tencent cloud

APIs

ドキュメントAPIsCloud Workload Protection PlatformData Types

Data Types

ダウンロード
フォーカスモード
フォントサイズ
最終更新日: 2026-06-18 16:11:31

ABTestConfig

Grayscale project configuration

Used by actions: DescribeABTestConfig.

Name Type Description
ProjectName String Greyscale project name
Status Boolean true: grayscale release in progress; false: grayscale release not in progress.

AccountStatistics

Account stats.

Used by actions: DescribeAccountStatistics.

Name Type Description
Username String Username
MachineNum Integer Number of hosts

AlarmInfo

Information on alarms associated with the node

Used by actions: DescribeVertexDetail.

Name Type Description
AlarmId String Table names of IDs of alarms associated with the node. Separate multiple pairs with commas. Example: t1:id1,t2:id2
Status Integer Alarm status. This parameter takes effect when this node is an alarm node.

AssetAppBaseInfo

Basic information on the resource management process

Used by actions: DescribeAssetAppList.

Name Type Description
MachineIp String Host private IP address
MachineName String Host name
MachineWanIp String Host public IP address
Uuid String Host UUID
Quuid String Host QUUID
ProjectId Integer Host business group ID
Tag Array of MachineTag Host tag
Name String Application name
Type Integer Application type
1: operations
2: database
3: Security
4: suspicious application
5: system architecture
6: system application
7: web service
99: other
BinPath String Binary path
OsInfo String Operating System Information
ProcessCount Integer Number of associated processes
Desc String Application description
Version String Version No.
ConfigPath String Configuration file path
FirstTime String First collection time
UpdateTime String Data update time
IsNew Integer Whether it is newly added [0: no
MachineExtraInfo MachineExtraInfo Additional information

AssetAppProcessInfo

Software application-related process information

Used by actions: DescribeAssetAppProcessList, DescribeAssetJarInfo, DescribeAssetWebServiceProcessList.

Name Type Description
Name String Name
Status String Process status
Version String Process version
Path String Path
User String User
StartTime String Startup time

AssetCoreModuleBaseInfo

List of information on the asset management kernel module

Used by actions: DescribeAssetCoreModuleList.

Name Type Description
Name String Name
Desc String Description
Path String Path
Version String Version
MachineIp String Server IP
MachineName String Server name
OsInfo String Operating system
Size Integer Module size
ProcessCount Integer Number of dependent processes
ModuleCount Integer Number of dependent modules
Id String Module ID
Quuid String Host QUUID
Uuid String Host UUID
UpdateTime String Data update time
FirstTime String First collection time
IsNew Integer Whether new [0: no
MachineWanIp String Server Public IP
MachineExtraInfo MachineExtraInfo Additional information

AssetCoreModuleDetail

Details of the asset management kernel module

Used by actions: DescribeAssetCoreModuleInfo.

Name Type Description
Name String Name
Desc String Description
Path String Path
Version String Version
Size Integer Size
Processes String Dependent processes
Modules String Dependent modules
Params Array of AssetCoreModuleParam Parameter information.
UpdateTime String Data update time

AssetCoreModuleParam

Parameters of the asset management kernel module

Used by actions: DescribeAssetCoreModuleInfo.

Name Type Description
Name String Name
Data String Data

AssetDatabaseBaseInfo

Resource management database list information

Used by actions: DescribeAssetDatabaseList.

Name Type Description
MachineIp String Host private IP address
MachineWanIp String Host public IP address
Quuid String Host QUUID
Uuid String Host UUID
OsInfo String Operating System Information
ProjectId Integer Host business group ID
Tag Array of MachineTag Host tag
Name String Database name
Version String Version
Port String Listening port
Proto String Protocol
User String Running user
Ip String Bound IP
ConfigPath String Configuration file path
LogPath String Log file path
DataPath String Data path
Permission String Running permission
ErrorLogPath String Error log path
PlugInPath String Plugin path
BinPath String Binary path
Param String Startup parameter
Id String Database ID
UpdateTime String Data update time
FirstTime String First collection time
IsNew Integer Whether newly added [0: no
MachineName String Host name
MachineExtraInfo MachineExtraInfo Additional information

AssetDatabaseDetail

Resource management database list information

Used by actions: DescribeAssetDatabaseInfo.

Name Type Description
MachineIp String Host private IP address
MachineWanIp String Host public IP address
Quuid String Host QUUID
Uuid String Host UUID
OsInfo String Operating System Information
Name String Database name
Version String Version
Port String Listening port
Proto String Protocol
User String Running user
Ip String Bind IP
ConfigPath String Configuration file path
LogPath String Log file path
DataPath String Data path
Permission String Running permission
ErrorLogPath String Error log path
PlugInPath String Plugin path
BinPath String Binary path
Param String Startup parameter
UpdateTime String Data update time

AssetDiskPartitionInfo

Asset management disk partition information

Used by actions: DescribeAssetDiskList, DescribeAssetMachineDetail.

Name Type Description
Name String Partition name
Size Integer Partition size (unit: G)
Percent Float Partition utilization
Type String File system type
Path String Mounting directory
Used Integer Used space (unit: G)

AssetEnvBaseInfo

List of asset management environment variables

Used by actions: DescribeAssetEnvList.

Name Type Description
Name String Name
Type Integer Type:
0: user variable
1: system variable
User String Startup user
Value String Environment variable value
MachineIp String Server IP
MachineName String Server name
OsInfo String Operating system
Quuid String Host QUUID
Uuid String Host UUID
UpdateTime String Data update time
FirstTime String First collection time
IsNew Integer Whether new [0: no
MachineWanIp String Server Public IP
MachineExtraInfo MachineExtraInfo Additional information

AssetFilters

Container security
Description key-value pair filter, which is used for conditional filtering queries. For example, filter by ID, name, and status.
If there are multiple Filters, the logical relationship between them is AND.
If there are multiple Values in the same Filter, the logical relationship between the Values under the same Filter is OR.

Used by actions: DescribeAssetAppList, DescribeAssetCoreModuleList, DescribeAssetDatabaseList, DescribeAssetEnvList, DescribeAssetInitServiceList, DescribeAssetJarList, DescribeAssetPlanTaskList, DescribeAssetWebServiceInfoList, DescribeLoginWhiteHostList, ExportAssetAppList, ExportAssetCoreModuleList, ExportAssetDatabaseList, ExportAssetEnvList, ExportAssetInitServiceList, ExportAssetJarList, ExportAssetPlanTaskList, ExportAssetWebServiceInfoList.

Name Type Required Description
Name String Yes Name of filter key
Values Array of String Yes One or more filter values
ExactMatch Boolean No Whether to use fuzzy query

AssetInitServiceBaseInfo

List of asset management startup services

Used by actions: DescribeAssetInitServiceList.

Name Type Description
Name String Name
Type Integer Type:
1: Encoder
2: IE plugin
3: Network provider
4: Mirror hijacking
5: LSA provider
6:KnownDLLs
7: Start execution
8:WMI
9: Scheduled task
10: Winsock provider
11: Print monitor
12: Resource manager
13: Driver service
14: Log-in
Status Integer Default enabling status: 0 - disabled; 1 - enabled
User String Startup user
Path String Path
MachineIp String Server IP
MachineName String Name
OsInfo String Operating system
Quuid String Host QUUID
Uuid String Host UUID
UpdateTime String Data update time
FirstTime String First collection time
IsNew Integer Whether newly added [0: no
MachineWanIp String Server Public IP
MachineExtraInfo MachineExtraInfo Additional information
IsAutoRun Integer Start at boot [0: No

AssetJarBaseInfo

List of asset management JAR packages

Used by actions: DescribeAssetJarList.

Name Type Description
Name String Name
Type Integer Type. 1: application; 2: system class library; 3: web service built-in library; 8: others.
Status Integer Whether it is executable. 0: unknown; 1: yes; 2: no.
Version String Version
Path String Path
MachineIp String Server IP address
MachineName String Server name
OsInfo String Operating system
Id String JAR package ID
Md5 String JAR package Md5
Quuid String Host QUUID
Uuid String Host UUID
UpdateTime String Data update time
FirstTime String First collection time
IsNew Integer Whether it is newly added [0: no
MachineWanIp String Server public IP
MachineExtraInfo MachineExtraInfo Additional information

AssetJarDetail

Asset management jar package details

Used by actions: DescribeAssetJarInfo.

Name Type Description
Name String Name
Type Integer Type: 1: application; 2: system library; 3: Web service built-in library; 8: other
Status Integer Whether executable: 0: unknown; 1: yes; 2: no
Version String Version
Path String Path
MachineIp String Server IP
MachineName String Server name
OsInfo String Operating system
Process Array of AssetAppProcessInfo Reference process list.
Md5 String JAR package Md5
UpdateTime String Data update time

AssetKeyVal

Generic data structure of Key-val type

Used by actions: DescribeAssetAppCount, DescribeAssetDatabaseCount, DescribeAssetHostTotalCount, DescribeAssetMachineTagTop, DescribeAssetPortCount, DescribeAssetProcessCount, DescribeAssetRecentMachineInfo, DescribeAssetTotalCount, DescribeAssetTypeTop, DescribeAssetUserCount, DescribeAssetWebAppCount, DescribeAssetWebFrameCount, DescribeAssetWebLocationCount, DescribeAssetWebServiceCount.

Name Type Description
Key String Tag
Value Integer Quantity
Desc String Description information
NewCount Integer Number of new key-value pairs today

AssetLoadDetail

Asset management load information

Used by actions: DescribeAssetLoadInfo.

Name Type Description
MachineName String Host name
Desc String Description
Value Float Load
Quuid String Host QUUID
Uuid String Host UUID

AssetLoadSummary

Resource load overview

Used by actions: DescribeAssetLoadInfo.

Name Type Description
Counts Array of Integer Load amount array, in ascending order:
[
0% or unknown quantity
0%~20%
20%~50%
50%~80%
80%~100%
]
Top5 Array of AssetLoadDetail Top 5 Load

AssetMachineBaseInfo

Basic information on the server list in asset fingerprint

Used by actions: DescribeAssetMachineList.

Name Type Description
Quuid String Server QUUID
Uuid String Server UUID
MachineIp String Private IP address of server
MachineName String Server name
OsInfo String Operating system name
Cpu String CPU information
MemSize Integer Memory capacity, in GB
MemLoad String Memory utilization, in percentage
DiskSize Integer Hard disk capacity, in GB
DiskLoad String Hard disk utilization, in percentage
PartitionCount Integer Number of partitions
MachineWanIp String Host public IP address
ProjectId Integer Business group ID
CpuSize Integer CPU count
CpuLoad String CPU utilization, in percentage
Tag Array of MachineTag Tag.
UpdateTime String Data update time
IsNew Integer Whether it is newly added [0 - no;1 - yes]
FirstTime String First collection time
MachineExtraInfo MachineExtraInfo Additional information
CpuLoadNum String CPU load readings (only valid for Linux systems).

AssetMachineDetail

Basic information on the server list in asset fingerprint

Used by actions: DescribeAssetMachineDetail.

Name Type Description
Quuid String Server QUUID
Uuid String Server UUID
MachineIp String Private IP address of server
MachineName String Server name
OsInfo String Operating system name
Cpu String CPU information
MemSize Integer Memory capacity, in GB
MemLoad String Memory utilization, in percentage
DiskSize Integer Hard disk capacity, in GB
DiskLoad String Hard disk usage, in percentage
PartitionCount Integer Number of partitions
MachineWanIp String Host public IP address
CpuSize Integer Number of CPU
CpuLoad String CPU load
ProtectLevel Integer Protection level: 0 Basic version, 1 Pro edition, 2 Flagship edition, 3 Lightweight edition
RiskStatus String Risk status: UNKNOW - unknown; RISK - risky; SAFT - Safe
ProtectDays Integer Days protected
BuyTime String Professional edition activation time
EndTime String Professional edition expiration time
CoreVersion String Kernel version
OsType String Linux/Windows
AgentVersion String Agent version
InstallTime String Installation time
BootTime String System startup time
LastLiveTime String Last online time
Producer String Manufacturer
SerialNumber String Serial number
NetCards Array of AssetNetworkCardInfo Network interface
Disks Array of AssetDiskPartitionInfo Partition
Status Integer 0: online; 1: offline
ProjectId Integer Business group ID
DeviceVersion String Server model
OfflineTime String Offline time
InstanceId String Host ID
UpdateTime String Data update time
MachineExtraInfo MachineExtraInfo Host Additional Information
CpuLoadVul String CpuLoadVul
FirstTime String Time

AssetNetworkCardInfo

Asset management network interface information

Used by actions: DescribeAssetMachineDetail.

Name Type Description
Name String Network interface name
Ip String IPv4 address
GateWay String Gateway
Mac String MAC address
Ipv6 String IPv6 address
DnsServer String DNS server

AssetPlanTask

List of asset management plan tasks

Used by actions: DescribeAssetPlanTaskList.

Name Type Description
Status Integer Default enabling status. 1 - enabled; 2 - not enabled
Cycle String Execution cycle
Command String Execute command or script
User String Startup user
ConfigPath String Configuration file path
MachineIp String Server IP
MachineName String Name
OsInfo String Operating system
Quuid String Host QUUID
Uuid String Host UUID
UpdateTime String Data update time
FirstTime String First collection time
IsNew Integer Whether newly added [0: no
MachineWanIp String Server Public IP
MachineExtraInfo MachineExtraInfo Additional information

AssetPortBaseInfo

Basic information of resource management account

Used by actions: DescribeAssetPortInfoList.

Name Type Description
MachineIp String Private IP address of the host
MachineWanIp String Public IP address of the host
Quuid String Host QUUID
Uuid String Host UUID
OsInfo String Operating System Information
ProjectId Integer Host business group ID
Tag Array of MachineTag Host tag
ProcessName String Process name
ProcessVersion String Process version
ProcessPath String Process path
Pid String Process ID
User String Running user
StartTime String Start time
Param String Start parameter
Teletype String Process TTY
Port String Port
GroupName String User group
Md5 String Process MD5
Ppid String Parent process ID
ParentProcessName String Parent process name
Proto String Port protocol
BindIp String Bound IP
MachineName String Host name
UpdateTime String Data update time
FirstTime String First collection time
IsNew Integer Whether to add [0: no
MachineExtraInfo MachineExtraInfo Additional information

AssetProcessBaseInfo

Basic information on the resource management process

Used by actions: DescribeAssetProcessInfoList.

Name Type Description
MachineIp String Host private IP address
MachineWanIp String Host public IP address
Quuid String Host QUUID
Uuid String Host UUID
OsInfo String Operating System Information
ProjectId Integer Host business group ID
Tag Array of MachineTag Host tag
Name String Process name
Desc String Process description
Path String Process path
Pid String Process ID
User String Running user
StartTime String Startup time
Param String Startup parameter
Tty String Process TTY
Version String Process version
GroupName String Process user group
Md5 String Process MD5
Ppid String Parent process ID
ParentProcessName String Parent process name
Status String Process status
HasSign Integer Digital signature: 0: none; 1: yes; 999: null (for Windows only).
InstallByPackage Integer Whether to install the package. 0: no; 1: yes; 999: null (Linux only).
PackageName String Software package name
MachineName String Host name
UpdateTime String Data update time
FirstTime String First collection time
IsNew Integer Whether new [0: no
MachineExtraInfo MachineExtraInfo Additional information

AssetSystemPackageInfo

Information on resource management system installation package list

Used by actions: DescribeAssetSystemPackageList.

Name Type Description
Name String Database name
Desc String Description
Version String Version
InstallTime String Installation time
Type String Type
MachineName String Host name
MachineIp String Host IP
OsInfo String Operating system
UpdateTime String Data update time
FirstTime String First collection time
IsNew Integer Whether newly added [0: no
MachineExtraInfo MachineExtraInfo Additional information
Quuid String Host ID
Uuid String Agent Id

AssetType

Asset fingerprint type description

Used by actions: DescribeAssetTypes.

Name Type Description
Id Integer Type ID
Name String Type name

AssetUserBaseInfo

Resource management account basic information

Used by actions: DescribeAssetUserList.

Name Type Description
MachineIp String Host private IP address
MachineWanIp String Host public IP address
MachineName String Host name
OsInfo String Operating System Information
Uuid String Host UUID
Quuid String Host QUUID
Uid String Account UID
Gid String Account GID
Status Integer Account status. 0: disabled; 1: enabled
IsRoot Integer Whether there is root permission. 0: no; 1: yes; 999: null (Linux only)
LoginType Integer Log-in method. 0: log-in not allowed; 1: only key-based log-in allowed; 2: only password-based log-in allowed; 3: both key-based log-in and password-based log-in allowed; 999: null (Linux only)
LastLoginTime String Last log-in time
Name String Account name
ProjectId Integer Host business group ID
UserType Integer Account type. 0: guest user; 1: standard user; 2: administrator user; 999: null (for Windows only).
IsDomain Integer Whether it is a domain account: 0: no; 1: yes; 2: no; 999: null (for Windows only).
IsSudo Integer Whether there is sudo permissions: 1: yes; 0: No; 999: null (Linux only)
IsSshLogin Integer Whether ssh log-in allowed. 1: yes; 0: no; 999: null (Linux only)
HomePath String Home directory
Shell String Shell path (Linux only)
ShellLoginStatus Integer Whether shell log-in allowed. 0: no; 1: yes (Linux only)
PasswordChangeTime String Password modification time
PasswordDueTime String Password expiration time (Linux only)
PasswordLockDays Integer Password locking time (unit: day): -1 - never locked; 999 - null (Linux only)
PasswordStatus Integer Password status: 1 - normal; 2 - expiring soon; 3 - expired; 4 - locked; 999 - null (Linux only)
UpdateTime String Update time
FirstTime String First collection time
IsNew Integer Whether new [0: no
MachineExtraInfo MachineExtraInfo Additional information

AssetUserDetail

Basic information for resource management account

Used by actions: DescribeAssetUserInfo.

Name Type Description
MachineIp String Host private IP address
MachineName String Host name
Uuid String Host UUID
Quuid String Host QUUID
Uid String Account UID
Gid String Account GID
Status Integer Account status. 0: disabled; 1: enabled.
IsRoot Integer Whether there is root permission. 0: no; 1: yes; 999: null (Linux only).
LastLoginTime String Last log-in time
Name String Account name
UserType Integer Account type. 0: guest user; 1: standard user; 2: administrator user; 999: null (for Windows only).
IsDomain Integer Whether it is a domain account: 0: no; 1: yes; 999: null (for Windows only).
IsSshLogin Integer Whether SSH log-in allowed. 1: yes; 0: no; 999: null (Linux only).
HomePath String Home directory
Shell String Shell path (Linux only)
ShellLoginStatus Integer Whether shell log-in allowed. 0: no; 1: yes (Linux only).
PasswordChangeTime String Password modification time
PasswordDueTime String Password expiration time (Linux only)
PasswordLockDays Integer Password locking time (unit: day). -1: never locked; 999: null (Linux only).
Remark String Remarks
GroupName String User group name
DisableTime String Account expiration time
LastLoginTerminal String Last log-in terminal
LastLoginLoc String Last log-in location
LastLoginIp String Last log-in IP address
PasswordWarnDays Integer Password expiration reminder, in days
PasswordChangeType Integer Password change settings. 0: not allowed; 1: allowed.
Keys Array of AssetUserKeyInfo User public key list.
UpdateTime String Data update time

AssetUserKeyInfo

Details of the asset management account key

Used by actions: DescribeAssetUserInfo, DescribeAssetUserKeyList.

Name Type Description
Value String Public key value
Comment String Public key remarks
EncryptType String Encryption method

AssetWebAppBaseInfo

List of the information on the resource management web application

Used by actions: DescribeAssetWebAppList.

Name Type Description
MachineIp String Host private IP address
MachineWanIp String Host public IP address
Quuid String Host QUUID
Uuid String Host UUID
OsInfo String Operating system information
ProjectId Integer Host business group ID
Tag Array of MachineTag Host tag
Name String Application name
Version String Version
RootPath String Root path
ServiceType String Service type
Domain String Site domain name
VirtualPath String Virtual path
PluginCount Integer Number of plugins
Id String Application ID
Desc String Application description
MachineName String Host name
UpdateTime String Data update time
FirstTime String First collection time
IsNew Integer Whether it is newly added [0: no
MachineExtraInfo MachineExtraInfo Additional information

AssetWebAppPluginInfo

Details of web application plugin for asset management

Used by actions: DescribeAssetWebAppPluginList.

Name Type Description
Name String Name
Desc String Description
Version String Version
Link String Link

AssetWebFrameBaseInfo

Resource management Web application list information

Used by actions: DescribeAssetWebFrameList.

Name Type Description
MachineIp String Host private IP address
MachineWanIp String Host public IP address
Quuid String Host QUUID
Uuid String Host UUID
OsInfo String Operating System Information
ProjectId Integer Host business group ID
Tag Array of MachineTag Host tag
Name String Web application name.
Version String Version
Lang String Language
ServiceType String Service type
MachineName String Host name
UpdateTime String Data update time
FirstTime String First collection time
IsNew Integer Whether new [0: no
MachineExtraInfo MachineExtraInfo Additional information
Path String Application path

AssetWebLocationBaseInfo

Asset management Web site list information

Used by actions: DescribeAssetWebLocationList.

Name Type Description
Uuid String Host UUID
Quuid String Host QUUID
MachineIp String Private IP address
MachineWanIp String Public IP address
MachineName String Host name
OsInfo String Operating system
Name String Domain name
Port String Site port
Proto String Site protocol
ServiceType String Service type
PathCount Integer Number of site paths
User String Running user
MainPath String Home directory
MainPathOwner String Home directory owner
Permission String Owner permissions
ProjectId Integer Host business group ID
Tag Array of MachineTag Host tag
Id String Web site ID
UpdateTime String Data update time
FirstTime String First collection time
IsNew Integer Whether it is newly added [0: no
MachineExtraInfo MachineExtraInfo Additional information

AssetWebLocationInfo

Asset management Web site list information

Used by actions: DescribeAssetWebLocationInfo.

Name Type Description
Name String Domain name
Port String Site port
Proto String Site protocol
ServiceType String Service type
SafeStatus Integer Security module status. 0: not enabled; 1: enabled; 999: null (nginx only)
User String Running user
MainPath String Home directory
Command String Startup command
Ip String Bind IP
UpdateTime String Data update time

AssetWebLocationPath

Virtual directory of the asset management web site

Used by actions: DescribeAssetWebLocationPathList.

