diff options
| author | Zhineng Li <[email protected]> | 2026-02-13 10:54:11 +0800 |
|---|---|---|
| committer | Zhineng Li <[email protected]> | 2026-02-13 10:54:11 +0800 |
| commit | 7347bac4ab7e136157fc94777e6cf87ef9e08599 (patch) | |
| tree | 0dec367dac6e152161a6f7cc0dba6ebbef1f34a2 /data/en_us/cloud-siem/2022-06-16 | |
| download | acs-metadata-full-main.tar.gz acs-metadata-full-main.zip | |
first commitHEADv1.0.0+20260212main
Diffstat (limited to 'data/en_us/cloud-siem/2022-06-16')
| -rw-r--r-- | data/en_us/cloud-siem/2022-06-16/api-docs.php | 19637 |
1 files changed, 19637 insertions, 0 deletions
diff --git a/data/en_us/cloud-siem/2022-06-16/api-docs.php b/data/en_us/cloud-siem/2022-06-16/api-docs.php new file mode 100644 index 0000000..3739556 --- /dev/null +++ b/data/en_us/cloud-siem/2022-06-16/api-docs.php @@ -0,0 +1,19637 @@ +<?php return [ + 'version' => '1.0', + 'info' => [ + 'style' => 'RPC', + 'product' => 'cloud-siem', + 'version' => '2022-06-16', + ], + 'directories' => [ + [ + 'id' => 187571, + 'title' => 'Multi-account Management', + 'type' => 'directory', + 'children' => [ + 'ListRdUsers', + ], + ], + [ + 'id' => 187473, + 'title' => 'Log Management', + 'type' => 'directory', + 'children' => [ + 'ListAccountsByLog', + 'DescribeUserBuyStatus', + 'ListProjectLogStores', + 'ModifyDataSource', + 'ModifyDataSourceLog', + 'ModifyBindAccount', + 'ListImportedLogsByProd', + 'ListDataSourceTypes', + 'ListDataSourceLogs', + 'ListBindDataSources', + 'ListAllProds', + 'EnableServiceForCloudSiem', + 'EnableAccessForCloudSiem', + 'DescribeServiceStatus', + 'DescribeProdCount', + 'DescribeImportedLogCount', + 'DescribeDataSourceParameters', + 'DescribeDataSourceInstance', + 'DescribeAuth', + 'DeleteDataSourceLog', + 'DeleteDataSource', + 'DeleteBindAccount', + 'BindAccount', + 'AddUserSourceLogConfig', + 'AddDataSourceLog', + 'AddDataSource', + 'ListBindAccount', + 'ListAccountAccessId', + 'SubmitImportLogTasks', + ], + ], + [ + 'id' => 186523, + 'title' => 'Alert Monitoring', + 'type' => 'directory', + 'children' => [ + 'DescribeAlertsWithEntity', + 'DescribeAlerts', + 'DescribeAlertSource', + 'DescribeAlertsCount', + ], + ], + [ + 'id' => 186560, + 'title' => 'Event Response', + 'type' => 'directory', + 'children' => [ + 'ListEntities', + 'DescribeEntityInfo', + 'PostEventDisposeAndWhiteruleList', + 'DescribeWafScope', + 'DescribeEventDispose', + 'DescribeEventCountByThreatLevel', + 'DescribeDisposeAndPlaybook', + 'DescribeCloudSiemEvents', + 'DescribeCloudSiemEventDetail', + 'DescribeCloudSiemAssetsCounter', + 'DescribeCloudSiemAssets', + 'DescribeAlertsWithEvent', + 'DescribeAlertSourceWithEvent', + ], + ], + [ + 'id' => 186542, + 'title' => 'Rule Management', + 'type' => 'directory', + 'children' => [ + 'DescribeAlertType', + 'DeleteCustomizeRule', + 'DescribeAggregateFunction', + 'DescribeCustomizeRuleCount', + 'DescribeCustomizeRuleTest', + 'DescribeCustomizeRuleTestHistogram', + 'DescribeLogFields', + 'DescribeLogSource', + 'DescribeLogType', + 'DescribeOperators', + 'ListCloudSiemCustomizeRules', + 'ListCloudSiemPredefinedRules', + 'ListCustomizeRuleTestResult', + 'PostCustomizeRule', + 'PostCustomizeRuleTest', + 'PostFinishCustomizeRuleTest', + 'PostRuleStatusChange', + ], + ], + [ + 'id' => 186597, + 'title' => 'Response Rules Management', + 'type' => 'directory', + 'children' => [ + 'DescribeScopeUsers', + 'DeleteAutomateResponseConfig', + 'DescribeAutomateResponseConfigCounter', + 'DescribeAutomateResponseConfigFeature', + 'ListAutomateResponseConfigs', + 'PostAutomateResponseConfig', + 'UpdateAutomateResponseConfigStatus', + ], + ], + [ + 'id' => 186605, + 'title' => 'Disposal Center', + 'type' => 'directory', + 'children' => [ + 'ListDisposeStrategy', + 'DescribeDisposeStrategyPlaybook', + ], + ], + [ + 'id' => 186147, + 'title' => 'Storage Management', + 'type' => 'directory', + 'children' => [ + 'RestoreCapacity', + 'GetCapacity', + 'SetStorage', + 'DescribeStorage', + 'GetStorage', + ], + ], + [ + 'id' => 186161, + 'title' => 'Delivery Management', + 'type' => 'directory', + 'children' => [ + 'ListDelivery', + 'OpenDelivery', + 'CloseDelivery', + ], + ], + [ + 'id' => 186608, + 'title' => 'White Rule Management', + 'type' => 'directory', + 'children' => [ + 'UpdateWhiteRuleList', + 'PostEventWhiteruleList', + 'DescribeWhiteRuleList', + 'DescribeAlertScene', + 'DescribeAlertSceneByEvent', + 'DeleteWhiteRuleList', + ], + ], + ], + 'components' => [ + 'schemas' => [], + ], + 'apis' => [ + 'ListRdUsers' => [ + 'summary' => 'Queries a list of Alibaba Cloud accounts that are added to the threat analysis feature for centralized management. These accounts can be used to perform operations supported by the threat analysis feature, such as adding logs and handling events.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'http', + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'list', + 'riskType' => 'none', + 'chargeType' => 'free', + 'abilityTreeCode' => '154081', + 'abilityTreeNodes' => [ + 'FEATUREsas5NAHBX', + ], + ], + 'parameters' => [ + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'CloudSiemSuccessResponse<List<ListRdUsersResult>>', + 'description' => 'CloudSiemSuccessResponse\\<List>'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'array', + 'items' => [ + 'description' => '', + 'type' => 'object', + 'properties' => [ + 'Joined' => [ + 'title' => '日志code。', + 'description' => 'Indicates whether the account is added to the threat analysis feature for centralized management. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'JoinedTime' => [ + 'description' => 'The time when the account was added to the threat analysis feature.'."\n", + 'type' => 'string', + 'example' => '2013-10-01 00:00:00', + ], + 'DelegatedOrNot' => [ + 'title' => '是否被委派查看自己的资源', + 'description' => 'Indicates whether the account can be used to view the logs and alerts within the account.'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'MainUserId' => [ + 'title' => '购买威胁分析的云账号ID。', + 'description' => 'The ID of the Alibaba Cloud account that is used to purchase the threat analysis feature.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '123XXXXXXXXX', + ], + 'SubUserId' => [ + 'title' => '威胁分析云账号ID。', + 'description' => 'The ID of the Alibaba Cloud account that is used to perform operations supported by the threat analysis feature.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '123XXXXXXXX', + ], + 'SubUserName' => [ + 'title' => '威胁分析云账号名字。', + 'description' => 'The username of the Alibaba Cloud account that can be used to perform operations supported by the threat analysis feature.'."\n", + 'type' => 'string', + 'example' => 'sas_account_xxx', + ], + ], + ], + ], + 'RequestId' => [ + 'title' => '请求消息ID。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '6276D891-*****-55B2-87B9-74D413F7****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorCode' => 'InternalError', + 'errorMessage' => 'The request processing has failed due to some unknown error.', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"Joined\\": true,\\n \\"JoinedTime\\": \\"2013-10-01 00:00:00\\",\\n \\"DelegatedOrNot\\": true,\\n \\"MainUserId\\": 0,\\n \\"SubUserId\\": 0,\\n \\"SubUserName\\": \\"sas_account_xxx\\"\\n }\\n ],\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', + 'title' => 'ListRdUsers', + ], + 'ListAccountsByLog' => [ + 'summary' => 'Query accounts by log.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'http', + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'list', + 'riskType' => 'none', + 'chargeType' => 'free', + 'abilityTreeCode' => '196080', + 'abilityTreeNodes' => [ + 'FEATUREsas5NAHBX', + ], + ], + 'parameters' => [ + [ + 'name' => 'ProdCode', + 'in' => 'formData', + 'schema' => [ + 'title' => '产品的code。', + 'description' => 'The code of the service.'."\n", + 'type' => 'string', + 'required' => true, + 'example' => 'qcloud_waf', + ], + ], + [ + 'name' => 'LogCodes', + 'in' => 'formData', + 'style' => 'repeatList', + 'schema' => [ + 'title' => '日志code列表,json数组格式。', + 'description' => 'The codes of logs. The value is a JSON array.'."\n", + 'type' => 'array', + 'items' => [ + 'description' => 'The code of the log. The value is a JSON array.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '["cloud_siem_hcloud_waf_alert_log"]', + ], + 'required' => true, + 'example' => '["cloud_siem_hcloud_waf_alert_log"]', + 'maxItems' => 100, + ], + ], + [ + 'name' => 'CloudCode', + 'in' => 'formData', + 'schema' => [ + 'title' => '多云的code。取值:'."\n" + .' - hcloud:华为云。'."\n" + .' - qcloud:腾讯云。 '."\n" + .' - aliyun:阿里云。', + 'description' => 'The code that is used for multi-cloud environments.'."\n", + 'type' => 'string', + 'required' => true, + 'example' => 'hcloud', + 'enum' => [ + 'qcloud', + 'hcloud', + 'aliyun', + ], + ], + ], + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The type of the view. Valid values:'."\n" + .'- 0: the current Alibaba Cloud account'."\n" + .'- 1: the global account', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The ID of the account that you switch from the management account.', + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '113091674488****', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The data management center of the threat analysis feature. Specify this parameter based on the region where your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions inside China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'CloudSiemSuccessResponse<List<ListAccountsByLogResult>>', + 'description' => 'CloudSiemSuccessResponse\\<List>'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'array', + 'items' => [ + 'description' => '', + 'type' => 'object', + 'properties' => [ + 'SubUserId' => [ + 'title' => '威胁分析云账号ID。', + 'description' => 'The ID of the Alibaba Cloud account for which the threat analysis feature is enabled.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '123XXXXXXXX', + ], + 'MainUserId' => [ + 'title' => '购买威胁分析的云账号ID。', + 'description' => 'The ID of the Alibaba Cloud account that is used to purchase the threat analysis feature.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '123XXXXXXXXX', + ], + 'AccountId' => [ + 'title' => '云账号ID。', + 'description' => 'The ID of the cloud account.'."\n", + 'type' => 'string', + 'example' => '123xxxxxxx', + ], + 'AccountName' => [ + 'title' => '云账号名称。', + 'description' => 'The name of the cloud account.'."\n", + 'type' => 'string', + 'example' => 'sas_account_xxx', + ], + 'Imported' => [ + 'title' => '该账号是否已经接入。取值:'."\n" + .' -1:已接入。'."\n" + .' -0:未接入。', + 'description' => 'Indicates whether the account is added. Valid values: -1: yes -0: no'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '123xxxxxxx', + ], + 'LogCode' => [ + 'title' => '日志code。', + 'description' => 'The code of the log.'."\n", + 'type' => 'string', + 'example' => 'cloud_siem_waf_xxxxx', + ], + 'ProdCode' => [ + 'title' => '日志对应的产品code。', + 'description' => 'The code of the service.'."\n", + 'type' => 'string', + 'example' => 'qcloud_waf', + ], + ], + ], + ], + 'RequestId' => [ + 'title' => '请求消息ID。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '6276D891-*****-55B2-87B9-74D413F7****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorCode' => 'InternalError', + 'errorMessage' => 'The request processing has failed due to some unknown error.', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"SubUserId\\": 0,\\n \\"MainUserId\\": 0,\\n \\"AccountId\\": \\"123xxxxxxx\\",\\n \\"AccountName\\": \\"sas_account_xxx\\",\\n \\"Imported\\": 0,\\n \\"LogCode\\": \\"cloud_siem_waf_xxxxx\\",\\n \\"ProdCode\\": \\"qcloud_waf\\"\\n }\\n ],\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', + 'title' => 'ListAccountsByLog', + ], + 'DescribeUserBuyStatus' => [ + 'summary' => 'Checks whether the current Alibaba Cloud account or the management account of a resource directory is used to purchase the threat analysis feature.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'http', + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'riskType' => 'none', + 'chargeType' => 'free', + 'abilityTreeCode' => '157646', + 'abilityTreeNodes' => [ + 'FEATUREsas5NAHBX', + ], + ], + 'parameters' => [ + [ + 'name' => 'SubUserId', + 'in' => 'formData', + 'schema' => [ + 'title' => '阿里云账号', + 'description' => 'The ID of the Alibaba Cloud account.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '123XXXXXX', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'CloudSiemSuccessResponse<UserBuyOrderStatusResult>', + 'description' => 'CloudSiemSuccessResponse'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'description' => 'The data returned.'."\n", + 'type' => 'object', + 'properties' => [ + 'MasterUserId' => [ + 'title' => '资源目录Master账号ID。', + 'description' => 'The ID of the management account of the resource directory.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '123XXXXXX', + ], + 'MasterUserName' => [ + 'title' => '资源目录Master账号显示名称。', + 'description' => 'The display name of the management account of the resource directory.'."\n", + 'type' => 'string', + 'example' => 'rd_master_xxx', + ], + 'MainUserId' => [ + 'title' => '购买威胁分析的阿里云账号ID。', + 'description' => 'The ID of the Alibaba Cloud account that is used to purchase the threat analysis feature.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '123XXXXXX', + ], + 'MainUserName' => [ + 'title' => '购买威胁分析的阿里云账号名称。', + 'description' => 'The username of the Alibaba Cloud account that is used to purchase the threat analysis feature.'."\n", + 'type' => 'string', + 'example' => 'sas_account_xxx', + ], + 'SubUserId' => [ + 'title' => '当前登录阿里云账号ID。', + 'description' => 'The ID of the logon Alibaba Cloud account.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '123XXXXXX', + ], + 'SubUserName' => [ + 'title' => '当前登录阿里云账号名称。', + 'description' => 'The username of the logon Alibaba Cloud account.'."\n", + 'type' => 'string', + 'example' => 'sas_account_xxx', + ], + 'Capacity' => [ + 'title' => '购买威胁分析的SLS容量,单位GB。', + 'description' => 'The log storage capacity that is purchased for the threat analysis feature. Unit: GB.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '1024', + ], + 'SasInstanceId' => [ + 'title' => '云安全中心实例ID。', + 'description' => 'The instance ID of Security Center.'."\n", + 'type' => 'string', + 'example' => 'sas-instance-xxxxx', + ], + 'CanBuy' => [ + 'title' => '当前账号是否可以进行威胁分析订单操作。取值:'."\n" + .' - true:可以购买、升级、变配等。'."\n" + .' - false:不可以操作威胁分析订单。', + 'description' => 'Indicates whether the logon Alibaba Cloud account can be used to place orders for the threat analysis feature, such as purchase, upgrade, and specifications change orders. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'EndTime' => [ + 'title' => '威胁分析到期时间,毫秒级时间戳。', + 'description' => 'The timestamp when the threat analysis feature expires. Unit: milliseconds.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '1669823999000', + ], + 'DurationDays' => [ + 'title' => '距离威胁分析过期时间的天数。', + 'description' => 'The number of days before the expiration time of the threat analysis feature.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '3', + ], + 'RdOrder' => [ + 'title' => '是否是siem公测版订单。', + 'type' => 'integer', + 'format' => 'int32', + 'example' => '1', + ], + ], + 'title' => '请求返回值。', + ], + 'RequestId' => [ + 'title' => '请求消息ID。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '81D8EC0C-0804-51AD-8C38-17ED0BC74892', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorCode' => 'InternalError', + 'errorMessage' => 'The request processing has failed due to some unknown error.', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"MasterUserId\\": 0,\\n \\"MasterUserName\\": \\"rd_master_xxx\\",\\n \\"MainUserId\\": 0,\\n \\"MainUserName\\": \\"sas_account_xxx\\",\\n \\"SubUserId\\": 0,\\n \\"SubUserName\\": \\"sas_account_xxx\\",\\n \\"Capacity\\": 1024,\\n \\"SasInstanceId\\": \\"sas-instance-xxxxx\\",\\n \\"CanBuy\\": true,\\n \\"EndTime\\": 1669823999000,\\n \\"DurationDays\\": 3,\\n \\"RdOrder\\": 1\\n },\\n \\"RequestId\\": \\"81D8EC0C-0804-51AD-8C38-17ED0BC74892\\"\\n}","type":"json"}]', + 'title' => 'DescribeUserBuyStatus', + ], + 'ListProjectLogStores' => [ + 'summary' => 'Queries the dedicated Simple Log Service project and Logstore for a cloud service based on the patterns of the project and Logstore names.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'http', + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'list', + 'riskType' => 'none', + 'chargeType' => 'free', + ], + 'parameters' => [ + [ + 'name' => 'SourceProdCode', + 'in' => 'formData', + 'schema' => [ + 'title' => '待查询的产品code。', + 'description' => 'The code of the cloud service.'."\n", + 'type' => 'string', + 'required' => true, + 'example' => 'sas', + ], + ], + [ + 'name' => 'SourceLogCode', + 'in' => 'formData', + 'schema' => [ + 'title' => '待查询的日志code。', + 'description' => 'The log code.'."\n", + 'type' => 'string', + 'required' => true, + 'example' => 'cloud_siem_aegis_proc', + ], + ], + [ + 'name' => 'SubUserId', + 'in' => 'formData', + 'schema' => [ + 'title' => '待查询云账号ID。', + 'description' => 'The ID of the Alibaba Cloud account.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'required' => true, + 'example' => '123XXXXXXXX', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'CloudSiemSuccessResponse<List<ListProjectLogStoreResult>>', + 'description' => 'CloudSiemSuccessResponse\\<List>'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'array', + 'items' => [ + 'description' => '', + 'type' => 'object', + 'properties' => [ + 'Project' => [ + 'title' => 'sls的project名字。', + 'description' => 'The name of the Simple Log Service project.'."\n", + 'type' => 'string', + 'example' => 'cloud-siem-project', + ], + 'LogStore' => [ + 'title' => 'sls的logstore名字。', + 'description' => 'The name of the Simple Log Service Logstore.'."\n", + 'type' => 'string', + 'example' => 'cloud-siem-logstore', + ], + 'EndPoint' => [ + 'title' => 'sls的project的endpoint。', + 'description' => 'The endpoint of the Simple Log Service project.'."\n", + 'type' => 'string', + 'example' => 'cn-hangzhou.log.aliyuncs.com', + ], + 'RegionId' => [ + 'title' => 'sls的project所在的region。', + 'description' => 'The ID of the region in which the Simple Log Service project resides.'."\n", + 'type' => 'string', + 'example' => 'cn-hangzhou', + ], + 'LocalName' => [ + 'title' => 'sls的project所在的region名字。', + 'description' => 'The name of the region in which the Simple Log Service project resides.'."\n", + 'type' => 'string', + 'example' => 'hangzhou', + ], + 'MainUserId' => [ + 'title' => '购买威胁分析的阿里云账号ID。', + 'description' => 'The ID of the Alibaba Cloud account that is used to purchase the threat analysis feature.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '123XXXXXXXXX', + ], + 'SubUserId' => [ + 'title' => '威胁分析阿里云账号ID。', + 'description' => 'The ID of the Alibaba Cloud account that can be used to perform operations supported by the threat analysis feature.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '123XXXXXXXX', + ], + 'SubUserName' => [ + 'title' => '威胁分析阿里云账号名字。', + 'description' => 'The username of the Alibaba Cloud account that can be used to perform operations supported by the threat analysis feature.'."\n", + 'type' => 'string', + 'example' => 'sas_account_xxxx', + ], + ], + ], + ], + 'RequestId' => [ + 'title' => '请求消息ID。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '6276D891-*****-55B2-87B9-74D413F7****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorCode' => 'InternalError', + 'errorMessage' => 'The request processing has failed due to some unknown error.', + ], + ], + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"Project\\": \\"cloud-siem-project\\",\\n \\"LogStore\\": \\"cloud-siem-logstore\\",\\n \\"EndPoint\\": \\"cn-hangzhou.log.aliyuncs.com\\",\\n \\"RegionId\\": \\"cn-hangzhou\\",\\n \\"LocalName\\": \\"hangzhou\\",\\n \\"MainUserId\\": 0,\\n \\"SubUserId\\": 0,\\n \\"SubUserName\\": \\"sas_account_xxxx\\"\\n }\\n ],\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', + 'title' => 'ListProjectLogStores', + ], + 'ModifyDataSource' => [ + 'summary' => 'Modifies a data source that is added to the threat analysis feature.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'http', + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'write', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'update', + 'riskType' => 'none', + 'chargeType' => 'free', + ], + 'parameters' => [ + [ + 'name' => 'AccountId', + 'in' => 'formData', + 'schema' => [ + 'title' => '云账号ID。', + 'description' => 'The ID of the cloud account.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '123xxxxxx', + ], + ], + [ + 'name' => 'DataSourceType', + 'in' => 'formData', + 'schema' => [ + 'title' => '数据源类型。', + 'description' => 'The type of the data source. Valid values:'."\n" + ."\n" + .'* ckafka: Tencent Cloud Kafka (CKafka)'."\n" + .'* obs: Huawei Cloud Object Storage Service (OBS)'."\n" + .'* wafApi: download API of Tencent Cloud Web Application Firewall (WAF)'."\n", + 'type' => 'string', + 'required' => true, + 'example' => 'obs', + ], + ], + [ + 'name' => 'DataSourceInstanceId', + 'in' => 'formData', + 'schema' => [ + 'title' => '数据源ID,由威胁分析根据具体参数计算md5生成。', + 'description' => 'The ID of the data source. The ID is an MD5 hash value that is calculated by the threat analysis feature based on specific parameters. You can call the [DescribeDataSourceInstance](https://api.aliyun-inc.com/#/publishment/document/cloud-siem/863fdf54478f4cc5877e27c2a5fe9e44?tenantUuid=f382fccd88b94c5c8c864def6815b854\\&activeTabKey=api%7CDescribeDataSourceInstance) operation to query the IDs of data sources.'."\n", + 'type' => 'string', + 'required' => true, + 'example' => '220ba97c9d1fdb0b9c7e8c7ca328d7ea', + ], + ], + [ + 'name' => 'DataSourceInstanceName', + 'in' => 'formData', + 'schema' => [ + 'title' => '数据源名称。', + 'description' => 'The name of the data source.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'beijing_waf_kafka', + ], + ], + [ + 'name' => 'DataSourceInstanceRemark', + 'in' => 'formData', + 'schema' => [ + 'title' => '数据源备注。', + 'description' => 'The remarks on the data source.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'waf_alert_log', + ], + ], + [ + 'name' => 'DataSourceInstanceParams', + 'in' => 'formData', + 'schema' => [ + 'title' => '数据源参数,json数组格式。', + 'description' => 'The parameters of the data source in the JSON string format.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '[{"paraCode":"region_code","paraValue":"ap-guangzhou"}]', + ], + ], + [ + 'name' => 'CloudCode', + 'in' => 'formData', + 'schema' => [ + 'title' => '多云的code。', + 'description' => 'The code of the cloud service provider. Valid values:'."\n" + ."\n" + .'* qcloud: Tencent Cloud'."\n" + .'* aliyun: Alibaba Cloud'."\n" + .'* hcloud: Huawei Cloud'."\n", + 'type' => 'string', + 'required' => true, + 'example' => 'hcloud', + 'enum' => [ + 'qcloud', + 'hcloud', + 'aliyun', + ], + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'CloudSiemSuccessResponse<ModifyDataSourceResult>', + 'description' => 'CloudSiemSuccessResponse'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'object', + 'properties' => [ + 'Count' => [ + 'title' => '修改数据源的数量,等于1表示成功,小于等于0表示失败。', + 'description' => 'The number of data sources that are modified. The value 1 indicates that the modification is successful, and a value less than or equal to 0 indicates that the modification failed.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '1', + ], + 'DataSourceInstanceId' => [ + 'title' => '数据源ID,由威胁分析根据具体参数计算md5生成。', + 'description' => 'The ID of the data source. The ID is an MD5 hash value that is calculated by the threat analysis feature based on specific parameters.'."\n", + 'type' => 'string', + 'example' => '220ba97c9d1fdb0b9c7e8c7ca328d7ea', + ], + ], + ], + 'RequestId' => [ + 'title' => '请求消息ID。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '6276D891-*****-55B2-87B9-74D413F7****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorCode' => 'InternalError', + 'errorMessage' => 'The request processing has failed due to some unknown error.', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"Count\\": 1,\\n \\"DataSourceInstanceId\\": \\"220ba97c9d1fdb0b9c7e8c7ca328d7ea\\"\\n },\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', + 'title' => 'ModifyDataSource', + ], + 'ModifyDataSourceLog' => [ + 'summary' => 'Modifies the description of the logs that are added to the threat analysis feature for a data source within a cloud account.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'http', + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'write', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'update', + 'riskType' => 'none', + 'chargeType' => 'free', + ], + 'parameters' => [ + [ + 'name' => 'LogCode', + 'in' => 'formData', + 'schema' => [ + 'title' => '日志code。', + 'description' => 'The log code.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cloud_siem_waf_xxxxx', + ], + ], + [ + 'name' => 'AccountId', + 'in' => 'formData', + 'schema' => [ + 'title' => '云账号ID。', + 'description' => 'The ID of the cloud account.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '123xxxxxxx', + ], + ], + [ + 'name' => 'DataSourceType', + 'in' => 'formData', + 'schema' => [ + 'title' => '数据源类型。取值:'."\n" + .' - obs:华为云obs。'."\n" + .' - wafApi:腾讯云waf下载api。 '."\n" + .' - ckafka: 腾讯云ckafka。', + 'description' => 'The type of the data source. Valid values:'."\n" + ."\n" + .'* obs: Huawei Cloud Object Storage Service (OBS)'."\n" + .'* wafApi: download API of Tencent Cloud Web Application Firewall (WAF)'."\n" + .'* ckafka: Tencent Cloud Kafka (CKafka)'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'obs', + ], + ], + [ + 'name' => 'DataSourceInstanceId', + 'in' => 'formData', + 'schema' => [ + 'title' => '数据源ID,由威胁分析根据具体参数计算md5生成。', + 'description' => 'The ID of the data source. The ID is an MD5 hash value that is calculated by the threat analysis feature based on specific parameters. You can call the [DescribeDataSourceInstance](https://api.aliyun-inc.com/#/publishment/document/cloud-siem/863fdf54478f4cc5877e27c2a5fe9e44?tenantUuid=f382fccd88b94c5c8c864def6815b854\\&activeTabKey=api%7CDescribeDataSourceInstance) operation to query the IDs of data sources.'."\n", + 'type' => 'string', + 'required' => true, + 'example' => 'ef33097c9d1fdb0b9c7e8c7ca320pkl1', + ], + ], + [ + 'name' => 'DataSourceInstanceLogs', + 'in' => 'formData', + 'schema' => [ + 'title' => '数据源参数详情,json数组格式。', + 'description' => 'The parameters of the data source. Set this parameter to a JSON string.'."\n", + 'type' => 'string', + 'required' => true, + 'example' => '[{"LogCode":"cloud_siem_qcloud_waf_alert_log","LogParas":"[{\\"ParaCode\\":\\"api_name\\",\\"ParaValue\\":\\"GetAttackDownloadRecords\\"}]"}]', + ], + ], + [ + 'name' => 'LogInstanceId', + 'in' => 'formData', + 'schema' => [ + 'title' => '日志ID,由威胁分析根据具体参数计算md5生成。', + 'description' => 'The ID of the log. The ID is an MD5 hash value that is calculated by the threat analysis feature based on specific parameters. You can call the [ListDataSourceLogs](https://api.aliyun-inc.com/#/publishment/document/cloud-siem/863fdf54478f4cc5877e27c2a5fe9e44?tenantUuid=f382fccd88b94c5c8c864def6815b854\\&activeTabKey=api%7CListDataSourceLogs) to query log IDs.'."\n", + 'type' => 'string', + 'required' => true, + 'example' => 'ef33097c9d1fdb0b9c7e8c7ca320pkl1', + ], + ], + [ + 'name' => 'CloudCode', + 'in' => 'formData', + 'schema' => [ + 'title' => '多云的code。', + 'description' => 'The code of the cloud service provider. Valid values:'."\n" + ."\n" + .'* qcloud: Tencent Cloud'."\n" + .'* aliyun: Alibaba Cloud'."\n" + .'* hcloud: Huawei Cloud'."\n", + 'type' => 'string', + 'required' => true, + 'example' => 'hcloud', + 'enum' => [ + 'qcloud', + 'hcloud', + 'aliyun', + ], + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'CloudSiemSuccessResponse<ModifyDataSourceLogResult>', + 'description' => 'CloudSiemSuccessResponse'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'object', + 'properties' => [ + 'Count' => [ + 'title' => '修改日志的数量,等于1表示成功,小于等于0表示失败。', + 'description' => 'The number of logs that are modified. The value 1 indicates that the modification is successful, and a value less than or equal to 0 indicates that the modification failed.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '1', + ], + 'LogInstanceId' => [ + 'title' => '日志的ID,由威胁分析根据具体参数计算md5生成。', + 'description' => 'The ID of the log. The ID is an MD5 hash value that is calculated by the threat analysis feature based on specific parameters.'."\n", + 'type' => 'string', + 'example' => '220ba97c9d1fdb0b9c7e8c7ca328d7ea', + ], + ], + ], + 'RequestId' => [ + 'title' => '请求消息ID。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '6276D891-*****-55B2-87B9-74D413F7****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorCode' => 'InternalError', + 'errorMessage' => 'The request processing has failed due to some unknown error.', + ], + ], + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"Count\\": 1,\\n \\"LogInstanceId\\": \\"220ba97c9d1fdb0b9c7e8c7ca328d7ea\\"\\n },\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', + 'title' => 'ModifyDataSourceLog', + ], + 'ModifyBindAccount' => [ + 'summary' => 'Modifies a third-party cloud account that is added to the threat analysis feature.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'http', + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'write', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'update', + 'riskType' => 'none', + 'chargeType' => 'free', + 'abilityTreeCode' => '194689', + 'abilityTreeNodes' => [ + 'FEATUREsas5NAHBX', + ], + ], + 'parameters' => [ + [ + 'name' => 'AccessId', + 'in' => 'formData', + 'schema' => [ + 'title' => '云账号的AccessKeyId。', + 'description' => 'The AccessKey ID of the cloud account.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'ABCXXXXXXXXX', + ], + ], + [ + 'name' => 'AccountName', + 'in' => 'formData', + 'schema' => [ + 'title' => '多云账号名称。', + 'description' => 'The username of the cloud account.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'sas_account_xxx', + ], + ], + [ + 'name' => 'BindId', + 'in' => 'formData', + 'schema' => [ + 'title' => '绑定记录ID。ListBindAccount接口返回的BindId。', + 'description' => 'The ID that is generated by the system when the account is added. You can call the ListBindAccount operation to query the ID.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'required' => true, + 'example' => '123', + ], + ], + [ + 'name' => 'AccountId', + 'in' => 'formData', + 'schema' => [ + 'title' => '云账号ID。', + 'description' => 'The ID of the cloud account.'."\n", + 'type' => 'string', + 'required' => true, + 'example' => '123xxxxxxx', + ], + ], + [ + 'name' => 'CloudCode', + 'in' => 'formData', + 'schema' => [ + 'title' => '多云的code。', + 'description' => 'The code of the cloud service provider.'."\n", + 'type' => 'string', + 'required' => true, + 'example' => 'hcloud', + 'enum' => [ + 'qcloud', + 'hcloud', + ], + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'type' => 'integer', + 'format' => 'int64', + ], + ], + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'type' => 'integer', + 'format' => 'int32', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'CloudSiemSuccessResponse<ModifyBindAccountResult>', + 'description' => 'CloudSiemSuccessResponse'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'object', + 'properties' => [ + 'Count' => [ + 'title' => '修改账号绑定的数量,等于1表示成功,小于等于0表示失败。', + 'description' => 'The number of the accounts that are modified. The value 1 indicates that the modification is successful, and a value less than or equal to 0 indicates that the modification failed.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '1', + ], + ], + ], + 'RequestId' => [ + 'title' => '请求消息ID。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '6276D891-*****-55B2-87B9-74D413F7****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorCode' => 'InternalError', + 'errorMessage' => 'The request processing has failed due to some unknown error.', + ], + ], + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"Count\\": 1\\n },\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', + 'title' => 'ModifyBindAccount', + ], + 'ListImportedLogsByProd' => [ + 'summary' => 'Queries the details of the logs in a cloud service that is added to the threat analysis feature.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'http', + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'list', + 'riskType' => 'none', + 'chargeType' => 'free', + 'abilityTreeCode' => '195548', + 'abilityTreeNodes' => [ + 'FEATUREsas5NAHBX', + ], + ], + 'parameters' => [ + [ + 'name' => 'ProdCode', + 'in' => 'formData', + 'schema' => [ + 'title' => '产品的code。', + 'description' => 'The code of the cloud service.'."\n", + 'type' => 'string', + 'required' => true, + 'example' => 'qcloud_waf', + ], + ], + [ + 'name' => 'CloudCode', + 'in' => 'formData', + 'schema' => [ + 'title' => '多云的code。取值:'."\n" + .' - hcloud:华为云。'."\n" + .' - qcloud:腾讯云。 '."\n" + .' - aliyun:阿里云。', + 'description' => 'The code of the cloud service provider. Valid values:'."\n" + ."\n" + .'* qcloud: Tencent Cloud.'."\n" + .'* aliyun: Alibaba Cloud.'."\n" + .'* hcloud: Huawei Cloud.'."\n", + 'type' => 'string', + 'required' => true, + 'enumValueTitles' => [], + 'example' => 'hcloud', + 'enum' => [ + 'qcloud', + 'hcloud', + 'aliyun', + ], + ], + ], + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The type of the view. Valid values:'."\n" + .'- 0: the current Alibaba Cloud account'."\n" + .'- 1: the global account', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The ID of the account that you switch from the management account.', + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '113091674488****', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'CloudSiemSuccessResponse<List<ListImportedLogsByProdResult>>', + 'description' => 'CloudSiemSuccessResponse\\<List>'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'array', + 'items' => [ + 'description' => '', + 'type' => 'object', + 'properties' => [ + 'ProdCode' => [ + 'title' => '日志对应的产品code。', + 'description' => 'The code of the cloud service to which the log belongs.'."\n", + 'type' => 'string', + 'example' => 'qcloud_waf', + ], + 'LogCode' => [ + 'title' => '日志code。', + 'description' => 'The code of the log.'."\n", + 'type' => 'string', + 'example' => 'cloud_siem_waf_xxxxx', + ], + 'LogMdsCode' => [ + 'title' => '日志显示code。', + 'description' => 'The display code of the log.'."\n", + 'type' => 'string', + 'example' => '${siem.prod. cloud_siem_waf_xxxxx}', + ], + 'ImportedUserCount' => [ + 'title' => '已接入该日志的用户数量。', + 'description' => 'The number of users who have added the log.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '2', + ], + 'UnImportedUserCount' => [ + 'title' => '未接入该日志的用户数量。', + 'description' => 'The number of users who have not added the log.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '3', + ], + 'TotalUserCount' => [ + 'title' => '该日志下总共的用户数量。', + 'description' => 'The total number of users who have the log.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '5', + ], + 'ModifyTime' => [ + 'title' => '日志最后接入时间。', + 'description' => 'The time when the log was last added.'."\n", + 'type' => 'string', + 'example' => '2023-11-23 12:30:00', + ], + 'Imported' => [ + 'title' => '日志是否已经接入。取值:'."\n" + .' - 1:已接入。 '."\n" + .' - 0:未接入。', + 'description' => 'Indicates whether the log is added to the threat analysis feature. Valid values:'."\n" + ."\n" + .'* 1: yes.'."\n" + .'* 0: no.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '2023-11-23 12:30:00', + ], + 'AutoImported' => [ + 'title' => '新增账号是否自动接入。取值:'."\n" + .' - 1:自动接入。 '."\n" + .' - 0:不自动接入。', + 'description' => 'Indicates whether the log is automatically added to the threat analysis feature within newly added accounts. Valid values:'."\n" + ."\n" + .'* 1: yes.'."\n" + .'* 0: no.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '2023-11-23 12:30:00', + ], + 'LogType' => [ + 'title' => '日志类型。取值:'."\n" + .' - 1:中心侧接入。 '."\n" + .' - 2:预定义日志服务。 '."\n" + .' -3:自定义日志服务', + 'description' => 'The type of log. Valid values:'."\n" + .' - 1: the log produced by other product'."\n" + .' - 2: the predefined log'."\n" + .' - 3: the custom log', + 'type' => 'integer', + 'format' => 'int32', + 'example' => '1', + ], + 'CloudCode' => [ + 'title' => '多云的code。', + 'description' => 'The code of the cloud service provider. Valid values:'."\n" + ."\n" + .'* qcloud: Tencent Cloud.'."\n" + .'* aliyun: Alibaba Cloud.'."\n" + .'* hcloud: Huawei Cloud.'."\n", + 'type' => 'string', + 'example' => 'hcloud', + 'enum' => [ + 'qcloud', + 'hcloud', + 'aliyun', + ], + ], + ], + ], + ], + 'RequestId' => [ + 'title' => '请求消息ID。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '6276D891-*****-55B2-87B9-74D413F7****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorCode' => 'InternalError', + 'errorMessage' => 'The request processing has failed due to some unknown error.', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"ProdCode\\": \\"qcloud_waf\\",\\n \\"LogCode\\": \\"cloud_siem_waf_xxxxx\\",\\n \\"LogMdsCode\\": \\"${siem.prod. cloud_siem_waf_xxxxx}\\",\\n \\"ImportedUserCount\\": 2,\\n \\"UnImportedUserCount\\": 3,\\n \\"TotalUserCount\\": 5,\\n \\"ModifyTime\\": \\"2023-11-23 12:30:00\\",\\n \\"Imported\\": 0,\\n \\"AutoImported\\": 0,\\n \\"LogType\\": 0,\\n \\"CloudCode\\": \\"hcloud\\"\\n }\\n ],\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', + 'title' => 'ListImportedLogsByProd', + ], + 'ListDataSourceTypes' => [ + 'summary' => 'Queries a list of data source types in third-party cloud services that can be added to the threat analysis feature.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'http', + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'list', + 'riskType' => 'none', + 'chargeType' => 'free', + ], + 'parameters' => [ + [ + 'name' => 'CloudCode', + 'in' => 'formData', + 'schema' => [ + 'title' => '多云的code。', + 'description' => 'The code of the third-party cloud service.'