tencent cloud

云安全中心

文档云安全中心API 文档Data Types

Data Types

下载
聚焦模式
字号
最后更新时间: 2026-06-18 18:04:51

AIAgentAsset

Ai Agent Asset Information List Item

Used by actions: DescribeAIAgentAssetList.

Name Type Description
ID String

ID identifier
AgentName String

agent name
AgentModel Array of String

agent model name usage
InstanceID String

Instance ID
InstanceName String

Instance name
MetadataRiskList Array of String

metadata risk list. Has the following enumeration values: 1. AK_TMP 2. USER_DATA
IdentityTimeFirst Timestamp ISO8601

First detection time
IdentityTimeLast Timestamp ISO8601

Latest detected time
IdentityMethod String

Detect method. Has the following enumeration values: 1. FINGER Detect via asset fingerprinting 2. NETWORK Detect via network access mode
ExposureStatus String

Exposure status. Has the following enumeration values. 1. EXPOSED; 2. UNEXPOSED;

  1. UNKNOWN;
MetadataRiskURL String

Corresponding path when metadata is at risk
SkillState SkillState

None
TrafficPluginState TrafficPluginState

Traffic sandbox plug-in status
TrafficRuleState Array of TrafficRuleState

Sandbox rule status for traffic
CommandPluginState CommandPluginState

Command sandbox plug-in status

AKInfo

AK brief information.

Used by actions: DescribeAccessKeyRisk, DescribeAccessKeyRiskDetail, DescribeSourceIPAsset.

Name Type Description
ID Integer ak id.
Name String ak specific value. returns temporary key when temporary key is used.
User String Associated account.
Remark String Remarks

AccessCredentialOutput

Normal key credential (dedicated for output parameters), used for the response of the query details api. The Value field returns a masked value without exposing plaintext.

Used by actions: DescribeKeySandboxCredential.

Name Type Description
Key String Credential key name (original), such as SecretId, SecretKey, Token
Value String Credential key-value (masked)
Supplementary description: Reserve the first 3 and last 4 digits, replace the middle with *; replace all with * if the length is less than 7.

AccessKeyAlarm

Access key Alarm record.

Used by actions: DescribeAccessKeyAlarm, DescribeAccessKeyAlarmDetail.

Name Type Description
Name String

Alarm name
Level Integer

Alarm level
0-Unavailable 1-Notification 2-Low risk 3-Medium risk 4-High risk 5-Critical
ID Integer

Alarm record ID
AlarmRuleID Integer

Alarm rule ID
AlarmType Integer

Alarm type
0 Abnormal call
1 Leak monitoring
AccessKey String

Access key
AccessKeyID Integer

Access Key ID
AccessKeyRemark String

Access key remark
LastAlarmTime String

Last alarm time
Status Integer

Alarm status
0-unprocessed 1-processed 2-ignored
Date String

Aggregate date
Tag Array of String

Alarm tag
Uin String

Uin of the main account
Nickname String

Nickname of the main account
SubUin String

Sub-account Uin
SubNickname String

Sub-account nickname
Type Integer

Account type
0 Root account AK 1 Sub-account AK 2 Temporary key
AppID Integer

App ID
LeakEvidence Array of String

Leakage evidence
IsSupportEditWhiteAccount Boolean

Whether support editing trust account
Evidence String

Alert evidence
RuleKey String

Alarm rule flag
CloudType Integer

Cloud vendor type 0:Tencent Cloud 1:Amazon Web Services 2:Microsoft Azure 3:Google Cloud 4:Alibaba Cloud 5:Huawei Cloud
AIStatus Integer

Alarm AI analysis status
-1 Analysis failed
0 Not analyzed
1 Under analysis
2 Analysis successful, real alarm
3 Analysis successful, suspicious alarm
FirstAlarmTimestamp Integer

First alarm timestamp (in seconds)
LastAlarmTimestamp Integer

Last alarm timestamp (in seconds)
AIFailedReason String

AI analysis failure description. Empty string if not failed.

AccessKeyAlarmCount

Alarm count for access key.

Used by actions: DescribeAccessKeyRiskDetail.

Name Type Description
ID Integer Access key ID.
AccessKey String Access key.
AlarmCount Integer Alarm count.
AccessKeyStatus Integer Security credentials status. valid values: 0 (disabled), 1 (enabled), 2 (deleted).
AccessKeyCreateTime String AK creation time.
LastAccessTime String AK last usage time. returns "-" if never used.

AccessKeyAlarmInfo

Access key asset Alarm information.

Used by actions: DescribeAccessKeyAsset, DescribeAccessKeyUserDetail, DescribeAccessKeyUserList, DescribeSourceIPAsset.

Name Type Description
Type Integer Alarm type/risktype.
Alarm type:.
Abnormal calls.
Leakage detection.
2 custom.

Risk type:.
Configuration risk.
Custom risk.
Count Integer Alarm count/number of risks.

AccessKeyAsset

Access key asset information.

Used by actions: DescribeAccessKeyAsset.

Name Type Description
ID Integer AK id.
Name String AK name.
Remark String Remarks
AppID Integer Account associate APPID.
Uin String Account associate Uin belonging to main account.
Nickname String Nickname of the main account.
SubUin String Sub-Account Uin belonging to.
SubNickname String Sub-Account nickname.
Type Integer Root account AK.
Sub-Account AK.
2 temporary key.
Advice Integer Security advice enumeration.
Normal.
Process now.
2 recommend reinforcement.
AccessKeyAlarmList Array of AccessKeyAlarmInfo Alarm information list.
AccessKeyRiskList Array of AccessKeyAlarmInfo Risk information list.
IPCount Integer Source IP quantity.
CreateTime String Creation time.
LastAccessTime String Last access Time
Status Integer AK status.
0: disabled.
1: enabled.
2: deleted (deleted in cam, the security center still retains the previous log).
CheckStatus Integer 0 means detected.
1 indicates detecting.
CloudType Integer Cloud vendor type 0: tencent cloud 1: amazon web services 2: microsoft azure 3: google cloud 4: alibaba cloud 5: huawei cloud.

AccessKeyRisk

Access key risk record.

Used by actions: DescribeAccessKeyRisk, DescribeAccessKeyRiskDetail.

Name Type Description
Name String Risk name.
Level Integer Risk level.
0 - unavailable 1 - Note 2 - low risk 3 - medium risk 4 - high risk 5 - critical.
ID Integer Risk record ID.
RiskRuleID Integer Risk rule ID.
RiskType Integer Risk type.
Configuration risk.
AccessKey String Access key.
AccessKeyID Integer Access key ID.
AccessKeyRemark String Access key remark.
RiskTime String Detection time of risk.
Status Integer Risk status.
0 - unprocessed 2 - ignored 3 - converged.
Tag Array of String Risk Tag.
Evidence String Risk evidence.
Description String Risk description.
Uin String Account associate Uin belonging to main account.
Nickname String Nickname of the main account.
SubUin String Sub-Account Uin belonging to.
SubNickname String Sub-Account nickname.
Type Integer Account type.
0 root account AK 1 sub-account AK.
2 temporary key.
CheckStatus Integer Detection status.
0: detected.
1 indicates detecting.
AppID Integer App ID
QueryParam String Query parameter corresponding to the risk.
CloudType Integer Cloud type 0 for tencent cloud 4 for alibaba cloud.
RelatedAK Array of AKInfo Related AK list, including AK name and remark.

AccessKeyUser

Access key account information.

Used by actions: DescribeAccessKeyUserDetail, DescribeAccessKeyUserList.

Name Type Description
ID Integer Account ID.
Name String Account name
Type Integer 0 root account 1 sub-account.
AccessType Integer Access method.
0 API
1 console and API.
Advice Integer Security recommendation enumerate 0 normal 1 process immediately 2 recommend reinforcement.
AccessKeyAlarmList Array of AccessKeyAlarmInfo Alarm information list.
AccessKeyRiskList Array of AccessKeyAlarmInfo Risk information list.
AppID Integer Account associate APPID.
Nickname String Nickname of the main account.
SubNickname String Sub-Account nickname.
Uin String Account Uin belonging to main account.
SubUin String Account self uin, same as root account uin when it is the root account.
LoginIP String Login IP.
LoginLocation String Login address.
LoginTime String Log-In time.
ISP String ISP name
ActionFlag Integer Whether operation protection is enabled.
0 not enabled.
1: enabled.
LoginFlag Integer Is login protection enabled?.
0 not enabled.
1: enabled.
CheckStatus Integer 0 means detected. 1 means detecting.
CloudType Integer Cloud vendor type 0: tencent cloud 1: amazon web services 2: microsoft azure 3: google cloud 4: alibaba cloud 5: huawei cloud.

AlertExtraInfo

Alarm Dropdown Fields

Used by actions: DescribeAlertList.

Name Type Required Description
RelateEvent RelatedEvent No Related attack events
LeakContent String No Leaked content
LeakAPI String No Leak API
SecretID String No secretID
Rule String No hit rule
RuleDesc String No Rule description
ProtocolPort String No Protocol port
AttackContent String No Attack content
AttackIPProfile String No Attack IP profiling
AttackIPTags String No Attack IP tag
RequestMethod String No Request method
HttpLog String No HTTP log
AttackDomain String No Attacked domain name
FilePath String No File path
UserAgent String No user_agent
RequestHeaders String No Request headers
LoginUserName String No Login username
VulnerabilityName String No Vulnerability name
CVE String No Public vulnerability and exposure
ServiceProcess String No Service process
FileName String No Filename
FileSize String No File size
FileMD5 String No File MD5
FileLastAccessTime String No Last access time of the file
FileModifyTime String No file modification time
RecentAccessTime String No Last access Time
RecentModifyTime String No Last modification time
VirusName String No Virus name
VirusFileTags String No Virus file tag
BehavioralCharacteristics String No behavioral characteristics
ProcessNamePID String No process name (PID)
ProcessPath String No Process path
ProcessCommandLine String No Command line of the process
ProcessPermissions String No Process permission
ExecutedCommand String No Execute commands
AffectedFileName String No Affected Filename
DecoyPath String No bait path
MaliciousProcessFileSize String No Malicious process file size
MaliciousProcessFileMD5 String No Malicious process file MD5
MaliciousProcessNamePID String No Malicious process name (PID)
MaliciousProcessPath String No Malicious process path
MaliciousProcessStartTime String No malicious process start time
CommandContent String No command content
StartupUser String No Startup user
UserGroup String No User group
NewPermissions String No Add new permission
ParentProcess String No Parent process
ClassName String No Class name
ClassLoader String No class loader
ClassFileSize String No File size
ClassFileMD5 String No Class file MD5
ParentClassName String No Parent class name
InheritedInterface String No inherit an API
Comment String No Annotation
PayloadContent String No payload content
CallbackAddressPortrait String No Callback address profile
CallbackAddressTag String No Callback address tag
ProcessMD5 String No Process MD5
FilePermission String No File permission
FromLogAnalysisData Array of KeyValue No Information field from log analysis
HitProbe String No probe hit
HitHoneyPot String No hit honeypot
CommandList String No command list
AttackEventDesc String No Attack event description
ProcessInfo String No Process information
UserNameAndPwd String No Login username & password
StrategyID String No Host protection policy ID
StrategyName String No Host protection policy name
HitStrategy String No Host protection hit policy is a combination of policy ID and Policy Name
ProcessName String No Process name
PID String No PID
PodName String No Container Pod name
PodID String No Container Pod ID
Response String No Http response
SystemCall String No system call
Verb String No Operation type
LogID String No Log ID.
Different String No Change content
EventType String No Event type
Description String No Event description
TargetAddress String No Destination address (container reverse shell)
MaliciousRequestDomain String No Malicious request domain name (container malicious outbound connection)
RuleType String No Rule Type (Container K8sAPI Exception Request)
RequestURI String No Requested Resource (Container K8sAPI Exception Request)
RequestUser String No Request Initiating User (Container K8sAPI Exception Request)
RequestObject String No Request Object (Container K8sAPI Exception Request)
ResponseObject String No Response object (container K8sAPI exception request)
FileType String No File type (Container file tamper)
TIType String No Tag feature (malicious outbound connection of container)
SourceIP String No Source IP Address (Container K8sAPI Exception Request)

AlertInfo

Full Alarm List Data from Alarm Center

Used by actions: DescribeAlertList.