Name Type Description
VirtualPath String Virtual path
RealPath String Physical path
User String File owner
Group String File group
Permission String File permission

AssetWebServiceBaseInfo

List information on resource management Web service

Used by actions: DescribeAssetWebServiceInfoList.

Name Type Description
MachineIp String Private IP address of a host
MachineWanIp String Public IP address of a host
Quuid String Host QUUID
Uuid String Host UUID
OsInfo String Operating System Information
ProjectId Integer Host business group ID
Tag Array of MachineTag Host tag
Name String Service name
Version String Version
BinPath String Binary path
User String Startup user
InstallPath String Installation path
ConfigPath String Configuration path
ProcessCount Integer Number of associated processes
Id String Web Service ID
MachineName String Host name
Desc String Description
UpdateTime String Data update time
FirstTime String First collection time
IsNew Integer Whether newly added [0: no
MachineExtraInfo MachineExtraInfo Additional information

BanWhiteList

Block allowlist rules

Used by actions: CreateBanWhiteList, ModifyBanWhiteList.

Name Type Required Description
Id String No Allowlist IDs
Remark String No Allowlist aliases
SrcIp String No Block source IP
ModifyTime Timestamp No Time of modifying allowlists
CreateTime Timestamp No Time of creating allowlists
Uuid String No Machine associated with the allowlist.
IsGlobal Boolean No Whether the allowlist takes effect globally
Quuids Array of String No Machine list associated with the allowlist

BanWhiteListDetail

List of displayed blocking allowlist information, including the machine information

Used by actions: DescribeBanWhiteList.

Name Type Description
Id String Allowlist ID
Remark String Allowlist alias
SrcIp String Blocking source IP address
ModifyTime Timestamp Allowlist modification time
CreateTime Timestamp Allowlist creation time
IsGlobal Boolean Whether the allowlist takes effect globally
Quuid String Machine UUID
Uuid String CWPP program UUID
MachineIp String Machine IP address
MachineName String Machine name

BaselineBasicInfo

Basic baseline information

Used by actions: DescribeBaselineBasicInfo.

Name Type Description
Name String Baseline name
BaselineId Integer Baseline ID
ParentId Integer Parent id

BaselineCustomRuleIdName

Baseline Custom Rule ID and Name

Used by actions: DescribeIgnoreHostAndItemConfig.

Name Type Description
RuleId Integer Custom rule ID
RuleName String Custom Rule Name

BaselineDetail

Baseline details

Used by actions: DescribeBaselineDetail.

Name Type Description
Description String Baseline description
Level Integer Severity level
PackageName String package name
ParentId Integer Parent id
Name String Baseline name

BaselineDetectParam

Baseline check parameters

Used by actions: StartBaselineDetect.

Name Type Required Description
PolicyIds Array of Integer No Collection of check policies
RuleIds Array of Integer No Collection of check rules
ItemIds Array of Integer No Collection of check items
HostIds Array of String No Collection of checked server IDs

BaselineEffectHost

Information on the host affected by baseline

Used by actions: DescribeBaselineEffectHostList.

Name Type Description
PassCount Integer Passed items
FailCount Integer Risky item
FirstScanTime String First detection event
LastScanTime String Last detection time
Status Integer Risky item processing status. 0: failed; 1: passed.
Quuid String Host QUUID
HostIp String Host IP address
AliasName String Host alias
Uuid String Host UUID
MaxStatus Integer detecting state

BaselineEventLevelInfo

Host information of Top server risks

Used by actions: DescribeBaselineHostTop.

Name Type Description
EventLevel Integer Hazard level: 1-Low-risk; 2-Medium-risk; 3-High-risk; 4-Critical
EventCount Integer Number of vulnerabilities

BaselineHost

Baseline host information

Used by actions: DescribeIgnoreHostAndItemConfig.

Name Type Description
HostId String Host ID
HostName String Host name
HostTag String Host tag
HostIp String Private IP address
WanIp String Public IP address
MachineExtraInfo MachineExtraInfo Host Additional Information

BaselineHostDetect

Baseline Host Detection

Used by actions: DescribeBaselineHostDetectList.

Name Type Description
HostId String Host ID
HostIp String Private IP address
HostName String Host name
WanIp String Public IP address
DetectStatus Integer 0: Failed; 1: Ignored; 3: Passed; 5: Under detection
PassedItemCount Integer Number of Passed Tasks in Detection
ItemCount Integer Associated Detection Item Count
NotPassedItemCount Integer Detection Failure Count
FirstTime String First detection time
LastTime String Last detection Time
Uuid String CWP UUID
MachineExtraInfo MachineExtraInfo Host Additional Information

BaselineHostTopList

Baseline affected servers list data

Used by actions: DescribeBaselineHostTop.

Name Type Description
EventLevelList Array of BaselineEventLevelInfo List of event levels and occurrences
HostName String Host name
Quuid String Host QUUID
Score Integer Score for calculating weight

BaselineInfo

Baseline Information

Used by actions: DescribeBaselineList.

Name Type Description
Name String Baseline name
Level Integer Hazard level: 1-Low-risk; 2-Medium-risk; 3-High-risk; 4-Critical
RuleCount Integer Number of check items
HostCount Integer Number of affected servers
Status Integer Pass status: 0: Failed, 1: Approved
CategoryId Integer Baseline ID
LastScanTime String Last detection time
MaxStatus Integer 5: detecting
BaselineFailCount Integer Baseline risk items

BaselineItem

Baseline Item

Used by actions: DescribeBaselineItemList.

Name Type Description
ItemId Integer Item ID
ItemName String Item Name
CategoryId Integer Detection Item Classification
ItemDesc String Item Description
FixMethod String Fixing Method
RuleName String Rule
DetectResultDesc String Check result description
Level Integer Risk level
DetectStatus Integer Detection Status. 0: Failed; 1: Ignored; 3: Passed; 5: Under detection
HostId String Host ID
HostName String host name
HostIp String Host IP address
WanIp String Public IP address
FirstTime String First Occurrence Time
LastTime String Last Occurrence Time
CanBeFixed Integer Can Be Fixed or Not
Uuid String Host Security UUID
MachineExtraInfo MachineExtraInfo Host Additional Information

BaselineItemDetect

Baseline detection item

Used by actions: DescribeBaselineItemDetectList.

Name Type Description
ItemId Integer Item ID
ItemName String Item Name
ItemDesc String Item Description
FixMethod String Fixing Method
RuleName String Rule
DetectStatus Integer 0: Failed; 1: Ignored; 3: Passed; 5: Under detection
Level Integer Risk level
HostCount Integer Number of affected servers
FirstTime String First detection time
LastTime String Last detection time
DetectResult String Detection result; JSON string.
RuleId Integer Rule ID.
PassedHostCount Integer Number of servers passed.
NotPassedHostCount Integer Number of servers failed.

BaselineItemInfo

Baseline Information

Used by actions: DescribeIgnoreHostAndItemConfig.

Name Type Description
ItemId Integer Baseline Detection Item ID
ItemName String Detection Item Name
RuleId Integer ID of the Rule to Which the Detection Item Belongs
ItemDesc String Detection item description
FixMethod String Remediation Method for Inspection Items
RuleName String Rule Name of Detection Item
Level Integer Risk level
SysRuleId Integer System Rule ID
RelatedCustomRuleInfo Array of BaselineCustomRuleIdName Referenced Custom Rule Information

BaselinePolicy

Baseline policy information

Used by actions: DescribeBaselinePolicyList, ModifyBaselinePolicy.

Name Type Required Description
PolicyName String Yes Policy name, which is no more than 128 English characters in length.
DetectInterval Integer Yes Detection interval [1: 1 day
DetectTime String Yes Detection time
IsEnabled Integer Yes Whether enabled [0: not enabled
AssetType Integer Yes Asset type [0: all Professional and Ultimate editions
PolicyId Integer No Policy ID
RuleCount Integer No Number of associated baseline items
ItemCount Integer No Number of associated baseline items
HostCount Integer No Number of associated baseline hosts
RuleIds Array of Integer No Rule ID
HostIds Array of String No Host ID
HostIps Array of String No Host IP
IsDefault Integer No Whether the system default

BaselineRuleInfo

Baseline detection information

Used by actions: DescribeBaselineRule.

Name Type Description
RuleName String Detection item name
Description String Detection item description
FixMessage String Fixing suggestion
Level Integer Severity level
Status Integer Status
RuleId Integer Detection Item ID
LastScanAt String Last detection Time
RuleRemark String Specific reason explanation
Uuid String Unique UUID
EventId Integer Unique event ID

BaselineRuleTopInfo

Information on TOP baseline detection item

Used by actions: DescribeBaselineTop.

Name Type Description
RuleName String Baseline detection item name
Level Integer Detection item hazard level
EventCount Integer Total number of events
RuleId Integer Detection item ID

BaselineWeakPassword

Baseline weak password

Used by actions: DescribeBaselineWeakPasswordList.

Name Type Required Description
PasswordId Integer Yes Password ID
WeakPassword String Yes Password
CreateTime String No Creation time
ModifyTime String No Modification time

BashEvent

High-risk command data

Used by actions: DescribeBashEvents.

Name Type Description
Id Integer Data ID
Uuid String CWPP ID
Quuid String Server ID
Hostip String Host private IP address
User String Username for execution
Platform Integer Platform type
BashCmd String Executed commands
RuleId Integer Rule ID
RuleName String Rule name
RuleLevel Integer Rule level: 1 - high-risk 2 - medium-risk; 3 - low-risk
Status Integer Processing status: 0 - pending; 1 - processed; 2 - allowlisted; 3 - ignored
CreateTime String Occurrence time
MachineName String Server name
DetectBy Integer 0: bash log; 1: real-time monitoring (Thunder Edition)
Pid String Process id
Exe String Process name
ModifyTime String Processing time
RuleCategory Integer Rule category. 0: system rule; 1: user rule
RegexBashCmd String Automatically generated regular expression
HostName String Host name.

BashEventNew

High-risk command data (new)

Used by actions: DescribeBashEventsNew.

Name Type Description
Id Integer Data ID
Uuid String CWPP ID
Quuid String Host ID
HostIp String Host private IP address
User String Username for execution
Platform Integer Platform type
BashCmd String Execute commands
RuleId Integer Rule ID
RuleName String Rule name
RuleLevel Integer Rule level: 1: high-risk 2: medium-risk; 3: low-risk
Status Integer Processing status: 0: pending; 1: processed; 2: allowlisted; 3: ignored
CreateTime String Occurrence time
MachineName String Host name
DetectBy Integer 0: bash log; 1: real-time monitoring (Thunder Edition)
Pid String Process id
Exe String Process name
ModifyTime String Processing time
RuleCategory Integer Rule category. 0: system rule; 1: user rule
RegexBashCmd String Escaped regular expression.
RegexExe String Escaped regular expression.
MachineType Integer 0: Normal; 1: Pro edition; 2: Flagship edition
MachineExtraInfo MachineExtraInfo Additional Information on Machine

BashEventsInfo

Details of high-risk command data

Used by actions: DescribeBashEventsInfo.

Name Type Description
Id Integer Data ID
Uuid String Host UUID
Quuid String Host ID
HostIp String Host private IP address
Platform Integer Platform type
BashCmd String Executed commands
RuleId Integer Rule ID equals 0 indicating that the rule has been deleted or the effective scope has been modified.
RuleName String Rule name
RuleLevel Integer Rule level: 1 - high-risk 2 - medium-risk; 3 - low-risk
Status Integer Processing status. 0: Pending; 1: Processed; 2: Whitelisted; 3: Ignored
CreateTime String Occurrence time
MachineName String Host name
Exe String Process name
ModifyTime String Processing time
RuleCategory Integer Rule category. 0: system rule; 1: user rule
RegexBashCmd String Automatically generated regular expression
PsTree String Process tree json pid: process ID; exe: file path; account: groups and users to which the process belongs; cmdline: execute commands; ssh_service: SSH service IP; ssh_source: log-in source
SuggestScheme String Recommended solution
HarmDescribe String Description
Tags Array of String Tag.
References Array of String Reference link
MachineWanIp String Host public IP address
MachineStatus String Host online status: OFFLINE; ONLINE
User String Log-in user
Pid String Process ID
DetectBy String Data source

BashEventsInfoNew

Details of high-risk command data (new)

Used by actions: DescribeBashEventsInfoNew.

Name Type Description
Id Integer Data ID
Uuid String CWPP ID
Quuid String Host ID
HostIp String Host private IP address
Platform Integer Platform type
BashCmd String Executed commands
RuleId Integer Rule ID equals 0 indicating that the rule has been deleted or the effective scope has been modified.
RuleName String Rule name
RuleLevel Integer Rule level: 1 - high-risk 2 - medium-risk; 3 - low-risk
Status Integer Processing status: 0: Pending; 1: Processed; 2: Whitelisted; 3: Ignored
CreateTime String Occurrence time
MachineName String Host name
Exe String Process name
ModifyTime String Processing time
RuleCategory Integer Rule category. 0: system rule; 1: user rule
RegexBashCmd String Automatically generated regular expression
PsTree String Process tree json pid: process ID; exe: file path; account: groups and users to which the process belongs; cmdline: execute commands; ssh_service: SSH service IP; ssh_source: log-in source
SuggestScheme String Recommended solution
HarmDescribe String Description
Tags Array of String Tag.
References Array of String Reference link
MachineWanIp String Host public IP address
MachineStatus String Host online status: OFFLINE; ONLINE
User String Log-in user
Pid String Process ID
MachineType Integer 0: Ordinary 1: Pro Edition 2: Flagship Edition
DetectBy Integer Source of Detection: 0: bash log; 1: real-time monitoring
BashCmdDecoded String Execute commands (decoded)

BashPolicy

High-risk command policy

Used by actions: DescribeBashPolicies, ModifyBashPolicy.

Name Type Required Description
Name String Yes Policy name
Enable Integer Yes 1: valid; 0: invalid
White Integer Yes 0: blocklist; 1: allowlist
BashAction Integer Yes 0: alarm; 1: allowlist; 2: intercept
Rule String Yes Regular expression, encrypted with Base64. This field is deprecated. If you enter this parameter, it will be automatically replaced with Rules.Process.CmdLine.
Level Integer Yes Risk level (0: none; 1: high-risk; 2: medium-risk; 3: low-risk)
Scope Integer Yes Effective scope (0: a group of QUUID; 1: all professional editions (including ultimate edition); 2: all ultimate editions; 3: all hosts)
Id Integer No Policy ID
Descript String No Policy description
EventId Integer No When it is added to the allowlist, the event ID needs to be passed in.
DealOldEvents Integer No Whether to add existing events to the allowlist. 0: no; 1: yes.
Quuids Array of String No QUUID set for effective hosts
Category Integer No Policy type: 0 - system; 1 - user
CreateTime String No Creation time
ModifyTime String No Modification time
Uuids Array of String No Compatibility with older versions may be needed.
Rules PolicyRules No Rule expression

BashRule

High-risk command rules

Used by actions: DescribeBashRules.

Name Type Description
Id Integer Rule ID
Uuid String Client ID
Name String Rule name
Level Integer Risk level (0: none, 1: high-risk, 2: medium-risk, 3: low-risk)
Rule String Regular expression
Operator String Operator
IsGlobal Integer Whether a global rule
Status Integer Status (0: valid; 1: invalid)
CreateTime String Creation time
ModifyTime String Modification time
Hostip String Host IP
Uuids Array of String Array of UUIDs for active servers
White Integer 0: blocklist 1: allowlist
DealOldEvents Integer Whether to process previous events: 0: do not process; 1: process
Description String Rule description

BroadcastInfo

Security report article details

Used by actions: DescribeSecurityBroadcastInfo.

Name Type Description
Title String article name
GotoType Integer Redirection location: 0: no redirection; 1: malicious file scan; 2: vulnerability scanning; 3: security baseline
Subtitle String Subtitle
CreateTime String Release time
Content String Rich text content information
Id Integer Article unique ID
Type Integer Type: 0: emergency notification; 1: feature update; 2: industry honor; 3: version release

Broadcasts

Security report list

Used by actions: DescribeSecurityBroadcasts.

Name Type Description
Title String article name
Type Integer Type: 0: emergency notification; 1: feature update; 2: industry honor; 3: version release
Subtitle String Subtitle
CreateTime String Release time
Id Integer Article unique ID
Level Integer Severity level. 0: none; 1: critical; 2: high-risk; 3: medium-risk; 4: low-risk

BruteAttackInfo

Password cracking list entity

Used by actions: DescribeBruteAttackList.

Name Type Description
Id Integer Unique ID
Uuid String CWP client UUID.
MachineIp String Host IP address
MachineName String host name
UserName String Username.
SrcIp String Source IP
Status String SUCCESS: cracking successful; FAILED: cracking failed
Country Integer Country/Region ID
City Integer City ID
Province Integer Province id
CreateTime String Creation time
BanStatus Integer 0 - No blocking (not supported by the client version)
1: blocked
2: Blocking failed (program exception)
3: No blocking (No blocking for the private network)
4: Availability zone does not support blocking
10: blocking
81: no blocking (blocking disabled)
82-No Blocking (Non-Pro Edition)
83: no blocking (added to the allowlist)
86: no blocking (system allowlist)
87: No blocking (client offline)
88-No blocking (Source Ip belongs to the same customer)
89: no blocking (blocking is not supported for ipv6)
EventType Integer Event type: 200 - brute force cracking event; 300 - successful brute force cracking event (the status is displayed on the page); 400 - brute force cracking event for non-existent accounts.
Count Integer Occurrence count
Quuid String CVM instance UUID.
IsProVersion Boolean Whether it is the Pro Edition (true/false)
Protocol String Username of the attacked service
Port Integer Port
ModifyTime String Last attack time
InstanceId String Instance ID
DataStatus Integer 0: pending; 1: ignored; 5: fixed; 6: added to allowlist
MachineExtraInfo MachineExtraInfo Additional information
Location String Chinese name of a geo location.
RiskLevel Integer Threat level. 0: low risk, 1: medium risk, 2: high risk.
DataFrom Integer Event source. 0: blocking rule, 1: threat intelligence.
AttackStatusDesc String Cracking status description.
BanExpiredTime String Block expiration time (only valid for blocked events).
IPAnalyse IPAnalyse IP analysis

BruteAttackRule

Standard blocking mode rule

Used by actions: ModifyBruteAttackRules.

Name Type Required Description
TimeRange Integer Yes Timeframe of the brute force event (unit: second)
LoginFailTimes Integer Yes Number of failed attempts during the brute force event

BruteAttackRuleList

List of rules for determining brute force cracking

Used by actions: DescribeBruteAttackRules.

Name Type Description
TimeRange Integer Timeframe of the brute force cracking event (unit: second)
LoginFailTimes Integer Number of failed attempts during the brute force cracking event
Enable Boolean Whether the rule is empty. If yes, fill in the default rule.
TimeRangeDefault Integer Occurrence time range of brute force cracking events, in seconds (default rule)
LoginFailTimesDefault Integer Number of failed brute force cracking events (default rule)

CKafkaInstanceInfo

CKafka instance information

Used by actions: DescribeLogDeliveryKafkaOptions.

Name Type Description
InstanceID String Instance ID
InstanceName String Instance name
KafkaVersion String Version No.
TopicList Array of CKafkaTopicInfo Topic list
RouteList Array of CKafkaRouteInfo Routing List
DiskSize Integer Disk capacity (unit: GB)
VpcId String vpcId. Leaving it blank indicates a basic network.
SubnetId String Subnet ID
Healthy Integer Status: 1 - healthy; 2 - alarm; 3 - abnormal instance status
Zone String Availability zone
Az String Region
Bandwidth Integer Instance bandwidth (unit: Mbps)

CKafkaRouteInfo

CKafka domain name information

Used by actions: DescribeLogDeliveryKafkaOptions.

Name Type Description
RouteID Integer Routing ID
Domain String Domain name
DomainPort Integer Domain Port
Vip String Virtual IP
VipType Integer Virtual IP address type. 1: public network TGW; 2: basic network; 3: VPC; 4: supporting network (standard edition); 5: SSL public network access; 6: VPC in the bare metal environment; 7: supporting network (Pro).
AccessType Integer Access type
0: PLAINTEXT (plaintext mode, no user information included, supported by older versions and community edition)
1: SASL_PLAINTEXT (plaintext mode, however, login authentication with SASL is performed at the start of data transmission, only supported by community version)
2: SSL (SSL encrypted communication, no user information included, supported by older versions and community edition)
3: SASL_SSL (SSL encrypted communication. Authenticate the login with SASL when data transmission starts. Only supported by community version)

CKafkaTopicInfo

CKafka topic name

Used by actions: DescribeLogDeliveryKafkaOptions.

Name Type Description
TopicID String Topic ID
TopicName String Topic name

CanFixVulInfo

Host information for batch vulnerability fixing

Used by actions: DescribeCanFixVulMachine.

Name Type Description
VulId Integer Vulnerability ID
VulName String Vulnerability name
HostList Array of VulInfoHostInfo Information on hosts where this vulnerability can be fixed
FixTag Array of String Fixing prompt tag
VulCategory Integer Vulnerability category. 1: web CMS vulnerability, 2: application vulnerability, 4: Linux software vulnerability, 5 Windows system vulnerability.

CanNotSeparateInfo

Information on machine with non-isolatable Trojan

Used by actions: DescribeCanNotSeparateMachine.

Name Type Description
Quuid String Host QUUID
Uuid String Host UUID
Alias String Server name
PrivateIp String Private IP address
PublicIp String Public IP
Reason Integer Reason for isolation failure: 1 - agent offline

ClientSettingHost

Client settings related features host struct

Used by actions: DescribeLoginTypeHost.

Name Type Description
Id Integer Record ID of the corresponding database host
Name String Host name.
InstanceId String Instance ID
PublicIp String Public IP address
PrivateIp String Private IP address
Quuid String Host QUUID
Status String Host status
  • OFFLINE: Offline
  • ONLINE: Online
  • SHUTDOWN: Shut down
  • UNINSTALLED: Unprotected
    		•
    VpcId String ins-sad143
    RegionInfo RegionInfo Region information
    MachineExtraInfo MachineExtraInfo Additional information
    FunctionStatus Integer
  • 0: disabled
  • 1: Enable
  • 2: Enabled
  • 3: Turning off
  • 9: not set
    		•
    Message String The following fixed values require special handling by the frontend, other failures can be shown directly.
    1. UNINSTALLED -- Not installed
    2. NEED_UPGRADE -- Upgrade required
    3. NOT_RUNNING -- Shutdown
    4. NO_PASSWORD -- Password login is not enabled and cannot be enabled.
    MessageDesc String Reason for failure
    InstanceStatus String Instance status
  • RUNNING: running
  • STOPPED: Shut down
  • EXPIRED: To be recycled
    		•

    CloudFromCnt

    Number of cloud server type instances

    Used by actions: DescribeMachineGeneral.