."\n" + ."\n" + .'Valid values:'."\n" + ."\n" + .'* qcloud'."\n" + .'* hcloud'."\n", + 'type' => 'string', + 'required' => true, + 'example' => 'hcloud', + 'enum' => [ + 'qcloud', + 'hcloud', + ], + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'CloudSiemSuccessResponse<List<ListDataSourceTypesResult>>', + 'description' => 'CloudSiemSuccessResponse\\<List>'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'DataSourceType' => [ + 'title' => '数据源类型。取值:'."\n" + .' - obs:华为云obs。'."\n" + .' - wafApi:腾讯云waf下载api。 '."\n" + .' - ckafka: 腾讯云ckafka。', + 'description' => 'The type of the data source. Valid values:'."\n" + ."\n" + .'* obs: Huawei Cloud Object Storage Service (OBS)'."\n" + .'* wafApi: download API of Tencent Cloud Web Application Firewall (WAF)'."\n" + .'* ckafka: Tencent Cloud Kafka (CKafka)'."\n", + 'type' => 'string', + 'example' => 'obs', + ], + 'CloudCode' => [ + 'title' => '多云的code。', + 'description' => 'The code of the third-party cloud service.'."\n", + 'type' => 'string', + 'example' => 'hcloud', + 'enum' => [ + 'qcloud', + 'hcloud', + ], + ], + ], + ], + ], + 'RequestId' => [ + 'title' => '请求消息ID。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '6276D891-*****-55B2-87B9-74D413F7****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'IllegalParameter', + 'errorMessage' => 'The specified parameter %s is not valid, only support %s', + ], + ], + 500 => [ + [ + 'errorCode' => 'InternalError', + 'errorMessage' => 'The request processing has failed due to some unknown error.', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"DataSourceType\\": \\"obs\\",\\n \\"CloudCode\\": \\"hcloud\\"\\n }\\n ],\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', + 'title' => 'ListDataSourceTypes', + ], + 'ListDataSourceLogs' => [ + 'summary' => 'Queries the logs of a data source.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'http', + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'list', + 'riskType' => 'none', + 'chargeType' => 'free', + ], + 'parameters' => [ + [ + 'name' => 'DataSourceInstanceId', + 'in' => 'formData', + 'schema' => [ + 'title' => '数据源ID,由威胁分析根据具体参数计算md5生成。', + 'description' => 'The ID of the data source. The value is obtained after the threat analysis feature calculates the MD5 hash value of a parameter.'."\n", + 'type' => 'string', + 'required' => true, + 'example' => '220ba97c9d1fdb0b9c7e8c7ca328d7ea', + ], + ], + [ + 'name' => 'AccountId', + 'in' => 'formData', + 'schema' => [ + 'title' => '云账号ID。', + 'description' => 'The ID of the cloud account.'."\n", + 'type' => 'string', + 'required' => true, + 'example' => '123xxxxxx', + ], + ], + [ + 'name' => 'CloudCode', + 'in' => 'formData', + 'schema' => [ + 'title' => '多云的code。', + 'description' => 'The code that is used for multi-cloud environments. Valid values:'."\n" + ."\n" + .'* qcloud: Tencent Cloud'."\n" + .'* aliyun: Alibaba Cloud'."\n" + .'* hcloud: Huawei Cloud'."\n", + 'type' => 'string', + 'required' => true, + 'enumValueTitles' => [], + 'example' => 'hcloud', + 'enum' => [ + 'qcloud', + 'hcloud', + 'aliyun', + ], + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The data management center of the threat analysis feature. Specify this parameter based on the region where your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions inside China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'CloudSiemSuccessResponse<ListDataSourceLogsResult>', + 'description' => 'CloudSiemSuccessResponse'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'object', + 'properties' => [ + 'SubUserId' => [ + 'title' => '日志对应的阿里云账号ID。', + 'description' => 'The ID of the Alibaba Cloud account.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '123XXXXXXXX', + ], + 'DataSourceInstanceId' => [ + 'title' => '数据源ID,由威胁分析根据具体参数计算md5生成。', + 'description' => 'The ID of the data source. The value is obtained after the threat analysis feature calculates the MD5 hash value of a parameter.'."\n", + 'type' => 'string', + 'example' => '220ba97c9d1fdb0b9c7e8c7ca328d7ea', + ], + 'DataSourceInstanceName' => [ + 'title' => '数据源名称。', + 'description' => 'The name of the data source.'."\n", + 'type' => 'string', + 'example' => 'waf kafka', + ], + 'DataSourceInstanceRemark' => [ + 'title' => '数据源备注。', + 'description' => 'The remarks of the data source.'."\n", + 'type' => 'string', + 'example' => 'waf kafka', + ], + 'DataSourceInstanceLogs' => [ + 'title' => '该数据源下日志列表。', + 'description' => 'The logs of the data source.'."\n", + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'LogInstanceId' => [ + 'title' => '日志的ID,由威胁分析根据具体参数计算md5生成。', + 'description' => 'The ID of the log. The value is obtained after the threat analysis feature calculates the MD5 hash value of a parameter.'."\n", + 'type' => 'string', + 'example' => '220ba97c9d1fdb0b9c7e8c7ca328d7ea', + ], + 'LogCode' => [ + 'title' => '日志code。', + 'description' => 'The code of the log.'."\n", + 'type' => 'string', + 'example' => 'cloud_siem_waf_xxxxx', + ], + 'LogMdsCode' => [ + 'title' => '日志显示code。', + 'description' => 'The display code of the log.'."\n", + 'type' => 'string', + 'example' => '${siem.prod.cloud_siem_waf_xxxxx}', + ], + 'LogParams' => [ + 'title' => '日志详细参数列表。', + 'description' => 'The parameters of the log.'."\n", + 'type' => 'array', + 'items' => [ + 'description' => '', + 'type' => 'object', + 'properties' => [ + 'ParaCode' => [ + 'title' => '日志参数code。', + 'description' => 'The parameter code of the log.'."\n", + 'type' => 'string', + 'example' => 'region_code', + ], + 'ParaValue' => [ + 'title' => '日志参数值。', + 'description' => 'The parameter value of the log.'."\n", + 'type' => 'string', + 'example' => 'ap-guangzhou', + ], + ], + ], + ], + 'TaskStatus' => [ + 'title' => '日志对应的接入任务状态。取值:'."\n" + .' - 1:已接入。 '."\n" + .' - 0:未接入。', + 'description' => 'Indicates whether the task for which logs are collected is enabled. Valid values:'."\n" + ."\n" + .'* 1: yes'."\n" + .'* 0: no'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '1', + ], + ], + ], + ], + 'AccountId' => [ + 'title' => '云账号ID。', + 'description' => 'The ID of the cloud account.'."\n", + 'type' => 'string', + 'example' => '123xxxxxxx', + ], + 'CloudCode' => [ + 'title' => '多云的code。', + 'description' => 'The code that is used for multi-cloud environments. Valid values:'."\n" + ."\n" + .'* qcloud: Tencent Cloud'."\n" + .'* aliyun: Alibaba Cloud'."\n" + .'* hcloud: Huawei Cloud'."\n", + 'type' => 'string', + 'example' => 'hcloud', + 'enum' => [ + 'qcloud', + 'hcloud', + ], + ], + ], + ], + 'RequestId' => [ + 'title' => '请求消息ID。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '6276D891-*****-55B2-87B9-74D413F7****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorCode' => 'InternalError', + 'errorMessage' => 'The request processing has failed due to some unknown error.', + ], + ], + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"SubUserId\\": 0,\\n \\"DataSourceInstanceId\\": \\"220ba97c9d1fdb0b9c7e8c7ca328d7ea\\",\\n \\"DataSourceInstanceName\\": \\"waf kafka\\",\\n \\"DataSourceInstanceRemark\\": \\"waf kafka\\",\\n \\"DataSourceInstanceLogs\\": [\\n {\\n \\"LogInstanceId\\": \\"220ba97c9d1fdb0b9c7e8c7ca328d7ea\\",\\n \\"LogCode\\": \\"cloud_siem_waf_xxxxx\\",\\n \\"LogMdsCode\\": \\"${siem.prod.cloud_siem_waf_xxxxx}\\",\\n \\"LogParams\\": [\\n {\\n \\"ParaCode\\": \\"region_code\\",\\n \\"ParaValue\\": \\"ap-guangzhou\\"\\n }\\n ],\\n \\"TaskStatus\\": 1\\n }\\n ],\\n \\"AccountId\\": \\"123xxxxxxx\\",\\n \\"CloudCode\\": \\"hcloud\\"\\n },\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', + 'title' => 'ListDataSourceLogs', + ], + 'ListBindDataSources' => [ + 'summary' => 'Queries a list of data sources that are added to the threat analysis feature.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'http', + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'list', + 'riskType' => 'none', + 'chargeType' => 'free', + ], + 'parameters' => [ + [ + 'name' => 'AccountId', + 'in' => 'formData', + 'schema' => [ + 'title' => '云账号ID。', + 'description' => 'The ID of the cloud account.'."\n", + 'type' => 'string', + 'required' => true, + 'example' => '123xxxxxxx', + ], + ], + [ + 'name' => 'CloudCode', + 'in' => 'formData', + 'schema' => [ + 'title' => '多云的code。', + 'description' => 'The code of the cloud service provider.'."\n" + ."\n" + .'Valid values:'."\n" + ."\n" + .'* qcloud'."\n" + .'* hcloud'."\n" + .'* aliyun'."\n", + 'type' => 'string', + 'required' => true, + 'example' => 'hcloud', + 'enum' => [ + 'qcloud', + 'hcloud', + 'aliyun', + ], + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'CloudSiemSuccessResponse<List<ListBindDataSourcesResult>>', + 'description' => 'CloudSiemSuccessResponse\\<List>'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'AccountName' => [ + 'title' => '多云账号名称。', + 'description' => 'The username of the cloud account.'."\n", + 'type' => 'string', + 'example' => 'sas_tq_account_xxxx', + ], + 'DataSourceInstanceId' => [ + 'title' => '数据源ID,由威胁分析根据具体参数计算md5生成。', + 'description' => 'The ID of the data source. The ID is an MD5 hash value that is calculated by the threat analysis feature based on specific parameters.'."\n", + 'type' => 'string', + 'example' => '220ba97c9d1fdb0b9c7e8c7ca328d7ea', + ], + 'DataSourceType' => [ + 'title' => '数据源类型。取值:'."\n" + .' - obs:华为云obs。'."\n" + .' - wafApi:腾讯云waf下载api。 '."\n" + .' - ckafka: 腾讯云ckafka。', + 'description' => 'The type of the data source. Valid values:'."\n" + ."\n" + .'* obs: Huawei Cloud Object Storage Service (OBS)'."\n" + .'* wafApi: download API of Tencent Cloud Web Application Firewall (WAF)'."\n" + .'* ckafka: Tencent Cloud Kafka (CKafka)'."\n", + 'type' => 'string', + 'example' => 'obs', + ], + 'DataSourceName' => [ + 'title' => '数据源名称。', + 'description' => 'The name of the data source.'."\n", + 'type' => 'string', + 'example' => 'waf_kafka', + ], + 'DataSourceRemark' => [ + 'title' => '数据源备注。', + 'description' => 'The remarks on the data source.'."\n", + 'type' => 'string', + 'example' => 'waf_kafka', + ], + 'LogCount' => [ + 'title' => '该数据源下已添加的日志的数量。', + 'description' => 'The number of logs that are added within the data source.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '1', + ], + 'TaskCount' => [ + 'title' => '该数据源下已创建的日志接入任务的数量。', + 'description' => 'The number of existing tasks that are created to add logs within the data source.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '0', + ], + 'AccountId' => [ + 'title' => '云账号ID。', + 'description' => 'The ID of the cloud account.'."\n", + 'type' => 'string', + 'example' => '123xxxxxxx', + ], + 'CloudCode' => [ + 'title' => '多云的code。', + 'description' => 'The code of the cloud service provider. Valid values:'."\n" + ."\n" + .'* qcloud: Tencent Cloud'."\n" + .'* aliyun: Alibaba Cloud'."\n" + .'* hcloud: Huawei Cloud'."\n", + 'type' => 'string', + 'example' => 'hcloud', + 'enum' => [ + 'qcloud', + 'hcloud', + ], + ], + ], + ], + ], + 'RequestId' => [ + 'title' => '请求消息ID。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '6276D891-*****-55B2-87B9-74D413F7****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorCode' => 'InternalError', + 'errorMessage' => 'The request processing has failed due to some unknown error.', + ], + ], + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"AccountName\\": \\"sas_tq_account_xxxx\\",\\n \\"DataSourceInstanceId\\": \\"220ba97c9d1fdb0b9c7e8c7ca328d7ea\\",\\n \\"DataSourceType\\": \\"obs\\",\\n \\"DataSourceName\\": \\"waf_kafka\\",\\n \\"DataSourceRemark\\": \\"waf_kafka\\",\\n \\"LogCount\\": 1,\\n \\"TaskCount\\": 0,\\n \\"AccountId\\": \\"123xxxxxxx\\",\\n \\"CloudCode\\": \\"hcloud\\"\\n }\\n ],\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', + 'title' => 'ListBindDataSources', + ], + 'ListAllProds' => [ + 'summary' => 'Queries a list of cloud services that can be added to the threat analysis feature.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'http', + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'list', + 'riskType' => 'none', + 'chargeType' => 'free', + 'abilityTreeCode' => '195975', + 'abilityTreeNodes' => [ + 'FEATUREsas5NAHBX', + ], + ], + 'parameters' => [ + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The type of the view. Valid values:'."\n" + ."\n" + .'- 0: the current Alibaba Cloud account'."\n" + .'- 1: the global account', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The ID of the account that you switch from the management account.', + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '113091674488****', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'CloudSiemSuccessResponse<ListAllProdsResult>', + 'description' => 'CloudSiemSuccessResponse'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'object', + 'properties' => [ + 'TotalCount' => [ + 'title' => '日志总数。', + 'description' => 'The total number of logs.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '19', + ], + 'PageSize' => [ + 'title' => '每页的大小。', + 'description' => 'The number of entries per page.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '10', + ], + 'CurrentPage' => [ + 'title' => '当前页。', + 'description' => 'The page number.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '1', + ], + 'ProdList' => [ + 'title' => '产品列表。', + 'description' => 'The cloud services.'."\n", + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'ProdCode' => [ + 'title' => '产品code。', + 'description' => 'The code of the cloud service.'."\n", + 'type' => 'string', + 'example' => 'sas', + ], + 'TotalLogCount' => [ + 'title' => '该产品下总共的日志数量。', + 'description' => 'The total number of logs within the cloud service.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '19', + ], + 'ImportedLogCount' => [ + 'title' => '该产品下已经接入的日志数量。', + 'description' => 'The number of logs within the cloud service that are added to the threat analysis feature.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '10', + ], + 'ModifyTime' => [ + 'title' => '该产品下日志最近接入时间。', + 'description' => 'The time when the logs within the cloud service were last added to the threat analysis feature.'."\n", + 'type' => 'string', + 'example' => '2023-11-23 12:12:12', + ], + 'CloudCode' => [ + 'title' => '多云的code。', + 'description' => 'The code of the cloud service provider. Valid values:'."\n" + ."\n" + .'* qcloud: Tencent Cloud.'."\n" + .'* aliyun: Alibaba Cloud.'."\n" + .'* hcloud: Huawei Cloud.'."\n", + 'type' => 'string', + 'example' => 'hcloud', + 'enum' => [ + 'qcloud', + 'hcloud', + 'aliyun', + ], + ], + ], + ], + 'example' => '1', + ], + ], + ], + 'RequestId' => [ + 'title' => '请求消息ID。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '6276D891-*****-55B2-87B9-74D413F7****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorCode' => 'InternalError', + 'errorMessage' => 'The request processing has failed due to some unknown error.', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"TotalCount\\": 19,\\n \\"PageSize\\": 10,\\n \\"CurrentPage\\": 1,\\n \\"ProdList\\": [\\n {\\n \\"ProdCode\\": \\"sas\\",\\n \\"TotalLogCount\\": 19,\\n \\"ImportedLogCount\\": 10,\\n \\"ModifyTime\\": \\"2023-11-23 12:12:12\\",\\n \\"CloudCode\\": \\"hcloud\\"\\n }\\n ]\\n },\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', + 'title' => 'ListAllProds', + ], + 'EnableServiceForCloudSiem' => [ + 'summary' => 'Authorizes the threat analysis feature to access a resource directory. This operation must be called by the management account of the resource directory.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'http', + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'write', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'create', + 'riskType' => 'none', + 'chargeType' => 'free', + ], + 'parameters' => [ + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'CloudSiemSuccessResponse<Boolean>', + 'description' => 'CloudSiemSuccessResponse'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'Indicates whether the threat analysis feature is authorized to access the resource directory. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'RequestId' => [ + 'title' => '请求消息ID。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '6276D891-*****-55B2-87B9-74D413F7****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorCode' => 'InternalError', + 'errorMessage' => 'The request processing has failed due to some unknown error.', + ], + ], + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": true,\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', + 'title' => 'EnableServiceForCloudSiem', + ], + 'EnableAccessForCloudSiem' => [ + 'summary' => 'Creates a service-linked role named AliyunServiceRoleForSasCloudSiem for the threat analysis feature. The feature can assume this role to access cloud services.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'http', + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'readAndWrite', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'create', + 'riskType' => 'none', + 'chargeType' => 'free', + 'abilityTreeCode' => '158612', + 'abilityTreeNodes' => [ + 'FEATUREsas5NAHBX', + ], + ], + 'parameters' => [ + [ + 'name' => 'AutoSubmit', + 'in' => 'formData', + 'schema' => [ + 'description' => 'Whether import the log of SAS alert, the log of WAF alert, the log of CFW alert or not. Valid values:'."\n" + .'- 0: not imported automatically'."\n" + .'- 1: imported automatically', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The type of the view. Valid values:'."\n" + .'- 0: the current Alibaba Cloud account'."\n" + .'- 1: the global account', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The ID of the account that you switch from the management account.', + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '113091674488****', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The data management center of the threat analysis feature. Specify this parameter based on the region where your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions inside China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'CloudSiemSuccessResponse<Boolean>', + 'description' => 'CloudSiemSuccessResponse'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'RequestId' => [ + 'title' => '请求消息ID。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '6276D891-*****-55B2-87B9-74D413F7****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorCode' => 'InternalError', + 'errorMessage' => 'The request processing has failed due to some unknown error.', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": true,\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', + 'title' => 'EnableAccessForCloudSiem', + ], + 'DescribeServiceStatus' => [ + 'summary' => 'Checks whether the threat analysis feature is authorized to access a resource directory.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'http', + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'riskType' => 'none', + 'chargeType' => 'free', + ], + 'parameters' => [ + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'CloudSiemSuccessResponse<Boolean>', + 'description' => 'CloudSiemSuccessResponse'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'Indicates whether the threat analysis feature is authorized to access the resource directory. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'RequestId' => [ + 'title' => '请求消息ID。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '6276D891-*****-55B2-87B9-74D413F7****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorCode' => 'InternalError', + 'errorMessage' => 'The request processing has failed due to some unknown error.', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": true,\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', + 'title' => 'DescribeServiceStatus', + ], + 'DescribeProdCount' => [ + 'summary' => 'Queries the number of services that can be added to the threat analysis feature in Alibaba Cloud, Tenant Cloud, and Huawei Cloud.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'http', + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'riskType' => 'none', + 'chargeType' => 'free', + 'abilityTreeCode' => '195547', + 'abilityTreeNodes' => [ + 'FEATUREsas5NAHBX', + ], + ], + 'parameters' => [ + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'title' => '0,单账号登录;1,全局视图;2,切换视图;3,局部视图', + 'type' => 'integer', + 'format' => 'int32', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'type' => 'integer', + 'format' => 'int64', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The data management center of the threat analysis feature. Specify this parameter based on the region where your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions inside China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'CloudSiemSuccessResponse<DescribeProdCountResult>', + 'description' => 'CloudSiemSuccessResponse'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'object', + 'properties' => [ + 'AliyunProdCount' => [ + 'title' => '阿里云产品的数量。', + 'description' => 'The number of Alibaba Cloud services.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '19', + ], + 'HcloudProdCount' => [ + 'title' => '华为云产品的数量。', + 'description' => 'The number of Huawei Cloud services.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '2', + ], + 'QcloudProdCount' => [ + 'title' => '腾讯云产品的数量。', + 'description' => 'The number of Tencent Cloud services.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '2', + ], + 'IdcProdCount' => [ + 'title' => 'IDC产品的数量。', + 'type' => 'integer', + 'format' => 'int32', + 'example' => '2', + ], + 'AliyunImportedCount' => [ + 'type' => 'integer', + 'format' => 'int32', + ], + 'HcloudImportedCount' => [ + 'type' => 'integer', + 'format' => 'int32', + ], + 'QcloudImportedCount' => [ + 'type' => 'integer', + 'format' => 'int32', + ], + 'IdcImportedCount' => [ + 'type' => 'integer', + 'format' => 'int32', + ], + ], + ], + 'RequestId' => [ + 'title' => '请求消息ID。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '6276D891-*****-55B2-87B9-74D413F7****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorCode' => 'InternalError', + 'errorMessage' => 'The request processing has failed due to some unknown error.', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"AliyunProdCount\\": 19,\\n \\"HcloudProdCount\\": 2,\\n \\"QcloudProdCount\\": 2,\\n \\"IdcProdCount\\": 2,\\n \\"AliyunImportedCount\\": 2,\\n \\"HcloudImportedCount\\": 2,\\n \\"QcloudImportedCount\\": 2,\\n \\"IdcImportedCount\\": 2\\n },\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', + 'title' => 'DescribeProdCount', + ], + 'DescribeImportedLogCount' => [ + 'summary' => 'Queries the number of logs that are added to the threat analysis feature.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'http', + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'riskType' => 'none', + 'chargeType' => 'free', + 'abilityTreeCode' => '195544', + 'abilityTreeNodes' => [ + 'FEATUREsas5NAHBX', + ], + ], + 'parameters' => [ + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'type' => 'string', + 'pattern' => '^\\d+$', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'type' => 'string', + 'pattern' => '^\\d+$', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'CloudSiemSuccessResponse<DescribeImportedLogCountResult>', + 'description' => 'CloudSiemSuccessResponse'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'object', + 'properties' => [ + 'TotalLogCount' => [ + 'title' => '日志总数。', + 'description' => 'The total number of logs.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '59', + ], + 'ImportedLogCount' => [ + 'title' => '已接入的日志的数量。', + 'description' => 'The number of logs that are added.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '10', + ], + 'UnImportedLogCount' => [ + 'title' => '未接入的日志的数量。', + 'description' => 'The number of logs that are not added.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '49', + ], + ], + ], + 'RequestId' => [ + 'title' => '请求消息ID。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '6276D891-*****-55B2-87B9-74D413F7****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorCode' => 'InternalError', + 'errorMessage' => 'The request processing has failed due to some unknown error.', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"TotalLogCount\\": 59,\\n \\"ImportedLogCount\\": 10,\\n \\"UnImportedLogCount\\": 49\\n },\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', + 'title' => 'DescribeImportedLogCount', + ], + 'DescribeDataSourceParameters' => [ + 'summary' => 'Queries the parameters of a data source.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'http', + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'riskType' => 'none', + 'chargeType' => 'free', + ], + 'parameters' => [ + [ + 'name' => 'DataSourceType', + 'in' => 'formData', + 'schema' => [ + 'title' => '接入的数据源类型。 取值: '."\n" + .' - ckafka:腾讯云ckafka。 '."\n" + .' - obs:华为云obs。 '."\n" + .' - wafApi:腾讯云waf攻击日志下载api。 ', + 'description' => 'The type of the data source. Valid values:'."\n" + ."\n" + .'* **ckafka**: Tencent Cloud TDMQ for CKafka'."\n" + .'* **obs**: Huawei Cloud Object Storage Service (OBS)'."\n" + .'* **wafApi**: download API of Tencent Cloud Web Application Firewall (WAF)'."\n", + 'type' => 'string', + 'required' => true, + 'example' => 'obs', + ], + ], + [ + 'name' => 'CloudCode', + 'in' => 'formData', + 'schema' => [ + 'title' => '多云的code。', + 'description' => 'The code of the cloud service provider.'."\n" + ."\n" + .'Valid values:'."\n" + ."\n" + .'* qcloud'."\n" + .'* hcloud'."\n" + .'* aliyun'."\n", + 'type' => 'string', + 'required' => true, + 'example' => 'hcloud', + 'enum' => [ + 'qcloud', + 'hcloud', + 'aliyun', + ], + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'CloudSiemSuccessResponse<List<DescribeDataSourceParametersResult>>', + 'description' => 'CloudSiemSuccessResponse\\<List>'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'array', + 'items' => [ + 'description' => '', + 'type' => 'object', + 'properties' => [ + 'DataSourceType' => [ + 'title' => '数据源类型。取值:'."\n" + .' - obs:华为云obs。'."\n" + .' - wafApi:腾讯云waf下载api。 '."\n" + .' - ckafka: 腾讯云ckafka。', + 'description' => 'The type of the data source. Valid values:'."\n" + ."\n" + .'* **obs**: Huawei Cloud Object Storage Service (OBS)'."\n" + .'* **wafApi**: download API of Tencent Cloud Web Application Firewall (WAF)'."\n" + .'* **ckafka**: Tencent Cloud TDMQ for CKafka'."\n", + 'type' => 'string', + 'example' => 'obs', + ], + 'ParaLevel' => [ + 'title' => '参数级别。取值:'."\n" + .' - 1:数据源参数。'."\n" + .'- 2:日志参数。', + 'description' => 'The parameter level. Valid values:'."\n" + ."\n" + .'* **1**: the parameters of the data source'."\n" + .'* **2**: the parameters of the log'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '1', + ], + 'ParaCode' => [ + 'title' => '参数code。', + 'description' => 'The code of the parameter.'."\n", + 'type' => 'string', + 'example' => 'region_code', + ], + 'ParaName' => [ + 'title' => '参数名字。', + 'description' => 'The name of the parameter.'."\n", + 'type' => 'string', + 'example' => 'region local', + ], + 'ParaType' => [ + 'title' => '参数类型。', + 'description' => 'The data type of the parameter.'."\n", + 'type' => 'string', + 'example' => 'string', + ], + 'Required' => [ + 'title' => '是否必选参数。取值:'."\n" + .' - 1:必选。'."\n" + .' - 0:非必选。', + 'description' => 'Indicates whether the parameter is required. Valid values:'."\n" + ."\n" + .'* **1**: required'."\n" + .'* **0**: optional'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => 'string', + ], + 'FormatCheck' => [ + 'title' => '格式校验方式。', + 'description' => 'The method that is used to check the parameter format.'."\n", + 'type' => 'string', + 'example' => 'email', + ], + 'Title' => [ + 'title' => '参数值提示。', + 'description' => 'The note for the parameter value.'."\n", + 'type' => 'string', + 'example' => 'obs bucket name', + ], + 'Hit' => [ + 'title' => '更多说明。', + 'description' => 'The additional information.'."\n", + 'type' => 'string', + 'example' => 'obs docment', + ], + 'DefaultValue' => [ + 'title' => '默认参数值。', + 'description' => 'The default value of the parameter.'."\n", + 'type' => 'string', + 'example' => 'wafApi', + ], + 'Disabled' => [ + 'title' => '是否禁止修改。取值:'."\n" + .' - true:禁止修改。 '."\n" + .' - false:可以修改。', + 'description' => 'Indicates whether the modification operation is forbidden. Valid values:'."\n" + ."\n" + .'* **true**'."\n" + .'* **false**'."\n", + 'type' => 'boolean', + 'example' => 'wafApi', + ], + 'CanEditted' => [ + 'title' => '是否可编辑。取值:'."\n" + .' - 0:禁止修改。 '."\n" + .' - 1:可以修改。', + 'description' => 'Indicates whether the edit operation is supported. Valid values:'."\n" + ."\n" + .'* **0**'."\n" + .'* **1**'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => 'wafApi', + ], + 'ParamValue' => [ + 'title' => '具体的参数列表。', + 'description' => 'The value of the parameter.'."\n", + 'type' => 'array', + 'items' => [ + 'description' => '', + 'type' => 'object', + 'properties' => [ + 'Label' => [ + 'title' => '展示内容。', + 'description' => 'The display value.'."\n", + 'type' => 'string', + 'example' => 'guangzhou', + ], + 'Value' => [ + 'title' => '实际的参数内容。', + 'description' => 'The actual value.'."\n", + 'type' => 'string', + 'example' => 'ap-guangzhou', + ], + ], + ], + ], + 'CloudCode' => [ + 'title' => '多云的code。', + 'description' => 'The code of the cloud service provider. Valid values:'."\n" + ."\n" + .'* **qcloud**: Tencent Cloud'."\n" + .'* **aliyun**: Alibaba Cloud'."\n" + .'* **hcloud**: Huawei Cloud'."\n", + 'type' => 'string', + 'example' => 'hcloud', + 'enum' => [ + 'qcloud', + 'hcloud', + ], + ], + ], + ], + ], + 'RequestId' => [ + 'title' => '请求消息ID。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '6276D891-*****-55B2-87B9-74D413F7****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorCode' => 'InternalError', + 'errorMessage' => 'The request processing has failed due to some unknown error.', + ], + ], + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"DataSourceType\\": \\"obs\\",\\n \\"ParaLevel\\": 1,\\n \\"ParaCode\\": \\"region_code\\",\\n \\"ParaName\\": \\"region local\\",\\n \\"ParaType\\": \\"string\\",\\n \\"Required\\": 0,\\n \\"FormatCheck\\": \\"email\\",\\n \\"Title\\": \\"obs bucket name\\",\\n \\"Hit\\": \\"obs docment\\",\\n \\"DefaultValue\\": \\"wafApi\\",\\n \\"Disabled\\": true,\\n \\"CanEditted\\": 0,\\n \\"ParamValue\\": [\\n {\\n \\"Label\\": \\"guangzhou\\",\\n \\"Value\\": \\"ap-guangzhou\\"\\n }\\n ],\\n \\"CloudCode\\": \\"hcloud\\"\\n }\\n ],\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', + 'title' => 'DescribeDataSourceParameters', + ], + 'DescribeDataSourceInstance' => [ + 'summary' => 'Queries the details of a data source.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'http', + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'riskType' => 'none', + 'chargeType' => 'free', + ], + 'parameters' => [ + [ + 'name' => 'DataSourceInstanceId', + 'in' => 'formData', + 'schema' => [ + 'title' => '数据源ID,由威胁分析根据具体参数计算md5生成。', + 'description' => 'The ID of the data source. The ID is an MD5 hash value that is calculated by the threat analysis feature based on specific parameters. You can call the [ListDataSourceLogs](https://api.aliyun-inc.com/#/publishment/document/cloud-siem/863fdf54478f4cc5877e27c2a5fe9e44?tenantUuid=f382fccd88b94c5c8c864def6815b854\\&activeTabKey=api%7CListDataSourceLogs) operation to query the IDs of data sources.'."\n", + 'type' => 'string', + 'required' => true, + 'example' => '220ba97c9d1fdb0b9c7e8c7ca328d7ea', + ], + ], + [ + 'name' => 'AccountId', + 'in' => 'formData', + 'schema' => [ + 'title' => '云账号ID。', + 'description' => 'The ID of the cloud account.'."\n", + 'type' => 'string', + 'required' => true, + 'example' => '123xxxxxxx', + ], + ], + [ + 'name' => 'CloudCode', + 'in' => 'formData', + 'schema' => [ + 'title' => '多云的code。', + 'description' => 'The code of the cloud service provider. Valid values:'."\n" + ."\n" + .'* qcloud: Tencent Cloud'."\n" + .'* aliyun: Alibaba Cloud'."\n" + .'* hcloud: Huawei Cloud'."\n", + 'type' => 'string', + 'required' => true, + 'example' => 'hcloud', + 'enum' => [ + 'qcloud', + 'hcloud', + 'aliyun', + ], + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'CloudSiemSuccessResponse<DescribeDataSourceInstanceResult>', + 'description' => 'CloudSiemSuccessResponse'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'object', + 'properties' => [ + 'DataSourceInstanceId' => [ + 'title' => '数据源ID,由威胁分析根据具体参数计算md5生成。', + 'description' => 'The ID of the data source. The ID is an MD5 hash value that is calculated by the threat analysis feature based on specific parameters.'."\n", + 'type' => 'string', + 'example' => '220ba97c9d1fdb0b9c7e8c7ca328d7ea', + ], + 'DataSourceInstanceParams' => [ + 'title' => '数据源的详细参数列表。', + 'description' => 'The parameters of the data source.'."\n", + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'ParaCode' => [ + 'title' => '参数code。', + 'description' => 'The code of the parameter.'."\n", + 'type' => 'string', + 'example' => 'region_code', + ], + 'ParaValue' => [ + 'title' => '参数值。', + 'description' => 'The value of the parameter.'."\n", + 'type' => 'string', + 'example' => 'ap-guangzhou', + ], + ], + ], + ], + 'AccountId' => [ + 'title' => '云账号ID。', + 'description' => 'The ID of the cloud account.'."\n", + 'type' => 'string', + 'example' => '123xxxxxxx', + ], + 'CloudCode' => [ + 'title' => '多云的code。', + 'description' => 'The code of the cloud service provider. Valid values:'."\n" + ."\n" + .'* qcloud: Tencent Cloud'."\n" + .'* aliyun: Alibaba Cloud'."\n" + .'* hcloud: Huawei Cloud'."\n", + 'type' => 'string', + 'example' => 'hcloud', + 'enum' => [ + 'qcloud', + 'hcloud', + ], + ], + ], + ], + 'RequestId' => [ + 'title' => '请求消息ID。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '6276D891-*****-55B2-87B9-74D413F7****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorCode' => 'InternalError', + 'errorMessage' => 'The request processing has failed due to some unknown error.', + ], + ], + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"DataSourceInstanceId\\": \\"220ba97c9d1fdb0b9c7e8c7ca328d7ea\\",\\n \\"DataSourceInstanceParams\\": [\\n {\\n \\"ParaCode\\": \\"region_code\\",\\n \\"ParaValue\\": \\"ap-guangzhou\\"\\n }\\n ],\\n \\"AccountId\\": \\"123xxxxxxx\\",\\n \\"CloudCode\\": \\"hcloud\\"\\n },\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', + 'title' => 'DescribeDataSourceInstance', + ], + 'DescribeAuth' => [ + 'summary' => 'Checks whether the security information and event management (SIEM) system is granted the required permissions to access other cloud resources within your Alibaba Cloud account and whether the AliyunServiceRoleForSasCloudSiem service-linked role is created.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'http', + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'riskType' => 'none', + 'chargeType' => 'free', + ], + 'parameters' => [ + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'enumValueTitles' => [ + 'ap-southeast-1' => '', + 'cn-hangzhou' => '', + ], + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'CloudSiemSuccessResponse<Boolean>', + 'description' => 'CloudSiemResponse'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'Indicates whether the SIEM system is granted the required permissions. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'enumValueTitles' => [], + 'example' => 'true', + ], + 'RequestId' => [ + 'title' => '请求消息ID。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '4F539347-7D9A-51EA-8ABF-5D5507045C5C', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorCode' => 'InternalError', + 'errorMessage' => 'The request processing has failed due to some unknown error.', + ], + ], + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": true,\\n \\"RequestId\\": \\"4F539347-7D9A-51EA-8ABF-5D5507045C5C\\"\\n}","type":"json"}]', + 'title' => 'DescribeAuth', + ], + 'DeleteDataSourceLog' => [ + 'summary' => 'Removes a log.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'http', + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'write', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'delete', + 'riskType' => 'none', + 'chargeType' => 'free', + ], + 'parameters' => [ + [ + 'name' => 'LogInstanceId', + 'in' => 'formData', + 'schema' => [ + 'title' => '日志ID,由威胁分析根据具体参数计算md5生成。', + 'description' => 'The ID of the log. The ID is an MD5 hash value that is calculated by the threat analysis feature based on specific parameters. You can call the [ListDataSourceLogs](https://api.aliyun-inc.com/#/publishment/document/cloud-siem/863fdf54478f4cc5877e27c2a5fe9e44?tenantUuid=f382fccd88b94c5c8c864def6815b854\\&activeTabKey=api%7CListDataSourceLogs) operation to query the IDs of logs.'."\n", + 'type' => 'string', + 'required' => true, + 'example' => 'ef33097c9d1fdb0b9c7e8c7ca320pkl1', + ], + ], + [ + 'name' => 'DataSourceInstanceId', + 'in' => 'formData', + 'schema' => [ + 'title' => '数据源ID,由威胁分析根据具体参数计算md5生成。', + 'description' => 'The ID of the data source. The ID is an MD5 hash value that is calculated by the threat analysis feature based on specific parameters. You can call the [ListDataSourceLogs](https://api.aliyun-inc.com/#/publishment/document/cloud-siem/863fdf54478f4cc5877e27c2a5fe9e44?tenantUuid=f382fccd88b94c5c8c864def6815b854\\&activeTabKey=api%7CListDataSourceLogs) operation to query the IDs of data sources.'."\n", + 'type' => 'string', + 'required' => true, + 'example' => '220ba97c9d1fdb0b9c7e8c7ca328d7ea', + ], + ], + [ + 'name' => 'AccountId', + 'in' => 'formData', + 'schema' => [ + 'title' => '云账号ID。', + 'description' => 'The ID of the cloud account.'."\n", + 'type' => 'string', + 'required' => true, + 'example' => '123xxxxxxx', + ], + ], + [ + 'name' => 'CloudCode', + 'in' => 'formData', + 'schema' => [ + 'title' => '多云的code。', + 'description' => 'The code of the cloud service provider. Valid values:'."\n" + ."\n" + .'* qcloud: Tencent Cloud'."\n" + .'* aliyun: Alibaba Cloud'."\n" + .'* hcloud: Huawei Cloud'."