Name Type Required Description
ID String No alarm ID
Name String No alarm name
Source String No Alarm source
CFW: Cloud Firewall
WAF: Web application firewall
CWP: Host Security
CSIP: Cloud Security Center
Level Integer No alarm level
Prompt.
2: Low risk
3: Medium risk
4: High risk
5: Critical
Attacker RoleInfo No attacker
Victim RoleInfo No victim
EvidenceData String No Evidence data (such as attack content, base64 encoded)
EvidenceLocation String No evidence location (for example protocol port)
EvidencePath String No Evidence Path
CreateTime String No Initial alarm time
UpdateTime String No Latest Alarm Time
Count Integer No Alarm count
UrgentSuggestion String No Emergency Mitigation Suggestions
RemediationSuggestion String No Radical Treatment Suggestion
Status Integer No Processing status
0: unprocessed, 1: ignored, 2: processed
ProcessType String No Alarm Handling Type
Type String No Major Category of Alarm
SubType String No Alarm Subcategory
ExtraInfo AlertExtraInfo No Dropdown Field
Key String No Aggregate Fields
Date String No Alarm Date
AppID String No appid
NickName String No Account name
Uin String No account ID
Action Integer No Behavior
RiskInvestigation String No risk detection
RiskTreatment String No Risk handling
LogType String No log type
LogSearch String No Statement retrieval

AssetBaseInfoResponse

Details of server assets

Used by actions: DescribeCVMAssetInfo.

Name Type Description
VpcId String vpc-id
VpcName String vpc-name
AssetName String Asset name
Os String Operating system.
PublicIp String Public IP address
PrivateIp String Private IP address
Region String Region.
AssetType String Asset type
AssetId String Asset ID
AccountNum Integer Number of accounts
PortNum Integer Number of Ports
ProcessNum Integer Process quantity
SoftApplicationNum Integer Number of Software Applications
DatabaseNum Integer Database Count
WebApplicationNum Integer Number of Web Applications
ServiceNum Integer Number of services
WebFrameworkNum Integer Web Framework Count
WebSiteNum Integer Website Count
JarPackageNum Integer Jar Package Count
StartServiceNum Integer Started Service Count
ScheduledTaskNum Integer Number of Scheduled Tasks
EnvironmentVariableNum Integer Number of Environment Variables
KernelModuleNum Integer Number of Kernel Modules
SystemInstallationPackageNum Integer System Installation Package Count
SurplusProtectDay Integer remaining protection duration
CWPStatus Integer Whether client is installed. 1 for Installed, 0 for Not Installed.
Tag Array of Tag Tag.
ProtectLevel String Protection level
ProtectedDay Integer protection duration

AssetCluster

This example shows you how to obtain the cluster list.

Cluster protection status. enumerate on the left. display on the right.
Cluster protection status.
Not connected.
Unprotected.
2: partial protection.
3: under protection.
4: access exception.
5: accessing.
6: uninstalling.
7: uninstallation exception.

Used by actions: DescribeClusterAssets.

Name Type Description
AppId Integer Tenant ID
Uin String Tenant uin.
Nick String Tenant Nickname
Region String Region.
AssetId String Cluster ID.
AssetName String Cluster name.
AssetType String Cluster type.
InstanceCreateTime String Cluster Creation Time
Status String Status.
ProtectStatus Integer Cluster protection status, enumerate on the left, display on the right.
Protection status of the cluster.
0: not connected.
Unprotected.
2: partial protection.
3: under protection.
4: access exception.
5: accessing.
Uninstalling.
7: uninstallation exception.
ProtectInfo String Access information, being empty indicates no access exception info.
VpcId String VPC id.
VpcName String VPC name.
KubernetesVersion String kubernetes version.
Component String Runtime component.
ComponentVersion String Runtime component version.
ComponentStatus String Component status.
CheckTime String Health Checkup Time
MachineCount Integer Associated hosts.
PodCount Integer Associated Pod Count
ServiceCount Integer Associated Service Count
VulRisk Integer Vulnerability risk.
CFGRisk Integer Configuration risk.
CheckCount Integer Health Checkup Count
IsCore Integer Whether it is core. 1: Core; 2: Non-core.
IsNewAsset Integer New Asset or Not. 1: New
CloudType Integer Cloud asset type: 0: tencent cloud, 1: aws, 2: azure.

AssetClusterPod

This example shows you how to list the list of cluster pods.

Used by actions: DescribeClusterPodAssets.

Name Type Description
AppId Integer Tenant ID
Uin String Tenant UIN
Nick String Tenant name
Region String Region.
AssetId String Pod ID
AssetName String Pod name
InstanceCreateTime String Pod Creation Time
Namespace String Namespace
Status String Status.
ClusterId String Cluster ID.
ClusterName String Cluster name.
MachineId String Host ID
MachineName String host name
PodIp String pod ip
ServiceCount Integer Associated Service Count
ContainerCount Integer Associated container number
PublicIp String Public IP address
PrivateIp String Private IP address
IsCore Integer Whether it is core. 1: Core; 2: Non-core.
IsNewAsset Integer New Asset or Not. 1: New

AssetInfoDetail

Details of asset scan result

Used by actions: DescribeSearchBugInfo.

Name Type Description
AppID String User appid.
CVEId String CVE id
IsScan Integer Scan Status. 0-Not Scanned by Default; 1-Scanning; 2-Scan Completed; 3-Scan Error.
InfluenceAsset Integer Number of Affected Assets
NotRepairAsset Integer Number of Unfixed Assets
NotProtectAsset Integer Unprotected Asset Count
TaskId String Task ID.
TaskPercent Integer Task Percentage
TaskTime Integer Task Time
ScanTime String Scan time

AssetInstanceTypeMap

Mapping of asset type and instance type.

Used by actions: DescribeCVMAssets.

Name Type Description
Text String Asset type.
Value String Asset type.
InstanceTypeList Array of FilterDataObject Mapping of asset type and instance type.

AssetProcessItem

Host process content.

Used by actions: DescribeAssetProcessList.

Name Type Description
CloudAccountID String Cloud account ID.
InstanceName String Instance name
AppID Integer Tenant ID.
CloudAccountName String Account name.
InstanceID String Instance ID.
PublicIp String Public IP address
PrivateIp String Private IP address
ProcessID String Process ID
ProcessName String Process name
CmdLine String Command line
Port String Listening port list.

AssetRiskItem

Risk information from asset perspective

Used by actions: DescribeAssetRiskList.

Name Type Description
AppId Integer

Tenant ID
Provider String

Cloud vendor
ProviderName String

Cloud vendor name
CloudAccountName String

Cloud account name
CloudAccountId String

Cloud Account ID
InstanceName String

Instance name
InstanceId String

Instance ID.
CreateTime String

First discovery time
UpdateTime String

Update time.
RiskStatus Integer

Risk status
RiskTitle String

Risk name
CheckType String

Check type
Severity String

Risk level
RiskRuleId String

Risk rule ID
Classify String

Disposal categorization
StandardTerms Array of StandardTerm

Cybersecurity classified protection compliance
AssetType String

Asset type
AssetTypeIconURL String

Asset type icon
AssetTypeName String

Asset type

AssetTag

Asset tags

Used by actions: CreateDomainAndIp, CreateRiskCenterScanTask, DeleteDomainAndIp, DescribeAssetViewVulRiskList, DescribeDomainAssets, DescribePublicIpAssets, DescribeRiskCenterAssetViewCFGRiskList, DescribeRiskCenterAssetViewPortRiskList, DescribeRiskCenterAssetViewVULRiskList, DescribeRiskCenterAssetViewWeakPasswordRiskList, DescribeRiskCenterPortViewPortRiskList, DescribeRiskCenterServerRiskList, DescribeRiskCenterVULViewVULRiskList, DescribeRiskCenterWebsiteRiskList, DescribeVulViewVulRiskList.

Name Type Required Description
TagKey String No Tag Key, can be letters, digits, and underscores.
TagValue String No Tag Value, can be letters, digits, and underscores.

AssetViewCFGRisk

Details of a configuration risk

Used by actions: DescribeRiskCenterAssetViewCFGRiskList.

Name Type Description
Id String The unique ID.
CFGName String Configuration name
CheckType String Check type
InstanceId String Instance ID
InstanceName String Instance name
InstanceType String Instance type
AffectAsset String Affected assets
Level String Risk level, low - low risk, high - high risk, middle - medium risk, info - notification, extreme - critical.
FirstTime String First detected
RecentTime String Last detected
From String Source of the task
Status Integer Status
CFGSTD String relevant standards
CFGDescribe String Configuration details.
CFGFix String Fix suggestion
CFGHelpURL String URL of the help documentation
Index String Data entry key
AppId String User AppId
Nick String User Nickname
Uin String User UIN
ClbId String When the asset type is LBL, show this field to locate the specific LB.

AssetViewPortRisk

Port risk details

Used by actions: DescribeRiskCenterAssetViewPortRiskList.

Name Type Description
Port Integer Port
AffectAsset String Affected assets
Level String Risk level, low - low risk, high - high risk, middle - medium risk, info - notification, extreme - critical.
InstanceType String Asset type
Protocol String Network protocol
Component String Components
Service String Service
RecentTime String Last detected
FirstTime String First detected
Suggestion Integer Suggested action. 0: Keep as it is; 1: Block access requests; 2: Block the port
Status Integer Status, 0 unprocessed, 1 processed, 2 ignored, 3 defended by cloud protection
Id String Risk ID
Index String Frontend index
InstanceId String Instance ID
InstanceName String Instance name
AppId String User appid
Nick String User Nickname
Uin String User UIN
From String Recognition Source. See Enumeration Return for details.
ServiceJudge String Service judgment, high-risk service, web service, other service
XspmStatus Integer Status, 0 unprocessed, 1 processed, 2 ignored, 3 defended by cloud protection, 4 no action is required

AssetViewVULRisk

Details of a vulnerability

Used by actions: DescribeRiskCenterAssetViewVULRiskList.

Name Type Description
AffectAsset String Affected assets
Level String Risk level: low - low risk, high - high risk, middle - medium risk, info - note, extreme - critical.
InstanceType String Asset type
Component String Components
Service String Service
RecentTime String Last detected
FirstTime String First detected
Status Integer Status of the risk. 0: Not handled, 1: Handled; 2: Ignored
Id String Risk ID
Index String Frontend index
InstanceId String Instance ID
InstanceName String Instance name
AppId String User appid
Nick String User Nickname
Uin String User UIN
VULType String Vulnerability type
Port String Port
Describe String Vulnerability description
AppName String Vulnerability impact component.
References String Technology reference.
AppVersion String Vulnerability impact version.
VULURL String Risks.
VULName String Vulnerability name
CVE String CVE number
Fix String Fixing solution
POCId String POC ID
From String Scan Source
CWPVersion Integer CWPP edition
IsSupportRepair Boolean Whether it can be fixed
IsSupportDetect Boolean Whether it can be detected
InstanceUUID String Instance UUID
Payload String Payload
EMGCVulType Integer Emergency Vulnerability Type. 1-Emergency Vulnerability; 0-Non-emergency Vulnerability.

AssetViewVULRiskData

Vulnerability Risk Objects from Asset's Perspective

Used by actions: DescribeAssetViewVulRiskList.

