获取域名报告 - 威胁情报（文档停止维护）

本文档介绍如何使用Python SDK获取域名报告。

域名报告包含了域名Whois信息、数字证书、威胁类型、相关攻击团伙或安全事件信息。详细内容，请参见DescribeDomainReport接口的返回数据。

前提条件

开始运行示例脚本前，请确保您已完成以下准备工作：

已开通阿里云官网账号。
已生成AccessKey（用于使用SDK时进行身份验证）。
确保您当前账号下已创建了AccessKey ID和AccessKey Secret。
已开通阿里云威胁情报服务。

操作步骤

安装Java SDK。更多详细内容请参见安装Alibaba Cloud SDK for Java。

运行以下示例脚本，调用IP情报接口。

import com.aliyuncs.CommonRequest;
import com.aliyuncs.CommonResponse;
import com.aliyuncs.DefaultAcsClient;
import com.aliyuncs.IAcsClient;
import com.aliyuncs.exceptions.ClientException;
import com.aliyuncs.exceptions.ServerException;
import com.aliyuncs.profile.DefaultProfile;
public class Sample {
    public static void main(String[] args) {
        // 创建DefaultAcsClient实例并初始化
        DefaultProfile profile = DefaultProfile.getProfile(
            "cn-zhangjiakou",          // 您的地域ID
            "<your-access-key-id>",      // 您的AccessKey ID
            "<your-access-key-secret>"); // 您的AccessKey Secret
        IAcsClient client = new DefaultAcsClient(profile);
        // 创建API请求并设置参数
        CommonRequest request = new CommonRequest();
        request.setDomain("sasti.aliyuncs.com");
        request.setVersion("2020-05-12");
        request.setAction("DescribeDomainReport");
        request.putQueryParameter("Domain", "aliyundoc.com");
        try {
            CommonResponse response = client.getCommonResponse(request);
            System.out.println(response.getData());
        } catch (ServerException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        } catch (ClientException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }
    }
}

返回示例如下：

{
    "Context": "",
    "Basic": {
        "ip_cnt": "36",
        "domain": "example.com",
        "child_domain_cnt": "18",
        "sld_domain": "example.com",
        "malicious_ip_cnt": "28",
        "malicious_child_domain_cnt": "4"
    },
    "RequestId": "55B99BBE-AD29-4220-A650-A24F16C61071",
    "SslCert": "",
    "ThreatTypes": [
        {
            "threat_type_desc": "中控",
            "last_find_time": "2019-12-19 10:20:47",
            "risk_type": 3,
            "scenario": "失陷指标",
            "threat_type": "C&C Server",
            "first_find_time": "2019-06-20 22:18:58",
            "attck_stage": ""
        },
        {
            "threat_type_desc": "Regsvr32执行",
            "last_find_time": "2020-11-10 14:45:12",
            "risk_type": 3,
            "scenario": "失陷指标",
            "threat_type": "Regsvr32",
            "first_find_time": "2017-09-22 11:15:00",
            "attck_stage": "defense evasion"
        }
    ],
    "Intelligences": [
        {
            "last_find_time": "2020-06-17 03:54:23",
            "threat_type_l2": "恶意下载源",
            "first_find_time": "2020-01-01 00:59:52",
            "source": "aliyun"
        },
        {
            "last_find_time": "2020-11-10 14:45:12",
            "threat_type_l2": "regsvr32.exe执行恶意文件",
            "first_find_time": "2017-09-22 11:15:00",
            "source": "aliyun"
        }
    ],
    "Scenario": "失陷指标",
    "Whois": "",
    "AttackCntByThreatType": "",
    "ThreatLevel": 2,
    "Confidence": 98,
    "Domain": "js.example.com",
    "AttackPreferenceTop5": ""
}