云安全中心查询全量告警列表-告警中心相关接口-API 中心-腾讯云

1. 接口描述

接口请求域名： csip.tencentcloudapi.com 。

告警中心全量告警列表接口

默认接口请求频率限制：3次/秒。

推荐使用 API Explorer

点击调试

API Explorer 提供了在线调用、签名验证、SDK 代码生成和快速检索接口等能力。您可查看每次调用的请求内容和返回结果以及自动生成 SDK 调用示例。

2. 输入参数

以下请求参数列表仅列出了接口请求参数和部分公共参数，完整公共参数列表见公共请求参数。

参数名称	必选	类型	描述
Action	是	String	公共参数，本接口取值：DescribeAlertList。
Version	是	String	公共参数，本接口取值：2022-11-21。
Region	否	String	公共参数，此参数为可选参数。
Filter	是	Filter	标签搜索筛选示例值：{ "Filters": [ { "Name": "Status", "Values": [ "0" ], "OperatorType": 7 }, { "Name": "Uin", "Values": [ "100065" ], "OperatorType": 7 } ], "Limit": 10, "Offset": 0, "StartTime": "2024-10-26 00:00:00", "EndTime": "2024-11-01 23:59:59" }
MemberId.N	否	Array of String	集团账号的成员id 示例值：["mem-6wfo0fzks3","mem-85fo0fzks4"]
OperatedMemberId.N	否	Array of String	被调用的集团账号的成员id 示例值：["mem-6wfo0fzks3","mem-85fo0fzks4"]
AssetType	否	Integer	0:默认全部 1:资产ID 2:域名示例值：1

3. 输出参数

参数名称	类型	描述
AlertList	Array of AlertInfo	全量告警列表示例值：[ { "Action": 0, "AppID": "18346", "Attacker": { "Account": "", "Address": "", "AssetType": 0, "City": "", "ContainerID": "", "ContainerName": "", "Country": "", "Domain": "", "Family": "", "FileName": "", "FromLogAnalysisData": [ { "Key": "appid", "Value": "18346" }, { "Key": "appid", "Value": "18346" } ], "HostIP": "", "IP": "", "Info": "", "InstanceID": "", "Latitude": "", "Longitude": "", "MD5": "", "Name": "", "OriginIP": "", "Port": 0, "Province": "", "VirusName": "" }, "Count": 174, "CreateTime": "2024-11-01T00:00:00+08:00", "Date": "2024-11-01T00:00:00+08:00", "EvidenceData": "[{"Key":"address_en","Value":"Amsteam,Noord-Holland,Netherlands"}]", "EvidenceLocation": "", "EvidencePath": "", "ExtraInfo": { "AttackIPProfile": "", "AttackIPTags": "", "RelateEvent": { "Description": "", "EventID": "-", "RelatedCount": 0 }, "Rule": "1148413 \| test命中" }, "ID": "alert-f1cb849f1559772d", "Key": "16bb765ad367a48f382f49b4864e4f66f7d9c081", "Level": 5, "LogSearch": "", "LogType": "", "Name": "命中", "NickName": "幽兰拿铁", "ProcessType": "NormalProcess", "RemediationSuggestion": "进行安全体检的云资源配置检查，发现云账号和用户的权限配置风险", "RiskInvestigation": "", "RiskTreatment": "", "Source": "UserBehaviorManagement", "Status": 0, "SubType": "AbnormalUserBehavior", "Type": "AbnormalUserBehavior", "Uin": "17135", "UpdateTime": "2024-11-01T14:20:00+08:00", "UrgentSuggestion": "收敛操作者权限，或限制操作对象的访问权限", "Victim": { "Account": "", "Address": "", "AssetType": 0, "City": "", "ContainerID": "", "ContainerName": "", "Country": "", "Domain": "", "Family": "", "FileName": "", "FromLogAnalysisData": [ { "Key": "action", "Value": "" } ], "HostIP": "", "IP": "", "Info": "", "InstanceID": "", "Latitude": "", "Longitude": "", "MD5": "", "Name": "", "OriginIP": "", "Port": 0, "Province": "", "VirusName": "" } }]
AlertTypeCount	Array of TagCount	告警大类数量示例值：[ { "Count": 138, "Name": "SuspectIntrusion" }, { "Count": 221, "Name": "InfoGathering" }, { "Count": 72, "Name": "ActiveOutbound" }, { "Count": 134, "Name": "ScanDetect" }, { "Count": 110, "Name": "HostAbnormality" }, { "Count": 7, "Name": "AbnormalUserBehavior" }, { "Count": 7, "Name": "ContainerAbnormality" }, { "Count": 12835, "Name": "AttackAttempts" } ]
TotalCount	Integer	告警总数示例值：13524
ReturnCode	Integer	0：succeed 1：timeout 示例值：0
ReturnMsg	String	返回状态信息示例值：success
RequestId	String	唯一请求 ID，由服务端生成，每次请求都会返回（若请求因其他原因未能抵达服务端，则该次请求不会获得 RequestId）。定位问题时需要提供该次请求的 RequestId。

