DocsICP FilingConsole
官方文档
首页

DescribeOutgoingDestinationIP

更新时间:
复制 MD 格式
产品详情
我的收藏

Displays the destination IP of an active outbound connection.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

  • Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.

  • API: The API that you can call to perform the action.

  • Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.

  • Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.

    • For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.

    • For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.

  • Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.

  • Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

yundun-cloudfirewall:DescribeOutgoingDestinationIP

get

*All Resource

*

 None None

Request parameters

Parameter

Type

Required

Description

Example
Lang

string

No

The language of the response. Valid values:

  • zh (default): Chinese.

  • en: English.

Valid values:

  • en :

    English

  • zh :

    Chinese

zh
StartTime

string

Yes

The start of the time range to query. The value is a timestamp in seconds.

1656837360
EndTime

string

Yes

The end of the time range to query. The value is a timestamp in seconds.

1656923760
PageSize

string

No

The number of entries to return on each page.

Default value: 6. Maximum value: 10.

10
CurrentPage

string

No

The page number to return.

Default value: 1.

1
CategoryId

string

No

The ID of the service category. Valid values:

  • All: all categories

  • RiskDomain: risk domains

  • RiskIP: risk IPs

  • AliYun: Alibaba Cloud services

  • NotAliYun: services other than Alibaba Cloud services

All
DstIP

string

No

The destination IP address of the outbound connection.

10.0.XX.XX
PublicIP

string

No

The public IP address of the ECS instance that initiates the outbound connection.

192.0.XX.XX
PrivateIP

string

No

The private IP address of the ECS instance that initiates the outbound connection.

192.168.XX.XX
Port

string

No

The port number.

80
Sort

string

No

The field by which to sort the results. Valid values:

  • SessionCount (default): request count.

  • TotalBytes: total traffic.

SessionCount
Order

string

No

The sort order. Valid values:

  • asc: ascending order.

  • desc (default): descending order.

desc
TagIdNew

string

No

The ID of the threat intelligence tag. Valid values:

  • AliYun: Alibaba Cloud service

  • RiskDomain: risk domain

  • RiskIP: risk IP

  • TrustedDomain: trusted website

  • AliPay: Alipay

  • DingDing: DingTalk

  • WeChat: WeChat

  • QQ: Tencent QQ

  • SecurityService: security service

  • Microsoft: Microsoft

  • Amazon: Amazon

  • Pan: cloud drive

  • Map: map

  • Code: code hosting

  • SystemService: system service

  • Taobao: Taobao

  • Google: Google

  • ThirdPartyService: third-party service

  • FirstFlow: first access

  • Downloader: malicious downloader

  • Alexa Top1M: popular website

  • Miner: mining pool

  • Intelligence: threat intelligence

  • DDoS: DDoS trojan

  • Ransomware: ransomware

  • Spyware: spyware

  • Rogue: rogue software

  • Botnet: botnet

  • Suspicious: suspicious website

  • C&C: command and control (C&C)

  • Gang: threat actor group

  • CVE: CVE

  • Backdoor: backdoor

  • Phishing: phishing website

  • APT: APT attack

  • Supply Chain Attack: supply chain attack

  • Malicious software: malware

AliYun
ApplicationName

string

No

The application type supported by the access control policy.

  • FTP

  • HTTP

  • HTTPS

  • Memcache

  • MongoDB

  • MQTT

  • MySQL

  • RDP

  • Redis

  • SMTP

  • SMTPS

  • SSH

  • SSL_No_Cert

  • SSL

  • VNC

Note

The supported application types depend on the protocol type specified in the Proto parameter. If Proto is set to TCP, all application types listed above are supported. If both ApplicationName and ApplicationNameList are specified, the value of ApplicationNameList takes precedence.

FTP

Response elements

Element

Type

Description

Example

object

TotalCount

integer

The total number of outgoing IPs.

50
RequestId

string

The request ID.

F0F82705-CFC7-5F83-86C8-A063892F****
DstIPList

array<object>

A list of destination IP addresses for outgoing connections.

array<object>

AclCoverage

string

Indicates whether an access control policy is applied. Valid values:

  • Uncovered: No policy is applied.

  • FullCoverage: A policy is applied.

Uncovered
DstIP

string

The destination IP address of the outgoing connection.

10.0.XX.XX
AclRecommendDetail

string

Details of the ACL recommendation.

建议放行
HasAclRecommend

boolean

Indicates whether an ACL is recommended. Valid values:

  • true: An ACL is recommended.

  • false: No ACL is recommended.

true
InBytes

integer

The total inbound traffic in bytes.

472
CategoryName

string

The service category of the destination IP address. Valid values:

  • Alibaba Cloud product

  • non-Alibaba Cloud product

阿里云产品
RuleName

string

The name of the ACL rule.

默认规则
RuleId

string

The UUID of the ACL rule.

fadsfd-dfadf-df****
SessionCount

integer

The number of requests.

4
GroupName

string

The name of the rule group.

rules_test
SecuritySuggest

string

The recommended security action for the outgoing connection. Valid values:

  • pass: Allows the connection.

  • alert: Rejects the connection.

  • drop: Drops the connection.

pass
OutBytes

integer

The total outbound traffic in bytes.

965
AclStatus

string

The health status of the access control policy. Valid values:

  • Normal: Healthy.

  • Abnormal: Unhealthy.

