Domain name for API request: csip.intl.tencentcloudapi.com.
This API is used to list all alarms in the alert center.
A maximum of 3 requests can be initiated per second for this API.
The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.
| Parameter Name | Required | Type | Description |
|---|---|---|---|
| Action | Yes | String | Common Params. The value used for this API: DescribeAlertList. |
| Version | Yes | String | Common Params. The value used for this API: 2022-11-21. |
| Region | No | String | Common Params. This parameter is not required. |
| Filter | Yes | Filter | Tag search filter criteria |
| MemberId.N | No | Array of String | Group Account Member ID |
| OperatedMemberId.N | No | Array of String | Member ID of the Called Group Account |
| AssetType | No | Integer | 0: Default all 1: Asset ID 2: Domain name |
| Parameter Name | Type | Description |
|---|---|---|
| AlertList | Array of AlertInfo | All alarms list |
| AlertTypeCount | Array of TagCount | Number of Major Categories of Alarm |
| TotalCount | Integer | Total number of alarms |
| ReturnCode | Integer | 0:succeed 1:timeout |
| ReturnMsg | String | Return status |
| RequestId | String | The unique request ID, generated by the server, will be returned for every request (if the request fails to reach the server for other reasons, the request will not obtain a RequestId). RequestId is required for locating a problem. |
POST / HTTP/1.1
Host: csip.intl.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: DescribeAlertList
<Common request parameters>
{
"Filter": {
"Filters": [
{
"Name": "Status",
"Values": [
"0"
],
"OperatorType": 7
},
{
"Name": "Uin",
"Values": [
"1123213213"
],
"OperatorType": 7
}
],
"Limit": 10,
"Offset": 0,
"StartTime": "2024-10-24 00:00:00",
"EndTime": "2024-10-30 23:59:59"
},
"MemberId": [
"mem-tencent-1829"
]
}
{
"Response": {
"AlertList": [
{
"Action": 1,
"AppID": "18742",
"Attacker": {
"Account": "18742",
"Address": "Shanghai, China"
"AssetType": 2,
"City": "Shanghai",
"ContainerID": "ins-dd213833",
"ContainerName": "misakey",
"Country": "China",
"Domain": "main.1872.net",
"Family": "APT",
"FileName": "notdad.exe",
"HostIP": "172.16.17.32",
"IP": "202.108.127.12",
"Info": "mail",
"InstanceID": "ins-dd213833",
"Latitude": "41.2",
"Longitude": "38.2",
"MD5": "d41d8cd98f00b204e9800998ecf8427e",
"Name": "sdb",
"OriginIP": "202.108.127.12",
"Port": 20,
"Province": "Guangdong",
"VirusName": "ransomware"
},
"Count": 7,
"CreateTime": "2024-10-30T09:09:14+08:00",
"Date": "2024-10-30T00:00:00+08:00",
"EvidenceData": "18742",
"EvidenceLocation": "xin.1872.net",
"EvidencePath": "path/to/file",
"ExtraInfo": {
"AffectedFileName": "executable.exe",
"AttackIPTags": "APT",
"BehavioralCharacteristics": "cmd.exe",
"CallbackAddressTag": "APT",
"ClassName": "java.lang.Runtime",
"CommandContent": "mkdir /tmp/18742",
"DecoyPath": "path/to/file",
"ExecutedCommand": "sh -c /bin/bash",
"FileLastAccessTime": "2024-10-30T00:00:00+08:00",
"FileMD5": "d41d8cd98f00b204e9800998ecf8427e",
"FileModifyTime": "2024-10-30T00:00:00+08:00",
"FileName": "file",
"FilePath": "file/path/to/file",
"FilePermission": "0777",
"FileSize": "0.00B",
"LoginUserName": "user1",
"MaliciousProcessFileMD5": "d41d8cd98f00b204e9800998ecf8427e",
"MaliciousProcessFileSize": "0.00B",
"MaliciousProcessNamePID": "(0)",
"MaliciousProcessPath": "path/to/process",
"MaliciousProcessStartTime": "0001-01-01T08:05:43+08:05",
"NewPermissions": "0777",
"ParentProcess": "sh",
"ProcessCommandLine": "sh -c rm -rf /",
"ProcessName": "(0)",
"ProcessNamePID": "(0)",
"ProcessPath": "path/to/process",
"ProtocolPort": "8989",
"RecentAccessTime": "2024-10-10T09:09:14+08:00",
"RecentModifyTime": "2024-10-30T09:09:14+08:00",
"RelateEvent": {
"Description": "user1 logs in to the system"
"EventID": "event-1232412",
"RelatedCount": 3
},
"Rule": "system1",
"StartupUser": "root",
"UserGroup": "admin",
"VirusFileTags": "APT",
"VirusName": "virus1"
},
"ID": "alert-a18d7e42",
"Key": "main.1241.net#ins-1421",
"Level": 5,
"LogSearch": "id:alert-a18d7e42",
"LogType": "2_3",
"Name": "Access malicious address or domain name"
"NickName": "nickname",
"ProcessType": "BlockCallbackAddress,IsolateAsset",
"RemediationSuggestion": "Enable cloud firewall-NAT edge firewall to block malicious outgoing requests, and go to host security for in-depth security detection"
"RiskInvestigation": "none",
"RiskTreatment": "none",
"Source": "CWP",
"Status": 0,
"SubType": "MaliciousRequest",
"Type": "ActiveOutbound",
"Uin": "18342",
"UpdateTime": "2024-10-30T09:10:55+08:00",
"UrgentSuggestion": "Block callback address"
"Victim": {
"Account": "12742",
"Address": "1.4.42.2 | 10.0.0.2",
"AssetType": 1,
"City": "Shanghai",
"ContainerID": "ins-218742",
"ContainerName": "container1",
"Country": "China",
"Domain": "www.domain.com",
"Family": "malware",
"FileName": "wodex.exe",
"HostIP": "10.0.0.2",
"IP": "1.4.42.2",
"Info": "mail",
"InstanceID": "ins-218742",
"Latitude": "27.1",
"Longitude": "12.9",
"MD5": "d41d8cd98f00b204e9800998ecf8427e",
"Name": "name1",
"OriginIP": "1.4.42.2",
"Port": 824,
"Province": "Guangdong",
"VirusName": "virus1"
}
}
],
"AlertTypeCount": [
{
"Count": 66,
"Name": "SuspectIntrusion"
},
{
"Count": 220,
"Name": "InfoGathering"
},
{
"Count": 94,
"Name": "ActiveOutbound"
},
{
"Count": 153,
"Name": "ScanDetect"
},
{
"Count": 58,
"Name": "HostAbnormality"
},
{
"Count": 4,
"Name": "ContainerAbnormality"
},
{
"Count": 9085,
"Name": "AttackAttempts"
}
],
"RequestId": "123242123-d199-4c1c-9229-5731e460b8b6",
"ReturnCode": 0,
"ReturnMsg": "success",
"TotalCount": 9680
}
}
TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.
There is no error code related to the API business logic. For other error codes, please see Common Error Codes.
文档反馈