\n", + 'type' => 'string', + 'required' => true, + 'enumValueTitles' => [], + 'example' => 'hcloud', + 'enum' => [ + 'qcloud', + 'hcloud', + 'aliyun', + ], + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'CloudSiemSuccessResponse<DeleteDataSourceLogResult>', + 'description' => 'CloudSiemSuccessResponse'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'object', + 'properties' => [ + 'Count' => [ + 'title' => '删除的日志的数量,等于1表示成功,小于等于0表示失败。', + 'description' => 'The number of logs that are removed. The value 1 indicates that the log is removed, and a value less than or equal to 0 indicates that the log failed to be removed.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '1', + ], + 'LogInstanceId' => [ + 'title' => '日志ID,由威胁分析根据具体参数计算md5生成。', + 'description' => 'The ID of the log. The ID is an MD5 hash value that is calculated by the threat analysis feature based on specific parameters.'."\n", + 'type' => 'string', + 'example' => 'ef33097c9d1fdb0b9c7e8c7ca320pkl1', + ], + ], + ], + 'RequestId' => [ + 'title' => '请求消息ID。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '6276D891-*****-55B2-87B9-74D413F7****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorCode' => 'InternalError', + 'errorMessage' => 'The request processing has failed due to some unknown error.', + ], + ], + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"Count\\": 1,\\n \\"LogInstanceId\\": \\"ef33097c9d1fdb0b9c7e8c7ca320pkl1\\"\\n },\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', + 'title' => 'DeleteDataSourceLog', + ], + 'DeleteDataSource' => [ + 'summary' => 'Removes a data source that is no longer required.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'http', + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'write', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'delete', + 'riskType' => 'none', + 'chargeType' => 'free', + ], + 'parameters' => [ + [ + 'name' => 'DataSourceInstanceId', + 'in' => 'formData', + 'schema' => [ + 'title' => '数据源ID,由威胁分析根据具体参数计算md5生成。', + 'description' => 'The ID of the data source. The ID is an MD5 hash value that is calculated by the threat analysis feature based on specific parameters. You can call the [ListDataSourceLogs](https://api.aliyun-inc.com/#/publishment/document/cloud-siem/863fdf54478f4cc5877e27c2a5fe9e44?tenantUuid=f382fccd88b94c5c8c864def6815b854\\&activeTabKey=api%7CListDataSourceLogs) operation to query the IDs of data sources.'."\n", + 'type' => 'string', + 'required' => true, + 'example' => '220ba97c9d1fdb0b9c7e8c7ca328d7ea', + ], + ], + [ + 'name' => 'AccountId', + 'in' => 'formData', + 'schema' => [ + 'title' => '云账号ID。', + 'description' => 'The ID of the cloud account.'."\n", + 'type' => 'string', + 'required' => true, + 'example' => '123xxxxxxx', + ], + ], + [ + 'name' => 'CloudCode', + 'in' => 'formData', + 'schema' => [ + 'title' => '多云的code。', + 'description' => 'The code of the cloud service provider. Valid values:'."\n" + ."\n" + .'* qcloud: Tencent Cloud'."\n" + .'* aliyun: Alibaba Cloud'."\n" + .'* hcloud: Huawei Cloud'."\n", + 'type' => 'string', + 'required' => true, + 'enumValueTitles' => [], + 'example' => 'hcloud', + 'enum' => [ + 'qcloud', + 'hcloud', + 'aliyun', + ], + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'CloudSiemSuccessResponse<DeleteDataSourceResult>', + 'description' => 'CloudSiemSuccessResponse'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'object', + 'properties' => [ + 'Count' => [ + 'title' => '删除的数据源的数量,等于1表示成功,小于等于0表示失败。', + 'description' => 'The number of data sources that are removed. The value 1 indicates that data source is removed, and a value less than or equal to 0 indicates that the data source failed to be removed.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '1', + ], + ], + ], + 'RequestId' => [ + 'title' => '请求消息ID。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '6276D891-*****-55B2-87B9-74D413F7****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorCode' => 'InternalError', + 'errorMessage' => 'The request processing has failed due to some unknown error.', + ], + ], + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"Count\\": 1\\n },\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', + 'title' => 'DeleteDataSource', + ], + 'DeleteBindAccount' => [ + 'summary' => 'Removes a third-party cloud account that is added to the threat analysis feature by using its AccessKey ID. You can add another cloud account based on your business requirements.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'http', + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'write', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'delete', + 'riskType' => 'none', + 'chargeType' => 'free', + 'abilityTreeCode' => '194688', + 'abilityTreeNodes' => [ + 'FEATUREsas5NAHBX', + ], + ], + 'parameters' => [ + [ + 'name' => 'BindId', + 'in' => 'formData', + 'schema' => [ + 'title' => '绑定ID。', + 'description' => 'The ID generated when the account is added to the threat analysis feature. You can call the [ListBindAccount](https://api.aliyun-inc.com/#/publishment/document/cloud-siem/863fdf54478f4cc5877e27c2a5fe9e44?tenantUuid=f382fccd88b94c5c8c864def6815b854\\&activeTabKey=api%7CListBindAccount) operation to query the ID.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '10', + ], + ], + [ + 'name' => 'AccountId', + 'in' => 'formData', + 'schema' => [ + 'title' => '云账号ID。', + 'description' => 'The ID of the cloud account.'."\n", + 'type' => 'string', + 'required' => true, + 'example' => '123xxxxxxx', + ], + ], + [ + 'name' => 'AccessId', + 'in' => 'formData', + 'schema' => [ + 'title' => '云账号AccessKeyId。', + 'description' => 'The AccessKey ID of the cloud account.'."\n", + 'type' => 'string', + 'required' => true, + 'example' => 'ABCXXXXXXXX', + ], + ], + [ + 'name' => 'CloudCode', + 'in' => 'formData', + 'schema' => [ + 'title' => '多云的code。', + 'description' => 'The code of the cloud service provider. Valid values:'."\n" + ."\n" + .'* qcloud: Tencent Cloud'."\n" + .'* aliyun: Alibaba Cloud'."\n" + .'* hcloud: Huawei Cloud'."\n", + 'type' => 'string', + 'required' => true, + 'example' => 'hcloud', + 'enum' => [ + 'qcloud', + 'hcloud', + ], + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'type' => 'integer', + 'format' => 'int32', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'type' => 'integer', + 'format' => 'int64', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'CloudSiemSuccessResponse<DeleteBindAccountResult>', + 'description' => 'CloudSiemSuccessResponse'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'object', + 'properties' => [ + 'Count' => [ + 'title' => '删除账号绑定的数量,等于1表示成功,小于等于0表示失败。', + 'description' => 'The number of cloud accounts that are removed. The value 1 indicates that cloud account is removed, and a value less than or equal to 0 indicates that the cloud account failed to be removed.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '1', + ], + ], + ], + 'RequestId' => [ + 'title' => '请求消息ID。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '6276D891-*****-55B2-87B9-74D413F7****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorCode' => 'InternalError', + 'errorMessage' => 'The request processing has failed due to some unknown error.', + ], + ], + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"Count\\": 1\\n },\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', + 'title' => 'DeleteBindAccount', + ], + 'BindAccount' => [ + 'summary' => 'Adds a third-party cloud account that is displayed on the Multi-cloud assets tab of the Feature Settings page to the threat analysis feature.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'http', + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'write', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'create', + 'riskType' => 'none', + 'chargeType' => 'free', + 'abilityTreeCode' => '194690', + 'abilityTreeNodes' => [ + 'FEATUREsas5NAHBX', + ], + ], + 'parameters' => [ + [ + 'name' => 'AccessId', + 'in' => 'formData', + 'schema' => [ + 'title' => '云账号AccessKeyId。', + 'description' => 'The AccessKey ID of the cloud account.'."\n", + 'type' => 'string', + 'required' => true, + 'example' => 'ABCXXXXXXXX', + ], + ], + [ + 'name' => 'AccountName', + 'in' => 'formData', + 'schema' => [ + 'title' => '多云账号名称。', + 'description' => 'The username of the cloud account.'."\n", + 'type' => 'string', + 'required' => true, + 'example' => 'xxxx', + ], + ], + [ + 'name' => 'AccountId', + 'in' => 'formData', + 'schema' => [ + 'title' => '云账号ID。', + 'description' => 'The ID of the cloud account.'."\n", + 'type' => 'string', + 'required' => true, + 'example' => '123xxxxxxx', + ], + ], + [ + 'name' => 'CloudCode', + 'in' => 'formData', + 'schema' => [ + 'title' => '多云的code。', + 'description' => 'The code of the cloud service provider. Valid values:'."\n" + ."\n" + .'* aliyun: Alibaba Cloud'."\n" + .'* hcloud: Huawei Cloud'."\n" + .'* qcloud: Tencent Cloud'."\n", + 'type' => 'string', + 'required' => true, + 'enumValueTitles' => [], + 'example' => 'hcloud', + 'enum' => [ + 'qcloud', + 'hcloud', + ], + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'type' => 'integer', + 'format' => 'int64', + ], + ], + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'type' => 'integer', + 'format' => 'int32', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'CloudSiemSuccessResponse<BindAccountResult>', + 'description' => 'The response parameters.'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'object', + 'properties' => [ + 'Count' => [ + 'title' => '添加账号绑定的数量,等于1表示成功,小于等于0表示失败。', + 'description' => 'The number of the cloud accounts that are added to the threat analysis feature.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '1', + ], + ], + ], + 'RequestId' => [ + 'title' => '请求消息ID。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '6276D891-*****-55B2-87B9-74D413F7****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'InvalidOperation', + 'errorMessage' => 'access ak "%s" already bound.', + ], + ], + 500 => [ + [ + 'errorCode' => 'InternalError', + 'errorMessage' => 'The request processing has failed due to some unknown error.', + ], + ], + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"Count\\": 1\\n },\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', + 'title' => 'BindAccount', + ], + 'AddUserSourceLogConfig' => [ + 'summary' => 'Adds the logs of a cloud service within a cloud account to the threat analysis feature for alert and event anslysis.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'http', + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'write', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'create', + 'riskType' => 'none', + 'chargeType' => 'free', + ], + 'parameters' => [ + [ + 'name' => 'SourceProdCode', + 'in' => 'formData', + 'schema' => [ + 'title' => '产品code。', + 'description' => 'The code of the cloud service.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'sas', + ], + ], + [ + 'name' => 'SourceLogCode', + 'in' => 'formData', + 'schema' => [ + 'title' => '日志code。', + 'description' => 'The log code.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cloud_siem_aegis_proc', + ], + ], + [ + 'name' => 'SubUserId', + 'in' => 'formData', + 'schema' => [ + 'title' => '需要接入日志的阿里云账号ID。', + 'description' => 'The ID of the Alibaba Cloud account.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'required' => true, + 'example' => '123XXXXXX', + ], + ], + [ + 'name' => 'SourceLogInfo', + 'in' => 'formData', + 'schema' => [ + 'title' => '需要接入日志的详细SLS信息,json数组格式。', + 'description' => 'The details of the Logstore that you want to use in the JSON string format.'."\n", + 'type' => 'string', + 'required' => true, + 'example' => '{"project":"wafnew-project-1335759343513432-cn-hangzhou","logStore":"wafnew-logstore","regionCode":"cn-hangzhou","prodCode":"waf"}', + ], + ], + [ + 'name' => 'DisPlayLine', + 'in' => 'formData', + 'schema' => [ + 'title' => '需要接入日志的详细SLS信息。', + 'description' => 'The display details of the Logstore.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-shanghai.siem-project.siem-logstore', + ], + ], + [ + 'name' => 'Deleted', + 'in' => 'formData', + 'schema' => [ + 'title' => '添加接入或删除接入。取值:'."\n" + .'-1:删除接入 '."\n" + .'0:添加接入', + 'description' => 'Specifies whether to add logs or delete added logs. Valid values:'."\n" + ."\n" + .'* \\-1: deletes added logs.'."\n" + .'* 0: adds logs.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '0', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'CloudSiemSuccessResponse<UserSourceLogResult>', + 'description' => 'CloudSiemSuccessResponse'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'object', + 'properties' => [ + 'DiplayLine' => [ + 'title' => '需要接入日志的详细SLS信息。', + 'description' => 'The display details of the Logstore.'."\n", + 'type' => 'string', + 'example' => 'cn-shanghai.siem-project.siem-logstore', + ], + 'SourceProdCode' => [ + 'title' => '产品code。', + 'description' => 'The code of the cloud service.'."\n", + 'type' => 'string', + 'example' => 'sas', + ], + 'SourceLogCode' => [ + 'title' => '日志code。', + 'description' => 'The log code.'."\n", + 'type' => 'string', + 'example' => 'cloud_siem_aegis_proc', + ], + 'Displayed' => [ + 'title' => '返回接入详细信息。取值:'."\n" + .' - true:已接入。'."\n" + .' - 未接入:false。', + 'description' => 'Indicates whether the details of added logs are returned. Valid values: true false'."\n", + 'type' => 'boolean', + 'example' => '0', + ], + 'Imported' => [ + 'title' => '是否已经接入。取值:'."\n" + .' - true:已接入。'."\n" + .' - 未接入:false。', + 'description' => 'Indicates whether the logs are added to the threat analysis feature. Valid values: true false'."\n", + 'type' => 'boolean', + 'example' => '0', + ], + 'MainUserId' => [ + 'title' => '购买威胁分析的阿里云账号ID。', + 'description' => 'The ID of the Alibaba Cloud account that is used to purchase the threat analysis feature.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '123XXXXXXXXX', + ], + 'SubUserId' => [ + 'title' => '威胁分析阿里云账号ID。', + 'description' => 'The ID of the Alibaba Cloud account that can be used to perform operations supported by the threat analysis feature.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '123XXXXXXXX', + ], + 'SubUserName' => [ + 'title' => '威胁分析阿里云账号名字。', + 'description' => 'The username of the Alibaba Cloud account that can be used to perform operations supported by the threat analysis feature.'."\n", + 'type' => 'string', + 'example' => 'sas_account_xxx', + ], + ], + ], + 'RequestId' => [ + 'title' => '请求消息ID。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '6276D891-*****-55B2-87B9-74D413F7****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorCode' => 'InternalError', + 'errorMessage' => 'The request processing has failed due to some unknown error.', + ], + ], + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"DiplayLine\\": \\"cn-shanghai.siem-project.siem-logstore\\",\\n \\"SourceProdCode\\": \\"sas\\",\\n \\"SourceLogCode\\": \\"cloud_siem_aegis_proc\\",\\n \\"Displayed\\": true,\\n \\"Imported\\": true,\\n \\"MainUserId\\": 0,\\n \\"SubUserId\\": 0,\\n \\"SubUserName\\": \\"sas_account_xxx\\"\\n },\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', + 'title' => 'AddUserSourceLogConfig', + ], + 'AddDataSourceLog' => [ + 'summary' => 'Adds logs of a cloud account to the threat analysis feature.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'http', + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'write', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'create', + 'riskType' => 'none', + 'chargeType' => 'free', + ], + 'parameters' => [ + [ + 'name' => 'LogCode', + 'in' => 'formData', + 'schema' => [ + 'title' => '日志code。', + 'description' => 'The log code.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cloud_siem_waf_xxxxx', + ], + ], + [ + 'name' => 'DataSourceInstanceId', + 'in' => 'formData', + 'schema' => [ + 'title' => '数据源ID,由威胁分析根据具体参数计算md5生成。', + 'description' => 'The ID of the data source. The ID is an MD5 hash value that is calculated by the threat analysis feature based on specific parameters. You can call the [ListDataSourceLogs](https://api.aliyun-inc.com/#/publishment/document/cloud-siem/863fdf54478f4cc5877e27c2a5fe9e44?tenantUuid=f382fccd88b94c5c8c864def6815b854\\&activeTabKey=api%7CListDataSourceLogs) operation to query the IDs of data sources.'."\n", + 'type' => 'string', + 'required' => true, + 'example' => '220ba97c9d1fdb0b9c7e8c7ca328d7ea', + ], + ], + [ + 'name' => 'DataSourceInstanceLogs', + 'in' => 'formData', + 'schema' => [ + 'title' => '数据源参数详情,json数组格式。', + 'description' => 'The parameters of the data source. Set this parameter to a JSON array.'."\n", + 'type' => 'string', + 'required' => true, + 'example' => '[{"LogCode":"cloud_siem_qcloud_waf_alert_log","LogParas":"[{\\"ParaCode\\":\\"api_name\\",\\"ParaValue\\":\\"GetAttackDownloadRecords\\"}]"}]', + ], + ], + [ + 'name' => 'AccountId', + 'in' => 'formData', + 'schema' => [ + 'title' => '云账号ID。', + 'description' => 'The ID of the cloud account.'."\n", + 'type' => 'string', + 'required' => true, + 'example' => '123xxxxxxx', + ], + ], + [ + 'name' => 'CloudCode', + 'in' => 'formData', + 'schema' => [ + 'title' => '多云的code。', + 'description' => 'The code of the cloud service provider. Valid values:'."\n" + ."\n" + .'* qcloud: Tencent Cloud'."\n" + .'* aliyun: Alibaba Cloud'."\n" + .'* hcloud: Huawei Cloud'."\n", + 'type' => 'string', + 'required' => true, + 'example' => 'hcloud', + 'enum' => [ + 'qcloud', + 'hcloud', + 'aliyun', + ], + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'CloudSiemSuccessResponse<AddDataSourceLogResult>', + 'description' => 'CloudSiemSuccessResponse'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'object', + 'properties' => [ + 'Count' => [ + 'title' => '添加的日志的数量,等于1表示成功,小于等于0表示失败。', + 'description' => 'The number of logs that are added. The value 1 indicates that the log is added, and a value less than or equal to 0 indicates that the log failed to be added.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '1', + ], + 'LogInstanceId' => [ + 'title' => '日志ID,由威胁分析根据具体参数计算md5生成。', + 'description' => 'The ID of the log. The ID is an MD5 hash value that is calculated by the threat analysis feature based on specific parameters.'."\n", + 'type' => 'string', + 'example' => 'ef33097c9d1fdb0b9c7e8c7ca320pkl1', + ], + ], + ], + 'RequestId' => [ + 'title' => '请求消息ID。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '6276D891-*****-55B2-87B9-74D413F7****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorCode' => 'InternalError', + 'errorMessage' => 'The request processing has failed due to some unknown error.', + ], + ], + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"Count\\": 1,\\n \\"LogInstanceId\\": \\"ef33097c9d1fdb0b9c7e8c7ca320pkl1\\"\\n },\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', + 'title' => 'AddDataSourceLog', + ], + 'AddDataSource' => [ + 'summary' => 'Adds a data source to a cloud account that is added to the threat analysis feature.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'http', + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'write', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'create', + 'riskType' => 'none', + 'chargeType' => 'free', + ], + 'parameters' => [ + [ + 'name' => 'AccountId', + 'in' => 'formData', + 'schema' => [ + 'title' => '云账号ID。', + 'description' => 'The ID of the cloud account.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '123xxxxxxxx', + ], + ], + [ + 'name' => 'DataSourceType', + 'in' => 'formData', + 'schema' => [ + 'title' => '数据源类型。取值:'."\n" + .' - obs:华为云obs。'."\n" + .' - wafApi:腾讯云waf下载api。 '."\n" + .' - ckafka: 腾讯云ckafka。', + 'description' => 'The type of the data source. Valid values:'."\n" + ."\n" + .'* obs: Huawei Cloud Object Storage Service (OBS)'."\n" + .'* wafApi: download API of Tencent Cloud Web Application Firewall (WAF)'."\n" + .'* ckafka: Tencent Cloud Kafka (CKafka)'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'obs', + ], + ], + [ + 'name' => 'DataSourceInstanceName', + 'in' => 'formData', + 'schema' => [ + 'title' => '数据源名称。', + 'description' => 'The name of the data source.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'beijing_waf_kafka', + ], + ], + [ + 'name' => 'DataSourceInstanceRemark', + 'in' => 'formData', + 'schema' => [ + 'title' => '数据源备注。', + 'description' => 'The remarks on the data source.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'waf_alert_log', + ], + ], + [ + 'name' => 'DataSourceInstanceParams', + 'in' => 'formData', + 'schema' => [ + 'title' => '数据源参数,json数组格式。', + 'description' => 'The parameters of the data source. Set this parameter to a JSON array.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '[{"paraCode":"region_code","paraValue":"ap-guangzhou"}]', + ], + ], + [ + 'name' => 'CloudCode', + 'in' => 'formData', + 'schema' => [ + 'title' => '多云的code。', + 'description' => 'The code of the cloud service provider.'."\n" + ."\n" + .'Valid values:'."\n" + ."\n" + .'* qcloud'."\n" + .'* hcloud'."\n" + .'* aliyun'."\n", + 'type' => 'string', + 'required' => true, + 'example' => 'hcloud', + 'enum' => [ + 'qcloud', + 'hcloud', + 'aliyun', + ], + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'CloudSiemSuccessResponse<AddDataSourceResult>', + 'description' => 'CloudSiemSuccessResponse'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'object', + 'properties' => [ + 'Count' => [ + 'title' => '添加数据源的数量,等于1表示成功,小于等于0表示失败。', + 'description' => 'The number of data sources that are added. The value 1 indicates that data source is added, and a value less than or equal to 0 indicates that the data source failed to be added.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '1', + ], + 'DataSourceInstanceId' => [ + 'title' => '数据源ID,由威胁分析根据具体参数计算md5生成。', + 'description' => 'The ID of the data source. The ID is an MD5 hash value that is calculated by the threat analysis feature based on specific parameters.'."\n", + 'type' => 'string', + 'example' => '220ba97c9d1fdb0b9c7e8c7ca328d7ea', + ], + ], + ], + 'RequestId' => [ + 'title' => '请求消息ID。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '6276D891-*****-55B2-87B9-74D413F7****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorCode' => 'InternalError', + 'errorMessage' => 'The request processing has failed due to some unknown error.', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"Count\\": 1,\\n \\"DataSourceInstanceId\\": \\"220ba97c9d1fdb0b9c7e8c7ca328d7ea\\"\\n },\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', + 'title' => 'AddDataSource', + ], + 'ListBindAccount' => [ + 'summary' => 'Queries a list of cloud accounts that are added to the threat analysis feature.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'http', + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'list', + 'riskType' => 'none', + 'chargeType' => 'free', + ], + 'parameters' => [ + [ + 'name' => 'CloudCode', + 'in' => 'formData', + 'schema' => [ + 'title' => '多云的code。', + 'description' => 'The code of the cloud service provider. Valid values:'."\n" + ."\n" + .'* qcloud: Tencent Cloud'."\n" + .'* aliyun: Alibaba Cloud'."\n" + .'* hcloud: Huawei Cloud'."\n", + 'type' => 'string', + 'required' => true, + 'enumValueTitles' => [], + 'example' => 'hcloud', + 'enum' => [ + 'qcloud', + 'hcloud', + ], + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'type' => 'integer', + 'format' => 'int64', + ], + ], + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'type' => 'integer', + 'format' => 'int32', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => '已经绑定的账号列表。', + 'description' => 'The response parameters.'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'AccountName' => [ + 'title' => '账号名称。', + 'description' => 'The username of the cloud account.'."\n", + 'type' => 'string', + 'example' => 'sas_account_xxx', + ], + 'AccessId' => [ + 'title' => '已经绑定ACCESS_KEY_ID。', + 'description' => 'The AccessKey ID of the cloud account.'."\n", + 'type' => 'string', + 'example' => 'ABCXXXXXXXX', + ], + 'DataSourceCount' => [ + 'title' => '该账号下绑定数据源的数量。', + 'description' => 'The number of data sources that are added to the threat analysis feature within the cloud account.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '2', + ], + 'ModifyTime' => [ + 'title' => '修改时间。', + 'description' => 'The modification time.'."\n", + 'type' => 'string', + 'example' => '2023-11-10 12:20:35', + ], + 'CreateUser' => [ + 'title' => '该账号绑定者。', + 'description' => 'The ID of the account that is used to add the cloud account.'."\n", + 'type' => 'string', + 'example' => '123xxxxxxx', + ], + 'BindId' => [ + 'title' => '绑定ID。', + 'description' => 'The ID that is generated when the cloud account is added.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '123xxxxxxx', + ], + 'AccountId' => [ + 'title' => '云账号ID。', + 'description' => 'The ID of the cloud account.'."\n", + 'type' => 'string', + 'example' => '123xxxxxxx', + ], + 'CloudCode' => [ + 'title' => '多云的code。', + 'description' => 'The code of the cloud service provider. Valid values:'."\n" + ."\n" + .'* qcloud: Tencent Cloud'."\n" + .'* aliyun: Alibaba Cloud'."\n" + .'* hcloud: Huawei Cloud'."\n", + 'type' => 'string', + 'enumValueTitles' => [], + 'example' => 'hcloud', + 'enum' => [ + 'qcloud', + 'hcloud', + ], + ], + ], + 'description' => '', + ], + ], + 'RequestId' => [ + 'title' => '请求消息ID。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '6276D891-*****-55B2-87B9-74D413F7****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorCode' => 'InternalError', + 'errorMessage' => 'The request processing has failed due to some unknown error.', + ], + ], + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"AccountName\\": \\"XXXX公司\\",\\n \\"AccessId\\": \\"ABCXXXXXXXX\\",\\n \\"DataSourceCount\\": 2,\\n \\"ModifyTime\\": \\"2023-11-10 12:20:35\\",\\n \\"CreateUser\\": \\"123xxxxxxx\\",\\n \\"BindId\\": 0,\\n \\"AccountId\\": \\"123xxxxxxx\\",\\n \\"CloudCode\\": \\"hcloud\\"\\n }\\n ],\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', + 'title' => 'ListBindAccount', + ], + 'ListAccountAccessId' => [ + 'summary' => 'Queries a list of AccessKey IDs of third-party cloud accounts that are added to the threat analysis feature.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'http', + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'list', + 'riskType' => 'none', + 'chargeType' => 'free', + 'abilityTreeCode' => '195478', + 'abilityTreeNodes' => [ + 'FEATUREsas5NAHBX', + ], + ], + 'parameters' => [ + [ + 'name' => 'CloudCode', + 'in' => 'formData', + 'schema' => [ + 'title' => '多云的code。', + 'description' => 'The code of the cloud service provider.'."\n" + ."\n" + .'Valid values:'."\n" + ."\n" + .'* qcloud'."\n" + .'* hcloud', + 'type' => 'string', + 'required' => true, + 'example' => 'hcloud', + 'enum' => [ + 'qcloud', + 'hcloud', + ], + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'description' => 'The ID of the account that you switch from the management account.', + 'example' => '113091674488****', + ], + ], + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'description' => 'The type of the view. Valid values:'."\n" + .'- 0: the current Alibaba Cloud account'."\n" + .'- 1: the global account', + 'example' => '0', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'CloudSiemSuccessResponse<List<ListAccountAccessIdResult>>', + 'description' => 'The response parameters.', + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'array', + 'items' => [ + 'description' => 'The data returned.'."\n", + 'type' => 'object', + 'properties' => [ + 'SubUserId' => [ + 'title' => '多云AccessKeyId对应的阿里云账号ID。', + 'description' => 'The ID of the Alibaba Cloud account that is used to add the third-party cloud account.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => 'ABCXXXXXXXX', + ], + 'AccessIdMd5' => [ + 'title' => '多云AccessKeyId对应的MD5值。', + 'description' => 'The MD5 hash value of the AccessKey ID.'."\n", + 'type' => 'string', + 'example' => 'abcXXXXXXXX', + ], + 'AccountStr' => [ + 'title' => '多云AccessKeyId所属的账号信息,格式为阿里云账号ID|阿里云账号名称|多云AccessKeyId。', + 'description' => 'The information about the cloud account to which the AccessKey ID belongs. The value is in the following format: Alibaba Cloud account ID|Alibaba Cloud account username|AccessKey ID.'."\n", + 'type' => 'string', + 'example' => '123xxxxxx|xxxx|ABCXXXXX', + ], + 'Bound' => [ + 'title' => '该AccessKeyId是否已经被绑定到威胁分析。取值:'."\n" + .' - 0 : 未绑定。'."\n" + .' - 1:已绑定。', + 'description' => 'Indicates whether the cloud account to which the AccessKey ID belongs is added to the threat analysis feature. Valid values:'."\n" + ."\n" + .'* 0: no'."\n" + .'* 1: yes'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '1', + ], + 'AccessId' => [ + 'title' => '已经绑定ACCESS_KEY_ID。', + 'description' => 'The AccessKey ID of the cloud account that is added to the threat analysis feature.'."\n", + 'type' => 'string', + 'example' => 'ABCXXXXXXXX', + ], + 'AccountId' => [ + 'title' => '云账号ID。', + 'description' => 'The ID of the cloud account.'."\n", + 'type' => 'string', + 'example' => '123xxxxxxx', + ], + 'CloudCode' => [ + 'title' => '多云的code。', + 'description' => 'The code of the cloud service provider.'."\n", + 'type' => 'string', + 'example' => 'hcloud', + 'enum' => [ + 'qcloud', + 'hcloud', + ], + ], + ], + ], + ], + 'Success' => [ + 'title' => '本次请求是否成功。取值:'."\n" + .'- true:成功'."\n" + .'- false:失败', + 'description' => 'Indicates whether the request was successful. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'Code' => [ + 'title' => 'HTTP状态码。', + 'description' => 'The HTTP status code.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '200', + ], + 'Message' => [ + 'title' => '返回消息描述。', + 'description' => 'The returned message.'."\n", + 'type' => 'string', + 'example' => 'success', + ], + 'RequestId' => [ + 'title' => '请求消息ID。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '6276D891-*****-55B2-87B9-74D413F7****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorCode' => 'InternalError', + 'errorMessage' => 'The request processing has failed due to some unknown error.', + ], + ], + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"SubUserId\\": 0,\\n \\"AccessIdMd5\\": \\"abcXXXXXXXX\\",\\n \\"AccountStr\\": \\"123xxxxxx|xxxx|ABCXXXXX\\",\\n \\"Bound\\": 1,\\n \\"AccessId\\": \\"ABCXXXXXXXX\\",\\n \\"AccountId\\": \\"123xxxxxxx\\",\\n \\"CloudCode\\": \\"hcloud\\"\\n }\\n ],\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', + 'title' => 'ListAccountAccessId', + ], + 'SubmitImportLogTasks' => [ + 'summary' => 'Submits log collection tasks at a time.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'http', + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'write', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'create', + 'riskType' => 'none', + 'chargeType' => 'free', + 'abilityTreeCode' => '195545', + 'abilityTreeNodes' => [ + 'FEATUREsas5NAHBX', + ], + ], + 'parameters' => [ + [ + 'name' => 'ProdCode', + 'in' => 'formData', + 'schema' => [ + 'title' => '产品的code。', + 'description' => 'The code of the service.'."\n", + 'type' => 'string', + 'required' => true, + 'example' => 'qcloud_waf', + ], + ], + [ + 'name' => 'LogCodes', + 'in' => 'formData', + 'schema' => [ + 'title' => '提交接入的日志列表,json数组格式。', + 'description' => 'The logs that you want to collect. The value is a JSON array.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '["cloud_siem_qcloud_cfw_alert_log"]', + ], + ], + [ + 'name' => 'Accounts', + 'in' => 'formData', + 'schema' => [ + 'title' => '提交接入的账号列表,json数组格式。取值:'."\n" + .' - AccountId:待接入的账号ID。 '."\n" + .' - Imported:'."\n" + .' - 0:取消接入。 '."\n" + .' - 1:接入。', + 'description' => 'The accounts that you want to add. The value is a JSON array. Valid values:'."\n" + ."\n" + .'* AccountId: the IDs of the accounts.'."\n" + ."\n" + .'* Imported: specifies whether to add the accounts. Valid values:'."\n" + ."\n" + .' * 0: no'."\n" + .' * 1: yes'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '[{"AccountId":"123123","Imported":1}]', + ], + ], + [ + 'name' => 'AutoImported', + 'in' => 'formData', + 'schema' => [ + 'title' => '是否自动接入配置了该日志的账号。取值:'."\n" + .' - 1:自动接入。 '."\n" + .' - 0:不自动接入。', + 'description' => 'Specifies whether to automatically add the account for which the logging feature is configured. Valid values:'."\n" + ."\n" + .'* 1: yes'."\n" + .'* 0: no'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '["cloud_siem_qcloud_cfw_alert_log"]', + ], + ], + [ + 'name' => 'CloudCode', + 'in' => 'formData', + 'schema' => [ + 'title' => '多云的code。', + 'description' => 'The code that is used for multi-cloud environments. Valid values:'."\n" + ."\n" + .'* qcloud: Tencent Cloud'."\n" + .'* aliyun: Alibaba Cloud'."\n" + .'* hcloud: Huawei Cloud', + 'type' => 'string', + 'required' => true, + 'example' => 'hcloud', + 'enum' => [ + 'qcloud', + 'hcloud', + 'aliyun', + ], + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The data management center of the threat analysis feature. Specify this parameter based on the region where your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions inside China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'description' => 'The ID of the account that you switch from the management account.', + 'example' => '113091674488****', + ], + ], + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'description' => 'The type of the view. Valid values:'."\n" + .'- 0: the current Alibaba Cloud account'."\n" + .'- 1: the global account', + 'example' => '0', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'CloudSiemSuccessResponse<SubmitImportLogTasksResult>', + 'description' => 'CloudSiemSuccessResponse'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'object', + 'properties' => [ + 'Count' => [ + 'title' => '成功提交的日志接入任务数量。', + 'description' => 'The number of log collection tasks that are submitted.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '10', + ], + ], + ], + 'RequestId' => [ + 'title' => '请求消息ID。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '6276D891-*****-55B2-87B9-74D413F7****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorCode' => 'InternalError', + 'errorMessage' => 'The request processing has failed due to some unknown error.', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'eventInfo' => [ + 'enable' => false, + 'eventNames' => [], + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"Count\\": 10\\n },\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', + 'title' => 'SubmitImportLogTasks', + ], + 'DescribeAlertsWithEntity' => [ + 'summary' => 'Queries the alerts that are associated with an entity.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'http', + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'riskType' => 'none', + 'chargeType' => 'free', + 'abilityTreeNodes' => [ + 'FEATUREsas731ZAS', + ], + ], + 'parameters' => [ + [ + 'name' => 'IncidentUuid', + 'in' => 'formData', + 'schema' => [ + 'title' => '事件全局唯一ID。', + 'description' => 'The UUID of the event.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '85ea4241-798f-4684-a876-65d4f0c3****', + ], + ], + [ + 'name' => 'SophonTaskId', + 'in' => 'formData', + 'schema' => [ + 'title' => 'soar处置策略ID。', + 'description' => 'The ID of the SOAR handing policy.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '577bbf90-a770-44a7-8154-586aa2d318fa', + ], + ], + [ + 'name' => 'EntityId', + 'in' => 'formData', + 'schema' => [ + 'title' => '实体ID。', + 'description' => 'The ID of the entity.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '123456789', + ], + ], + [ + 'name' => 'EntityUuid', + 'in' => 'formData', + 'schema' => [ + 'title' => '实体ID。', + 'type' => 'string', + 'example' => '123456789', + ], + ], + [ + 'name' => 'StartTime', + 'in' => 'formData', + 'schema' => [ + 'title' => '查询开始时间, 单位毫秒。', + 'type' => 'integer', + 'format' => 'int64', + 'example' => '1577808000000', + ], + ], + [ + 'name' => 'EndTime', + 'in' => 'formData', + 'schema' => [ + 'title' => '查询结束时间, 单位毫秒。', + 'type' => 'integer', + 'format' => 'int64', + 'example' => '1577808000000', + ], + ], + [ + 'name' => 'CurrentPage', + 'in' => 'formData', + 'schema' => [ + 'title' => '列表当前页号, 大于等于1。', + 'description' => 'The page number. Pages start from page 1.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'required' => true, + 'minimum' => '1', + 'example' => '1', + ], + ], + [ + 'name' => 'PageSize', + 'in' => 'formData', + 'schema' => [ + 'title' => '列表每页条数, 最大不超过100。', + 'description' => 'The number of entries per page. Maximum value: 100.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'required' => true, + 'maximum' => '100', + 'minimum' => '1', + 'example' => '10', + ], + ], + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The type of the view. Valid values:'."\n" + .'- 0: the current Alibaba Cloud account'."\n" + .'- 1: the global account', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + 'title' => '0,单账号登录;1,全局视图;2,切换视图;3,局部视图', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The ID of the account that you switch from the management account.', + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '113091674488****', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'PageResponse<List<AlertDetail>>', + 'description' => 'PageResponse\\<List>'."\n", + 'type' => 'object', + 'properties' => [ + 'Success' => [ + 'title' => '请求是否成功。取值:'."\n" + .'- true:成功'."\n" + .'- false:失败', + 'description' => 'Indicates whether the request was successful. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'Code' => [ + 'title' => '请求状态码。', + 'description' => 'The HTTP status code.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '200', + ], + 'Message' => [ + 'title' => '请求返回消息。', + 'description' => 'The returned message.'."\n", + 'type' => 'string', + 'example' => 'success', + ], + 'RequestId' => [ + 'title' => '请求id。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', + ], + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'object', + 'properties' => [ + 'PageInfo' => [ + 'title' => '分页记录。', + 'description' => 'The pagination information.'."\n", + 'type' => 'object', + 'properties' => [ + 'CurrentPage' => [ + 'title' => '列表当前页号。', + 'description' => 'The current page number.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '1', + ], + 'PageSize' => [ + 'title' => '每页返回记录数。', + 'description' => 'The number of entries per page.