DocsICP FilingConsole
官方文档
首页

DescribeInvadeEventList

更新时间:
复制 MD 格式
产品详情
我的收藏

Queries Cloud Firewall threat detection events.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

  • Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.

  • API: The API that you can call to perform the action.

  • Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.

  • Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.

    • For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.

    • For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.

  • Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.

  • Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

yundun-cloudfirewall:DescribeInvadeEventList

get

*All Resource

*

 None None

Request parameters

Parameter

Type

Required

Description

Example
Lang

string

No

The language of the response. Valid values:

  • zh (default): Chinese.

  • en: English.

Valid values:

  • en :

    English

  • zh :

    Chinese

zh
SourceIp deprecated

string

No

The source IP address that initiated the event.

192.0.XX.XX
Lang

string

No

The language of the message. Valid values:

  • zh (default): Chinese.

  • en: English.

Valid values:

  • en :

    English

  • zh :

    Chinese

zh
StartTime

string

No

The start of the time range to query. This must be a UNIX timestamp in seconds. If you omit this parameter, the query defaults to the last 30 days.

1656750960
EndTime

string

No

The end of the time range to query. This must be a UNIX timestamp in seconds. If you omit this parameter, the query defaults to the current time.

1656837360
CurrentPage

string

No

The number of the page to return.

Default: 1.

1
PageSize

string

No

The number of entries to return per page.

Default: 6. Maximum: 10.

1
AssetsInstanceId

string

No

The ID of the affected instance.

ins_1321_asedb_****
AssetsInstanceName

string

No

The name of the affected instance.

ECS_test
IsIgnore

string

No

Specifies whether to query for ignored breach awareness events. Valid values:

  • true: Ignored.

  • false: Not ignored.

true
AssetsIP

string

No

The IP address of the affected asset.

10.0.XX.XX
EventKey

string

No

A unique identifier for the breach awareness event.

69d189e2-ec17-4676-a2fe-02969234****
EventName

string

No

The name of the breach awareness event.

event_test
EventUuid

string

No

The universally unique identifier (UUID) of the breach awareness event.

fadd-dfdd-****
MemberUid

integer

No

The UID of the member account.

135809047715****
ProcessStatusList

array

No

An array of processing statuses to filter events by. Only events with a status specified in this array are returned.

1358090477156271

integer

No

The processing status of the breach awareness event. Valid values:

  • 0: Unhandled.

  • 20: Resolved.

0
RiskLevel

array

No

An array of risk levels to filter events by. Only events with a risk level specified in this array are returned.

integer

No

The risk level of the breach awareness event. Valid values:

  • 1: Low.

  • 2: Medium.

  • 3: High.

3

Response elements

Element

Type

Description

Example

object

LowLevelPercent

integer

The percentage of low-risk events.

20
RequestId

string

The request ID.

F0F82705-CFC7-5F83-86C8-A063892F****
MiddleLevelPercent

integer

The percentage of medium-risk events.

40
HighLevelPercent

integer

The percentage of high-risk events.

40
PageInfo

object

The pagination information.

CurrentPage

integer

The page number of the returned page.

1
PageSize

integer

The number of entries returned per page.

10
TotalCount

integer

The total number of breach detection events.

40
EventList

array<object>

The list of breach detection events.

object

RiskLevel

integer

The risk level. Valid values:

  • 1: low

  • 2: medium

  • 3: high

1
EventName

string

The name of the breach detection event.

event_test
EventKey

string

The ID of the breach detection event.

69d189e2-ec17-4676-a2fe-02969234****
EventUuid

string

The UUID of the breach detection event.

fadd-dfdd-****
MemberUid

string

The UID of the member.

135809047715****
AssetsType

string

The type of the affected asset. Valid values:

  • BastionHostIP: the egress IP address of a bastion host.

  • BastionHostIngressIP: the ingress IP address of a bastion host.

  • EcsEIP: the EIP of an ECS instance.

  • EcsPublicIP: the public IP address of an ECS instance.

  • EIP: an EIP.

  • EniEIP: the EIP of an ENI.

  • NatEIP: the EIP of a NAT gateway.

  • SlbEIP: the EIP of a CLB instance.

  • SlbPublicIP: the public IP address of a CLB instance.

  • NatPublicIP: the public IP address of a NAT gateway.

  • HAVIP: an HAVIP.

EcsPublicIp
FirstTime

integer

The time when the breach detection event first occurred. This value is a UNIX timestamp. Unit: seconds.

1656750960
EventSrc

string

The source of the breach detection event. Valid values:

  • IPS: an intrusion prevention system event.

  • offline: an offline event.

IPS
PrivateIP

string

The private IP address of the affected asset.

192.168.XX.XX
AssetsInstanceName

string

The name of the affected asset.

ECS_test
LastTime

integer

The time when the breach detection event last occurred. This value is a UNIX timestamp. Unit: seconds.

1656837360
PublicIpType

string

The type of the affected asset. Valid values:

  • BastionHostIP: the egress IP address of a bastion host.

  • BastionHostIngressIP: the ingress IP address of a bastion host.

  • EcsEIP: the EIP of an ECS instance.

  • EcsPublicIP: the public IP address of an ECS instance.

  • EIP: an EIP.

  • EniEIP: the EIP of an ENI.

  • NatEIP: the EIP of a NAT gateway.

  • SlbEIP: the EIP of a CLB instance.

  • SlbPublicIP: the public IP address of a CLB instance.

  • NatPublicIP: the public IP address of a NAT gateway.

  • HAVIP: an HAVIP.

EcsPublicIp
IsIgnore

boolean

Indicates whether the breach detection event is ignored. Valid values:

  • true: The event is ignored.

  • false: The event is not ignored.

true
PublicIP

string

The public IP address of the affected asset.

198.51.XX.XX
ProcessStatus

integer

The handling status of the breach detection event. Valid values:

  • 0: pending

  • 20: handled

20
AssetsInstanceId

string

The instance ID of the affected asset.

i-ECS****

Examples

Success response

JSON format

{
  "LowLevelPercent": 20,
  "RequestId": "F0F82705-CFC7-5F83-86C8-A063892F****",
  "MiddleLevelPercent": 40,
  "HighLevelPercent": 40,
  "PageInfo": {
    "CurrentPage": 1,
    "PageSize": 10,
    "TotalCount": 40
  },
  "EventList": [
    {
      "RiskLevel": 1,
      "EventName": "event_test",
      "EventKey": "69d189e2-ec17-4676-a2fe-02969234****",
      "EventUuid": "fadd-dfdd-****",
      "MemberUid": "135809047715****",
      "AssetsType": "EcsPublicIp",
      "FirstTime": 1656750960,
      "EventSrc": "IPS",
      "PrivateIP": "192.168.XX.XX",
      "AssetsInstanceName": "ECS_test",
      "LastTime": 1656837360,
      "PublicIpType": "EcsPublicIp",
      "IsIgnore": true,
      "PublicIP": "198.51.XX.XX",
      "ProcessStatus": 20,
      "AssetsInstanceId": "i-ECS****"
    }
  ]
}

Error codes

HTTP status code

Error code

Error message

Description
400 ErrorAliUid Aliuid invalid. The aliuid is invalid.
400 ErrorDBSelectError A database select error occurred. The error message returned because an internal error has occurred in querying the database.
400 ErrorUnMarshalJSON internal error. Internal Error
400 ErrorMarshalJSON internal error. Internal error.

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.