Domain name for API request: csip.intl.tencentcloudapi.com.
This API is used to query the list of configuration risks by assets.
A maximum of 20 requests can be initiated per second for this API.
The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.
| Parameter Name | Required | Type | Description |
|---|---|---|---|
| Action | Yes | String | Common Params. The value used for this API: DescribeRiskCenterAssetViewCFGRiskList. |
| Version | Yes | String | Common Params. The value used for this API: 2022-11-21. |
| Region | No | String | Common Params. This parameter is not required. |
| MemberId.N | No | Array of String | Group Account Member ID |
| Filter | No | Filter | Filter conditions |
| Tags.N | No | Array of AssetTag | Asset tags |
| Parameter Name | Type | Description |
|---|---|---|
| TotalCount | Integer | Total number of entries |
| Data | Array of AssetViewCFGRisk | List of configuration risks |
| StatusLists | Array of FilterDataObject | List of risk handling status |
| LevelLists | Array of FilterDataObject | List of risk levels |
| CFGNameLists | Array of FilterDataObject | List of configuration names |
| CheckTypeLists | Array of FilterDataObject | List of check types |
| InstanceTypeLists | Array of FilterDataObject | List of asset types |
| FromLists | Array of FilterDataObject | List of check source |
| RequestId | String | The unique request ID, generated by the server, will be returned for every request (if the request fails to reach the server for other reasons, the request will not obtain a RequestId). RequestId is required for locating a problem. |
Obtain Configuration Risk List from Asset's Perspective
POST / HTTP/1.1
Host: csip.intl.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: DescribeRiskCenterAssetViewCFGRiskList
<Common request parameters>
{
"MemberId": [
"mem-68b8087a65268000"
],
"Filter": {
"Limit": 1,
"Offset": 0
}
}
{
"Response": {
"CFGNameLists": [
{
Check whether the "Reject logon as a batch job" policy contains Guests
"Value": "Check whether the \"Reject logon as a batch job\" policy contains Guests"
},
{
Enable the security audit feature, audit all users, and audit important user behavior and significant security incidents.
"Value": "Enable security audit feature, audit all users, and audit important user behavior and significant security incidents"
},
{
Check if the "account lockout threshold" exceeds 0 and is less than or equal to 10
"Value": "Check if the account lockout threshold exceeds 0 and is less than or equal to 10"
},
{
Check whether the "deny logon through remote desktop services" policy is set to
"Value": "Check whether the 'deny logon through remote desktop services' policy is set"
},
{
Forbid SSH login with empty password
"Value": "Forbid SSH logins with empty password"
}
],
"CheckTypeLists": [
{
CentOS baseline check
"Value": "CentOS baseline check"
},
{
International Standard - CentOS 7 Security Baseline Check Level1
"Value": "International Standard - CentOS 7 Security Baseline Check Level1"
},
{
Account security
"Value": "account security"
},
{
Docker Daemon 2375 management port enabled
"Value": "Docker Daemon 2375 management port enabled"
},
{
International standard - Windows 2012 R2 security baseline check
"Value": "International standard-Windows 2012 R2 security baseline check"
},
{
International standard - CentOS 7 security baseline check Level2
"Value": "International standard-CentOS 7 security baseline check Level2"
},
{
Classified Protection Level 3 - Windows 2012 R2 security baseline check
"Value": "Classified Protection Level 3 - Windows 2012 R2 security baseline check"
},
{
"Text": "Cybersecurity"
"Value": "Cybersecurity"
},
{
Data security
"Value": "Data security"
},
{
Classified Protection Level 3 - CentOS 7 security baseline check
"Value": "Classified Protection Level 3 - CentOS 7 security baseline check"
},
{
Basic security
"Value": "Basic security"
},
{
Nginx security baseline check
"Value": "Nginx security baseline check"
},
{
Level-2 Classified Protection of Cybersecurity - CentOS 7 Security Baseline Check
"Value": "Level-2 classified protection of cybersecurity - CentOS 7 security baseline check"
},
{
Linux security baseline check
"Value": "Linux security baseline check"
}
],
"Data": [
{
"AffectAsset": "1*.**.132.***",
"AppId": "1302133215",
"CFGDescribe": "To implement cluster management, Docker provided a management API. The Docker Daemon runs as a daemon in the backend and can execute Docker commands sent to the management API. Because the remote port 2375 was used incorrectly, it caused a security vulnerability."
"CFGFix": "Close port 2375 and use encrypted remote management port 2376. If IP restriction for port access has been approved via security group or firewall, ignore it."
"CFGHelpURL": "url.***.com",
"CFGName": "Docker Daemon 2375 Management Port Enabled"
"CFGSTD": "none",
"CheckType": "Docker Daemon 2375 management port enabled"
"ClbId": "clb-***",
"FirstTime": "2024-09-18 10:30:14",
"From": "Host detection"
"Id": "067691ed696bf9***c7076e9a126b",
"Index": "d90439359e*****a74ee616d226a713f",
"InstanceId": "ins-elxffb4w",
"InstanceName": "Security Center x Host Automation Machine"
"InstanceType": "CVM",
"Level": "high",
"Nick": "Sheng Sheng Wu Long"
"RecentTime": "2024-10-25 11:36:49",
"Status": 0,
"Uin": "100011122178"
}
],
"FromLists": [
{
"Text": "CSC",
"Value": "0"
},
{
"Text": "Host detection"
"Value": "1"
},
{
Container detection
"Value": "5"
}
],
"InstanceTypeLists": [
{
"Text": "CVM",
"Value": "CVM"
},
{
"Text": "Other",
"Value": "0"
},
{
"Text": "Sub-account",
"Value": "2"
},
{
"Text": "Collaborator"
"Value": "4"
},
{
"Text": "CDB",
"Value": "CDB"
},
{
"Text": "CBS",
"Value": "CBS"
},
{
"Text": "ACL",
"Value": "ACL"
},
{
"Text": "COS",
"Value": "COS"
},
{
"Text": "POSTGRES",
"Value": "POSTGRES"
},
{
"Text": "LISTENER",
"Value": "LISTENER"
},
{
"Text": "MARIADB",
"Value": "MARIADB"
},
{
"Text": "SECURITYGROUP",
"Value": "SECURITYGROUP"
},
{
"Text": "TKECLUSTER",
"Value": "TKECLUSTER"
},
{
"Text": "APIGATEWAY",
"Value": "APIGATEWAY"
},
{
"Text": "SUBNET",
"Value": "SUBNET"
},
{
"Text": "CLB",
"Value": "CLB"
}
],
"LevelLists": [
{
Critical
"Value": "extreme"
},
{
High-risk
"Value": "high"
},
{
Medium risk
"Value": "middle"
},
{
"Text": "Low risk"
"Value": "low"
},
{
"Text": "Prompt"
"Value": "info"
}
],
"RequestId": "5effc83e-cef5-4fa7-ab35-8a97cf9b9f12",
"StatusLists": [
{
unprocessed
"Value": "0"
},
{
"Text": "Processed",
"Value": "1"
},
{
ignored
"Value": "2"
},
{
banned
"Value": "3"
}
],
"TotalCount": 746
}
}
TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.
There is no error code related to the API business logic. For other error codes, please see Common Error Codes.
文档反馈