本文档介绍如何使用Python SDK获取域名报告。

域名报告包含了域名Whois信息、数字证书、威胁类型、相关攻击团伙或安全事件信息。详细内容,请参见DescribeDomainReport接口的返回数据。

前提条件

开始运行示例脚本前,请确保您已完成以下准备工作:
  • 已开通阿里云官网账号。
  • 已生成AccessKey(用于使用SDK时进行身份验证)。

    确保您当前账号下已创建了AccessKey ID和AccessKey Secret。

  • 已开通阿里云威胁情报服务。

操作步骤

  1. 安装Java SDK。更多详细内容请参见安装Alibaba Cloud SDK for Java
  2. 运行以下示例脚本,调用IP情报接口。
    import com.aliyuncs.CommonRequest;
    import com.aliyuncs.CommonResponse;
    import com.aliyuncs.DefaultAcsClient;
    import com.aliyuncs.IAcsClient;
    import com.aliyuncs.exceptions.ClientException;
    import com.aliyuncs.exceptions.ServerException;
    import com.aliyuncs.profile.DefaultProfile;
    public class Sample {
        public static void main(String[] args) {
            // 创建DefaultAcsClient实例并初始化
            DefaultProfile profile = DefaultProfile.getProfile(
                "cn-zhangjiakou",          // 您的地域ID
                "<your-access-key-id>",      // 您的AccessKey ID
                "<your-access-key-secret>"); // 您的AccessKey Secret
            IAcsClient client = new DefaultAcsClient(profile);
            // 创建API请求并设置参数
            CommonRequest request = new CommonRequest();
            request.setDomain("sasti.aliyuncs.com");
            request.setVersion("2020-05-12");
            request.setAction("DescribeDomainReport");
            request.putQueryParameter("Domain", "aliyundoc.com");
            try {
                CommonResponse response = client.getCommonResponse(request);
                System.out.println(response.getData());
            } catch (ServerException e) {
                // TODO Auto-generated catch block
                e.printStackTrace();
            } catch (ClientException e) {
                // TODO Auto-generated catch block
                e.printStackTrace();
            }
        }
    }
    返回示例如下:
    {
        "Context": "",
        "Basic": {
            "ip_cnt": "36",
            "domain": "example.com",
            "child_domain_cnt": "18",
            "sld_domain": "example.com",
            "malicious_ip_cnt": "28",
            "malicious_child_domain_cnt": "4"
        },
        "RequestId": "55B99BBE-AD29-4220-A650-A24F16C61071",
        "SslCert": "",
        "ThreatTypes": [
            {
                "threat_type_desc": "中控",
                "last_find_time": "2019-12-19 10:20:47",
                "risk_type": 3,
                "scenario": "失陷指标",
                "threat_type": "C&C Server",
                "first_find_time": "2019-06-20 22:18:58",
                "attck_stage": ""
            },
            {
                "threat_type_desc": "Regsvr32执行",
                "last_find_time": "2020-11-10 14:45:12",
                "risk_type": 3,
                "scenario": "失陷指标",
                "threat_type": "Regsvr32",
                "first_find_time": "2017-09-22 11:15:00",
                "attck_stage": "defense evasion"
            }
        ],
        "Intelligences": [
            {
                "last_find_time": "2020-06-17 03:54:23",
                "threat_type_l2": "恶意下载源",
                "first_find_time": "2020-01-01 00:59:52",
                "source": "aliyun"
            },
            {
                "last_find_time": "2020-11-10 14:45:12",
                "threat_type_l2": "regsvr32.exe执行恶意文件",
                "first_find_time": "2017-09-22 11:15:00",
                "source": "aliyun"
            }
        ],
        "Scenario": "失陷指标",
        "Whois": "",
        "AttackCntByThreatType": "",
        "ThreatLevel": 2,
        "Confidence": 98,
        "Domain": "js.example.com",
        "AttackPreferenceTop5": ""
    }