本文介绍了如何使用Python SDK获取全球范围内IP情报相关的报告。
IP情报报告内容包含了IP地址相关地理位置信息、域名解析信息、威胁类型、相关攻击团伙或安全事件信息等。详细内容,请参见DescribeIpReport接口的返回数据。
前提条件
开始运行示例脚本前,请确保您已完成以下准备工作:
- 已开通阿里云官网账号。
- 已生成AccessKey(用于使用SDK时进行身份验证)。
确保您当前账号下已创建了AccessKey ID和AccessKey Secret。
- 已开通阿里云威胁情报服务。
操作步骤
- 安装Python SDK。更多详细内容,请参见快速开始。
- 运行以下示例脚本,调用IP情报接口。
from aliyunsdkcore.client import AcsClient from aliyunsdkcore.request import CommonRequest client = AcsClient('{your_access_key_id}', '{your_access_key_secret}', 'cn-zhangjiakou') request = CommonRequest() request.set_domain('sasti.aliyuncs.com') request.set_version('2020-05-12') request.set_action_name('DescribeIpReport') # or: # request = CommonRequest(domain='sasti.aliyuncs.com'', version='2020-05-12', action_name='DescribeIpReport') request.add_query_param('Ip', '8.8.XX.XX') request.add_query_param('Field', 'Tags,Whois,ThreatTypes,Intelligences,AttackPreferenceTop5,AttackCntByThreatType') response = client.do_action_with_exception(request)
返回示例如下:{ "Context": "", "Whois": "", "AttackCntByThreatType": [ { "event_cnt": 2536, "threat_type": "应用层入侵" } ], "RequestId": "A736BB54-4819-475E-813B-B466968B18B9", "ThreatLevel": "3", "Confidence": "98", "Ip": { "country": "美国", "province": "加利福尼亚州", "city": "洛杉矶", "ip": "X.X.X.X", "isp": "example.com", "idc_name": "*", "asn": "XXXXXX", "asn_label": "VNET" }, "ThreatTypes": [ { "threat_type_desc": "SQL注入", "last_find_time": "2021-02-28 00:18:40", "risk_type": 3, "scenario": "攻击指标", "threat_type": "SQL Injection", "first_find_time": "2021-02-25 15:54:09", "attck_stage": "" }, { "threat_type_desc": "网络服务扫描", "last_find_time": "2021-03-17 23:52:39", "risk_type": 2, "scenario": "攻击指标", "threat_type": "Network Service Scanning", "first_find_time": "2020-11-09 02:04:25", "attck_stage": "initial access" } ], "Intelligences": [ { "last_find_time": "2021-01-29 10:50:00", "threat_type_l2": "一句话木马扫描", "first_find_time": "2021-01-29 00:28:43", "source": "aliyun" }, { "last_find_time": "2021-02-28 00:18:40", "threat_type_l2": "SQL注入攻击", "first_find_time": "2021-02-25 15:54:09", "source": "aliyun" }, { "last_find_time": "2021-03-12 14:59:18", "threat_type_l2": "请求etcpasswd", "first_find_time": "2021-03-12 14:59:18", "source": "aliyun" } ], "AttackPreferenceTop5": [ { "event_cnt": 4, "industry_name": "互联网", "gmt_last_attack": "2021-02-23 08:01:11" }, { "event_cnt": 42, "industry_name": "零售", "gmt_last_attack": "2021-03-17 12:00:21" } ], "Scenario": "攻击指标" }