Name Type Description
AffectAsset String Impact assets.
Level String Risk level: low - low risk, high - high risk, middle - medium risk, info - note, extreme - serious.
InstanceType String Asset type.
Component String Component.
RecentTime String Latest Recognition Time
FirstTime String First Recognition Time
Status Integer Status, 0 unprocessed, 1 tagged, 2 ignored, 3 processed, 4 under disposal, 5 detecting, 6 partially processed.
RiskId String Risk ID
InstanceId String Instance ID.
InstanceName String Instance name.
AppId String User appid.
Nick String User Nickname
Uin String User UIN
VULType String Vulnerability type.
Port String Port.
AppName String Vulnerability impact component.
AppVersion String Vulnerability impact version.
VULURL String Risks.
VULName String Vulnerability name
CVE String cve
POCId String pocid
From String Scan Source
CWPVersion Integer Host version.
InstanceUUID String Instance UUID
Payload String Payload
EMGCVulType Integer Emergency Vulnerability Type. 1-Emergency Vulnerability; 0-Non-emergency Vulnerability.
CVSS Float CVSS score
Index String Frontend index id.
PCMGRId String pcmgrId
LogId String Report ID
TaskId String Task ID.
VulTag Array of String Vulnerability Tag.
DisclosureTime String Vulnerability disclosure time.
AttackHeat Integer Attack intensity.
IsSuggest Integer Whether the vulnerability is mandatory. 1 for yes, 0 for no.
HandleTaskId String Disposal task ID.
EngineSource String Engine source.
VulRiskId String New vulnerability risk id (same as RiskId in the network-wide vulnerabilities table).
TvdID String New version vulnerability id.
IsOneClick Integer Is it possible to perform a one-click physical examination, 1 - yes, 0 - not allowed.
IsPOC Integer Whether to perform a POC scan. valid values: 0 (not a POC), 1 (POC).

AssetViewWeakPassRisk

Details of a weak password risk

Used by actions: DescribeRiskCenterAssetViewWeakPasswordRiskList.

Name Type Description
AffectAsset String Affected assets
Level String Risk level: low - low risk, high - high risk, middle - medium risk, info - notification, extreme - critical.
InstanceType String Asset type
Component String Components
Service String Service
RecentTime String Last detected
FirstTime String First detected
Status Integer Status of the risk. 0: Not handled, 1: Handled; 2: Ignored
Id String ID, handle risk usage
Index String Frontend index
InstanceId String Instance ID
InstanceName String Instance name
AppId String User AppId
Nick String User Nickname
Uin String User UIN
PasswordType String Weak password type
From String Source of the task
VULType String Vulnerability type
VULURL String Vulnerability URL
Fix String Fix suggestion
Payload String proof
Port Integer Port.

AttributeOptionSet

Common dropdown box list

Used by actions: DescribeAssetRiskList, DescribeCheckViewRisks, DescribeConfigCheckRules, DescribeRiskRules.

Name Type Description
Text String cvm instance type
Value String CVM instance name.

BugInfoDetail

Vulnerability details

Used by actions: DescribeSearchBugInfo.

Name Type Description
Id Integer Vulnerability ID
PatchId String PocId Corresponding to Vulnerability
VULName String Vulnerability name
Level String Vulnerability Severity: High, Middle, Low, Info.
CVSSScore String CVSS Score
CVEId String CVE ID
Tag String Vulnerability tag
VULCategory Integer Vulnerability Type. 1: Web Application; 2: System Component Vulnerabilities; 3: Configuration Risk.
ImpactOs String Vulnerability Affected System
ImpactCOMPENT String Affected component
ImpactVersion String Vulnerability Affected Version
Reference String Link
VULDescribe String Vulnerability description
Fix String Fixing suggestion
ProSupport Integer Product Support Status, returned in real time.
IsPublish Integer Published or Not. 0 for No, 1 for Yes.
ReleaseTime String Release time.
CreateTime String Creation time.
UpdateTime String Update time
SubCategory String Vulnerability Subcategory

CFGViewCFGRisk

Configuration Risk Objects from Configuration's Perspective

Used by actions: DescribeRiskCenterCFGViewCFGRiskList.

Name Type Description
NoHandleCount Integer Impact assets.
Level String Risk level: low - low risk, high - high risk, middle - medium risk, info - note, extreme - critical.
RecentTime String Latest Recognition Time
FirstTime String First Recognition Time
AffectAssetCount Integer Status. 0-Unprocessed; 1-Disposed; 2-Ignored.
Id String Unique ID of Asset
From String Asset Subtype
Index String Front-end Index
AppId String User appid.
Nick String User Nickname
Note: This field may return null, indicating that no valid values can be obtained.
Uin String User UIN
Note: This field may return null, indicating that no valid values can be obtained.
CFGName String Configuration name.
Note: This field may return null, indicating that no valid values can be obtained.
CheckType String Check type.
Note: This field may return null, indicating that no valid values can be obtained.
CFGSTD String -
Note: This field may return null, indicating that no valid values can be obtained.
CFGDescribe String Description
Note: This field may return null, indicating that no valid values can be obtained.
CFGFix String Fixing suggestion
Note: This field may return null, indicating that no valid values can be obtained.
CFGHelpURL String Help documentation.
Note: This field may return null, indicating that no valid values can be obtained.

CICDToken

CI/CD access token.

Used by actions: DescribeIaCTokenList.

Name Type Required Description
Id Integer No

ID
AppId Integer No

appid
Name String No

CI/CD name
Token String No

Token for integration
Period Integer No

Scanning result storage duration
FileCnt Integer No

Scanned file
LastScanStatus String No

Latest scan status
LastScanTime String No

Last scan time.

CVMAssetVO

Host Asset Information

Enumerate host protection status. left is a constant, right side displays.
0: not installed.
Basic edition protection.
2: inclusive edition protection.
3: protection by pro edition.
4: flagship protection.
5: offline.
6: shut down.

Used by actions: DescribeCVMAssets.

Name Type Required Description
AssetId String No Asset ID
AssetName String No Asset name.
AssetType String No Asset type.
Region String No Region.
CWPStatus Integer No Protection status
AssetCreateTime String No Asset creation time.
PublicIp String No Public IP address
PrivateIp String No Private IP.
VpcId String No vpc id
VpcName String No VPC Name
AppId Integer No App ID information
Uin String No User UIN
NickName String No Nickname.
AvailableArea String No Availability zone
IsCore Integer No Core or Not
SubnetId String No Subnet ID
SubnetName String No Subnet Name
InstanceUuid String No CWP Agent UUID.
InstanceQUuid String No CVM host UUID.
OsName String No OS Name
PartitionCount Integer No Partition
CPUInfo String No CPU Information
CPUSize Integer No CPU Size
CPULoad String No CPU Load
MemorySize String No Memory size.
MemoryLoad String No Memory Load
DiskSize String No Hard disk size.
DiskLoad String No Hard Disk Load
AccountCount String No Number of Accounts
ProcessCount String No Number of Processes
AppCount String No Software application.
PortCount Integer No Listening port
Attack Integer No Network attack.
Access Integer No Network access.
Intercept Integer No Network Interception
InBandwidth String No Inbound peak bandwidth.
OutBandwidth String No Outbound peak bandwidth.
InFlow String No Total inbound traffic.
OutFlow String No Outbound cumulative traffic.
LastScanTime String No Last scan time
NetWorkOut Integer No Malicious outgoing request.
PortRisk Integer No Port risk.
VulnerabilityRisk Integer No Vulnerability risk.
ConfigurationRisk Integer No Configuration risk.
ScanTask Integer No Scan Task Count
Tag Array of Tag No Tag.
MemberId String No memberId
Os String No Full OS Name
RiskExposure Integer No Risk service exposure.
BASAgentStatus Integer No Simulated Attack Tool Status. 0 indicates not installed. 1 indicates installed. 2 indicates offline.
IsNewAsset Integer No 1-New Asset; 0-Not a New Asset
CVMAgentStatus Integer No 0: not installed; 1: install; 2: installing.
CVMStatus Integer No 1: enable 0: not enabled.
DefenseModel Integer No 1: client installed 0: not installed 2: Agentless.
TatStatus Integer No 1: installed 0: not installed.
CpuTrend Array of Element No cpu trend chart.
MemoryTrend Array of Element No Memory trend chart.
AgentStatus Integer No 1: agent online 0: agent offline 2: host offline.
CloseDefenseCount Integer No Number of shutdowns this month.
InstanceState String No Running state.
SecurityGroupIds Array of String No Security group data.
AgentMemRss Integer No Physical memory occupied KB.
AgentCpuPer Float No CPU utilization percentage.
RealAppid Integer No Actual appid belonging to cvm.
CloudType Integer No Cloud asset type: 0: tencent cloud, 1: aws, 2: azure.
ProtectStatus Integer No Host protection status enumeration.
0: not installed.
Basic edition protection.
2: inclusive edition protection.
3: protection by pro edition.
4: ultimate edition protection.
5: offline.
6: shutdown.
OfflineTime String No Last offline time.

CallRecord

Record details.

Used by actions: DescribeAbnormalCallRecord, DescribeCallRecord.

Name Type Description
CallID String Invocation record ID.
AccessKey String Access key.
AccessKeyRemark String Access key remark.
AccessKeyID Integer Access key ID.
SourceIP String Source IP of the call.
SourceIPRemark String Source IP of the call remark.
Region String Source IP region of the call.
IPType Integer IP type 0: within the account (unremarked) 1: outside the account (unremarked) 2: within the account (remarked) 3: outside the account (remarked).
EventName String Call interface name.
ProductName String Call the product name.
EventType Integer Invocation type.
0: console invocation.
1:API
UserType String Type of user: CAMUser/root/AssumedRole.
UserName String User/Role name.
PolicySet Array of String Policy List
CallCount Integer Number of calls.
Code Integer Error code.
0: Successful
FirstCallTime String First time call time.
LastCallTime String Call time.
InstanceID String IP associated asset ID. if an empty string, means not associated with.
InstanceName String Associated asset name of the IP.
Date String Aggregate date.
AppID Integer appid
ShowStatus Boolean Display status.
ISP String Carrier.
VpcInfo Array of SourceIPVpcInfo vpc information list outside the account.
ReqClient Array of String Request client list.

CheckViewRiskItem

Check item perspective risk

Used by actions: DescribeCheckViewRisks.

Name Type Description
RiskRuleId String

Check item rule ID
RiskTitle String

Risk name
CheckType String

Check type
Severity String

Risk level
RiskDesc String

1 risk item exists
CreateTime String

First discovery time
UpdateTime String

Risk update time
Provider String

Cloud vendor
RiskStatus Integer

Risk status
AssetCount Integer

Number of affected assets
RiskCount Integer

Number of risks
AssetType String

Asset type
EventType String

Event type
Classify String

Disposal categorization
StandardTerms Array of StandardTerm

cspm standard clauses
AssetTypeIconURL String

Asset type icon

ClbListenerListInfo

CLB instance and listener information

Used by actions: DescribeListenerList.

Name Type Description
ListenerId String Listener ID
ListenerName String listener name
LoadBalancerId String CLB Id
LoadBalancerName String CLB name
Protocol String Protocol
Region String Region.
Vip String Load balancing ip
VPort Integer Port.
Zone String Region.
NumericalVpcId Integer VPC id
LoadBalancerType String CLB Type
Domain String Listener Domain Name
LoadBalancerDomain String CLB domain name

CloudCountDesc

Multi-Cloud Account Statistics

Used by actions: DescribeOrganizationInfo.

Name Type Description
CloudType Integer 0 means Tencent Cloud
1 indicates AWS
CloudCount Integer Account Quantity
CloudDesc String Description of The Cloud Account Type

CommandPluginState

AI Agent command sandbox plug-in status

Used by actions: DescribeAIAgentAssetList.

Name Type Description
InstallStatus String

Plug-in installation status (upper layer aggregation)
Enumeration value:
NONE: Not installed
INSTALLING: Installing
INSTALLED: Installed
INSTALL_FAIL: Installation failure

CredentialEffectScope

Effective machine range, used to specify which machines the credential takes effect on

Used by actions: DescribeKeySandboxCredential, DescribeKeySandboxCredentialList.

