本文档介绍如何使用Python SDK获取域名报告。
域名报告包含了域名Whois信息、数字证书、威胁类型、相关攻击团伙或安全事件信息。详细内容,请参见DescribeDomainReport接口的返回数据。
前提条件
开始运行示例脚本前,请确保您已完成以下准备工作:
- 已开通阿里云官网账号。
- 已生成AccessKey(用于使用SDK时进行身份验证)。
确保您当前账号下已创建了AccessKey ID和AccessKey Secret。
- 已开通阿里云威胁情报服务。
操作步骤
- 安装Java SDK。更多详细内容请参见安装Alibaba Cloud SDK for Java。
- 运行以下示例脚本,调用IP情报接口。
import com.aliyuncs.CommonRequest; import com.aliyuncs.CommonResponse; import com.aliyuncs.DefaultAcsClient; import com.aliyuncs.IAcsClient; import com.aliyuncs.exceptions.ClientException; import com.aliyuncs.exceptions.ServerException; import com.aliyuncs.profile.DefaultProfile; public class Sample { public static void main(String[] args) { // 创建DefaultAcsClient实例并初始化 DefaultProfile profile = DefaultProfile.getProfile( "cn-zhangjiakou", // 您的地域ID "<your-access-key-id>", // 您的AccessKey ID "<your-access-key-secret>"); // 您的AccessKey Secret IAcsClient client = new DefaultAcsClient(profile); // 创建API请求并设置参数 CommonRequest request = new CommonRequest(); request.setDomain("sasti.aliyuncs.com"); request.setVersion("2020-05-12"); request.setAction("DescribeDomainReport"); request.putQueryParameter("Domain", "aliyundoc.com"); try { CommonResponse response = client.getCommonResponse(request); System.out.println(response.getData()); } catch (ServerException e) { // TODO Auto-generated catch block e.printStackTrace(); } catch (ClientException e) { // TODO Auto-generated catch block e.printStackTrace(); } } }
返回示例如下:{ "Context": "", "Basic": { "ip_cnt": "36", "domain": "example.com", "child_domain_cnt": "18", "sld_domain": "example.com", "malicious_ip_cnt": "28", "malicious_child_domain_cnt": "4" }, "RequestId": "55B99BBE-AD29-4220-A650-A24F16C61071", "SslCert": "", "ThreatTypes": [ { "threat_type_desc": "中控", "last_find_time": "2019-12-19 10:20:47", "risk_type": 3, "scenario": "失陷指标", "threat_type": "C&C Server", "first_find_time": "2019-06-20 22:18:58", "attck_stage": "" }, { "threat_type_desc": "Regsvr32执行", "last_find_time": "2020-11-10 14:45:12", "risk_type": 3, "scenario": "失陷指标", "threat_type": "Regsvr32", "first_find_time": "2017-09-22 11:15:00", "attck_stage": "defense evasion" } ], "Intelligences": [ { "last_find_time": "2020-06-17 03:54:23", "threat_type_l2": "恶意下载源", "first_find_time": "2020-01-01 00:59:52", "source": "aliyun" }, { "last_find_time": "2020-11-10 14:45:12", "threat_type_l2": "regsvr32.exe执行恶意文件", "first_find_time": "2017-09-22 11:15:00", "source": "aliyun" } ], "Scenario": "失陷指标", "Whois": "", "AttackCntByThreatType": "", "ThreatLevel": 2, "Confidence": 98, "Domain": "js.example.com", "AttackPreferenceTop5": "" }