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '10', + ], + 'TotalCount' => [ + 'title' => '记录总数。', + 'description' => 'The total number of entries returned.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '100', + ], + ], + ], + 'ResponseData' => [ + 'title' => '详细数据。', + 'description' => 'The detailed data.'."\n", + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'Id' => [ + 'title' => '告警唯一ID。', + 'description' => 'The unique ID of the alert.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '123456789', + ], + 'GmtCreate' => [ + 'title' => '告警入库时间。', + 'description' => 'The time when the alert was received.'."\n", + 'type' => 'string', + 'example' => '2021-01-06 16:37:29', + ], + 'GmtModified' => [ + 'title' => '告警最后更新时间。', + 'description' => 'The time when the alert was last updated.'."\n", + 'type' => 'string', + 'example' => '2021-01-06 16:37:29', + ], + 'MainUserId' => [ + 'title' => '告警关联siem主账号ID。', + 'description' => 'The ID of the Alibaba Cloud account that is associated with the alert in SIEM.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '127608589417****', + ], + 'IncidentUuid' => [ + 'title' => '事件全局唯一id。', + 'description' => 'The UUID of the event.'."\n", + 'type' => 'string', + 'example' => '85ea4241-798f-4684-a876-65d4f0c3****', + ], + 'AlertUuid' => [ + 'title' => '告警id。', + 'description' => 'The UUID of the alert.'."\n", + 'type' => 'string', + 'example' => 'sas_71e24437d2797ce8fc59692905a4****', + ], + 'LogTime' => [ + 'title' => '告警记录时间。', + 'description' => 'The time when the alert was recorded.'."\n", + 'type' => 'string', + 'example' => '2021-01-06 16:37:29', + ], + 'AlertSrcProd' => [ + 'title' => '事件关联告警来源产品。', + 'description' => 'The source of the alert.'."\n", + 'type' => 'string', + 'example' => 'sas', + ], + 'AlertTitle' => [ + 'title' => '告警标题。', + 'description' => 'The title of the alert.'."\n", + 'type' => 'string', + 'example' => 'Scan-Try SNMP weak password', + ], + 'AlertTitleEn' => [ + 'title' => '告警标题英文。', + 'description' => 'The alert title in English.'."\n", + 'type' => 'string', + 'example' => 'Scan-Try SNMP weak password', + ], + 'AlertType' => [ + 'title' => '告警类型。', + 'description' => 'The type of the alert.'."\n", + 'type' => 'string', + 'example' => 'Scan', + ], + 'AlertTypeEn' => [ + 'title' => '告警类型英文。', + 'description' => 'The alert type in English.'."\n", + 'type' => 'string', + 'example' => 'Scan', + ], + 'AlertTypeCode' => [ + 'title' => '告警类型美杜莎code。', + 'description' => 'The internal code of the alert type.'."\n", + 'type' => 'string', + 'example' => 'security_event_config.event_name.webshellName', + ], + 'AlertName' => [ + 'title' => '告警名称。', + 'description' => 'The name of the alert.'."\n", + 'type' => 'string', + 'example' => 'Try SNMP weak password', + ], + 'AlertNameEn' => [ + 'title' => '告警名称。', + 'description' => 'The name of the alert.'."\n", + 'type' => 'string', + 'example' => 'Try SNMP weak password', + ], + 'AlertNameCode' => [ + 'title' => '告警名称美杜莎code。', + 'description' => 'The internal code of the alert name.'."\n", + 'type' => 'string', + 'example' => 'security_event_config.event_name.webshell', + ], + 'AlertLevel' => [ + 'title' => '威胁等级。 取值:'."\n" + .'- serious:高危'."\n" + .'- suspicious:中危'."\n" + .'- remind:低危', + 'description' => 'The risk level. Valid values:'."\n" + ."\n" + .'* serious: high'."\n" + .'* suspicious: medium'."\n" + .'* remind: low'."\n", + 'type' => 'string', + 'example' => 'remind', + ], + 'AssetList' => [ + 'title' => '资产列表。', + 'description' => 'The details of the asset.'."\n", + 'type' => 'string', + 'example' => '['."\n" + .' {'."\n" + .' "is_main_asset": "1",'."\n" + .' "asset_name": "47.245.*",'."\n" + .' "port": "22",'."\n" + .' "ip": "47.245.*",'."\n" + .' "asset_type": "ip",'."\n" + .' "location": "ap-southeast-1",'."\n" + .' "asset_id": "47.245.*",'."\n" + .' "net_connect_dir": "in"'."\n" + .' }'."\n" + .']', + ], + 'OccurTime' => [ + 'title' => '告警发生时间。', + 'description' => 'The time when the alert was triggered.'."\n", + 'type' => 'string', + 'example' => '2021-01-06 16:37:29', + ], + 'StartTime' => [ + 'title' => '告警首次发生时间。', + 'description' => 'The time at which the alert was first generated.'."\n", + 'type' => 'string', + 'example' => '2021-01-06 16:37:29', + ], + 'EndTime' => [ + 'title' => '告警结束时间。', + 'description' => 'The time when the alert was closed.'."\n", + 'type' => 'string', + 'example' => '2021-01-06 16:37:29', + ], + 'AlertSrcProdModule' => [ + 'title' => '事件关联告警来源产品子模块。', + 'description' => 'The sub-module of the alert source.'."\n", + 'type' => 'string', + 'example' => 'waf', + ], + 'AlertDesc' => [ + 'title' => '告警描述。', + 'description' => 'The description of the alert.'."\n", + 'type' => 'string', + 'example' => 'The detection model found a suspicious Webshell file on your server, which may be a backdoor file implanted to maintain permissions after the attacker successfully invaded the website.', + ], + 'AlertDescEn' => [ + 'title' => '告警英文描述。', + 'description' => 'The alert description in English.'."\n", + 'type' => 'string', + 'example' => 'The detection model found a suspicious Webshell file on your server, which may be a backdoor file implanted to maintain permissions after the attacker successfully invaded the website.', + ], + 'AlertDescCode' => [ + 'title' => '告警描述美杜莎code。', + 'description' => 'The internal code of the alert description.'."\n", + 'type' => 'string', + 'example' => 'security_event_config.event_name.webshell'."\n", + ], + 'AlertDetail' => [ + 'title' => '告警详情。', + 'description' => 'The details of the alert.'."\n", + 'type' => 'string', + 'example' => '{"main_user_id": "165295629792****";"log_uuid_count": "99";"attack_ip": "21.92.*.*"}', + ], + 'LogUuid' => [ + 'title' => '告警log UUID。', + 'description' => 'The UUID of the alert log.'."\n", + 'type' => 'string', + 'example' => 'cfw_d12e285a-a042-4d7e-be89-f8a795ef****', + ], + 'EntityList' => [ + 'title' => '实体详情(标准化/开启索引)', + 'type' => 'string', + ], + 'AttCk' => [ + 'title' => 'ATTCT&攻击技术标签。', + 'description' => 'The tag of the ATT\\&CK attack.'."\n", + 'type' => 'string', + 'example' => 'T1595.002 Vulnerability Scanning', + ], + 'SubUserId' => [ + 'title' => '产生告警阿里账号ID。', + 'description' => 'The ID of the Alibaba Cloud account within which the alert is generated.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '176555323***', + ], + 'SubUserName' => [ + 'title' => '产生告警阿里账号ID。', + 'type' => 'string', + 'example' => '176555323***', + ], + 'IsDefend' => [ + 'title' => '是否已防御', + 'description' => 'Specifies whether an attack is defended. Valid values:'."\n" + ."\n" + .'* 0: detected'."\n" + .'* 1: blocked'."\n", + 'type' => 'string', + 'example' => '1', + ], + 'AlertInfoList' => [ + 'title' => '告警详细数据。', + 'description' => 'The displayed details of the alert.'."\n", + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'Key' => [ + 'title' => '告警详细属性key。', + 'description' => 'The attribute key.'."\n", + 'type' => 'string', + 'example' => 'suspicious.wbd.wb.trojanpath', + ], + 'KeyName' => [ + 'title' => '告警详细数据名称。', + 'description' => 'The name of the key.'."\n", + 'type' => 'string', + 'example' => 'Trojan Path'."\n", + ], + 'Values' => [ + 'title' => '告警详细数据值。', + 'description' => 'The value of the key.'."\n", + 'type' => 'string', + 'example' => '/root/test33.php', + ], + ], + ], + 'example' => 'aliyun', + ], + 'CloudCode' => [ + 'title' => '', + 'description' => 'The cloud code. Valid values:'."\n" + ."\n" + .'* aliyun: Alibaba Cloud'."\n" + .'* qcloud: Tencent Cloud'."\n" + .'* hcloud: Huawei Cloud'."\n", + 'type' => 'string', + 'example' => 'aliyun', + ], + 'ProductId' => [ + 'type' => 'string', + ], + 'VendorId' => [ + 'type' => 'string', + ], + 'DetectionRuleId' => [ + 'type' => 'string', + ], + ], + ], + ], + ], + 'example' => '123456', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorMessage' => 'The request processing has failed due to some unknown error.', + 'errorCode' => 'InternalError', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\",\\n \\"Data\\": {\\n \\"PageInfo\\": {\\n \\"CurrentPage\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 100\\n },\\n \\"ResponseData\\": [\\n {\\n \\"Id\\": 123456789,\\n \\"GmtCreate\\": \\"2021-01-06 16:37:29\\",\\n \\"GmtModified\\": \\"2021-01-06 16:37:29\\",\\n \\"MainUserId\\": 0,\\n \\"IncidentUuid\\": \\"85ea4241-798f-4684-a876-65d4f0c3****\\",\\n \\"AlertUuid\\": \\"sas_71e24437d2797ce8fc59692905a4****\\",\\n \\"LogTime\\": \\"2021-01-06 16:37:29\\",\\n \\"AlertSrcProd\\": \\"sas\\",\\n \\"AlertTitle\\": \\"Scan-Try SNMP weak password\\",\\n \\"AlertTitleEn\\": \\"Scan-Try SNMP weak password\\",\\n \\"AlertType\\": \\"Scan\\",\\n \\"AlertTypeEn\\": \\"Scan\\",\\n \\"AlertTypeCode\\": \\"security_event_config.event_name.webshellName\\",\\n \\"AlertName\\": \\"Try SNMP weak password\\",\\n \\"AlertNameEn\\": \\"Try SNMP weak password\\",\\n \\"AlertNameCode\\": \\"security_event_config.event_name.webshell\\",\\n \\"AlertLevel\\": \\"remind\\",\\n \\"AssetList\\": \\"[\\\\n {\\\\n \\\\\\"is_main_asset\\\\\\": \\\\\\"1\\\\\\",\\\\n \\\\\\"asset_name\\\\\\": \\\\\\"47.245.*\\\\\\",\\\\n \\\\\\"port\\\\\\": \\\\\\"22\\\\\\",\\\\n \\\\\\"ip\\\\\\": \\\\\\"47.245.*\\\\\\",\\\\n \\\\\\"asset_type\\\\\\": \\\\\\"ip\\\\\\",\\\\n \\\\\\"location\\\\\\": \\\\\\"ap-southeast-1\\\\\\",\\\\n \\\\\\"asset_id\\\\\\": \\\\\\"47.245.*\\\\\\",\\\\n \\\\\\"net_connect_dir\\\\\\": \\\\\\"in\\\\\\"\\\\n }\\\\n]\\",\\n \\"OccurTime\\": \\"2021-01-06 16:37:29\\",\\n \\"StartTime\\": \\"2021-01-06 16:37:29\\",\\n \\"EndTime\\": \\"2021-01-06 16:37:29\\",\\n \\"AlertSrcProdModule\\": \\"waf\\",\\n \\"AlertDesc\\": \\"The detection model found a suspicious Webshell file on your server, which may be a backdoor file implanted to maintain permissions after the attacker successfully invaded the website.\\",\\n \\"AlertDescEn\\": \\"The detection model found a suspicious Webshell file on your server, which may be a backdoor file implanted to maintain permissions after the attacker successfully invaded the website.\\",\\n \\"AlertDescCode\\": \\"security_event_config.event_name.webshell\\\\n\\",\\n \\"AlertDetail\\": \\"{\\\\\\"main_user_id\\\\\\": \\\\\\"165295629792****\\\\\\";\\\\\\"log_uuid_count\\\\\\": \\\\\\"99\\\\\\";\\\\\\"attack_ip\\\\\\": \\\\\\"21.92.*.*\\\\\\"}\\",\\n \\"LogUuid\\": \\"cfw_d12e285a-a042-4d7e-be89-f8a795ef****\\",\\n \\"EntityList\\": \\"[{\\\\\\"entity_uuid\\\\\\":\\\\\\"55f0c0654d7e79b035a5168fcb4****\\\\\\",\\\\\\"entity_type\\\\\\":\\\\\\"cloud_account\\\\\\",\\\\\\"account_id\\\\\\":\\\\\\"15176874502****\\\\\\",\\\\\\"main_user_id\\\\\\":\\\\\\"15176874502****\\\\\\",\\\\\\"cloud_code\\\\\\":\\\\\\"alibaba_cloud\\\\\\",\\\\\\"is_asset\\\\\\":1,\\\\\\"entity_id\\\\\\":\\\\\\"151768745029****\\\\\\"}]\\",\\n \\"AttCk\\": \\"T1595.002 Vulnerability Scanning\\",\\n \\"SubUserId\\": 0,\\n \\"SubUserName\\": \\"176555323***\\",\\n \\"IsDefend\\": \\"1\\",\\n \\"AlertInfoList\\": [\\n {\\n \\"Key\\": \\"suspicious.wbd.wb.trojanpath\\",\\n \\"KeyName\\": \\"Trojan Path\\\\n\\",\\n \\"Values\\": \\"/root/test33.php\\"\\n }\\n ],\\n \\"CloudCode\\": \\"aliyun\\",\\n \\"ProductId\\": \\"alibaba_cloud_sas\\",\\n \\"VendorId\\": \\"aliyun\\",\\n \\"DetectionRuleId\\": \\"dr-48zs4tk7qfd4rjd9****\\"\\n }\\n ]\\n }\\n}","type":"json"}]', + 'title' => 'DescribeAlertsWithEntity', + ], + 'DescribeAlerts' => [ + 'summary' => 'Queries alerts within your account.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'http', + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'riskType' => 'none', + 'chargeType' => 'free', + 'abilityTreeNodes' => [ + 'FEATUREsas731ZAS', + ], + ], + 'parameters' => [ + [ + 'name' => 'AlertUuid', + 'in' => 'formData', + 'schema' => [ + 'title' => '事件关联告警ID。', + 'description' => 'The UUID of the alert.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'sas_71e24437d2797ce8fc59692905a4****', + ], + ], + [ + 'name' => 'Level', + 'in' => 'formData', + 'style' => 'repeatList', + 'schema' => [ + 'title' => '威胁等级,格式为json数组。取值:'."\n" + .'- serious:高危'."\n" + .'- suspicious:中危'."\n" + .'- remind:低危', + 'description' => 'The risk level. The value is a JSON array. Valid values:'."\n" + ."\n" + .'* serious: high'."\n" + .'* suspicious: medium'."\n" + .'* remind: low'."\n", + 'type' => 'array', + 'items' => [ + 'description' => 'The risk level. The value is a JSON string. Valid values:'."\n" + ."\n" + .'* serious: high'."\n" + .'* suspicious: medium'."\n" + .'* remind: low'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '["remind","serious"]', + ], + 'required' => false, + 'example' => '["serious","suspicious","remind"]', + 'maxItems' => 100, + ], + ], + [ + 'name' => 'Source', + 'in' => 'formData', + 'schema' => [ + 'title' => '事件关联告警来源产品。', + 'description' => 'The source of the alert.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'sas', + ], + ], + [ + 'name' => 'IsDefend', + 'in' => 'formData', + 'schema' => [ + 'title' => '是否已防御', + 'description' => 'Specifies whether an attack is defended. Valid values:'."\n" + ."\n" + .'* 0: detected.'."\n" + .'* 1: blocked.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'AlertTitle', + 'in' => 'formData', + 'schema' => [ + 'title' => '告警标题。', + 'description' => 'The title of the alert.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'Unusual Logon-login_common_account', + ], + ], + [ + 'name' => 'AlertType', + 'in' => 'formData', + 'schema' => [ + 'title' => '告警类型。', + 'type' => 'string', + ], + ], + [ + 'name' => 'AlertName', + 'in' => 'formData', + 'schema' => [ + 'title' => '告警名称。', + 'type' => 'string', + ], + ], + [ + 'name' => 'AssetName', + 'in' => 'formData', + 'schema' => [ + 'title' => '资产名称。', + 'type' => 'string', + ], + ], + [ + 'name' => 'AssetId', + 'in' => 'formData', + 'schema' => [ + 'title' => '资产id。', + 'type' => 'string', + ], + ], + [ + 'name' => 'EntityName', + 'in' => 'formData', + 'schema' => [ + 'title' => '实体名称。', + 'type' => 'string', + ], + ], + [ + 'name' => 'EntityId', + 'in' => 'formData', + 'schema' => [ + 'title' => '实体id。', + 'type' => 'string', + ], + ], + [ + 'name' => 'SubUserId', + 'in' => 'formData', + 'schema' => [ + 'title' => '告警史记关联阿里账号ID。', + 'description' => 'The ID of the Alibaba Cloud account within which the alert is generated.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '176555323***', + ], + ], + [ + 'name' => 'LabelType', + 'in' => 'formData', + 'schema' => [ + 'title' => '告警史记关联阿里账号ID。', + 'type' => 'string', + 'example' => '176555323***', + ], + ], + [ + 'name' => 'AlertStatus', + 'in' => 'formData', + 'style' => 'repeatList', + 'schema' => [ + 'title' => '告警状态', + 'type' => 'array', + 'items' => [ + 'title' => '告警状态', + 'type' => 'string', + 'example' => '1', + ], + 'maxItems' => 100, + ], + ], + [ + 'name' => 'StartTime', + 'in' => 'formData', + 'schema' => [ + 'title' => '查询开始时间, 单位毫秒。', + 'description' => 'The beginning of the time range to query. Unit: milliseconds.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '1577808000000', + ], + ], + [ + 'name' => 'EndTime', + 'in' => 'formData', + 'schema' => [ + 'title' => '查询结束时间, 单位毫秒。', + 'description' => 'The end of the time range to query. Unit: milliseconds.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '1577808000000', + ], + ], + [ + 'name' => 'CurrentPage', + 'in' => 'formData', + 'schema' => [ + 'title' => '列表当前页号, 大于等于1。', + 'description' => 'The page number. Pages start from page 1.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'required' => true, + 'minimum' => '1', + 'example' => '1', + ], + ], + [ + 'name' => 'PageSize', + 'in' => 'formData', + 'schema' => [ + 'title' => '列表每页条数, 最大不超过100。', + 'description' => 'The number of entries per page. Maximum value: 100.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'required' => true, + 'maximum' => '100', + 'minimum' => '1', + 'example' => '10', + ], + ], + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The type of the view. Valid values:'."\n" + .'- 0: the current Alibaba Cloud account'."\n" + .'- 1: the global account', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + 'title' => '0,单账号登录;1,全局视图;2,切换视图;3,局部视图', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The ID of the account that you switch from the management account.', + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '113091674488****', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'PageResponse<List<AlertDetail>>', + 'description' => 'PageResponse\\<List>'."\n", + 'type' => 'object', + 'properties' => [ + 'Success' => [ + 'title' => '请求是否成功。取值:'."\n" + .'- true:成功'."\n" + .'- false:失败', + 'description' => 'Indicates whether the request was successful. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'Code' => [ + 'title' => '请求状态码。', + 'description' => 'The HTTP status code.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '200', + ], + 'Message' => [ + 'title' => '请求返回消息。', + 'description' => 'The returned message.'."\n", + 'type' => 'string', + 'example' => 'success', + ], + 'RequestId' => [ + 'title' => '请求id。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', + ], + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'object', + 'properties' => [ + 'PageInfo' => [ + 'title' => '分页记录。', + 'description' => 'The pagination information.'."\n", + 'type' => 'object', + 'properties' => [ + 'CurrentPage' => [ + 'title' => '列表当前页号。', + 'description' => 'The current page number.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '1', + ], + 'PageSize' => [ + 'title' => '每页返回记录数。', + 'description' => 'The number of entries per page.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '10', + ], + 'TotalCount' => [ + 'title' => '记录总数。', + 'description' => 'The total number of entries returned.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '100', + ], + ], + ], + 'ResponseData' => [ + 'title' => '详细数据。', + 'description' => 'The detailed data.'."\n", + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'Id' => [ + 'title' => '告警唯一ID。', + 'description' => 'The unique ID of the alert.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '123456789', + ], + 'GmtCreate' => [ + 'title' => '告警入库时间。', + 'description' => 'The time when the alert was received.'."\n", + 'type' => 'string', + 'example' => '2021-01-06 16:37:29', + ], + 'GmtModified' => [ + 'title' => '告警最后更新时间。', + 'description' => 'The time when the alert was last updated.'."\n", + 'type' => 'string', + 'example' => '2021-01-06 16:37:29', + ], + 'MainUserId' => [ + 'title' => '告警关联siem主账号ID。', + 'description' => 'The ID of the Alibaba Cloud account that is associated with the alert in SIEM.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '127608589417****', + ], + 'IncidentUuid' => [ + 'title' => '事件全局唯一id。', + 'description' => 'The UUID of the event.'."\n", + 'type' => 'string', + 'example' => '85ea4241-798f-4684-a876-65d4f0c3****', + ], + 'AlertUuid' => [ + 'title' => '告警id。', + 'description' => 'The UUID of the alert.'."\n", + 'type' => 'string', + 'example' => 'sas_71e24437d2797ce8fc59692905a4****', + ], + 'LogTime' => [ + 'title' => '告警记录时间。', + 'description' => 'The time when the alert was recorded.'."\n", + 'type' => 'string', + 'example' => '2021-01-06 16:37:29', + ], + 'AlertSrcProd' => [ + 'title' => '事件关联告警来源产品。', + 'description' => 'The service for which the alert associated with the event is generated.'."\n", + 'type' => 'string', + 'example' => 'sas', + ], + 'AlertTitle' => [ + 'title' => '告警标题。', + 'description' => 'The title of the alert.'."\n", + 'type' => 'string', + 'example' => 'Scan-Try SNMP weak password', + ], + 'AlertTitleEn' => [ + 'title' => '告警标题英文。', + 'description' => 'The title of the alert in English.'."\n", + 'type' => 'string', + 'example' => 'Scan-Try SNMP weak password', + ], + 'AlertType' => [ + 'title' => '告警类型。', + 'description' => 'The alert type.'."\n", + 'type' => 'string', + 'example' => 'Scan', + ], + 'AlertTypeEn' => [ + 'title' => '告警类型英文。', + 'description' => 'The type of the alert in English.'."\n", + 'type' => 'string', + 'example' => 'Scan', + ], + 'AlertTypeCode' => [ + 'title' => '告警类型美杜莎code。', + 'description' => 'The internal code of the alert type.'."\n", + 'type' => 'string', + 'example' => 'security_event_config.event_name.webshellName', + ], + 'AlertName' => [ + 'title' => '告警名称。', + 'description' => 'The name of the alert.'."\n", + 'type' => 'string', + 'example' => 'Try SNMP weak password', + ], + 'AlertNameEn' => [ + 'title' => '告警名称。', + 'description' => 'The name of the alert in English.'."\n", + 'type' => 'string', + 'example' => 'Try SNMP weak password', + ], + 'AlertNameCode' => [ + 'title' => '告警名称美杜莎code。', + 'description' => 'The internal code of the alert name.'."\n", + 'type' => 'string', + 'example' => 'security_event_config.event_name.webshell', + ], + 'AlertLevel' => [ + 'title' => '威胁等级。 取值:'."\n" + .'- serious:高危'."\n" + .'- suspicious:中危'."\n" + .'- remind:低危', + 'description' => 'The threat level. Valid values:'."\n" + ."\n" + .'* serious: high'."\n" + .'* suspicious: medium'."\n" + .'* remind: low'."\n", + 'type' => 'string', + 'example' => 'remind', + ], + 'AssetList' => [ + 'title' => '资产列表。', + 'description' => 'The details of the asset.'."\n", + 'type' => 'string', + 'example' => '['."\n" + .' {'."\n" + .' "is_main_asset": "1",'."\n" + .' "asset_name": "47.245.*",'."\n" + .' "port": "22",'."\n" + .' "ip": "47.245.*",'."\n" + .' "asset_type": "ip",'."\n" + .' "location": "ap-southeast-1",'."\n" + .' "asset_id": "47.245.*",'."\n" + .' "net_connect_dir": "in"'."\n" + .' }'."\n" + .']', + ], + 'OccurTime' => [ + 'title' => '告警发生时间。', + 'description' => 'The time when the alert is triggered.'."\n", + 'type' => 'string', + 'example' => '2021-01-06 16:37:29', + ], + 'StartTime' => [ + 'title' => '告警首次发生时间。', + 'description' => 'The time at which the alert was first generated.'."\n", + 'type' => 'string', + 'example' => '2021-01-06 16:37:29', + ], + 'EndTime' => [ + 'title' => '告警结束时间。', + 'description' => 'The time when the alert was closed.'."\n", + 'type' => 'string', + 'example' => '2021-01-06 16:37:29', + ], + 'AlertSrcProdModule' => [ + 'title' => '事件关联告警来源产品子模块。', + 'description' => 'The sub-module of ther alert source.'."\n", + 'type' => 'string', + 'example' => 'waf', + ], + 'AlertDesc' => [ + 'title' => '告警描述。', + 'description' => 'The description of the alert.'."\n", + 'type' => 'string', + 'example' => 'The detection model found a suspicious Webshell file on your server, which may be a backdoor file implanted to maintain permissions after the attacker successfully invaded the website.', + ], + 'AlertDescEn' => [ + 'title' => '告警英文描述。', + 'description' => 'The description of the alert in English.'."\n", + 'type' => 'string', + 'example' => 'The detection model found a suspicious Webshell file on your server, which may be a backdoor file implanted to maintain permissions after the attacker successfully invaded the website.', + ], + 'AlertDescCode' => [ + 'title' => '告警描述美杜莎code。', + 'description' => 'The internal code of the alert description.'."\n", + 'type' => 'string', + 'example' => 'security_event_config.event_name.webshell', + ], + 'AlertDetail' => [ + 'title' => '告警详情。', + 'description' => 'The details of the alert.'."\n", + 'type' => 'string', + 'example' => '{"main_user_id": "165295629792****";"log_uuid_count": "99";"attack_ip": "21.92.*.*"}', + ], + 'LogUuid' => [ + 'title' => '告警log UUID。', + 'description' => 'The UUID of the alert log.'."\n", + 'type' => 'string', + 'example' => 'cfw_d12e285a-a042-4d7e-be89-f8a795ef****', + ], + 'EntityList' => [ + 'title' => '实体详情(标准化/开启索引)', + 'type' => 'string', + ], + 'AttCk' => [ + 'title' => 'ATTCT&攻击技术标签。', + 'description' => 'The tag of the ATT\\&CK attack.'."\n", + 'type' => 'string', + 'example' => 'T1595.002 Vulnerability Scanning', + ], + 'SubUserId' => [ + 'title' => '产生告警阿里账号ID。', + 'description' => 'The ID of the Alibaba Cloud account within which the alert is generated.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '176555323***', + ], + 'SubUserName' => [ + 'title' => '产生告警阿里账号ID。', + 'type' => 'string', + 'example' => '176555323***', + ], + 'VendorId' => [ + 'title' => '云code。 取值:'."\n" + .'- aliyun:阿里云'."\n" + .'- qcloud:腾讯云'."\n" + .'- hcloud:华为云', + 'type' => 'string', + 'example' => 'aliyun', + ], + 'IsDefend' => [ + 'title' => '是否已防御', + 'description' => 'Indicates whether an attack is defended. Valid values:'."\n" + ."\n" + .'* 0: detected.'."\n" + .'* 1: blocked.'."\n", + 'type' => 'string', + 'example' => '1', + ], + 'AlertInfoList' => [ + 'title' => '告警详细数据。', + 'description' => 'The displayed details of the alert.'."\n", + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'Key' => [ + 'title' => '告警详细属性key。', + 'description' => 'The attribute key.'."\n", + 'type' => 'string', + 'example' => 'suspicious.wbd.wb.trojanpath', + ], + 'KeyName' => [ + 'title' => '告警详细数据名称。', + 'description' => 'The name of the key.'."\n", + 'type' => 'string', + 'example' => 'Trojan Path', + ], + 'Values' => [ + 'title' => '告警详细数据值。', + 'description' => 'The value of the key.'."\n", + 'type' => 'string', + 'example' => '/root/test33.php', + ], + ], + ], + 'example' => 'aliyun', + ], + 'ExtendContent' => [ + 'type' => 'string', + ], + 'ProductId' => [ + 'type' => 'string', + ], + 'CloudCode' => [ + 'title' => '', + 'description' => 'The cloud code. Valid values:'."\n" + ."\n" + .'* aliyun: Alibaba Cloud'."\n" + .'* qcloud: Tencent Cloud'."\n" + .'* hcloud: Huawei Cloud'."\n", + 'type' => 'string', + 'example' => 'aliyun', + ], + 'DetectionRuleId' => [ + 'type' => 'string', + ], + 'AlertStatus' => [ + 'title' => '告警状态', + 'type' => 'string', + 'example' => '1', + ], + ], + ], + ], + ], + 'example' => '123456', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorMessage' => 'The request processing has failed due to some unknown error.', + 'errorCode' => 'InternalError', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\",\\n \\"Data\\": {\\n \\"PageInfo\\": {\\n \\"CurrentPage\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 100\\n },\\n \\"ResponseData\\": [\\n {\\n \\"Id\\": 123456789,\\n \\"GmtCreate\\": \\"2021-01-06 16:37:29\\",\\n \\"GmtModified\\": \\"2021-01-06 16:37:29\\",\\n \\"MainUserId\\": 0,\\n \\"IncidentUuid\\": \\"85ea4241-798f-4684-a876-65d4f0c3****\\",\\n \\"AlertUuid\\": \\"sas_71e24437d2797ce8fc59692905a4****\\",\\n \\"LogTime\\": \\"2021-01-06 16:37:29\\",\\n \\"AlertSrcProd\\": \\"sas\\",\\n \\"AlertTitle\\": \\"Scan-Try SNMP weak password\\",\\n \\"AlertTitleEn\\": \\"Scan-Try SNMP weak password\\",\\n \\"AlertType\\": \\"Scan\\",\\n \\"AlertTypeEn\\": \\"Scan\\",\\n \\"AlertTypeCode\\": \\"security_event_config.event_name.webshellName\\",\\n \\"AlertName\\": \\"Try SNMP weak password\\",\\n \\"AlertNameEn\\": \\"Try SNMP weak password\\",\\n \\"AlertNameCode\\": \\"security_event_config.event_name.webshell\\",\\n \\"AlertLevel\\": \\"remind\\",\\n \\"AssetList\\": \\"[\\\\n {\\\\n \\\\\\"is_main_asset\\\\\\": \\\\\\"1\\\\\\",\\\\n \\\\\\"asset_name\\\\\\": \\\\\\"47.245.*\\\\\\",\\\\n \\\\\\"port\\\\\\": \\\\\\"22\\\\\\",\\\\n \\\\\\"ip\\\\\\": \\\\\\"47.245.*\\\\\\",\\\\n \\\\\\"asset_type\\\\\\": \\\\\\"ip\\\\\\",\\\\n \\\\\\"location\\\\\\": \\\\\\"ap-southeast-1\\\\\\",\\\\n \\\\\\"asset_id\\\\\\": \\\\\\"47.245.*\\\\\\",\\\\n \\\\\\"net_connect_dir\\\\\\": \\\\\\"in\\\\\\"\\\\n }\\\\n]\\",\\n \\"OccurTime\\": \\"2021-01-06 16:37:29\\",\\n \\"StartTime\\": \\"2021-01-06 16:37:29\\",\\n \\"EndTime\\": \\"2021-01-06 16:37:29\\",\\n \\"AlertSrcProdModule\\": \\"waf\\",\\n \\"AlertDesc\\": \\"The detection model found a suspicious Webshell file on your server, which may be a backdoor file implanted to maintain permissions after the attacker successfully invaded the website.\\",\\n \\"AlertDescEn\\": \\"The detection model found a suspicious Webshell file on your server, which may be a backdoor file implanted to maintain permissions after the attacker successfully invaded the website.\\",\\n \\"AlertDescCode\\": \\"security_event_config.event_name.webshell\\",\\n \\"AlertDetail\\": \\"{\\\\\\"main_user_id\\\\\\": \\\\\\"165295629792****\\\\\\";\\\\\\"log_uuid_count\\\\\\": \\\\\\"99\\\\\\";\\\\\\"attack_ip\\\\\\": \\\\\\"21.92.*.*\\\\\\"}\\",\\n \\"LogUuid\\": \\"cfw_d12e285a-a042-4d7e-be89-f8a795ef****\\",\\n \\"EntityList\\": \\"[{"entity_user_id":"198921674491****","entity_account_id":"N/A","entity_uuid":"6245f979d5dd9ef8dd19bdc72228****","entity_type":"host","entity_name":"zhh-test-20240409","is_comprised":"1","os_type":"linux","entity_id":"a88f44dd-b8d4-4ded-831c-77a4835****","host_uuid":"a88f44dd-b8d4-4ded-831c-77a4835****","host_name":"zhh-test-2024****"}]\\",\\n \\"AttCk\\": \\"T1595.002 Vulnerability Scanning\\",\\n \\"SubUserId\\": 0,\\n \\"SubUserName\\": \\"176555323***\\",\\n \\"VendorId\\": \\"aliyun\\",\\n \\"IsDefend\\": \\"1\\",\\n \\"AlertInfoList\\": [\\n {\\n \\"Key\\": \\"suspicious.wbd.wb.trojanpath\\",\\n \\"KeyName\\": \\"Trojan Path\\",\\n \\"Values\\": \\"/root/test33.php\\"\\n }\\n ],\\n \\"ExtendContent\\": \\"{\\\\\\"user\\\\\\":\\\\\\"Member\\\\\\",\\\\\\"num\\\\\\":\\\\\\"1\\\\\\"}\\",\\n \\"ProductId\\": \\"alibaba_cloud_sas\\",\\n \\"CloudCode\\": \\"aliyun\\",\\n \\"DetectionRuleId\\": \\"dr-48zs4tk7qfd4rjd9****\\",\\n \\"AlertStatus\\": \\"1\\"\\n }\\n ]\\n }\\n}","type":"json"}]', + 'title' => 'DescribeAlerts', + ], + 'DescribeAlertSource' => [ + 'summary' => 'Queries alert data sources.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'https', + 'http', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'riskType' => 'none', + 'chargeType' => 'free', + ], + 'parameters' => [ + [ + 'name' => 'Level', + 'in' => 'formData', + 'style' => 'repeatList', + 'schema' => [ + 'title' => '威胁等级,格式为json数组。取值:'."\n" + .'- serious:高危'."\n" + .'- suspicious:中危'."\n" + .'- remind:低危', + 'description' => 'The risk levels. The value is a JSON array. Valid values:'."\n" + ."\n" + .'* serious: high'."\n" + .'* suspicious: medium'."\n" + .'* remind: low'."\n", + 'type' => 'array', + 'items' => [ + 'description' => 'The risk level. The value is a JSON string. Valid values:'."\n" + ."\n" + .'* serious: high'."\n" + .'* suspicious: medium'."\n" + .'* remind: low'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '["remind","serious"]', + ], + 'required' => false, + 'example' => '["serious","suspicious","remind"]', + 'maxItems' => 100, + ], + ], + [ + 'name' => 'StartTime', + 'in' => 'formData', + 'schema' => [ + 'title' => '查询开始时间, 单位毫秒。', + 'description' => 'The beginning of the time range to query. Unit: milliseconds.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '1577808000000', + ], + ], + [ + 'name' => 'EndTime', + 'in' => 'formData', + 'schema' => [ + 'title' => '查询结束时间, 单位毫秒。', + 'description' => 'The end of the time range to query. Unit: milliseconds.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '1577808000000', + ], + ], + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The type of the view. Valid values:'."\n" + .'- 0: the current Alibaba Cloud account'."\n" + .'- 1: the global account', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The ID of the account that you switch from the management account.', + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '113091674488****', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'BaseResponse<List<AlertSource>>', + 'description' => 'BaseResponse\\<List>'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'SourceName' => [ + 'title' => '告警数据源名称。', + 'description' => 'The name of the alert data source.'."\n", + 'type' => 'string', + 'example' => 'sas', + ], + 'Source' => [ + 'title' => '告警数据源名称美杜莎code。', + 'description' => 'The internal code of the alert data source.'."\n", + 'type' => 'string', + 'example' => 'aliyun.siem.alert_datasource.sas', + ], + ], + ], + 'example' => '123456', + ], + 'Success' => [ + 'title' => '请求是否成功。取值:'."\n" + .'- true:成功'."\n" + .'- false:失败', + 'description' => 'Indicates whether the request was successful. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'Code' => [ + 'title' => '请求状态码。', + 'description' => 'The HTTP status code.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '200', + ], + 'Message' => [ + 'title' => '请求返回消息。', + 'description' => 'The returned message.'."\n", + 'type' => 'string', + 'example' => 'success', + ], + 'RequestId' => [ + 'title' => '请求id。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorMessage' => 'The request processing has failed due to some unknown error.', + 'errorCode' => 'InternalError', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"SourceName\\": \\"sas\\",\\n \\"Source\\": \\"aliyun.siem.alert_datasource.sas\\"\\n }\\n ],\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', + 'title' => 'DescribeAlertSource', + ], + 'DescribeAlertsCount' => [ + 'summary' => 'Queries the number of alerts of different severities.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'https', + 'http', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'riskType' => 'none', + 'chargeType' => 'free', + 'abilityTreeNodes' => [ + 'FEATUREsas5NAHBX', + ], + ], + 'parameters' => [ + [ + 'name' => 'QueryType', + 'in' => 'formData', + 'schema' => [ + 'title' => '查询类型。', + 'type' => 'string', + 'example' => 'bySrcProd', + ], + ], + [ + 'name' => 'StartTime', + 'in' => 'formData', + 'schema' => [ + 'title' => '查询开始时间, 单位毫秒。', + 'description' => 'The beginning of the time range to query. Unit: milliseconds.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '1577808000000', + ], + ], + [ + 'name' => 'EndTime', + 'in' => 'formData', + 'schema' => [ + 'title' => '查询结束时间, 单位毫秒。', + 'description' => 'The end of the time range to query. Unit: milliseconds.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '1577808000000', + ], + ], + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The type of the view. Valid values:'."\n" + .'- 0: the current Alibaba Cloud account'."\n" + .'- 1: the global account', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + 'title' => '0,单账号登录;1,全局视图;2,切换视图;3,局部视图', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The ID of the account that you switch from the management account.', + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '113091674488****', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'PlainResponse<CloudSiemAlertCounter>', + 'description' => 'PlainResponse'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'object', + 'properties' => [ + 'High' => [ + 'title' => '高威胁告警数。', + 'description' => 'The number of high-risk alerts.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '25', + ], + 'Medium' => [ + 'title' => '中威胁告警数。', + 'description' => 'The number of medium-risk alerts.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '25', + ], + 'Low' => [ + 'title' => '低威胁告警数。', + 'description' => 'The number of low-risk alerts.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '25', + ], + 'All' => [ + 'title' => '告警总数。', + 'description' => 'The total number of alerts.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '75', + ], + 'ProductNum' => [ + 'title' => '接入产品数。', + 'description' => 'The number of connected services.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '3', + ], + 'CountMap' => [ + 'type' => 'object', + 'additionalProperties' => [ + 'type' => 'integer', + 'format' => 'int64', + ], + ], + ], + 'example' => '123456', + ], + 'Success' => [ + 'title' => '请求是否成功。取值:'."\n" + .'- true:成功'."\n" + .'- false:失败', + 'description' => 'Indicates whether the request was successful. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'Code' => [ + 'title' => '请求状态码。', + 'description' => 'The HTTP status code.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '200', + ], + 'Message' => [ + 'title' => '请求返回消息。', + 'description' => 'The returned message.'."\n", + 'type' => 'string', + 'example' => 'success', + ], + 'RequestId' => [ + 'title' => '请求id。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorMessage' => 'The request processing has failed due to some unknown error.', + 'errorCode' => 'InternalError', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"High\\": 25,\\n \\"Medium\\": 25,\\n \\"Low\\": 25,\\n \\"All\\": 75,\\n \\"ProductNum\\": 3,\\n \\"CountMap\\": {\\n \\"key\\": 12\\n }\\n },\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', + 'title' => 'DescribeAlertsCount', + ], + 'ListEntities' => [ + 'summary' => 'Queries entities.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'riskType' => 'none', + 'chargeType' => 'free', + 'abilityTreeNodes' => [ + 'FEATUREsasAFG0OH', + ], + ], + 'parameters' => [ + [ + 'name' => 'IncidentUuid', + 'in' => 'formData', + 'schema' => [ + 'title' => '事件ID。', + 'description' => '', + 'type' => 'string', + 'required' => true, + 'example' => '85ea4241-798f-4684-a876-65d4f0c3****', + ], + ], + [ + 'name' => 'EntityType', + 'in' => 'formData', + 'schema' => [ + 'title' => '实体类型。', + 'description' => '', + 'type' => 'string', + 'required' => false, + 'example' => 'ip', + ], + ], + [ + 'name' => 'EntityName', + 'in' => 'formData', + 'schema' => [ + 'title' => '实体名称。', + 'description' => '', + 'type' => 'string', + 'required' => false, + 'example' => 'host1****', + ], + ], + [ + 'name' => 'EntityUuid', + 'in' => 'formData', + 'schema' => [ + 'title' => '实体ID。', + 'description' => '', + 'type' => 'string', + 'required' => false, + 'example' => '6c740667-80b2-476d-8924-2e706feb****', + ], + ], + [ + 'name' => 'EntityUuids', + 'in' => 'formData', + 'schema' => [ + 'type' => 'string', + ], + ], + [ + 'name' => 'MalwareType', + 'in' => 'formData', + 'schema' => [ + 'title' => '恶意实体类型。 取值:'."\n" + .'- 0:否'."\n" + .'- 1:是。', + 'description' => '', + 'type' => 'string', + 'required' => false, + 'example' => 'aliyun.siem.sas.alert_tag.miner_software', + ], + ], + [ + 'name' => 'IsMalwareEntity', + 'in' => 'formData', + 'schema' => [ + 'title' => '是否恶意实体。 取值:'."\n" + .'- 0:否'."\n" + .'- 1:是。', + 'description' => '', + 'type' => 'string', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'Tags', + 'in' => 'formData', + 'schema' => [ + 'title' => '实体标签。