Name Type Required Description
Exclude Integer No Whether to exclude the mode
Enumeration values:
0: Inclusion mode (only takes effect on the Real Server in Instances). At this point, Instances is required.
1: Exclusion mode (Machines in Instances do not take effect, remaining machines take effect). At this point, Instances is selectable (Empty list means all machines take effect).
Instances Array of String No Machine instance ID list. Required when Exclude is 0, means only these machines can access the credential; Option when Exclude is 1, means these machines cannot access the credential (Empty list means all machines take effect).
Note: This field may return null, indicating that no valid values can be obtained.

CsipRiskCenterStatistics

Risk center risk overview statistics.

Used by actions: DescribeCSIPRiskStatistics.

Name Type Description
PortTotal Integer Total Number of Port Risks
PortHighLevel Integer High Port Risk Count
WeakPasswordTotal Integer Total number of weak password risks.
WeakPasswordHighLevel Integer High Weak Password Risk Count
WebsiteTotal Integer Website Risk Count
WebsiteHighLevel Integer Number of High Risks on Websites
LastScanTime String Time of the Latest Scan
VULTotal Integer Number of vulnerability risks.
VULHighLevel Integer Number of High-Risk Vulnerability Risks
CFGTotal Integer Number of Configuration Item Risks
CFGHighLevel Integer Number of High-Risk Configuration Item Risks
ServerTotal Integer Mapping Service Risk Count
Note: This field may return null, indicating that no valid values can be obtained.
ServerHighLevel Integer High Mapping Service Risk Count
Note: This field may return null, indicating that no valid values can be obtained.
HostBaseLineRiskTotal Integer Number of host baseline risks.
HostBaseLineRiskHighLevel Integer Number of high-risk risks.
PodBaseLineRiskTotal Integer Baseline risk count of the container.
PodBaseLineRiskHighLevel Integer Number of high-risk baseline risks in the container.

DBAssetVO

Details of a database asset

Used by actions: DescribeDbAssets, DescribeOtherCloudAssets.

Name Type Description
AssetId String Asset ID
AssetName String Asset name.
AssetType String Asset type.
VpcId String vpcid
VpcName String vpc Tag.
Region String Region.
Domain String Domain
AssetCreateTime String Asset creation time.
LastScanTime String Last scan time
ConfigurationRisk Integer Configuration risk.
Attack Integer Network attack.
Access Integer Network access.
ScanTask Integer Scan Task
AppId Integer User appid.
Uin String User UIN
NickName String Nickname Alias
Port Integer Port.
Tag Array of Tag Tag.
PrivateIp String Private IP address
PublicIp String Public IP address
Status Integer Status.
IsCore Integer Core or Not
IsNewAsset Integer New Asset or Not. 1: New

DataSearchBug

Vulnerability and asset information

Used by actions: DescribeSearchBugInfo.

Name Type Description
StateCode String Query status code
DataBug Array of BugInfoDetail Vulnerability details
DataAsset Array of AssetInfoDetail Vulnerability impact assets details
VSSScan Boolean True supports scanning. False does not support scanning.
CWPScan String 0-Not Supported; 1-Supported
CFWPatch String 1 indicates virtual patches supported, 0 or null indicates not supported.
WafPatch Integer 0-Not Supported; 1-Supported
CWPFix Integer 0-Not Supported; 1-Supported
DataSupport Array of ProductSupport Product Support Status
CveId String cveId

DbAssetInfo

Details of a database asset.

Used by actions: DescribeDbAssetInfo.

Name Type Description
CFWStatus Integer Cloud Defense Status
AssetId String Asset ID
VpcName String VPC information
AssetType String Asset type
PublicIp String Public IP address
PrivateIp String VPC IP
Region String Region.
VpcId String VPC information
AssetName String Asset name
CFWProtectLevel Integer Cloud Defense Protection Edition
Tag Array of Tag Tag Information

DomainAssetVO

Domain assets

Used by actions: DescribeDomainAssets.

Name Type Description
AssetId Array of String Asset ID
AssetName Array of String Asset Name
AssetType Array of String Asset type
Region Array of String Region.
WAFStatus Integer WAF Status
AssetCreateTime String Asset Creation Time
AppId Integer Appid
Uin String Account ID
NickName String Account name
IsCore Integer Core or Not
IsCloud Integer Whether it is on-cloud asset.
Attack Integer network attack
Access Integer Network access
Intercept Integer Network Interception
InBandwidth String Inbound peak bandwidth
OutBandwidth String Outbound peak bandwidth
InFlow String Cumulative Inbound Traffic
OutFlow String Cumulative Outbound Traffic
LastScanTime String Last scan time
PortRisk Integer port risk
VulnerabilityRisk Integer Vulnerability risk
ConfigurationRisk Integer Configuration risk
ScanTask Integer Scan Task
SubDomain String Domain
SeverIp Array of String Resolve IP
BotCount Integer Number of Bot Attacks
WeakPassword Integer Weak password risk
WebContentRisk Integer Content risk
Tag Array of Tag tag
SourceType String Associated instance type
MemberId String Member ID information
CCAttack Integer CC Attack
WebAttack Integer Web Attack
ServiceRisk Integer Number of Risk Service Exposures
IsNewAsset Integer New Asset or Not. 1: New
VerifyDomain String Random Layer-3 Domain of Assets to Be Recognized
VerifyTXTRecord String TXT Record Content of Pending Confirmation Assets
VerifyStatus Integer Authentication Status of Assets Pending Recognition. 0: Pending Authentication; 1: Authentication Succeeded; 2: Authentication in Progress; 3: TXT Authentication Failed; 4: Manual Authentication Failed.
BotAccessCount Integer Bot Access Count

Element

Statistics Entries

Used by actions: DescribeCVMAssets.

Name Type Required Description
Key String No Statistics type.
Value String No Statistics Object

ExposeAssetTypeItem

Exposed asset category.

Used by actions: DescribeExposeAssetCategory.

Name Type Description
Provider String Cloud service provider.
ProviderName String Vendor name.
AssetType String Asset type.
AssetTypeName String Asset type name.

ExposesItem

Exposed assets.

Used by actions: DescribeExposures.

Name Type Description
Provider String

Cloud vendor
CloudAccountName String

Cloud account name
CloudAccountId String

Cloud Account
Domain String

Domain name
Ip String

IP
Port String

Port or port range
Status String

Open
RiskType String

Risk type
AclType String

acl type
AclList String

acl list
AssetId String

Asset ID
InstanceName String

Instance name
AssetType String

Asset type
PortServiceCount Integer

Number of port services
HighRiskPortServiceCount Integer

Number of high-risk ports
WebAppCount Integer

Number of web applications
RiskWebAppCount Integer

Number of web applications at risk
WeakPasswordCount Integer

Number of weak passwords.
VulCount Integer

Vulnerability count
CreateTime String

First discovery time
UpdateTime String

Latest update time.
AssetTypeName String

Instance Type Name
DisplayStatus String

Open status
DisplayRiskType String

Port status
ScanTaskStatus String

Scan task status
Uuid String

uuid
HasScan String

Whether a security check has been performed
AppId Integer

Tenant ID
AppIdStr String

Tenant ID string
ExposureID Integer

Record ID
PortDetectCount Integer

Number of open ports
PortDetectResult String

Port exposure result
Tag String

Tag.
Comment String

Remark
ToGovernedRiskCount Integer

Number of risks to be governed
ToGovernedRiskContent String

Risk content to be governed
AssetTypeIconURL String

Type icon of asset
AssetTypeIconSolidURL String

Asset type 3D icon

Filter

Query filters

Used by actions: CreateIaCFileExportJob, DescribeAIAgentAssetList, DescribeAbnormalCallRecord, DescribeAccessKeyAlarm, DescribeAccessKeyAsset, DescribeAccessKeyRisk, DescribeAccessKeyUserList, DescribeAlertList, DescribeAssetViewVulRiskList, DescribeCSIPRiskStatistics, DescribeCVMAssets, DescribeCallRecord, DescribeClusterAssets, DescribeClusterPodAssets, DescribeDbAssets, DescribeDomainAssets, DescribeGatewayAssets, DescribeIaCFileList, DescribeIaCTokenList, DescribeKeySandboxCredentialList, DescribeListenerList, DescribeNICAssets, DescribeOrganizationUserInfo, DescribeOtherCloudAssets, DescribePublicIpAssets, DescribeRepositoryImageAssets, DescribeRiskCallRecord, DescribeRiskCenterAssetViewCFGRiskList, DescribeRiskCenterAssetViewPortRiskList, DescribeRiskCenterAssetViewVULRiskList, DescribeRiskCenterAssetViewWeakPasswordRiskList, DescribeRiskCenterCFGViewCFGRiskList, DescribeRiskCenterPortViewPortRiskList, DescribeRiskCenterServerRiskList, DescribeRiskCenterVULViewVULRiskList, DescribeRiskCenterWebsiteRiskList, DescribeScanReportList, DescribeScanTaskList, DescribeSourceIPAsset, DescribeSubUserInfo, DescribeSubnetAssets, DescribeTaskLogList, DescribeUebaRule, DescribeUserCallRecord, DescribeVULList, DescribeVULRiskAdvanceCFGList, DescribeVpcAssets, DescribeVulViewVulRiskList.

Name Type Required Description
Limit Integer No Max number of returned results
Offset Integer No Query offset
Order String No Sorting order. Values: asc (ascending), desc (descending).
By String No Specify the field used for sorting
Filters Array of WhereFilter No Filtered columns and content
StartTime String No Start time of the query period.
EndTime String No End time of the query period.

FilterDataObject

Filter condition

Used by actions: DescribeAssetViewVulRiskList, DescribeCVMAssets, DescribeClusterAssets, DescribeClusterPodAssets, DescribeDbAssets, DescribeDomainAssets, DescribeGatewayAssets, DescribeNICAssets, DescribeOrganizationUserInfo, DescribeOtherCloudAssets, DescribePublicIpAssets, DescribeRepositoryImageAssets, DescribeRiskCenterAssetViewCFGRiskList, DescribeRiskCenterAssetViewPortRiskList, DescribeRiskCenterAssetViewVULRiskList, DescribeRiskCenterAssetViewWeakPasswordRiskList, DescribeRiskCenterCFGViewCFGRiskList, DescribeRiskCenterPortViewPortRiskList, DescribeRiskCenterServerRiskList, DescribeRiskCenterVULViewVULRiskList, DescribeRiskCenterWebsiteRiskList, DescribeScanTaskList, DescribeSubUserInfo, DescribeSubnetAssets, DescribeUebaRule, DescribeVULList, DescribeVULRiskAdvanceCFGList, DescribeVpcAssets, DescribeVulViewVulRiskList.

Name Type Description
Value String Filter value
Text String Filter name

Filters

Filter conditions. Multiple Values under the same Name are in an OR relationship, and different Names are in an AND relationship.

Used by actions: DescribeAssetProcessList, DescribeAssetRiskList, DescribeCheckViewRisks, DescribeConfigCheckRules, DescribeExposures, DescribeHighBaseLineRiskList, DescribeRiskDetailList, DescribeRiskRules, DescribeVulRiskList.

Name Type Required Description
Name String No Filter condition name.
Values Array of String No Filter condition value list
ExactMatch String No Exact match: 1 - exact match; default - fuzzy match

GateWayAsset

Gateway asset.

Used by actions: DescribeGatewayAssets.

