tencent cloud

Cloud Workload Protection Platform

Release Notes and Announcements
Release Notes
Announcements
Getting Started
Product Introduction
Overview
Advantages
Basic Concepts
Scenarios
Associated Products
Features in Different Editions
Purchase Guide
Purchase Security Protection Licenses
Purchasing Log Analysis Service
Quick Start
Operation Guide
Security Dashboard
Asset Overview
Server List
Asset Fingerprint
Vulnerability Management
Baseline Management
Malicious File Scan
Unusual Login
Password Cracking
Malicious Requests
High-risk Commands
Local Privilege Escalation
Reverse Shell
Java Webshell
Critical File Monitor
Network Attack
A Ransomware Defense
Log Analysis
License Management
Alarm Setting
Cloud Access Management
Hybrid Cloud Installation Guide
FAQs for Beginners
Cloud Workload Protection Description
Feature Description
Agent Process Description
A Security Baseline Detection List
Parsing of JSON Format Alarm Data
Log Field Data Parsing
Agent Installation Guide
Security Score Overview
Practical Tutorial
Auto Fix of Vulnerabilities
Malicious File Processing
Troubleshooting
Intrusions on Linux
Intrusions on Windows
Offline Agent on Linux
Offline Agent on Windows
An Abnormal Log-in Notification
API Documentation
History
Introduction
API Category
Asset Management APIs
Virus Scanning APIs
Abnormal Log-in APIs
Password Cracking APIs
Malicious Request APIs
High-Risk Command APIs
Local Privilege Escalation APIs
Reverse Shell APIs
Vulnerability Management APIs
New Baseline Management APIs
Baseline Management APIs
Advanced Defense APIs
Security Operation APIs
Expert Service APIs
Other APIs
Overview Statistics APIs
Settings Center APIs
Making API Requests
Intrusion Detection APIs
Data Types
Error Codes
FAQs
Agreements
Terms of Service
Service Level Agreement
Data Processing And Security Agreement
Contact Us
Glossary
DocumentationCloud Workload Protection PlatformAPI DocumentationVirus Scanning APIsDescribeRiskProcessEvents

DescribeRiskProcessEvents

PDF
Focus Mode
Font Size
Last updated: 2025-10-30 21:39:12

1. API Description

Domain name for API request: cwp.intl.tencentcloudapi.com.

This API is used to obtain the list of abnormal processes.

A maximum of 20 requests can be initiated per second for this API.

We recommend you to use API Explorer
Try it
API Explorer provides a range of capabilities, including online call, signature authentication, SDK code generation, and API quick search. It enables you to view the request, response, and auto-generated examples.

2. Input Parameters

The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.

Parameter Name Required Type Description
Action Yes String Common Params. The value used for this API: DescribeRiskProcessEvents.
Version Yes String Common Params. The value used for this API: 2018-02-28.
Region No String Common Params. This parameter is not required.
Filters.N No Array of Filter Filtering criteria
  • HostId - String - required: no - host ID
  • IpOrName - String - required: no - host IP or host name
  • VirusName - String - required: no - virus name
  • ProcessId - String - required: no - process ID
  • FilePath - String - required: no - process path
  • BeginTime - String - required: no - process startup time - begin
  • BeginTime - String - required: no - process startup time - end
  • Status - String - required: no - status for filtering: 0: pending; 1: scanning; 2: scanned; 3: exited; 4: trusted
    		•
    Limit No Integer Number of results to be returned. Default value: 10. Maximum value: 100.
    Offset No Integer Offset. Default value: 0.
    Order No String Sorting order: [ASC|DESC]
    By No String [StartTime: Process start time | DetectTime: Last detection time]

    3. Output Parameters

    Parameter Name Type Description
    TotalCount Integer Total number
    List Array of RiskProcessEvent List of exceptional processes
    Note: This field may return null, indicating that no valid values can be obtained.
    RequestId String The unique request ID, generated by the server, will be returned for every request (if the request fails to reach the server for other reasons, the request will not obtain a RequestId). RequestId is required for locating a problem.

    4. Example

    Example1 Obtain Exceptional Process List

    Input Example

    POST / HTTP/1.1
Host: cwp.intl.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: DescribeRiskProcessEvents
<Common request parameters>

{
    "Limit": 30
}

    Output Example

    {
    "Response": {
        "List": [
            {
                "CheckPlatform": [
                    "1"
                ],
                "CmdLine": "./dev -h 10.***.**.1/24 -m ssh -nopoc -t 200 -o ssh.txt ",
                "DetectTime": "2023-09-16 18:30:55",
                "EventId": 24,
                "FilePath": "/dev/shm/dev",
                "HandleStatus": 3,
                "HostIp": "10.***.***.248",
                "HostName": "Public-Main-Xingzhi-IT-AIAN Flow Management and Service Platform-Backend -MNO Business Project-CVM2",
                "MachineExtraInfo": {
                    "HostName": "dataHub",
                    "InstanceID": "ins-jvi1gdu0",
                    "NetworkName": "eth1",
                    "NetworkType": 0,
                    "PrivateIP": "10.*.*.*",
                    "WanIP": "10.*.*.*"
                },
                "OnlineStatus": 1,
                "ProcessId": 21595,
                "ReferenceLink": "https://www.tencentcloud.com/document/product/296/9605?from_cn_redirect=1",
                "StartTime": "2023-09-16 18:28:00",
                "SuggestSolution": "1. Check the malicious process and illegal ports and delete the suspicious startup items and scheduled tasks. \n2. Isolate or delete the relevant Trojan files. \n3. Perform risk detection on the system and enhance the protection. See the details in the following link: \n[Linux] https://**.*.com/document/product/296/9604 \n[Windows] https://www.tencentcloud.com/document/product/296/9605?from_cn_redirect=1",
                "ThreatDesc": "Hacking tool process is detected on the host. If it is not a behavior initiated by you, your host may have been compromised. General hacking tools include malware programs such as scanner, brute force attack tools, password stealers, which are used by attacker to initiate attacks.",
                "Uuid": "364e2cb6-e3a3-****-9abd-b87711b880e3",
                "VirusName": "Linux.Scanner.Fscan",
                "VirusTags": [
                    "scanner",
                    "hack_tools"
                ],
                "WanIp": "127.5.**.**"
            }
        ],
        "RequestId": "e8fc6e04-5b3d-405d-ab61-da7cc8be2583",
        "TotalCount": 89
    }
}

    5. Developer Resources

    SDK

    TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.

    Command Line Interface

    6. Error Code

    The following only lists the error codes related to the API business logic. For other error codes, see Common Error Codes.

    Error Code Description
    FailedOperation Operation failed.
    InternalError Internal error
    InvalidParameter Incorrect parameter.
    Previous Topic: DescribeMalwareRiskOverviewNext Topic: ModifyMalwareWhiteList

    Help and Support

    Was this page helpful?

    Help us improve! Rate your documentation experience in 5 mins.

    Feedback