4. 示例

示例1 告警中心全量告警示例

输入示例

POST / HTTP/1.1
Host: csip.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: DescribeAlertList
<公共请求参数>

{
    "Filter": {
        "Filters": [
            {
                "Name": "Status",
                "Values": [
                    "0"
                ],
                "OperatorType": 7
            },
            {
                "Name": "Uin",
                "Values": [
                    "1123213213"
                ],
                "OperatorType": 7
            }
        ],
        "Limit": 10,
        "Offset": 0,
        "StartTime": "2024-10-24 00:00:00",
        "EndTime": "2024-10-30 23:59:59"
    },
    "MemberId": [
        "mem-tencent-1829"
    ]
}

输出示例

{
    "Response": {
        "AlertList": [
            {
                "Action": 1,
                "AppID": "18742",
                "Attacker": {
                    "Account": "18742",
                    "Address": "中国上海",
                    "AssetType": 2,
                    "City": "上海",
                    "ContainerID": "ins-dd213833",
                    "ContainerName": "misakey",
                    "Country": "中国",
                    "Domain": "main.1872.net",
                    "Family": "APT",
                    "FileName": "notdad.exe",
                    "HostIP": "172.16.17.32",
                    "IP": "202.108.127.12",
                    "Info": "mail",
                    "InstanceID": "ins-dd213833",
                    "Latitude": "41.2",
                    "Longitude": "38.2",
                    "MD5": "d41d8cd98f00b204e9800998ecf8427e",
                    "Name": "sdb",
                    "OriginIP": "202.108.127.12",
                    "Port": 20,
                    "Province": "广东",
                    "VirusName": "ransomware"
                },
                "Count": 7,
                "CreateTime": "2024-10-30T09:09:14+08:00",
                "Date": "2024-10-30T00:00:00+08:00",
                "EvidenceData": "18742",
                "EvidenceLocation": "xin.1872.net",
                "EvidencePath": "path/to/file",
                "ExtraInfo": {
                    "AffectedFileName": "executable.exe",
                    "AttackIPTags": "APT",
                    "BehavioralCharacteristics": "cmd.exe",
                    "CallbackAddressTag": "APT",
                    "ClassName": "java.lang.Runtime",
                    "CommandContent": "mkdir /tmp/18742",
                    "DecoyPath": "path/to/file",
                    "ExecutedCommand": "sh -c /bin/bash",
                    "FileLastAccessTime": "2024-10-30T00:00:00+08:00",
                    "FileMD5": "d41d8cd98f00b204e9800998ecf8427e",
                    "FileModifyTime": "2024-10-30T00:00:00+08:00",
                    "FileName": "file",
                    "FilePath": "file/path/to/file",
                    "FilePermission": "0777",
                    "FileSize": "0.00B",
                    "LoginUserName": "user1",
                    "MaliciousProcessFileMD5": "d41d8cd98f00b204e9800998ecf8427e",
                    "MaliciousProcessFileSize": "0.00B",
                    "MaliciousProcessNamePID": "(0)",
                    "MaliciousProcessPath": "path/to/process",
                    "MaliciousProcessStartTime": "0001-01-01T08:05:43+08:05",
                    "NewPermissions": "0777",
                    "ParentProcess": "sh",
                    "ProcessCommandLine": "sh -c rm -rf /",
                    "ProcessName": "(0)",
                    "ProcessNamePID": "(0)",
                    "ProcessPath": "path/to/process",
                    "ProtocolPort": "8989",
                    "RecentAccessTime": "2024-10-10T09:09:14+08:00",
                    "RecentModifyTime": "2024-10-30T09:09:14+08:00",
                    "RelateEvent": {
