Threatbook组件_云安全中心(Security Center)-阿里云帮助中心

Threatbook组件通过调用微步在线的接口获取文件分析报告、IP及域名威胁判定。

前提条件

使用Threatbook组件，请前往系统设置 > 功能设置 > 多云配置管理中多云资产模块完成IDC云外资产授权，若已配置请忽略。配置步骤如下：

单击新增授权，选择IDC。在资产接入面板，配置项参考如下：
说明
微步在线默认授权给威胁分析与响应，暂不支持其他功能。
配置项
说明
厂商
微步在线。
产品
情报云API。
账户ID
微步在线账户ID。
API KEY
微步在线API KEY。
配置策略：为防止AK失效，影响业务使用，建议打开AK服务状态检查。

功能描述

动作	描述
fileReport	获取文件详细的静态分析&动态分析报告。包括文件的概要信息、网络行为、行为签名、静态信息、释放行为、进程行为、反病毒扫描引擎检测结果。
iocReport	针对办公网/生产网等对外访问场景的IP/域名进行分析。通过判定规则精准判别IP/域名是否恶意、风险严重级别、可信度级别，准确识别远控（C2）、恶意软件（Malware）、矿池威胁，提供相关安全事件或团伙标签等。
ipReport	针对入站场景的IP进行分析，能够提供IP的地理位置、ASN信息。通过判定规则精准判别IP是否恶意、风险严重级别、可信度级别，识别威胁类型，如：漏洞利用（exploit）、傀儡机（Zombie）等及相关安全事件或团伙标签。

组件配置示例

本文提供了Threatbook组件各动作的参数配置示例，您可将其作为测试剧本导入。通过可视化流程编辑器，能更直观地了解和测试各动作的配置参数，轻松掌握组件的功能逻辑与使用方式。操作步骤可参考剧本导入。