Name Type Description
AppId String appid
Uin String uin
AssetId String Asset ID.
AssetName String Asset name.
AssetType String Asset type.
PrivateIp String VPC IP
PublicIp String Public IP address
Region String Region.
VpcId String VPC id.
VpcName String VPC Name
Tag Array of Tag Tag.
OutboundPeakBandwidth String Outbound peak bandwidth.
InboundPeakBandwidth String Inbound peak bandwidth.
OutboundCumulativeFlow String Cumulative Outbound Traffic
InboundCumulativeFlow String Cumulative Inbound Traffic
NetworkAttack Integer Network attack.
ExposedPort Integer Expose ports.
ExposedVUL Integer Exposed vulnerability.
ConfigureRisk Integer Configuration risk.
CreateTime String Creation time.
ScanTask Integer Number of tasks.
LastScanTime String Last scan time
Nick String Nickname.
AddressIPV6 String IPv6 address
IsCore Integer Core or Not
RiskExposure Integer Risk service exposure.
IsNewAsset Integer New Asset or Not. 1: New
Status String Gateway Status
EngineRegion String TSE's Actual Gateway Region
WeakPasswordRisk Integer Weak password risk.

HighBaseLineRiskItem

High-Risk baseline risk content.

Used by actions: DescribeHighBaseLineRiskList.

Name Type Description
CloudAccountID String Cloud account ID.
AssetID String Instance ID.
InstanceStatus String Instance status
InstanceName String Instance name
RiskName String Risk name.
RiskCategory String Risk classification.
RiskLevel String Risk level.
RiskDesc String Risk description.
RiskResult String Risk result.
FixAdvice String Fixing suggestion
RiskCategoryName String Linux vulnerability.
RiskLevelName String Risk name.
InstanceStatusName String Instance status
CreateTime String First detection time
UpdateTime String Last discovery time
AppID Integer Tenant ID.

IaCFile

IaC detection file

Used by actions: DescribeIaCFileList.

Name Type Required Description
Id Integer No

ID
AppId Integer No

appid
FileId String No

File ID
FileName String No

File name.
CICDName String No

CI/CD name
FilePath String No

File path
FileType Integer No

File type (1: Dockerfile, 2: Terraform, 3: KubernetesYaml)
RiskTotalCnt Integer No

Total number of risks
RiskLevelCnt Array of KeyValueInt No

Risk level count (0: Low risk, 1: Medium risk, 2: High risk, 3: Critical)
ScanTime String No

Scan time
Status Integer No

Detection status (0: pending scan, 1: detecting, 2: completed, 3: detection exception)
FailType Integer No

Scan failure type (0: No failure, 1: Detection timeout, 2: File format parsing failed, 3: Detection failed)

IaCFileRisk

IaC detection file risk

Used by actions: DescribeIaCFileReport.

Name Type Required Description
Level Integer No

Risk level (0: low-risk, 1: medium-risk, 2: high-risk, 3: critical)
Line Integer No

Row count of risk location
RuleName String No

rule name
Description String No

Problem description
Suggestion String No

Repair recommendation

IpAssetListVO

List of IPs

Used by actions: DescribePublicIpAssets.

Name Type Description
AssetId String Asset ID
AssetName String Asset Name
AssetType String Asset type
Region String Region.
CFWStatus Integer Cloud Defense Status
AssetCreateTime String Asset creation time
PublicIp String Public IP address
PublicIpType Integer Public IP Type
VpcId String vpc
VpcName String VPC Name
AppId Integer appid
Uin String User UIN
NickName String Name
IsCore Integer Core
IsCloud Integer On-Cloud
Attack Integer network attack
Access Integer Network access
Intercept Integer Network Interception
InBandwidth String Inbound bandwidth
OutBandwidth String Outbound bandwidth
InFlow String Inbound traffic
OutFlow String outbound traffic
LastScanTime String Last scan time
PortRisk Integer Port risk
VulnerabilityRisk Integer Vulnerability risk
ConfigurationRisk Integer Configuration risk
ScanTask Integer Scan Task
WeakPassword Integer weak password
WebContentRisk Integer Content risk
Tag Array of Tag Tag.
AddressId String EIP Primary Key
MemberId String Member ID information
RiskExposure Integer risk service exposure
IsNewAsset Integer New Asset or Not. 1: New
VerifyStatus Integer Asset Authentication Status. 0-Pending Authentication; 1-Authentication Succeeded; 2-Authentication in Progress; 3+-Authentication Failed.

KeySandboxCredential

Credential data structure, used for list query and details query response

Used by actions: DescribeKeySandboxCredentialList.

Name Type Description
CredentialId String Credential ID
CredentialName String Credential name
CredentialType String Credential Type
Enumeration value:
access: normal Key (Key-Value pair)
sts: STS temporary key credential
CredentialEffectScope CredentialEffectScope Effective machine scope
CreateTime String Creation time.
Parameter format: YYYY-MM-DDTHH:mm:ssZ (ISO8601 format).
UpdateTime String Update time
Parameter format: YYYY-MM-DDTHH:mm:ssZ (ISO8601 format).

KeyValue

KeyValue Pair

Used by actions: DescribeAlertList.

Name Type Required Description
Key String No Field
Value String No Value.

KeyValueInt

Key-value pair (integer).

Used by actions: DescribeIaCFileList, DescribeIaCFileOverview.

Name Type Required Description
Key Integer No

Key
Value Integer No

Value.

NICAsset

Network interface card asset.

Used by actions: DescribeNICAssets.

Name Type Description
AppId String appid
Uin String uin
AssetId String Asset ID.
AssetName String Asset name.
AssetType String Asset type.
PrivateIp String VPC IP
PublicIp String Public IP address
Region String Region.
VpcId String VPC id.
VpcName String VPC Name
Tag Array of Tag Tag.
OutboundPeakBandwidth String Outbound peak bandwidth.
InboundPeakBandwidth String Inbound peak bandwidth.
OutboundCumulativeFlow String Cumulative Outbound Traffic
InboundCumulativeFlow String Cumulative Inbound Traffic
NetworkAttack Integer Network attack.
ExposedPort Integer Expose ports.
ExposedVUL Integer Exposed vulnerability.
ConfigureRisk Integer Configuration risk.
CreateTime String Creation time.
ScanTask Integer Number of tasks.
LastScanTime String Last scan time
Nick String Nickname.
IsCore Integer Core or Not
IsNewAsset Integer New Asset or Not. 1: New

NewAlertKey

The structure is used to input the key of the alarm to update the alarm status.

Used by actions: UpdateAlertStatusList.

Name Type Required Description
AppId String Yes User AppID to Be Changed
Type String Yes Alarm category
SubType String Yes Alarm Subcategory
Source String Yes Alarm source
Name String Yes Alarm name
Key String Yes Alarm Key
Date String Yes Time
Status Integer No Status.

OrganizationInfo

Group Account Details

Used by actions: DescribeOrganizationInfo.

Name Type Description
NickName String member account name
NodeName String Department Node Name, Account's Department
Role String Member/Admin/DelegatedAdmin/EntityAdmin, corresponding to Member/Administrator/Delegated Administrator/Entity Administrator
MemberId String Member Account ID
JoinType String Account Joining Method: Create/Invite.
GroupName String Group Name
AdminName String administrator account name
AdminUin String Administrator UIN
CreateTime String Creation time.
NodeCount Integer Number of departments
MemberCount Integer Number of members
SubAccountCount Integer Number of sub-accounts
AbnormalSubUserCount Integer Number of abnormal sub-accounts
GroupPermission Array of String Group Relationship Policy Permissions
MemberPermission Array of String Membership Policy Permissions
GroupPayMode Integer Group Payment Mode. 0: Self-payment; 1: Proxy Payment.
MemberPayMode Integer Personal Payment Mode. 0: Self-payment; 1: Proxy payment.
CFWProtect String Not enabled if empty. Otherwise, different strings correspond to different versions. Common for General, regardless of version.
WAFProtect String Not enabled if empty. Otherwise, different strings correspond to different versions. Common for General, regardless of version.
CWPProtect String Not enabled if empty. Otherwise, different strings correspond to different versions. Common for General, regardless of version.
Departments Array of String Array of Collections for All Departments
MemberCreateTime String Member Creation Time
CSIPProtect String Advanced/Enterprise/Ultimate
QuotaConsumer Integer 1 indicates the quota consumer.
EnableAdminCount Integer Number of activations by admin/delegated admin
CloudCountDesc Array of CloudCountDesc Account Multi-Cloud Information Statistics, in array format. Refer to the description of CloudCountDesc for details.
AdminCount Integer Total number of admins/delegated admins

OrganizationUserInfo

Group Account Member Details

Used by actions: DescribeOrganizationUserInfo.

Name Type Description
Uin String Member Account UIN
NickName String member account name
NodeName String Department Node Name, Account's Department
AssetCount Integer Number of assets
RiskCount Integer Number of risks
AttackCount Integer Number of Attacks
Role String Member/Admin/; Member or Administrator
MemberId String Member Account ID
AppId String Member Account AppID
JoinType String Account Joining Method: Create/Invite.
CFWProtect String Not enabled if empty. Otherwise, different strings correspond to different versions. Common for General, regardless of version.
WAFProtect String Not enabled if empty. Otherwise, different strings correspond to different versions. Common for General, regardless of version.
CWPProtect String Not enabled if empty. Otherwise, different strings correspond to different versions. Common for General, regardless of version.
Enable Integer 1-Enabled; 0-Not Enabled.
CSIPProtect String Free // Free Edition Advanced //Advanced Edition Enterprise //Enterprise Edition Ultimate //Premium Edition
QuotaConsumer Integer 1 for quota consumer.
CloudType Integer Account Type. 0 for Tencent Cloud account; 1 for AWS account.
SyncFrequency Integer 0 for default value, 1 for 10 minutes, 2 for 1 hour, 3 for 24 hours.
IsExpired Boolean Whether the multi-cloud account is expired.
PermissionList Array of String Multi-Cloud Account Permission List
AuthType Integer 1
TcMemberType Integer Tencent Cloud Group Account
Tencent Cloud access account
2: non-Tencent Cloud
SubUserCount Integer Number of sub-accounts.
JoinTypeInfo String Joining method details

PortRiskAdvanceCFGParamItem

Port Risk Advanced Configuration Item

Used by actions: CreateRiskCenterScanTask, ModifyRiskCenterScanTask.

Name Type Required Description
PortSets String Yes Port Collection, separated by commas.
CheckType Integer Yes Detection Item Type. 0-System-Defined; 1-User-Defined.
Detail String No Detection item description
Enable Integer No Enable/Disable. 1-Enable; 0-Disable.

PortViewPortRisk

Port risk details

Used by actions: DescribeRiskCenterPortViewPortRiskList.

Name Type Description
NoHandleCount Integer Unprocessed quantity.
Level String Risk level, low - low risk, high - high risk, middle - medium risk, info - notification, extreme - critical.
Protocol String Network protocol
Component String Components
Port Integer Port
RecentTime String Last detected
FirstTime String First detected
Suggestion Integer Suggested action. 0: Keep as it is; 1: Block access requests; 2: Block the port
AffectAssetCount String Number of Affected Assets
Id String ID
From String Source recognition
Index String Data entry key
AppId String User AppId
Nick String User Nickname
Uin String User UIN
Service String Service

ProductSupport

Vulnerability Information Product Support Status

Used by actions: DescribeSearchBugInfo.

Name Type Description
VSSScan Boolean True supports scanning. False does not support scanning.
CWPScan String 0-Not Supported; 1-Supported
CFWPatch String 1 indicates virtual patches supported, 0 or null indicates not supported.
WafPatch Integer 0-Not Supported; 1-Supported
CWPFix Integer 0-Not Supported; 1-Supported
CveId String cveid

PublicIpDomainListKey

List of public IPs/domain name assets

Used by actions: DeleteDomainAndIp.

Name Type Required Description
Asset String Yes IP/Domain

RelatedEvent

Related Attack Event Structure

Used by actions: DescribeAlertList.

Name Type Required Description
EventID String No Event ID
Description String No Event description
RelatedCount Integer No Number of Alarms Associated with Event

ReportItemKey

Report item

Used by actions: DescribeTaskLogURL.

Name Type Required Description
TaskLogList Array of String Yes List of report IDs.

ReportTaskIdList

List of task IDs in the report

Used by actions: DescribeTaskLogURL.