格式为JSON数组字符串:\\"[{\\"tagKey1\\":\\"tagValue1\\"},{\\"tagKey2\\":\\"tagValue2\\"}]\\"', + 'type' => 'string', + ], + ], + [ + 'name' => 'CurrentPage', + 'in' => 'formData', + 'schema' => [ + 'title' => '列表当前页号, 大于等于1。', + 'description' => '', + 'type' => 'integer', + 'format' => 'int32', + 'required' => true, + 'minimum' => '1', + 'example' => '1', + ], + ], + [ + 'name' => 'PageSize', + 'in' => 'formData', + 'schema' => [ + 'title' => '列表每页条数, 最大不超过100。', + 'description' => '', + 'type' => 'integer', + 'format' => 'int32', + 'required' => true, + 'maximum' => '100', + 'minimum' => '1', + 'example' => '10', + ], + ], + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'title' => '0,单账号登录;1,全局视图;2,切换视图;3,局部视图', + 'description' => '', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'description' => '', + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '113091674488****', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => '', + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'PageResponse<List<EntityInfo>>', + 'description' => 'PageResponse<List<EntityInfo>>', + 'type' => 'object', + 'properties' => [ + 'Success' => [ + 'title' => '请求是否成功。取值:'."\n" + .'- true:成功'."\n" + .'- false:失败', + 'description' => '', + 'type' => 'boolean', + 'example' => 'true', + ], + 'Code' => [ + 'title' => '请求状态码。', + 'description' => '', + 'type' => 'integer', + 'format' => 'int32', + 'example' => '200', + ], + 'Message' => [ + 'title' => '请求返回消息。', + 'description' => '', + 'type' => 'string', + 'example' => 'success', + ], + 'RequestId' => [ + 'title' => '请求id。', + 'description' => '', + 'type' => 'string', + 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', + ], + 'Data' => [ + 'title' => '请求返回值。', + 'description' => '', + 'type' => 'object', + 'properties' => [ + 'PageInfo' => [ + 'title' => '分页记录。', + 'description' => '', + 'type' => 'object', + 'properties' => [ + 'CurrentPage' => [ + 'title' => '列表当前页号。', + 'description' => '', + 'type' => 'integer', + 'format' => 'int32', + 'example' => '1', + ], + 'PageSize' => [ + 'title' => '每页返回记录数。', + 'description' => '', + 'type' => 'integer', + 'format' => 'int32', + 'example' => '10', + ], + 'TotalCount' => [ + 'title' => '记录总数。', + 'description' => '', + 'type' => 'integer', + 'format' => 'int64', + 'example' => '100', + ], + ], + ], + 'ResponseData' => [ + 'title' => '详细数据。', + 'description' => '', + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'Id' => [ + 'title' => '实体ID。', + 'description' => '', + 'type' => 'integer', + 'format' => 'int64', + 'example' => '123456789***', + ], + 'GmtCreate' => [ + 'title' => '实体采集时间。', + 'description' => '', + 'type' => 'string', + 'example' => '2021-01-06 16:37:29', + ], + 'GmtModified' => [ + 'title' => '实体最后更新时间。', + 'description' => '', + 'type' => 'string', + 'example' => '2021-01-06 16:37:29', + ], + 'Aliuid' => [ + 'title' => 'siem主用户ID。', + 'description' => '', + 'type' => 'integer', + 'format' => 'int64', + 'example' => '123456789****', + ], + 'IncidentUuid' => [ + 'title' => '事件ID。', + 'description' => '', + 'type' => 'string', + 'example' => '85ea4241-798f-4684-a876-65d4f0c3****', + ], + 'AlertUuid' => [ + 'title' => '告警ID。', + 'description' => '', + 'type' => 'string', + 'example' => 'sas_71e24437d2797ce8fc59692905a4****', + ], + 'AlertNum' => [ + 'title' => '实体关联告警数量。', + 'description' => '', + 'type' => 'integer', + 'format' => 'int32', + 'example' => '1', + ], + 'EventNum' => [ + 'title' => '实体关联事件数量。', + 'description' => '', + 'type' => 'integer', + 'format' => 'int32', + 'example' => '1', + ], + 'CloudCode' => [ + 'title' => '实体来源云code。 取值:'."\n" + .'- aliyun:阿里云'."\n" + .'- qcloud:腾讯云'."\n" + .'- hcloud:华为云', + 'description' => '', + 'type' => 'string', + 'example' => 'aliyun', + ], + 'EntityType' => [ + 'title' => '实体类型。取值:'."\n" + .'- ip:ip'."\n" + .'- domain:域名'."\n" + .'- url:url'."\n" + .'- process:进程'."\n" + .'- file:文件'."\n" + .'- host:主机', + 'description' => '', + 'type' => 'string', + 'example' => 'ip', + ], + 'EntityName' => [ + 'title' => '实体名称。', + 'description' => '', + 'type' => 'string', + 'example' => '123.123.123.123', + ], + 'EntityInfo' => [ + 'title' => '实体展示信息 json格式。', + 'description' => '', + 'type' => 'string', + 'example' => '{"file_path": "c:/www/leixi.jsp","file_hash": "aa0ca926ad948cd820e0a3d9a18c****","host_uuid": "efed2cf7-0b77-45d9-a97b-d2cf246b****","malware_type": "${aliyun.siem.sas.alert_tag.webshell}","host_name": "launch-advisor-2023****"}', + ], + 'SubUserId' => [ + 'title' => '实体关联账号id', + 'description' => '', + 'type' => 'integer', + 'format' => 'int64', + 'example' => '113091674488****', + ], + 'EntityId' => [ + 'title' => '实体逻辑id', + 'description' => '', + 'type' => 'string', + 'example' => '12345****', + ], + 'EntityUuid' => [ + 'title' => '实体uuid', + 'description' => '', + 'type' => 'string', + 'example' => '8087b3e4aa6862852c100c8738cf****', + ], + 'MalwareType' => [ + 'title' => '实体恶意类型', + 'description' => '', + 'type' => 'string', + 'example' => 'aliyun.siem.sas.alert_tag.webshell', + ], + 'IsAsset' => [ + 'type' => 'string', + ], + 'IsMalware' => [ + 'type' => 'string', + ], + 'Tags' => [ + 'type' => 'string', + ], + 'AgentDisposalMethod' => [ + 'type' => 'string', + ], + 'AgentDisposalPlaybookUuid' => [ + 'type' => 'string', + ], + 'AgentDisposalSuggestion' => [ + 'type' => 'string', + ], + 'AgentConfidence' => [ + 'type' => 'string', + ], + ], + ], + ], + ], + 'example' => '123456', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorMessage' => 'The request processing has failed due to some unknown error.', + 'errorCode' => 'InternalError', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\",\\n \\"Data\\": {\\n \\"PageInfo\\": {\\n \\"CurrentPage\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 100\\n },\\n \\"ResponseData\\": [\\n {\\n \\"Id\\": 0,\\n \\"GmtCreate\\": \\"2021-01-06 16:37:29\\",\\n \\"GmtModified\\": \\"2021-01-06 16:37:29\\",\\n \\"Aliuid\\": 0,\\n \\"IncidentUuid\\": \\"85ea4241-798f-4684-a876-65d4f0c3****\\",\\n \\"AlertUuid\\": \\"sas_71e24437d2797ce8fc59692905a4****\\",\\n \\"AlertNum\\": 1,\\n \\"EventNum\\": 1,\\n \\"CloudCode\\": \\"aliyun\\",\\n \\"EntityType\\": \\"ip\\",\\n \\"EntityName\\": \\"123.123.123.123\\",\\n \\"EntityInfo\\": \\"{\\\\\\"file_path\\\\\\": \\\\\\"c:/www/leixi.jsp\\\\\\",\\\\\\"file_hash\\\\\\": \\\\\\"aa0ca926ad948cd820e0a3d9a18c****\\\\\\",\\\\\\"host_uuid\\\\\\": \\\\\\"efed2cf7-0b77-45d9-a97b-d2cf246b****\\\\\\",\\\\\\"malware_type\\\\\\": \\\\\\"${aliyun.siem.sas.alert_tag.webshell}\\\\\\",\\\\\\"host_name\\\\\\": \\\\\\"launch-advisor-2023****\\\\\\"}\\",\\n \\"SubUserId\\": 0,\\n \\"EntityId\\": \\"12345****\\",\\n \\"EntityUuid\\": \\"8087b3e4aa6862852c100c8738cf****\\",\\n \\"MalwareType\\": \\"aliyun.siem.sas.alert_tag.webshell\\",\\n \\"IsAsset\\": \\"1\\",\\n \\"IsMalware\\": \\"0\\",\\n \\"Tags\\": \\"[{\\\\\\"tagKey1\\\\\\":\\\\\\"tagValue1\\\\\\"},{\\\\\\"tagKey2\\\\\\":\\\\\\"tagValue2\\\\\\"}]\\",\\n \\"AgentDisposalMethod\\": \\"delete_file\\",\\n \\"AgentDisposalPlaybookUuid\\": \\"12XAD-SFQ-WAF-2ca2\\",\\n \\"AgentDisposalSuggestion\\": \\"{}\\",\\n \\"AgentConfidence\\": \\"85\\"\\n }\\n ]\\n }\\n}","type":"json"}]', + 'title' => 'ListEntities', + ], + 'DescribeEntityInfo' => [ + 'summary' => 'Queries the details of an entity.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'https', + 'http', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'riskType' => 'none', + 'chargeType' => 'free', + ], + 'parameters' => [ + [ + 'name' => 'EntityId', + 'in' => 'formData', + 'schema' => [ + 'title' => '实体逻辑ID。', + 'description' => 'The logical ID of the entity.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '12345', + ], + ], + [ + 'name' => 'EntityIdentity', + 'in' => 'formData', + 'schema' => [ + 'title' => '实体特征值,可以对处置实体进行模糊搜索。', + 'description' => 'The feature value of the entity. Fuzzy match is supported.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'test22.php', + ], + ], + [ + 'name' => 'IncidentUuid', + 'in' => 'formData', + 'schema' => [ + 'title' => '事件全局唯一ID。', + 'description' => 'The UUID of the event.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '85ea4241-798f-4684-a876-65d4f0c3****', + ], + ], + [ + 'name' => 'SophonTaskId', + 'in' => 'formData', + 'schema' => [ + 'title' => 'soar处置策略ID。', + 'description' => 'The ID of the SOAR handling policy.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '577bbf90-a770-44a7-8154-586aa2d318fa', + ], + ], + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The type of the view. Valid values:'."\n" + .'- 0: the current Alibaba Cloud account'."\n" + .'- 1: the global account', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The ID of the account that you switch from the management account.', + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '113091674488****', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'BaseResponse<EventEntityInfo>', + 'description' => 'BaseResponse'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'object', + 'properties' => [ + 'EntityId' => [ + 'title' => '实体逻辑id。', + 'description' => 'The logical ID of the entity.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '12345', + ], + 'EntityType' => [ + 'title' => '实体类型,ip:ip, 域名:domain, url:url, 进程:process, 文件:file, 主机:host。', + 'description' => 'The type of the entity. Valid values:'."\n" + ."\n" + .'* ip'."\n" + .'* domain'."\n" + .'* url'."\n" + .'* process'."\n" + .'* file'."\n" + .'* host'."\n", + 'type' => 'string', + 'example' => 'ip', + ], + 'EntityInfo' => [ + 'title' => '实体信息。', + 'description' => 'The information about the entry.'."\n", + 'type' => 'object', + 'example' => '{ location: "xian", net_connect_dir: "in", malware_type: "${aliyun.siem.sas.alert_tag.login_unusual_account}" }', + ], + 'TipInfo' => [ + 'title' => '威胁情报信息。', + 'description' => 'The information about the risk Intelligence.'."\n", + 'type' => 'object', + 'example' => '{'."\n" + .' "Ip": {'."\n" + .' "queryHot": "0",'."\n" + .' "country": "China",'."\n" + .' "province": "shanxi",'."\n" + .' "ip": "221.11.XX.XXX",'."\n" + .' "asn": "4837",'."\n" + .' "asn_label": "CHINAXXX-Backbone - CHINA UNICOM ChinaXXX Backbone, CN"'."\n" + .' }'."\n" + .'}', + ], + ], + 'example' => '123456', + ], + 'Success' => [ + 'title' => '请求是否成功。取值:'."\n" + .'- true:成功'."\n" + .'- false:失败', + 'description' => 'Indicates whether the request was successful. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'Code' => [ + 'title' => '请求状态码。', + 'description' => 'The HTTP status code.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '200', + ], + 'Message' => [ + 'title' => '请求返回消息。', + 'description' => 'The returned message.'."\n", + 'type' => 'string', + 'example' => 'success', + ], + 'RequestId' => [ + 'title' => '请求id。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorMessage' => 'The request processing has failed due to some unknown error.', + 'errorCode' => 'InternalError', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"EntityId\\": 12345,\\n \\"EntityType\\": \\"ip\\",\\n \\"EntityInfo\\": {\\n \\"test\\": \\"test\\",\\n \\"test2\\": 1\\n },\\n \\"TipInfo\\": {\\n \\"Ip\\": {\\n \\"queryHot\\": \\"0\\",\\n \\"country\\": \\"China\\",\\n \\"province\\": \\"shanxi\\",\\n \\"ip\\": \\"221.11.XX.XXX\\",\\n \\"asn\\": \\"4837\\",\\n \\"asn_label\\": \\"CHINAXXX-Backbone - CHINA UNICOM ChinaXXX Backbone, CN\\"\\n }\\n }\\n },\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', + 'title' => 'DescribeEntityInfo', + ], + 'PostEventDisposeAndWhiteruleList' => [ + 'summary' => 'Submits event handling information.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'http', + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'write', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'create', + 'riskType' => 'none', + 'chargeType' => 'free', + 'abilityTreeNodes' => [ + 'FEATUREsasAFG0OH', + ], + ], + 'parameters' => [ + [ + 'name' => 'IncidentUuid', + 'in' => 'formData', + 'schema' => [ + 'title' => '事件id。', + 'description' => 'The UUID of the event.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '85ea4241-798f-4684-a876-65d4f0c3****', + ], + ], + [ + 'name' => 'Status', + 'in' => 'formData', + 'schema' => [ + 'title' => '事件状态。 取值:'."\n" + .'- 0:未处理 '."\n" + .'-1:处理中 '."\n" + .'-5:处理失败 '."\n" + .'-10:已处理', + 'description' => 'The status of the event. Valid values:'."\n" + ."\n" + .'* 0: unhandled'."\n" + .'* 1: handing'."\n" + .'* 5: handling failed'."\n" + .'* 10: handled'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '0', + ], + ], + [ + 'name' => 'Remark', + 'in' => 'formData', + 'schema' => [ + 'title' => '事件备注。', + 'description' => 'The remarks of the event.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'dealed', + ], + ], + [ + 'name' => 'EventDispose', + 'in' => 'formData', + 'schema' => [ + 'title' => '事件处置配置 json对象。', + 'description' => 'The configuration of event handling. The value is a JSON object.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '['."\n" + .' {'."\n" + .' "playbookName": "WafBlockIP",'."\n" + .' "entityId": "104466118",'."\n" + .' "scope": ['."\n" + .' "176618589410****"'."\n" + .' ],'."\n" + .' "startTime": 1604168946281,'."\n" + .' "endTime": 1614168946281'."\n" + .' },'."\n" + .' {'."\n" + .' "playbookName": "WafBlockIP",'."\n" + .' "entityId": "104466118",'."\n" + .' "scope": ['."\n" + .' {'."\n" + .' "instanceId": "waf-cn-n6w1oy1****",'."\n" + .' "domains": ['."\n" + .' "lmfip.wafqax.***"'."\n" + .' ]'."\n" + .' }'."\n" + .' ],'."\n" + .' "startTime": 1604168946281,'."\n" + .' "endTime": 1614168946281'."\n" + .' }'."\n" + .']', + ], + ], + [ + 'name' => 'ReceiverInfo', + 'in' => 'formData', + 'schema' => [ + 'title' => '告警接收人配置 json对象', + 'description' => 'The configuration of the alert recipient. The value is a JSON object.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '{'."\n" + .' "messageTitle": "test",'."\n" + .' "receiver": "xiaowang",'."\n" + .' "channel": "message"'."\n" + .'}', + ], + ], + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The type of the view. Valid values:'."\n" + .'- 0: the current Alibaba Cloud account'."\n" + .'- 1: the global account', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The ID of the account that you switch from the management account.', + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '113091674488****', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + [ + 'name' => 'ThreatLevel', + 'in' => 'formData', + 'schema' => [ + 'type' => 'string', + ], + ], + [ + 'name' => 'Owner', + 'in' => 'formData', + 'schema' => [ + 'title' => '事件责任人账号uid', + 'type' => 'string', + 'example' => '1234567890xxxxxx', + ], + ], + [ + 'name' => 'ResponseSource', + 'in' => 'formData', + 'schema' => [ + 'type' => 'string', + ], + ], + [ + 'name' => 'DisposeStrategyIds', + 'in' => 'formData', + 'schema' => [ + 'type' => 'string', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'BaseResponse<String>', + 'description' => 'BaseResponse'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'string', + 'example' => '123456', + ], + 'Success' => [ + 'title' => '请求是否成功。取值:'."\n" + .'- true:成功'."\n" + .'- false:失败', + 'description' => 'Indicates whether the request was successful. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'Code' => [ + 'title' => '请求状态码。', + 'description' => 'The HTTP status code.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '200', + ], + 'Message' => [ + 'title' => '请求返回消息。', + 'description' => 'The returned message.'."\n", + 'type' => 'string', + 'example' => 'success', + ], + 'RequestId' => [ + 'title' => '请求id。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorMessage' => 'The request processing has failed due to some unknown error.', + 'errorCode' => 'InternalError', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": \\"123456\\",\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', + 'title' => 'PostEventDisposeAndWhiteruleList', + ], + 'DescribeWafScope' => [ + 'summary' => 'Queries the protected domain names of the WAF instance for a user to which an entity belongs.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'https', + 'http', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'riskType' => 'none', + 'chargeType' => 'free', + ], + 'parameters' => [ + [ + 'name' => 'EntityId', + 'in' => 'formData', + 'schema' => [ + 'title' => '实体ID。', + 'description' => 'The ID of the entity.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '20617784', + ], + ], + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The type of the view. Valid values:'."\n" + .'- 0: the current Alibaba Cloud account'."\n" + .'- 1: the global account', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The ID of the account that you switch from the management account.', + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '113091674488****', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'BaseResponse<List<WafScope>>', + 'description' => 'BaseResponse\\<List>'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'InstanceId' => [ + 'title' => 'waf实例ID。', + 'description' => 'The ID of the WAF instance.'."\n", + 'type' => 'string', + 'example' => 'waf-cn-tl123ast****', + ], + 'Aliuid' => [ + 'title' => 'siem主账号ID。', + 'description' => 'The ID of the Alibaba Cloud account in SIEM.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '127608589417****', + ], + 'Domains' => [ + 'title' => 'waf实例下的防护的域名列表。', + 'description' => 'The domain names that are protected by the WAF instance.'."\n", + 'type' => 'array', + 'items' => [ + 'description' => 'The domain name that is protected by the WAF instance.'."\n", + 'type' => 'string', + 'example' => '[123***.com, 456***.com]', + ], + 'example' => '[123.com, 456.com]', + ], + ], + ], + 'example' => '123456', + ], + 'Success' => [ + 'title' => '请求是否成功。取值:'."\n" + .'- true:成功'."\n" + .'- false:失败', + 'description' => 'Indicates whether the request was successful. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'Code' => [ + 'title' => '请求状态码。', + 'description' => 'The HTTP status code.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '200', + ], + 'Message' => [ + 'title' => '请求返回消息。', + 'description' => 'The returned message.'."\n", + 'type' => 'string', + 'example' => 'success', + ], + 'RequestId' => [ + 'title' => '请求id。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorMessage' => 'The request processing has failed due to some unknown error.', + 'errorCode' => 'InternalError', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"InstanceId\\": \\"waf-cn-tl123ast****\\",\\n \\"Aliuid\\": 0,\\n \\"Domains\\": [\\n \\"[123***.com, 456***.com]\\"\\n ]\\n }\\n ],\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', + 'title' => 'DescribeWafScope', + ], + 'DescribeEventDispose' => [ + 'summary' => 'Queries the handling policies of a historical event.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'https', + 'http', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'riskType' => 'none', + 'chargeType' => 'free', + ], + 'parameters' => [ + [ + 'name' => 'IncidentUuid', + 'in' => 'formData', + 'schema' => [ + 'title' => '事件ID。', + 'description' => 'The UUID of the event.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '85ea4241-798f-4684-a876-65d4f0c3****', + ], + ], + [ + 'name' => 'CurrentPage', + 'in' => 'formData', + 'schema' => [ + 'title' => '列表当前页号, 大于等于1。', + 'description' => 'The page number. Pages start from page 1.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'minimum' => '1', + 'example' => '1', + ], + ], + [ + 'name' => 'PageSize', + 'in' => 'formData', + 'schema' => [ + 'title' => '列表每页条数, 最大不超过100。', + 'description' => 'The number of entries per page. Maximum value: 500.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'maximum' => '500', + 'minimum' => '1', + 'example' => '10', + ], + ], + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The type of the view. Valid values:'."\n" + .'- 0: the current Alibaba Cloud account'."\n" + .'- 1: the global account', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The ID of the account that you switch from the management account.', + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '113091674488****', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The data management center of the threat analysis feature. Specify this parameter based on the region in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions inside China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'BaseResponse<EventDisposeConfig>', + 'description' => 'BaseResponse'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'object', + 'properties' => [ + 'Status' => [ + 'title' => '事件状态。 0:未处理 1:处理中 5:处理失败 10:已处理。', + 'description' => 'The status of the event. Valid values:'."\n" + ."\n" + .'* 0: not handled'."\n" + .'* 1: handing'."\n" + .'* 5: handling failed'."\n" + .'* 10: handled'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '0', + ], + 'Remark' => [ + 'title' => '事件备注。', + 'description' => 'The description of the event.'."\n", + 'type' => 'string', + 'example' => 'dealed', + ], + 'EventDispose' => [ + 'title' => '事件处置配置 json对象。', + 'description' => 'An array consisting of JSON objects that are configured for event handling.'."\n", + 'type' => 'array', + 'items' => [ + 'description' => 'The JSON object that is configured for event handling.'."\n", + 'type' => 'any', + 'example' => '{ playbookName: "WafBlockIP", sophonTaskId: "400442a5-4f98-45ed-97db-5ab117eb0b8f", … }', + ], + 'example' => '{ playbookName: "使用安全组封禁入方向IP", sophonTaskId: "400442a5-4f98-45ed-97db-5ab117eb0b8f", … }', + ], + 'ReceiverInfo' => [ + 'title' => '告警接收人配置 json对象', + 'description' => 'The JSON object that is configured for an alert recipient.'."\n", + 'type' => 'object', + 'properties' => [ + 'Id' => [ + 'title' => '事件处置结果接收人记录ID。', + 'description' => 'The ID of the recipient who receives the event handling result.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '123', + ], + 'GmtCreate' => [ + 'title' => '创建时间。', + 'description' => 'The creation time.'."\n", + 'type' => 'string', + 'example' => '2021-01-06 16:37:29', + ], + 'GmtModified' => [ + 'title' => '修改时间。', + 'description' => 'The modification time.'."\n", + 'type' => 'string', + 'example' => '2021-01-06 16:37:29', + ], + 'IncidentUuid' => [ + 'title' => '事件ID。', + 'description' => 'The UUID of the event.'."\n", + 'type' => 'string', + 'example' => '85ea4241-798f-4684-a876-65d4f0c3****', + ], + 'MessageTitle' => [ + 'title' => '消息title。', + 'description' => 'The message title.'."\n", + 'type' => 'string', + 'example' => 'siem event dealed message', + ], + 'Receiver' => [ + 'title' => '接收人联系方式。', + 'description' => 'The contact information of the recipient.'."\n", + 'type' => 'string', + 'example' => '138xxxxxx', + ], + 'Channel' => [ + 'title' => '联系方式渠道。 取值:'."\n" + .'- message:短信 '."\n" + .'- mail:邮件', + 'description' => 'The channel of the contact information. Valid values:'."\n" + ."\n" + .'* message'."\n" + .'* mail'."\n", + 'type' => 'string', + 'example' => 'message', + ], + 'Status' => [ + 'title' => '发送状态 0:未发送 1:已发送', + 'description' => 'Indicates whether the message is sent. Valid values:'."\n" + ."\n" + .'* 0: not sent'."\n" + .'* 1: sent'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '1', + ], + ], + ], + ], + 'example' => '123456', + ], + 'Success' => [ + 'title' => '请求是否成功。取值:'."\n" + .'- true:成功'."\n" + .'- false:失败', + 'description' => 'Indicates whether the request was successful. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'Code' => [ + 'title' => '请求状态码。', + 'description' => 'The HTTP status code that is returned.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '200', + ], + 'Message' => [ + 'title' => '请求返回消息。', + 'description' => 'The returned message.'."\n", + 'type' => 'string', + 'example' => 'success', + ], + 'RequestId' => [ + 'title' => '请求id。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorMessage' => 'The request processing has failed due to some unknown error.', + 'errorCode' => 'InternalError', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"Status\\": 0,\\n \\"Remark\\": \\"dealed\\",\\n \\"EventDispose\\": [\\n \\"{ playbookName: \\\\\\"WafBlockIP\\\\\\", sophonTaskId: \\\\\\"400442a5-4f98-45ed-97db-5ab117eb0b8f\\\\\\", … }\\"\\n ],\\n \\"ReceiverInfo\\": {\\n \\"Id\\": 123,\\n \\"GmtCreate\\": \\"2021-01-06 16:37:29\\",\\n \\"GmtModified\\": \\"2021-01-06 16:37:29\\",\\n \\"IncidentUuid\\": \\"85ea4241-798f-4684-a876-65d4f0c3****\\",\\n \\"MessageTitle\\": \\"siem event dealed message\\",\\n \\"Receiver\\": \\"138xxxxxx\\",\\n \\"Channel\\": \\"message\\",\\n \\"Status\\": 1\\n }\\n },\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', + 'title' => 'DescribeEventDispose', + ], + 'DescribeEventCountByThreatLevel' => [ + 'summary' => 'Queries the number of events by type.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'http', + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'riskType' => 'none', + 'chargeType' => 'free', + 'abilityTreeNodes' => [ + 'FEATUREsasAFG0OH', + ], + ], + 'parameters' => [ + [ + 'name' => 'StartTime', + 'in' => 'formData', + 'schema' => [ + 'title' => '查询开始时间, 单位毫秒。', + 'description' => 'The beginning of the time range to query. Unit: milliseconds.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '1577808000000', + ], + ], + [ + 'name' => 'EndTime', + 'in' => 'formData', + 'schema' => [ + 'title' => '查询结束时间, 单位毫秒。', + 'description' => 'The end of the time range to query. Unit: milliseconds.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '1577808000000', + ], + ], + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The type of the view.'."\n" + ."\n" + .'* 0: view of the current Alibaba Cloud account.'."\n" + .'* 1: view of all accounts for the enterprise.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The ID of the member in the resource directory.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '113091674488****', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'PlainResponse<EventCounter>', + 'description' => 'PlainResponse'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'object', + 'properties' => [ + 'EventNum' => [ + 'title' => '事件总数。', + 'description' => 'The total number of events.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '100', + ], + 'UndealEventNum' => [ + 'title' => '未处理事件数。', + 'description' => 'The number of unhandled events.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '75', + ], + 'HighLevelEventNum' => [ + 'title' => '高风险事件数。', + 'description' => 'The number of high-risk events.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '20', + ], + 'MediumLevelEventNum' => [ + 'title' => '中风险事件数。', + 'description' => 'The number of medium-risk events.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '3', + ], + 'LowLevelEventNum' => [ + 'title' => '低分险事件数。', + 'description' => 'The number of low-risk events.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '52', + ], + 'SeriousLevelEventNum' => [ + 'type' => 'integer', + 'format' => 'int64', + ], + 'InfoLevelEventNum' => [ + 'type' => 'integer', + 'format' => 'int64', + ], + 'EventDailyNum' => [ + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'Date' => [ + 'type' => 'string', + ], + 'EventNum' => [ + 'type' => 'integer', + 'format' => 'int64', + ], + 'UndealEventNum' => [ + 'type' => 'integer', + 'format' => 'int64', + ], + ], + ], + ], + ], + 'example' => '123456', + ], + 'Success' => [ + 'title' => '请求是否成功。取值:'."\n" + .'- true:成功'."\n" + .'- false:失败', + 'description' => 'Indicates whether the request was successful. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'Code' => [ + 'title' => '请求状态码。', + 'description' => 'The HTTP status code.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '200', + ], + 'Message' => [ + 'title' => '请求返回消息。', + 'description' => 'The returned message.'."\n", + 'type' => 'string', + 'example' => 'success', + ], + 'RequestId' => [ + 'title' => '请求id。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorMessage' => 'The request processing has failed due to some unknown error.', + 'errorCode' => 'InternalError', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"EventNum\\": 100,\\n \\"UndealEventNum\\": 75,\\n \\"HighLevelEventNum\\": 20,\\n \\"MediumLevelEventNum\\": 3,\\n \\"LowLevelEventNum\\": 52,\\n \\"SeriousLevelEventNum\\": 0,\\n \\"InfoLevelEventNum\\": 0,\\n \\"EventDailyNum\\": [\\n {\\n \\"Date\\": \\"2025-10-06\\",\\n \\"EventNum\\": 100,\\n \\"UndealEventNum\\": 34\\n }\\n ]\\n },\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', + 'title' => 'DescribeEventCountByThreatLevel', + ], + 'DescribeDisposeAndPlaybook' => [ + 'summary' => 'Queries the list of entities and playbooks that need to be handled.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'http', + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'riskType' => 'none', + 'chargeType' => 'free', + 'abilityTreeNodes' => [ + 'FEATUREsas104PTS', + ], + ], + 'parameters' => [ + [ + 'name' => 'EntityType', + 'in' => 'formData', + 'schema' => [ + 'title' => '实体类型。取值:'."\n" + .'- ip:ip'."\n" + .'- process:进程'."\n" + .'- file:文件机', + 'description' => 'The entity type. Valid values:'."\n" + ."\n" + .'* ip'."\n" + .'* process'."\n" + .'* file'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'ip', + ], + ], + [ + 'name' => 'IncidentUuid', + 'in' => 'formData', + 'schema' => [ + 'title' => '事件id。', + 'description' => 'The UUID of the event.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '85ea4241-798f-4684-a876-65d4f0c3****', + ], + ], + [ + 'name' => 'EntityUuid', + 'in' => 'formData', + 'schema' => [ + 'title' => '实体uuid。', + 'type' => 'string', + 'example' => '85ea4241-798f-4684-a876-65d4f0c3****', + ], + ], + [ + 'name' => 'CurrentPage', + 'in' => 'formData', + 'schema' => [ + 'title' => '列表当前页号, 大于等于1。', + 'description' => 'The page number. Pages start from page 1.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'PageSize', + 'in' => 'formData', + 'schema' => [ + 'title' => '列表每页条数, 最大不超过100。', + 'description' => 'The number of entries to return on each page. Maximum value: 100.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '10', + ], + ], + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The type of the view. Valid values:'."\n" + .'- 0: the current Alibaba Cloud account'."\n" + .'- 1: the global account', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + 'title' => '0,单账号登录;1,全局视图;2,切换视图;3,局部视图', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The ID of the account that you switch from the management account.', + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '113091674488****', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The data management center of the threat analysis feature. Specify this parameter based on the region in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions inside China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'PageResponse<List<DisposeAndScopeView>>', + 'description' => 'PageResponse\\<List>'."\n", + 'type' => 'object', + 'properties' => [ + 'Success' => [ + 'title' => '请求是否成功。取值:'."\n" + .'- true:成功'."\n" + .'- false:失败', + 'description' => 'Indicates whether the request was successful. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'Code' => [ + 'title' => '请求状态码。', + 'description' => 'The HTTP status code that is returned.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '200', + ], + 'Message' => [ + 'title' => '请求返回消息。', + 'description' => 'The returned message.'."\n", + 'type' => 'string', + 'example' => 'success', + ], + 'RequestId' => [ + 'title' => '请求id。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', + ], + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'object', + 'properties' => [ + 'PageInfo' => [ + 'title' => '分页记录。', + 'description' => 'The pagination information.'."\n", + 'type' => 'object', + 'properties' => [ + 'CurrentPage' => [ + 'title' => '列表当前页号。', + 'description' => 'The current page number.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '1', + ], + 'PageSize' => [ + 'title' => '每页返回记录数。', + 'description' => 'The number of entries per page.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '10', + ], + 'TotalCount' => [ + 'title' => '记录总数。', + 'description' => 'The total number of entries returned.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '100', + ], + ], + ], + 'ResponseData' => [ + 'title' => '详细数据。', + 'description' => 'The detailed data.'."\n", + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'EntityId' => [ + 'title' => '实体id。', + 'description' => 'The entity ID'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '12345', + ], + 'EntityType' => [ + 'title' => '实体类型。取值:'."\n" + .'- ip:ip'."\n" + .'- domain:域名'."\n" + .'- url:url'."\n" + .'- process:进程'."\n" + .'- file:文件'."\n" + .'- host:主机', + 'type' => 'string', + 'example' => 'ip', + ], + 'OpcodeMap' => [ + 'title' => '实体id。', + 'description' => 'The key-value pairs each of which consists of opcode and oplevel.'."\n", + 'type' => 'object', + 'additionalProperties' => [ + 'type' => 'string', + 'example' => '{"7","2"}', + 'description' => 'The key-value pair that consists of opcode and oplevel.'."\n", + ], + 'example' => '12345', + ], + 'OpcodeSet' => [ + 'title' => '实体处置推荐剧本code。', + 'description' => 'The codes of the playbooks that are recommended for entity handling.'."\n", + 'type' => 'array', + 'items' => [ + 'description' => 'The code of the playbook that is recommended for entity handling.'."\n", + 'type' => 'string', + 'example' => '7', + ], + 'example' => '[1,3]', + ], + 'EntityInfo' => [ + 'title' => '实体信息。', + 'description' => 'The entity information.'."\n", + 'type' => 'object', + 'example' => '{"file_path": "c:/www/leixi.jsp","file_hash": "aa0ca926ad948cd820e0a3d9a18c09d0","host_uuid": "efed2cf7-0b77-45d9-a97b-d2cf246bcbb3","malware_type": "${aliyun.siem.sas.alert_tag.webshell}","host_name": "launch-advisor-20230531"}', + ], + 'Dispose' => [ + 'title' => '处置对象。', + 'description' => 'The object for handling.'."\n", + 'type' => 'string', + 'example' => '192.168.1.1', + ], + 'Scope' => [ + 'title' => '处置作用域,可进行处置用户id列表。', + 'description' => 'The IDs of the users who can handle objects.'."\n", + 'type' => 'array', + 'items' => [ + 'description' => 'The ID of the user who can handle objects.'."\n", + 'type' => 'any', + 'example' => '[1276085894174392]', + ], + 'example' => '176618589410****', + ], + 'PlaybookList' => [ + 'title' => '能够处置该实体的剧本列表。', + 'description' => 'The playbooks that can handle the entity.'."\n", + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'OpCode' => [ + 'title' => '剧本opcode,与处置实体的推荐剧本opcode相对应。', + 'description' => 'The opcode of the playbook, which corresponds to the opcode of the playbook recommended for entity handling.'."\n", + 'type' => 'string', + 'example' => '7', + ], + 'OpLevel' => [ + 'title' => '事件一键处置是否默认勾选,2:勾选 1:只展示不勾选。', + 'description' => 'Indicates whether quick event handling is selected by default. Valid values:'."\n" + ."\n" + .'* 2: Quick event handling is selected.'."\n" + .'* 1: Quick event handling is displayed but not selected.'."\n", + 'type' => 'string', + 'example' => '2', + ], + 'Description' => [ + 'title' => '剧本描述。', + 'description' => 'The playbook description.'."\n", + 'type' => 'string', + 'example' => 'WafBlockIP', + ], + 'DisplayName' => [ + 'title' => '剧本显示名称。', + 'description' => 'The display name of the playbook.'."\n", + 'type' => 'string', + 'example' => 'WafBlockIP', + ], + 'TaskConfig' => [ + 'title' => 'opcode配置。', + 'description' => 'The opcode configuration.'."\n", + 'type' => 'string', + 'example' => '{"opCode":"3"}', + ], + 'Name' => [ + 'title' => '剧本名称,剧本唯一标识。', + 'description' => 'The playbook name, which is the unique identifier of the playbook.'."\n", + 'type' => 'string', + 'example' => 'kill_process_isolate_file', + ], + 'Uuid' => [ + 'title' => '剧本uuid,剧本唯一标识。', + 'type' => 'string', + 'example' => 'kill_process_isolate_file', + ], + 'ParamConfig' => [ + 'title' => '剧本的参数列表以及对应参数属性', + 'description' => 'The playbook parameters and the corresponding properties.'."\n", + 'type' => 'array', + 'items' => [ + 'description' => 'The input parameters and format requirements of the current playbook.'."\n", + 'type' => 'any', + 'example' => '{'."\n" + .' "ParamConfig": ['."\n" + .' {'."\n" + .' "Field": "dispose",'."\n" + .' "Necessary": true,'."\n" + .' "CheckField": "[{"fieldPath":"$.ip","fieldName":"ip"}]"'."\n" + .' },'."\n" + .' {'."\n" + .' "Field": "alert",'."\n" + .' "Necessary": true,'."\n" + .' "CheckField": "[{"fieldPath":"$.host_uuid","fieldName":"host_uuid"}]"'."\n" + .' },'."\n" + .' {'."\n" + .' "Field": "scope",'."\n" + .' "Necessary": true,'."\n" + .' "Value": "$.main_user_id"'."\n" + .' },'."\n" + .' {'."\n" + .' "Field": "startTime",'."\n" + .' "Necessary": true'."\n" + .' },'."\n" + .' {'."\n" + .' "Field": "endTime",'."\n" + .' "Necessary": true'."\n" + .' }'."\n" + .' ]'."\n" + .'}', + ], + ], + 'WafPlaybook' => [ + 'title' => '是否是waf剧本。', + 'description' => 'Indicates whether the playbook is intended for Web Application Firewall (WAF). Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'example' => 'false', + ], + 'Available' => [ + 'type' => 'string', + ], + ], + ], + 'example' => '', + ], + 'AlertNum' => [ + 'title' => '该实体关联的告警数。', + 'description' => 'The number of alerts that are associated with the entity.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '1', + ], + ], + ], + ], + ], + 'example' => '123456', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorMessage' => 'The request processing has failed due to some unknown error.', + 'errorCode' => 'InternalError', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\",\\n \\"Data\\": {\\n \\"PageInfo\\": {\\n \\"CurrentPage\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 100\\n },\\n \\"ResponseData\\": [\\n {\\n \\"EntityId\\": 0,\\n \\"EntityType\\": \\"ip\\",\\n \\"OpcodeMap\\": {\\n \\"key\\": \\"{\\\\\\"7\\\\\\",\\\\\\"2\\\\\\"}\\"\\n },\\n \\"OpcodeSet\\": [\\n \\"7\\"\\n ],\\n \\"EntityInfo\\": {\\n \\"file_path\\": \\"c:/www/leixi.jsp\\",\\n \\"file_hash\\": \\"aa0ca926ad948cd820e0a3d9a18c****\\",\\n \\"host_uuid\\": \\"efed2cf7-0b77-45d9-a97b-d2cf246b****\\",\\n \\"malware_type\\": \\"${aliyun.siem.sas.alert_tag.webshell}\\",\\n \\"host_name\\": \\"launch-advisor-2023****\\"\\n },\\n \\"Dispose\\": \\"192.168.