本文介绍了如何使用Python SDK获取全球范围内IP情报相关的报告。

IP情报报告内容包含了IP地址相关地理位置信息、域名解析信息、威胁类型、相关攻击团伙或安全事件信息等。详细内容,请参见DescribeIpReport接口的返回数据。

前提条件

开始运行示例脚本前,请确保您已完成以下准备工作:
  • 已开通阿里云官网账号。
  • 已生成AccessKey(用于使用SDK时进行身份验证)。

    确保您当前账号下已创建了AccessKey ID和AccessKey Secret。

  • 已开通阿里云威胁情报服务。

操作步骤

  1. 安装Python SDK。更多详细内容,请参见快速开始
  2. 运行以下示例脚本,调用IP情报接口。
    from aliyunsdkcore.client import AcsClient
    from aliyunsdkcore.request import CommonRequest
    client = AcsClient('{your_access_key_id}', '{your_access_key_secret}', 'cn-zhangjiakou')
    request = CommonRequest()
    request.set_domain('sasti.aliyuncs.com')
    request.set_version('2020-05-12')
    request.set_action_name('DescribeIpReport')
    # or:
    # request = CommonRequest(domain='sasti.aliyuncs.com'', version='2020-05-12', action_name='DescribeIpReport')
    request.add_query_param('Ip', '8.8.XX.XX')
    request.add_query_param('Field', 'Tags,Whois,ThreatTypes,Intelligences,AttackPreferenceTop5,AttackCntByThreatType')
    response = client.do_action_with_exception(request)
    返回示例如下:
    {
        "Context": "",
        "Whois": "",
        "AttackCntByThreatType": [
            {
                "event_cnt": 2536,
                "threat_type": "应用层入侵"
            }
        ],
        "RequestId": "A736BB54-4819-475E-813B-B466968B18B9",
        "ThreatLevel": "3",
        "Confidence": "98",
        "Ip": {
            "country": "美国",
            "province": "加利福尼亚州",
            "city": "洛杉矶",
            "ip": "X.X.X.X",
            "isp": "example.com",
            "idc_name": "*",
            "asn": "XXXXXX",
            "asn_label": "VNET"
        },
        "ThreatTypes": [
            {
                "threat_type_desc": "SQL注入",
                "last_find_time": "2021-02-28 00:18:40",
                "risk_type": 3,
                "scenario": "攻击指标",
                "threat_type": "SQL Injection",
                "first_find_time": "2021-02-25 15:54:09",
                "attck_stage": ""
            },
            {
                "threat_type_desc": "网络服务扫描",
                "last_find_time": "2021-03-17 23:52:39",
                "risk_type": 2,
                "scenario": "攻击指标",
                "threat_type": "Network Service Scanning",
                "first_find_time": "2020-11-09 02:04:25",
                "attck_stage": "initial access"
            }
        ],
        "Intelligences": [
            {
                "last_find_time": "2021-01-29 10:50:00",
                "threat_type_l2": "一句话木马扫描",
                "first_find_time": "2021-01-29 00:28:43",
                "source": "aliyun"
            },
            {
                "last_find_time": "2021-02-28 00:18:40",
                "threat_type_l2": "SQL注入攻击",
                "first_find_time": "2021-02-25 15:54:09",
                "source": "aliyun"
            },
            {
                "last_find_time": "2021-03-12 14:59:18",
                "threat_type_l2": "请求etcpasswd",
                "first_find_time": "2021-03-12 14:59:18",
                "source": "aliyun"
            }
        ],
        "AttackPreferenceTop5": [
            {
                "event_cnt": 4,
                "industry_name": "互联网",
                "gmt_last_attack": "2021-02-23 08:01:11"
            },
            {
                "event_cnt": 42,
                "industry_name": "零售",
                "gmt_last_attack": "2021-03-17 12:00:21"
            }
        ],
        "Scenario": "攻击指标"
    }