    Name Type Description
    CloudFrom Integer Cloud server type
    MachineCnt Integer Number of Machines

    CommandLine

    Command line content.

    Used by actions: CheckBashPolicyParams.

    Name Type Required Description
    Exe String No Path, which needs to be encrypted using Base64.
    Cmdline String No Command line, which needs to be encrypted using Base64.

    CreateVulFixTaskQuuids

    Create QUUIDs for fixing tasks

    Used by actions: CreateVulFix.

    Name Type Required Description
    Quuids Array of String Yes Hosts that need to fix vulnerabilities. All hosts need to have the vulnerability with the ID of VulId and be in a pending fix status.
    VulId Integer No Vulnerability ID
    FixMethod Integer No Repair method. 0: Update components or install patches. 1: Disable service.
    KbId Integer No kb id

    DefaultStrategyInfo

    Default policy basic information

    Used by actions: DescribeBaselineDefaultStrategyList.

    Name Type Description
    StrategyName String Policy name
    StrategyId Integer Policy ID

    DeliverTypeDetails

    Log shipping type details

    Used by actions: DescribeLogKafkaDeliverInfo, ModifyLogKafkaAccess.

    Name Type Required Description
    SecurityType Integer Yes Security module type. 1: intrusion detection; 2: vulnerability management; 3: baseline management; 4: advanced defense; 5: client security; 6: asset fingerprint; 7: host list; 8: client reporting.
    LogType Array of Integer Yes Type of logs of the security module
    TopicId String Yes Topic ID
    TopicName String Yes Topic name
    Switch Integer Yes Shipping enabling status. 0: disabled; 1: enabled.
    Status Integer No Shipping status. 0: disabled; 1: normal; 2: abnormal.
    ErrInfo String No Error message
    StatusTime Integer No Timestamp of last status reporting
    LogName String No Logset name
    LogSetId String No Logset ID
    Region String No Logset region

    DuplicateHosts

    Batch add to allowlists

    Used by actions: AddLoginWhiteLists, CreateBanWhiteList.

    Name Type Description
    Quuid String Quuid
    Uuid String Uuid
    Id Integer Id

    EmergencyVul

    Emergency vulnerability information

    Used by actions: DescribeEmergencyVulList.

    Name Type Description
    VulId Integer Vulnerability ID
    Level Integer Vulnerability level
    VulName String Vulnerability name
    PublishDate String Release date
    Category Integer Vulnerability category
    Status Integer Vulnerability status. 0: not detected; 1: at risk; 2: not at risk; 3: show progress during check
    LastScanTime String Last scan time
    Progress Integer Scan progress
    CveId String CVE ID
    CvssScore Float CVSS score
    Labels String Vulnerability Tags, Separated by Multiple Commas
    HostCount Integer Number of affected machines
    IsSupportDefense Integer Support defense: 0-no support 1-support
    DefenseAttackCount Integer Number of Attacks Defended
    Method Integer Detection rule. 0: version comparison, 1: POC verification.
    AttackLevel Integer Attack intensity level.
    DefenseState Boolean Whether vulnerable hosts are enabled with vulnerability defense.

    EventPatchInfo

    Patch details

    Used by actions: DescribeWindowsPatchList.

    Name Type Description
    Name String Patch name
    KbNo String Patch Number
    PublishTime String Disclosure time
    EffectHostCount Integer Number of affected hosts.
    RelateVulCount Integer Number of associated vulnerabilities
    RelateVulList Array of String Associated vulnerability ID array
    IsNew Integer Whether it is the latest disclosure [0: no
    LastScanTime String Last scan time
    Status Integer 0 pending, 1 ignored, 3 fixed
    KbPreCondition String Prerequisite for installing the kb is generally other KBs, and there may be multiple, with KBs separated by ", "
    RelatedProduct String Name of the windows product associated with the kb
    KbId Integer Patch ID
    Ids String Related kb event id collection

    EventStat

    Unprocessed security event statistics

    Used by actions: DescribeSecurityEventStat.

    Name Type Description
    EventsNum Integer Number of events
    MachineAffectNum Integer Number of affected hosts

    ExportInfo

    Task list of downloaded logs

    Used by actions: DescribeLogExports.

    Name Type Description
    ExportId String Task ID of exported logs
    Query String Query statements of log export
    FileName String Filenames of exported logs
    FileSize Integer Log file size
    Order String Sorting of log export time
    Format String Log export format
    Count Integer Number of logs to be exported
    Status String Log download status. Processing: export in progress; Completed: export completed; Failed: export failed; Expired: log export expired (valid for 3 days).
    StartTime Integer Start time of log export, with a millisecond-level UNIX timestamp
    EndTime Integer End time of log export, with a millisecond-level UNIX timestamp
    CosPath String Log export path
    CreateTime String Creation time of log export

    FieldValueRatioInfo

    Quick analysis of statistics data

    Used by actions: DescribeFastAnalysis.

    Name Type Description
    Count Integer Number
    Ratio Float Ratio
    Value String Value

    FileTamperEvent

    Core file monitoring event

    Used by actions: DescribeFileTamperEvents.

    Name Type Description
    HostName String Machine Name
    HostIp String Machine IP
    CreateTime String Occurrence time
    ModifyTime String Last occurrence time
    Id Integer Event ID
    Uuid String Host UUID
    Quuid String cvm id
    Type Integer Event Type/Action. 0 - Alarm
    ProcessExe String Process path
    ProcessArgv String Process parameter
    Target String Target file path
    Status Integer Processing Status. 0 - Pending; 1 - Allowlisted; 2 - Deleted; 3 - Ignored; 4 - Manually Processed
    EventCount Integer Event Occurrences
    RuleId Integer Rule ID
    RuleName String Rule name
    Pstree String Event Details: JSON Format
    RuleCategory Integer Rule Type. 0 - System Rule; 1 - Custom Rule
    MachineStatus String Host Online Information: ONLINE, OFFLINE
    Description String Severity description
    Suggestion String Remediation Suggestions
    PrivateIp String Private IP address
    ExePermission String Process permission
    UserName String Username
    UserGroup String User group
    ExeMd5 String Process name
    ExeSize Integer Process File Size
    ExeTime Integer Process Execution Duration
    TargetSize Integer Target file size
    TargetPermission String Target File Permissions
    TargetModifyTime String Target File Update Time
    TargetCreatTime String Target File Creation Time
    ExePid Integer Process PID
    TargetName String File name
    Reference String Reference link
    Level Integer Risk Level. 0: None; 1: High-Risk; 2: Medium-Risk; 3: Low-Risk
    ExeName String Process name
    MachineExtraInfo MachineExtraInfo Host Additional Information
    FileAction String File threat behavior
  • read: read file
  • write: modify file
    		•

    FileTamperRule

    Core file monitoring rules

    Used by actions: DescribeFileTamperEventRuleInfo, DescribeFileTamperRuleInfo, DescribeMachineFileTamperRules, ModifyFileTamperRule.

    Name Type Required Description
    ProcessPath String Yes Process path
    Target String Yes Accessed file path
    Action String Yes Recommended action: skip: skip; alarm: alert
    FileAction String No Monitoring behavior
  • read: read file
  • write: modify file
  • read-write: read and modify file
    		•
    Args String No Command line parameter not filled

    FileTamperRuleCount

    Information on Number of Host-associated Core File Rules

    Used by actions: DescribeFileTamperRuleCount.

    Name Type Description
    Uuid String Host UUID
    Count Integer Number of Association Rules
    Name String Name of the Association Rule (Show Only One of Them)

    FileTamperRuleDetail

    Core File Monitoring Rule Details

    Used by actions: DescribeFileTamperEventRuleInfo, DescribeFileTamperRuleInfo.

    Name Type Description
    Name String Rule name
    ModifyTime String Update time
    CreateTime String Creation time
    Status Integer Status. 0: Enabled; 1: Disabled
    Rule Array of FileTamperRule Rule
    Uuids Array of String Effective Host UUID. Empty means all hosts, and returned number of entries can be controlled through parameters.
    Id Integer Rule ID
    IsGlobal Integer Global Rule or Not (No by Default). 0: No; 1: Yes
    Level Integer Risk Level. 0: None; 1: High-Risk; 2: Medium-Risk; 3: Low-Risk
    UuidTotalCount Integer Total Number of Effective Hosts
    AddWhiteType String Allowlist processing type
  • cur: add only the current item to an allowlist
  • all: add all objects that meet the conditions to the allowlist
    		•

    FileTamperRuleInfo

    List of core file monitoring rules

    Used by actions: DescribeFileTamperRules.

    Name Type Description
    Name String Rule name
    RuleCategory Integer Rule Type. 0: System Rule; 1: User Rule
    HostCount Integer Number of affected hosts
    ModifyTime String Update time
    CreateTime String Creation time
    Status Integer Status. 0: Enabled; 1: Disabled
    Id Integer Rule ID, which is set to 0 for system rules
    IsGlobal Integer Whether global 0: no; 1: yes
    Level Integer Risk Level. 0: None; 1: High-Risk; 2: Medium-Risk; 3: Low-Risk
    WriteRuleCount Integer Number of write entries for a subrule.
    ReadRuleCount Integer Number of read entries for a subrule.
    ReadWriteRuleCount Integer Number of read and write entries for a subrule.
    FileAction String Monitoring behavior
  • read: read file
  • write: modify file
  • read-write: read and modify file
    		•
    AddWhiteType String Allowlisted processing type
  • cur: add only the current item to an allowlist
  • all: add all objects that meet the conditions to the allowlist
    		•

    Filter

    Description key-value pair filter, which is used for conditional filtering queries. For example, filter by ID, name, and status.

    If there are multiple Filters, the logical relationship between them is AND.
    If multiple values exist in one filter, the logical relationship between these values is OR.

    • A maximum of 5 filters are allowed.
    • If a single filter has multiple values, the number of values cannot exceed 5.

    Used by actions: DescribeAccountStatistics, DescribeAssetMachineList, DescribeAssetPortInfoList, DescribeAssetProcessInfoList, DescribeAssetSystemPackageList, DescribeAssetUserList, DescribeAssetWebAppList, DescribeAssetWebFrameList, DescribeAssetWebLocationList, DescribeAttackEvents, DescribeAttackTop, DescribeAttackTrends, DescribeAttackType, DescribeBanWhiteList, DescribeBaselineHostDetectList, DescribeBaselineItemDetectList, DescribeBaselineItemList, DescribeBaselinePolicyList, DescribeBaselineWeakPasswordList, DescribeBashEvents, DescribeBashEventsNew, DescribeBashPolicies, DescribeBashRules, DescribeBruteAttackList, DescribeExportMachines, DescribeHistoryAccounts, DescribeHostLoginList, DescribeIgnoreHostAndItemConfig, DescribeLicenseBindSchedule, DescribeLoginTypeHost, DescribeLoginWhiteCombinedList, DescribeLoginWhiteList, DescribeMachineDefenseCnt, DescribeMachineRiskCnt, DescribeMachines, DescribeMachinesSimple, DescribeMalWareList, DescribeMalwareWhiteList, DescribeMalwareWhiteListAffectList, DescribeMemShellRules, DescribeNetAttackWhiteList, DescribeOpenPortStatistics, DescribePatchEffectHostList, DescribePrivilegeRules, DescribeProcessStatistics, DescribeRaspEventCWP, DescribeRaspEventTCSS, DescribeRaspMemShellListTCSS, DescribeRaspRuleVuls, DescribeRaspRules, DescribeReverseShellEvents, DescribeReverseShellRules, DescribeReverseShellRulesAggregation, DescribeRiskDnsEventList, DescribeRiskDnsList, DescribeRiskDnsPolicyList, DescribeRiskProcessEvents, DescribeSecurityEventStat, DescribeVulDefenceEvent, DescribeVulDefenceList, DescribeVulDefencePluginDetail, DescribeVulDefencePluginStatus, DescribeVulDefenceSettingList, DescribeVulEffectHostList, DescribeVulEffectModules, DescribeVulStoreList, DescribeWebHookPolicy, DescribeWebHookReceiver, DescribeWebHookRules, DescribeYDRaspBlackWhite, ExportAssetMachineList, ExportAssetPortInfoList, ExportAssetProcessInfoList, ExportAssetSystemPackageList, ExportAssetUserList, ExportAssetWebAppList, ExportAssetWebFrameList, ExportAssetWebLocationList, ExportBaselineFixList, ExportBaselineHostDetectList, ExportBaselineItemDetectList, ExportJavaMemShellPlugins, ExportJavaMemShells, ExportNonlocalLoginPlaces, ExportPatchEffectHostList, ExportRiskDnsEventList, ExportRiskDnsPolicyList, ExportRiskProcessEvents, ExportVulDefenceEvent, ExportVulDefenceList, ExportVulDefencePluginEvent, ExportVulEffectHostList, ExportVulList, ExportWindowsPatchList, ModifyBaselinePolicy.

    Name Type Required Description
    Name String Yes

    Name of filter key.
    Values Array of String Yes

    One or more filter values.
    ExactMatch Boolean No

    Fuzzy search

    Filters

    Description of key-value pair filter, which is used for conditional filtering queries. For example, filter by ID, name, and status.

    If there are multiple Filters, the logical relationship between them is AND.
    If there are multiple Values in the same Filter, the logical relationship between the Values under the same Filter is OR.

    Used by actions: DescribeBaselineEffectHostList, DescribeBaselineList, DescribeCanNotSeparateMachine, DescribeEmergencyVulList, DescribeFileTamperEvents, DescribeFileTamperRules, DescribeIgnoreRuleEffectHostList, DescribeJavaMemShellList, DescribeJavaMemShellPluginInfo, DescribeJavaMemShellPluginList, DescribeLicenseBindList, DescribeLicenseList, DescribeMachineClearHistory, DescribeMaliciousRequestWhiteList, DescribeRansomDefenseBackupList, DescribeRansomDefenseEventsList, DescribeRansomDefenseMachineList, DescribeRansomDefenseRollBackTaskList, DescribeRansomDefenseStrategyList, DescribeRansomDefenseStrategyMachines, DescribeRaspLicenseList, DescribeRaspPluginList, DescribeScanState, DescribeScanTaskDetails, DescribeShellPolicyList, DescribeTags, DescribeVulList, DescribeWindowsPatchList, ExportAttackEvents, ExportBaselineEffectHostList, ExportBaselineList, ExportBashEvents, ExportBashEventsNew, ExportBashPolicies, ExportBruteAttacks, ExportFileTamperEvents, ExportFileTamperRules, ExportIgnoreRuleEffectHostList, ExportLicenseDetail, ExportMaliciousRequests, ExportMalwares, ExportPrivilegeEvents, ExportRansomDefenseBackupList, ExportRansomDefenseEventsList, ExportRansomDefenseMachineList, ExportRansomDefenseStrategyList, ExportRansomDefenseStrategyMachines, ExportReverseShellEvents, ExportScanTaskDetails, ExportVulDetectionReport, ModifyEventAttackStatus, ModifyRiskEventsStatus.

    Name Type Required Description
    Name String Yes Name of filter key
    Values Array of String Yes One or more filter values
    ExactMatch Boolean No Whether to use fuzzy match. It will be handled by the front-end and can be ignored.

    FullTextInfo

    Configuration for full-text index

    Used by actions: DescribeLogIndex.

    Name Type Description
    CaseSensitive Boolean Whether case-sensitive
    Tokenizer String Delimiter
    ContainZH Boolean Whether Chinese characters are contained.

    HistoryAccount

    Account change history data

    Used by actions: DescribeHistoryAccounts.

    Name Type Description
    Id Integer Unique ID
    Uuid String CWPP client UUID
    MachineIp String Private IP address of the host
    MachineName String Host name
    Username String Account name.
    ModifyType String Account change type
  • CREATE: account creation
  • MODIFY: account modification
  • DELETE: account deletion
    		•
    ModifyTime Timestamp Change time

    HostDesc

    Host information entity of the log-in audit allowlist

    Used by actions: DescribeLoginWhiteHostList.

    Name Type Description
    Quuid String Machine UUID
    Uuid String Host Security UUID
    MachineName String Machine name
    MachineIp String Machine IP address. This parameter is left blank for terminated servers.
    MachineWanIp String Public IP address. This parameter is left blank for terminated servers.
    Tags Array of MachineTag Tag information array

    HostInfo

    Add the host information entity of the log-in audit allowlist.

    Used by actions: AddLoginWhiteLists, ModifyLoginWhiteRecord.

    Name Type Required Description
    Quuid String Yes Host QUUID
    Uuid String Yes Host UUID.

    HostLoginList

    Log-in audit list entity

    Used by actions: DescribeHostLoginList.

    Name Type Description
    Id Integer Record ID
    Uuid String Host UUID
    MachineIp String Host IP address
    MachineName String Host name
    UserName String Username.
    SrcIp String Source IP
    Status Integer 1: normal log-in; 2: cross-region log-in; 5: allowlisted; 14: processed; 15: ignored
    Country Integer Country/Region ID
    City Integer City ID
    Province Integer Province id
    LoginTime String Log-in time
    ModifyTime String Modification time
    IsRiskArea Integer Whether hit the exception of cross-region log-in: 1 means hit the exception, 0 means not hit
    IsRiskUser Integer Whether hit the exception of abnormal user: 1: yes; 0: no
    IsRiskTime Integer Whether hit the exception of abnormal time: 1: yes; 0: no
    IsRiskSrcIp Integer Whether hit the exception of abnormal IP: 1: yes; 0: no
    RiskLevel Integer Risk level:
    0: high risk
    1: Suspicious
    Location String Location name
    Quuid String Host QUUID
    Desc String High-risk information description:
    ABROAD - IP outside Chinese mainland
    XTI - Threat Intelligence
    MachineExtraInfo MachineExtraInfo Additional information
    Port Integer Request destination port.
    IPAnalyse IPAnalyse ip analysis

    HostLoginWhiteObj

    Add log-in audit allowlist entity

    Used by actions: AddLoginWhiteLists.

    Name Type Required Description
    Places Array of Place Yes Allowlisted region
    SrcIp String Yes Allowlisted source IP address. IP ranges are supported. Multiple IPs are separated by commas.
    UserName String Yes Allowlisted username separated by commas
    IsGlobal Integer Yes Whether the allowlist is effective globally. 1: all hosts; 0: only a single host.
    HostInfos Array of HostInfo Yes List of information on machines where the allowlist is effective
    Remark String No Remarks
    StartTime String No Start time
    EndTime String No End time

    HostTagInfo

    Host and host tag information

    Used by actions: DescribeHostInfo.

    Name Type Description
    Quuid String Host QUUID
    TagList Array of String Host tag name array
    HostIp String Host intranet IP
    AliasName String host name
    MachineWanIp String Host public IP address.
    Uuid String Host UUID
    KernelVersion String Kernel version number
    MachineStatus String Host online status: ONLINE, OFFLINE
    ProtectType String Protection version: BASIC_VERSION - Basic Edition, PRO_VERSION - Professional Edition; Flagship: Ultimate Edition
    VulNum Integer Number of vulnerabilities
    CloudTags Array of Tags Cloud Tag Information
    InstanceID String Host Instance ID
    MachineType String Specific host types
    RegionName String Availability zone name
    RegionId Integer Availability zone ID.

    IPAnalyse

    ip analysis

    Used by actions: DescribeAttackEventInfo, DescribeAttackEvents, DescribeBruteAttackList, DescribeHostLoginList.

    Name Type Description
    Status Integer 0: safe
    1: Suspicious
    2 Malicious
    3 Unknown
    Tags Array of String Tag feature
    Family Array of String Family information
    Profile Array of String profile
    Isp String Internet service provider.

    IgnoreBaselineRule

    Information on the ignored baseline check item

    Used by actions: DescribeIgnoreBaselineRule.

    Name Type Description
    RuleName String Baseline check item name
    RuleId Integer Baseline detection item id
    ModifyTime String Update time
    Fix String Fixing suggestion
    EffectHostCount Integer Number of affected hosts

    IgnoreRuleEffectHostInfo

    Information of hosts affected by ignoring detection items

    Used by actions: DescribeIgnoreRuleEffectHostList.

    Name Type Description
    HostName String Host name
    Level Integer Severity level: 1-Low-risk; 2-Medium-risk; 3-High-risk; 4-Critical
    TagList Array of String Host tag array
    Status Integer Status: 0: failed; 1: ignore; 3: approved; 5: detecting
    LastScanTime String Last detection time
    EventId Integer Event ID
    Quuid String Host QUUID

    IncidentVertexInfo

    Event point information

    Used by actions: DescribeAlarmIncidentNodes.

    Name Type Description
    IncidentId String Event ID
    TableName String The name of the table where the event occurred
    Vertex Array of VertexInfo Node information list, in an array including detailed node information.
    VertexCount Integer Total number of nodes.

    JavaMemShellDetail

    Java webshell event details

    Used by actions: DescribeJavaMemShellInfo.

    Name Type Description
    InstanceName String Container name
    InstanceState String Instance Status: RUNNING, STOPPED, SHUTDOWN...
    PrivateIp String Private IP address
    PublicIp String Public IP
    Type Integer Memory Trojan Type. 0: Filter Type; 1: Listener Type; 2: Servlet Type; 3: Interceptors Type; 4: Agent Type; 5: Other
    Description String Description
    CreateTime String First detection time
    RecentFoundTime String Last detection time
    Status Integer Processing Status. 0 - Pending; 1 - Allowlisted; 2 - Deleted; 3 - Ignored; 4 - Manually Processed
    ClassLoaderName String Java Loader Class Name
    SuperClassName String Parent class name
    Md5 String Class file MD5
    Interfaces String Inherited API
    Annotations String Annotation
    Pid Integer Process ID
    Exe String Java Process Path
    Args String Java process command line parameters
    ClassName String Class name
    ClassContent String Java Memory Horse Binary Code (base64)
    ClassContentPretty String Java Memory Trojan Decompilation Code
    EventDescription String Event description
    SecurityAdvice String Security advice
    MachineExtraInfo MachineExtraInfo Host Additional Information
    MachineState String Agent status: OFFLINE; ONLINE.