说明

请先将示例数据保存为JSON文件。

示例数据

{
	cells": [{
		"position": {
			"x": -400,
			"y": -155
		},
		"size": {
			"width": 36,
			"height": 36
		},
		"attrs": {
			"body": {
				"fill": "white",
				"strokeOpacity": 0.95,
				"stroke": "#63ba4d",
				"strokeWidth": 2
			},
			"label": {
				"text": "start",
				"fontSize": 12,
				"refX": 0.5,
				"refY": "100%",
				"refY2": 4,
				"textAnchor": "middle",
				"textVerticalAnchor": "top"
			},
			"path": {
				"stroke": "#63ba4d"
			}
		},
		"visible": true,
		"shape": "circle",
		"id": "58d87b7d-28d9-4f0e-b135-4adc4f1a70e4",
		"zIndex": 1,
		"data": {
			"nodeType": "startEvent",
			"appType": "basic",
			"nodeName": "start",
			"icon": "icon-circle",
			"description": "剧本开始节点，一个剧本必须有且仅有一个开始节点，需为剧本配置输入数据。",
			"cascaderValue": []
		},
		"markup": [{
			"tagName": "circle",
			"selector": "body"
		}, {
			"tagName": "text",
			"selector": "label"
		}],
		"isNode": true
	}, {
		"shape": "custom-edge",
		"attrs": {
			"line": {
				"stroke": "#63ba4d",
				"targetMarker": {
					"stroke": "#63ba4d"
				}
			}
		},
		"zIndex": 1,
		"id": "5293c3f9-e1c9-4a49-b0eb-635067dc67e8",
		"data": {
			"nodeType": "sequenceFlow",
			"appType": "basic",
			"icon": "icon-upper-right-arrow",
			"isRequired": true
		},
		"isNode": false,
		"source": {
			"cell": "58d87b7d-28d9-4f0e-b135-4adc4f1a70e4"
		},
		"target": {
			"cell": "19fca1bc-4cf1-491e-9ae4-ee5d3f0c2f61"
		},
		"router": {
			"name": "normal"
		},
		"visible": true,
		"vertices": [{
			"x": -382,
			"y": -247
		}]
	}, {
		"position": {
			"x": 140,
			"y": -155
		},
		"size": {
			"width": 36,
			"height": 36
		},
		"attrs": {
			"body": {
				"fill": "white",
				"strokeOpacity": 0.95,
				"stroke": "#d93026",
				"strokeWidth": 2
			},
			"path": {
				"r": 12,
				"refX": "50%",
				"refY": "50%",
				"fill": "#d93026",
				"strokeOpacity": 0.95,
				"stroke": "#d93026",
				"strokeWidth": 4
			},
			"label": {
				"text": "end",
				"fontSize": 12,
				"refX": 0.5,
				"refY": "100%",
				"refY2": 4,
				"textAnchor": "middle",
				"textVerticalAnchor": "top"
			}
		},
		"visible": true,
		"shape": "circle",
		"id": "317dd1be-2d20-460e-977e-1fc936ffb583",
		"zIndex": 1,
		"data": {
			"nodeType": "endEvent",
			"appType": "basic",
			"nodeName": "end",
			"icon": "icon-radio-off-full",
			"description": "end"
		},
		"markup": [{
			"tagName": "circle",
			"selector": "body"
		}, {
			"tagName": "circle",
			"selector": "path"
		}, {
			"tagName": "text",
			"selector": "label"
		}],
		"isNode": true
	}, {
		"position": {
			"x": -190,
			"y": -280
		},
		"size": {
			"width": 137,
			"height": 66
		},
		"view": "react-shape-view",
		"attrs": {
			"label": {
				"text": "file_report"
			}
		},
		"shape": "activity",
		"id": "19fca1bc-4cf1-491e-9ae4-ee5d3f0c2f61",
		"zIndex": 1,
		"data": {
			"isDebug": false,
			"nodeType": "action",
			"appType": "component",
			"nodeName": "file_report",
			"valueData": {
				"userId": "",
				"resource": "${event.file}",
				"cloudUserId": "7f7cd2ebedc544f7bf9be74dab7fcca4"
			},
			"icon": "https://sophon-gen-cloud-zhangjiakou-v2.oss-cn-zhangjiakou.aliyuncs.com/componentUpload/1755245577536_Threatbook_logo.svg?Expires=1755832376&OSSAccessKeyId=STS.NXwN8h********EJeH&Signature=p4KGzHhTrIZdiJxpACRpM7ROLE0%3D&security-token=CAIS2AJ1q6Ft5B2yfSjIr5vCBYLchKtswKq%2BRVT21nkPbd5%2Bqo%2FOqjz2IHhMenFpAegcv%2Fw%2BlGFZ6%2F8elrp6SJtIXleCZtF94oxN9h2gb4fb42MeBDXg08%2FLI3OaLjKm9u2wCryLYbGwU%2FOpbE%2B%2B5U0X6LDmdDKkckW4OJmS8%2FBOZcgWWQ%2FKBlgvRq0hRG1YpdQdKGHaONu0LxfumRCwNkdzvRdmgm4NgsbWgO%2Fks0OP3AOrlrBN%2Bdiuf8T9NvMBZskvD42Hu8VtbbfE3SJq7BxHybx7lqQs%2B02c5onDWwAJu0%2FXa7uEo4wydVNjFbM9A65Dqufxn%2Fpgt%2Braj4X7xhhEIOVJSSPbSZBbSxJNvU1RXDxQVcEYWxylurjnXvF%2B4xU3%2BP9tP0rM946UoJvc3YDI5hWbc8mJsTnhSSTAEIv%2By8ptqoFOtH7DkLTHWR7hCtv23053AashMytAXxqAAXNQ89LjX6M4bFYRAxsXrln0LN%2BTDs1Hk1dCGQ2edPqhVybm1axt7NpKWS7Xcrd6BKtuwqREs%2FZkIO8E%2BZRbfaX6uHOx9sHx1M1Y7HDHt%2BDvloHULH0rQNLniKayaTCJlIiyUPe8TaK3lv4mipQQf16PqYqAsx2Zu7Bqx9Np2CYIIAA%3D",
			"description": "获取文件详细的静态分析&动态分析报告，包括文件的概要信息、网络行为、行为签名、静态信息、释放行为、进程行为、反病毒扫描引擎检测结果。",
			"advance": {
				"inputParamMode": false,
				"onError": "stop_cur_flow",
				"rspStatusType": 3,
				"rspStatusThreshold": 0
			},
			"componentName": "Threatbook",
			"actionName": "fileReport",
			"cascaderValue": [{
				"label": "configuration",
				"value": "${configuration}",
				"children": [{
					"label": "configuration.datalist.*.triggerType",
					"name": "configuration.datalist.*.triggerType",
					"value": "${configuration.datalist.*.triggerType}"
				}, {
					"label": "configuration.datalist.*._req_uuid",
					"name": "configuration.datalist.*._req_uuid",
					"value": "${configuration.datalist.*._req_uuid}"
				}, {
					"label": "configuration.datalist.*.scope.*.aliUid",
					"name": "configuration.datalist.*.scope.*.aliUid",
					"value": "${configuration.datalist.*.scope.*.aliUid}"
				}, {
					"label": "configuration.datalist.*.process.start_time",
					"name": "configuration.datalist.*.process.start_time",
					"value": "${configuration.datalist.*.process.start_time}"
				}, {
					"label": "configuration.status",
					"name": "configuration.status",
					"value": "${configuration.status}"
				}, {
					"label": "configuration.datalist.*.process.proc_id",
					"name": "configuration.datalist.*.process.proc_id",
					"value": "${configuration.datalist.*.process.proc_id}"
				}, {
					"label": "configuration.datalist.*._tenant_id",
					"name": "configuration.datalist.*._tenant_id",
					"value": "${configuration.datalist.*._tenant_id}"
				}, {
					"label": "configuration.datalist.*.process.host_uuid.host_uuid",
					"name": "configuration.datalist.*.process.host_uuid.host_uuid",
					"value": "${configuration.datalist.*.process.host_uuid.host_uuid}"
				}, {
					"label": "configuration.total_data",
					"name": "configuration.total_data",
					"value": "${configuration.total_data}"
				}, {
					"label": "configuration.datalist.*._trigger_user",
					"name": "configuration.datalist.*._trigger_user",
					"value": "${configuration.datalist.*._trigger_user}"
				}, {
					"label": "configuration.datalist.*.process.host_uuid.os_type",
					"name": "configuration.datalist.*.process.host_uuid.os_type",
					"value": "${configuration.datalist.*.process.host_uuid.os_type}"
				}, {
					"label": "configuration.datalist.*.process.cmd_line",
					"name": "configuration.datalist.*.process.cmd_line",
					"value": "${configuration.datalist.*.process.cmd_line}"
				}, {
					"label": "configuration.datalist.*.triggerUser",
					"name": "configuration.datalist.*.triggerUser",
					"value": "${configuration.datalist.*.triggerUser}"
				}, {
					"label": "configuration.datalist.*._domain_id",
					"name": "configuration.datalist.*._domain_id",
					"value": "${configuration.datalist.*._domain_id}"
				}, {
					"label": "configuration.datalist.*.process.file_path.file_path",
					"name": "configuration.datalist.*.process.file_path.file_path",
					"value": "${configuration.datalist.*.process.file_path.file_path}"
				}, {
					"label": "configuration.total_data_with_dup",
					"name": "configuration.total_data_with_dup",
					"value": "${configuration.total_data_with_dup}"
				}, {
					"label": "configuration.total_exe_successful",
					"name": "configuration.total_exe_successful",
					"value": "${configuration.total_exe_successful}"
				}, {
					"label": "configuration.datalist.*.scope.*.cloudCode",
					"name": "configuration.datalist.*.scope.*.cloudCode",
					"value": "${configuration.datalist.*.scope.*.cloudCode}"
				}, {
					"label": "configuration.total_data_successful",
					"name": "configuration.total_data_successful",
					"value": "${configuration.total_data_successful}"
				}, {
					"label": "configuration.total_exe",
					"name": "configuration.total_exe",
					"value": "${configuration.total_exe}"
				}, {
					"label": "configuration.datalist.*.scope.*.userId",
					"name": "configuration.datalist.*.scope.*.userId",
					"value": "${configuration.datalist.*.scope.*.userId}"
				}, {
					"label": "configuration.datalist.*._region_id",
					"name": "configuration.datalist.*._region_id",
					"value": "${configuration.datalist.*._region_id}"
				}, {
					"label": "configuration.datalist.*.process.file_path.hash_value",
					"name": "configuration.datalist.*.process.file_path.hash_value",
					"value": "${configuration.datalist.*.process.file_path.hash_value}"
				}]
			}],
			"status": "success"
		},
		"isNode": true
	}, {
		"position": {
			"x": -190,
			"y": -170
		},
		"size": {
			"width": 137,
			"height": 66
		},
		"view": "react-shape-view",
		"attrs": {
			"label": {
				"text": "ioc_report"
			}
		},
		"shape": "activity",
		"id": "e0082b2e-d82c-464f-a22f-9b67eb47a363",
		"zIndex": 1,
		"data": {
			"isDebug": false,
			"nodeType": "action",
			"appType": "component",
			"nodeName": "ioc_report",
			"valueData": {
				"cloudUserId": "7f7cd2ebedc544f7bf9be74dab7fcca4",
				"resource": "${event.ioc}"
			},
			"icon": "https://sophon-gen-cloud-zhangjiakou-v2.oss-cn-zhangjiakou.aliyuncs.com/componentUpload/1755245577536_Threatbook_logo.svg?Expires=1755832376&OSSAccessKeyId=STS.NXwN8h********EJeH&Signature=p4KGzHhTrIZdiJxpACRpM7ROLE0%3D&security-token=CAIS2AJ1q6Ft5B2yfSjIr5vCBYLchKtswKq%2BRVT21nkPbd5%2Bqo%2FOqjz2IHhMenFpAegcv%2Fw%2BlGFZ6%2F8elrp6SJtIXleCZtF94oxN9h2gb4fb42MeBDXg08%2FLI3OaLjKm9u2wCryLYbGwU%2FOpbE%2B%2B5U0X6LDmdDKkckW4OJmS8%2FBOZcgWWQ%2FKBlgvRq0hRG1YpdQdKGHaONu0LxfumRCwNkdzvRdmgm4NgsbWgO%2Fks0OP3AOrlrBN%2Bdiuf8T9NvMBZskvD42Hu8VtbbfE3SJq7BxHybx7lqQs%2B02c5onDWwAJu0%2FXa7uEo4wydVNjFbM9A65Dqufxn%2Fpgt%2Braj4X7xhhEIOVJSSPbSZBbSxJNvU1RXDxQVcEYWxylurjnXvF%2B4xU3%2BP9tP0rM946UoJvc3YDI5hWbc8mJsTnhSSTAEIv%2By8ptqoFOtH7DkLTHWR7hCtv23053AashMytAXxqAAXNQ89LjX6M4bFYRAxsXrln0LN%2BTDs1Hk1dCGQ2edPqhVybm1axt7NpKWS7Xcrd6BKtuwqREs%2FZkIO8E%2BZRbfaX6uHOx9sHx1M1Y7HDHt%2BDvloHULH0rQNLniKayaTCJlIiyUPe8TaK3lv4mipQQf16PqYqAsx2Zu7Bqx9Np2CYIIAA%3D",
			"description": "针对办公网/生产网等对外访问场景的IP/域名进行分析， 通过判定规则精准判别IP/域名是否恶意、风险严重级别、可信度级别；准确识别远控（C2）、恶意软件（Malware）、矿池威胁，提供相关安全事件或团伙标签等。",
			"advance": {
				"inputParamMode": false,
				"onError": "stop_cur_flow",
				"rspStatusType": 3,
				"rspStatusThreshold": 0
			},
			"componentName": "Threatbook",
			"actionName": "iocReport",
			"status": "failed",
			"cascaderValue": [{
				"label": "Threatbook_1",
				"value": "${Threatbook_1}",
				"children": [{