*.*\\",\\n \\"Scope\\": [\\n \\"[127608589417****]\\"\\n ],\\n \\"PlaybookList\\": [\\n {\\n \\"OpCode\\": \\"7\\",\\n \\"OpLevel\\": \\"2\\",\\n \\"Description\\": \\"WafBlockIP\\",\\n \\"DisplayName\\": \\"WafBlockIP\\",\\n \\"TaskConfig\\": \\"{\\\\\\"opCode\\\\\\":\\\\\\"3\\\\\\"}\\",\\n \\"Name\\": \\"kill_process_isolate_file\\",\\n \\"Uuid\\": \\"kill_process_isolate_file\\",\\n \\"ParamConfig\\": [\\n \\"{\\\\n\\\\t\\\\\\"ParamConfig\\\\\\": [\\\\n\\\\t\\\\t{\\\\n\\\\t\\\\t\\\\t\\\\\\"Field\\\\\\": \\\\\\"dispose\\\\\\",\\\\n\\\\t\\\\t\\\\t\\\\\\"Necessary\\\\\\": true,\\\\n\\\\t\\\\t\\\\t\\\\\\"CheckField\\\\\\": \\\\\\"[{"fieldPath":"$.ip","fieldName":"ip"}]\\\\\\"\\\\n\\\\t\\\\t},\\\\n\\\\t\\\\t{\\\\n\\\\t\\\\t\\\\t\\\\\\"Field\\\\\\": \\\\\\"alert\\\\\\",\\\\n\\\\t\\\\t\\\\t\\\\\\"Necessary\\\\\\": true,\\\\n\\\\t\\\\t\\\\t\\\\\\"CheckField\\\\\\": \\\\\\"[{"fieldPath":"$.host_uuid","fieldName":"host_uuid"}]\\\\\\"\\\\n\\\\t\\\\t},\\\\n\\\\t\\\\t{\\\\n\\\\t\\\\t\\\\t\\\\\\"Field\\\\\\": \\\\\\"scope\\\\\\",\\\\n\\\\t\\\\t\\\\t\\\\\\"Necessary\\\\\\": true,\\\\n\\\\t\\\\t\\\\t\\\\\\"Value\\\\\\": \\\\\\"$.main_user_id\\\\\\"\\\\n\\\\t\\\\t},\\\\n\\\\t\\\\t{\\\\n\\\\t\\\\t\\\\t\\\\\\"Field\\\\\\": \\\\\\"startTime\\\\\\",\\\\n\\\\t\\\\t\\\\t\\\\\\"Necessary\\\\\\": true\\\\n\\\\t\\\\t},\\\\n\\\\t\\\\t{\\\\n\\\\t\\\\t\\\\t\\\\\\"Field\\\\\\": \\\\\\"endTime\\\\\\",\\\\n\\\\t\\\\t\\\\t\\\\\\"Necessary\\\\\\": true\\\\n\\\\t\\\\t}\\\\n\\\\t]\\\\n}\\"\\n ],\\n \\"WafPlaybook\\": false,\\n \\"Available\\": \\"1\\"\\n }\\n ],\\n \\"AlertNum\\": 1\\n }\\n ]\\n }\\n}","type":"json"}]', + 'title' => 'DescribeDisposeAndPlaybook', + ], + 'DescribeCloudSiemEvents' => [ + 'summary' => 'Queries events in SIEM.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'http', + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'list', + 'riskType' => 'none', + 'chargeType' => 'free', + 'abilityTreeNodes' => [ + 'FEATUREsasAFG0OH', + ], + ], + 'parameters' => [ + [ + 'name' => 'StartTime', + 'in' => 'formData', + 'schema' => [ + 'title' => '查询开始时间, 单位毫秒。', + 'description' => 'The beginning of the time range to query. Unit: milliseconds.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '1577808000000', + ], + ], + [ + 'name' => 'EndTime', + 'in' => 'formData', + 'schema' => [ + 'title' => '查询结束时间, 单位毫秒。', + 'description' => 'The end of the time range to query. Unit: milliseconds.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '1577808000000', + ], + ], + [ + 'name' => 'ThreadLevel', + 'in' => 'formData', + 'style' => 'repeatList', + 'schema' => [ + 'title' => '事件威胁等级,格式为json数组。取值:'."\n" + .'- serious:高危'."\n" + .'- suspicious:中危'."\n" + .'- remind:低危', + 'description' => 'The risk levels of the events. The value is a JSON array. Valid values:'."\n" + ."\n" + .'* serious: high'."\n" + .'* suspicious: medium'."\n" + .'* remind: low'."\n", + 'type' => 'array', + 'items' => [ + 'description' => 'The risk level of the event. The value is a JSON string. Valid values:'."\n" + ."\n" + .'* serious: high'."\n" + .'* suspicious: medium'."\n" + .'* remind: low'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '["remind","serious"]'."\n", + ], + 'required' => false, + 'example' => '["serious","suspicious","remind"]', + 'maxItems' => 100, + ], + ], + [ + 'name' => 'EventName', + 'in' => 'formData', + 'schema' => [ + 'title' => '事件名称。', + 'description' => 'The name of the event.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'ECS unusual log in', + ], + ], + [ + 'name' => 'IncidentUuid', + 'in' => 'formData', + 'schema' => [ + 'title' => '事件ID。', + 'description' => 'The ID of the event.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '85ea4241-798f-4684-a876-65d4f0c3****', + ], + ], + [ + 'name' => 'AssetId', + 'in' => 'formData', + 'schema' => [ + 'title' => '事件关联的资产ID。', + 'description' => 'The ID of the asset that is associated with the event.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '6c740667-80b2-476d-8924-2e706feb****', + ], + ], + [ + 'name' => 'EntityUuid', + 'in' => 'formData', + 'schema' => [ + 'title' => '事件关联的实体Uuid。', + 'type' => 'string', + 'example' => '6c740667-80b2-476d-8924-2e706feb****', + ], + ], + [ + 'name' => 'Status', + 'in' => 'formData', + 'schema' => [ + 'title' => '事件状态。 取值:'."\n" + .'- 0:未处理'."\n" + .'- 1:处理中'."\n" + .'- 5:处理失败'."\n" + .'- 10:已处理', + 'description' => 'The status of the event. Valid values:'."\n" + ."\n" + .'* 0: unhandled'."\n" + .'* 1: handling'."\n" + .'* 5: handling failed'."\n" + .'* 10: handled'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '0', + ], + ], + [ + 'name' => 'OrderField', + 'in' => 'formData', + 'schema' => [ + 'title' => '事件列表排列字段。 取值:'."\n" + .'- GmtModified:基于事件产生事件排序(默认)'."\n" + .'- ThreatScore:基于事件威胁评分排序。', + 'description' => 'The sort field. Valid values:'."\n" + ."\n" + .'* GmtModified: sorts the events by creation time. This is the default value.'."\n" + .'* ThreatScore: sorts the events by risk score.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'ThreatScore', + ], + ], + [ + 'name' => 'Order', + 'in' => 'formData', + 'schema' => [ + 'title' => '事件列表排列方向。 取值:'."\n" + .'- desc:降序排列'."\n" + .'- asc:升序排列。', + 'description' => 'The sort order. Valid values:'."\n" + ."\n" + .'* desc: descending order'."\n" + .'* asc: ascending order'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'desc', + ], + ], + [ + 'name' => 'CurrentPage', + 'in' => 'formData', + 'schema' => [ + 'title' => '列表当前页号, 大于等于1。', + 'description' => 'The page number. Pages start from page 1.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'required' => true, + 'minimum' => '1', + 'example' => '1', + ], + ], + [ + 'name' => 'PageSize', + 'in' => 'formData', + 'schema' => [ + 'title' => '列表每页条数, 最大不超过100。', + 'description' => 'The number of entries per page. Maximum value: 100.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'required' => true, + 'maximum' => '100', + 'minimum' => '1', + 'example' => '10', + ], + ], + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The type of the view. Valid values:'."\n" + .'- 0: the current Alibaba Cloud account'."\n" + .'- 1: the global account', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + 'title' => '0,单账号登录;1,全局视图;2,切换视图;3,局部视图', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The ID of the account that you switch from the management account.', + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '113091674488****', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'PageResponse<List<SiemEvent>>', + 'description' => 'PageResponse\\<List>'."\n", + 'type' => 'object', + 'properties' => [ + 'Success' => [ + 'title' => '请求是否成功。取值:'."\n" + .'- true:成功'."\n" + .'- false:失败', + 'description' => 'Indicates whether the request was successful. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'Code' => [ + 'title' => '请求状态码。', + 'description' => 'The HTTP status code.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '200', + ], + 'Message' => [ + 'title' => '请求返回消息。', + 'description' => 'The returned message.'."\n", + 'type' => 'string', + 'example' => 'success', + ], + 'RequestId' => [ + 'title' => '请求id。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', + ], + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'object', + 'properties' => [ + 'PageInfo' => [ + 'title' => '分页记录。', + 'description' => 'The pagination information.'."\n", + 'type' => 'object', + 'properties' => [ + 'CurrentPage' => [ + 'title' => '列表当前页号。', + 'description' => 'The current page number.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '1', + ], + 'PageSize' => [ + 'title' => '每页返回记录数。', + 'description' => 'The number of entries per page.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '10', + ], + 'TotalCount' => [ + 'title' => '记录总数。', + 'description' => 'The total number of entries returned.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '100', + ], + ], + ], + 'ResponseData' => [ + 'title' => '详细数据。', + 'description' => 'The detailed data.'."\n", + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'GmtCreate' => [ + 'title' => '事件发生时间。', + 'description' => 'The time when the event occurred.'."\n", + 'type' => 'string', + 'example' => '2021-01-06 16:37:29', + ], + 'GmtModified' => [ + 'title' => '事件最后更新时间。', + 'description' => 'The time when the event was last updated.'."\n", + 'type' => 'string', + 'example' => '2021-01-06 16:37:29', + ], + 'Aliuid' => [ + 'title' => '事件归属主账号ID。', + 'description' => 'The ID of the Alibaba Cloud account to which the event belongs.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '127608589417****', + ], + 'AlertNum' => [ + 'title' => '事件关联告警数。', + 'description' => 'The number of alerts that are associated with the event.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '4', + ], + 'AssetNum' => [ + 'title' => '事件关联资产数。', + 'description' => 'The number of assets that are associated with the event.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '4', + ], + 'IncidentUuid' => [ + 'title' => '事件全局唯一ID。', + 'description' => 'The UUID of the event.'."\n", + 'type' => 'string', + 'example' => '85ea4241-798f-4684-a876-65d4f0c3****', + ], + 'IncidentName' => [ + 'title' => '事件名称。', + 'description' => 'The name of the event.'."\n", + 'type' => 'string', + 'example' => 'Multiple type of alerts, including Miner Network, Command line download and run malicious files, Backdoor Process, etc', + ], + 'IncidentNameEn' => [ + 'title' => '事件英文名称。', + 'description' => 'The event name in English.'."\n", + 'type' => 'string', + 'example' => 'Multiple type of alerts, including Miner Network, Command line download and run malicious files, Backdoor Process, etc', + ], + 'Description' => [ + 'title' => '事件描述。', + 'description' => 'The description of the event.'."\n", + 'type' => 'string', + 'example' => 'The threat event contains 13 Miner Network,1 Execute suspicious encoded commands on Linux, etc', + ], + 'DescriptionEn' => [ + 'title' => '事件英文描述。', + 'description' => 'The event description in English.'."\n", + 'type' => 'string', + 'example' => 'The threat event contains 13 Miner Network,1 Execute suspicious encoded commands on Linux, etc', + ], + 'DataSources' => [ + 'title' => '事件关联告警来源产品。', + 'description' => 'The sources of the alert.'."\n", + 'type' => 'array', + 'items' => [ + 'description' => 'The source.'."\n", + 'type' => 'string', + 'example' => '[sas,waf]', + ], + 'example' => '[sas,waf]', + ], + 'ThreatLevel' => [ + 'title' => '威胁等级。取值:'."\n" + .'- serious:高危'."\n" + .'- suspicious:中危'."\n" + .'- remind:低危', + 'description' => 'The risk level. Valid values:'."\n" + ."\n" + .'* serious: high.'."\n" + .'* suspicious: medium.'."\n" + .'* remind: low.'."\n", + 'type' => 'string', + 'example' => 'remind', + ], + 'ThreatScore' => [ + 'title' => '事件的威胁分值, 范围 0~100, 分值越高风险等级越高。', + 'description' => 'The risk score of the event. Valid values: 0 to 100. A higher value indicates a higher risk level.'."\n", + 'type' => 'number', + 'format' => 'float', + 'example' => '90.2', + ], + 'ExtContent' => [ + 'title' => '事件扩展信息 json格式。', + 'description' => 'The extended event information in the JSON format.'."\n", + 'type' => 'string', + 'example' => '{"event_transfer_type":"customize_rule"}', + ], + 'Status' => [ + 'title' => '事件状态。 取值:'."\n" + .'- 0:未处理 '."\n" + .'-1:处理中 '."\n" + .'-5:处理失败 '."\n" + .'-10:已处理', + 'description' => 'The status of the event. Valid values:'."\n" + ."\n" + .'* 0: unhandled.'."\n" + .'* 1: handling.'."\n" + .'* 5: handling failed.'."\n" + .'* 10: handled.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '0', + ], + 'AttCkLabels' => [ + 'title' => 'ATTCT&攻击技术标签集合。', + 'description' => 'The tags of the ATT\\&CK techniques.'."\n", + 'type' => 'array', + 'items' => [ + 'description' => 'The tag of the ATT\\&CK technique.'."\n", + 'type' => 'string', + 'example' => '["T1595.002 Vulnerability Scanning"]', + ], + 'example' => '["T1595.002 Vulnerability Scanning"]', + ], + 'AttckStages' => [ + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'TacticId' => [ + 'type' => 'string', + ], + 'TacticName' => [ + 'type' => 'string', + ], + 'AlertNum' => [ + 'type' => 'integer', + 'format' => 'int32', + ], + ], + ], + ], + 'ReferAccount' => [ + 'description' => 'the refer account info.', + 'type' => 'string', + 'example' => '127608589417****', + ], + 'IncidentType' => [ + 'type' => 'string', + ], + 'RuleId' => [ + 'type' => 'string', + ], + 'Remark' => [ + 'title' => '事件备注。', + 'description' => 'The remarks of the event.'."\n", + 'type' => 'string', + 'example' => 'dealed', + ], + ], + ], + ], + ], + 'example' => '123456', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorMessage' => 'The request processing has failed due to some unknown error.', + 'errorCode' => 'InternalError', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\",\\n \\"Data\\": {\\n \\"PageInfo\\": {\\n \\"CurrentPage\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 100\\n },\\n \\"ResponseData\\": [\\n {\\n \\"GmtCreate\\": \\"2021-01-06 16:37:29\\",\\n \\"GmtModified\\": \\"2021-01-06 16:37:29\\",\\n \\"Aliuid\\": 0,\\n \\"AlertNum\\": 4,\\n \\"AssetNum\\": 4,\\n \\"IncidentUuid\\": \\"85ea4241-798f-4684-a876-65d4f0c3****\\",\\n \\"IncidentName\\": \\"Multiple type of alerts, including Miner Network, Command line download and run malicious files, Backdoor Process, etc\\",\\n \\"IncidentNameEn\\": \\"Multiple type of alerts, including Miner Network, Command line download and run malicious files, Backdoor Process, etc\\",\\n \\"Description\\": \\"The threat event contains 13 Miner Network,1 Execute suspicious encoded commands on Linux, etc\\",\\n \\"DescriptionEn\\": \\"The threat event contains 13 Miner Network,1 Execute suspicious encoded commands on Linux, etc\\",\\n \\"DataSources\\": [\\n \\"[sas,waf]\\"\\n ],\\n \\"ThreatLevel\\": \\"remind\\",\\n \\"ThreatScore\\": 90.2,\\n \\"ExtContent\\": \\"{\\\\\\"event_transfer_type\\\\\\":\\\\\\"customize_rule\\\\\\"}\\",\\n \\"Status\\": 0,\\n \\"AttCkLabels\\": [\\n \\"[\\\\\\"T1595.002 Vulnerability Scanning\\\\\\"]\\"\\n ],\\n \\"AttckStages\\": [\\n {\\n \\"TacticId\\": \\"TA0001\\",\\n \\"TacticName\\": \\"Persistence\\",\\n \\"AlertNum\\": 21\\n }\\n ],\\n \\"ReferAccount\\": \\"127608589417****\\",\\n \\"IncidentType\\": \\"graph\\",\\n \\"RuleId\\": \\"crecr-21d7pogu9v4a****\\",\\n \\"Remark\\": \\"dealed\\"\\n }\\n ]\\n }\\n}","type":"json"}]', + 'title' => 'DescribeCloudSiemEvents', + ], + 'DescribeCloudSiemEventDetail' => [ + 'summary' => 'Queries the details of an event.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'http', + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'riskType' => 'none', + 'chargeType' => 'free', + 'abilityTreeNodes' => [ + 'FEATUREsasAFG0OH', + ], + ], + 'parameters' => [ + [ + 'name' => 'IncidentUuid', + 'in' => 'formData', + 'schema' => [ + 'title' => '事件ID。', + 'description' => 'The UUID of the event.'."\n", + 'type' => 'string', + 'required' => true, + 'example' => '85ea4241-798f-4684-a876-65d4f0c3****', + ], + ], + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The type of the view. Valid values:'."\n" + .'- 0: the current Alibaba Cloud account'."\n" + .'- 1: the global account', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + 'title' => '0,单账号登录;1,全局视图;2,切换视图;3,局部视图', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The ID of the account that you switch from the management account.', + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '113091674488****', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'PlainResponse<SiemEvent>', + 'description' => 'PlainResponse'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'object', + 'properties' => [ + 'GmtCreate' => [ + 'title' => '事件发生时间。', + 'description' => 'The time when the event occurred.'."\n", + 'type' => 'string', + 'example' => '2021-01-06 16:37:29', + ], + 'GmtModified' => [ + 'title' => '事件最后更新时间。', + 'description' => 'The time when the event was last updated.'."\n", + 'type' => 'string', + 'example' => '2021-01-06 16:37:29', + ], + 'Aliuid' => [ + 'title' => '事件归属主账号ID。', + 'description' => 'The ID of the Alibaba Cloud account to which the event belongs.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '127608589417****', + ], + 'AlertNum' => [ + 'title' => '事件关联告警数。', + 'description' => 'The number of alerts that are associated with the event.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '4', + ], + 'AssetNum' => [ + 'title' => '事件关联资产数。', + 'description' => 'The number of assets that are associated with the event.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '4', + ], + 'IncidentUuid' => [ + 'title' => '事件全局唯一ID。', + 'description' => 'The UUID of the event.'."\n", + 'type' => 'string', + 'example' => '85ea4241-798f-4684-a876-65d4f0c3****', + ], + 'IncidentName' => [ + 'title' => '事件名称。', + 'description' => 'The name of the event.'."\n", + 'type' => 'string', + 'example' => 'Multiple type of alerts, including Miner Network, Command line download and run malicious files, Backdoor Process, etc', + ], + 'IncidentNameEn' => [ + 'title' => '事件英文名称。', + 'description' => 'The name of the event in English.'."\n", + 'type' => 'string', + 'example' => 'Multiple type of alerts, including Miner Network, Command line download and run malicious files, Backdoor Process, etc', + ], + 'Description' => [ + 'title' => '事件描述。', + 'description' => 'The description of the event.'."\n", + 'type' => 'string', + 'example' => 'The threat event contains 13 Miner Network,1 Execute suspicious encoded commands on Linux, etc', + ], + 'DescriptionEn' => [ + 'title' => '事件英文描述。', + 'description' => 'The description of the event in English.'."\n", + 'type' => 'string', + 'example' => 'The threat event contains 13 Miner Network,1 Execute suspicious encoded commands on Linux, etc', + ], + 'DataSources' => [ + 'title' => '事件关联告警来源产品。', + 'description' => 'The source of the alert.'."\n", + 'type' => 'array', + 'items' => [ + 'description' => 'The source.'."\n", + 'type' => 'string', + 'example' => '[sas,waf]', + ], + 'example' => '[sas,waf]', + ], + 'ThreatLevel' => [ + 'title' => '威胁等级。取值:'."\n" + .'- serious:高危'."\n" + .'- suspicious:中危'."\n" + .'- remind:低危', + 'description' => 'The risk level. Valid values:'."\n" + ."\n" + .'* serious: high'."\n" + .'* suspicious: medium'."\n" + .'* remind: low'."\n", + 'type' => 'string', + 'example' => 'remind', + ], + 'ThreatScore' => [ + 'title' => '事件的威胁分值, 范围 0~100, 分值越高风险等级越高。', + 'description' => 'The risk score of the event. The score ranges from 0 to 100. A higher score indicates a higher risk level.'."\n", + 'type' => 'number', + 'format' => 'float', + 'example' => '90.2', + ], + 'ExtContent' => [ + 'title' => '事件扩展信息 json格式。', + 'description' => 'The extended information of the event in the JSON format.'."\n", + 'type' => 'string', + 'example' => '{"event_transfer_type":"customize_rule"}', + ], + 'Status' => [ + 'title' => '事件状态。 取值:'."\n" + .'- 0:未处理 '."\n" + .'-1:处理中 '."\n" + .'-5:处理失败 '."\n" + .'-10:已处理', + 'description' => 'The status of the event. Valid values:'."\n" + ."\n" + .'* 0: not handled'."\n" + .'* 1: handing'."\n" + .'* 5: handling failed'."\n" + .'* 10: handled'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '0', + ], + 'AttCkLabels' => [ + 'title' => 'ATTCT&攻击技术标签集合。', + 'description' => 'The tags of the ATT\\&CK attacks.'."\n", + 'type' => 'array', + 'items' => [ + 'description' => 'The tag.'."\n", + 'type' => 'string', + 'example' => '["T1595.002 Vulnerability Scanning"]', + ], + 'example' => '["T1595.002 Vulnerability Scanning"]', + ], + 'AttckStages' => [ + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'TacticId' => [ + 'type' => 'string', + ], + 'TacticName' => [ + 'type' => 'string', + ], + 'AlertNum' => [ + 'type' => 'integer', + 'format' => 'int32', + ], + ], + ], + ], + 'ReferAccount' => [ + 'description' => 'Users associated with the event.', + 'type' => 'string', + 'example' => '17661858****/****,176618448****/****', + ], + 'IncidentType' => [ + 'type' => 'string', + ], + 'RuleId' => [ + 'type' => 'string', + ], + 'Remark' => [ + 'title' => '事件备注。', + 'description' => 'The remarks of the event.'."\n", + 'type' => 'string', + 'example' => 'dealed', + ], + ], + 'example' => '123456', + ], + 'Success' => [ + 'title' => '请求是否成功。取值:'."\n" + .'- true:成功'."\n" + .'- false:失败', + 'description' => 'Indicates whether the request was successful. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'Code' => [ + 'title' => '请求状态码。', + 'description' => 'The HTTP status code.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '200', + ], + 'Message' => [ + 'title' => '请求返回消息。', + 'description' => 'The returned message.'."\n", + 'type' => 'string', + 'example' => 'success', + ], + 'RequestId' => [ + 'title' => '请求id。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorMessage' => 'The request processing has failed due to some unknown error.', + 'errorCode' => 'InternalError', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"GmtCreate\\": \\"2021-01-06 16:37:29\\",\\n \\"GmtModified\\": \\"2021-01-06 16:37:29\\",\\n \\"Aliuid\\": 0,\\n \\"AlertNum\\": 4,\\n \\"AssetNum\\": 4,\\n \\"IncidentUuid\\": \\"85ea4241-798f-4684-a876-65d4f0c3****\\",\\n \\"IncidentName\\": \\"Multiple type of alerts, including Miner Network, Command line download and run malicious files, Backdoor Process, etc\\",\\n \\"IncidentNameEn\\": \\"Multiple type of alerts, including Miner Network, Command line download and run malicious files, Backdoor Process, etc\\",\\n \\"Description\\": \\"The threat event contains 13 Miner Network,1 Execute suspicious encoded commands on Linux, etc\\",\\n \\"DescriptionEn\\": \\"The threat event contains 13 Miner Network,1 Execute suspicious encoded commands on Linux, etc\\",\\n \\"DataSources\\": [\\n \\"[sas,waf]\\"\\n ],\\n \\"ThreatLevel\\": \\"remind\\",\\n \\"ThreatScore\\": 90.2,\\n \\"ExtContent\\": \\"{\\\\\\"event_transfer_type\\\\\\":\\\\\\"customize_rule\\\\\\"}\\",\\n \\"Status\\": 0,\\n \\"AttCkLabels\\": [\\n \\"[\\\\\\"T1595.002 Vulnerability Scanning\\\\\\"]\\"\\n ],\\n \\"AttckStages\\": [\\n {\\n \\"TacticId\\": \\"TA0008\\",\\n \\"TacticName\\": \\"Persistence\\",\\n \\"AlertNum\\": 21\\n }\\n ],\\n \\"ReferAccount\\": \\"17661858****/****,176618448****/****\\",\\n \\"IncidentType\\": \\"graph\\",\\n \\"RuleId\\": \\"net-attack/101\\",\\n \\"Remark\\": \\"dealed\\"\\n },\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', + 'title' => 'DescribeCloudSiemEventDetail', + ], + 'DescribeCloudSiemAssetsCounter' => [ + 'summary' => 'Queries the number of assets that are associated with an event by asset type.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'https', + 'http', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'riskType' => 'none', + 'chargeType' => 'free', + ], + 'parameters' => [ + [ + 'name' => 'IncidentUuid', + 'in' => 'formData', + 'schema' => [ + 'title' => '事件id。', + 'description' => 'The UUID of the event.'."\n", + 'type' => 'string', + 'required' => true, + 'example' => '85ea4241-798f-4684-a876-65d4f0c3****', + ], + ], + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The type of the view. Valid values:'."\n" + .'- 0: the current Alibaba Cloud account'."\n" + .'- 1: the global account', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The ID of the account that you switch from the management account.', + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '113091674488****', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'PlainResponse<List<CloudSiemEventAssetCounter>>', + 'description' => 'PlainResponse\\<List>'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'AssetType' => [ + 'title' => '资产类型。取值:'."\n" + .'- ip:ip'."\n" + .'- domain:域名'."\n" + .'- url:url'."\n" + .'- process:进程'."\n" + .'- file:文件'."\n" + .'- host:主机', + 'description' => 'The type of the asset. Valid values:'."\n" + ."\n" + .'* ip'."\n" + .'* domain'."\n" + .'* url'."\n" + .'* process'."\n" + .'* file'."\n" + .'* host'."\n", + 'type' => 'string', + 'example' => 'domain', + ], + 'AssetNum' => [ + 'title' => '资产数量。', + 'description' => 'The number of assets.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '1', + ], + ], + ], + 'example' => '123456', + ], + 'Success' => [ + 'title' => '请求是否成功。取值:'."\n" + .'- true:成功'."\n" + .'- false:失败', + 'description' => 'Indicates whether the request was successful. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'Code' => [ + 'title' => '请求状态码。', + 'description' => 'The HTTP status code.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '200', + ], + 'Message' => [ + 'title' => '请求返回消息。', + 'description' => 'The returned message.'."\n", + 'type' => 'string', + 'example' => 'success', + ], + 'RequestId' => [ + 'title' => '请求id。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorMessage' => 'The request processing has failed due to some unknown error.', + 'errorCode' => 'InternalError', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"AssetType\\": \\"domain\\",\\n \\"AssetNum\\": 1\\n }\\n ],\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', + 'title' => 'DescribeCloudSiemAssetsCounter', + ], + 'DescribeCloudSiemAssets' => [ + 'summary' => 'Queries the assets that are associated with an event.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'https', + 'http', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'list', + 'riskType' => 'none', + 'chargeType' => 'free', + 'abilityTreeNodes' => [ + 'FEATUREsas5NAHBX', + ], + ], + 'parameters' => [ + [ + 'name' => 'IncidentUuid', + 'in' => 'formData', + 'schema' => [ + 'title' => '事件ID。', + 'description' => 'The UUID of the event.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '85ea4241-798f-4684-a876-65d4f0c3****', + ], + ], + [ + 'name' => 'AssetType', + 'in' => 'formData', + 'schema' => [ + 'title' => '资产类型。取值:'."\n" + .'- ip:ip'."\n" + .'- domain:域名'."\n" + .'- url:url'."\n" + .'- process:进程'."\n" + .'- file:文件'."\n" + .'- host:主机', + 'description' => 'The type of the asset. Valid values:'."\n" + ."\n" + .'* ip'."\n" + .'* domain'."\n" + .'* url'."\n" + .'* process'."\n" + .'* file'."\n" + .'* host'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'ip', + ], + ], + [ + 'name' => 'AssetName', + 'in' => 'formData', + 'schema' => [ + 'title' => '资产名称。', + 'type' => 'string', + 'example' => 'test123', + ], + ], + [ + 'name' => 'AssetUuid', + 'in' => 'formData', + 'schema' => [ + 'title' => '资产uuid。', + 'type' => 'string', + 'example' => '123456-2222-3333-5555-3435345****', + ], + ], + [ + 'name' => 'CurrentPage', + 'in' => 'formData', + 'schema' => [ + 'title' => '列表当前页号, 大于等于1。', + 'description' => 'The page number. Pages start from page 1.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'required' => true, + 'minimum' => '1', + 'example' => '1', + ], + ], + [ + 'name' => 'PageSize', + 'in' => 'formData', + 'schema' => [ + 'title' => '列表每页条数, 最大不超过100。', + 'description' => 'The number of entries per page. Maximum value: 100.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'required' => true, + 'maximum' => '100', + 'minimum' => '1', + 'example' => '10', + ], + ], + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The type of the view. Valid values:'."\n" + .'- 0: the current Alibaba Cloud account'."\n" + .'- 1: the global account', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + 'title' => '0,单账号登录;1,全局视图;2,切换视图;3,局部视图', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The ID of the account that you switch from the management account.', + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '113091674488****', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'PageResponse<List<AssetInfo>>', + 'description' => 'PageResponse\\<List>'."\n", + 'type' => 'object', + 'properties' => [ + 'Success' => [ + 'title' => '请求是否成功。取值:'."\n" + .'- true:成功'."\n" + .'- false:失败', + 'description' => 'Indicates whether the request was successful. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'Code' => [ + 'title' => '请求状态码。', + 'description' => 'The HTTP status code.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '200', + ], + 'Message' => [ + 'title' => '请求返回消息。', + 'description' => 'The returned message.'."\n", + 'type' => 'string', + 'example' => 'success', + ], + 'RequestId' => [ + 'title' => '请求id。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', + ], + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'object', + 'properties' => [ + 'PageInfo' => [ + 'title' => '分页记录。', + 'description' => 'The pagination information.'."\n", + 'type' => 'object', + 'properties' => [ + 'CurrentPage' => [ + 'title' => '列表当前页号。', + 'description' => 'The current page number.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '1', + ], + 'PageSize' => [ + 'title' => '每页返回记录数。', + 'description' => 'The number of entries per page.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '10', + ], + 'TotalCount' => [ + 'title' => '记录总数。', + 'description' => 'The total number of entries returned.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '100', + ], + ], + ], + 'ResponseData' => [ + 'title' => '详细数据。', + 'description' => 'The detailed data.'."\n", + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'Id' => [ + 'title' => '资产ID。', + 'description' => 'The ID of the asset.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '123', + ], + 'GmtCreate' => [ + 'title' => '资产同步时间。', + 'description' => 'The time when the asset was synchronized.'."\n", + 'type' => 'string', + 'example' => '2021-01-06 16:37:29', + ], + 'GmtModified' => [ + 'title' => '资产最后更新时间。', + 'description' => 'The time when the asset was last updated.'."\n", + 'type' => 'string', + 'example' => '2021-01-06 16:37:29', + ], + 'Aliuid' => [ + 'title' => 'siem主账号ID。', + 'description' => 'The ID of the Alibaba Cloud account in SIEM.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '1276085894174392', + ], + 'SubUserId' => [ + 'title' => '资产关联账号ID。', + 'description' => 'The ID of the associated account to which the asset belongs.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '176555323***', + ], + 'IncidentUuid' => [ + 'title' => '事件ID。', + 'description' => 'The UUID of the event.'."\n", + 'type' => 'string', + 'example' => '85ea4241-798f-4684-a876-65d4f0c3****', + ], + 'AlertUuid' => [ + 'title' => '事件关联告警ID。', + 'description' => 'The UUID of the alert associated with the event.'."\n", + 'type' => 'string', + 'example' => 'sas_71e24437d2797ce8fc59692905a4****', + ], + 'AssetName' => [ + 'title' => '资产名称。', + 'description' => 'The name of the asset.'."\n", + 'type' => 'string', + 'example' => 'zsw-agentless-centos****', + ], + 'AssetType' => [ + 'title' => '资产类型。取值:'."\n" + .'- ip:ip'."\n" + .'- domain:域名'."\n" + .'- url:url'."\n" + .'- process:进程'."\n" + .'- file:文件'."\n" + .'- host:主机', + 'description' => 'The type of the asset. Valid values:'."\n" + ."\n" + .'* ip'."\n" + .'* domain'."\n" + .'* url'."\n" + .'* process'."\n" + .'* file'."\n" + .'* host'."\n", + 'type' => 'string', + 'example' => 'domain', + ], + 'AssetInfo' => [ + 'title' => '资产展示信息 json数组格式。', + 'description' => 'The display information of the asset is in the JSON format.'."\n", + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'Key' => [ + 'title' => '告警详细属性key。', + 'description' => 'The attribute key.'."\n", + 'type' => 'string', + 'example' => 'suspicious.wbd.wb.trojanpath', + ], + 'KeyName' => [ + 'title' => '告警详细数据名称。', + 'description' => 'The name of the key.'."\n", + 'type' => 'string', + 'example' => 'Trojan Path', + ], + 'Values' => [ + 'title' => '告警详细数据值。', + 'description' => 'The value of the key.'."\n", + 'type' => 'string', + 'example' => '/root/test33.php', + ], + ], + ], + 'example' => '[{"KeyName": "${aliyun.siem.asset.asset_name}","Values": "zsw-agentless-ubuntu20","Key": "asset_name"}]', + ], + 'AssetId' => [ + 'title' => '资产逻辑ID。', + 'description' => 'The logical ID of the asset.'."\n", + 'type' => 'string', + 'example' => '0616caeb-acb8-45e0-8520-4ee5fbe251f0', + ], + 'CloudCode' => [ + 'title' => '实体来源云code。 取值:'."\n" + .'- aliyun:阿里云'."\n" + .'- qcloud:腾讯云'."\n" + .'- hcloud:华为云', + 'description' => 'The cloud code of the entity. Valid values:'."\n" + ."\n" + .'* aliyun: Alibaba Cloud'."\n" + .'* qcloud: Tencent Cloud'."\n" + .'* hcloud: Huawei Cloud'."\n", + 'type' => 'string', + 'example' => 'aliyun', + ], + ], + ], + ], + ], + 'example' => '123456', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorMessage' => 'The request processing has failed due to some unknown error.', + 'errorCode' => 'InternalError', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\",\\n \\"Data\\": {\\n \\"PageInfo\\": {\\n \\"CurrentPage\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 100\\n },\\n \\"ResponseData\\": [\\n {\\n \\"Id\\": 123,\\n \\"GmtCreate\\": \\"2021-01-06 16:37:29\\",\\n \\"GmtModified\\": \\"2021-01-06 16:37:29\\",\\n \\"Aliuid\\": 1276085894174392,\\n \\"SubUserId\\": 0,\\n \\"IncidentUuid\\": \\"85ea4241-798f-4684-a876-65d4f0c3****\\",\\n \\"AlertUuid\\": \\"sas_71e24437d2797ce8fc59692905a4****\\",\\n \\"AssetName\\": \\"zsw-agentless-centos****\\",\\n \\"AssetType\\": \\"domain\\",\\n \\"AssetInfo\\": [\\n {\\n \\"Key\\": \\"suspicious.wbd.wb.trojanpath\\",\\n \\"KeyName\\": \\"Trojan Path\\",\\n \\"Values\\": \\"/root/test33.php\\"\\n }\\n ],\\n \\"AssetId\\": \\"0616caeb-acb8-45e0-8520-4ee5fbe251f0\\",\\n \\"CloudCode\\": \\"aliyun\\"\\n }\\n ]\\n }\\n}","type":"json"}]', + 'title' => 'DescribeCloudSiemAssets', + ], + 'DescribeAlertsWithEvent' => [ + 'summary' => 'Queries the alerts that are associated with an event.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'http', + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'riskType' => 'none', + 'chargeType' => 'free', + 'abilityTreeNodes' => [ + 'FEATUREsasAFG0OH', + ], + ], + 'parameters' => [ + [ + 'name' => 'IncidentUuid', + 'in' => 'formData', + 'schema' => [ + 'title' => '事件ID。', + 'description' => 'The ID of the event.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '85ea4241-798f-4684-a876-65d4f0c3****', + ], + ], + [ + 'name' => 'Level', + 'in' => 'formData', + 'style' => 'repeatList', + 'schema' => [ + 'title' => '威胁等级,格式为json数组。取值:'."\n" + .'- serious:高危'."\n" + .'- suspicious:中危'."\n" + .'- remind:低危', + 'description' => 'The risk levels. The value is a JSON array. Valid values:'."\n" + ."\n" + .'* serious: high'."\n" + .'* suspicious: medium'."\n" + .'* remind: low'."\n", + 'type' => 'array', + 'items' => [ + 'description' => 'The risk level. The value is a JSON string. Valid values:'."\n" + ."\n" + .'* serious: high'."\n" + .'* suspicious: medium'."\n" + .'* remind: low'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '["remind","serious"]'."\n", + ], + 'required' => false, + 'example' => '["serious","suspicious","remind"]', + 'maxItems' => 100, + ], + ], + [ + 'name' => 'AlertTitle', + 'in' => 'formData', + 'schema' => [ + 'title' => '告警标题。', + 'description' => 'The title of the alert.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'Scan-Try SNMP weak password'."\n", + ], + ], + [ + 'name' => 'AlertType', + 'in' => 'formData', + 'schema' => [ + 'title' => '告警类型。', + 'type' => 'string', + ], + ], + [ + 'name' => 'AlertName', + 'in' => 'formData', + 'schema' => [ + 'title' => '告警名称。', + 'type' => 'string', + ], + ], + [ + 'name' => 'AssetName', + 'in' => 'formData', + 'schema' => [ + 'title' => '资产名称。', + 'type' => 'string', + ], + ], + [ + 'name' => 'AssetId', + 'in' => 'formData', + 'schema' => [ + 'title' => '资产id。', + 'type' => 'string', + ], + ], + [ + 'name' => 'EntityName', + 'in' => 'formData', + 'schema' => [ + 'title' => '实体名称。', + 'type' => 'string', + ], + ], + [ + 'name' => 'EntityId', + 'in' => 'formData', + 'schema' => [ + 'title' => '实体id。', + 'type' => 'string', + ], + ], + [ + 'name' => 'SubUserId', + 'in' => 'formData', + 'schema' => [ + 'title' => '告警关联账号ID。', + 'description' => 'The ID of the account within which the alert is generated.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '176555323***', + ], + ], + [ + 'name' => 'Source', + 'in' => 'formData', + 'schema' => [ + 'title' => '告警数据源。', + 'description' => 'The data source of the alert.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'sas', + ], + ], + [ + 'name' => 'IsDefend', + 'in' => 'formData', + 'schema' => [ + 'title' => '是否已防御', + 'description' => 'Specifies whether an attack is defended. Valid values:'."\n" + ."\n" + .'* 0: detected'."\n" + .'* 1: blocked'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'StartTime', + 'in' => 'formData', + 'schema' => [ + 'title' => '查询开始时间, 单位毫秒。', + 'type' => 'integer', + 'format' => 'int64', + 'example' => '1577808000000', + ], + ], + [ + 'name' => 'EndTime', + 'in' => 'formData', + 'schema' => [ + 'title' => '查询结束时间, 单位毫秒。', + 'type' => 'integer', + 'format' => 'int64', + 'example' => '1577808000000', + ], + ], + [ + 'name' => 'CurrentPage', + 'in' => 'formData', + 'schema' => [ + 'title' => '列表当前页号, 大于等于1。', + 'description' => 'The page number. Pages start from page 1.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'required' => true, + 'minimum' => '1', + 'example' => '1', + ], + ], + [ + 'name' => 'PageSize', + 'in' => 'formData', + 'schema' => [ + 'title' => '列表每页条数, 最大不超过100。', + 'description' => 'The number of entries per page. Maximum value: 100.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'required' => true, + 'maximum' => '100', + 'minimum' => '1', + 'example' => '10', + ], + ], + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The type of the view.'."\n" + ."\n" + .'* 0: view of the current Alibaba Cloud account.'."\n" + .'* 1: view of all accounts for the enterprise.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + 'title' => '0,单账号登录;1,全局视图;2,切换视图;3,局部视图', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The ID of the member in the resource directory.