Name Type Required Description
TaskIdList Array of String Yes List of task IDs
AppId String No User AppId

RepositoryImageVO

Repository Image List

Used by actions: DescribeRepositoryImageAssets.

Name Type Required Description
AppId Integer No User appid.
Uin String No User UIN
NickName String No Nickname.
InstanceId String No Mirror id.
InstanceName String No Image name.
InstanceCreateTime String No Image creation time.
InstanceSize String No Image Size with Unit
BuildCount Integer No Build times.
InstanceType String No Image type.
AuthStatus Integer No Authorization status.
InstanceVersion String No Mirror version.
Region String No Region.
RepositoryUrl String No Repository address.
RepositoryName String No Repository name.
IsCore Integer No Core or Not
VulRisk Integer No Vulnerability risk.
CheckCount Integer No Check task.
CheckTime String No Health Checkup Time
IsNewAsset Integer No New Asset or Not. 1: New

RiskCallRecord

Risk call record details.

Used by actions: DescribeRiskCallRecord.

Name Type Description
EventName String API name.
EventDescCN String Chinese description of the API.
EventDescEN String Interface description.
ProductName String Product name
ProductNameCN String Product Chinese Name
CallCount Integer Number of calls.

RiskCenterStatusKey

Risk data

Used by actions: ModifyRiskCenterRiskStatus.

Name Type Required Description
Id String Yes Risk ID
PublicIPDomain String No Public IP/domain name
InstanceId String No Instance ID.
AppId String No User AppId

RiskDetailItem

risk details

Used by actions: DescribeRiskDetailList.

Name Type Description
CreateTime String

First discovery time
UpdateTime String

Update time.
RiskStatus Integer

Risk status
RiskContent String

Risk content
Provider String

Cloud service provider
ProviderName String

Vendor name
CloudAccountId String

cloud account
CloudAccountName String

Cloud account name
InstanceId String

Instance ID.
InstanceName String

Instance name
RiskId Integer

Risk ID
RiskRuleId String

Risk rule ID
CheckStatus String

Risk verification status
AppID Integer

User AppID
AssetType String

Asset type

RiskRuleInfo

risk rule

Used by actions: DescribeConfigCheckRules.

Name Type Description
RuleID String Risk Check Item ID
Provider String Cloud vendor name
InstanceType String Instance type
RiskTitle String risk name
CheckType String Check type
RiskLevel String Risk level
RiskInfluence String Risk damage
RiskFixAdvance String Risk remediation guide report link
DispositionType String Boundary control

RiskRuleItem

risk rule

Used by actions: DescribeRiskRules.

Name Type Description
ItemId String Risk Check Item ID
Provider String Cloud vendor name
InstanceType String Instance type
InstanceName String Instance Type Name
RiskTitle String risk name
CheckType String Check type
Severity String Risk level
RiskInfluence String Risk damage

RoleInfo

Alarm Data Attacker or Victim Information

Used by actions: DescribeAlertList.

Name Type Required Description
IP String No IP
HostIP String No HostIP
OriginIP String No Original IP
Port Integer No Port.
InstanceID String No asset ID
City String No city
Province String No Province
Country String No nation
Address String No Address.
Latitude String No latitude
Longitude String No longitude
Info String No Information.
Domain String No Domain
Name String No Enterprise Name
Account String No Account
Family String No Family Group
VirusName String No Virus name
MD5 String No MD5 Value
FileName String No Malicious process filename
AssetType Integer No 1-Host Assets; 2-Domain Assets; 3-Network Assets
FromLogAnalysisData Array of KeyValue No Information Fields of Source Log Analysis
ContainerName String No Container name
ContainerID String No container ID

STSCredentialOutput

STS temporary key credential (dedicated for output parameters), used for the response of the query details api. The SecretID and SecretKey fields return masked values, while System returns the original text.

Used by actions: DescribeKeySandboxCredential.

Name Type Description
System String Credential provider flag (original text), such as tencentCam, aws, aliyun
SecretID String SecretID (masked)
Supplementary description: Reserve the first 3 and last 4 digits, replace the middle with *; replace all with * if the length is less than 7.
SecretKey String SecretKey (masked)
Supplementary description: Reserve the first 3 and last 4 digits, replace the middle with *; replace all with * if the length is less than 7.

ScanTaskInfo

Details of a scan task

Used by actions: DescribeScanReportList.

Name Type Description
TaskId String Task ID
TaskName String Task name.
Status Integer Task Status Code: 1-Awaiting Start, 2-Scanning, 3-Scan Error, 4-Scan Completed.
Progress Integer Task progress
TaskTime String Task Completion Time
ReportId String report ID
ReportName String report name
ScanPlan Integer Scanning Schedule. 0-Periodic Task; 1-Scan Now; 2-Scheduled Scan; 3-Custom.
AssetCount Integer Number of Associated Assets
AppId String APP ID
UIN String User Host Account ID
UserName String User name

ScanTaskInfoList

Data returned in the list of scan tasks list to display information

Used by actions: DescribeScanTaskList.

Name Type Description
TaskName String Task name.
StartTime String start time of the task
EndTime String Task end time
ScanPlanContent String Cron Format
TaskType Integer 0-Periodic Task; 1-Scan Now; 2-Scheduled Scan; 3-Custom.
InsertTime String Creation time.
TaskId String Task ID.
SelfDefiningAssets Array of String Custom Specified Scan Asset Information
PredictTime Integer Estimated Time
PredictEndTime String Estimated Completion Time
ReportNumber Integer Report Count
AssetNumber Integer Number of assets
ScanStatus Integer Scan Status. 0-Initial Value; 1-Scanning; 2-Scan Completed; 3-Scan Error; 4-Scan Stopped.
Percent Float Task progress
ScanItem String port/poc/weakpass/webcontent/configrisk
ScanAssetType Integer 0-Full Scan; 1-Specified Asset Scan; 2-Excluded Asset Scan; 3-Custom Specified Asset Scan.
VSSTaskId String VSS Subtask ID
CSPMTaskId String CSPM Subtask ID
CWPPOCId String Host Vulnerability Scan Subtask ID
CWPBlId String Host Baseline Subtask ID
VSSTaskProcess Integer VSS Subtask Progress
CSPMTaskProcess Integer CSPM Subtask Progress
CWPPOCProcess Integer Host Vulnerability Scan Subtask Progress
CWPBlProcess Integer Host Baseline Subtask Progress
ErrorCode Integer Exception status code
ErrorInfo String Exception information
StartDay Integer Number of Days for Periodic Task to Start
Frequency Integer Scanning Frequency, in Days. 1-Daily; 7-Weekly; 30-Monthly; 0-Scan Once.
CompleteNumber Integer Completion Count
CompleteAssetNumber Integer Completed Asset Count
RiskCount Integer risk count
Assets Array of TaskAssetObject Asset
AppId String User Appid
UIN String User Host Account ID
UserName String User name
TaskMode Integer Checkup Mode. 0-Standard Mode; 1-Quick Mode; 2-Advanced Mode.
ScanFrom String Scan Source
IsFree Integer Whether health checkup is limited or exempted. 0-No; 1-Yes.
IsDelete Integer Whether it can be deleted. 1-Yes; 0-No. For use with multi-account management.
SourceType Integer Task Source Type. 0: Default; 1: Assistant; 2: Health Checkup Items.

ServerRisk

Service risk

Used by actions: DescribeRiskCenterServerRiskList.

Name Type Description
ServiceTag String Service tag
Port Integer Port.
AffectAsset String Affected assets
InstanceId String Instance ID
InstanceName String Instance name
InstanceType String Asset type
Level String Risk level, low - low risk, high - high risk, middle - medium risk, info - notification, extreme - critical.
Protocol String Network protocol
Component String Components
Service String Service
RecentTime String Last detected
FirstTime String First detected
RiskDetails String Risk details
Suggestion String Handling suggestion
Status Integer Status, 0 unprocessed, 1 processed, 2 ignored, 3 defended by cloud protection
Id String Unique ID of the asset
AppId String User appid
Nick String User Nickname
Uin String User UIN
ServiceSnapshot String Service Snapshot
Url String Service Access URL
Index String List Index Value
RiskList Array of ServerRiskSuggestion Risk list
SuggestionList Array of ServerRiskSuggestion Recommendation List
StatusCode String HTTP Response Status Code
NewLevel String New risk level, high_risk high risk suspect Suspected Normal Does not have risks currently
XspmStatus Integer Status, 0 unprocessed, 1 processed, 2 ignored, 3 defended by cloud protection, 4 no action is required

ServerRiskSuggestion

Risk details

Used by actions: DescribeRiskCenterServerRiskList.

Name Type Description
Title String Title.
Body String Details.

ServiceSupport

Product support.

Used by actions: DescribeVULRiskAdvanceCFGList, DescribeVULRiskDetail.

Name Type Description
ServiceName String Product name.
"cfw_waf_virtual", "cwp_detect", "cwp_defense", "cwp_fix"
SupportHandledCount Integer Total number of processed assets.
SupportTotalCount Integer Total number of supported assets.
IsSupport Boolean Whether the product is supported: 1 for supported; 0 for unsupported.

SkillCapabilityTag

Skill power tag

Used by actions: DescribeSkillScanResult.

Name Type Description
ID String Capacity tag identification, suitable for program judgment, filtering or aggregation usage
Name String Capacity Tag Display Name

SkillRuleCatalogItem

Fusion rule directory item

Used by actions: DescribeSkillScanResult.

Name Type Description
RuleID String Fusion rule ID (9xxxx)
RuleName String Risk category name

SkillScanEngineResult

Sub-engine scanning result

Used by actions: DescribeSkillScanResult.

Name Type Description
ScanType String Sub-engine type
Enumeration value:
AI: AI engine
STATIC: Static analysis engine
RuleList Array of SkillScanRuleHit The rule list hit by the engine

SkillScanItem

Skill security detection result details

Used by actions: DescribeSkillScanResult.

Name Type Description
SkillName String

Skill name
SkillDescription String

Skill description to help understand its primary purpose
ContentHash String

SHA256 Hash of the ZIP file
Parameter format: sha256:<64-bit hex>
UploadFileCount Integer

The number of actual files after decompressing the original uploaded ZIP file, also within the billing limit. Each file is counted as one limit after a successful scan.
RiskLevel String

Comprehensive risk level
Enumeration value:
malicious: Malicious
suspicious: Suspicious
benign: Trustworthy
PrimaryRuleID String

Risk master tag fusion rule ID (9xxxx) is generated by the server from the hit fusion risk tags. It is empty when benign and no rule hits occur. The display name can be obtained via RuleCatalog.
Mitigation String

Comprehensive handling suggestions for guiding the caller to prioritize actions such as decommissioning, isolation, repair, and recheck. The historical result may be empty. Returns copywriting in English when Language=en-US is passed.
RiskDescription String

Comprehensive risk description provides an overview of risks found in this detection. Returns English copy when Language=en-US is passed.
SecurityScore Integer

Security score value ranges from 0 to 100. Supplementary explanation: the higher the score, the more secure.
EngineVersion Integer

Engine version number used in this scan
CapabilityTags Array of SkillCapabilityTag

Skill ability tag list describes the ability features or application scenarios of Skill. It is not equal to risk tag and does not participate in risk level judgment. When Language=en-US is passed, Name switches to English while ID remains unchanged.
RuleCatalog Array of SkillRuleCatalogItem

Complete set of fusion rule directory, including all fusion rule categories (9xxxx). The caller can show category tags accordingly without the need to maintain a mapping table locally. Returns English name when Language=en-US is passed.
ScanItems Array of SkillScanEngineResult

Scan result details, grouped by sub-engine. Each element contains ScanType (engine type) and RuleList (hit rule list). RuleID within the rules uses fusion code (9xxxx) and can be cross-referenced with RuleCatalog. Description returns in English when Language=en-US is passed.
ReportURL String

Comprehensive security audit report address (pre-signed URL). The valid period is controlled by the request parameter ReportURLExpireHours.
ScannedAt Timestamp ISO8601

Scan completion time. Only available when Status=SUCCESS
Parameter format: YYYY-MM-DDTHH:mm:ssZ (ISO8601 format)
CreatedAt Timestamp ISO8601

Task creation time. Only available when Status=SCANNING
Parameter format: YYYY-MM-DDTHH:mm:ssZ (ISO8601 format)
FailedAt Timestamp ISO8601

Failure time. Only valid when Status=FAILED
Parameter format: YYYY-MM-DDTHH:mm:ssZ (ISO8601 format)
Message String

Failure reason description. Only available when Status=FAILED.