					"label": "Threatbook_1.datalist.*.network.tls_ex",
					"name": "Threatbook_1.datalist.*.network.tls_ex",
					"value": "${Threatbook_1.datalist.*.network.tls_ex}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.file_size",
					"name": "Threatbook_1.datalist.*.summary.file_size",
					"value": "${Threatbook_1.datalist.*.summary.file_size}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.sandbox_type_list",
					"name": "Threatbook_1.datalist.*.summary.sandbox_type_list",
					"value": "${Threatbook_1.datalist.*.summary.sandbox_type_list}"
				}, {
					"label": "Threatbook_1.datalist.*.pstree.children.*.process_name",
					"name": "Threatbook_1.datalist.*.pstree.children.*.process_name",
					"value": "${Threatbook_1.datalist.*.pstree.children.*.process_name}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.md5",
					"name": "Threatbook_1.datalist.*.summary.md5",
					"value": "${Threatbook_1.datalist.*.summary.md5}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.vbwebshell",
					"name": "Threatbook_1.datalist.*.multiengines.result.vbwebshell",
					"value": "${Threatbook_1.datalist.*.multiengines.result.vbwebshell}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Microsoft",
					"name": "Threatbook_1.datalist.*.multiengines.result.Microsoft",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Microsoft}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.marks.*.call.category",
					"name": "Threatbook_1.datalist.*.signature.*.marks.*.call.category",
					"value": "${Threatbook_1.datalist.*.signature.*.marks.*.call.category}"
				}, {
					"label": "Threatbook_1.total_exe",
					"name": "Threatbook_1.total_exe",
					"value": "${Threatbook_1.total_exe}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.sample_sha256",
					"name": "Threatbook_1.datalist.*.summary.sample_sha256",
					"value": "${Threatbook_1.datalist.*.summary.sample_sha256}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.malware_family",
					"name": "Threatbook_1.datalist.*.summary.malware_family",
					"value": "${Threatbook_1.datalist.*.summary.malware_family}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Baidu",
					"name": "Threatbook_1.datalist.*.multiengines.result.Baidu",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Baidu}"
				}, {
					"label": "Threatbook_1.datalist.*.static.basic.md5",
					"name": "Threatbook_1.datalist.*.static.basic.md5",
					"value": "${Threatbook_1.datalist.*.static.basic.md5}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.tag.s",
					"name": "Threatbook_1.datalist.*.summary.tag.s",
					"value": "${Threatbook_1.datalist.*.summary.tag.s}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.OneStatic",
					"name": "Threatbook_1.datalist.*.multiengines.result.OneStatic",
					"value": "${Threatbook_1.datalist.*.multiengines.result.OneStatic}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.DrWeb",
					"name": "Threatbook_1.datalist.*.multiengines.result.DrWeb",
					"value": "${Threatbook_1.datalist.*.multiengines.result.DrWeb}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.tag.x",
					"name": "Threatbook_1.datalist.*.summary.tag.x",
					"value": "${Threatbook_1.datalist.*.summary.tag.x}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.file_name",
					"name": "Threatbook_1.datalist.*.summary.file_name",
					"value": "${Threatbook_1.datalist.*.summary.file_name}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.marks.*.call.api",
					"name": "Threatbook_1.datalist.*.signature.*.marks.*.call.api",
					"value": "${Threatbook_1.datalist.*.signature.*.marks.*.call.api}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.marks.*.call.status",
					"name": "Threatbook_1.datalist.*.signature.*.marks.*.call.status",
					"value": "${Threatbook_1.datalist.*.signature.*.marks.*.call.status}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.markcount",
					"name": "Threatbook_1.datalist.*.signature.*.markcount",
					"value": "${Threatbook_1.datalist.*.signature.*.markcount}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.threat_score",
					"name": "Threatbook_1.datalist.*.summary.threat_score",
					"value": "${Threatbook_1.datalist.*.summary.threat_score}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.NANO",
					"name": "Threatbook_1.datalist.*.multiengines.result.NANO",
					"value": "${Threatbook_1.datalist.*.multiengines.result.NANO}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Panda",
					"name": "Threatbook_1.datalist.*.multiengines.result.Panda",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Panda}"
				}, {
					"label": "Threatbook_1.datalist.*.static.basic.file_type",
					"name": "Threatbook_1.datalist.*.static.basic.file_type",
					"value": "${Threatbook_1.datalist.*.static.basic.file_type}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.sha1",
					"name": "Threatbook_1.datalist.*.summary.sha1",
					"value": "${Threatbook_1.datalist.*.summary.sha1}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Kaspersky",
					"name": "Threatbook_1.datalist.*.multiengines.result.Kaspersky",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Kaspersky}"
				}, {
					"label": "Threatbook_1.total_exe_successful",
					"name": "Threatbook_1.total_exe_successful",
					"value": "${Threatbook_1.total_exe_successful}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.threat_level",
					"name": "Threatbook_1.datalist.*.summary.threat_level",
					"value": "${Threatbook_1.datalist.*.summary.threat_level}"
				}, {
					"label": "Threatbook_1.datalist.*.pstree.process_name.en",
					"name": "Threatbook_1.datalist.*.pstree.process_name.en",
					"value": "${Threatbook_1.datalist.*.pstree.process_name.en}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Trustlook",
					"name": "Threatbook_1.datalist.*.multiengines.result.Trustlook",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Trustlook}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.malware_type",
					"name": "Threatbook_1.datalist.*.summary.malware_type",
					"value": "${Threatbook_1.datalist.*.summary.malware_type}"
				}, {
					"label": "Threatbook_1.datalist.*.static.basic.sha256",
					"name": "Threatbook_1.datalist.*.static.basic.sha256",
					"value": "${Threatbook_1.datalist.*.static.basic.sha256}"
				}, {
					"label": "Threatbook_1.datalist.*.strings.275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f",
					"name": "Threatbook_1.datalist.*.strings.275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f",
					"value": "${Threatbook_1.datalist.*.strings.275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.marks.*.cid",
					"name": "Threatbook_1.datalist.*.signature.*.marks.*.cid",
					"value": "${Threatbook_1.datalist.*.signature.*.marks.*.cid}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Avast",
					"name": "Threatbook_1.datalist.*.multiengines.result.Avast",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Avast}"
				}, {
					"label": "Threatbook_1.total_data_successful",
					"name": "Threatbook_1.total_data_successful",
					"value": "${Threatbook_1.total_data_successful}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.sig_class",
					"name": "Threatbook_1.datalist.*.signature.*.sig_class",
					"value": "${Threatbook_1.datalist.*.signature.*.sig_class}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Baidu-China",
					"name": "Threatbook_1.datalist.*.multiengines.result.Baidu-China",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Baidu-China}"
				}, {
					"label": "Threatbook_1.datalist.*.pstree.children.*.command_line",
					"name": "Threatbook_1.datalist.*.pstree.children.*.command_line",
					"value": "${Threatbook_1.datalist.*.pstree.children.*.command_line}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Rising",
					"name": "Threatbook_1.datalist.*.multiengines.result.Rising",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Rising}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.attck_id",
					"name": "Threatbook_1.datalist.*.signature.*.attck_id",
					"value": "${Threatbook_1.datalist.*.signature.*.attck_id}"
				}, {
					"label": "Threatbook_1.total_data",
					"name": "Threatbook_1.total_data",
					"value": "${Threatbook_1.total_data}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.sandbox_type",
					"name": "Threatbook_1.datalist.*.summary.sandbox_type",
					"value": "${Threatbook_1.datalist.*.summary.sandbox_type}"
				}, {
					"label": "Threatbook_1.total_data_with_dup",
					"name": "Threatbook_1.total_data_with_dup",
					"value": "${Threatbook_1.total_data_with_dup}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.ShellPub",
					"name": "Threatbook_1.datalist.*.multiengines.result.ShellPub",
					"value": "${Threatbook_1.datalist.*.multiengines.result.ShellPub}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.MicroAPT",
					"name": "Threatbook_1.datalist.*.multiengines.result.MicroAPT",
					"value": "${Threatbook_1.datalist.*.multiengines.result.MicroAPT}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.multi_engines",
					"name": "Threatbook_1.datalist.*.summary.multi_engines",
					"value": "${Threatbook_1.datalist.*.summary.multi_engines}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.ClamAV",
					"name": "Threatbook_1.datalist.*.multiengines.result.ClamAV",
					"value": "${Threatbook_1.datalist.*.multiengines.result.ClamAV}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.file_type",
					"name": "Threatbook_1.datalist.*.summary.file_type",
					"value": "${Threatbook_1.datalist.*.summary.file_type}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.ESET",
					"name": "Threatbook_1.datalist.*.multiengines.result.ESET",
					"value": "${Threatbook_1.datalist.*.multiengines.result.ESET}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.K7",
					"name": "Threatbook_1.datalist.*.multiengines.result.K7",
					"value": "${Threatbook_1.datalist.*.multiengines.result.K7}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.detect_rate",
					"name": "Threatbook_1.datalist.*.multiengines.detect_rate",
					"value": "${Threatbook_1.datalist.*.multiengines.detect_rate}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.OneAV",
					"name": "Threatbook_1.datalist.*.multiengines.result.OneAV",
					"value": "${Threatbook_1.datalist.*.multiengines.result.OneAV}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.name",
					"name": "Threatbook_1.datalist.*.signature.*.name",
