of the task that processes all alarm events of the same type in batch. |
| regionId | BODY | string | Yes | No sample value for this parameter. | region id |
| OperationParams | BODY | string | No | {"expireTime":1578475919533} | parameter values returned by operations that process similar alarm events in batch. except that the OperationCode value is kill_and_quara and block_ip , if the OperationCode is another value, the parameter value can be empty. |
| OperationCode | BODY | string | No | ignore | the type of operation for batch processing of similar alarm events. deal: handle alarms (quarantine) kill_and_quara: virus killing kill_virus: deep kill block_ip: block ignore: Ignore mark_mis_info: marked as false positive (whitelist) rm_mark_mis_info: unmarked as false positive (unwhitelist) offline_handled: marked as processed |
| version | BODY | string | No | 2016-01-01 | version of api |
Return data
| Name | Type | Sample value | Description |
|---|---|---|---|
| RequestId | string | 1B080663-F4E6-4736-89B9-48FC43E160A7 | request ID of the result. |
Example
Successful Response example
{
"RequestId":"1B080663-F4E6-4736-89B9-48FC43E160A7"
}
Failed Response example
{
"errorSample":
{
"resultCode":-1,
"resultMsg":"system error",
"result":null
}
}