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '113091674488****', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'PageResponse<List<AlertDetail>>', + 'description' => 'PageResponse\\<List>'."\n", + 'type' => 'object', + 'properties' => [ + 'Success' => [ + 'title' => '请求是否成功。取值:'."\n" + .'- true:成功'."\n" + .'- false:失败', + 'description' => 'Indicates whether the request was successful. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'Code' => [ + 'title' => '请求状态码。', + 'description' => 'The HTTP status code.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '200', + ], + 'Message' => [ + 'title' => '请求返回消息。', + 'description' => 'The returned message.'."\n", + 'type' => 'string', + 'example' => 'success', + ], + 'RequestId' => [ + 'title' => '请求id。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', + ], + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'object', + 'properties' => [ + 'PageInfo' => [ + 'title' => '分页记录。', + 'description' => 'The pagination information.'."\n", + 'type' => 'object', + 'properties' => [ + 'CurrentPage' => [ + 'title' => '列表当前页号。', + 'description' => 'The current page number.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '1', + ], + 'PageSize' => [ + 'title' => '每页返回记录数。', + 'description' => 'The number of entries per page.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '10', + ], + 'TotalCount' => [ + 'title' => '记录总数。', + 'description' => 'The total number of entries returned.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '100', + ], + ], + ], + 'ResponseData' => [ + 'title' => '详细数据。', + 'description' => 'The detailed data.'."\n", + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'Id' => [ + 'title' => '告警唯一ID。', + 'description' => 'The unique ID of the alert.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '123456789', + ], + 'GmtCreate' => [ + 'title' => '告警入库时间。', + 'description' => 'The time when the alert was received.'."\n", + 'type' => 'string', + 'example' => '2021-01-06 16:37:29', + ], + 'GmtModified' => [ + 'title' => '告警最后更新时间。', + 'description' => 'The time when the alert was last updated.'."\n", + 'type' => 'string', + 'example' => '2021-01-06 16:37:29', + ], + 'MainUserId' => [ + 'title' => '告警关联siem主账号ID。', + 'description' => 'The ID of the Alibaba Cloud account that is associated with the alert in SIEM.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '127608589417****', + ], + 'IncidentUuid' => [ + 'title' => '事件全局唯一id。', + 'description' => 'The UUID of the event.'."\n", + 'type' => 'string', + 'example' => '85ea4241-798f-4684-a876-65d4f0c3****', + ], + 'AlertUuid' => [ + 'title' => '告警id。', + 'description' => 'The UUID of the alert.'."\n", + 'type' => 'string', + 'example' => 'sas_71e24437d2797ce8fc59692905a4****', + ], + 'LogTime' => [ + 'title' => '告警记录时间。', + 'description' => 'The time when the alert was recorded.'."\n", + 'type' => 'string', + 'example' => '2021-01-06 16:37:29', + ], + 'AlertSrcProd' => [ + 'title' => '事件关联告警来源产品。', + 'description' => 'The source of the alert.'."\n", + 'type' => 'string', + 'example' => 'sas', + ], + 'AlertTitle' => [ + 'title' => '告警标题。', + 'description' => 'The title of the alert.'."\n", + 'type' => 'string', + 'example' => 'Scan-Try SNMP weak password', + ], + 'AlertTitleEn' => [ + 'title' => '告警标题英文。', + 'description' => 'The alert title in English.'."\n", + 'type' => 'string', + 'example' => 'Scan-Try SNMP weak password', + ], + 'AlertType' => [ + 'title' => '告警类型。', + 'description' => 'The type of the alert.'."\n", + 'type' => 'string', + 'example' => 'Scan', + ], + 'AlertTypeEn' => [ + 'title' => '告警类型英文。', + 'description' => 'The alert type in English.'."\n", + 'type' => 'string', + 'example' => 'Scan', + ], + 'AlertTypeCode' => [ + 'title' => '告警类型美杜莎code。', + 'description' => 'The internal code of the alert type.'."\n", + 'type' => 'string', + 'example' => 'security_event_config.event_name.webshellName', + ], + 'AlertName' => [ + 'title' => '告警名称。', + 'description' => 'The name of the alert.'."\n", + 'type' => 'string', + 'example' => 'Try SNMP weak password', + ], + 'AlertNameEn' => [ + 'title' => '告警名称。', + 'description' => 'The alert name in English.'."\n", + 'type' => 'string', + 'example' => 'Try SNMP weak password', + ], + 'AlertNameCode' => [ + 'title' => '告警名称美杜莎code。', + 'description' => 'The internal code of the alert name.'."\n", + 'type' => 'string', + 'example' => 'security_event_config.event_name.webshell', + ], + 'AlertLevel' => [ + 'title' => '威胁等级。 取值:'."\n" + .'- serious:高危'."\n" + .'- suspicious:中危'."\n" + .'- remind:低危', + 'description' => 'The risk level. Valid values:'."\n" + ."\n" + .'* serious: high.'."\n" + .'* suspicious: medium.'."\n" + .'* remind: low.'."\n", + 'type' => 'string', + 'example' => 'remind', + ], + 'AssetList' => [ + 'title' => '资产列表。', + 'description' => 'The details of the asset.'."\n", + 'type' => 'string', + 'example' => '['."\n" + .' {'."\n" + .' "is_main_asset": "1",'."\n" + .' "asset_name": "47.245.*",'."\n" + .' "port": "22",'."\n" + .' "ip": "47.245.*",'."\n" + .' "asset_type": "ip",'."\n" + .' "location": "ap-southeast-1",'."\n" + .' "asset_id": "47.245.*",'."\n" + .' "net_connect_dir": "in"'."\n" + .' }'."\n" + .']', + ], + 'OccurTime' => [ + 'title' => '告警发生时间。', + 'description' => 'The time when the alert was triggered.'."\n", + 'type' => 'string', + 'example' => '2021-01-06 16:37:29', + ], + 'StartTime' => [ + 'title' => '告警首次发生时间。', + 'description' => 'The time at which the alert was first generated.'."\n", + 'type' => 'string', + 'example' => '2021-01-06 16:37:29', + ], + 'EndTime' => [ + 'title' => '告警结束时间。', + 'description' => 'The time when the alert was closed.'."\n", + 'type' => 'string', + 'example' => '2021-01-06 16:37:29', + ], + 'AlertSrcProdModule' => [ + 'title' => '事件关联告警来源产品子模块。', + 'description' => 'The sub-module of the alert source.'."\n", + 'type' => 'string', + 'example' => 'waf', + ], + 'AlertDesc' => [ + 'title' => '告警描述。', + 'description' => 'The description of the alert.'."\n", + 'type' => 'string', + 'example' => 'The detection model found a suspicious Webshell file on your server, which may be a backdoor file implanted to maintain permissions after the attacker successfully invaded the website.', + ], + 'AlertDescEn' => [ + 'title' => '告警英文描述。', + 'description' => 'The alert description in English.'."\n", + 'type' => 'string', + 'example' => 'The detection model found a suspicious Webshell file on your server, which may be a backdoor file implanted to maintain permissions after the attacker successfully invaded the website.', + ], + 'AlertDescCode' => [ + 'title' => '告警描述美杜莎code。', + 'description' => 'The internal code of the alert description.'."\n", + 'type' => 'string', + 'example' => 'security_event_config.event_name.webshell'."\n", + ], + 'AlertDetail' => [ + 'title' => '告警详情。', + 'description' => 'The details of the alert.'."\n", + 'type' => 'string', + 'example' => '{"main_user_id": "165295629792****";"log_uuid_count": "99";"attack_ip": "21.92.*.*"}', + ], + 'LogUuid' => [ + 'title' => '告警log UUID。', + 'description' => 'The UUID of the alert log.'."\n", + 'type' => 'string', + 'example' => 'cfw_d12e285a-a042-4d7e-be89-f8a795ef****', + ], + 'EntityList' => [ + 'title' => '实体详情(标准化/开启索引)', + 'description' => 'The details of the entity.'."\n", + 'type' => 'string', + 'example' => '[{"entity_user_id":"198921674491****","entity_account_id":"N/A","entity_uuid":"6245f979d5dd9ef8dd19bdc72228****","entity_type":"host","entity_name":"zhh-test-20240409","is_comprised":"1","os_type":"linux","entity_id":"a88f44dd-b8d4-4ded-831c-77a4835****","host_uuid":"a88f44dd-b8d4-4ded-831c-77a4835****","host_name":"zhh-test-2024****"}]', + ], + 'AttCk' => [ + 'title' => 'ATTCT&攻击技术标签。', + 'description' => 'The tag of the ATT\\&CK technique.'."\n", + 'type' => 'string', + 'example' => 'T1595.002 Vulnerability Scanning', + ], + 'SubUserId' => [ + 'title' => '产生告警阿里账号ID。', + 'description' => 'The ID of the Alibaba Cloud account within which the alert is generated.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '176555323***', + ], + 'SubUserName' => [ + 'title' => '产生告警阿里账号ID。', + 'type' => 'string', + 'example' => '176555323***', + ], + 'CloudCode' => [ + 'title' => '云code。 取值:'."\n" + .'- aliyun:阿里云'."\n" + .'- qcloud:腾讯云'."\n" + .'- hcloud:华为云', + 'description' => 'The code of the cloud service provider. Valid values:'."\n" + ."\n" + .'* aliyun: Alibaba Cloud.'."\n" + .'* qcloud: Tencent Cloud.'."\n" + .'* hcloud: Huawei Cloud.'."\n", + 'type' => 'string', + 'example' => 'aliyun', + ], + 'IsDefend' => [ + 'title' => '是否已防御', + 'description' => 'Indicates whether an attack is defended against. Valid values:'."\n" + ."\n" + .'* 0: detected.'."\n" + .'* 1: blocked.'."\n", + 'type' => 'string', + 'example' => '1', + ], + 'AlertInfoList' => [ + 'title' => '告警详细数据。', + 'description' => 'The displayed details of the alert.'."\n", + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'Key' => [ + 'title' => '告警详细属性key。', + 'description' => 'The attribute key.'."\n", + 'type' => 'string', + 'example' => 'suspicious.wbd.wb.trojanpath', + ], + 'KeyName' => [ + 'title' => '告警详细数据名称。', + 'description' => 'The name of the key.'."\n", + 'type' => 'string', + 'example' => 'Trojan Path'."\n", + ], + 'Values' => [ + 'title' => '告警详细数据值。', + 'description' => 'The value of the key.'."\n", + 'type' => 'string', + 'example' => '/root/test33.php', + ], + ], + ], + 'example' => 'aliyun', + ], + 'ExtendContent' => [ + 'type' => 'string', + ], + 'ProductId' => [ + 'type' => 'string', + ], + 'VendorId' => [ + 'type' => 'string', + ], + 'DetectionRuleId' => [ + 'type' => 'string', + ], + ], + ], + ], + ], + 'example' => '123456', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorMessage' => 'The request processing has failed due to some unknown error.', + 'errorCode' => 'InternalError', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\",\\n \\"Data\\": {\\n \\"PageInfo\\": {\\n \\"CurrentPage\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 100\\n },\\n \\"ResponseData\\": [\\n {\\n \\"Id\\": 123456789,\\n \\"GmtCreate\\": \\"2021-01-06 16:37:29\\",\\n \\"GmtModified\\": \\"2021-01-06 16:37:29\\",\\n \\"MainUserId\\": 0,\\n \\"IncidentUuid\\": \\"85ea4241-798f-4684-a876-65d4f0c3****\\",\\n \\"AlertUuid\\": \\"sas_71e24437d2797ce8fc59692905a4****\\",\\n \\"LogTime\\": \\"2021-01-06 16:37:29\\",\\n \\"AlertSrcProd\\": \\"sas\\",\\n \\"AlertTitle\\": \\"Scan-Try SNMP weak password\\",\\n \\"AlertTitleEn\\": \\"Scan-Try SNMP weak password\\",\\n \\"AlertType\\": \\"Scan\\",\\n \\"AlertTypeEn\\": \\"Scan\\",\\n \\"AlertTypeCode\\": \\"security_event_config.event_name.webshellName\\",\\n \\"AlertName\\": \\"Try SNMP weak password\\",\\n \\"AlertNameEn\\": \\"Try SNMP weak password\\",\\n \\"AlertNameCode\\": \\"security_event_config.event_name.webshell\\",\\n \\"AlertLevel\\": \\"remind\\",\\n \\"AssetList\\": \\"[\\\\n {\\\\n \\\\\\"is_main_asset\\\\\\": \\\\\\"1\\\\\\",\\\\n \\\\\\"asset_name\\\\\\": \\\\\\"47.245.*\\\\\\",\\\\n \\\\\\"port\\\\\\": \\\\\\"22\\\\\\",\\\\n \\\\\\"ip\\\\\\": \\\\\\"47.245.*\\\\\\",\\\\n \\\\\\"asset_type\\\\\\": \\\\\\"ip\\\\\\",\\\\n \\\\\\"location\\\\\\": \\\\\\"ap-southeast-1\\\\\\",\\\\n \\\\\\"asset_id\\\\\\": \\\\\\"47.245.*\\\\\\",\\\\n \\\\\\"net_connect_dir\\\\\\": \\\\\\"in\\\\\\"\\\\n }\\\\n]\\",\\n \\"OccurTime\\": \\"2021-01-06 16:37:29\\",\\n \\"StartTime\\": \\"2021-01-06 16:37:29\\",\\n \\"EndTime\\": \\"2021-01-06 16:37:29\\",\\n \\"AlertSrcProdModule\\": \\"waf\\",\\n \\"AlertDesc\\": \\"The detection model found a suspicious Webshell file on your server, which may be a backdoor file implanted to maintain permissions after the attacker successfully invaded the website.\\",\\n \\"AlertDescEn\\": \\"The detection model found a suspicious Webshell file on your server, which may be a backdoor file implanted to maintain permissions after the attacker successfully invaded the website.\\",\\n \\"AlertDescCode\\": \\"security_event_config.event_name.webshell\\\\n\\",\\n \\"AlertDetail\\": \\"{\\\\\\"main_user_id\\\\\\": \\\\\\"165295629792****\\\\\\";\\\\\\"log_uuid_count\\\\\\": \\\\\\"99\\\\\\";\\\\\\"attack_ip\\\\\\": \\\\\\"21.92.*.*\\\\\\"}\\",\\n \\"LogUuid\\": \\"cfw_d12e285a-a042-4d7e-be89-f8a795ef****\\",\\n \\"EntityList\\": \\"[{"entity_user_id":"198921674491****","entity_account_id":"N/A","entity_uuid":"6245f979d5dd9ef8dd19bdc72228****","entity_type":"host","entity_name":"zhh-test-20240409","is_comprised":"1","os_type":"linux","entity_id":"a88f44dd-b8d4-4ded-831c-77a4835****","host_uuid":"a88f44dd-b8d4-4ded-831c-77a4835****","host_name":"zhh-test-2024****"}]\\",\\n \\"AttCk\\": \\"T1595.002 Vulnerability Scanning\\",\\n \\"SubUserId\\": 0,\\n \\"SubUserName\\": \\"176555323***\\",\\n \\"CloudCode\\": \\"aliyun\\",\\n \\"IsDefend\\": \\"1\\",\\n \\"AlertInfoList\\": [\\n {\\n \\"Key\\": \\"suspicious.wbd.wb.trojanpath\\",\\n \\"KeyName\\": \\"Trojan Path\\\\n\\",\\n \\"Values\\": \\"/root/test33.php\\"\\n }\\n ],\\n \\"ExtendContent\\": \\"{\\\\\\"main_user_id\\\\\\": \\\\\\"165295629792****\\\\\\";\\\\\\"log_uuid_count\\\\\\": \\\\\\"99****\\\\\\"}\\",\\n \\"ProductId\\": \\"alibaba_cloud_sas\\",\\n \\"VendorId\\": \\"aliyun\\",\\n \\"DetectionRuleId\\": \\"dr-48zs4tk7qfd4rjd9****\\"\\n }\\n ]\\n }\\n}","type":"json"}]', + 'title' => 'DescribeAlertsWithEvent', + ], + 'DescribeAlertSourceWithEvent' => [ + 'summary' => 'Queries the data sources of the alert that is associated with an event.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'https', + 'http', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'riskType' => 'none', + 'chargeType' => 'free', + ], + 'parameters' => [ + [ + 'name' => 'IncidentUuid', + 'in' => 'formData', + 'schema' => [ + 'title' => '事件全局唯一id。', + 'description' => 'The UUID of the event.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '85ea4241-798f-4684-a876-65d4f0c3****', + ], + ], + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The type of the view. Valid values:'."\n" + .'- 0: the current Alibaba Cloud account'."\n" + .'- 1: the global account', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The ID of the account that you switch from the management account.', + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '113091674488****', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the region where your assets reside. Valid values:'."\n" + ."\n" + .'* Valid values: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'BaseResponse<List<AlertSource>>', + 'description' => 'BaseResponse\\<List>'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'SourceName' => [ + 'title' => '告警数据源名称。', + 'description' => 'The name of the alert data source.'."\n", + 'type' => 'string', + 'example' => 'sas', + ], + 'Source' => [ + 'title' => '告警数据源名称美杜莎code。', + 'description' => 'The internal code of the alert data source.'."\n", + 'type' => 'string', + 'example' => 'aliyun.siem.alert_datasource.sas', + ], + ], + ], + 'example' => '123456', + ], + 'Success' => [ + 'title' => '请求是否成功。取值:'."\n" + .'- true:成功'."\n" + .'- false:失败', + 'description' => 'Indicates whether the request was successful. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'Code' => [ + 'title' => '请求状态码。', + 'description' => 'The HTTP status code.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '200', + ], + 'Message' => [ + 'title' => '请求返回消息。', + 'description' => 'The returned message.'."\n", + 'type' => 'string', + 'example' => 'success', + ], + 'RequestId' => [ + 'title' => '请求id。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorMessage' => 'The request processing has failed due to some unknown error.', + 'errorCode' => 'InternalError', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"SourceName\\": \\"sas\\",\\n \\"Source\\": \\"aliyun.siem.alert_datasource.sas\\"\\n }\\n ],\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', + 'title' => 'DescribeAlertSourceWithEvent', + ], + 'DescribeAlertType' => [ + 'summary' => 'Queries the threat types that you can select when you create a custom rule.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'https', + 'http', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'riskType' => 'none', + 'chargeType' => 'free', + ], + 'parameters' => [ + [ + 'name' => 'RuleType', + 'in' => 'formData', + 'schema' => [ + 'title' => '规则类型。 取值:'."\n" + .'- predefine:预定义'."\n" + .'- customize:自定义', + 'description' => 'The type of rule. Valid values:'."\n" + .'- predefine: the defined rule by system'."\n" + .'- customize: the customed rule by user', + 'type' => 'string', + 'required' => false, + 'example' => 'customize', + ], + ], + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The type of the view. Valid values:'."\n" + .'- 0: the current Alibaba Cloud account'."\n" + .'- 1: the global account', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The ID of the account that you switch from the management account.', + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '113091674488****', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'PlainResponse<List<AlertType>>', + 'description' => 'PlainResponse\\<List>'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'AlertType' => [ + 'title' => '威胁类型。', + 'description' => 'The type of the risk.'."\n", + 'type' => 'string', + 'example' => 'WEBSHELL', + ], + 'AlertTypeMds' => [ + 'title' => '威胁类型美杜莎code。', + 'description' => 'The internal code of the risk type.'."\n", + 'type' => 'string', + 'example' => 'siem_rule_type_process_abnormal_command', + ], + ], + ], + 'example' => '123456', + ], + 'Success' => [ + 'title' => '请求是否成功。取值:'."\n" + .'- true:成功'."\n" + .'- false:失败', + 'description' => 'Indicates whether the request was successful. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'Code' => [ + 'title' => '请求状态码。', + 'description' => 'The HTTP status code.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '200', + ], + 'Message' => [ + 'title' => '请求返回消息。', + 'description' => 'The returned message.'."\n", + 'type' => 'string', + 'example' => 'success', + ], + 'RequestId' => [ + 'title' => '请求id。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorMessage' => 'The request processing has failed due to some unknown error.', + 'errorCode' => 'InternalError', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"AlertType\\": \\"WEBSHELL\\",\\n \\"AlertTypeMds\\": \\"siem_rule_type_process_abnormal_command\\"\\n }\\n ],\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', + 'title' => 'DescribeAlertType', + ], + 'DeleteCustomizeRule' => [ + 'summary' => 'Deletes a rule by rule ID.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'https', + 'http', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'delete', + 'riskType' => 'none', + 'chargeType' => 'free', + ], + 'parameters' => [ + [ + 'name' => 'RuleId', + 'in' => 'formData', + 'schema' => [ + 'title' => '自定义规则ID。', + 'description' => 'The ID of the rule.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '123456789', + ], + ], + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The type of the view. Valid values:'."\n" + .'- 0: the current Alibaba Cloud account'."\n" + .'- 1: the global account', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The ID of the account that you switch from the management account.', + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '113091674488****', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the service is deployed.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-shanghai', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'BaseResponse<Integer>', + 'description' => 'BaseResponse'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '123456', + ], + 'Success' => [ + 'title' => '请求是否成功。取值:'."\n" + .'- true:成功'."\n" + .'- false:失败', + 'description' => 'Indicates whether the request was successful. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'Code' => [ + 'title' => '请求状态码。', + 'description' => 'The HTTP status code that is returned.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '200', + ], + 'Message' => [ + 'title' => '请求返回消息。', + 'description' => 'The returned message.'."\n", + 'type' => 'string', + 'example' => 'success', + ], + 'RequestId' => [ + 'title' => '请求id。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'CloudSiemCustomizeRuleDeleteExcepiton', + 'errorMessage' => 'can not delete online customize rule.', + ], + ], + 500 => [ + [ + 'errorMessage' => 'The request processing has failed due to some unknown error.', + 'errorCode' => 'InternalError', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": 123456,\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', + 'title' => 'DeleteCustomizeRule', + ], + 'DescribeAggregateFunction' => [ + 'summary' => 'Queries the aggregate functions that are supported for a custom rule.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'https', + 'http', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'riskType' => 'none', + 'chargeType' => 'free', + ], + 'parameters' => [ + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The type of the view. Valid values:'."\n" + .'- 0: the current Alibaba Cloud account'."\n" + .'- 1: the global account', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The ID of the account that you switch from the management account.', + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '113091674488****', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'PlainResponse<List<RuleAggregateFunction>>', + 'description' => 'PlainResponse\\<List>'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'Function' => [ + 'title' => '聚合函数。', + 'description' => 'The aggregate function.'."\n", + 'type' => 'string', + 'example' => 'count', + ], + 'FunctionName' => [ + 'title' => '聚合函数显示名称。', + 'description' => 'The display name of the aggregate function.'."\n", + 'type' => 'string', + 'example' => 'Count', + ], + ], + ], + 'example' => '123456', + ], + 'Success' => [ + 'title' => '请求是否成功。取值:'."\n" + .'- true:成功'."\n" + .'- false:失败', + 'description' => 'Indicates whether the request was successful. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'Code' => [ + 'title' => '请求状态码。', + 'description' => 'The HTTP status code.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '200', + ], + 'Message' => [ + 'title' => '请求返回消息。', + 'description' => 'The returned message.'."\n", + 'type' => 'string', + 'example' => 'success', + ], + 'RequestId' => [ + 'title' => '请求id。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorMessage' => 'The request processing has failed due to some unknown error.', + 'errorCode' => 'InternalError', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"Function\\": \\"count\\",\\n \\"FunctionName\\": \\"Count\\"\\n }\\n ],\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', + 'title' => 'DescribeAggregateFunction', + ], + 'DescribeCustomizeRuleCount' => [ + 'summary' => 'Queries the number of custom rules.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'https', + 'http', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'riskType' => 'none', + 'chargeType' => 'free', + ], + 'parameters' => [ + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The type of the view. Valid values:'."\n" + .'- 0: the current Alibaba Cloud account'."\n" + .'- 1: the global account', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The ID of the account that you switch from the management account.', + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '113091674488****', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The data management center of the threat analysis feature. Specify this parameter based on the region in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions inside China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'PlainResponse<CustomizeRuleCounter>', + 'description' => 'PlainResponse'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'object', + 'properties' => [ + 'InUseRuleNum' => [ + 'title' => '全部规则数。', + 'description' => 'The total number of rules.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '20', + ], + 'HighRuleNum' => [ + 'title' => '高危规则数。', + 'description' => 'The number of rules that are used to identify high-risk threats.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '12', + ], + 'MediumRuleNum' => [ + 'title' => '中危规则数。', + 'description' => 'The number of rules that are used to identify medium-risk threats.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '5', + ], + 'LowRuleNum' => [ + 'title' => '低危规则数。', + 'description' => 'The number of rules that are used to identify low-risk threats.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '3', + ], + 'TotalRuleNum' => [ + 'title' => '总规则数', + 'description' => '总规则数。', + 'type' => 'integer', + 'format' => 'int32', + 'example' => '10', + ], + 'CustomizeRuleNum' => [ + 'title' => '自定义规则数', + 'description' => '自定义规则数。', + 'type' => 'integer', + 'format' => 'int32', + 'example' => '10', + ], + 'PredefinedRuleNum' => [ + 'title' => '预定义规则数', + 'description' => '预定义规则数。', + 'type' => 'integer', + 'format' => 'int32', + 'example' => '10', + ], + 'UnEventRuleNum' => [ + 'title' => '不产生事件规则数', + 'description' => '不产生事件规则数。', + 'type' => 'integer', + 'format' => 'int32', + 'example' => '3', + ], + 'ExpertRuleNum' => [ + 'title' => '专家规则数', + 'description' => '专家规则数。', + 'type' => 'integer', + 'format' => 'int32', + 'example' => '7', + ], + 'GraphComputingRuleNum' => [ + 'title' => '图计算规则数', + 'description' => '图计算规则数。', + 'type' => 'integer', + 'format' => 'int32', + 'example' => '2', + ], + 'SingleAlertRuleNum' => [ + 'title' => '告警透传规则数', + 'description' => '告警透传规则数。', + 'type' => 'integer', + 'format' => 'int32', + 'example' => '3', + ], + 'AggregationRuleNum' => [ + 'title' => '同类聚合规则数', + 'description' => '同类聚合规则数。', + 'type' => 'integer', + 'format' => 'int32', + 'example' => '3', + ], + ], + 'example' => '123456', + ], + 'Success' => [ + 'title' => '请求是否成功。取值:'."\n" + .'- true:成功'."\n" + .'- false:失败', + 'description' => 'Indicates whether the request was successful. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'Code' => [ + 'title' => '请求状态码。', + 'description' => 'The HTTP status code that is returned.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '200', + ], + 'Message' => [ + 'title' => '请求返回消息。', + 'description' => 'The returned message.'."\n", + 'type' => 'string', + 'example' => 'success', + ], + 'RequestId' => [ + 'title' => '请求id。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorMessage' => 'The request processing has failed due to some unknown error.', + 'errorCode' => 'InternalError', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"InUseRuleNum\\": 20,\\n \\"HighRuleNum\\": 12,\\n \\"MediumRuleNum\\": 5,\\n \\"LowRuleNum\\": 3,\\n \\"TotalRuleNum\\": 10,\\n \\"CustomizeRuleNum\\": 10,\\n \\"PredefinedRuleNum\\": 10,\\n \\"UnEventRuleNum\\": 3,\\n \\"ExpertRuleNum\\": 7,\\n \\"GraphComputingRuleNum\\": 2,\\n \\"SingleAlertRuleNum\\": 3,\\n \\"AggregationRuleNum\\": 3\\n },\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', + 'title' => 'DescribeCustomizeRuleCount', + ], + 'DescribeCustomizeRuleTest' => [ + 'summary' => 'Queries the historical simulation data that is used in a simulation test scenario.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'https', + 'http', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'riskType' => 'none', + 'chargeType' => 'free', + ], + 'parameters' => [ + [ + 'name' => 'Id', + 'in' => 'formData', + 'schema' => [ + 'title' => '自定义规则ID。', + 'description' => 'The ID of the rule.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '123456789', + ], + ], + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The type of the view. Valid values:'."\n" + .'- 0: the current Alibaba Cloud account'."\n" + .'- 1: the global account', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The ID of the account that you switch from the management account.', + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '113091674488****', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'BaseResponse<CustomizeRuleTest>', + 'description' => 'BaseResponse'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'object', + 'properties' => [ + 'Id' => [ + 'title' => '自定义规则ID。', + 'description' => 'The ID of the rule.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '123456789', + ], + 'Status' => [ + 'title' => '规则状态。 取值:'."\n" + .'- 0:初始状态'."\n" + .'- 10:模拟数据测试'."\n" + .'- 15:业务数据测试中'."\n" + .'- 20:业务数据测试结束'."\n" + .'- 100:规则上线', + 'description' => 'The status of the rule. Valid values:'."\n" + ."\n" + .'* 0: The rule is in the initial state.'."\n" + .'* 10: The simulation data is tested.'."\n" + .'* 15: The business data is being tested.'."\n" + .'* 20: The business data test ends.'."\n" + .'* 100: The rule takes effect.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '0', + ], + 'SimulateData' => [ + 'title' => '模拟测试历史用例数据。', + 'description' => 'The historical data that is used in the simulation test.'."\n", + 'type' => 'string', + 'example' => '[{"key1":"value1","key2":"value2","key3":"value3","key4":"value4","key5":"value5"}]', + ], + ], + 'example' => '123456', + ], + 'Success' => [ + 'title' => '请求是否成功。取值:'."\n" + .'- true:成功'."\n" + .'- false:失败', + 'description' => 'Indicates whether the request was successful. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'Code' => [ + 'title' => '请求状态码。', + 'description' => 'The HTTP status code.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '200', + ], + 'Message' => [ + 'title' => '请求返回消息。', + 'description' => 'The returned message.'."\n", + 'type' => 'string', + 'example' => 'success', + ], + 'RequestId' => [ + 'title' => '请求id。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorMessage' => 'The request processing has failed due to some unknown error.', + 'errorCode' => 'InternalError', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"Id\\": 123456789,\\n \\"Status\\": 0,\\n \\"SimulateData\\": \\"[{\\\\\\"key1\\\\\\":\\\\\\"value1\\\\\\",\\\\\\"key2\\\\\\":\\\\\\"value2\\\\\\",\\\\\\"key3\\\\\\":\\\\\\"value3\\\\\\",\\\\\\"key4\\\\\\":\\\\\\"value4\\\\\\",\\\\\\"key5\\\\\\":\\\\\\"value5\\\\\\"}]\\"\\n },\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', + 'title' => 'DescribeCustomizeRuleTest', + ], + 'DescribeCustomizeRuleTestHistogram' => [ + 'summary' => 'Queries the chart that displays the test results of business data for a custom rule.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'https', + 'http', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'riskType' => 'none', + 'chargeType' => 'free', + ], + 'parameters' => [ + [ + 'name' => 'Id', + 'in' => 'formData', + 'schema' => [ + 'title' => '自定义规则ID。', + 'description' => 'The ID of the rule.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '123456789', + ], + ], + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The type of the view. Valid values:'."\n" + .'- 0: the current Alibaba Cloud account'."\n" + .'- 1: the global account', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The ID of the account that you switch from the management account.', + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '113091674488****', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'BaseResponse<List<CustomizeRuleAlertHistogram>>', + 'description' => 'BaseResponse\\<List>'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The return value for the request.'."\n", + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'From' => [ + 'title' => '告警时间区间的开始时间戳 单位:秒。', + 'description' => 'The start of the time range for querying alerts. The value is a UNIX timestamp. Unit: seconds.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '1599897188', + ], + 'To' => [ + 'title' => '告警时间区间的结束时间戳 单位:秒。', + 'description' => 'The end of the time range for querying alerts. The value is a UNIX timestamp. Unit: seconds.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '1599997188', + ], + 'Count' => [ + 'title' => '当前查询结果在该子时间区间内产生的告警数。', + 'description' => 'The number of alerts that are generated in the query time range.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '125', + ], + ], + ], + 'example' => '123456', + ], + 'Success' => [ + 'title' => '请求是否成功。取值:'."\n" + .'- true:成功'."\n" + .'- false:失败', + 'description' => 'Indicates whether the request was successful. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'Code' => [ + 'title' => '请求状态码。', + 'description' => 'The HTTP status code.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '200', + ], + 'Message' => [ + 'title' => '请求返回消息。', + 'description' => 'The returned message.'."\n", + 'type' => 'string', + 'example' => 'success', + ], + 'RequestId' => [ + 'title' => '请求id。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorMessage' => 'The request processing has failed due to some unknown error.', + 'errorCode' => 'InternalError', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"From\\": 1599897188,\\n \\"To\\": 1599997188,\\n \\"Count\\": 125\\n }\\n ],\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', + 'title' => 'DescribeCustomizeRuleTestHistogram', + ], + 'DescribeLogFields' => [ + 'summary' => 'Queries the fields that can be configured for a custom rule.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'https', + 'http', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'riskType' => 'none', + 'chargeType' => 'free', + ], + 'parameters' => [ + [ + 'name' => 'LogType', + 'in' => 'formData', + 'schema' => [ + 'title' => '规则对应的日志源。', + 'description' => 'The log type of the rule.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cloud_siem_aegis_sas_alert', + ], + ], + [ + 'name' => 'LogSource', + 'in' => 'formData', + 'schema' => [ + 'title' => '规则对应的日志源。', + 'description' => 'The log source of the rule.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cloud_siem_aegis_sas_alert', + ], + ], + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The type of the view. Valid values:'."\n" + .'- 0: the current Alibaba Cloud account'."\n" + .'- 1: the global account', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The ID of the account that you switch from the management account.', + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '113091674488****', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'PlainResponse<List<CustomizeRuleField>>', + 'description' => 'PlainResponse\\<List>'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'FieldName' => [ + 'title' => '规则字段名称。', + 'description' => 'The name of the field.'."\n", + 'type' => 'string', + 'example' => 'activity_name', + ], + 'FieldDesc' => [ + 'title' => '字段描述美杜莎code。', + 'description' => 'The internal code of the field description.'."\n", + 'type' => 'string', + 'example' => 'sas.cloudsiem.prod.activity_name', + ], + 'LogCode' => [ + 'title' => '字段所属日志源。', + 'description' => 'The log source to which the field belongs.'."\n", + 'type' => 'string', + 'example' => 'cloud_siem_aegis_sas_alert', + ], + 'ActivityName' => [ + 'title' => '字段所属日志类型。', + 'description' => 'The type of the log to which the field belongs.'."\n", + 'type' => 'string', + 'example' => 'HTTP_ACTIVITY', + ], + 'FieldType' => [ + 'title' => '字段数据类型。 取值:'."\n" + .'- varchar:字符串'."\n" + .'- bigint:数字', + 'description' => 'The data type of the field. Valid values:'."\n" + ."\n" + .'* varchar'."\n" + .'* bigint'."\n", + 'type' => 'string', + 'example' => 'varchar', + ], + ], + ], + 'example' => '123456', + ], + 'Success' => [ + 'title' => '请求是否成功。取值:'."\n" + .'- true:成功'."\n" + .'- false:失败', + 'description' => 'Indicates whether the request was successful. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'Code' => [ + 'title' => '请求状态码。', + 'description' => 'The HTTP status code.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '200', + ], + 'Message' => [ + 'title' => '请求返回消息。', + 'description' => 'The returned message.'."\n", + 'type' => 'string', + 'example' => 'success', + ], + 'RequestId' => [ + 'title' => '请求id。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorMessage' => 'The request processing has failed due to some unknown error.', + 'errorCode' => 'InternalError', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"FieldName\\": \\"activity_name\\",\\n \\"FieldDesc\\": \\"sas.cloudsiem.prod.activity_name\\",\\n \\"LogCode\\": \\"cloud_siem_aegis_sas_alert\\",\\n \\"ActivityName\\": \\"HTTP_ACTIVITY\\",\\n \\"FieldType\\": \\"varchar\\"\\n }\\n ],\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', + 'title' => 'DescribeLogFields', + ], + 'DescribeLogSource' => [ + 'summary' => 'Queries the log sources that can be configured for a custom rule.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'https', + 'http', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'riskType' => 'none', + 'chargeType' => 'free', + ], + 'parameters' => [ + [ + 'name' => 'LogType', + 'in' => 'formData', + 'schema' => [ + 'title' => '规则对应的日志类型。', + 'description' => 'The log type of the rule.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'HTTP_ACTIVITY', + ], + ], + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The type of the view. Valid values:'."\n" + .'- 0: the current Alibaba Cloud account'."\n" + .'- 1: the global account', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The ID of the account that you switch from the management account.', + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '113091674488****', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'PlainResponse<List<LogSource>>', + 'description' => 'PlainResponse\\<List>'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'LogSource' => [ + 'title' => '规则对应的日志源。', + 'description' => 'The log source of the rule.'."\n", + 'type' => 'string', + 'example' => 'cloud_siem_aegis_sas_alert', + ], + 'LogSourceName' => [ + 'title' => '规则对应的日志源美杜莎code。', + 'description' => 'The internal code of the log source.'."\n", + 'type' => 'string', + 'example' => 'sas.cloudsiem.prod.cloud_siem_aegis_sas_alert', + ], + ], + ], + 'example' => '123456', + ], + 'Success' => [ + 'title' => '请求是否成功。取值:'."\n" + .'- true:成功'."\n" + .'- false:失败', + 'description' => 'Indicates whether the request was successful. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'Code' => [ + 'title' => '请求状态码。', + 'description' => 'The HTTP status code.