					"value": "${Threatbook_1.datalist.*.signature.*.name}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.marks.*.call.tid",
					"name": "Threatbook_1.datalist.*.signature.*.marks.*.call.tid",
					"value": "${Threatbook_1.datalist.*.signature.*.marks.*.call.tid}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.scan_time",
					"name": "Threatbook_1.datalist.*.multiengines.scan_time",
					"value": "${Threatbook_1.datalist.*.multiengines.scan_time}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.is_whitelist",
					"name": "Threatbook_1.datalist.*.summary.is_whitelist",
					"value": "${Threatbook_1.datalist.*.summary.is_whitelist}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Qihu360",
					"name": "Threatbook_1.datalist.*.multiengines.result.Qihu360",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Qihu360}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Sophos",
					"name": "Threatbook_1.datalist.*.multiengines.result.Sophos",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Sophos}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Antiy",
					"name": "Threatbook_1.datalist.*.multiengines.result.Antiy",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Antiy}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.GDATA",
					"name": "Threatbook_1.datalist.*.multiengines.result.GDATA",
					"value": "${Threatbook_1.datalist.*.multiengines.result.GDATA}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.marks.*.call.time",
					"name": "Threatbook_1.datalist.*.signature.*.marks.*.call.time",
					"value": "${Threatbook_1.datalist.*.signature.*.marks.*.call.time}"
				}, {
					"label": "Threatbook_1.status",
					"name": "Threatbook_1.status",
					"value": "${Threatbook_1.status}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.JiangMin",
					"name": "Threatbook_1.datalist.*.multiengines.result.JiangMin",
					"value": "${Threatbook_1.datalist.*.multiengines.result.JiangMin}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.marks.*.call.return_value",
					"name": "Threatbook_1.datalist.*.signature.*.marks.*.call.return_value",
					"value": "${Threatbook_1.datalist.*.signature.*.marks.*.call.return_value}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.AVG",
					"name": "Threatbook_1.datalist.*.multiengines.result.AVG",
					"value": "${Threatbook_1.datalist.*.multiengines.result.AVG}"
				}, {
					"label": "Threatbook_1.datalist.*.network.dns_servers",
					"name": "Threatbook_1.datalist.*.network.dns_servers",
					"value": "${Threatbook_1.datalist.*.network.dns_servers}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.description",
					"name": "Threatbook_1.datalist.*.signature.*.description",
					"value": "${Threatbook_1.datalist.*.signature.*.description}"
				}, {
					"label": "Threatbook_1.datalist.*.strings.pcap",
					"name": "Threatbook_1.datalist.*.strings.pcap",
					"value": "${Threatbook_1.datalist.*.strings.pcap}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.marks.*.pid",
					"name": "Threatbook_1.datalist.*.signature.*.marks.*.pid",
					"value": "${Threatbook_1.datalist.*.signature.*.marks.*.pid}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.IKARUS",
					"name": "Threatbook_1.datalist.*.multiengines.result.IKARUS",
					"value": "${Threatbook_1.datalist.*.multiengines.result.IKARUS}"
				}, {
					"label": "Threatbook_1.datalist.*.pstree.children.*.first_seen",
					"name": "Threatbook_1.datalist.*.pstree.children.*.first_seen",
					"value": "${Threatbook_1.datalist.*.pstree.children.*.first_seen}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.marks.*.type",
					"name": "Threatbook_1.datalist.*.signature.*.marks.*.type",
					"value": "${Threatbook_1.datalist.*.signature.*.marks.*.type}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Avira",
					"name": "Threatbook_1.datalist.*.multiengines.result.Avira",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Avira}"
				}, {
					"label": "Threatbook_1.datalist.*.pstree.children.*.ppid",
					"name": "Threatbook_1.datalist.*.pstree.children.*.ppid",
					"value": "${Threatbook_1.datalist.*.pstree.children.*.ppid}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.MicroNonPE",
					"name": "Threatbook_1.datalist.*.multiengines.result.MicroNonPE",
					"value": "${Threatbook_1.datalist.*.multiengines.result.MicroNonPE}"
				}, {
					"label": "Threatbook_1.datalist.*.static.basic.ssdeep",
					"name": "Threatbook_1.datalist.*.static.basic.ssdeep",
					"value": "${Threatbook_1.datalist.*.static.basic.ssdeep}"
				}, {
					"label": "Threatbook_1.datalist.*.static.basic.file_size",
					"name": "Threatbook_1.datalist.*.static.basic.file_size",
					"value": "${Threatbook_1.datalist.*.static.basic.file_size}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.OneAV-PWSH",
					"name": "Threatbook_1.datalist.*.multiengines.result.OneAV-PWSH",
					"value": "${Threatbook_1.datalist.*.multiengines.result.OneAV-PWSH}"
				}, {
					"label": "Threatbook_1.datalist.*.pstree.process_name.cn",
					"name": "Threatbook_1.datalist.*.pstree.process_name.cn",
					"value": "${Threatbook_1.datalist.*.pstree.process_name.cn}"
				}, {
					"label": "Threatbook_1.datalist.*.network.secret_info",
					"name": "Threatbook_1.datalist.*.network.secret_info",
					"value": "${Threatbook_1.datalist.*.network.secret_info}"
				}, {
					"label": "Threatbook_1.datalist.*.static.basic.sha1",
					"name": "Threatbook_1.datalist.*.static.basic.sha1",
					"value": "${Threatbook_1.datalist.*.static.basic.sha1}"
				}, {
					"label": "Threatbook_1.datalist.*.pstree.children.*.track",
					"name": "Threatbook_1.datalist.*.pstree.children.*.track",
					"value": "${Threatbook_1.datalist.*.pstree.children.*.track}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.submit_time",
					"name": "Threatbook_1.datalist.*.summary.submit_time",
					"value": "${Threatbook_1.datalist.*.summary.submit_time}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.severity",
					"name": "Threatbook_1.datalist.*.signature.*.severity",
					"value": "${Threatbook_1.datalist.*.signature.*.severity}"
				}, {
					"label": "Threatbook_1.datalist.*.permalink",
					"name": "Threatbook_1.datalist.*.permalink",
					"value": "${Threatbook_1.datalist.*.permalink}"
				}, {
					"label": "Threatbook_1.datalist.*.pstree.children.*.pid",
					"name": "Threatbook_1.datalist.*.pstree.children.*.pid",
					"value": "${Threatbook_1.datalist.*.pstree.children.*.pid}"
				}, {
					"label": "Threatbook_1.datalist.*.static.basic.file_name",
					"name": "Threatbook_1.datalist.*.static.basic.file_name",
					"value": "${Threatbook_1.datalist.*.static.basic.file_name}"
				}]
			}, {
				"label": "configuration",
				"value": "${configuration}",
				"children": [{
					"label": "configuration.datalist.*.triggerType",
					"name": "configuration.datalist.*.triggerType",
					"value": "${configuration.datalist.*.triggerType}"
				}, {
					"label": "configuration.datalist.*._req_uuid",
					"name": "configuration.datalist.*._req_uuid",
					"value": "${configuration.datalist.*._req_uuid}"
				}, {
					"label": "configuration.datalist.*.scope.*.aliUid",
					"name": "configuration.datalist.*.scope.*.aliUid",
					"value": "${configuration.datalist.*.scope.*.aliUid}"
				}, {
					"label": "configuration.datalist.*.process.start_time",
					"name": "configuration.datalist.*.process.start_time",
					"value": "${configuration.datalist.*.process.start_time}"
				}, {
					"label": "configuration.status",
					"name": "configuration.status",
					"value": "${configuration.status}"
				}, {
					"label": "configuration.datalist.*.process.proc_id",
					"name": "configuration.datalist.*.process.proc_id",
					"value": "${configuration.datalist.*.process.proc_id}"
				}, {
					"label": "configuration.datalist.*._tenant_id",
					"name": "configuration.datalist.*._tenant_id",
					"value": "${configuration.datalist.*._tenant_id}"
				}, {
					"label": "configuration.datalist.*.process.host_uuid.host_uuid",
					"name": "configuration.datalist.*.process.host_uuid.host_uuid",
					"value": "${configuration.datalist.*.process.host_uuid.host_uuid}"
				}, {
					"label": "configuration.total_data",
					"name": "configuration.total_data",
					"value": "${configuration.total_data}"
				}, {
					"label": "configuration.datalist.*._trigger_user",
					"name": "configuration.datalist.*._trigger_user",
					"value": "${configuration.datalist.*._trigger_user}"
				}, {
					"label": "configuration.datalist.*.process.host_uuid.os_type",
					"name": "configuration.datalist.*.process.host_uuid.os_type",
					"value": "${configuration.datalist.*.process.host_uuid.os_type}"
				}, {
					"label": "configuration.datalist.*.process.cmd_line",
					"name": "configuration.datalist.*.process.cmd_line",
					"value": "${configuration.datalist.*.process.cmd_line}"
				}, {
					"label": "configuration.datalist.*.triggerUser",
					"name": "configuration.datalist.*.triggerUser",
					"value": "${configuration.datalist.*.triggerUser}"
				}, {
					"label": "configuration.datalist.*._domain_id",
					"name": "configuration.datalist.*._domain_id",
					"value": "${configuration.datalist.*._domain_id}"
				}, {
					"label": "configuration.datalist.*.process.file_path.file_path",
					"name": "configuration.datalist.*.process.file_path.file_path",
					"value": "${configuration.datalist.*.process.file_path.file_path}"
				}, {
					"label": "configuration.total_data_with_dup",
					"name": "configuration.total_data_with_dup",
					"value": "${configuration.total_data_with_dup}"
				}, {
					"label": "configuration.total_exe_successful",
					"name": "configuration.total_exe_successful",
					"value": "${configuration.total_exe_successful}"
				}, {
					"label": "configuration.datalist.*.scope.*.cloudCode",
					"name": "configuration.datalist.*.scope.*.cloudCode",
					"value": "${configuration.datalist.*.scope.*.cloudCode}"
				}, {
					"label": "configuration.total_data_successful",
					"name": "configuration.total_data_successful",
					"value": "${configuration.total_data_successful}"
				}, {
					"label": "configuration.total_exe",
					"name": "configuration.total_exe",
					"value": "${configuration.total_exe}"
				}, {
					"label": "configuration.datalist.*.scope.*.userId",
					"name": "configuration.datalist.*.scope.*.userId",