                        "Description": "user1登录系统",
                        "EventID": "event-1232412",
                        "RelatedCount": 3
                    },
                    "Rule": "system1",
                    "StartupUser": "root",
                    "UserGroup": "admin",
                    "VirusFileTags": "APT",
                    "VirusName": "virus1"
                },
                "ID": "alert-a18d7e42",
                "Key": "main.1241.net#ins-1421",
                "Level": 5,
                "LogSearch": "id:alert-a18d7e42",
                "LogType": "2_3",
                "Name": "访问恶意地址或域名",
                "NickName": "nickname",
                "ProcessType": "BlockCallbackAddress,IsolateAsset",
                "RemediationSuggestion": "开启云防火墙-NAT边界防火墙，管控拦截恶意主动外联，前往主机安全进行深度安全检测",
                "RiskInvestigation": "none",
                "RiskTreatment": "none",
                "Source": "CWP",
                "Status": 0,
                "SubType": "MaliciousRequest",
                "Type": "ActiveOutbound",
                "Uin": "18342",
                "UpdateTime": "2024-10-30T09:10:55+08:00",
                "UrgentSuggestion": "封禁回连地址",
                "Victim": {
                    "Account": "12742",
                    "Address": "1.4.42.2 | 10.0.0.2",
                    "AssetType": 1,
                    "City": "上海",
                    "ContainerID": "ins-218742",
                    "ContainerName": "container1",
                    "Country": "中国",
                    "Domain": "www.domain.com",
                    "Family": "malware",
                    "FileName": "wodex.exe",
                    "HostIP": "10.0.0.2",
                    "IP": "1.4.42.2",
                    "Info": "mail",
                    "InstanceID": "ins-218742",
                    "Latitude": "27.1",
                    "Longitude": "12.9",
                    "MD5": "d41d8cd98f00b204e9800998ecf8427e",
                    "Name": "name1",
                    "OriginIP": "1.4.42.2",
                    "Port": 824,
                    "Province": "广东",
                    "VirusName": "virus1"
                }
            }
        ],
        "AlertTypeCount": [
            {
                "Count": 66,
                "Name": "SuspectIntrusion"
            },
            {
                "Count": 220,
                "Name": "InfoGathering"
            },
            {
                "Count": 94,
                "Name": "ActiveOutbound"
            },
            {
                "Count": 153,
                "Name": "ScanDetect"
            },
            {
                "Count": 58,
                "Name": "HostAbnormality"
            },
            {
                "Count": 4,
                "Name": "ContainerAbnormality"
            },
            {
                "Count": 9085,
                "Name": "AttackAttempts"
            }
        ],
        "RequestId": "123242123-d199-4c1c-9229-5731e460b8b6",
        "ReturnCode": 0,
        "ReturnMsg": "success",
        "TotalCount": 9680
    }
}

5. 开发者资源

腾讯云 API 平台

腾讯云 API 平台是综合 API 文档、错误码、API Explorer 及 SDK 等资源的统一查询平台，方便您从同一入口查询及使用腾讯云提供的所有 API 服务。

API Inspector

用户可通过 API Inspector 查看控制台每一步操作关联的 API 调用情况，并自动生成各语言版本的 API 代码，也可前往 API Explorer 进行在线调试。

SDK

云 API 3.0 提供了配套的开发工具集（SDK），支持多种编程语言，能更方便的调用 API。

Tencent Cloud SDK 3.0 for Python: GitHub Gitee
Tencent Cloud SDK 3.0 for Java: GitHub Gitee
Tencent Cloud SDK 3.0 for PHP: GitHub Gitee
Tencent Cloud SDK 3.0 for Go: GitHub Gitee
Tencent Cloud SDK 3.0 for Node.js: GitHub Gitee
Tencent Cloud SDK 3.0 for .NET: GitHub Gitee
Tencent Cloud SDK 3.0 for C++: GitHub Gitee
Tencent Cloud SDK 3.0 for Ruby: GitHub Gitee

命令行工具

Tencent Cloud CLI 3.0

6. 错误码

该接口暂无业务逻辑相关的错误码，其他错误码详见公共错误码。

查询全量告警列表

本页目录：