    JavaMemShellInfo

    Java webshell event information

    Used by actions: DescribeJavaMemShellList.

    Name Type Description
    Id Integer Event ID
    Alias String Server name
    HostIp String Server IP address
    Type Integer Memory Trojan Type. 0: Filter Type; 1: Listener Type; 2: Servlet Type; 3: Interceptors Type; 4: Agent Type; 5: Other
    Description String Description
    CreateTime String First detection time
    RecentFoundTime String Last detection time
    Status Integer Processing Status. 0 - Pending; 1 - Allowlisted; 2 - Deleted; 3 - Ignored; 4 - Manually Processed
    Quuid String Server QUUID
    MachineExtraInfo MachineExtraInfo Host Additional Information
    Uuid String Server UUID
    ClassName String Class name
    SuperClassName String Parent class name
    Interfaces String Inherited API
    Annotations String Annotation
    LoaderClassName String Associated class loader.

    JavaMemShellPluginInfo

    Java Memory Trojan Plugin Information

    Used by actions: DescribeJavaMemShellPluginInfo.

    Name Type Description
    Pid Integer Injection Process PID
    MainClass String Injection Process Main Class
    Status Integer Injection Status. 0: Injecting; 1: Injection Succeeded; 2: Plugin Timeout; 3: Plugin Exits; 4: Injection Failed; 5: Soft-delete
    ErrorLog String Error logs

    JavaMemShellPluginSetting

    Java Memory Trojan Plugin Configuration

    Used by actions: DescribeJavaMemShellPluginList.

    Name Type Description
    Quuid String Container QUUID
    Alias String Server name
    HostIp String Server IP address
    JavaShellStatus Integer Javashell Plugin Switch. 0: Off; 1: On
    Exception Integer Plugin Exception Status. 0: Normal; 1: Abnormal
    CreateTime String Creation time
    ModifyTime String Modification time
    Uuid String Server UUID
    MachineExtraInfo MachineExtraInfo Host Additional Information

    KeyValueArrayInfo

    Index key-value information

    Used by actions: DescribeLogIndex.

    Name Type Description
    Key String Field requiring Key-Value or Meta Field Index configuration
    Value ValueInfo Field index description

    KeyValueInfo

    Key-value index configuration

    Used by actions: DescribeLogIndex.

    Name Type Description
    CaseSensitive Boolean Whether case-sensitive
    KeyValues Array of KeyValueArrayInfo Information about the key-value pair that requires index creation.

    LicenseBindDetail

    Authorize binding details

    Used by actions: DescribeLicenseBindList.

    Name Type Description
    MachineName String Machine Alias
    MachineWanIp String Machine Public IP address
    MachineIp String Machine Private IP address
    Quuid String CVM UUID
    Uuid String CWPP client UUID
    Tags Array of String Tag information
    AgentStatus String CWPP client status: OFFLINE, ONLINE, and UNINSTALL.
    IsUnBind Boolean Whether unbinding is allowed: false - unbinding is not allowed.
    IsSwitchBind Boolean Whether rebinding is allowed: false - rebinding is not allowed.
    MachineExtraInfo MachineExtraInfo Host Additional Information
    InstanceState String
  • RUNNING: running
  • STOPPED: Shut down
  • EXPIRED To be recycled
    		•
    AgentState String
  • ONLINE Offline
  • OFFLINE: Under protection
  • UNINSTALLED Client not installed
    		•

    LicenseBindTaskDetail

    Authorization binding task details

    Used by actions: DescribeLicenseBindSchedule.

    Name Type Description
    Quuid String CVM UUID
    ErrMsg String Error message
    Status Integer 0-in progress; 1-succeeded; 2-failed
    FixMessage String Fix suggestion
    MachineExtraInfo MachineExtraInfo Additional Information on Machine

    LicenseDetail

    Authorization order list object

    Used by actions: DescribeLicenseList.

    Name Type Description
    LicenseId Integer Authorization ID
    LicenseType Integer Authorization type. 0: Pro Edition - pay-as-you-go; 1: Pro Edition - yearly/monthly subscription; 2: Ultimate Edition - yearly/monthly subscription.
    LicenseStatus Integer Authorization status. 0: not in use; 1: partially in use; 2: used up; 3: unavailable.
    LicenseCnt Integer Total number of authorizations
    UsedLicenseCnt Integer Number of used authorizations
    OrderStatus Integer Order status. 1: normal; 2: isolated; 3: terminated.
    Deadline String Deadline
    ResourceId String Order resource ID
    AutoRenewFlag Integer 0: initialization; 1: automatic renewal; 2: no automatic renewal.
    ProjectId Integer Project ID
    TaskId Integer Task ID. Default value: 0. It is used to query the binding progress.
    BuyTime String Time of purchase
    SourceType Integer Whether the order is a trial order
    Alias String Resource alias
    Tags Array of Tags Platform tag
    FreezeNum Integer Number of frozen licenses. 0: unfrozen, values other than 0: number of frozen licenses.

    LicenseOrder

    Authorization Order Object Content

    Used by actions: DescribeMachinesSimple.

    Name Type Description
    LicenseId Integer Authorization ID
    LicenseType Integer Authorization type
    Status Integer Authorization Order Resource Status
    SourceType Integer Order type
    ResourceId String Resource ID

    LogHistogram

    Result details of statistics within the histogram period

    Used by actions: DescribeLogHistogram.

    Name Type Description
    Count Integer Number of logs within the statistical period
    TimeStamp Integer Unix timestamp rounded by period, in ms

    LogInfo

    Log details

    Used by actions: SearchLog.

    Name Type Description
    Content String JSON serialized string of the log content
    FileName String Log file name
    Source String Log source IP address
    TimeStamp Integer Log time, in milliseconds

    LogStorageRecord

    Record of stored log size

    Used by actions: DescribeLogStorageRecord.

    Name Type Description
    Month String Year and month.
    UsedSize Integer Storage amount, in bytes.
    InquireSize Integer Total volume, in bytes.

    LoginWhiteCombinedInfo

    Merge cross-region log-in allowlists

    Used by actions: DescribeLoginWhiteCombinedList.

    Name Type Description
    Places Array of Place Allowlisted regions
    UserName String Allowlisted users (Multiple users are separated by commas.)
    SrcIp String Allowlisted IPs (Multiple IPs are separated by commas.)
    Locale String Region string
    Remark String Remarks
    StartTime String Start time
    EndTime String End time
    IsGlobal Integer Whether the settings take effect globally. 1: take effect globally; 0: take effect on the specified host list.
    Name String Allowlist name. If IsLocal is set to 1, the name is fixed as All servers. If the allowlist applies to only a single server, the name is the server's private IP Address. If the allowlist applies to multiple servers, the name is the number of servers, such as 11.
    Desc String Return the server name when the allowlist applies to only one server.
    Id Integer Allowlist ID
    CreateTime String Creation time
    ModifyTime String Last modification time
    Uuid String Server UUID
    Locations String Login location

    LoginWhiteLists

    Cross-region log-in allowlist

    Used by actions: DescribeLoginWhiteList.

    Name Type Description
    Id Integer Record ID
    Uuid String Host Security UUID
    Places Array of Place Allowlisted regions
    UserName String Allowlisted users (Multiple users are separated by commas.)
    SrcIp String Allowlisted IPs (Multiple IPs are separated by commas.)
    IsGlobal Boolean Whether a global rule
    CreateTime Timestamp Time of creating the allowlist
    ModifyTime Timestamp Time of modifying the allowlist
    MachineName String Machine name
    HostIp String Machine IP
    StartTime String Start time
    EndTime String End time

    Machine

    Host list

    Used by actions: DescribeMachines.

    Name Type Description
    MachineName String

    Host name.
    MachineOs String

    Host operating system.
    MachineStatus String

    Host status.

  • OFFLINE: Offline
  • ONLINE: Online
  • SHUTDOWN: Shut down
  • UNINSTALLED: Unprotected

    		•
    AgentStatus String

    ONLINE: Protected; OFFLINE: Offline; UNINSTALLED: Not installed
    InstanceStatus String

    RUNNING: Running; STOPED: Shut down; EXPIRED: Pending reclamation
    Uuid String

    CWP Uuid. Returns an empty string if the client is offline long-term.
    Quuid String

    Unique Uuid of a CVM or BM machine.
    VulNum Integer

    Number of vulnerabilities.
    MachineIp String

    Host IP.
    IsProVersion Boolean

    Whether the host is Pro Edition.

  • true: Yes
  • false: No
    		•
    MachineWanIp String

    Host public IP.
    PayMode String

    Host status.

  • POSTPAY: Postpaid (pay-as-you-go)
  • PREPAY: Prepaid (monthly or yearly subscription)
    		•
    MalwareNum Integer

    Number of trojans.
    Tag Array of MachineTag

    Tag information
    BaselineNum Integer

    Number of baseline risks.
    CyberAttackNum Integer

    Number of network risks.
    SecurityStatus String

    Risk status.

  • SAFE: Safe
  • RISK: Risk
  • UNKNOWN: Unknown
    		•
    InvasionNum Integer

    Number of intrusion events
    RegionInfo RegionInfo

    Region information
    InstanceState String

    Instance status. TERMINATED_PRO_VERSION: terminated.
    LicenseStatus Integer

    Tamper-proof; authorization status: 1 - authorized; 0 - unauthorized
    ProjectId Integer

    Project ID
    HasAssetScan Integer

    Whether the asset scanning API is available. 0: No; 1: Yes
    MachineType String

    Machine zone type. CVM: Cloud Virtual Machine; BM: Blackstone; ECM: Edge Computing Machine; LH: Lighthouse; Other: Hybrid cloud zone
    KernelVersion String

    Kernel version
    ProtectType String

    Protection edition: BASIC_VERSION: Basic Edition; PRO_VERSION: Pro Edition; Flagship: Ultimate Edition; GENERAL_DISCOUNT: Lighthouse Edition
    CloudTags Array of Tags

    Cloud tag information
    IsAddedOnTheFifteen Integer

    Whether the host was added within the last 15 days. 0: No; 1: Yes
    IpList String

    Host IP list
    VpcId String

    Network
    MachineExtraInfo MachineExtraInfo

    Additional information
    InstanceId String

    Instance ID.
    Remark String

    Remarks
    AgentVersion String

    CWP agent version
    AppId Integer

    APPID of the machine
    CSIPProtectType String

    CSC paid edition

    MachineClearHistory

    Machine Cleanup Record Object

    Used by actions: DescribeMachineClearHistory.

    Name Type Description
    Id Integer ID Value
    InstanceId String Instance ID
    InstanceName String Instance name
    PublicIp String Public IP address
    PrivateIp String Private IP address
    AgentLastOfflineTime String Client Last Offline Time
    CreateTime String Creation time

    MachineExtraInfo

    Server Basic Information

    Used by actions: DescribeAssetAppList, DescribeAssetCoreModuleList, DescribeAssetDatabaseList, DescribeAssetEnvList, DescribeAssetInitServiceList, DescribeAssetJarList, DescribeAssetMachineDetail, DescribeAssetMachineList, DescribeAssetPlanTaskList, DescribeAssetPortInfoList, DescribeAssetProcessInfoList, DescribeAssetSystemPackageList, DescribeAssetUserList, DescribeAssetWebAppList, DescribeAssetWebFrameList, DescribeAssetWebLocationList, DescribeAssetWebServiceInfoList, DescribeAttackEventInfo, DescribeAttackEvents, DescribeBaselineHostDetectList, DescribeBaselineItemList, DescribeBashEventsNew, DescribeBruteAttackList, DescribeDefenceEventDetail, DescribeFileTamperEvents, DescribeHostLoginList, DescribeIgnoreHostAndItemConfig, DescribeJavaMemShellInfo, DescribeJavaMemShellList, DescribeJavaMemShellPluginList, DescribeLicenseBindList, DescribeLicenseBindSchedule, DescribeLoginTypeHost, DescribeMachines, DescribeMalWareList, DescribeMalwareInfo, DescribePatchEffectHostList, DescribeReverseShellEvents, DescribeRiskDnsEventInfo, DescribeRiskDnsEventList, DescribeRiskProcessEvents, DescribeScanTaskDetails, DescribeScreenMachines, DescribeVulDefenceEvent, DescribeVulEffectHostList.

    Name Type Description
    WanIP String Public IP address
    PrivateIP String Private IP address
    NetworkType Integer Network Type. 1: VPC network; 2: Basic Network; 3: Non-Tencent Cloud Network
    NetworkName String Network Name, returns vpc_id in the case of a VPC network
    InstanceID String Instance ID
    HostName String host name

    MachineFileTamperRule

    Query Details of Host-related Core File Monitoring Rules

    Used by actions: DescribeMachineFileTamperRules.

    Name Type Description
    Name String Rule name
    RuleCategory Integer Rule Type. 0: System Rule; 1: User Rule
    Rule Array of FileTamperRule Rule
    Id Integer Unique ID

    MachineLicenseDetail

    Information on the authorization bound to the machine

    Used by actions: DescribeMachineLicenseDetail.

    Name Type Description
    Quuid String Host QUUID
    PayMode Integer Billing mode. 0: pay-as-you-go; 1: prepaid.
    ResourceId String Resource ID
    LicenseType Integer Authorization type
    SourceType Integer Order type. 0: default billing order; 1: trial order; 2: gift; 3: experience.
    InquireKey String This field has been deprecated.
    AutoRenewFlag Integer Auto-renewal flag. 0: default (no automatic payment); 1: automatic payment; 2: set manually (non-renewal).
    Deadline String Expiry time. This value is empty for pay-as-you-go.
    BuyTime String Time of purchase
    LicenseCnt Integer Number of authorizations

    MachineSimple

    Host List Shuttle Box

    Used by actions: DescribeMachinesSimple.

    Name Type Description
    MachineName String Host name.
    MachineOs String Host System.
    Uuid String CWP UUID. If the CWP client is offline for a long time, an empty character is returned.
    Quuid String CVM or BM Machine Unique UUID.
    MachineIp String Host IP.
    IsProVersion Boolean Whether the edition is Pro Edition
  • true: yes
  • false: no
    		•
    MachineWanIp String Public IP address of the host
    PayMode String Host status
  • POSTPAY: postpaid, indicating pay-as-you-go mode
  • PREPAY: prepaid, indicating monthly subscription mode
    		•
    Tag Array of MachineTag Tag information
    RegionInfo RegionInfo Region information
    InstanceState String Refer to the instance status in the CVM instance list for the InstanceState value.
    https://www.tencentcloud.com/document/api/213/15753?from_cn_redirect=1#Instance
    ProjectId Integer Project ID
    MachineType String Machine Zone Type. CVM - Cloud Virtual Machine; BM: Bare Metal; ECM: Edge Computing Machine; LH: Lightweight Application Server; Other: Hybrid Cloud Zone
    KernelVersion String Kernel version
    ProtectType String Protection version: BASIC_VERSION - Basic Edition; PRO_VERSION - Professional Edition; Flagship - Ultimate Edition; GENERAL_DISCOUNT - Lightweight Edition
    LicenseOrder LicenseOrder Authorization order object
    CloudTags Array of Tags Cloud Tag Information
    InstanceId String Instance ID

    MachineSnapshotInfo

    Machine snapshot information

    Used by actions: DescribeMachineSnapshot.

    Name Type Description
    Quuid String cvm id
    HostName String Host name
    HostIp String Host IP address
    SnapshotName String Snapshot name
    CreateTime String Snapshot creation time
    DiskId String Disk ID
    InstanceId String Instance ID
    RegionId Integer Region ID
    SnapshotId String Snapshot ID

    MachineTag

    Server tag information

    Used by actions: DescribeAssetAppList, DescribeAssetDatabaseList, DescribeAssetMachineList, DescribeAssetPortInfoList, DescribeAssetProcessInfoList, DescribeAssetWebAppList, DescribeAssetWebFrameList, DescribeAssetWebLocationList, DescribeAssetWebServiceInfoList, DescribeLoginWhiteHostList, DescribeMachines, DescribeMachinesSimple, DescribeRansomDefenseMachineList, DescribeRansomDefenseStrategyMachines.

    Name Type Description
    Rid Integer Associated tag ID
    Name String Tag name
    TagId Integer Tag ID

    MalWareList

    Trojan list

    Used by actions: DescribeMalWareList.

    Name Type Description
    HostIp String Server IP address
    Uuid String UUID
    FilePath String Path
    VirusName String Virus name
    Status Integer Status. 4 - pending processing; 5 - trusted; 6 - isolated; 8 - files deleted; 14 - processed; 13 - allowlisted.
    Id Integer Unique ID
    Alias String Host alias
    Tags Array of String Feature tag. This field has been deprecated, and no tag will be returned. Tags are returned in the details.
    FileCreateTime String First running time
    FileModifierTime String Last running time
    CreateTime String Creation time
    LatestScanTime String Last scan time
    Level Integer Risk level. 0: unknown; 1: low; 2: medium; 3: high; 4: critical.
    CheckPlatform String Trojan detection platforms, separated with commas. 1: cloud security engine; 2: TAV; 3: BinaryAI; 4: abnormal behavior; 5: threat intelligence.
    ProcessExists Integer Whether the Trojan process exists. 0: no; 1: yes.
    FileExists Integer Whether the Trojan file exists. 0: no; 1: yes.
    Quuid String cvm quuid
    MD5 String Trojan sample MD5
    MachineExtraInfo MachineExtraInfo Additional information
    DoClean Boolean Is it possible to clean up
    FirstDetectionMethod Integer Detection method 0 Scan; 1 Monitor in real time.

    MaliciousRequestWhiteListInfo

    Malicious request allowlist information

    Used by actions: DescribeMaliciousRequestWhiteList.

    Name Type Description
    Id Integer Allowlist ID
    Domain String Domain name
    Mark String Remarks
    CreateTime String Creation time
    ModifyTime String Update time

    MalwareInfo

    Malicious file details

    Used by actions: DescribeMalwareInfo.

    Name Type Description
    VirusName String Virus name
    FileSize Integer File size
    MD5 String File MD5
    FilePath String File address
    FileCreateTime String First running time
    FileModifierTime String Last running time
    HarmDescribe String Severity description
    SuggestScheme String Recommended solution
    ServersName String Server name
    HostIp String Server IP
    ProcessName String Process name
    ProcessID String Process ID
    Tags Array of String Tag Features
    Breadth String Impact breadth // Not provided currently
    Heat String Query popularity // Not provided currently
    Id Integer Unique ID
    FileName String File name
    CreateTime String First detection time
    LatestScanTime String Last scan time
    Reference String Reference link
    MachineWanIp String Public IP address
    PsTree String Process tree json pid: process ID; exe: file path; account: groups and users to which the process belongs; cmdline: execute commands; ssh_service: SSH service IP; ssh_source: log-in source
    MachineStatus String Host online status: OFFLINE; ONLINE
    Status Integer Status. 4: pending; 5: trusted; 6: isolated.
    Level Integer Risk level. 0: notification, 1: low, 2: medium, 3: high, 4: critical.
    CheckPlatform String Trojan detection platform uses comma to separate 1Cloud Killing Engine, 2TAV, 3binaryAi, 4abnormal behavior, 5TI.
    Uuid String Host UUID
    ModifyTime String Last modification time
    StrFileAccessTime String Last access Time
    MachineExtraInfo MachineExtraInfo Additional information
    References Array of String Reference link
    FileExists Boolean Whether any Trojan file exists.
    ProcessExists Boolean Whether any Trojan process exists.
    FirstDetectionMethod Integer Method by which the file was detected for the first time. 0: scanning; 1: real-time monitoring.

    MalwareRisk

    List of information on malicious file risks

    Used by actions: DescribeMalwareRiskWarning.

    Name Type Description
    MachineIp String Machine IP
    VirusName String Virus name
    CreateTime String Detection time
    Id Integer Unique ID

    MalwareRiskOverview

    File Scan Overview Information

    Used by actions: DescribeMalwareRiskOverview.

    Name Type Description
    HostCount Integer Number of affected hosts
    ProcessCount Integer Exceptional Process Count
    FileCount Integer Number of Malicious Files
    IsFirstScan Boolean Is it the first Scan [false: No
    ScanTime String Last scan time

    MalwareWhiteListAffectEvent

    Number of events hitting allowlists

    Used by actions: DescribeMalwareWhiteListAffectList.

    Name Type Description
    Id Integer Unique ID
    HostIp String Host IP
    Md5 String Affected md5
    FilePath String File path
    CreateTime String Add time

    MalwareWhiteListInfo

    Trojan allowlist information

    Used by actions: DescribeMalwareWhiteList.

    Name Type Description
    Id Integer Unique ID
    QuuidList String CVM QUUID (Separate multiple items with commas.)
    Md5List String md5 list (Separate multiple items with commas.)
    IsGlobal Integer Whether applies all hosts: 0 - no; 1 - yes
    Mode Integer Allowlist mode: 0 - MD5; 1 - customization
    MatchType Integer Match mode: 0 - precise match; 1 - fuzzy match
    FileName String File name (Separate multiple items with commas.)
    FileDirectory String File directory (Separate multiple items with commas.)
    FileExtension String File suffix (Separate multiple items with commas.)
    CreateTime String Rule creation time
    EventsCount Integer Affected records
    ModifyTime String Rule modification time.

    MemShellRule

    Java Webshell allowlist rule.

    Used by actions: DescribeMemShellRules.

    Name Type Description
    Id Integer Rule ID
    UuidHostips Array of UuidHostip Client ID
    LogicalSymbol Integer Logical operator. 0: 5 valid regular expression logical ANDs; 1: logical OR.
    ClassNameRegexp String Class name regular expression, which is not matched if empty.
    SuperClassNameRegexp String Parent class name regular expression, which is not matched if empty.
    InterfacesRegexp String Inherited interface regular expression, which is not matched if empty.
    AnnotationsRegexp String Annotation regular expression, which is not matched if empty.
    LoaderClassNameRegexp String Associated class loader regular expression, which is not matched if empty.
    Operator String Operator
    IsGlobal Integer Whether it is a global rule. (Whether it is effective for all hosts under appid. 0: single UUID; 1: global. The default value is no.)
    Status Integer Status (0: valid, 1: deleted, 2: invalid (enabling switch off)).
    CreateTime String Creation time
    ModifyTime String Modification time
    HandleHistory Integer Whether to process historical events. 0: no, 1: yes.
    GroupID String Batch ID.
    MachinesNums String Number of servers covered by a rule. When IsGlobal is set to 1, all servers are displayed.
    GroupName String Policy name
    CodeSourceRegexp String Source code regular expression, which is not matched if empty.
    CallStackRegexp String Call stack regular expression, which is not matched if empty.
    FileExist Integer Whether a file exists. 0: Default value when a user does not select a rule. 1: File exists. 2: File does not exist.