					"value": "${configuration.datalist.*.scope.*.userId}"
				}, {
					"label": "configuration.datalist.*._region_id",
					"name": "configuration.datalist.*._region_id",
					"value": "${configuration.datalist.*._region_id}"
				}, {
					"label": "configuration.datalist.*.process.file_path.hash_value",
					"name": "configuration.datalist.*.process.file_path.hash_value",
					"value": "${configuration.datalist.*.process.file_path.hash_value}"
				}]
			}],
			"customInput": false,
			"id": 0,
			"name": "iocReport",
			"operateType": "general",
			"parameters": [{
				"dataType": "String",
				"defaultValue": "",
				"description": "",
				"enDescription": "",
				"name": "userId",
				"needCascader": false,
				"required": false,
				"tags": ""
			}, {
				"dataType": "String",
				"defaultValue": "",
				"description": "云安全中心-功能设置-多云配置管理-微步在线配置的账号ID",
				"enDescription": "",
				"name": "cloudUserId",
				"needCascader": false,
				"required": true,
				"tags": ""
			}, {
				"dataType": "String",
				"defaultValue": "",
				"description": "IP地址或域名，支持批量查询，最多100个，以逗号分隔。 IP可带端口查询，获取高可信判定结果。 请求中IP带端口格式示例：8.8.8.8:143,0.0.0.0:80 ",
				"enDescription": "",
				"name": "resource",
				"needCascader": false,
				"required": true,
				"tags": ""
			}],
			"riskLevel": 2,
			"actionDisplayName": "iocReport"
		},
		"isNode": true
	}, {
		"position": {
			"x": -190,
			"y": -55
		},
		"size": {
			"width": 137,
			"height": 66
		},
		"view": "react-shape-view",
		"attrs": {
			"label": {
				"text": "ip_reputation"
			}
		},
		"shape": "activity",
		"id": "8afdafcc-32aa-4ab2-b8b2-abafc4314e85",
		"zIndex": 1,
		"data": {
			"nodeType": "action",
			"appType": "component",
			"nodeName": "ip_reputation",
			"valueData": {
				"cloudUserId": "7f7cd2ebedc544f7bf9be74dab7fcca4",
				"resource": "${event.ip}"
			},
			"icon": "https://sophon-gen-cloud-zhangjiakou-v2.oss-cn-zhangjiakou.aliyuncs.com/componentUpload/1755245577536_Threatbook_logo.svg?Expires=1755832376&OSSAccessKeyId=STS.NXwN8h********EJeH&Signature=p4KGzHhTrIZdiJxpACRpM7ROLE0%3D&security-token=CAIS2AJ1q6Ft5B2yfSjIr5vCBYLchKtswKq%2BRVT21nkPbd5%2Bqo%2FOqjz2IHhMenFpAegcv%2Fw%2BlGFZ6%2F8elrp6SJtIXleCZtF94oxN9h2gb4fb42MeBDXg08%2FLI3OaLjKm9u2wCryLYbGwU%2FOpbE%2B%2B5U0X6LDmdDKkckW4OJmS8%2FBOZcgWWQ%2FKBlgvRq0hRG1YpdQdKGHaONu0LxfumRCwNkdzvRdmgm4NgsbWgO%2Fks0OP3AOrlrBN%2Bdiuf8T9NvMBZskvD42Hu8VtbbfE3SJq7BxHybx7lqQs%2B02c5onDWwAJu0%2FXa7uEo4wydVNjFbM9A65Dqufxn%2Fpgt%2Braj4X7xhhEIOVJSSPbSZBbSxJNvU1RXDxQVcEYWxylurjnXvF%2B4xU3%2BP9tP0rM946UoJvc3YDI5hWbc8mJsTnhSSTAEIv%2By8ptqoFOtH7DkLTHWR7hCtv23053AashMytAXxqAAXNQ89LjX6M4bFYRAxsXrln0LN%2BTDs1Hk1dCGQ2edPqhVybm1axt7NpKWS7Xcrd6BKtuwqREs%2FZkIO8E%2BZRbfaX6uHOx9sHx1M1Y7HDHt%2BDvloHULH0rQNLniKayaTCJlIiyUPe8TaK3lv4mipQQf16PqYqAsx2Zu7Bqx9Np2CYIIAA%3D",
			"description": "IP analysis for inbound scenarios can provide the geographical location and ASN information of the IP, and accurately determine whether the IP is malicious, the risk severity level, and the credibility level through determination rules. Identify threat types, such as exploits, Zombie, and related security events or gang tags.",
			"advance": {
				"inputParamMode": false,
				"onError": "stop_cur_flow",
				"rspStatusType": 3,
				"rspStatusThreshold": 0
			},
			"componentName": "Threatbook",
			"actionName": "ipReputation",
			"status": "failed",
			"cascaderValue": [{
				"label": "Threatbook_2",
				"value": "${Threatbook_2}",
				"children": [{
					"label": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.severity",
					"name": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.severity",
					"value": "${Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.severity}"
				}, {
					"label": "Threatbook_2.total_exe",
					"name": "Threatbook_2.total_exe",
					"value": "${Threatbook_2.total_exe}"
				}, {
					"label": "Threatbook_2.total_data_successful",
					"name": "Threatbook_2.total_data_successful",
					"value": "${Threatbook_2.total_data_successful}"
				}, {
					"label": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.judgments",
					"name": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.judgments",
					"value": "${Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.judgments}"
				}, {
					"label": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.tags_classes.*.tags_type",
					"name": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.tags_classes.*.tags_type",
					"value": "${Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.tags_classes.*.tags_type}"
				}, {
					"label": "Threatbook_2.total_exe_successful",
					"name": "Threatbook_2.total_exe_successful",
					"value": "${Threatbook_2.total_exe_successful}"
				}, {
					"label": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.tags_classes.*.tags",
					"name": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.tags_classes.*.tags",
					"value": "${Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.tags_classes.*.tags}"
				}, {
					"label": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.permalink",
					"name": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.permalink",
					"value": "${Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.permalink}"
				}, {
					"label": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.categories.second_cats",
					"name": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.categories.second_cats",
					"value": "${Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.categories.second_cats}"
				}, {
					"label": "Threatbook_2.total_data",
					"name": "Threatbook_2.total_data",
					"value": "${Threatbook_2.total_data}"
				}, {
					"label": "Threatbook_2.total_data_with_dup",
					"name": "Threatbook_2.total_data_with_dup",
					"value": "${Threatbook_2.total_data_with_dup}"
				}, {
					"label": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.rank.umbrella_rank.global_rank",
					"name": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.rank.umbrella_rank.global_rank",
					"value": "${Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.rank.umbrella_rank.global_rank}"
				}, {
					"label": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.is_malicious",
					"name": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.is_malicious",
					"value": "${Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.is_malicious}"
				}, {
					"label": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.confidence_level",
					"name": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.confidence_level",
					"value": "${Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.confidence_level}"
				}, {
					"label": "Threatbook_2.status",
					"name": "Threatbook_2.status",
					"value": "${Threatbook_2.status}"
				}, {
					"label": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.rank.alexa_rank.global_rank",
					"name": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.rank.alexa_rank.global_rank",
					"value": "${Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.rank.alexa_rank.global_rank}"
				}]
			}, {
				"label": "Threatbook_1",
				"value": "${Threatbook_1}",
				"children": [{
					"label": "Threatbook_1.datalist.*.network.tls_ex",
					"name": "Threatbook_1.datalist.*.network.tls_ex",
					"value": "${Threatbook_1.datalist.*.network.tls_ex}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.file_size",
					"name": "Threatbook_1.datalist.*.summary.file_size",
					"value": "${Threatbook_1.datalist.*.summary.file_size}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.sandbox_type_list",
					"name": "Threatbook_1.datalist.*.summary.sandbox_type_list",
					"value": "${Threatbook_1.datalist.*.summary.sandbox_type_list}"
				}, {
					"label": "Threatbook_1.datalist.*.pstree.children.*.process_name",
					"name": "Threatbook_1.datalist.*.pstree.children.*.process_name",
					"value": "${Threatbook_1.datalist.*.pstree.children.*.process_name}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.md5",
					"name": "Threatbook_1.datalist.*.summary.md5",
					"value": "${Threatbook_1.datalist.*.summary.md5}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.vbwebshell",
					"name": "Threatbook_1.datalist.*.multiengines.result.vbwebshell",
					"value": "${Threatbook_1.datalist.*.multiengines.result.vbwebshell}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Microsoft",
					"name": "Threatbook_1.datalist.*.multiengines.result.Microsoft",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Microsoft}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.marks.*.call.category",
					"name": "Threatbook_1.datalist.*.signature.*.marks.*.call.category",
					"value": "${Threatbook_1.datalist.*.signature.*.marks.*.call.category}"
				}, {
					"label": "Threatbook_1.total_exe",
					"name": "Threatbook_1.total_exe",
					"value": "${Threatbook_1.total_exe}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.sample_sha256",
					"name": "Threatbook_1.datalist.*.summary.sample_sha256",
					"value": "${Threatbook_1.datalist.*.summary.sample_sha256}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.malware_family",
					"name": "Threatbook_1.datalist.*.summary.malware_family",
					"value": "${Threatbook_1.datalist.*.summary.malware_family}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Baidu",
					"name": "Threatbook_1.datalist.*.multiengines.result.Baidu",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Baidu}"
				}, {
					"label": "Threatbook_1.datalist.*.static.basic.md5",
					"name": "Threatbook_1.datalist.*.static.basic.md5",
					"value": "${Threatbook_1.datalist.*.static.basic.md5}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.tag.s",
					"name": "Threatbook_1.datalist.*.summary.tag.s",
					"value": "${Threatbook_1.datalist.*.summary.tag.s}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.OneStatic",
					"name": "Threatbook_1.datalist.*.multiengines.result.OneStatic",
					"value": "${Threatbook_1.datalist.*.multiengines.result.OneStatic}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.DrWeb",
					"name": "Threatbook_1.datalist.*.multiengines.result.DrWeb",
					"value": "${Threatbook_1.datalist.*.multiengines.result.DrWeb}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.tag.x",
					"name": "Threatbook_1.datalist.*.summary.tag.x",
					"value": "${Threatbook_1.datalist.*.summary.tag.x}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.file_name",