Normal
IsMarkNormal

boolean

Indicates whether the destination IP address is added to the allowlist. Valid values:

  • true: The destination IP address is on the allowlist.

  • false: The destination IP address is not on the allowlist.

true
CategoryId

string

The ID of the service category. Valid values:

  • Aliyun: The destination is an Alibaba Cloud product.

  • NotAliyun: The destination is a non-Alibaba Cloud product.

Aliyun
TagList

array<object>

A list of tags associated with the destination IP.

object

RiskLevel

integer

The risk level. Valid values:

  • 1: Low

  • 2: Medium

  • 3: High

1
TagName

string

The name of the threat intelligence tag.

ReleaseLabel
TagId

string

The ID of the threat intelligence tag.

ReleaseLabel
TagDescribe

string

The description of the threat intelligence tag.

ReleaseLabel
ClassId

string

The category of the threat intelligence tag. Valid values:

  • Suspicious

  • Malicious

  • Trusted

Trusted
ApplicationPortList

array<object>

The list of application ports.

Note

This response returns a maximum of 99 application ports. If more than 99 ports exist, only the first 99 are returned.

object

Details of an application port.

Port

integer

The application port.

80
ApplicationName

string

The application protocol detected for the connection. Valid values:

  • FTP

  • HTTP

  • HTTPS

  • Memcache

  • MongoDB

  • MQTT

  • MySQL

  • RDP

  • Redis

  • SMTP

  • SMTPS

  • SSH

  • SSL_No_Cert

  • SSL

  • VNC

Note

HTTP
UnknownReason

array

A list of reasons why the application protocol was not identified.

string

The reason why the protocol analysis failed.

tcp_not_establish
CategoryClassId

string

The threat intelligence category of the destination IP address. Valid values:

  • Suspicious

  • Malicious

  • Trusted

Trusted
SecurityReason

string

The reason for the security recommendation.

智能策略:该目的域名所属组织为阿里云计算有限公司,主要业务为阿里云,未发现安全风险,可用于配置外联白名单。
TotalBytes

string

The total traffic volume in bytes.

800
HasAcl

string

Indicates whether an access control rule exists. Valid values:

  • true: An access control rule exists.

  • false: No access control rule exists.

true
AddressGroupList

array<object>

A list of address books that contain this destination IP address.

object

AddressGroupUUID

string

The UUID of the address book.

f04ac7ce-628b-4cb7-be61-310222b7****
AddressGroupName

string

The name of the address book.

IP地址簿
AssetCount

integer

The total number of assets that initiated outgoing connections to this destination IP.

20
PrivateAssetCount

integer

The total number of private assets that initiated outgoing connections to this destination IP.

20
LocationName

string

The geographical location of the destination IP address.

山东省青岛市

Examples

Success response

JSON format

{
  "TotalCount": 50,
  "RequestId": "F0F82705-CFC7-5F83-86C8-A063892F****",
  "DstIPList": [
    {
      "AclCoverage": "Uncovered",
      "DstIP": "10.0.XX.XX",
      "AclRecommendDetail": "建议放行",
      "HasAclRecommend": true,
      "InBytes": 472,
      "CategoryName": "阿里云产品",
      "RuleName": "默认规则",
      "RuleId": "fadsfd-dfadf-df****",
      "SessionCount": 4,
      "GroupName": "rules_test",
      "SecuritySuggest": "pass",
      "OutBytes": 965,
      "AclStatus": "Normal",
      "IsMarkNormal": true,
      "CategoryId": "Aliyun",
      "TagList": [
        {
          "RiskLevel": 1,
          "TagName": "ReleaseLabel",
          "TagId": "ReleaseLabel",
          "TagDescribe": "ReleaseLabel",
          "ClassId": "Trusted"
        }
      ],
      "ApplicationPortList": [
        {
          "Port": 80,
          "ApplicationName": "HTTP",
          "UnknownReason": [
            "tcp_not_establish"
          ]
        }
      ],
      "CategoryClassId": "Trusted",
      "SecurityReason": "智能策略:该目的域名所属组织为阿里云计算有限公司,主要业务为阿里云,未发现安全风险,可用于配置外联白名单。",
      "TotalBytes": "800",
      "HasAcl": "true",
      "AddressGroupList": [
        {
          "AddressGroupUUID": "f04ac7ce-628b-4cb7-be61-310222b7****",
          "AddressGroupName": "IP地址簿"
        }
      ],
      "AssetCount": 20,
      "PrivateAssetCount": 20,
      "LocationName": "山东省青岛市"
    }
  ]
}

Error codes

HTTP status code

Error code

Error message

Description
400 ErrorAliUid Aliuid invalid. The aliuid is invalid.
400 ErrorTimeError The time is invalid. The time is invalid.
400 ErrorIpFormat The IP address is invalid. The IP address is invalid.
400 ErrorDBSelectError A database select error occurred. The error message returned because an internal error has occurred in querying the database.
400 ErrorPortError The port is invalid. The port is invalid.
400 ErrorSecuritySuggest The security suggest is invalid. The security suggest is invalid.
400 ErrorSortError The sort is invalid. The sort is invalid.
400 ErrorOrderFailed The order is invalid. The order is invalid.
400 ErrorPageNo Either page number or page size is invalid. Either page number or page size is invalid.
400 ErrorIntervalError The interval is invalid. The interval is invalid.
400 ErrorDataTypeError The data type is invalid. The data type is invalid.
400 ErrorMarshalJSON internal error. Internal error.

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.