SkillScanRuleHit

hit rule

Used by actions: DescribeSkillScanResult.

Name Type Description
RuleID String Fusion rule number (9xxxx) can be cross-referenced with RuleCatalog.
Description String Current description of the specific detection for the matched rule, including file location, behavioral features, risks, etc.

SkillState

SKILL installation status info

Used by actions: DescribeAIAgentAssetList.

Name Type Description
SkillInstallStatus Integer SKILL Installation Status
Enumeration value:
0: Not installed
Installing
2: Installed
3: Installation failure
4: Uninstalling
5: Uninstallation failed.
SkillInstallTime String SKILL installation/uninstallation operation time
Parameter format: YYYY-MM-DDTHH:mm:ssZ (ISO8601 format).
SkillInstallResult String SKILL installation/uninstallation result description information

SourceIPAsset

Access key asset information (source IP perspective).

Used by actions: DescribeSourceIPAsset.

Name Type Description
ID Integer id of the source IP.
SourceIP String Source IP.
Remark String Remarks
AppID Integer Account associate APPID.
Region String IP region.
EventType Integer API call method.
-1: uncounted.
0: console invocation.
1:API
IPType Integer IP type.
0: within the account (unremarked).
1: external accounts (unremarked).
2: within the account (remarked).
3: external account (remarked).
AccessKeyAlarmList Array of AccessKeyAlarmInfo Alarm information list.
AKInfo Array of AKInfo ak information list.
ActionCount Integer Number of API calls.
LastAccessTime String Last access Time
InstanceID String IP associated instance ID. if an empty string, represents an asset not within the account.
InstanceName String Associated instance name.
Uin String Account associate Uin.
Nickname String Nickname.
ShowStatus Boolean Display status.
ISP String ISP field.
VpcInfo Array of SourceIPVpcInfo vpc information outside the account.
CloudType Integer Cloud type.
0 for tencent cloud.

SourceIPVpcInfo

Source IP of the call public account information.

Used by actions: DescribeAbnormalCallRecord, DescribeCallRecord, DescribeSourceIPAsset.

Name Type Description
Name String Account name
AppID Integer App ID of the VPC.
VpcID String vpc id
VpcName String vpc name.

StandardItem

CSPM standard

Used by actions: DescribeAssetRiskList, DescribeCheckViewRisks.

Name Type Description
ID Integer Specification ID
Name String Standard name

StandardTerm

CSPM clause

Used by actions: DescribeAssetRiskList, DescribeCheckViewRisks.

Name Type Description
Tag String Tag.
Terms Array of String Clause

StatisticalFilter

User Behavior Analysis Statistical Condition

Used by actions: DescribeUebaRule.

Name Type Required Description
OperatorType Integer Yes 0: Not based on statistical testing
1: Occurrence count higher than a fixed value
2: Occurrence count exceeds 100 percent of the period average
3: Occurrences higher than 50 percent of the user average
Value Float Yes Statistical value

SubUserInfo

Sub-account Details

Used by actions: DescribeSubUserInfo.

Name Type Description
ID Integer

Primary key ID, with no business significance, only serves as a unique key.
AppID String

Sub-account Appid
Uin String

Sub-account UIn
NickName String

Sub-account name
OwnerAppID String

Root Account Appid
OwnerUin String

Root account Uin
OwnerNickName String

Root account name
OwnerMemberID String

Member ID information belonging to main account
CloudType Integer

Account type. 0 indicates a Tencent Cloud account, and 1 indicates an AWS account.
ServiceCount Integer

Number of accessible services
InterfaceCount Integer

Number of accessible APIs
AssetCount Integer

Number of accessible resources
LogCount Integer

Number of access/behavior logs
ConfigRiskCount Integer

Permission configuration risk
ActionRiskCount Integer

Dangerous behavior alarm
IsAccessCloudAudit Boolean

Whether to access operation audit log
IsAccessCheck Boolean

Security check for configuration risk required or not
IsAccessUeba Boolean

Whether configure user behavior management policy
CreateTime Integer

Creation time (Unix timestamp).

SubnetAsset

Subnet assets

Used by actions: DescribeSubnetAssets.

Name Type Description
AppId String appid
Uin String UIN
AssetId String Asset ID
AssetName String Asset name
Region String Region
VpcId String VPC ID
VpcName String VPC name
Tag Array of Tag Tag.
Nick String User name
CIDR String CIDR block
Zone String Availability zone
CVM Integer Number of CVMs
AvailableIp Integer Number of available IPs
CreateTime String Creation time
ConfigureRisk Integer Configuration risks
ScanTask Integer Number of tasks.
LastScanTime String Last scan time
IsCore Integer Core or Not
IsNewAsset Integer New Asset or Not. 1: New

Tag

Tags

Used by actions: DescribeCVMAssetInfo, DescribeCVMAssets, DescribeDbAssetInfo, DescribeDbAssets, DescribeDomainAssets, DescribeGatewayAssets, DescribeNICAssets, DescribeOtherCloudAssets, DescribePublicIpAssets, DescribeSubnetAssets, DescribeVpcAssets.

Name Type Required Description
Name String Yes Tag name.
Value String Yes Tag value

TagCount

Product Log Entries

Used by actions: DescribeAlertList, DescribeTopAttackInfo.

Name Type Description
Name String Product Name
Count Integer Number of logs.

Tags

Server tag information

Used by actions: DescribeScanTaskList.

Name Type Required Description
TagKey String No Host tag key
TagValue String No Host tag value

TaskAdvanceCFG

Advanced task configuration

Used by actions: CreateRiskCenterScanTask, ModifyRiskCenterScanTask.

Name Type Required Description
PortRisk Array of PortRiskAdvanceCFGParamItem No Port Risk Advanced Configuration
VulRisk Array of TaskCenterVulRiskInputParam No Advanced vulnerability scan configuration
WeakPwdRisk Array of TaskCenterWeakPwdRiskInputParam No Advanced weak password check configuration
CFGRisk Array of TaskCenterCFGRiskInputParam No Advanced configuration risk scan configuration

TaskAssetObject

Task asset information

Used by actions: CreateRiskCenterScanTask, DescribeScanTaskList, ModifyRiskCenterScanTask.

Name Type Required Description
AssetName String No Asset name.
InstanceType String No Asset type.
AssetType String No Asset category.
Asset String No IP, domain name, asset ID, database ID, and more
Region String No Region.
Arn String No Unique ID of Multi-Cloud Assets

TaskCenterCFGRiskInputParam

Advanced configuration risk scan configuration

Used by actions: CreateRiskCenterScanTask, ModifyRiskCenterScanTask.

Name Type Required Description
ItemId String Yes Check item ID
Enable Integer Yes Whether to enable. 0: no, 1: yes.
ResourceType String Yes Resource type

TaskCenterVulRiskInputParam

Advanced vulnerability scan configuration

Used by actions: CreateRiskCenterScanTask, ModifyRiskCenterScanTask.

Name Type Required Description
RiskId String Yes Risk ID
Enable Integer Yes Whether to enable. 0: no, 1: yes.

TaskCenterWeakPwdRiskInputParam

Advanced weak password check configuration

Used by actions: CreateRiskCenterScanTask, ModifyRiskCenterScanTask.

Name Type Required Description
CheckItemId Integer Yes Check item ID
Enable Integer Yes Whether to enable. 0: no, 1: yes.

TaskIdListKey

List of task IDs

Used by actions: DeleteRiskScanTask, StopRiskCenterTask.

Name Type Required Description
TaskId String Yes Task ID
TargetAppId String No APP ID

TaskLogInfo

Task report information

Used by actions: DescribeTaskLogList.

Name Type Description
TaskLogName String report name
TaskLogId String Report ID.
AssetsNumber Integer Associated Asset Count
RiskNumber Integer Security Risk Count
Time String Report generation time
Status Integer Task Status Code. 0-Initial Value; 1-Scanning; 2-Scan Completed; 3-Scan Error; 4-Stopped; 5-Halted; 6-Task Has Been Restarted.
TaskName String Associated Task Name
StartTime String Scan start time
TaskCenterTaskId String Task Center Scan Task ID
AppId String Tenant ID
UIN String Host Account ID
UserName String User name
ReportType Integer Report Type. 1: Security Checkup; 2: Daily Report; 3: Weekly Report; 4: Monthly Report.
TemplateId Integer Report Template ID

TaskLogURL

Temp download URL for the report PDF

Used by actions: DescribeTaskLogURL.

Name Type Description
URL String Temporary Link for Report Download
LogId String Task Report ID
TaskLogName String Task Report Name
AppId String APP ID

TrafficPluginState

AI Agent traffic sandbox plug-in status

Used by actions: DescribeAIAgentAssetList.

Name Type Description
InstallStatus String Plugin installation status (upper layer aggregation)
Enumeration value:
NONE: Not installed
INSTALLING
INSTALLED: Installed
INSTALL_FAIL: Installation failure
Status String Plugin installation sub-status. The value corresponds to InstallStatus: empty string when not installed (InstallStatus=UNINSTALL); SUCCESS when successfully installed (InstallStatus=INSTALLED); specific failure reason when installation failure (InstallStatus=INSTALL_FAIL).
Enumeration value:
NOT_SUPPORT: Unsupported environment
CONTAINER_NOT_FOUND: Container does not exist.
RESTART required
CA_FAILED: CA failed
EBPF_FAILED: eBPF failed
IPTABLE_FAILED: iptables failed.
REDIRECT_FAILED: Traffic redirection failed.
Message String Status copywriting (internationalization description derived from Status based on request language)
ActivityTime Timestamp ISO8601 Recent activity time of the plug-in
Parameter format: YYYY-MM-DDTHH:mm:ssZ (ISO8601 format).

TrafficRuleState

Traffic sandbox rule status

Used by actions: DescribeAIAgentAssetList.

Name Type Description
Module String

Sandbox plug-in module name
Status String

Sandbox rule status

Enumeration value:

  • ON: Enable
  • OFF: Disable

UebaCustomRule

User behavior analysis Custom policy structure

Used by actions: DescribeUebaRule.

Name Type Required Description
RuleName String Yes Policy name.
UserType Integer Yes 1: Cloud account
2: Custom user
TimeInterval Integer Yes Occurrence time
10 minutes
2:1 hour
3: One day
4: A week
5: One month
EventContent UebaEventContent Yes Event
AlertName String Yes Alarm name
AlterLevel Integer Yes Alarm type
Prompt.
1: low
2: Medium risk
3: High risk
4: Critical
Operator Array of String Yes Operator.
OperateObject Array of String Yes Operation object.
OperateMethod Array of String Yes Operation method
LogType String No Log type
LogTypeStr String No Chinese name in logs

UebaEventContent

User behavior analysis Event structure

Used by actions: DescribeUebaRule.

Name Type Required Description
EventType Integer Yes Event type
1: Statement retrieval
2: Filter search
Content String No Statement retrieval content
Filters Array of WhereFilter No retrieval condition
StatisticalFilter StatisticalFilter No Statistical condition

UebaRule

User Behavior Analysis Policy

Used by actions: DescribeUebaRule.