					"name": "Threatbook_1.datalist.*.summary.file_name",
					"value": "${Threatbook_1.datalist.*.summary.file_name}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.marks.*.call.api",
					"name": "Threatbook_1.datalist.*.signature.*.marks.*.call.api",
					"value": "${Threatbook_1.datalist.*.signature.*.marks.*.call.api}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.marks.*.call.status",
					"name": "Threatbook_1.datalist.*.signature.*.marks.*.call.status",
					"value": "${Threatbook_1.datalist.*.signature.*.marks.*.call.status}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.markcount",
					"name": "Threatbook_1.datalist.*.signature.*.markcount",
					"value": "${Threatbook_1.datalist.*.signature.*.markcount}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.threat_score",
					"name": "Threatbook_1.datalist.*.summary.threat_score",
					"value": "${Threatbook_1.datalist.*.summary.threat_score}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.NANO",
					"name": "Threatbook_1.datalist.*.multiengines.result.NANO",
					"value": "${Threatbook_1.datalist.*.multiengines.result.NANO}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Panda",
					"name": "Threatbook_1.datalist.*.multiengines.result.Panda",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Panda}"
				}, {
					"label": "Threatbook_1.datalist.*.static.basic.file_type",
					"name": "Threatbook_1.datalist.*.static.basic.file_type",
					"value": "${Threatbook_1.datalist.*.static.basic.file_type}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.sha1",
					"name": "Threatbook_1.datalist.*.summary.sha1",
					"value": "${Threatbook_1.datalist.*.summary.sha1}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Kaspersky",
					"name": "Threatbook_1.datalist.*.multiengines.result.Kaspersky",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Kaspersky}"
				}, {
					"label": "Threatbook_1.total_exe_successful",
					"name": "Threatbook_1.total_exe_successful",
					"value": "${Threatbook_1.total_exe_successful}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.threat_level",
					"name": "Threatbook_1.datalist.*.summary.threat_level",
					"value": "${Threatbook_1.datalist.*.summary.threat_level}"
				}, {
					"label": "Threatbook_1.datalist.*.pstree.process_name.en",
					"name": "Threatbook_1.datalist.*.pstree.process_name.en",
					"value": "${Threatbook_1.datalist.*.pstree.process_name.en}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Trustlook",
					"name": "Threatbook_1.datalist.*.multiengines.result.Trustlook",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Trustlook}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.malware_type",
					"name": "Threatbook_1.datalist.*.summary.malware_type",
					"value": "${Threatbook_1.datalist.*.summary.malware_type}"
				}, {
					"label": "Threatbook_1.datalist.*.static.basic.sha256",
					"name": "Threatbook_1.datalist.*.static.basic.sha256",
					"value": "${Threatbook_1.datalist.*.static.basic.sha256}"
				}, {
					"label": "Threatbook_1.datalist.*.strings.275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f",
					"name": "Threatbook_1.datalist.*.strings.275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f",
					"value": "${Threatbook_1.datalist.*.strings.275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.marks.*.cid",
					"name": "Threatbook_1.datalist.*.signature.*.marks.*.cid",
					"value": "${Threatbook_1.datalist.*.signature.*.marks.*.cid}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Avast",
					"name": "Threatbook_1.datalist.*.multiengines.result.Avast",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Avast}"
				}, {
					"label": "Threatbook_1.total_data_successful",
					"name": "Threatbook_1.total_data_successful",
					"value": "${Threatbook_1.total_data_successful}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.sig_class",
					"name": "Threatbook_1.datalist.*.signature.*.sig_class",
					"value": "${Threatbook_1.datalist.*.signature.*.sig_class}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Baidu-China",
					"name": "Threatbook_1.datalist.*.multiengines.result.Baidu-China",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Baidu-China}"
				}, {
					"label": "Threatbook_1.datalist.*.pstree.children.*.command_line",
					"name": "Threatbook_1.datalist.*.pstree.children.*.command_line",
					"value": "${Threatbook_1.datalist.*.pstree.children.*.command_line}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Rising",
					"name": "Threatbook_1.datalist.*.multiengines.result.Rising",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Rising}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.attck_id",
					"name": "Threatbook_1.datalist.*.signature.*.attck_id",
					"value": "${Threatbook_1.datalist.*.signature.*.attck_id}"
				}, {
					"label": "Threatbook_1.total_data",
					"name": "Threatbook_1.total_data",
					"value": "${Threatbook_1.total_data}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.sandbox_type",
					"name": "Threatbook_1.datalist.*.summary.sandbox_type",
					"value": "${Threatbook_1.datalist.*.summary.sandbox_type}"
				}, {
					"label": "Threatbook_1.total_data_with_dup",
					"name": "Threatbook_1.total_data_with_dup",
					"value": "${Threatbook_1.total_data_with_dup}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.ShellPub",
					"name": "Threatbook_1.datalist.*.multiengines.result.ShellPub",
					"value": "${Threatbook_1.datalist.*.multiengines.result.ShellPub}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.MicroAPT",
					"name": "Threatbook_1.datalist.*.multiengines.result.MicroAPT",
					"value": "${Threatbook_1.datalist.*.multiengines.result.MicroAPT}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.multi_engines",
					"name": "Threatbook_1.datalist.*.summary.multi_engines",
					"value": "${Threatbook_1.datalist.*.summary.multi_engines}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.ClamAV",
					"name": "Threatbook_1.datalist.*.multiengines.result.ClamAV",
					"value": "${Threatbook_1.datalist.*.multiengines.result.ClamAV}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.file_type",
					"name": "Threatbook_1.datalist.*.summary.file_type",
					"value": "${Threatbook_1.datalist.*.summary.file_type}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.ESET",
					"name": "Threatbook_1.datalist.*.multiengines.result.ESET",
					"value": "${Threatbook_1.datalist.*.multiengines.result.ESET}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.K7",
					"name": "Threatbook_1.datalist.*.multiengines.result.K7",
					"value": "${Threatbook_1.datalist.*.multiengines.result.K7}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.detect_rate",
					"name": "Threatbook_1.datalist.*.multiengines.detect_rate",
					"value": "${Threatbook_1.datalist.*.multiengines.detect_rate}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.OneAV",
					"name": "Threatbook_1.datalist.*.multiengines.result.OneAV",
					"value": "${Threatbook_1.datalist.*.multiengines.result.OneAV}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.name",
					"name": "Threatbook_1.datalist.*.signature.*.name",
					"value": "${Threatbook_1.datalist.*.signature.*.name}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.marks.*.call.tid",
					"name": "Threatbook_1.datalist.*.signature.*.marks.*.call.tid",
					"value": "${Threatbook_1.datalist.*.signature.*.marks.*.call.tid}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.scan_time",
					"name": "Threatbook_1.datalist.*.multiengines.scan_time",
					"value": "${Threatbook_1.datalist.*.multiengines.scan_time}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.is_whitelist",
					"name": "Threatbook_1.datalist.*.summary.is_whitelist",
					"value": "${Threatbook_1.datalist.*.summary.is_whitelist}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Qihu360",
					"name": "Threatbook_1.datalist.*.multiengines.result.Qihu360",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Qihu360}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Sophos",
					"name": "Threatbook_1.datalist.*.multiengines.result.Sophos",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Sophos}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Antiy",
					"name": "Threatbook_1.datalist.*.multiengines.result.Antiy",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Antiy}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.GDATA",
					"name": "Threatbook_1.datalist.*.multiengines.result.GDATA",
					"value": "${Threatbook_1.datalist.*.multiengines.result.GDATA}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.marks.*.call.time",
					"name": "Threatbook_1.datalist.*.signature.*.marks.*.call.time",
					"value": "${Threatbook_1.datalist.*.signature.*.marks.*.call.time}"
				}, {
					"label": "Threatbook_1.status",
					"name": "Threatbook_1.status",
					"value": "${Threatbook_1.status}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.JiangMin",
					"name": "Threatbook_1.datalist.*.multiengines.result.JiangMin",
					"value": "${Threatbook_1.datalist.*.multiengines.result.JiangMin}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.marks.*.call.return_value",
					"name": "Threatbook_1.datalist.*.signature.*.marks.*.call.return_value",
					"value": "${Threatbook_1.datalist.*.signature.*.marks.*.call.return_value}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.AVG",
					"name": "Threatbook_1.datalist.*.multiengines.result.AVG",
					"value": "${Threatbook_1.datalist.*.multiengines.result.AVG}"
				}, {
					"label": "Threatbook_1.datalist.*.network.dns_servers",
					"name": "Threatbook_1.datalist.*.network.dns_servers",
					"value": "${Threatbook_1.datalist.*.network.dns_servers}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.description",
					"name": "Threatbook_1.datalist.*.signature.*.description",
					"value": "${Threatbook_1.datalist.*.signature.*.description}"
				}, {
					"label": "Threatbook_1.datalist.*.strings.pcap",
					"name": "Threatbook_1.datalist.*.strings.pcap",
					"value": "${Threatbook_1.datalist.*.strings.pcap}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.marks.*.pid",
					"name": "Threatbook_1.datalist.*.signature.*.marks.*.pid",
					"value": "${Threatbook_1.datalist.*.signature.*.marks.*.pid}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.IKARUS",
					"name": "Threatbook_1.datalist.*.multiengines.result.IKARUS",
