本文介绍了如何使用Python SDK获取全球范围内IP情报相关的报告。

IP情报报告内容包含了IP地址相关地理位置信息、域名解析信息、威胁类型、相关攻击团伙或安全事件信息等。详细内容,请参见DescribeIpReport接口的返回数据。

前提条件

开始运行示例脚本前,请确保您已完成以下准备工作:
  • 已开通阿里云官网账号。
  • 已生成AccessKey(用于使用SDK时进行身份验证)。

    确保您当前账号下已创建了AccessKey ID和AccessKey Secret。

  • 已开通阿里云威胁情报服务。

操作步骤

  1. 安装Python SDK。更多详细内容,请参见快速开始
  2. 运行以下示例脚本,调用IP情报接口。 
    from aliyunsdkcore.client import AcsClient
from aliyunsdkcore.request import CommonRequest
client = AcsClient('{your_access_key_id}', '{your_access_key_secret}', 'cn-zhangjiakou')
request = CommonRequest()
request.set_domain('sasti.aliyuncs.com')
request.set_version('2020-05-12')
request.set_action_name('DescribeIpReport')
# or:
# request = CommonRequest(domain='sasti.aliyuncs.com'', version='2020-05-12', action_name='DescribeIpReport')
request.add_query_param('Ip', '8.8.XX.XX')
request.add_query_param('Field', 'Tags,Whois,ThreatTypes,Intelligences,AttackPreferenceTop5,AttackCntByThreatType')
response = client.do_action_with_exception(request)
    返回示例如下:
    {
    "Context": "",
    "Whois": "",
    "AttackCntByThreatType": [
        {
            "event_cnt": 2536,
            "threat_type": "应用层入侵"
        }
    ],
    "RequestId": "A736BB54-4819-475E-813B-B466968B18B9",
    "ThreatLevel": "3",
    "Confidence": "98",
    "Ip": {
        "country": "美国",
        "province": "加利福尼亚州",
        "city": "洛杉矶",
        "ip": "X.X.X.X",
        "isp": "example.com",
        "idc_name": "*",
        "asn": "XXXXXX",
        "asn_label": "VNET"
    },
    "ThreatTypes": [
        {
            "threat_type_desc": "SQL注入",
            "last_find_time": "2021-02-28 00:18:40",
            "risk_type": 3,
            "scenario": "攻击指标",
            "threat_type": "SQL Injection",
            "first_find_time": "2021-02-25 15:54:09",
            "attck_stage": ""
        },
        {
            "threat_type_desc": "网络服务扫描",
            "last_find_time": "2021-03-17 23:52:39",
            "risk_type": 2,
            "scenario": "攻击指标",
            "threat_type": "Network Service Scanning",
            "first_find_time": "2020-11-09 02:04:25",
            "attck_stage": "initial access"
        }
    ],
    "Intelligences": [
        {
            "last_find_time": "2021-01-29 10:50:00",
            "threat_type_l2": "一句话木马扫描",
            "first_find_time": "2021-01-29 00:28:43",
            "source": "aliyun"
        },
        {
            "last_find_time": "2021-02-28 00:18:40",
            "threat_type_l2": "SQL注入攻击",
            "first_find_time": "2021-02-25 15:54:09",
            "source": "aliyun"
        },
        {
            "last_find_time": "2021-03-12 14:59:18",
            "threat_type_l2": "请求etcpasswd",
            "first_find_time": "2021-03-12 14:59:18",
            "source": "aliyun"
        }
    ],
    "AttackPreferenceTop5": [
        {
            "event_cnt": 4,
            "industry_name": "互联网",
            "gmt_last_attack": "2021-02-23 08:01:11"
        },
        {
            "event_cnt": 42,
            "industry_name": "零售",
            "gmt_last_attack": "2021-03-17 12:00:21"
        }
    ],
    "Scenario": "攻击指标"
}