    NetAttackEvent

    Network attack event

    Used by actions: DescribeAttackEvents.

    Name Type Description
    Id Integer Log ID
    Uuid String Client ID
    DstPort Integer Target port
    SrcIP String Source IP
    Location String Source location
    VulId Integer Vulnerability ID
    VulName String Vulnerability name
    MergeTime String Attack time
    MachineExtraInfo MachineExtraInfo Host Additional Information
    Type Integer Attack Status: 0: Attack Attempt 1: Confirmed Attack (Successful Attack).
    Status Integer Processing Status: 0 Pending, 1 Processed, 2 Allowlisted, 3 Ignored, 4 Deleted, 5: Defense Enabled.
    VulSupportDefense Integer Whether vulnerabilities support defense. 0: No 1: Yes
    VulDefenceStatus Integer Whether to enable vulnerability defense: 0 - No, 1 - Yes
    PayVersion Integer Machine payment version, 0 Basic version, 1 Pro edition, 2 Flagship edition, 3 Lightweight edition
    Quuid String cvm uuid
    Count Integer Attacks
    New Boolean Whether to add new hosts today
    RaspOpen Integer Whether application protection is enabled. 0: disabled, 1: enabled
    IPAnalyse IPAnalyse ip analysis

    NetAttackEventInfo

    Details of Network Attack Events

    Used by actions: DescribeAttackEventInfo.

    Name Type Description
    Status Integer Processing Status: 0 Pending, 1 Processed, 2 Allowlisted, 3 Ignored, 4 Deleted, 5: Defense Enabled.
    SrcIP String Attack source IP address
    Location String Attack Source
    VulName String Vulnerability name
    VulId Integer Vulnerability ID
    CVEId String Vulnerability CVE ID
    AttackLevel Integer Vulnerability attack level
    VulDefenceStatus Integer Vulnerability Defense Status: 0 Disabled, 1 Enabled.
    VulSupportDefense Integer Whether vulnerabilities support defense. 0: No 1: Yes
    SvcPs String Service Process Base64
    NetPayload String Attack packet
    AbnormalAction String Abnormal behavior
    Uuid String Host UUID
    Id Integer Event ID
    MachineExtraInfo MachineExtraInfo Host Additional Information
    DstPort Integer Target port
    Count Integer Attack count
    PayVersion Integer Machine payment version, 0 Basic version, 1 Pro edition, 2 Flagship edition, 3 Lightweight edition
    Quuid String cvm uuid
    MergeTime String Time of Attack
    Type Integer 0: Attack Attempt 1: Successful Attack
    HostOpType Integer 0: No Compromised Behavior 1: RCE (command execution) 2: Dnslog 3: Writefile
    HostOpProcessTree String Process Tree, needs to be decoded with base64.
    IPAnalyse IPAnalyse IP analysis
    NetResponsePayload String Response packet base64 encoded

    NetAttackTopInfo

    Statistics on top network attacks

    Used by actions: DescribeAttackTop.

    Name Type Description
    Agent Array of TopInfo Top Statistical Data on Network Attack Host Dimension
    SrcIp Array of TopInfo Top Statistical Data on Network Attack IP Source Dimension
    DstPort Array of TopInfo Top Statistical Data on Network Attack Target Port Dimension
    Vul Array of TopInfo Top Statistical Data on Network Attack Vulnerability Dimension

    NetAttackTrend

    Attack trend statistics

    Used by actions: DescribeAttackTrends.

    Name Type Description
    DateTime String Time Point, e.g., 2023-05-06
    AttackCount Integer Attack count
    TryAttackCount Integer Attack Attempts
    SuccAttackCount Integer Attack Success Count

    NetAttackWhiteRule

    Network attack allowlist rules

    Used by actions: DescribeNetAttackWhiteList.

    Name Type Description
    Id Integer Rule ID
    Description String Rule description
    Scope Integer 0: A group of Quuid 1: All hosts
    DealOldEvents Integer Whether to process previous events: 0: do not process; 1: process
    Quuids String Host QUUIDs, separated by semicolons (;).
    SrcIP String Source IP. Single IP: 1.1.1.1, IP Range: 1.1.1.1-1.1.2.1, IP Range: 1.1.1.0/24, separated by semicolons (;)
    CreateTime String Creation time
    ModifyTime String Modification time

    OpenPortStatistics

    Port statistics list

    Used by actions: DescribeOpenPortStatistics.

    Name Type Description
    Port Integer Port number
    MachineNum Integer Number of Hosts

    OrderDetail

    order detail

    Used by actions: DescribeRaspLicenseList.

    Name Type Description
    ResourceID String Resource ID
    InquireKey String Billing item
    Status Integer Order status
    -Normal
    -Isolation period
    -3 Terminated

    OrderModifyObject

    Order Modification Parameter Object

    Used by actions: CreateLicenseOrder.

    Name Type Required Description
    ResourceId String No Resource ID
    NewSubProductCode String No New Product Identification. PRO_VERSION: Professional Edition; FLAGSHIP: Premium Edition
    InquireNum Integer No Scale-up/Scale-down Count, which is ignored for reconfiguration sub-product

    OrderResource

    Order resources

    Used by actions: CreateWhiteListOrder.

    Name Type Description
    Id Integer Resource primary key ID
    ResourceId String Resource ID
    BeginTime String Start time
    EndTime String Expiration time
    LicenseType Integer Authorization type

    OsName

    Operating System Name

    Used by actions: DescribeMachineOsList.

    Name Type Description
    Name String System name
    MachineOSType Integer Operating system type enumeration value

    PatchEffectHostList

    Affected host list by patch

    Used by actions: DescribePatchEffectHostList.

    Name Type Description
    HostVersion Integer Version information: 0-Basic Version 1-Pro Edition 2-Flagship Edition 3-Lite Edition
    InstanceState String Instance status: "PENDING"-creating "LAUNCH_FAILED"-creation failed "RUNNING"-running "STOPPED"-shutdown "STARTING"-starting "STOPPING"-indicates shutdown in progress "REBOOTING"-restarting "SHUTDOWN"-indicate shutdown and pending termination "TERMINATING"-indicates terminating in progress
    FirstScanTime String First scan time
    LatestScanTime String Last scan time
    FixStatus Integer Remediation status: 0-not remediated; 1-in remediation; 2-FIX_FAILURE; 3-repair successful; 4-timeout
    MachineExtraInfo MachineExtraInfo Host basic information
    Uuid String Host Security Uuid
    Quuid String Unique Uuid of a CVM or BM machine
    Id Integer Event ID
    Status Integer Status: 0: pending 1: ignored 3: fixed 5: detecting 6: in remediation 7: rolling back 8: FIX_FAILURE
    LatestFixTime String Fixing time
    KbId Integer KB id
    RestartRequired Integer Whether restart is required 0: not required 1: required
    RegionId Integer Availability zone ID.
    MachineType String Machine type info
    HasSnapshot Integer Whether to create a snapshot for the fix task: 0: not created; other: created.

    PatchInfoDetail

    Patch information details

    Used by actions: DescribeScanTaskDetails.

    Name Type Description
    KBNo String KB No.
    Name String KB name
    PublishTime String 2025-05
    RelatedCveId Array of String Vulnerability impacted by KB
    KbDocUrl String KB documentation
    Id Integer KB id No.

    Place

    Log-in location information

    Used by actions: AddLoginWhiteLists, DescribeLoginWhiteCombinedList, DescribeLoginWhiteList, ModifyLoginWhiteInfo, ModifyLoginWhiteRecord.

    Name Type Required Description
    CityId Integer Yes City ID
    ProvinceId Integer Yes Province ID
    CountryId Integer Yes Country ID. Currently, only 1 is supported, indicating domestic.
    Location String No Location name

    PolicyRules

    Policy rule expression.

    Used by actions: CheckBashPolicyParams, DescribeBashPolicies, ModifyBashPolicy.

    Name Type Required Description
    Process CommandLine No Process
    PProcess CommandLine No Parent process
    AProcess CommandLine No Ancestor process

    PrivilegeEventInfo

    Local privilege escalation data

    Used by actions: DescribePrivilegeEventInfo.

    Name Type Description
    Id Integer Data ID
    Uuid String Host Security UUID
    Quuid String Host UUID
    HostIp String Host private IP address
    ProcessName String Process name
    FullPath String Process path
    CmdLine String Execute commands
    UserName String Username
    UserGroup String User group
    ProcFilePrivilege String Process file permission
    ParentProcName String Parent process name
    ParentProcUser String Parent process username
    ParentProcGroup String Parent process user group
    ParentProcPath String Parent process path
    PsTree String Process tree json pid: process ID; exe: file path; account: groups and users to which the process belongs; cmdline: execute commands; ssh_service: SSH service IP; ssh_source: log-in source
    Status Integer Processing status: 0: pending; 2: allowlisted; 3: processed; 4: ignored
    CreateTime String Occurrence time
    MachineName String Machine name
    SuggestScheme String Recommended solution
    HarmDescribe String Hazard description information
    Tags Array of String Tag
    References Array of String Reference link
    MachineWanIp String Host public IP address
    NewCaps String Permission list (Separate multiple items with
    MachineStatus String Host online status: OFFLINE; ONLINE
    ModifyTime String Processing time
    Count Integer Alarm count

    PrivilegeRule

    Local privilege escalation rule

    Used by actions: DescribePrivilegeRules.

    Name Type Description
    Id Integer Rule ID
    Uuid String Client ID
    ProcessName String Process name
    SMode Integer Whether the mode is S mode
    Operator String Operator
    IsGlobal Integer Whether the rule is global
    Status Integer Status. 0: valid; 1: invalid.
    CreateTime String Creation time
    ModifyTime String Modification time
    Hostip String Host IP

    ProcessStatistics

    Process statistics data

    Used by actions: DescribeProcessStatistics.

    Name Type Description
    ProcessName String Process name
    MachineNum Integer Number of hosts

    ProductStatusInfo

    Product trial status query API Data output parameter

    Used by actions: DescribeProductStatus.

    Name Type Description
    FWUserStatus Integer Protection status. 1: unprotected; 2: protecting; 3: in trial; 4 expired
    CanApplyTrial Boolean Whether application for trial is available. True indicates yes.
    CanNotApplyReason String Reason for unavailable trial (Leave it blank if the trial is available.)
    LastTrialTime String Last trial end time (Leave it blank if no trial record exists.)

    RansomDefenseBackup

    List of host snapshot backup

    Used by actions: DescribeRansomDefenseBackupList.

    Name Type Description
    BackupTime String Backup time
    EventStatus Integer Ransom Status: 0 - No Alarm, 1 - Alarm Present
    BackupStatus Integer Backup status: 0 backup in progress, 1 normal, 2, 3 failure, 4 snapshot expired, 5 number of snapshots exceed the limit, 9 snapshot deleted.
    DiskCount Integer Number of backup disk
    Disks String Hard Disk Information, separated by semicolons (;).
    SnapshotIds String Snapshot List, separated by semicolons (;)
    StrategyId Integer Policy ID
    StrategyStatus Integer Policy Status: 0 Disabled, 1 Enabled, 9 Deleted
    StrategyName String Policy name

    RansomDefenseEvent

    Prevention of Ransomware, Bait and Tamper Events

    Used by actions: DescribeRansomDefenseEventsList.

    Name Type Description
    Id Integer Event ID
    Uuid String Host UUID
    Quuid String cvm uuid
    HostName String Host name
    Status Integer Event Status: 0-Pending, 1-Processed, 2-Trusted, 3-In Process, 4-Backup Resumed
    BaitFilePath String Tampered File Path
    FilePath String Malicious File Path
    Pid Integer Malicious Process ID
    PidParam String Malicious Process Parameters
    FileSize Integer Malicious File Size
    FileMd5 String Malicious File MD5
    Type Integer Event Type: 0 Encrypted Ransom, 1 File Tampering
    CreateTime String Event Sending Time
    InstanceId String CVM Instance ID
    ModifyTime String Event Modification Event
    StrategyId Integer Policy ID
    StrategyName String Policy name
    HostIp String Host public IP address
    WanIp String Host Intranet IP
    PsTree String Process Tree Base64 Json
    ProcessStartTime String Process startup time
    SnapshotNum Integer Number of Snapshot Backups Owned by the Host

    RansomDefenseRollbackTask

    Anti-ransomware rollback task

    Used by actions: DescribeRansomDefenseRollBackTaskList.

    Name Type Description
    Id Integer Task ID
    Uuid String Host UUID
    Quuid String Host QUUID
    MachineName String Host name
    Status Integer Rollback Task Status: 0 - In Progress, 1 - Succeeded, 2 - Failed
    Disks String Hard drive ID list, separated by semicolons (;)
    CreateTime String Operation time
    BackupTime String Snapshot time
    ModifyTime String Status!=0 indicates the completion time.
    RegionInfo RegionInfo Availability zone information
    InstanceId String Host example ID
    MachineType String Host type

    RansomDefenseStrategy

    The TagList node in the data HostList corresponding to the host list query API

    Used by actions: DescribeRansomDefenseStrategyList.

    Name Type Description
    Id Integer Policy ID
    Uin String Operating UIN
    Name String Policy name
    Description String Policy Remarks
    Status Integer Enabling Status: 0 Disabled, 1 Enabled.
    IsAll Integer Whether it takes effect for all hosts.
    IncludeDir String Includes directories, separated by semicolons (;).
    ExcludeDir String Includes directories, separated by semicolons (;).
    BackupType Integer Backup mode: 0 weekly, 1 daily, 2 do not backup.
    Weekday String Backup days in a week (1-7): 1; 2; 3; 4.
    Hour String Backup Execution Time Point (0-23): 11:00; 12:00
    SaveDay Integer Storage Days, 0 for Permanent
    CreateTime String Creation time
    ModifyTime String Last modification time
    MachineCount Integer Number of Bound Machines

    RansomDefenseStrategyDetail

    The TagList node in the data HostList corresponding to the host list query API

    Used by actions: DescribeRansomDefenseStrategyDetail.

    Name Type Description
    Id Integer Policy ID
    Uin String Operating UIN
    Name String Policy name
    Description String Policy Remarks
    Status Integer Enabling Status: 0 Disabled, 1 Enabled.
    IsAll Integer Whether it takes effect for all hosts.
    IncludeDir String Includes directories, separated by semicolons (;).
    ExcludeDir String Includes directories, separated by semicolons (;).
    BackupType Integer Backup pattern: 0 weekly, 1 daily.
    Weekday String Backup days in a week (1-7): 1; 2; 3; 4.
    Hour String Backup Execution Time Point (0-23): 11:00; 12:00
    SaveDay Integer Storage Days, 0 for Permanent
    CreateTime String Creation time
    ModifyTime String Last modification time
    MachineCount Integer Number of Bound Machines
    EventCount Integer Policy Associated Event Count

    RansomDefenseStrategyMachineBackupInfo

    Details of Host Backup Bound to Anti-Ransomware Policy

    Used by actions: DescribeRansomDefenseMachineList.

    Name Type Description
    Uuid String Host UUID
    Quuid String Host QUUID
    MachineName String Host name
    InstanceId String Host Instance ID
    MachineIp String Private IP address
    MachineWanIp String Public IP address
    CloudTags Array of Tag Cloud Tag
    RegionInfo RegionInfo Availability zone information
    Tag Array of MachineTag Host security tag
    Status Integer Protection status: 0 Disabled, 1 Enabled.
    StrategyId Integer Policy ID. 0 indicates no binding to any policy.
    DiskInfo String Hard disk information, all hard disks take effect when left blank:
    Separate diskId1
    StrategyName String Policy name
    BackupCount Integer Number of Backups
    LastBackupStatus Integer Latest Backup Status: 0 - Backing Up, 1 - Normal, 2 - Failed, 9 - No Backup Yet
    LastBackupMessage String Reason for the Last Backup Failure
    LastBackupTime String Last Backup Time
    RollBackPercent Integer Latest Rollback Progress Percentage
    RollBackStatus Integer Latest Rollback Status: 0 - In Progress, 1 - Succeeded, 2 - Failed
    BackupSuccessCount Integer Backup Success Count
    HostVersion Integer Version information: 0-Basic version, 1-Pro edition, 2-Flagship edition, 3-Lightweight edition
    MachineType String Machine Zone Type. CVM - Cloud Virtual Machine; BM: Bare Metal; ECM: Edge Computing Machine; LH: Lightweight Application Server; Other: Hybrid Cloud Zone

    RansomDefenseStrategyMachineDetail

    Anti-Ransomware Host List

    Used by actions: DescribeRansomDefenseStrategyMachines.

    Name Type Description
    Uuid String Host UUID
    Quuid String Host QUUID
    MachineName String Host name
    InstanceId String Host Instance ID
    MachineIp String Private IP address
    MachineWanIp String Public IP address
    CloudTags Array of Tag Cloud Tag
    RegionInfo RegionInfo Availability zone information
    Tag Array of MachineTag Host security tag
    Status Integer Protection status: 0 Disabled, 1 Enabled.
    StrategyId Integer Policy ID. 0 indicates no binding to any policy.
    DiskInfo String Hard disk information, all hard disks take effect when left blank:
    Separate diskId1
    HostVersion Integer Version information: 0-Basic version, 1-Pro edition, 2-Flagship edition, 3-Lightweight edition
    StrategyName String Policy name
    MachineType String Machine Zone Type. CVM - Cloud Virtual Machine; BM: Bare Metal; ECM: Edge Computing Machine; LH: Lightweight Application Server; Other: Hybrid Cloud Zone

    RansomDefenseStrategyMachineInfo

    Anti-Ransomware Machine Hard Disk Configuration

    Used by actions: CreateRansomDefenseStrategy.

    Name Type Required Description
    Uuid String Yes Host UUID
    DiskInfo String No Specified Hard Disk List. When it is empty, it means all hard disks: disk_id1

    RaspAttackTypeListItem

    Application protection allowlist attack type list

    Used by actions: DescribeAttackType.

    Name Type Description
    AttackTypeName String Attack Type Name
    AttackTypeID Integer Attack Type ID
    Source String Feature type of the vulnerability, rasp: vulnerability defense, memshell_inject: memory shell injection

    RaspEvent

    Application protection event

    Used by actions: DescribeRaspEventCWP, DescribeRaspEventTCSS.

    Name Type Required Description
    Id Integer No Vulnerability Event ID
    Uuid String No Machine UUID
    Quuid String No Machine QUuid.
    Alias String No host name
    InstanceID String No Instance ID
    PrivateIp String No Private IP address
    PublicIp String No Public IP address
    VulId Integer No Vulnerability ID
    VulName String No Vulnerability name
    CveId String No CVE ID
    SourceIp String No Attack source IP address
    City String No City of the attack source IP address
    AttackPort Integer No Port under attack
    CreateTime String No First Attack Time
    MergeTime String No Last attack time
    Count Integer No Attack count
    Status Integer No Status 0: pending 1: defended 2: processed 3: ignored 4: deleted 5: allowlisted
    AttackTypeName String No Application attack type
    AttackType Integer No Application Attack Type id
    NodeName String No Node name.
    NodeId String No Node ID.
    ContainerName String No Container name
    ContainerId String No container id
    ContainerStatus String No Container running status
    ContainerNetStatus String No Container isolation status
    ImageId String No Image ID
    ImageName String No Image Name
    PodName String No Pod name
    PodIp String No podip
    ClusterName String No Cluster name.
    ClusterId String No Cluster ID.
    RaspDetail String No Event details, including poc
    NodeType String No regular node: NORMAL
    Super node: SUPER
    EventType Integer No Event Type 1: Attack Time 2: Successful Defense
    NodeUniqueID String No Unique id of a super node
    PocID String No poc id
    Url String No Request URL
    Poc String No malicious feature

    RaspEventDetail

    Application protection event details

    Used by actions: DescribeRaspEventDetailCWP, DescribeRaspEventDetailTCSS.

    Name Type Required Description
    Id Integer No Vulnerability Event ID
    Note: This field may return null, indicating that no valid values can be obtained.
    Status Integer No Status 0: pending 1: defended 2: processed 3: ignored 4: deleted 5: allowlisted
    Note: This field may return null, indicating that no valid values can be obtained.
    Quuid String No Machine QUuid.
    Note: This field may return null, indicating that no valid values can be obtained.
    Alias String No host name
    Note: This field may return null, indicating that no valid values can be obtained.
    InstanceID String No Instance ID
    Note: This field may return null, indicating that no valid values can be obtained.
    PrivateIp String No Private IP address
    Note: This field may return null, indicating that no valid values can be obtained.
    PublicIp String No Public IP address
    Note: This field may return null, indicating that no valid values can be obtained.
    HostTags Array of String No Asset tag
    Note: This field may return null, indicating that no valid values can be obtained.
    CreateTime String No First Attack Time
    Note: This field may return null, indicating that no valid values can be obtained.
    MergeTime String No Last attack time
    Note: This field may return null, indicating that no valid values can be obtained.
    AttackTypeName String No Application attack type
    Note: This field may return null, indicating that no valid values can be obtained.
    AttackType Integer No Application Attack Type id
    Note: This field may return null, indicating that no valid values can be obtained.
    Url String No Request URL
    Note: This field may return null, indicating that no valid values can be obtained.
    VulName String No Vulnerability name
    Note: This field may return null, indicating that no valid values can be obtained.
    Count Integer No Attack count
    Note: This field may return null, indicating that no valid values can be obtained.
    CveId String No CVE ID
    Note: This field may return null, indicating that no valid values can be obtained.
    SourceIp String No Attack source IP address
    Note: This field may return null, indicating that no valid values can be obtained.
    City String No City of the attack source IP address
    Note: This field may return null, indicating that no valid values can be obtained.
    AttackPort Integer No Port under attack
    Note: This field may return null, indicating that no valid values can be obtained.
    Description String No Vulnerability description
    Note: This field may return null, indicating that no valid values can be obtained.
    Fix String No Repair method
    Note: This field may return null, indicating that no valid values can be obtained.
    NetworkPayload String No Request content
    Note: This field may return null, indicating that no valid values can be obtained.
    NodeName String No Node name.
    Note: This field may return null, indicating that no valid values can be obtained.
    NodeId String No Node ID.
    Note: This field may return null, indicating that no valid values can be obtained.
    ContainerName String No Container name
    Note: This field may return null, indicating that no valid values can be obtained.
    ContainerId String No container id
    Note: This field may return null, indicating that no valid values can be obtained.
    ContainerStatus String No Container running status
    Note: This field may return null, indicating that no valid values can be obtained.
    ContainerNetStatus String No Container isolation status
    Note: This field may return null, indicating that no valid values can be obtained.
    ImageId String No Image ID
    Note: This field may return null, indicating that no valid values can be obtained.
    ImageName String No Image Name
    Note: This field may return null, indicating that no valid values can be obtained.
    PodName String No Pod name
    Note: This field may return null, indicating that no valid values can be obtained.
    PodIp String No podip
    Note: This field may return null, indicating that no valid values can be obtained.
    ClusterName String No Cluster name.
    Note: This field may return null, indicating that no valid values can be obtained.
    ClusterId String No Cluster ID.
    Note: This field may return null, indicating that no valid values can be obtained.
    Pid Integer No Process id
    Note: This field may return null, indicating that no valid values can be obtained.
    MainClass String No Associated Process Main Class Name
    Note: This field may return null, indicating that no valid values can be obtained.
    StackTrace String No Stack information
    Note: This field may return null, indicating that no valid values can be obtained.
    RaspDetail String No Vulnerability ID-Related Event Details (JSON array format, unique to RASP)
    Note: This field may return null, indicating that no valid values can be obtained.
    EventType Integer No Intrusion Status: 1 Attack Event, 2 Successful Defense

    RaspEventOverview

    Application defense overview information

    Used by actions: RaspEventOverview.