					"value": "${Threatbook_1.datalist.*.multiengines.result.IKARUS}"
				}, {
					"label": "Threatbook_1.datalist.*.pstree.children.*.first_seen",
					"name": "Threatbook_1.datalist.*.pstree.children.*.first_seen",
					"value": "${Threatbook_1.datalist.*.pstree.children.*.first_seen}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.marks.*.type",
					"name": "Threatbook_1.datalist.*.signature.*.marks.*.type",
					"value": "${Threatbook_1.datalist.*.signature.*.marks.*.type}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Avira",
					"name": "Threatbook_1.datalist.*.multiengines.result.Avira",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Avira}"
				}, {
					"label": "Threatbook_1.datalist.*.pstree.children.*.ppid",
					"name": "Threatbook_1.datalist.*.pstree.children.*.ppid",
					"value": "${Threatbook_1.datalist.*.pstree.children.*.ppid}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.MicroNonPE",
					"name": "Threatbook_1.datalist.*.multiengines.result.MicroNonPE",
					"value": "${Threatbook_1.datalist.*.multiengines.result.MicroNonPE}"
				}, {
					"label": "Threatbook_1.datalist.*.static.basic.ssdeep",
					"name": "Threatbook_1.datalist.*.static.basic.ssdeep",
					"value": "${Threatbook_1.datalist.*.static.basic.ssdeep}"
				}, {
					"label": "Threatbook_1.datalist.*.static.basic.file_size",
					"name": "Threatbook_1.datalist.*.static.basic.file_size",
					"value": "${Threatbook_1.datalist.*.static.basic.file_size}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.OneAV-PWSH",
					"name": "Threatbook_1.datalist.*.multiengines.result.OneAV-PWSH",
					"value": "${Threatbook_1.datalist.*.multiengines.result.OneAV-PWSH}"
				}, {
					"label": "Threatbook_1.datalist.*.pstree.process_name.cn",
					"name": "Threatbook_1.datalist.*.pstree.process_name.cn",
					"value": "${Threatbook_1.datalist.*.pstree.process_name.cn}"
				}, {
					"label": "Threatbook_1.datalist.*.network.secret_info",
					"name": "Threatbook_1.datalist.*.network.secret_info",
					"value": "${Threatbook_1.datalist.*.network.secret_info}"
				}, {
					"label": "Threatbook_1.datalist.*.static.basic.sha1",
					"name": "Threatbook_1.datalist.*.static.basic.sha1",
					"value": "${Threatbook_1.datalist.*.static.basic.sha1}"
				}, {
					"label": "Threatbook_1.datalist.*.pstree.children.*.track",
					"name": "Threatbook_1.datalist.*.pstree.children.*.track",
					"value": "${Threatbook_1.datalist.*.pstree.children.*.track}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.submit_time",
					"name": "Threatbook_1.datalist.*.summary.submit_time",
					"value": "${Threatbook_1.datalist.*.summary.submit_time}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.severity",
					"name": "Threatbook_1.datalist.*.signature.*.severity",
					"value": "${Threatbook_1.datalist.*.signature.*.severity}"
				}, {
					"label": "Threatbook_1.datalist.*.permalink",
					"name": "Threatbook_1.datalist.*.permalink",
					"value": "${Threatbook_1.datalist.*.permalink}"
				}, {
					"label": "Threatbook_1.datalist.*.pstree.children.*.pid",
					"name": "Threatbook_1.datalist.*.pstree.children.*.pid",
					"value": "${Threatbook_1.datalist.*.pstree.children.*.pid}"
				}, {
					"label": "Threatbook_1.datalist.*.static.basic.file_name",
					"name": "Threatbook_1.datalist.*.static.basic.file_name",
					"value": "${Threatbook_1.datalist.*.static.basic.file_name}"
				}]
			}, {
				"label": "configuration",
				"value": "${configuration}",
				"children": [{
					"label": "configuration.datalist.*.triggerType",
					"name": "configuration.datalist.*.triggerType",
					"value": "${configuration.datalist.*.triggerType}"
				}, {
					"label": "configuration.datalist.*._req_uuid",
					"name": "configuration.datalist.*._req_uuid",
					"value": "${configuration.datalist.*._req_uuid}"
				}, {
					"label": "configuration.datalist.*.scope.*.aliUid",
					"name": "configuration.datalist.*.scope.*.aliUid",
					"value": "${configuration.datalist.*.scope.*.aliUid}"
				}, {
					"label": "configuration.datalist.*.process.start_time",
					"name": "configuration.datalist.*.process.start_time",
					"value": "${configuration.datalist.*.process.start_time}"
				}, {
					"label": "configuration.status",
					"name": "configuration.status",
					"value": "${configuration.status}"
				}, {
					"label": "configuration.datalist.*.process.proc_id",
					"name": "configuration.datalist.*.process.proc_id",
					"value": "${configuration.datalist.*.process.proc_id}"
				}, {
					"label": "configuration.datalist.*._tenant_id",
					"name": "configuration.datalist.*._tenant_id",
					"value": "${configuration.datalist.*._tenant_id}"
				}, {
					"label": "configuration.datalist.*.process.host_uuid.host_uuid",
					"name": "configuration.datalist.*.process.host_uuid.host_uuid",
					"value": "${configuration.datalist.*.process.host_uuid.host_uuid}"
				}, {
					"label": "configuration.total_data",
					"name": "configuration.total_data",
					"value": "${configuration.total_data}"
				}, {
					"label": "configuration.datalist.*._trigger_user",
					"name": "configuration.datalist.*._trigger_user",
					"value": "${configuration.datalist.*._trigger_user}"
				}, {
					"label": "configuration.datalist.*.process.host_uuid.os_type",
					"name": "configuration.datalist.*.process.host_uuid.os_type",
					"value": "${configuration.datalist.*.process.host_uuid.os_type}"
				}, {
					"label": "configuration.datalist.*.process.cmd_line",
					"name": "configuration.datalist.*.process.cmd_line",
					"value": "${configuration.datalist.*.process.cmd_line}"
				}, {
					"label": "configuration.datalist.*.triggerUser",
					"name": "configuration.datalist.*.triggerUser",
					"value": "${configuration.datalist.*.triggerUser}"
				}, {
					"label": "configuration.datalist.*._domain_id",
					"name": "configuration.datalist.*._domain_id",
					"value": "${configuration.datalist.*._domain_id}"
				}, {
					"label": "configuration.datalist.*.process.file_path.file_path",
					"name": "configuration.datalist.*.process.file_path.file_path",
					"value": "${configuration.datalist.*.process.file_path.file_path}"
				}, {
					"label": "configuration.total_data_with_dup",
					"name": "configuration.total_data_with_dup",
					"value": "${configuration.total_data_with_dup}"
				}, {
					"label": "configuration.total_exe_successful",
					"name": "configuration.total_exe_successful",
					"value": "${configuration.total_exe_successful}"
				}, {
					"label": "configuration.datalist.*.scope.*.cloudCode",
					"name": "configuration.datalist.*.scope.*.cloudCode",
					"value": "${configuration.datalist.*.scope.*.cloudCode}"
				}, {
					"label": "configuration.total_data_successful",
					"name": "configuration.total_data_successful",
					"value": "${configuration.total_data_successful}"
				}, {
					"label": "configuration.total_exe",
					"name": "configuration.total_exe",
					"value": "${configuration.total_exe}"
				}, {
					"label": "configuration.datalist.*.scope.*.userId",
					"name": "configuration.datalist.*.scope.*.userId",
					"value": "${configuration.datalist.*.scope.*.userId}"
				}, {
					"label": "configuration.datalist.*._region_id",
					"name": "configuration.datalist.*._region_id",
					"value": "${configuration.datalist.*._region_id}"
				}, {
					"label": "configuration.datalist.*.process.file_path.hash_value",
					"name": "configuration.datalist.*.process.file_path.hash_value",
					"value": "${configuration.datalist.*.process.file_path.hash_value}"
				}]
			}]
		},
		"isNode": true
	}, {
		"shape": "custom-edge",
		"attrs": {
			"line": {
				"stroke": "#d93026",
				"targetMarker": {
					"stroke": "#d93026"
				}
			}
		},
		"zIndex": 1,
		"id": "ae6ca05c-ebd1-41f1-a94d-489fdc308861",
		"data": {
			"nodeType": "sequenceFlow",
			"appType": "basic"
		},
		"router": {
			"name": "manhattan",
			"args": {
				"padding": 5,
				"excludeHiddenNodes": true,
				"excludeNodes": ["clone_node_id"]
			}
		},
		"source": {
			"cell": "58d87b7d-28d9-4f0e-b135-4adc4f1a70e4"
		},
		"visible": true,
		"target": {
			"cell": "e0082b2e-d82c-464f-a22f-9b67eb47a363"
		}
	}, {
		"shape": "custom-edge",
		"attrs": {
			"line": {
				"stroke": "#d93026",
				"targetMarker": {
					"stroke": "#d93026"
				}
			}
		},
		"zIndex": 1,
		"id": "8f084c6d-9afd-4ecb-8c9d-3c7824f9de2f",
		"data": {
			"nodeType": "sequenceFlow",
			"appType": "basic"
		},
		"router": {
			"name": "normal"
		},
		"source": {
			"cell": "58d87b7d-28d9-4f0e-b135-4adc4f1a70e4"
		},
		"visible": true,
		"target": {
			"cell": "8afdafcc-32aa-4ab2-b8b2-abafc4314e85"
		},
		"vertices": [{
			"x": -382,
			"y": -22
		}]
	}, {
		"shape": "custom-edge",
		"attrs": {
			"line": {
				"stroke": "#63ba4d",
				"targetMarker": {
					"stroke": "#63ba4d"
				}
			}
		},
		"zIndex": 1,
		"id": "e55e80d8-fab6-42ac-91ab-da7697ec80dd",
		"data": {
			"nodeType": "sequenceFlow",
			"appType": "basic"
		},
		"router": {
			"name": "normal"
		},
		"source": {
			"cell": "19fca1bc-4cf1-491e-9ae4-ee5d3f0c2f61"
		},
		"visible": true,
		"target": {
			"cell": "317dd1be-2d20-460e-977e-1fc936ffb583"
		},
		"vertices": [{
			"x": 158,
			"y": -247
		}]
	}, {
		"shape": "custom-edge",
		"attrs": {
			"line": {
				"stroke": "#d93026",
				"targetMarker": {
					"stroke": "#d93026"
				}
			}
		},
		"zIndex": 1,
		"id": "ba2021dc-533b-4ba3-a1a7-69f05f3c7515",
		"data": {
			"nodeType": "sequenceFlow",
			"appType": "basic"
		},
		"router": {
			"name": "manhattan",
			"args": {
				"padding": 5,
				"excludeHiddenNodes": true,
				"excludeNodes": ["clone_node_id"]
			}
		},
		"source": {
			"cell": "8afdafcc-32aa-4ab2-b8b2-abafc4314e85"
		},
		"visible": true,
		"target": {
			"cell": "317dd1be-2d20-460e-977e-1fc936ffb583"
		}
	}, {
		"shape": "custom-edge",
		"attrs": {
			"line": {
				"stroke": "#d93026",
				"targetMarker": {
					"stroke": "#d93026"
				}
			}
		},
		"zIndex": 1,
		"id": "c3c22836-585a-4f5e-a3ec-92ecedfad6ba",
		"data": {
			"nodeType": "sequenceFlow",
			"appType": "basic"
		},
		"router": {
			"name": "manhattan",
			"args": {
				"padding": 5,
				"excludeHiddenNodes": true,
				"excludeNodes": ["clone_node_id"]
			}
		},
		"source": {
			"cell": "e0082b2e-d82c-464f-a22f-9b67eb47a363"
		},
		"visible": true,
		"target": {
			"cell": "317dd1be-2d20-460e-977e-1fc936ffb583"
		}
	}]
}