Name Type Description
RuleID String Policy ID
RuleName String Rule name
RuleType Integer Policy type
System policy
custom policy
RuleLevel Integer Policy level
Prompt.
1: low
2: Medium risk
3: High risk
4: Critical
RuleContent String Policy content
RuleStatus Boolean Policy switch
HitCount Integer Number of hits
AppID String Associated account Appid.
MemberID String Multi-account, member ID
Uin String Uin
Nickname String Nickname
CustomRuleDetail UebaCustomRule Custom rule specific content
CloudType Integer Cloud type
0 Tencent Cloud
aws:1

UserCallRecord

Record details.

Used by actions: DescribeUserCallRecord.

Name Type Description
SourceIP String Source IP of the call.
EventType Integer Invocation type.
0: console invocation.
1:API
CallCount Integer Number of calls.
Code Integer Error code.
0: Successful
FirstCallTime String First time call time.
LastCallTime String Call time.
SourceIPRemark String Source IP of the call remark.
Region String Source IP region of the call.
UserName String User/Role name.
Date String Aggregate date.
AppID Integer appid
ISP String Carrier.

VULBaseInfo

Emergency vulnerability basic data.

Used by actions: DescribeVULList.

Name Type Description
Level String Risk level.
High - high risk, middle - medium risk, low - low risk, info - Note.
Component String Component.
PublishTime String Release date.
LastScanTime String Last scan time
AffectAssetCount Integer Number of Affected Assets
RiskId String Risk ID
VULType String Vulnerability type.
VULName String Vulnerability name
CVE String cve
Describe String Description
Payload String Vulnerability Payload
AppName String Vulnerability impact component.
References String Technology reference.
AppVersion String Vulnerability impact version.
VULURL String Risks.
Nick String User Nickname
Note: This field may return null, indicating that no valid values can be obtained.
AppId String User appid.
Uin String User UIN
Note: This field may return null, indicating that no valid values can be obtained.
Fix String Fixing suggestion
Note: This field may return null, indicating that no valid values can be obtained.
EMGCVulType Integer Emergency Vulnerability Type. 1-Emergency Vulnerability; 0-Non-emergency Vulnerability.
Note: This field may return null, indicating that no valid values can be obtained.
CVSS Float CVSS score
Note: This field may return null, indicating that no valid values can be obtained.
AttackHeat Integer Attack intensity.
0/1/2/3
Note: This field may return null, indicating that no valid values can be obtained.
ScanStatus Integer Detection status 0 unscanned 1 scan in progress 2 scan complete.
Note: This field may return null, indicating that no valid values can be obtained.
IsSuggest Integer 1/0 whether compulsory.
Note: This field may return null, indicating that no valid values can be obtained.
VulTag Array of String Tag.
Note: This field may return null, indicating that no valid values can be obtained.
SupportProduct String Support products: "cfw_waf_virtual", "cwp_detect", "cwp_defense", "cwp_fix" (comma-separated).
Note: This field may return null, indicating that no valid values can be obtained.
TaskId String Vulnerability detection task id.
Note: This field may return null, indicating that no valid values can be obtained.
Index String Primary key
Note: This field may return null, indicating that no valid values can be obtained.
PcmgrID String Vulnerability id old version.
Note: This field may return null, indicating that no valid values can be obtained.
TvdID String Vulnerability id new version.
Note: This field may return null, indicating that no valid values can be obtained.

VULRiskAdvanceCFGList

List of advanced vulnerability scan configurations

Used by actions: DescribeVULRiskAdvanceCFGList.

Name Type Description
RiskId String Risk ID
VULName String Vulnerability name
RiskLevel String Risk level, low - low risk, high - high risk, middle - medium risk, info - notification, extreme - critical.
CheckFrom String Source of the check task
Enable Integer Enable/Disable. 1-Enable; 0-Disable.
VULType String Risk type.
ImpactVersion String Affected versions
CVE String CVE
VULTag Array of String Vulnerability tag
FixMethod Array of String Repair method
ReleaseTime String Disclosure time
EMGCVulType Integer Emergency Vulnerability Type. 1-Emergency Vulnerability; 0-Non-emergency Vulnerability.
VULDescribe String Vulnerability description
ImpactComponent String Affected component
Payload String Vulnerability Payload
References String Technology reference
CVSS String CVSS Score
AttackHeat String Attack intensity
ServiceSupport Array of ServiceSupport Security Product Support Status
RecentScanTime String Latest detection time

VULRiskInfo

Vulnerability risk information.

Used by actions: DescribeVULRiskDetail.

Name Type Description
Fix String Fixing suggestion
References String Technology reference/reference link.
Describe String Vulnerability description
ImpactComponent Array of VulImpactComponentInfo Affected component.

VULViewVULRisk

Details of a vulnerability

Used by actions: DescribeRiskCenterVULViewVULRiskList.

Name Type Description
Port String Port
NoHandleCount Integer Affected assets
Level String Risk level, low - low risk, high - high risk, middle - medium risk, info - notification, extreme - critical.
Component String Components
RecentTime String Last detected
FirstTime String First detected
AffectAssetCount Integer Number of Affected Assets
Id String Risk ID
From String Scan Source. See API Return Enumeration Type for details.
Index String Frontend index
VULType String Vulnerability type
VULName String Vulnerability name
CVE String CVE number
Describe String Description
Payload String Vulnerability Payload
AppName String Affected component
References String Technology reference
AppVersion String Vulnerability Affected Version
VULURL String risks
Nick String User Nickname
AppId String User appid
Uin String User UIN
Fix String Fixing suggestion
EMGCVulType Integer Emergency Vulnerability Type. 1-Emergency Vulnerability; 0-Non-emergency Vulnerability.

VULViewVULRiskData

Vulnerability Risk Objects from Vulnerability's Perspective

Used by actions: DescribeVulViewVulRiskList.

Name Type Description
Port String Port.
NoHandleCount Integer Impact assets.
Level String Risk level: low - low risk, high - high risk, middle - medium risk, info - note, extreme - critical.
Component String Component.
RecentTime String Latest Recognition Time
FirstTime String First Recognition Time
AffectAssetCount Integer Number of Affected Assets
RiskId String Risk ID
From String Scan Source. See API Return Enumeration Type for details.
Index String Front-end Index
VULType String Vulnerability type.
VULName String Vulnerability name
CVE String cve
Payload String Vulnerability Payload
AppName String Vulnerability impact component.
AppVersion String Vulnerability impact version.
VULURL String Risks.
Nick String User Nickname
AppId String User appid.
Uin String User UIN
EMGCVulType Integer Emergency Vulnerability Type. 1-Emergency Vulnerability; 0-Non-emergency Vulnerability.
CVSS Float CVSS score
PCMGRId String PCMGRId
VulTag Array of String Vulnerability tag. during searching, emergency mandatory parameter VulTag=SuggestRepair/EMGCVul.
DisclosureTime String Vulnerability disclosure time.
AttackHeat Integer Attack intensity.
IsSuggest Integer Whether a mandatory vulnerability: 1 - yes; 0 - no.
HandleTaskId String Disposal task id.
EngineSource String Engine source.
VulRiskId String New vulnerability risk id.
TvdID String New version vulnerability id.
IsOneClick Integer Is it possible to perform a one-click physical examination. valid values: 1-yes, 0-not allowed.

Vpc

List of VPCs

Used by actions: DescribeVpcAssets.

Name Type Description
Subnet Integer Subnet (32-bit mask)
ConnectedVpc Integer Connected VPC (32-bit mask)
AssetId String Asset ID
Region String Region
CVM Integer CVM (only 32-bit)
Tag Array of Tag Tag.
DNS Array of String DNS Domain
AssetName String Asset name
CIDR String CIDR block
CreateTime String Asset creation time
AppId String appid
Uin String UIN
Nick String User name
IsNewAsset Integer New Asset or Not. 1: New
IsCore Integer Whether it is a core asset. 1-Yes, 2-No.

VulImpactComponentInfo

Vulnerability impact component information.

Used by actions: DescribeVULRiskDetail.

Name Type Description
Component String Component name
Version String Version name.

VulRiskItem

Host vulnerability risk content.

Used by actions: DescribeVulRiskList.

Name Type Description
CloudAccountID String Cloud account ID.
AssetID String Instance ID.
InstanceStatus String Instance status
InstanceName String Instance name
CreateTime String Creation time.
UpdateTime String Update time
VulName String Vulnerability name
VulCategory String Vulnerability type.
VulLevel String Vulnerability level
CveID String CVE id.
Description String Vulnerability description
ContainerID String Container ID.
Fix String Vulnerability risk remediation recommendation.
VulCategoryName String Linux vulnerability.
VulLevelName String Vulnerability level name.
InstanceStatusName String Instance status chinese information.
AppID Integer Tenant ID.

VulTrend

Vulnerability trends, attack trend, users affected, affect assets.

Used by actions: DescribeVULRiskDetail.

Name Type Description
AffectAssetCount Integer Number of affected assets.
AffectUserCount Integer Number of users affected.
AttackCount Integer Number of attacks.
Date String Time

WebsiteRisk

Details of a content risk

Used by actions: DescribeRiskCenterWebsiteRiskList.

Name Type Description
AffectAsset String Affected assets
Level String Risk level, low - low risk, high - high risk, middle - medium risk, info - notification, extreme - critical.
RecentTime String Last detected
FirstTime String First detected
Status Integer Status of the risk. 0: Not handled, 1: Handled; 2: Ignored
Id String ID, use to handle risk
Index String Frontend index
InstanceId String Instance ID
InstanceName String Instance name
AppId String User appid
Nick String User Nickname
Uin String User UIN
URL String URL of the risk
URLPath String URL of the risk file
InstanceType String Instance type
DetectEngine String Check type.
ResultDescribe String Result description.
SourceURL String Source URL
SourceURLPath String Source file URL

WhereFilter

Filter conditions.

Used by actions: CreateIaCFileExportJob, DescribeAIAgentAssetList, DescribeAbnormalCallRecord, DescribeAccessKeyAlarm, DescribeAccessKeyAsset, DescribeAccessKeyRisk, DescribeAccessKeyUserList, DescribeAlertList, DescribeAssetViewVulRiskList, DescribeCSIPRiskStatistics, DescribeCVMAssets, DescribeCallRecord, DescribeClusterAssets, DescribeClusterPodAssets, DescribeDbAssets, DescribeDomainAssets, DescribeGatewayAssets, DescribeIaCFileList, DescribeIaCTokenList, DescribeKeySandboxCredentialList, DescribeListenerList, DescribeNICAssets, DescribeOrganizationUserInfo, DescribeOtherCloudAssets, DescribePublicIpAssets, DescribeRepositoryImageAssets, DescribeRiskCallRecord, DescribeRiskCenterAssetViewCFGRiskList, DescribeRiskCenterAssetViewPortRiskList, DescribeRiskCenterAssetViewVULRiskList, DescribeRiskCenterAssetViewWeakPasswordRiskList, DescribeRiskCenterCFGViewCFGRiskList, DescribeRiskCenterPortViewPortRiskList, DescribeRiskCenterServerRiskList, DescribeRiskCenterVULViewVULRiskList, DescribeRiskCenterWebsiteRiskList, DescribeScanReportList, DescribeScanTaskList, DescribeSourceIPAsset, DescribeSubUserInfo, DescribeSubnetAssets, DescribeTaskLogList, DescribeUebaRule, DescribeUserCallRecord, DescribeVULList, DescribeVULRiskAdvanceCFGList, DescribeVpcAssets, DescribeVulViewVulRiskList.

Name Type Required Description
Name String Yes Filter item
Values Array of String Yes Filter value
OperatorType Integer No Central platform definition:.
1 equal 2 larger than 3 less than 4 greater than or equal to 5 less than or equal to 6 not equal to 9 fuzzy matching 13 non-fuzzy matching 14 bitwise and.
Exact match fills 7. fuzzy matching fills 9.
上一篇: AddNewBindRoleUser下一篇: Error Codes

帮助和支持

本页内容是否解决了您的问题?

填写满意度调查问卷,共创更好文档体验。

文档反馈