    Name Type Description
    DefenceVuls Integer Number of protectable vulnerabilities
    PreciseDefenseVuls Integer Number of accurately prevented vulnerabilities
    UnhandledRaspEvents Integer Unprocessed application defense event count
    UnhandledMemShellScanEvents Integer Number of unprocessed Java Webshell scan events
    UnhandledMemShellInjectEvents Integer Number of unprocessed memory shell injection events
    UnHandledEvents Array of Integer Daily event handling trend
    RaspAttackCounts Array of Integer Daily vulnerability detect event trend
    RaspDefendCounts Array of Integer Daily vulnerability defense event trend
    MemShellAttackCounts Array of Integer Daily Java Webshell detect event trend
    MemShellDefendCounts Array of Integer Daily Java Webshell defense event trends
    Date Array of String Date
    ProtectAssetOpenCount Integer Enable RASP protection switch number of assets
    ProtectAssetCount Integer Total number of assets
    UltimateAssetCount Integer Number of asset protection bound to the flagship edition
    RaspAssetCount Integer Number of assets bound to the Prioritized Protection package
    NotProtectAssetCount Integer Number of unauthorized assets
    RecentUnhandledEvents Integer Pending events count in the last 7 days
    RaspDefendCount Integer Total Number of Successful Defenses

    RaspLicenseList

    List object of authorization packages

    Used by actions: DescribeRaspLicenseList.

    Name Type Description
    QUUID String Machine unique ID
    InstanceName String Instance name
    InstanceId String Instance ID
    PublicIP String Public IP address
    PrivateIP String Private IP address
    Tags Array of Tags Cloud Tag Information
    ProtectionVersion Array of String Version information
    -Prioritized Protection package
    -Container Security - Pro Edition
    -CWP - Flagship Edition
    ConfigurationSetting Integer Protection setting
    -0 unconfigured
    -Configured
    Enable Integer Master switch
    -0 Not enabled
    - 1: enabled.
    VulDefEnable Integer Vulnerability defense switch
    -0 Not enabled
    - 1: enabled.
    VulDefMode Integer Vulnerability defense mode
    -0 Standard
    -1. Major Event Support
    VulDefAction Integer Vulnerability defense action
    -0 Detect only
    -Detect + defend
    MemShellDefEnable Integer Java Webshell Defense switch
    -0 Not enabled
    - 1: enabled.
    SafeInject Integer More protection
    -0 Do not inject processes that will restart
    -Inject a process that will restart
    PerformanceLimit Integer Performance threshold configuration switch
    -0 Not enabled
    - 1: enabled.
    PerformanceLimitCpu Integer CPU threshold, Value 1-99
    PerformanceLimitMem Integer Memory threshold, value 1-99
    PerformanceLimitMemAmount Integer Memory remaining threshold
    RaspException Integer Plug-in status
    -0 Use normally
    -1: Existence of anomalies
    -2 inactive
    LatestUpdateTime String Latest update time
    ClusterName String Cluster ID, only valid for container assets
    ClusterId String Cluster name, only container assets have values
    OrderDetail OrderDetail Order information
    IsUnBind Boolean Whether unbinding is allowed: false - not allowed, true - allowed.
    UUID String uuid. Unique ID of the machine. Only valid when AssetType = CWP.
    Reason String No injection/Failure reason of injection

    RaspLicensePlugin

    Important Period Guarantee Protection License Plugin Details

    Used by actions: DescribeRaspPluginList.

    Name Type Description
    PID Integer java Process pid
    MainClass String Java Main Class
    Status Integer 0: Injecting, 1: Injection successful, 2: Plugin timed out, 3: Plug-in exit, 4: Injection failure
    ErrorLog String Error details
    Reason String Failure reason of injection
    InjectTime String Injection duration

    RaspMemShellDetail

    Java webshell event information

    Used by actions: DescribeRaspMemShellDetailTCSS.

    Name Type Description
    Id Integer Event ID
    Note: This field may return null, indicating that no valid values can be obtained.
    Quuid String Server QUUID
    Note: This field may return null, indicating that no valid values can be obtained.
    Alias String Server name
    Note: This field may return null, indicating that no valid values can be obtained.
    InstanceID String Instance ID
    PrivateIp String Private IP address
    Note: This field may return null, indicating that no valid values can be obtained.
    PublicIp String Public IP address
    Note: This field may return null, indicating that no valid values can be obtained.
    HostTags Array of String Host tag
    Note: This field may return null, indicating that no valid values can be obtained.
    Type Integer Memory Trojan Type. 0: Filter Type; 1: Listener Type; 2: Servlet Type; 3: Interceptors Type; 4: Agent Type; 5: Other
    Note: This field may return null, indicating that no valid values can be obtained.
    Status Integer Processing Status. 0 - Pending; 1 - Allowlisted; 2 - Deleted; 3 - Ignored; 4 - Manually Processed
    Note: This field may return null, indicating that no valid values can be obtained.
    ClassLoaderName String Associated class loader.
    Note: This field may return null, indicating that no valid values can be obtained.
    SuperClassName String Parent class name
    Note: This field may return null, indicating that no valid values can be obtained.
    Interfaces String Inherited API
    Note: This field may return null, indicating that no valid values can be obtained.
    Annotations String Annotation
    Note: This field may return null, indicating that no valid values can be obtained.
    ClassName String Class name
    Note: This field may return null, indicating that no valid values can be obtained.
    Md5 String Class file md5
    Note: This field may return null, indicating that no valid values can be obtained.
    Pid Integer Process ID
    Note: This field may return null, indicating that no valid values can be obtained.
    Exe String Java Process Path
    Note: This field may return null, indicating that no valid values can be obtained.
    Args String Java process command line parameters
    Note: This field may return null, indicating that no valid values can be obtained.
    ClassContent String Java Memory Horse Binary Code (base64)
    Note: This field may return null, indicating that no valid values can be obtained.
    ClassContentPretty String Java Memory Trojan Decompilation Code
    Note: This field may return null, indicating that no valid values can be obtained.
    EventDescription String Event description
    Note: This field may return null, indicating that no valid values can be obtained.
    SecurityAdvice String Security advice
    Note: This field may return null, indicating that no valid values can be obtained.
    CreateTime String First detection time
    Note: This field may return null, indicating that no valid values can be obtained.
    RecentFoundTime String Last detection time
    Note: This field may return null, indicating that no valid values can be obtained.
    NodeName String Node name.
    Note: This field may return null, indicating that no valid values can be obtained.
    NodeId String Node ID.
    Note: This field may return null, indicating that no valid values can be obtained.
    ContainerName String Container name
    Note: This field may return null, indicating that no valid values can be obtained.
    ContainerId String container id
    Note: This field may return null, indicating that no valid values can be obtained.
    ContainerStatus String Container running status
    Note: This field may return null, indicating that no valid values can be obtained.
    ContainerNetStatus String Container isolation status
    Note: This field may return null, indicating that no valid values can be obtained.
    ImageId String Image ID
    Note: This field may return null, indicating that no valid values can be obtained.
    ImageName String Image name
    Note: This field may return null, indicating that no valid values can be obtained.
    PodName String Pod name
    Note: This field may return null, indicating that no valid values can be obtained.
    PodIp String podip
    Note: This field may return null, indicating that no valid values can be obtained.
    ClusterName String Cluster name.
    Note: This field may return null, indicating that no valid values can be obtained.
    ClusterId String Cluster ID.
    Note: This field may return null, indicating that no valid values can be obtained.

    RaspMemShellEvent

    Java webshell event information

    Used by actions: DescribeRaspMemShellListTCSS.

    Name Type Description
    Id Integer Event ID
    Quuid String Server QUUID
    Alias String Server name
    HostIp String Server IP address
    Type Integer Memory Trojan Type. 0: Filter Type; 1: Listener Type; 2: Servlet Type; 3: Interceptors Type; 4: Agent Type; 5: Other
    Description String Description
    CreateTime String First detection time
    RecentFoundTime String Last detection time
    Status Integer Processing Status. 0 - Pending; 1 - Allowlisted; 2 - Deleted; 3 - Ignored; 4 - Manually Processed
    Md5 String Class file md5
    ClassName String Class name
    SuperClassName String Parent class name
    Interfaces String Inherited API
    Annotations String Annotation
    LoaderClassName String Associated class loader.
    Pid Integer Process ID
    Exe String Java Process Path
    Args String Java process command line parameters
    NodeName String Node name.
    NodeId String Node ID.
    ContainerName String Container name
    ContainerId String container id
    ContainerStatus String Container running status
    ContainerNetStatus String Container isolation status
    ImageId String Image ID
    ImageName String Image name
    PodName String Pod name
    PodIp String podip
    ClusterName String Cluster name.
    ClusterId String Cluster ID.
    InstanceID String Same as the node id, the frontend can leave this unused.
    HostInnerIP String Private ip address of the server
    HostPublicIP String Public ip of the server
    NodeType String Regular node: NORMAL
    Super node: SUPER
    NodeUniqueID String Super Node Unique ID

    RaspRule

    RASP allowlist rule.

    Used by actions: DescribeRaspRules.

    Name Type Description
    Id Integer Rule ID
    URLRegexp String Regular expression for a custom request URL range. If this parameter is left blank, saving fails.
    VulVulsID Integer Vulnerability ID
    VulVulsName String Vulnerability name
    CveID String cve_id
    SupportDefense Integer Vulnerability defense type, which comes from the vulnerability table. 1: component vulnerability defense supported, with component vulnerabilities not allowlisted through a regular expression; 2: regular expression defense supported.
    WhiteType Integer Allowlisting scope. 0: Allowlist all requests; 1: Allowlist requests within a custom request scope.
    Status Integer Status. 0: valid.
    CreateTime String Creation time
    ModifyTime String Modification time

    RaspRuleVul

    List of vulnerabilities in a RASP allowlist.

    Used by actions: DescribeRaspRuleVuls.

    Name Type Description
    VulVulsID Integer Vulnerability ID
    VulVulsName String Vulnerability name
    CveID String cve_id
    SupportDefense Integer Vulnerability defense type, which comes from the vulnerability table. 1: component vulnerability defense supported, with component vulnerabilities not allowlisted through a regular expression; 2: regular expression defense supported.

    RecordInfo

    Client Exception Information Structure

    Used by actions: DescribeClientException.

    Name Type Description
    HostIP String Host IP
    InstanceID String Host Instance ID
    OfflineTime String Client Offline Time
    UninstallTime String Client Uninstallation Time
    UninstallCmd String Client Uninstallation Call Chain
    Uuid String Client UUID

    RegionInfo

    Region information

    Used by actions: DescribeLoginTypeHost, DescribeMachineRegionList, DescribeMachineRegions, DescribeMachines, DescribeMachinesSimple, DescribeRansomDefenseMachineList, DescribeRansomDefenseRollBackTaskList, DescribeRansomDefenseStrategyMachines.

    Name Type Description
    Region String Region identifiers, such as ap-guangzhou, ap-shanghai, and ap-beijing
    RegionName String Chinese name of a region, such as South China (Guangzhou), East China (Shanghai Finance), and North China (Beijing)
    RegionId Integer Region ID
    RegionCode String Region code, such as gz, sh, and bj
    RegionNameEn String English name of the region

    RegionListDetail

    Details of the region list

    Used by actions: DescribeMachineRegionList.

    Name Type Description
    MachineType String Machine type
    CVM, Tencent Cloud Virtual Machine
    LH, TencentCloud Lighthouse
    ECM, Tencent Cloud Edge Computing Machine
    BM, Tencent BM 1.0
    Other, Other servers (non-Tencent Cloud)
    CloudFrom Integer 0 Tencent Cloud
    1 IDC
    2 Alibaba Cloud
    3 Huawei Cloud
    4 Amazon
    5 Microsoft
    6 Google
    7 Oracle
    8 Digital Ocean
    RegionList Array of RegionInfo Region list

    RegionSet

    Region information

    Used by actions: DescribeBanRegions.

    Name Type Description
    RegionName String Region name
    ZoneSet Array of ZoneInfo AZ information

    RelateVulInfo

    Vulnerability information associated with Windows patches

    Used by actions: DescribePatchInfo.

    Name Type Description
    CveId String CVEid
    Name String Vulnerability name
    Label String Vulnerability tag
    Level Integer Vulnerability level
    CVSS Float CVSS score
    PublishTime String Vulnerability disclosure time
    Id Integer Vulnerability ID

    ReverseShell

    Reverse Shell data

    Used by actions: DescribeReverseShellEvents.

    Name Type Description
    Id Integer ID primary key
    Uuid String CWPP UUID
    Quuid String Server ID
    Hostip String Host private IP address
    DstIp String Target IP
    DstPort Integer Target port
    ProcessName String Process name
    FullPath String Process path
    CmdLine String Command details
    UserName String Executing user
    UserGroup String Executing user group
    ParentProcName String Parent process name
    ParentProcUser String Parent process user
    ParentProcGroup String Parent process user group
    ParentProcPath String Parent process path
    Status Integer Processing status. 0 - pending processing; 2 - allowlisted; 3 - processed; 4 - ignored; 6 - blocked.
    CreateTime String Occurrence time
    MachineName String Server name
    ProcTree String Process tree
    DetectBy Integer Detection method: 0: behavior analysis; 1 command feature detection
    MachineExtraInfo MachineExtraInfo Host Additional Information
    Pid Integer Process id
    RiskLevel Integer Threat level. 0: medium risk, 1: high risk.
    CmdLineQuote String Escaped content of command details. It is used when regular expressions match allowlisted full strings.

    ReverseShellEventInfo

    Reverse Shell data details

    Used by actions: DescribeReverseShellEventInfo.

    Name Type Description
    Id Integer ID primary key
    Uuid String Host Security UUID
    Quuid String Host UUID
    HostIp String Host private IP address
    DstIp String Target IP
    DstPort Integer Target port
    ProcessName String Process name
    FullPath String Process path
    CmdLine String Command details
    UserName String User for execution
    UserGroup String User group for execution
    ParentProcName String Parent process name
    ParentProcUser String Parent process user
    ParentProcGroup String Parent process user group
    ParentProcPath String Parent process path
    Status Integer Processing status: 0: pending; 2: allowlisted; 3: processed; 4: ignored
    CreateTime String Occurrence time
    MachineName String Host name
    DetectBy Integer Detection method
    PsTree String Process tree json pid: process ID; exe: file path; account: groups and users to which the process belongs; cmdline: execute commands; ssh_service: SSH service IP; ssh_source: log-in source
    SuggestScheme String Recommended solution
    HarmDescribe String Description
    Tags Array of String Tag
    References Array of String Reference link
    MachineWanIp String Host public IP address
    MachineStatus String Host online status: OFFLINE; ONLINE
    ModifyTime String Processing time
    CmdLineQuote String Escaped content of command details. It is used when regular expressions match allowlisted full strings.
    RiskLevel Integer Risk level

    ReverseShellRule

    Reverse Shell rule

    Used by actions: DescribeReverseShellRules.

    Name Type Description
    Id Integer Rule ID
    Uuid String Client ID
    ProcessName String Process name
    DestIp String Target IP
    DestPort String Target port
    Operator String Operator
    IsGlobal Integer Whether a global rule
    Status Integer Status (0: valid; 1: invalid)
    CreateTime String Creation time
    ModifyTime String Modification time
    Hostip String Host IP

    ReverseShellRuleAggregation

    Reverse shell rule for the aggregated version.

    Used by actions: DescribeReverseShellRulesAggregation.

    Name Type Description
    Id Integer Rule ID
    UuidHostips Array of UuidHostip Client ID
    ProcessName String Process name
    DestIp String Target IP address
    DestPort String Target port
    Operator String Operator
    IsGlobal Integer Whether a global rule
    Status Integer Status (0: valid; 1: invalid)
    CreateTime String Creation time
    ModifyTime String Modification time
    WhiteType Integer Allowlisting method. 0: regular allowlisting, 1: regular expression allowlisting.
    RuleRegexp String Regular expression
    HandleHistory Integer Whether to process historical events. 0: no, 1: yes.
    GroupID String Batch ID.
    MachinesNums String Number of servers covered by a rule. When IsGlobal is set to 1, all servers are displayed.

    RiskDnsEvent

    Malicious request event

    Used by actions: DescribeRiskDnsEventInfo, DescribeRiskDnsEventList.

    Name Type Description
    Id Integer Event ID
    PolicyId Integer Policy ID
    PolicyType Integer Type of hit policy [-1: unknown
    PolicyName String Name of hit policy
    ProtectLevel Integer Protection level [0: basic edition
    HostId String Server ID
    HostName String Host name
    HostIp String Host IP
    WanIp String Public IP address
    AgentId String Client ID
    Domain String Access domain name
    Tags Array of String Tag Features
    AccessCount Integer Access count
    ThreatDesc String Threat description
    SuggestSolution String Fixing solution
    ReferenceLink String Reference link
    HandleStatus Integer Processing status [0: pending
    Pid Integer Process ID
    ProcessName String Process name
    ProcessMd5 String Process MD5
    CmdLine String Command line
    FirstTime String First access time
    LastTime String Last access Time
    HostStatus String Host online status [OFFLINE: offline
    MachineExtraInfo MachineExtraInfo Additional information
    OsType Integer [1:CentOS

    RiskDnsList

    Malicious request list

    Used by actions: DescribeRiskDnsInfo, DescribeRiskDnsList.

    Name Type Description
    Url String External access domain name
    AccessCount Integer Access count
    ProcessName String Process name
    ProcessMd5 String Process MD5
    GlobalRuleId Integer Whether the rule is global. 0: no; 1: yes.
    UserRuleId Integer User rule ID
    Status Integer Status. 0: pending; 2: added to allowlist; 3: untrusted; 4: processed; 5: ignored.
    CreateTime String First access time
    MergeTime String Last access Time
    Quuid String Unique QUUID
    HostIp String Host IP
    Alias String Alias
    Description String Description
    Id Integer Unique ID
    Reference String Reference
    CmdLine String Command line
    Pid Integer Process ID
    Uuid String UUID
    SuggestScheme String Recommended solution
    Tags Array of String Tag Features
    MachineWanIp String Public IP address
    MachineStatus String Host online status [OFFLINE: offline

    RiskDnsPolicy

    Malicious request policy

    Used by actions: DescribeRiskDnsPolicyList, ModifyRiskDnsPolicy.

    Name Type Required Description
    PolicyName String Yes Policy name
    PolicyType Integer Yes Policy type [0: system; 1: user]
    PolicyAction Integer Yes Policy action [0: alarm; 1: allow; 2:intercept + alarm]
    HostScope Integer Yes Host range [1: all Professional + Ultimate Editions
    HostIds Array of String Yes Host ID
    Domains Array of String Yes Domain name (when used as an input parameter, it needs base64 encode.)
    IsEnabled Integer Yes Whether effective [0: effective,1: not effective]
    PolicyId Integer No Policy ID
    PolicyDesc String No Policy description
    IsDealOldEvent Integer No Whether to process previous events [0: no
    UpdateTime String No Update time
    EventId Integer No Event ID

    RiskMainClass

    Risk service during Java Webshell and RASP injection.

    Used by actions: DescribeInjectRiskyServiceSwitch.

    Name Type Description
    ServiceName String Risky services for RASP injection.

    RiskProcessEvent

    Abnormal Process Event

    Used by actions: DescribeRiskProcessEvents.

    Name Type Description
    EventId Integer Event ID
    HostName String Host name
    HostIp String Host IP
    WanIp String Public IP address
    ProcessId Integer Process ID
    FilePath String File path
    CmdLine String Executed commands
    StartTime String Process startup time
    DetectTime String Last detection time
    VirusName String Virus name
    CheckPlatform Array of String Trojan detection platform [1: Cloud search engine
    VirusTags Array of String Virus tag
    ThreatDesc String Threat description
    SuggestSolution String Recommended solution
    ReferenceLink String Reference link
    HandleStatus Integer Processing Status [0 Pending; 1 Processed; 2 Scanning; 3 Scanned; 4 Exited; 5 Ignore]
    OnlineStatus Integer Host Online Status
    MachineExtraInfo MachineExtraInfo Additional information
    Uuid String Host UUID
    FirstDetectionMethod Integer First time detection method 0 scan;1 real-time monitoring

    RuleInfo

    Index Rule

    Used by actions: DescribeLogIndex.

    Name Type Description
    FullText FullTextInfo Full-text index configurations
    KeyValue KeyValueInfo Key-value index configurations
    Tag KeyValueInfo Meta field index configuration

    ScanTaskDetails

    List of scan task details

    Used by actions: DescribeScanTaskDetails.