fileReport

获取文件详细的静态分析&动态分析报告，包括文件的概要信息、网络行为、行为签名、静态信息、释放行为、进程行为、反病毒扫描引擎检测结果。

说明

微步在线参考文档文件信誉报告。

输入参数说明

参数	描述	示例
userId	关联的阿里云账号ID。重要支持填写为被当前阿里云账号纳管的成员账号ID，如何添加成员账号请参考多账号安全管理。不填默认为当前阿里云账号。	XXX
clouldUserId	微步在线账号ID，详情参见前提条件。	7f7c*************7fcca4
resource	文件的hash值，用于获取分析报告。支持sha256/sha1/md5。	44d88612*************1278abb02f

输出参数说明

参数	说明
multiengines	反病毒扫描引擎检测结果。JSON对象，具体内容项描述如下： result：每个扫描引擎检测结果说明如下：无检出：显示为safe。有检出：显示具体的检出的病毒结果标签。 scan_time：多引擎扫描样本的具体时间，如：2019-10-22 16:17:48
summary	概要信息。JSON对象，具体内容项描述如下： threat_level：威胁等级，为结合静态、反病毒多引擎、多沙箱环境动态分析后结果的综合判定结果。 malicious：恶意 suspicious：可疑 clean：安全 unknown：未知 malware_type：威胁分类。样本威胁分类全集参见样本威胁分类全集。 malware_family：病毒家族，如Xorddos等。 is_whitelist：是否为白名单文件。 true 是白名单。 false不是白名单。 submit_time：文件提交时间，示例如：2019-01-22 17:36:21。 file_name：文件名称。 file_type：文件类型。 sample_sha256：文件的 Hash 值。 md5：文件的MD5值。 sha1：文件的SHA1值。 scenes：场景检测。 Cybercrime：黑产样本。 CS_Detect：CobaltStrike木马样本。 RT_Tools：红队工具。 Exploit：漏洞利用。 HW202X：重保样本，根据年份而定。 tag：标签。JSON对象，包含内容项如下： s：静态标签。JSON数组。如：”时间戳异常”等。部分常见标签参见部分常见样本标签。 x：反病毒引擎检测标签。 threat_score：威胁评分值。 sandbox_type：本次指定获取的沙箱运行分析环境。运行环境全集参见沙箱运行环境全集。 sandbox_type_list：样本分析成功的所有沙箱运行环境列表。 multi_engines：反病毒扫描引擎检出率。
signature	行为签名。JSON数组，每个item包含内容项如下： severity：严重等级，int类型。数字越高等级越高。 references：引用， JSON数组。 sig_class：签名分类。 name：签名名称。 description：行为描述。 markcount：标记计数。 marks：签名原始数据，JSON数组。 families：样本家族，JSON数组。 attck_id：ATT&CK ID。 attck_info：ATT&CK 详情，JSON数组。
static	静态信息，JSON对象。所有静态信息报告响应示例参见文件静态信息报告响应示例全集。
pstree	进程行为。
network	网络行为。 fingerprint：指纹信息，JSON数组。 tls:：TLS协议，JSON数组。 udp：UDP协议，JSON数组。 dns_servers：DNS服务，JSON数组。 http：HTTP协议，JSON数组。 irc：IRC 协议，JSON数组。 smtp：SMTP协议，JSON数组。 tcp： TCP协议，JSON数组。 smtp_ex：SMTP 协议数据扩充，JSON数组。 mitm：中间人，JSON数组。 hosts：网络主机，JSON数组。 dns：域名系统，JSON数组。 http_ex：HTTP 协议数据扩充，JSON数组。 domains：域名，JSON数组。 dead_hosts：失联主机，JSON数组。 icmp：ICMP协议，JSON数组。 https_ex：HTTPS 协议数据扩充，JSON数组。
dropped	释放行为。JSON数组，每个item包含内容如下： sha1：文件sha1值，字符串类型。 sha256：文件 sha256值，字符串类型。 md5：文件md5值，字符串类型。 urls：URLs提取，JSON数组。 size：文件大小，int类型。 filepath：文件路径，字符串类型。 name：文件名称，字符串类型。 crc32：文件CRC32，字符串类型。 ssdeep：文件SSDeep值，字符串类型。 type：文件类型，字符串类型。 yara：YARA，JSON数组。
strings	字符串相关。JSON对象，每个item包含内容如下： sha256：从文件中提取的字符串，根据sha256变化，对应文件本身静态字符，数组类型。 pcap：从流量中提取的字符串，数组类型。
permalink	web沙箱报告页网址。

iocReport

针对办公网/生产网等对外访问场景的IP/域名进行分析，通过判定规则精准判别IP/域名是否恶意、风险严重级别、可信度级别，准确识别远控（C2）、恶意软件（Malware）、矿池威胁，提供相关安全事件或团伙标签等。

说明

微步在线参考文档失陷检测。

输入参数说明

参数	描述	示例
userId	关联的阿里云账号ID。重要支持填写为被当前阿里云账号纳管的成员账号ID，如何添加成员账号请参考多账号安全管理。不填默认为当前阿里云账号。	XXX
clouldUserId	微步在线账号ID，详情参见前提条件。	7f7c*************7fcca4
resource	IP地址或域名，支持批量查询。最多100个，以逗号分隔。说明 IP可带端口查询。	test.com或0.0.0.0:80。

输出参数说明

类型	参数	说明
ip	is_malicious	是否为恶意。 true 表示恶意。 false 表示非恶意。
	confidence_level	可信度评级。 high：高 medium：中 low：低
	severity	情报的综合危害程度。 critical：严重 high：高 medium：中 low：低 info：无威胁
	judgments	威胁类型，根据IOC的恶意属性，包含不同类型：恶意 C2：远控 Sinkhole C2：安全机构接管C2 MiningPool：矿池 CoinMiner：私有矿池 Malware：恶意软件非恶意 Whitelist：白名单 Info：基础信息。说明 Info相关子类参见威胁类型全集。
	tags_classes	相关攻击团伙或安全事件信息，JSON数组，每个item包含字段说明如下： tags_type：标签类别，如”industry(行业)”、”gangs（团伙）”、”virus_family（家族）”等 tags：具体的攻击团伙或安全事件标签，例如：APT、海莲花等。
	permalink	情报详情链接。指向该IP/域名完整情报分析页面的URL。
domain（域名）	categories	域名分类，json对象，每一个item包含的字段说明如下： first_cats：一级分类，是一个数组 second_cats：二级分类，是一个字符串其他字段说明同上“ips”。

ipReport

说明

微步在线参考文档IP 信誉。

输入参数说明

参数	描述	示例
userId	关联的阿里云账号ID。重要支持填写为被当前阿里云账号纳管的成员账号ID，如何添加成员账号请参考多账号安全管理。不填默认为当前阿里云账号。	XXX
clouldUserId	微步在线账号ID，详情参见前提条件。	7f7c*************7fcca4
resource	IP地址，支持批量查询。最多100个，以逗号分隔。	0.0.0.0

输出参数说明

参数	说明
basic	basic返回是一个JSON对象，字段说明如下： carrier: 运营商/服务商 location: ip对应的位置信息，JSON对象，说明如下： country：国家 country_code：国家代码 province：省 city：城市 lng：经度 lat：纬度
is_malicious	是否为恶意IP。 true代表恶意。 false代表非恶意。
confidence_level	可信度，通过情报来源及可信度模型判别出来的恶意可信度程度。 low：低 medium：中 high：高
severity	严重级别，表示该情报的危害程度。 critical：严重 high：高 medium：中 low：低 info：无危胁
judgments	从威胁情报中分析，提取出来的综合判定威胁类型，JSON数组。恶意的类型： Spam：垃圾邮件 Zombie：傀儡机 Scanner：扫描 Exploit：漏洞利用 Botnet：僵尸网络 Brute Force：暴力破解说明 Brute Force相关子类，参见威胁类型全集。非恶意的类型： Whitelist：白名单。 Info：基础信息。
tags_classes	相关攻击团伙或安全事件信息，JSON数组，每个item包含字段说明如下： tags_type：标签类别，如"industry（行业）"、"gangs（团伙）"、"virus_family（家族）"等。 tags：具体的攻击团伙或安全事件标签，例如：Mirai等。
asn	asn信息。一个JSON对象，包含： number：ASN号码。 info：AS名称。 rank：风险值（0~4，越大代表风险越高）。
update_time	情报的最近更新时间。
scene	应用场景。如：企业专线，数据中心等，全集请见应用场景分类。
feature	资产特征。一个JSON数组，包含： category：分类。具体分类说明参见IP信誉 · 高级字段分类说明。 tag_name：具体的资产特征标签。 tag_desc：标签对应的描述。
entity	归属实体。一个JSON数组，包含： category：一级分类。具体分类说明参见IP信誉 · 高级字段分类说明。 type：二级分类。 tag_name：具体的归属实体标签。 tag_desc：标签对应的描述。
hist_behavior	攻击行为，一个JSON数组，包含： category：分类。具体分类说明参见IP信誉 · 高级字段分类说明。 tag_name：具体的攻击行为标签。 tag_desc：标签对应的描述。 vuln_id：当分类为“漏洞利用”时，具体的漏洞编号信息。
evaluation	影响评估。一个JSON对象，包含： active：活跃度。 high：高 medium：中 low：低 honeypot_hit：蜜罐是否捕获过。 true代表被蜜罐捕获过。 false代表未被蜜罐捕获过。
fraud	欺诈作弊行为。一个JSON数组，包含： tag_name：具体的欺诈作弊行为标签。 tag_desc：标签对应的描述。
permalink	IP对应的情报查询结果页链接。

参考文档

若想了解微步在线响应状态码和响应说明，请参见响应状态码和Msg说明。

配置项	说明
厂商	微步在线。
产品	情报云API。
账户ID	微步在线账户ID。
API KEY	微步在线API KEY。