    Name Type Description
    HostIp String Server IP
    HostName String Server name
    OsName String Operating system
    RiskNum Integer Number of risks
    ScanBeginTime String Scan start time
    ScanEndTime String Scan end time
    Uuid String UUID
    Quuid String QUUID
    Status String Status code: Scanning; Ok; Fail.
    Description String Description
    Id Integer Unique ID
    FailType Integer Failure type. 3: offline; 4: timeout; 5: failed; 8: early agent version.
    MachineWanIp String Public IP address
    MachineExtraInfo MachineExtraInfo Additional information

    ScreenAttackHotspot

    Attack hot spots across the entire network on the large screen

    Used by actions: DescribeScreenAttackHotspot.

    Name Type Description
    EventName String Event name
    SrcIp String Attacker IP address
    DstIp String Victim IP address
    Region String Region
    CreatedTime String Time

    ScreenBaselineInfo

    Large screen baseline information

    Used by actions: DescribeScreenHostInvasion.

    Name Type Description
    Name String Baseline name
    Level Integer Hazard level: 1-Low-risk; 2-Medium-risk; 3-High-risk; 4-Critical
    CategoryId Integer Baseline ID
    LastScanTime String Last detection time
    BaselineFailCount Integer Baseline risk items
    Uuid String Host UUID

    ScreenBroadcasts

    Visualized security report on the large screen

    Used by actions: DescribeScreenBroadcasts.

    Name Type Description
    Title String Security report article title
    Level Integer Severity level of security report article: 0: none; 1: critical; 2: high-risk; 3: medium-risk; 4: low-risk
    Time String Release time
    Id Integer Article ID

    ScreenDefendAttackLog

    Network attack logs on the large screen

    Used by actions: DescribeScreenHostInvasion.

    Name Type Description
    Id Integer Log ID
    Uuid String Client ID
    SrcIp String Source IP
    SrcPort Integer Source port
    HttpMethod String Attack method
    VulType String Threat type
    CreatedTime String Attack time
    DstPort Integer Target port
    Quuid String Host quuid
    DstIp String Target IP

    ScreenEmergentMsg

    Visualized emergency notification on the large screen

    Used by actions: DescribeScreenEmergentMsg.

    Name Type Description
    Title String Notification tag/title
    Text String Notification content
    Type Integer Redirection type: 0=vulnerability management

    ScreenEventsCnt

    Intrusion detection statistics

    Used by actions: DescribeScreenEventsCnt.

    Name Type Description
    Title String Displayed content: Total number of pending risks and total number of affected assets
    Total Integer Total number of events
    Category Array of ScreenNameValue name: Specific type of the displayed content, including attack event, potential risk, compromised asset, and potentially risky asset
    Value: event count after statistics

    ScreenInvasion

    Details of large screen intrusion event

    Used by actions: DescribeScreenHostInvasion.

    Name Type Description
    CreatedTime String Intrusion time
    EventType Integer Event type. 0: virus scanning; 1: abnormal log-in; 2: password cracking; 3: malicious request; 4: high-risk command; 5: local privilege escalation; 6: reverse shell.
    Content String JSON file of the event data, which varies by event.
    [Virus scanning] Virus name: VirusName, file name: FileName, file path: FilePath, file size: FileSize, file MD5: MD5, first detection time: CreateTime, last detection time: LatestScanTime, severity description: HarmDescribe, fixing suggestion: SuggestScheme
    [Abnormal log-in] Source IP: SrcIp, location: Location, log-in username: UserName, log-in time: LoginTime
    [Password cracking]Source IP: SrcIp, location: City and Country, protocol: Protocol, log-in username: UserName, port: Port, attempt count: Count, first attack time: CreateTime, last attack time: ModifyTime
    [Malicious request] Malicious request domain name: Url, process: ProcessName, MD5: ProcessMd5, PID: Pid, request count: AccessCount, last request time: MergeTime, severity description: HarmDescribe, fixing suggestion: SuggestScheme
    [High-risk command] Hit rule name: RuleName, rule category: RuleCategory, command content: BashCmd, data source: DetectBy, Log-in user: User, PID: Pid, occurrence time: CreateTime, severity description: HarmDescribe, fixing suggestion: SuggestScheme
    [Local privilege escalation] Privilege escalation user: UserName, parent process: ParentProcName, user of parent process: ParentProcGroup, Detection time: CreateTime, severity description: HarmDescribe, fixing suggestion: SuggestScheme
    [Reverse shell] Connected process: ProcessName, executed command: CmdLine, parent process: ParentProcName, target host: DstIp, target port: DstPort, detection time: CreateTime, severity description: HarmDescribe, fixing suggestion: SuggestScheme
    Level Integer Unified event risk level. 0: prompt; 1: low; 2: medium; 3: high; 4: critical.
    LevelZh String Level in Chinese
    Id Integer Event ID
    Uuid String Host UUID

    ScreenMachine

    Data of listed hosts on the large screen

    Used by actions: DescribeScreenMachines.

    Name Type Description
    MachineName String Host name.
    MachineOs String Host System.
    Uuid String CWP UUID. If the CWP client is offline for a long time, an empty character is returned.
    MachineStatus Integer Status of a host on the large screen. 0: agent not installed; 1: offline; 2: offline - risky; 3: offline - critical;
    4: device installed - normal; 5: device installed - normal and of either Pro Edition or Ultimate Edition; 6: device installed - risky (network attack events > 0);
    7: device installed - risky (network attack events > 0) and of either Pro Edition or Ultimate Edition; 8: device installed - critical (intrusion detection events > 0);
    9: device installed - critical (intrusion detection events > 0) and of either Pro Edition or Ultimate Edition
    Quuid String CVM or BM Machine Unique UUID.
    VulNum Integer Number of vulnerabilities
    MachineIp String Host IP.
    MachineWanIp String Public IP address of the host
    BaselineNum Integer Number of baseline risks
    CyberAttackNum Integer Number of network risks
    SecurityStatus String Risk status
  • SAFE: Safe
  • RISK: Risk
  • UNKNOWN: Unknown
    		•
    InvasionNum Integer Number of intrusion events
    MachineType String Machine Zone Type. CVM - Cloud Virtual Machine; BM: Bare Metal; ECM: Edge Computing Machine; LH: Lightweight Application Server; Other: Hybrid Cloud Zone
    CpuLoad String CPU load status
    CpuSize Float Number of CPU cores
    DiskLoad String Hard disk utilization (%)
    DiskSize Float Hard disk capacity (GB)
    MemLoad String Memory utilization (%)
    MemSize Float Memory capacity (GB)
    CoreVersion String Kernel version
    MachineExtraInfo MachineExtraInfo Additional information

    ScreenNameValue

    [Cloud security alarm] Visualized data Name Value Data on the large screen

    Used by actions: DescribeScreenEventsCnt, DescribeScreenGeneralStat, DescribeScreenRiskAssetsTop.

    Name Type Description
    Name String Statistics type: Different APIs correspond to different content
    Value Integer Statistics quantity

    ScreenProtection

    Visualized attack and defense status on large screen

    Used by actions: DescribeScreenProtectionStat.

    Name Type Description
    Name String Type value: virus scanning, brute force cracking, vulnerability scan, baseline check
    Status Integer Virus scanning: 0: never scanned or asset not paid; 1: scanned and malicious files found; 2: scanned but isolation protection disabled; 3: scanned, protection enabled, and no risk found.
    Brute force cracking: 0: protection disabled (asset not paid); 1: automatic blocking enabled.
    Vulnerability scan: 0: never scanned or asset not paid; 1: vulnerability found; 2: no risk found.
    Baseline check: 0: never checked or asset not paid; 1: baseline risks found; 2: no risk found.

    ScreenProtectionCnt

    CWPP security trend data

    Used by actions: DescribeScreenProtectionCnt.

    Name Type Description
    Type String cloud: Cloud Security Engine; detect: detection engine; defend: attack defense; threat: threat intelligence; analysis: abnormal analysis; ai: AI engine
    Name String cloud: Cloud Security Engine; detect: detection engine; defend: attack defense; threat: threat intelligence; analysis: abnormal analysis; ai: AI engine
    Count Integer Total number

    ScreenRegionInfo

    Region information

    Used by actions: DescribeScreenMachineRegions.

    Name Type Description
    Region String Region identifiers, such as ap-guangzhou, ap-shanghai, and ap-beijing
    RegionName String Chinese name of region, such as South China (Guangzhou), East China (Shanghai Finance), and North China (Beijing)
    RegionId Integer Region ID
    RegionCode String Region code, such as gz, sh, and bj
    RegionNameEn String English name of the region

    ScreenRegionMachines

    3D image of the host on the large screen

    Used by actions: DescribeScreenMachines.

    Name Type Description
    Region String All regions
    RegionName String Region description in Chinese
    Machines Array of ScreenMachine Host list
    TotalCount Integer Total number of hosts in this region
    RiskCnt Integer Number of risky hosts
    AttackCnt Integer Number of potentially risky hosts
    SafetyCnt Integer Number of risk-free hosts
    UnAgentOfflineCnt Integer Number of hosts in offline/uninstalled status
    IgnoreCnt Integer Number of hosts that are omitted from displaying. When it is equal to 0, no hosts are omitted.

    ScreenTrendsChart

    Attack and defense trend chart on the large screen

    Used by actions: DescribeScreenDefenseTrends.

    Name Type Description
    X String Time on the X-axis
    Y Integer Numerical value on the Y-axis
    Type String Statistical type: defense count, attack count

    ScreenVulInfo

    Vulnerability list on big screen

    Used by actions: DescribeScreenHostInvasion.

    Name Type Description
    Id Integer Vulnerability Event ID
    Name String Vulnerability name
    VulId Integer Vulnerability ID
    LastTime String Last detection Time
    Level Integer Vulnerability level 1: low-risk; 2: medium-risk; 3: high-risk; 4: prompt
    Category Integer Vulnerability type: 1 - web-cms vulnerabilities; 2 - application vulnerabilities; 4 - Linux software vulnerabilities; 5 - Windows system vulnerabilities
    Uuid String Host UUID.

    SearchTemplate

    Quick search template

    Used by actions: CreateSearchTemplate, DescribeSearchTemplates.

    Name Type Required Description
    Name String Yes Name for search
    LogType String Yes Index type for search
    Condition String Yes Statement for search
    TimeRange String Yes Time range
    Query String Yes Converted search statement content
    Flag String Yes Search method. Input box: standard filtering. Search: simple.
    DisplayData String Yes Displayed data
    Id Integer No Rule ID

    SecurityDynamic

    Security event message data

    Used by actions: DescribeSecurityDynamics.

    Name Type Description
    Uuid String CWPP client UUID
    EventTime Timestamp Security event occurrence time
    EventType String Security event type
  • MALWARE: Trojan event
  • NON_LOCAL_LOGIN: cross-region log-in
  • BRUTEATTACK_SUCCESS: successful password cracking
  • VUL: vulnerability
  • BASELINE: security baseline
    		•
    Message String Security event message
    SecurityLevel String Security event level
  • RISK: critical
  • HIGH: high-risk
  • NORMAL: medium-risk
  • LOW: low-risk
  • UNKNOWNED: suspicious
    		•

    SecurityEventInfo

    List of security event statistics

    Used by actions: DescribeSecurityEventsCnt.

    Name Type Description
    EventCnt Integer Number of security events
    UuidCnt Integer Number of affected machines

    SecurityTrend

    Security trend statistics

    Used by actions: DescribeSecurityTrends.

    Name Type Description
    Date Date Event time
    EventNum Integer Number of events

    ShellPolicyList

    Reverse shell list data details.

    Used by actions: DescribeShellPolicyList.

    Name Type Description
    PolicyId Integer Policy ID
    Note: This field may return null, indicating that no valid values can be obtained.
    PolicyName String Policy name
    Note: This field may return null, indicating that no valid values can be obtained.
    PolicyType Integer 0: system policy, 1: custom policy.
    Note: This field may return null, indicating that no valid values can be obtained.
    PolicyDesc String Policy description
    Note: This field may return null, indicating that no valid values can be obtained.
    PolicyAction Integer Policy action [0: alarm; 1: allow; 2:intercept + alarm]
    Note: This field may return null, indicating that no valid values can be obtained.
    IsEnabled Integer 0: enabled, 1: disabled.
    Note: This field may return null, indicating that no valid values can be obtained.
    UpdateTime String Update time
    Note: This field may return null, indicating that no valid values can be obtained.
    HostScope Integer Host range. [0: a group of QUuids, 1: all Pro edition hosts, 2: Premium edition, 3: all hosts.]
    Note: This field may return null, indicating that no valid values can be obtained.

    SkillInfo

    Skill info

    Used by actions: DescribeSkillInfo.

    Name Type Description
    SkillName String Skill name
    SkillDesc String Skill description
    SkillSource String Skill source
    Tags Array of String Skill risk tag
    RiskDesc String skill risk description
    Evidence String evidence chain
    Id Integer Event ID

    StandardModeConfig

    Blocking configuration in the standard mode

    Used by actions: DescribeBanMode.

    Name Type Description
    Ttl Integer Blocking duration (unit: second)

    Strategy

    Baseline security user policy information

    Used by actions: DescribeBaselineStrategyList.

    Name Type Description
    StrategyName String Policy name
    StrategyId Integer Policy ID
    RuleCount Integer Total number of baseline detection items
    HostCount Integer Number of hosts
    ScanCycle Integer Scan cycle
    ScanAt String Scan time
    Enabled Integer Available or not?
    PassRate Integer pass rate
    CategoryIds String Baseline ID
    IsDefault Integer Whether a default policy

    Tag

    Tag information

    Used by actions: DescribeRansomDefenseMachineList, DescribeRansomDefenseStrategyMachines, DescribeTags.

    Name Type Description
    Id Integer Tag ID
    Name String Tag name
    Count Integer Number of servers

    TagMachine

    Information on tag-related servers

    Used by actions: DescribeTagMachines.

    Name Type Description
    Id String ID
    Quuid String Host ID
    MachineName String Host name
    MachineIp String Host private IP address
    MachineWanIp String Host public IP address
    MachineRegion String Host region
    MachineType String Host region type

    Tags

    Platform tag

    Used by actions: CreateLicenseOrder, DescribeHostInfo, DescribeLicenseList, DescribeMachines, DescribeMachinesSimple, DescribeRaspLicenseList, DescribeVulEffectHostList, ExportLicenseDetail.

    Name Type Required Description
    TagKey String Yes Tag key
    TagValue String Yes Tag value

    TaskStatus

    Scan status list

    Used by actions: DescribeScanTaskStatus.

    Name Type Description
    Scanning String Scanning (including initializing)
    Ok String Scan terminated (including terminating)
    Fail String Scan failed
    Stop String Scan failed, with specific reason displayed: scan timeout, low client version, or client offline.

    TopInfo

    Statistics data of top network attacks

    Used by actions: DescribeAttackTop.

    Name Type Description
    Value String Top statistical data, such as IP, and vulnerability name
    Count Integer Top statistical count

    UpdateHostLoginWhiteObj

    Edit allowlisted entities

    Used by actions: ModifyLoginWhiteInfo.

    Name Type Required Description
    Places Array of Place Yes Region information array
    SrcIp String Yes Source IP
    UserName String Yes Username
    Remark String Yes Remarks
    Id Integer Yes Data ID to be updated
    StartTime String No Start time
    EndTime String No End time

    UsualPlace

    Frequently used log-in location

    Used by actions: DescribeUsualLoginPlaces.

    Name Type Description
    Id Integer ID
    Uuid String CWPP client UUID
    CountryId Integer Country ID
    ProvinceId Integer Province ID
    CityId Integer City ID

    UuidHostip

    Machine that passed the check and the corresponding host IP address.

    Used by actions: DescribeMemShellRules, DescribeReverseShellRulesAggregation.

    Name Type Description
    Uuid String Server ID
    Hostip String Server IP address

    ValueInfo

    Index value description

    Used by actions: DescribeLogIndex.

    Name Type Description
    Tokenizer String Field delimiter
    Type String Field type
    SqlFlag Boolean Whether the analysis feature is enabled for the field
    ContainZH Boolean Whether Chinese characters are contained

    VersionWhiteConfig

    Allowlist configuration of the authorized edition

    Used by actions: DescribeLicenseWhiteConfig.

    Name Type Description
    Deadline Integer Number of days before expiration
    LicenseNum Integer Number of authorizations
    IsApplyFor Boolean Whether application can be made
    SourceType Integer Type

    VertexDetail

    Detailed node information

    Used by actions: DescribeVertexDetail.

    Name Type Description
    Type Integer Node type. 1: process, 2: network, 3: file, 4: SSH.
    Time String Time used by each node type, in the format of 2022-11-29 00:00:00.
    AlarmInfo Array of AlarmInfo Alarm information.
    ProcName String Process name. This parameter takes effect when this node is a process.
    CmdLine String Command line. This parameter takes effect when this node is a process.
    Pid String Process ID. This parameter takes effect when this node is a process.
    FileMd5 String File MD5. This parameter takes effect when this node is a file.
    FileContent String File write content. This parameter takes effect when this node is a file.
    FilePath String File path. This parameter takes effect when this node is a file.
    FileCreateTime String File creation time. This parameter takes effect when this node is a file.
    Address String Request destination address. This parameter takes effect when this node is a network.
    DstPort Integer Target port. This parameter takes effect when this node is a network.
    SrcIP String Login source IP address. This parameter takes effect when this node is ssh.
    User String Login username and user group. This parameter takes effect when this node is ssh.
    VulName String Vulnerability name. This parameter takes effect when this node is a vulnerability.
    VulTime String Vulnerability exploitation time. This parameter takes effect when this node is a vulnerability.
    HttpContent String HTTP request content. This parameter takes effect when this node is a vulnerability.
    VulSrcIP String Source IP address of the vulnerability exploiter. This parameter takes effect when this node is a vulnerability.
    VertexId String Node ID.

    VertexInfo

    Attack backtracking node information

    Used by actions: DescribeAlarmIncidentNodes.

    Name Type Description
    Type Integer Node type: process: 1; network: 2; file: 3; ssh: 4;
    Vid String VID contained in this node
    ParentVid String Parent node VID of this node
    IsLeaf Boolean Whether a leaf node
    ProcNamePrefix String Process name. This parameter is used when Type is 1.
    ProcNameMd5 String Process name MD5. This parameter is used when Type is 1.
    CmdLinePrefix String Command line. This parameter is used when Type is 1.
    CmdLineMd5 String Command line MD5. This parameter is used when Type is 1.
    FilePathPrefix String File path. This parameter is used when Type is 3.
    AddressPrefix String Request destination address. This parameter is used when Type is 2.
    IsWeDetect Boolean Whether a vulnerability node
    IsAlarm Boolean Whether an alarm node
    FilePathMd5 String File path MD5. This parameter is used when Type is 3.
    AddressMd5 String Request destination address MD5. This parameter is used when Type is 2.

    VulDefenceEvent

    Vulnerability details

    Used by actions: DescribeVulDefenceEvent.

    Name Type Description
    VulId Integer Vulnerability ID
    VulName String Vulnerability name
    CveId String CVE ID
    Id Integer Vulnerability event ID
    Quuid String Host QUUID
    Alias String Host name
    PrivateIp String Private IP address
    PublicIp String Public IP address
    EventType Integer 0: Attack Attempt (WeDetect); 1: Successful Attack Attempt (WeDetect); 2: RASP Defense Event
    SourceIp String Attack source IP address
    City String City of the attack source IP address
    SourcePort Array of Integer Attack source port
    CreateTime String Event Creation Time
    MergeTime String Update Event Time
    Count Integer Number of Occurrences
    Status Integer Status. 0: Pending; 1: Defended; 2: Processed; 3: Ignored; 4: Deleted
    UpgradeType Integer 0: Pro Edition; 1: Flagship Edition; 2: LH Light Edition (for Lighthouse only); 3: CVM Light Edition (for CVM only).
    FixType Integer 0: do not support fixing; 1: support fixing.
    Uuid String Host UUID
    MachineExtraInfo MachineExtraInfo Host Additional Information

    VulDefenceEventDetail

    Vulnerability details

    Used by actions: DescribeDefenceEventDetail.

    Name Type Description
    VulName String Vulnerability name
    CveId String CVE ID
    Id Integer Vulnerability Event ID
    Quuid String Host QUUID
    Alias String Host name
    PrivateIp String Private IP address
    PublicIp String Public IP address
    EventType Integer 0: Attack Attempt (WeDetect); 1: Successful Attack Attempt (WeDetect); 2: RASP Defense Event
    SourceIp String Attack source IP address
    City String City of the attack source IP address
    SourcePort Array of Integer Attack source port
    CreateTime String Event Creation Time
    MergeTime String Update Event Time
    Count Integer Number of Occurrences
    Status Integer Status. 0: Pending; 1: Defended; 2: Processed; 3: Ignored; 4: Deleted
    MachineStatus String ONLINE OFFLINE
    Description String Vulnerability Description Information
    Fix String Fixing suggestion
    NetworkPayload String Attack Payload
    Pid Integer Associated Process PID
    MainClass String Associated Process Main Class Name
    StackTrace String Stack Information (Unique for RASP)
    EventDetail String Vulnerability ID-Related Event Details (JSON array format, unique to RASP)
    ExceptionPstree String Host Compromise Event Process Tree (JSON format, unique to WeDetect)
    MachineExtraInfo MachineExtraInfo Host Additional Information

    VulDefenceOverview

    Vulnerability defense trend page, which includes plugin status and attack defense trends. Trends are stored in three arrays of equal length, with elements corresponding one-to-one. If a certain day is missed, there will be missing data.

    Used by actions: DescribeVulDefenceOverview.

    Name Type Description
    Enable Integer Defense switch: 0 - disable; 1 - enable
    DefendHostCount Integer Number of hosts with defense enabled
    ExceptionCount Integer Number of plugin exceptions
    AttackCounts Array of Integer Daily attack trend
    DefendCounts Array of Integer Daily defense trends
    Date Array of String Date

    VulDefencePluginDetail

    vulnerability defense plugin status of a single process

    Used by actions: DescribeVulDefencePluginDetail.

    Name Type Description
    Pid Integer ID of the injected process
    MainClass String Main class name of the injected process
    Status Integer Plugin status. 0: injecting; 1: injection successful; 2: plugin timed out, 3: plugin exited; 4: injection failed; 5: logically deleted.
    ErrorLog String Error log
    InjectLog String Injection log

    VulDefencePluginStatus

    Host vulnerability defense plugin information

    Used by actions: DescribeVulDefencePluginStatus.

    Name Type Description
    Quuid String Host QUUID
    Alias String Host alias
    PrivateIp String Private IP address
    PublicIp String Public IP address
    Exception Integer Plugin status: 0 - normal; 1 - abnormal
    CreateTime String Creation time
    ModifyTime String Last update time

    VulDefenceRangeDetail

    Vulnerability defense scope details

    Used by actions: DescribeVulDefenceList.

    Name Type Description
    VulName String Vulnerability name
    Label String Tag
    Level Integer Vulnerability level. 1: low-risk; 2: medium-risk; 3: high-risk; 4: critical.
    CvssScore Float CVSS score
    CveId String cve id
    PublishTime String Release time
    VulId Integer Vulnerability ID
    Status Integer Status. 0: defending; 1: allowlisted. It indicates that the vulnerability is included in an allowlist, which may not be a global allowlist.

    VulDefenceSetting

    Vulnerability defense settings

    Used by actions: DescribeVulDefenceSettingList.

    Name Type Description
    StrategyName String Policy name
    Note: This field may return null, indicating that no valid values can be obtained.
    StrategyType Integer System policy
    Create a custom policy
    Note: This field may return null, indicating that no valid values can be obtained.
    ThreatLevel Integer Threat level
    Note: This field may return null, indicating that no valid values can be obtained.
    Scope Integer All Flagship Edition Hosts
    Specified hosts
    Note: This field may return null, indicating that no valid values can be obtained.
    SupportVulNum Integer Number of supported vulnerabilities.
    Note: This field may return null, indicating that no valid values can be obtained.
    Enable Integer 0: disabled, 1: enabled.
    Note: This field may return null, indicating that no valid values can be obtained.
    AppId Integer User appid.
    Note: This field may return null, indicating that no valid values can be obtained.
    MemberId String User's member ID.
    Note: This field may return null, indicating that no valid values can be obtained.
    StrategyAction Integer Policy action
    Alarm
    1. Defense
    Note: This field may return null, indicating that no valid values can be obtained.
    Uin String User UIN
    Note: This field may return null, indicating that no valid values can be obtained.
    Nickname String User Nickname
    Note: This field may return null, indicating that no valid values can be obtained.
    DefenceType Integer Protection type
    Vulnerability defense
    Attack detection
    Note: This field may return null, indicating that no valid values can be obtained.
    InstanceNum Integer Number of custom hosts.
    Note: This field may return null, indicating that no valid values can be obtained.
    StrategyId String Policy ID
    Note: This field may return null, indicating that no valid values can be obtained.

    VulDetailInfo

    Vulnerability details

    Used by actions: DescribeScanTaskDetails.

    Name Type Description
    VulId Integer Vulnerability ID
    Level Integer Vulnerability level
    Name String Vulnerability name
    CveId String CVE ID
    VulCategory Integer 1: web-cms vulnerabilities; 2: application vulnerabilities; 4: Linux software vulnerabilities; 5: Windows system vulnerabilities; 0: emergency vulnerabilities
    Descript String Vulnerability description
    Fix String Fixing suggestion
    Reference String Reference link
    CvssScore Float CVSS score
    Cvss String CVSS details
    PublishTime String Release time

    VulEffectHostList

    List of hosts affected by vulnerabilities

    Used by actions: DescribeVulEffectHostList.

    Name Type Description
    EventId Integer Event ID
    Status Integer Status: 0 - pending processing; 1 - ignored; 3 - fixed; 5 - detecting; 6 - in remediation; 7 - rolling back; 8 - fix failed.
    LastTime String Last detection time
    Level Integer Hazard level: 1-Low-risk; 2-Medium-risk; 3-High-risk; 4-Critical
    Quuid String Host QUUID
    Uuid String Host UUID
    HostIp String Host IP address
    AliasName String Host alias
    Tags Array of String Host tag
    Description String Description
    HostVersion Integer Version information: 0-Basic version, 1-Pro edition, 2-Flagship edition, 3-Lightweight edition
    IsSupportAutoFix Integer Whether automatic fixing is supported 0: Cannot be automatically repaired, 1: Can be automatically repaired, 2: Client offline, 3: Host can only be manually repaired if not flagship, 4: Not supported for this model, 5: In remediation, 6: Fixed, 7: In-progress detection, 9: Fix failed, 10: Ignored, 11: Vulnerability supported only on linux, not Windows, 12: Vulnerability supported only on Windows, not on linux, 13: Fixing failed but host is offline, 14: Fixing failed but host is not flagship, 15: Manually fixed
    FixStatusMsg String Reason for failure
    FirstDiscoveryTime String First detection time
    InstanceState String Instance status: "PENDING" - creating, "LAUNCH_FAILED" - creation failed, "RUNNING" - running, "STOPPED" - shutdown, "STARTING" - starting, "STOPPING" - indicates shutdown in progress, "REBOOTING" - restarting, "SHUTDOWN" - indicate shutdown and pending termination, "TERMINATING" - indicates terminating in progress.
    PublicIpAddresses String Public IP address
    CloudTags Array of Tags Cloud Tag Information
    MachineExtraInfo MachineExtraInfo Host Additional Information
    MachineType String Host type
    RegionId Integer Availability zone ID.
    HasSnapshot Integer Whether to create a snapshot for the fix task: 0: not created; other: created.
    LatestFixTime String Last repair time
    DescriptionEn String Description

    VulEffectModuleInfo

    Details of components affected by vulnerabilities

    Used by actions: DescribeVulEffectModules.

    Name Type Description
    Name String Component name
    Uuids Array of String Affected host uuid
    Rule String Affected component version
    Path String Component path
    Version String Component version
    FixCmd String Fix Command
    Quuids Array of String Affected host quuid

    VulEmergentMsgInfo

    Emergency notification entity

    Used by actions: DescribeVulEmergentMsg.

    Name Type Description
    VulId Integer Vulnerability ID
    PublishTime String Vulnerability disclosure time
    Name String Vulnerability name
    NameEn String Vulnerability name, English description
    SupportFix Integer Is auto-repair supported 0: not supported >0: supported
    SupportDefense Integer Whether automatic defense is supported 0: no support 1: support
    KbId Integer KB ID
    KbNumber String KB number

    VulFixStatusHostInfo

    View the fixing status of each vulnerability on each host.

    Used by actions: DescribeVulFixStatus.

    Name Type Description
    HostName String Host name
    HostIp String Host IP
    Quuid String Host QUUID
    Status Integer Status. 0: initial status; 1: task issued (fixing); 2: completed (successful); 3: fixing failed (failed); 4: fixing failed due to snapshot creation failure (unfixed).
    ModifyTime String Fixing time
    FailReason String Fix failure cause

    VulFixStatusInfo

    View vulnerability fixing details

    Used by actions: DescribeVulFixStatus.

    Name Type Description
    VulId Integer Vulnerability ID
    VulName String Vulnerability name
    Progress Integer Vulnerability fixing progress: 1-100;
    HostList Array of VulFixStatusHostInfo Vulnerability fixing status for corresponding hosts
    FailCnt Integer Number of hosts with failed vulnerability fixing
    FixSuccessCnt Integer Number of successful repairs
    FixMethod Integer Repair method. 0: Update components or install patches. 1: Disable service.
    KbId Integer kb ID
    KbNumber String kb number
    KbName String kb name
    PreKbList Array of String Pre kb list

    VulFixStatusSnapshotInfo

    Machine snapshot information

    Used by actions: DescribeVulFixStatus.

    Name Type Description
    Quuid String cvm id
    HostName String Host name
    HostIp String Host IP address
    SnapshotName String Snapshot name
    ModifyTime String Snapshot creation time
    SnapshotId String Snapshot ID
    Id Integer Unique record ID
    Status Integer Snapshot status. 0: initial; 1: created successfully; 2: creation failed; 10: unsupported; 11: no need to create.
    FailReason String Snapshot creation failure reason
    MachineType String Host type

    VulHostTopInfo

    Top 5 server risk entities

    Used by actions: DescribeVulHostTop.

    Name Type Description
    HostName String host name
    VulLevelList Array of VulLevelCountInfo Vulnerability level and quantity statistics list
    Quuid String Host QUUID
    Score Integer top rating

    VulInfoByCveId

    Query vulnerability details by cve_id

    Used by actions: DescribeVulCveIdInfo.

    Name Type Description
    VulId Integer Vulnerability ID
    FixSwitch Integer Fixing support status: 0 - not support fixing for Windows and Linux; 1 - support fixing for both Windows and Linux; 2 - support fixing for Linux only; 3 - support fixing for Windows only.

    VulInfoHostInfo

    Fix vulnerability second popup in batch

    Used by actions: DescribeCanFixVulMachine.

    Name Type Description
    HostName String host name
    HostIp String Host IP address
    Tags Array of String Host tag
    Quuid String Host QUUID
    IsSupportAutoFix Integer 0: Vulnerability cannot be automatically repaired, 1: Can be automatically repaired, 2: Client offline, 3: Manual fixing supported for non-flagship hosts, 4: Not supported for this model, 5: In remediation, 6: Fixed, 7: Detecting, 9: Fix failed, 10: Ignored, 11: Vulnerability supported only on linux, not Windows, 12: Vulnerability supported only on Windows, not linux.
    Uuid String Host UUID
    InstanceId String Host instance ID.
    MachineType String Host type
    AgentStatus Integer agent online status; 0 for offline, 1 for online.

    VulInfoList

    Vulnerability list on the vulnerability management page of CWPP

    Used by actions: DescribeVulList.

    Name Type Description
    Ids String IDs of events corresponding to a vulnerability, separated by commas (,)
    Name String Vulnerability name
    Status Integer 0: pending; 1: ignored; 3: fixed; 5: detecting; 6: fixing; 8: fixing failed
    VulId Integer Vulnerability ID
    PublishTime String Vulnerability disclosure time
    LastTime String Last detection time
    HostCount Integer Number of affected hosts
    Level Integer Vulnerability level. 1: low-risk; 2: medium-risk; 3: high-risk; 4: critical.
    From Integer Obsolete
    Descript String Description
    PublishTimeWisteria String Obsolete
    NameWisteria String Obsolete
    DescriptWisteria String Obsolete
    StatusStr String Event status after aggregation
    CveId String CVE ID
    CvssScore Float CVSS score
    Labels String Vulnerability Tags, Separated by Multiple Commas

    EXP exists
    Wild Attacks: KNOWN_EXPLOITED
    LOCAL: Local use
    Mandatory vulnerabilities: NEED_FIX
    RemoteExploit:NETWORK
    POC exists: POC
    System RESTART
    FixSwitch Integer Whether automatic fixing is supported and hosts that support automatic fixing, 0=No 1=Yes
    TaskId Integer id of the last scan task
    IsSupportDefense Integer Support defense, 0: no support 1: support
    DefenseAttackCount Integer Number of Attacks Defended
    FirstAppearTime String first occurrence time
    VulCategory Integer Vulnerability Category 1: web-cms Vulnerability 2: Application Vulnerability 4: Linux Software Vulnerability 5: Windows System Vulnerability
    AttackLevel Integer Attack intensity level.
    FixNoNeedRestart Boolean Whether a restart is required after vulnerability repair.
    Method Integer Detection method. 0: version comparison, 1: POC verification.
    VulFixSwitch Integer Whether vulnerability fixing is supported. 0: not supported; 1: supported.
    LatestFixTime String Latest remediation time
    RaspOpenNodeCount Integer Number of application protection activations for machines with vulnerability correspondence
    RaspClosedNodeCount Integer Number of application protection deactivations for machines with vulnerability correspondence

    VulLevelCountInfo

    Number of vulnerability levels

    Used by actions: DescribeVulHostTop.

    Name Type Description
    VulLevel Integer Vulnerability level
    VulCount Integer Number of vulnerabilities

    VulLevelInfo

    The statistical entity representing the distribution of vulnerabilities by severity level

    Used by actions: DescribeVulLevelCount.

    Name Type Description
    VulLevel Integer // Severity level: 1 - low-risk; 2 - medium-risk; 3 - high-risk; 4 - critical
    Count Integer Quantity

    VulOverview

    Vulnerability overview

    Used by actions: DescribeVulOverview.

    Name Type Description
    TotalCount Integer Total number
    TodayCount Integer Number of new key-value pairs today

    VulStoreListInfo

    Information on the vulnerability database list

    Used by actions: DescribeHotVulTop, DescribeVulStoreList.

    Name Type Description
    VulId Integer Vulnerability ID
    Level Integer Vulnerability level
    Name String Vulnerability name
    CveId String CVE ID
    VulCategory Integer 1: web-cms vulnerabilities; 2: application vulnerabilities; 4: Linux software vulnerabilities; 5: Windows system vulnerabilities; 0: emergency vulnerabilities.
    PublishDate String Release time
    Method Integer Vulnerability Detection Method: 0 - Version Comparison, 1 - POC Verification
    AttackLevel Integer Vulnerability attack level
    FixSwitch Integer Whether automatic vulnerability fixing is supported
    0 - Windows/Linux both off; 1 - Windows/Linux both on; 2 - Linux only; 3 - Windows only
    SupportDefense Integer Whether defense against vulnerabilities is supported
    0: not supported; 1: supported.

    VulTopInfo

    The statistical entity representing top vulnerabilities

    Used by actions: DescribeVulTop.

    Name Type Description
    VulName String Vulnerability name.
    VulLevel Integer Hazard level: 1-Low-risk; 2-Medium-risk; 3-High-risk; 4-Critical
    VulCount Integer Number of vulnerabilities
    VulId Integer Vulnerability ID

    WarningInfoObj

    List of alarm settings

    Used by actions: DescribeWarningList.

    Name Type Description
    Type Integer Event alarm type. 1: offline; 2: Trojan; 3: abnormal log-in; 4: brute force cracking; 5: vulnerability (including types of values 9, 10, 11, and 12); 6: high-risk command; 7: reverse shell; 8: local privilege escalation; 9: application vulnerability; 10: web CMS vulnerability; 11: emergency vulnerability; 12: security baseline; 13: tampering prevention; 14: malicious request; 15: network attack; 16: Windows system vulnerability; 17: Linux software vulnerability; 18: core file monitoring; 19: client uninstallation; 20: client offline.
    DisablePhoneWarning Integer 1: disable alarm; 0: enable alarm
    BeginTime String Start time. Format: HH:mm.
    EndTime String End time. Format: HH:mm.
    TimeZone String Time zone information
    ControlBit Integer Vulnerability level control bit (corresponding to the decimal storage in the database)
    ControlBits String Vulnerability level control bits in binary. Each bit indicates the enabling status of the corresponding vulnerability level on the page: low, medium, and high (0: disabled; 1: enabled). For example, 101 indicates that both low and high levels are enabled.
    HostRange Integer Alarm Host Range Type. 0: All Hosts; 1: By Project; 2: By Tencent Cloud Tag; 3: By Host Security Tag; 4: Custom Hosts
    Count Integer Configured Number of Hosts in the Range of Alarm, used by the frontend to decide when to display prompt information.

    WarningObject

    Parameters used to update alarms or inserted into alarms

    Used by actions: ModifyWarningSetting.

    Name Type Required Description
    Type Integer No Event alarm type: 1: offline, 2: Trojan, 3: abnormal login, 4: crack, 5: vulnerability (split into four types 9-12), 6: high-risk command, 7: rebound shell, 8: local privilege escalation, 9: system component vulnerability, 10: web application vulnerability, 11: emergency vulnerability, 12: security baseline, 14: malicious request, 15: network attack, 16: Windows system vulnerability, 17: Linux software vulnerability.
    DisablePhoneWarning Integer No 1: disable alarm; 0: enable alarm.
    BeginTime String No Start time. Format: HH:mm.
    EndTime String No End time. Format: HH:mm.
    ControlBits String No 1. Vulnerability level control bits in binary. Each bit corresponds to the vulnerability level enabling status on the corresponding page. Level: low, medium, high (0: disabled; 1: enabled). Example: 101, indicating both the low and high levels are enabled. 2. Brute force cracking control bits in binary. 01: notify upon successful brute force cracking; 10: notify upon brute force cracking failure.
    HostRange Integer No Alarm Host Range Type. 0: All Hosts; 1: By Project; 2: By Tencent Cloud Tag; 3: By Host Security Tag; 4: Custom Hosts
    Unit String No Unit.

    WebHookCustomField

    Custom passthrough field structure

    Used by actions: DescribeWebHookPolicy, ModifyWebHookPolicy.

    Name Type Required Description
    Key String Yes key
    Value String Yes value

    WebHookEventKv

    Enterprise WeChat Robot Event Types

    Used by actions: DescribeWebHookPolicy, DescribeWebHookRule, DescribeWebHookRules, ModifyWebHookPolicy, ModifyWebHookRule.

    Name Type Required Description
    Type Integer Yes Event type
    ControlBit String Yes Event content

    WebHookHostLabel

    Enterprise WeChat Robot Host Range

    Used by actions: DescribeWebHookPolicy, DescribeWebHookRule, DescribeWebHookRules, ModifyWebHookPolicy, ModifyWebHookRule.

    Name Type Required Description
    Type Integer Yes Host Range [1: Project
    Values Array of String Yes Host Project or Tag Content

    WebHookPolicy

    Policy

    Used by actions: DescribeWebHookPolicy.

    Name Type Description
    Id Integer id
    Name String Policy name
    Events Array of WebHookEventKv Event type
    HostLabels Array of WebHookHostLabel Host scope
    Receivers Array of WebHookReceiver Recipient
    Format Integer Format. 0: text; 1: JSON.
    CustomFields Array of WebHookCustomField Custom passthrough field
    IsDisabled Integer Whether it is disabled [1: disabled
    Quuids Array of String List of hosts
    HostCount Integer Number of hosts
    ExcludedQuuids Array of String List of machines to be excluded.
    MsgLanguage String Push language type, Chinese zh, English en

    WebHookReceiver

    Alarm recipient

    Used by actions: DescribeWebHookPolicy, DescribeWebHookReceiver, DescribeWebHookReceiverUsage, ModifyWebHookPolicy.

    Name Type Required Description
    Id Integer No id
    Name String No Receiver name
    Addr String No webhook URL
    Type Integer No Type
    SCFRegion String No target region
    Namespace String No Namespace
    FunctionName String No function name
    FunctionVersion String No Version
    Alias String No Alias

    WebHookReceiverUsage

    Usage information on associated policies of the alarm recipient

    Used by actions: DescribeWebHookReceiverUsage.

    Name Type Description
    ReceiverId Integer Recipient ID.
    ReceiverName String Receiver name
    PolicyName String Policy name

    WebHookRuleDetail

    Enterprise WeChat Robot Rule Details

    Used by actions: DescribeWebHookRule, ModifyWebHookRule.

    Name Type Required Description
    RuleName String Yes Rule name
    HookAddr String Yes Chatbot address
    RuleItems Array of WebHookEventKv Yes Event type
    RuleId Integer No Rule ID
    RuleRemark String No Remarks
    HostLabels Array of WebHookHostLabel No Host scope
    HostIds Array of String No Host ID List
    IsDisabled Integer No Whether it is disabled [1: disabled

    WebHookRuleSummary

    Enterprise WeChat Robot Rule Summary

    Used by actions: DescribeWebHookRules.

    Name Type Description
    RuleId Integer Rule ID
    RuleName String Rule name
    HookAddr String Robot Address
    RuleRemark String Remarks
    RuleItems Array of WebHookEventKv Event type
    HostLabels Array of WebHookHostLabel Host range
    IsDisabled Integer Enable/Disable [1-Disable, 0-Enable]
    CreateTime String Creation time
    UpdateTime String Update time
    HostCount Integer Number of hosts

    YDRaspBlackWhiteListItem

    Application protection allowlist rule

    Used by actions: DescribeYDRaspBlackWhite.

    Name Type Description
    Id Integer Rule ID
    LogicalSymbol Integer Logical operator. 0: 5 valid regular expression logical ANDs; 1: logical OR.
    ClassNameRegexp String Class name regular expression, which is not matched if empty.
    SuperClassNameRegexp String Parent class name regular expression, which is not matched if empty.
    InterfacesRegexp String Inherited interface regular expression, which is not matched if empty.
    AnnotationsRegexp String Annotation regular expression, which is not matched if empty.
    LoaderClassNameRegexp String Associated class loader regular expression, which is not matched if empty.
    Source String Allowlist type, rasp: vulnerability defense, memshell_scan: Java Webshell scan, memshell_inject: memory shell injection
    Status Integer Status (0: valid, 1: deleted, 2: invalid (enabling switch off)).
    CreateTime String Creation time
    ModifyTime String Modification time
    HandleHistory Integer Java Webshell scan usage, process historical events, 0: do not process 1: process
    Content String rasp and memory shell injection usage, match content, POC, can be a regular expression (MatchMode=5) or a string.
    IP String rasp and memory shell injection usage, attack source ip, leave unset for all sources, multiple allowed, can have ip ranges, such as: 192.168.57.1/24;172.17.0.1
    PolicyName String Rule name
    FilterType Integer rasp and memory shell injection usage, allowlisting method, 0: malicious feature allowlisting, 1: request URL allowlisting
    AttackType Integer RASP and memory shell injection usage, attack type, vul.rasp_attacktype_mapping attack_type_id field
    MatchMode Integer rasp and memory shell injection usage, match mode, 0: exact match, 1: prefix match, 2: suffix matching, 4: arbitrary matching, 5: partial matching, 6: regular expression matching.
    CWPEffective Integer Effective asset type. 0: Host disabled. 1: Host enabled.
    CWPScope Integer 0: a set of quuid 1: ALL the Real Server with host authorization
    CWPQuuids Array of String Designate the effective host machine
    TCSSEffective Integer Effective asset type. 0: Container disabled. 1: Container enabled.
    TCSSScope Integer 0: a set of quuid 1: ALL the node with container authorization
    TCSSQuuids Array of String Designate the container node to take effect
    EksEffective Integer Effective asset type. 0: Super node disabled. 1: Super node enabled.
    EksScope Integer 0: a set of quuid 1: ALL the super node with container authorization
    EksNodeUniqueID Array of String Designate the super node where the container takes effect
    CWPMachinesNums String Application asset. If global, all hosts. Otherwise, the number of selected host servers.
    TCSSMachinesNums String Application asset. If global, all containers host nodes. Otherwise, select the number of host nodes.
    EksMachinesNums String Application asset. If global, all super nodes. Otherwise, select the number of nodes.

    ZoneInfo

    Availability zone information

    Used by actions: DescribeBanRegions.

    Name Type Description
    ZoneName String Availability zone name
    前の記事へ: TrustMaliciousRequest次の記事へ: Error Codes

    ヘルプとサポート

    この記事はお役に立ちましたか?

    フィードバック