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '200', + ], + 'Message' => [ + 'title' => '请求返回消息。', + 'description' => 'The returned message.'."\n", + 'type' => 'string', + 'example' => 'success', + ], + 'RequestId' => [ + 'title' => '请求id。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorMessage' => 'The request processing has failed due to some unknown error.', + 'errorCode' => 'InternalError', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"LogSource\\": \\"cloud_siem_aegis_sas_alert\\",\\n \\"LogSourceName\\": \\"sas.cloudsiem.prod.cloud_siem_aegis_sas_alert\\"\\n }\\n ],\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', + 'title' => 'DescribeLogSource', + ], + 'DescribeLogType' => [ + 'summary' => 'Queries the log types that can be configured for a custom rule.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'https', + 'http', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'riskType' => 'none', + 'chargeType' => 'free', + ], + 'parameters' => [ + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The type of the view. Valid values:'."\n" + .'- 0: the current Alibaba Cloud account'."\n" + .'- 1: the global account', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The ID of the account that you switch from the management account.', + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '113091674488****', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'PlainResponse<List<LogType>>', + 'description' => 'PlainResponse\\<List>'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'LogType' => [ + 'title' => '规则对应的日志类型。', + 'description' => 'The log type of the rule.'."\n", + 'type' => 'string', + 'example' => 'HTTP_ACTIVITY', + ], + 'LogTypeName' => [ + 'title' => '日志类型名称美杜莎code。', + 'description' => 'The internal code of the log type.'."\n", + 'type' => 'string', + 'example' => 'sas.cloudsiem.prod.http_activity', + ], + ], + ], + 'example' => '123456', + ], + 'Success' => [ + 'title' => '请求是否成功。取值:'."\n" + .'- true:成功'."\n" + .'- false:失败', + 'description' => 'Indicates whether the request was successful. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'Code' => [ + 'title' => '请求状态码。', + 'description' => 'The HTTP status code.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '200', + ], + 'Message' => [ + 'title' => '请求返回消息。', + 'description' => 'The returned message.'."\n", + 'type' => 'string', + 'example' => 'success', + ], + 'RequestId' => [ + 'title' => '请求id。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorMessage' => 'The request processing has failed due to some unknown error.', + 'errorCode' => 'InternalError', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"LogType\\": \\"HTTP_ACTIVITY\\",\\n \\"LogTypeName\\": \\"sas.cloudsiem.prod.http_activity\\"\\n }\\n ],\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', + 'title' => 'DescribeLogType', + ], + 'DescribeOperators' => [ + 'summary' => 'Queries the operator of a custom rule.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'https', + 'http', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'riskType' => 'none', + 'chargeType' => 'free', + ], + 'parameters' => [ + [ + 'name' => 'SceneType', + 'in' => 'formData', + 'schema' => [ + 'title' => '操作符使用场景类型。 取值:'."\n" + .'- 不传:默认场景'."\n" + .'- AGGREGATE:聚合函数场景', + 'description' => 'The type of the scenario in which the operator is used. Valid values:'."\n" + ."\n" + .'* If you do not specify this parameter, the default scenario is used.'."\n" + .'* AGGREGATE: AGGREGATE scenario.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'AGGREGATE', + ], + ], + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The type of the view. Valid values:'."\n" + .'- 0: the current Alibaba Cloud account'."\n" + .'- 1: the global account', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The ID of the account that you switch from the management account.', + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '113091674488****', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'PlainResponse<List<CustomizeRuleOperator>>', + 'description' => 'PlainResponse\\<List>'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'Operator' => [ + 'title' => '操作符。', + 'description' => 'The operator.'."\n", + 'type' => 'string', + 'example' => '<=', + ], + 'OperatorName' => [ + 'title' => '操作符显示名称。', + 'description' => 'The name of the operator.'."\n", + 'type' => 'string', + 'example' => '<=', + ], + 'OperatorDescCn' => [ + 'title' => '操作符中文描述。', + 'description' => 'The description of the operator in Chinese.'."\n", + 'type' => 'string', + 'example' => 'arger than or equal to', + ], + 'OperatorDescEn' => [ + 'title' => '操作符英文描述。', + 'description' => 'The description of the operator in English.'."\n", + 'type' => 'string', + 'example' => 'larger than or equal to', + ], + 'SupportDataType' => [ + 'title' => '当前操作符可以支持的数据类型 以逗号分隔。', + 'description' => 'The data types that are supported by the operator. The data types are separated by commas (,).'."\n", + 'type' => 'string', + 'example' => 'varchar', + ], + 'SupportTag' => [ + 'title' => '操作符支持场景 多个场景以逗号分隔 如聚合(AGGREGATE)等 默认为空。', + 'description' => 'The scenarios that are supported by the operator. Multiple scenarios are separated by commas (,), such as AGGREGATE scenarios. By default, this parameter is empty.'."\n", + 'type' => 'array', + 'items' => [ + 'description' => 'The scenario that is supported by the operator. Multiple scenarios are separated by commas (,), such as AGGREGATE scenarios. By default, this parameter is empty.'."\n", + 'type' => 'string', + 'example' => '[AGGREGATE]', + ], + 'example' => '[AGGREGATE]', + ], + 'Index' => [ + 'title' => '操作符所处操作符列表位置。', + 'description' => 'The position of the operator in the operator list.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '3', + ], + ], + ], + 'example' => '123456', + ], + 'Success' => [ + 'title' => '请求是否成功。取值:'."\n" + .'- true:成功'."\n" + .'- false:失败', + 'description' => 'Indicates whether the request was successful. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'Code' => [ + 'title' => '请求状态码。', + 'description' => 'The HTTP status code.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '200', + ], + 'Message' => [ + 'title' => '请求返回消息。', + 'description' => 'The returned message.'."\n", + 'type' => 'string', + 'example' => 'success', + ], + 'RequestId' => [ + 'title' => '请求id。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorMessage' => 'The request processing has failed due to some unknown error.', + 'errorCode' => 'InternalError', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"Operator\\": \\"<=\\",\\n \\"OperatorName\\": \\"<=\\",\\n \\"OperatorDescCn\\": \\"arger than or equal to\\",\\n \\"OperatorDescEn\\": \\"larger than or equal to\\",\\n \\"SupportDataType\\": \\"varchar\\",\\n \\"SupportTag\\": [\\n \\"[AGGREGATE]\\"\\n ],\\n \\"Index\\": 3\\n }\\n ],\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', + 'title' => 'DescribeOperators', + ], + 'ListCloudSiemCustomizeRules' => [ + 'summary' => 'Queries custom rules.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'https', + 'http', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'list', + 'riskType' => 'none', + 'chargeType' => 'free', + ], + 'parameters' => [ + [ + 'name' => 'Id', + 'in' => 'formData', + 'schema' => [ + 'title' => '规则ID。', + 'description' => 'The ID of the custom rule.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '10223', + ], + ], + [ + 'name' => 'StartTime', + 'in' => 'formData', + 'schema' => [ + 'title' => '查询开始时间, 单位毫秒。', + 'description' => 'The beginning of the time range to query. Unit: milliseconds.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '1577808000000', + ], + ], + [ + 'name' => 'EndTime', + 'in' => 'formData', + 'schema' => [ + 'title' => '查询结束时间, 单位毫秒。', + 'description' => 'The end of the time range to query. Unit: milliseconds.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '1577808000000', + ], + ], + [ + 'name' => 'ThreatLevel', + 'in' => 'formData', + 'style' => 'repeatList', + 'schema' => [ + 'title' => '威胁等级,格式为json数组。取值:'."\n" + .'- serious:高危'."\n" + .'- suspicious:中危'."\n" + .'- remind:低危', + 'description' => 'The threat level. The value must be a JSON array. Valid values:'."\n" + ."\n" + .'* **serious**: high-risk.'."\n" + .'* **suspicious**: medium-risk.'."\n" + .'* **remind**: low-risk.'."\n", + 'type' => 'array', + 'items' => [ + 'description' => 'The threat level. The value must be a JSON array. Valid values:'."\n" + ."\n" + .'* **serious**: high-risk.'."\n" + .'* **suspicious**: medium-risk.'."\n" + .'* **remind**: low-risk.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '["remind","serious"]'."\n", + ], + 'required' => false, + 'example' => '["serious","suspicious","remind"]', + 'maxItems' => 100, + ], + ], + [ + 'name' => 'AlertType', + 'in' => 'formData', + 'schema' => [ + 'title' => '告警类型。', + 'description' => 'The alert type.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'scan', + ], + ], + [ + 'name' => 'RuleName', + 'in' => 'formData', + 'schema' => [ + 'title' => '规则名称, 仅支持字母、数字、下划线、点。', + 'description' => 'The name of the rule. The name can contain letters, digits, underscores (\\_), and periods (.).'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'waf_scan', + ], + ], + [ + 'name' => 'RuleType', + 'in' => 'formData', + 'schema' => [ + 'title' => '规则类型。 取值:'."\n" + .'- predefine:预定义'."\n" + .'- customize:自定义', + 'description' => 'The type of the rule. Valid values:'."\n" + ."\n" + .'* **predefine**'."\n" + .'* **customize**'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'customize', + ], + ], + [ + 'name' => 'Status', + 'in' => 'formData', + 'schema' => [ + 'title' => '规则状态。 取值:'."\n" + .'- 0:初始状态'."\n" + .'- 10:模拟数据测试'."\n" + .'- 15:业务数据测试中'."\n" + .'- 20:业务数据测试结束'."\n" + .'- 100:规则上线', + 'description' => 'The status of the rule. Valid values:'."\n" + ."\n" + .'* **0**: The rule is in the initial state.'."\n" + .'* **10**: The simulation data is tested.'."\n" + .'* **15**: The business data is being tested.'."\n" + .'* **20**: The business data test is complete.'."\n" + .'* **100**: The rule is in effect.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '0', + ], + ], + [ + 'name' => 'OrderField', + 'in' => 'formData', + 'schema' => [ + 'title' => '规则列表排列字段。 取值:'."\n" + .'- GmtModified:基于修改时间排序'."\n" + .'- Id:基于规则id排序(默认)', + 'description' => 'The field that is used to sort the rules. Valid values:'."\n" + ."\n" + .'* GmtModified: The rules are sorted based on the modification time.'."\n" + .'* Id (default): The rules are sorted based on the rule ID.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'Id', + ], + ], + [ + 'name' => 'Order', + 'in' => 'formData', + 'schema' => [ + 'title' => '事件列表排列方向。 取值:'."\n" + .'- desc:降序排列'."\n" + .'- asc:升序排列。', + 'description' => 'The sort method. Valid values:'."\n" + ."\n" + .'* desc: descending order.'."\n" + .'* asc: ascending order.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'desc', + ], + ], + [ + 'name' => 'CurrentPage', + 'in' => 'formData', + 'schema' => [ + 'title' => '列表当前页号, 大于等于1。', + 'description' => 'The page number. Pages start from page 1.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'required' => true, + 'minimum' => '1', + 'example' => '1', + ], + ], + [ + 'name' => 'PageSize', + 'in' => 'formData', + 'schema' => [ + 'title' => '列表每页条数, 最大不超过100。', + 'description' => 'The number of entries per page. The value can be up to 100.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'required' => true, + 'maximum' => '100', + 'minimum' => '1', + 'example' => '10', + ], + ], + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The type of the view. Valid values:'."\n" + ."\n" + .'* 0: view of the current Alibaba Cloud account.'."\n" + .'* 1: view of all accounts for the enterprise.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '0', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The ID of the destination account to which you switch the view from the management account.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '113091674488****', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The data management center of the threat analysis feature. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* **cn-hangzhou**: Your assets reside in regions in China.'."\n" + .'* **ap-southeast-1**: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'PageResponse<List<CloudSiemCustomizeRule>>', + 'description' => 'PageResponse\\<List>'."\n", + 'type' => 'object', + 'properties' => [ + 'Success' => [ + 'title' => '请求是否成功。取值:'."\n" + .'- true:成功'."\n" + .'- false:失败', + 'description' => 'Indicates whether the request was successful. Valid values:'."\n" + ."\n" + .'* **true**'."\n" + .'* **false**'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'Code' => [ + 'title' => '请求状态码。', + 'description' => 'The HTTP status code.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '200', + ], + 'Message' => [ + 'title' => '请求返回消息。', + 'description' => 'The returned message.'."\n", + 'type' => 'string', + 'example' => 'success', + ], + 'RequestId' => [ + 'title' => '请求id。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', + ], + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'object', + 'properties' => [ + 'PageInfo' => [ + 'title' => '分页记录。', + 'description' => 'The pagination information.'."\n", + 'type' => 'object', + 'properties' => [ + 'CurrentPage' => [ + 'title' => '列表当前页号。', + 'description' => 'The current page number.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '1', + ], + 'PageSize' => [ + 'title' => '每页返回记录数。', + 'description' => 'The number of entries per page.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '10', + ], + 'TotalCount' => [ + 'title' => '记录总数。', + 'description' => 'The total number of entries returned.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '100', + ], + ], + ], + 'ResponseData' => [ + 'title' => '详细数据。', + 'description' => 'The detailed data.'."\n", + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'Id' => [ + 'title' => '自定义规则ID。', + 'description' => 'The ID of the custom rule.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '123456789', + ], + 'GmtCreate' => [ + 'title' => '自定义规则创建时间。', + 'description' => 'The time when the custom rule was created.'."\n", + 'type' => 'string', + 'example' => '2021-01-06 16:37:29', + ], + 'GmtModified' => [ + 'title' => '自定义规则最后更新时间。', + 'description' => 'The time when the custom rule was last updated.'."\n", + 'type' => 'string', + 'example' => '2021-01-06 16:37:29', + ], + 'Aliuid' => [ + 'title' => 'siem主账号ID。', + 'description' => 'The ID of the Alibaba Cloud account in SIEM.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '127608589417****', + ], + 'RuleName' => [ + 'title' => '规则名称。', + 'description' => 'The name of the rule.'."\n", + 'type' => 'string', + 'example' => 'waf_scan', + ], + 'RuleDesc' => [ + 'title' => '规则描述。', + 'description' => 'The description of the rule.'."\n", + 'type' => 'string', + 'example' => 'this rule is for waf scan', + ], + 'RuleType' => [ + 'title' => '规则类型。 取值:'."\n" + .'- predefine:预定义'."\n" + .'- customize:自定义', + 'description' => 'The type of the rule. Valid values:'."\n" + ."\n" + .'* **predefine**'."\n" + .'* **customize**'."\n", + 'type' => 'string', + 'example' => 'customize', + ], + 'ThreatLevel' => [ + 'title' => '威胁等级。取值:'."\n" + .'- serious:高危'."\n" + .'- suspicious:中危'."\n" + .'- remind:低危', + 'description' => 'The risk level. Valid values:'."\n" + ."\n" + .'* **serious**: high-risk.'."\n" + .'* **suspicious**: medium-risk.'."\n" + .'* **remind**: low-risk.'."\n", + 'type' => 'string', + 'example' => 'remind', + ], + 'AlertType' => [ + 'title' => '威胁类型。', + 'description' => 'The type of the risk.'."\n", + 'type' => 'string', + 'example' => 'WEBSHELL', + ], + 'AlertTypeMds' => [ + 'title' => '威胁类型美杜莎code。', + 'description' => 'The internal code of the risk type.'."\n", + 'type' => 'string', + 'example' => '${siem_rule_type_process_abnormal_command}', + ], + 'LogType' => [ + 'title' => '规则对应的日志类型。', + 'description' => 'The log type of the rule.'."\n", + 'type' => 'string', + 'example' => 'ALERT_ACTIVITY', + ], + 'LogTypeMds' => [ + 'title' => '规则对应的日志类型美杜莎code。', + 'description' => 'The internal code of the log type.'."\n", + 'type' => 'string', + 'example' => '${sas.cloudsiem.prod.alert_activity}', + ], + 'LogSource' => [ + 'title' => '规则对应的日志源。', + 'description' => 'The log source of the rule.'."\n", + 'type' => 'string', + 'example' => 'cloud_siem_aegis_sas_alert', + ], + 'LogSourceMds' => [ + 'title' => '规则对应的日志源美杜莎code。', + 'description' => 'The internal code of the log source.'."\n", + 'type' => 'string', + 'example' => '${sas.cloudsiem.prod.cloud_siem_aegis_sas_alert}', + ], + 'RuleCondition' => [ + 'title' => '规则查询条件json(需要对html转义字符进行反向转义)。', + 'description' => 'The query condition of the rule. The value is in the JSON format. The HTML escape characters are reversed.'."\n", + 'type' => 'string', + 'example' => '[[{"not":false,"left":"alert_name","operator":"=","right":"WEBSHELL"}]]', + ], + 'RuleGroup' => [ + 'title' => '日志聚合字段,json数组格式(需要对html转义字符进行反向转义)。', + 'description' => 'The log aggregation field. The value is in the JSON format. The HTML escape characters are reversed.'."\n", + 'type' => 'string', + 'example' => '["asset_id"]', + ], + 'RuleThreshold' => [ + 'title' => '规则阈值配置json(需要对html转义字符进行反向转义)。', + 'description' => 'The threshold configurations of the rule in the JSON format. The HTML escape characters are reversed.'."\n", + 'type' => 'string', + 'example' => '{"aggregateFunction":"count","aggregateFunctionName":"count","field":"activity_name","operator":"<=","value":1}', + ], + 'QueryCycle' => [ + 'title' => '规则窗口长度(需要对html转义字符进行反向转义)。', + 'description' => 'The window length of the rule. The HTML escape characters are reversed.'."\n", + 'type' => 'string', + 'example' => '{"time":"1","unit":"HOUR"}', + ], + 'AttCk' => [ + 'title' => '告警附加字段attck', + 'description' => 'The alert additional field for ATT\\&CK.'."\n", + 'type' => 'string', + 'example' => 'T1595.002 Vulnerability Scanning', + ], + 'EventTransferSwitch' => [ + 'title' => '告警是否转换事件开关。 取值:'."\n" + .'- 0:不转换'."\n" + .'- 1:转换', + 'description' => 'Indicates whether the system generates an event for the alert. Valid values:'."\n" + ."\n" + .'* **0**: no.'."\n" + .'* **1**: yes.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '1', + ], + 'EventTransferType' => [ + 'title' => '事件生成方式。 取值:'."\n" + .'- default:默认内置方式'."\n" + .'- singleToSingle:每个告警生成一个事件'."\n" + .'- allToSingle:周期内告警生成一个事件', + 'description' => 'The method that is used to generate an event. Valid values:'."\n" + ."\n" + .'* **default**: built-in method.'."\n" + .'* **singleToSingle**: The system generates an event for each alert.'."\n" + .'* **allToSingle**: The system generates an event for alerts within a period of time.'."\n", + 'type' => 'string', + 'example' => 'allToSingle', + ], + 'EventTransferExt' => [ + 'title' => '事件生成扩展信息 当eventTransferType值为allToSingle该字段有值 表示告警聚合窗口的周期长度以及周期单位(需要对html转义字符进行反向转义)。', + 'description' => 'The extended information about event generation. If the value of **eventTransferType** is **allToSingle**, the value of this parameter indicates the length and unit of the alert aggregation window. The HTML escape characters are reversed.'."\n", + 'type' => 'string', + 'example' => '{"time":"1","unit":"MINUTE"}', + ], + 'Status' => [ + 'title' => '规则状态。 取值:'."\n" + .'- 0:初始状态'."\n" + .'- 10:模拟数据测试'."\n" + .'- 15:业务数据测试中'."\n" + .'- 20:业务数据测试结束'."\n" + .'- 100:规则上线', + 'description' => 'The status of the rule. Valid values:'."\n" + ."\n" + .'* **0**: The rule is in the initial state.'."\n" + .'* **10**: The simulation data is tested.'."\n" + .'* **15**: The business data is being tested.'."\n" + .'* **20**: The business data test is complete.'."\n" + .'* **100**: The rule is in effect.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '0', + ], + 'DataType' => [ + 'description' => 'The type of the view. Valid values:'."\n" + ."\n" + .'0: view of the current Alibaba Cloud account. 1: view of all accounts for the enterprise.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '1', + ], + ], + ], + ], + ], + 'example' => '123456', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorMessage' => 'The request processing has failed due to some unknown error.', + 'errorCode' => 'InternalError', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\",\\n \\"Data\\": {\\n \\"PageInfo\\": {\\n \\"CurrentPage\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 100\\n },\\n \\"ResponseData\\": [\\n {\\n \\"Id\\": 123456789,\\n \\"GmtCreate\\": \\"2021-01-06 16:37:29\\",\\n \\"GmtModified\\": \\"2021-01-06 16:37:29\\",\\n \\"Aliuid\\": 0,\\n \\"RuleName\\": \\"waf_scan\\",\\n \\"RuleDesc\\": \\"this rule is for waf scan\\",\\n \\"RuleType\\": \\"customize\\",\\n \\"ThreatLevel\\": \\"remind\\",\\n \\"AlertType\\": \\"WEBSHELL\\",\\n \\"AlertTypeMds\\": \\"${siem_rule_type_process_abnormal_command}\\",\\n \\"LogType\\": \\"ALERT_ACTIVITY\\",\\n \\"LogTypeMds\\": \\"${sas.cloudsiem.prod.alert_activity}\\",\\n \\"LogSource\\": \\"cloud_siem_aegis_sas_alert\\",\\n \\"LogSourceMds\\": \\"${sas.cloudsiem.prod.cloud_siem_aegis_sas_alert}\\",\\n \\"RuleCondition\\": \\"[[{"not":false,"left":"alert_name","operator":"=","right":"WEBSHELL"}]]\\",\\n \\"RuleGroup\\": \\"["asset_id"]\\",\\n \\"RuleThreshold\\": \\"{"aggregateFunction":"count","aggregateFunctionName":"count","field":"activity_name","operator":"<=","value":1}\\",\\n \\"QueryCycle\\": \\"{"time":"1","unit":"HOUR"}\\",\\n \\"AttCk\\": \\"T1595.002 Vulnerability Scanning\\",\\n \\"EventTransferSwitch\\": 1,\\n \\"EventTransferType\\": \\"allToSingle\\",\\n \\"EventTransferExt\\": \\"{"time":"1","unit":"MINUTE"}\\",\\n \\"Status\\": 0,\\n \\"DataType\\": 1\\n }\\n ]\\n }\\n}","type":"json"}]', + 'title' => 'ListCloudSiemCustomizeRules', + ], + 'ListCloudSiemPredefinedRules' => [ + 'summary' => 'Queries predefined rules.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'https', + 'http', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'list', + 'riskType' => 'none', + 'chargeType' => 'free', + ], + 'parameters' => [ + [ + 'name' => 'Id', + 'in' => 'formData', + 'schema' => [ + 'title' => '规则ID。', + 'description' => 'The ID of the rule.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '10223', + ], + ], + [ + 'name' => 'StartTime', + 'in' => 'formData', + 'schema' => [ + 'title' => '查询开始时间, 单位毫秒。', + 'description' => 'The beginning of the time range to query. Unit: milliseconds.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '1577808000000', + ], + ], + [ + 'name' => 'EndTime', + 'in' => 'formData', + 'schema' => [ + 'title' => '查询结束时间, 单位毫秒。', + 'description' => 'The end of the time range to query. Unit: milliseconds.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '1577808000000', + ], + ], + [ + 'name' => 'ThreatLevel', + 'in' => 'formData', + 'style' => 'repeatList', + 'schema' => [ + 'title' => '威胁等级,格式为json数组。取值:'."\n" + .'- serious:高危'."\n" + .'- suspicious:中危'."\n" + .'- remind:低危', + 'description' => 'The risk level. The value is a JSON array. Valid values:'."\n" + ."\n" + .'* serious: high'."\n" + .'* suspicious: medium'."\n" + .'* remind: low'."\n", + 'type' => 'array', + 'items' => [ + 'description' => 'The risk level. The value is a JSON string. Valid values:'."\n" + ."\n" + .'* serious: high'."\n" + .'* suspicious: medium'."\n" + .'* remind: low'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '["remind","serious"]'."\n", + ], + 'required' => false, + 'example' => '["serious","suspicious","remind"]', + 'maxItems' => 100, + ], + ], + [ + 'name' => 'AlertType', + 'in' => 'formData', + 'schema' => [ + 'title' => '告警类型。', + 'description' => 'The alert type.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'scan', + ], + ], + [ + 'name' => 'RuleName', + 'in' => 'formData', + 'schema' => [ + 'title' => '规则名称, 仅支持字母、数字、下划线、点。', + 'description' => 'The name of the rule. The name can contain letters, digits, underscores (\\_), and periods (.).'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'waf_scan', + ], + ], + [ + 'name' => 'RuleType', + 'in' => 'formData', + 'schema' => [ + 'title' => '规则类型。 取值:'."\n" + .'- predefine:预定义'."\n" + .'- customize:自定义', + 'description' => 'The type of the rule. Valid values:'."\n" + ."\n" + .'* predefine'."\n" + .'* customize'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'customize', + ], + ], + [ + 'name' => 'EventTransferType', + 'in' => 'formData', + 'schema' => [ + 'title' => '事件生成方式。 取值:'."\n" + .'- default:默认内置方式'."\n" + .'- singleToSingle:每个告警生成一个事件'."\n" + .'- allToSingle:周期内告警生成一个事件', + 'description' => 'The method that is used to generate an event. Valid values:'."\n" + ."\n" + .'* default: built-in method.'."\n" + .'* singleToSingle: The system generates an event for each alert.'."\n" + .'* allToSingle: The system generates an event for alerts within a period of time.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'allToSingle', + ], + ], + [ + 'name' => 'AttCk', + 'in' => 'formData', + 'schema' => [ + 'title' => 'att&ck。', + 'description' => 'The ATT\\&CK information.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'T1595.002 Vulnerability Scanning', + ], + ], + [ + 'name' => 'LogSource', + 'in' => 'formData', + 'schema' => [ + 'title' => '日志源。', + 'description' => 'The log source.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cloud_siem_aegis_sas_alert', + ], + ], + [ + 'name' => 'Status', + 'in' => 'formData', + 'schema' => [ + 'title' => '规则状态。 取值:'."\n" + .'- 0:初始状态'."\n" + .'- 10:模拟数据测试'."\n" + .'- 15:业务数据测试中'."\n" + .'- 20:业务数据测试结束'."\n" + .'- 100:规则上线', + 'description' => 'The status of the rule. Valid values:'."\n" + ."\n" + .'* 0: The rule is in the initial state.'."\n" + .'* 10: The simulation data is tested.'."\n" + .'* 15: The business data is being tested.'."\n" + .'* 20: The business data test ends.'."\n" + .'* 100: The rule takes effect.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '0', + ], + ], + [ + 'name' => 'OrderField', + 'in' => 'formData', + 'schema' => [ + 'title' => '规则列表排列字段。 取值:'."\n" + .'- GmtModified:基于修改时间排序'."\n" + .'- Id:基于规则id排序(默认)', + 'description' => 'The field that is used to sort the rules. Valid values:'."\n" + ."\n" + .'* GmtModified: The rules are sorted based on the modification time.'."\n" + .'* Id (default): The rules are sorted based on the rule ID.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'Id', + ], + ], + [ + 'name' => 'Order', + 'in' => 'formData', + 'schema' => [ + 'title' => '事件列表排列方向。 取值:'."\n" + .'- desc:降序排列'."\n" + .'- asc:升序排列。', + 'description' => 'The sort method. Valid values:'."\n" + ."\n" + .'* desc: descending order.'."\n" + .'* asc: ascending order.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'desc', + ], + ], + [ + 'name' => 'CurrentPage', + 'in' => 'formData', + 'schema' => [ + 'title' => '列表当前页号, 大于等于1。', + 'description' => 'The page number. Pages start from page 1.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'required' => true, + 'minimum' => '1', + 'example' => '1', + ], + ], + [ + 'name' => 'PageSize', + 'in' => 'formData', + 'schema' => [ + 'title' => '列表每页条数, 最大不超过100。', + 'description' => 'The number of entries per page. Maximum value: 100.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'required' => true, + 'maximum' => '100', + 'minimum' => '1', + 'example' => '10', + ], + ], + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The type of the view.'."\n" + ."\n" + .'* 0: view of the current Alibaba Cloud account.'."\n" + .'* 1: view of all accounts for the enterprise.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The ID of the destination account to which you switch the view from the management account.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '113091674488****', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'PageResponse<List<CloudSiemPredefinedRule>>', + 'description' => 'PageResponse\\<List>'."\n", + 'type' => 'object', + 'properties' => [ + 'Success' => [ + 'title' => '请求是否成功。取值:'."\n" + .'- true:成功'."\n" + .'- false:失败', + 'description' => 'Indicates whether the request was successful. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'Code' => [ + 'title' => '请求状态码。', + 'description' => 'The HTTP status code.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '200', + ], + 'Message' => [ + 'title' => '请求返回消息。', + 'description' => 'The returned message.'."\n", + 'type' => 'string', + 'example' => 'success', + ], + 'RequestId' => [ + 'title' => '请求id。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', + ], + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'object', + 'properties' => [ + 'PageInfo' => [ + 'title' => '分页记录。', + 'description' => 'The pagination information.'."\n", + 'type' => 'object', + 'properties' => [ + 'CurrentPage' => [ + 'title' => '列表当前页号。', + 'description' => 'The current page number.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '1', + ], + 'PageSize' => [ + 'title' => '每页返回记录数。', + 'description' => 'The number of entries per page.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '10', + ], + 'TotalCount' => [ + 'title' => '记录总数。', + 'description' => 'The total number of entries returned.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '100', + ], + ], + ], + 'ResponseData' => [ + 'title' => '详细数据。', + 'description' => 'The detailed data.'."\n", + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'Id' => [ + 'title' => '预定义规则ID。', + 'description' => 'The ID of the predefined rule.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '123456789', + ], + 'GmtCreate' => [ + 'title' => '规则创建时间。', + 'description' => 'The time when the rule was created.'."\n", + 'type' => 'string', + 'example' => '2021-01-06 16:37:29', + ], + 'GmtModified' => [ + 'title' => '规则修改时间。', + 'description' => 'The time when the rule was modified.'."\n", + 'type' => 'string', + 'example' => '2021-01-06 16:37:29', + ], + 'RuleName' => [ + 'title' => '规则名称。', + 'description' => 'The name of the rule.'."\n", + 'type' => 'string', + 'example' => 'siem_base64-command-exec_aegis-proc', + ], + 'RuleNameCn' => [ + 'title' => '规则中文名称。', + 'description' => 'The rule name in Chinese.'."\n", + 'type' => 'string', + 'example' => 'siem_base64-command-exec_aegis-proc', + ], + 'RuleNameEn' => [ + 'title' => '规则英文名称。', + 'description' => 'The rule name in English.'."\n", + 'type' => 'string', + 'example' => 'siem_base64-command-exec_aegis-proc', + ], + 'RuleNameMds' => [ + 'title' => '规则名称美杜莎code。', + 'description' => 'The internal code of the rule name.'."\n", + 'type' => 'string', + 'example' => '${siem_rule_name_siem_cfw-attack-count-level-up_cfw-attack}', + ], + 'RuleDescMds' => [ + 'title' => '规则描述美杜莎code。', + 'description' => 'The internal code of the rule description.'."\n", + 'type' => 'string', + 'example' => '${siem_rule_description_siem_cfw-attack-count-level-up_cfw-attack}', + ], + 'ThreatLevel' => [ + 'title' => '威胁等级。取值:'."\n" + .'- serious:高危'."\n" + .'- suspicious:中危'."\n" + .'- remind:低危', + 'description' => 'The risk level. Valid values:'."\n" + ."\n" + .'* serious: high.'."\n" + .'* suspicious: medium.'."\n" + .'* remind: low.'."\n", + 'type' => 'string', + 'example' => 'remind', + ], + 'AlertType' => [ + 'title' => '威胁类型。', + 'description' => 'The type of the risk.'."\n", + 'type' => 'string', + 'example' => 'WEBSHELL', + ], + 'Source' => [ + 'title' => '规则对应的日志源。', + 'description' => 'The log source of the rule.'."\n", + 'type' => 'string', + 'example' => 'cloud_siem_aegis_proc', + ], + 'EventTransferType' => [ + 'title' => '事件生成方式。 取值:'."\n" + .'- default:默认内置方式'."\n" + .'- singleToSingle:每个告警生成一个事件'."\n" + .'- allToSingle:周期内告警生成一个事件', + 'description' => 'The method that is used to generate an event. Valid values:'."\n" + ."\n" + .'* default: built-in method.'."\n" + .'* singleToSingle: The system generates an event for each alert.'."\n" + .'* allToSingle: The system generates an event for alerts within a period of time.'."\n", + 'type' => 'string', + 'example' => 'allToSingle', + ], + 'AttCk' => [ + 'title' => '告警附加字段attck', + 'description' => 'The alert additional field for ATT\\&CK.'."\n", + 'type' => 'string', + 'example' => 'T1595.002 Vulnerability Scanning', + ], + 'Status' => [ + 'title' => '预定义规则启用状态。 取值:'."\n" + .'- 0:初始状态'."\n" + .'- 100:规则上线', + 'description' => 'The status of the predefined rule. Valid values:'."\n" + ."\n" + .'* 0: The rule is in the initial state.'."\n" + .'* 100: The rule takes effect.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '0', + ], + ], + ], + ], + ], + 'example' => '123456', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorMessage' => 'The request processing has failed due to some unknown error.', + 'errorCode' => 'InternalError', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\",\\n \\"Data\\": {\\n \\"PageInfo\\": {\\n \\"CurrentPage\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 100\\n },\\n \\"ResponseData\\": [\\n {\\n \\"Id\\": 123456789,\\n \\"GmtCreate\\": \\"2021-01-06 16:37:29\\",\\n \\"GmtModified\\": \\"2021-01-06 16:37:29\\",\\n \\"RuleName\\": \\"siem_base64-command-exec_aegis-proc\\",\\n \\"RuleNameCn\\": \\"siem_base64-command-exec_aegis-proc\\",\\n \\"RuleNameEn\\": \\"siem_base64-command-exec_aegis-proc\\",\\n \\"RuleNameMds\\": \\"${siem_rule_name_siem_cfw-attack-count-level-up_cfw-attack}\\",\\n \\"RuleDescMds\\": \\"${siem_rule_description_siem_cfw-attack-count-level-up_cfw-attack}\\",\\n \\"ThreatLevel\\": \\"remind\\",\\n \\"AlertType\\": \\"WEBSHELL\\",\\n \\"Source\\": \\"cloud_siem_aegis_proc\\",\\n \\"EventTransferType\\": \\"allToSingle\\",\\n \\"AttCk\\": \\"T1595.002 Vulnerability Scanning\\",\\n \\"Status\\": 0\\n }\\n ]\\n }\\n}","type":"json"}]', + 'title' => 'ListCloudSiemPredefinedRules', + ], + 'ListCustomizeRuleTestResult' => [ + 'summary' => 'Queries the test results of a custom rule.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'http', + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'list', + 'riskType' => 'none', + 'chargeType' => 'free', + 'abilityTreeNodes' => [ + 'FEATUREsasASHGE7', + ], + ], + 'parameters' => [ + [ + 'name' => 'Id', + 'in' => 'formData', + 'schema' => [ + 'title' => '自定义规则ID。', + 'description' => 'The ID of the rule.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '123456789', + ], + ], + [ + 'name' => 'CurrentPage', + 'in' => 'formData', + 'schema' => [ + 'title' => '列表当前页号, 大于等于1。', + 'description' => 'The page number. Pages start from page 1.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'required' => true, + 'minimum' => '1', + 'example' => '1', + ], + ], + [ + 'name' => 'PageSize', + 'in' => 'formData', + 'schema' => [ + 'title' => '列表每页条数, 最大不超过100。', + 'description' => 'The number of entries per page. Valid values: 1 to 100.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'required' => true, + 'maximum' => '100', + 'minimum' => '1', + 'example' => '10', + ], + ], + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The type of the view. Valid values:'."\n" + .'- 0: the current Alibaba Cloud account'."\n" + .'- 1: the global account', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The ID of the account that you switch from the management account.', + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '113091674488****', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + [ + 'name' => 'DetectionRuleId', + 'in' => 'formData', + 'schema' => [ + 'type' => 'string', + ], + ], + [ + 'name' => 'VerifyType', + 'in' => 'formData', + 'schema' => [ + 'type' => 'string', + ], + ], + [ + 'name' => 'StartTime', + 'in' => 'formData', + 'schema' => [ + 'type' => 'integer', + 'format' => 'int64', + ], + ], + [ + 'name' => 'EndTime', + 'in' => 'formData', + 'schema' => [ + 'type' => 'integer', + 'format' => 'int64', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'PageResponse<List<CustomizeRuleAlert>>', + 'description' => 'PageResponse\\<List>'."\n", + 'type' => 'object', + 'properties' => [ + 'Success' => [ + 'title' => '请求是否成功。取值:'."\n" + .'- true:成功'."\n" + .'- false:失败', + 'description' => 'Indicates whether the request was successful. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'Code' => [ + 'title' => '请求状态码。', + 'description' => 'The HTTP status code.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '200', + ], + 'Message' => [ + 'title' => '请求返回消息。', + 'description' => 'The returned message.'."\n", + 'type' => 'string', + 'example' => 'success', + ], + 'RequestId' => [ + 'title' => '请求id。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', + ], + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'object', + 'properties' => [ + 'PageInfo' => [ + 'title' => '分页记录。', + 'description' => 'The pagination information.'."\n", + 'type' => 'object', + 'properties' => [ + 'CurrentPage' => [ + 'title' => '列表当前页号。', + 'description' => 'The current page number.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '1', + ], + 'PageSize' => [ + 'title' => '每页返回记录数。', + 'description' => 'The number of entries per page.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '10', + ], + 'TotalCount' => [ + 'title' => '记录总数。', + 'description' => 'The total number of entries returned.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '100', + ], + 'VerifiedCount' => [ + 'type' => 'integer', + 'format' => 'int64', + ], + ], + ], + 'ResponseData' => [ + 'title' => '详细数据。', + 'description' => 'The detailed data.'."\n", + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'Uuid' => [ + 'title' => '告警id。', + 'description' => 'The UUID of the alert.'."\n", + 'type' => 'string', + 'example' => 'sas_71e24437d2797ce8fc59692905a4****', + ], + 'MainUserId' => [ + 'title' => '告警关联siem主账号id。', + 'description' => 'The ID of the Alibaba Cloud account that is associated with the alert in SIEM.'."\n", + 'type' => 'string', + 'example' => '127608589417****', + ], + 'SubUserId' => [ + 'title' => '告警史记关联阿里账号ID。', + 'description' => 'The ID of the Alibaba Cloud account within which the alert is generated.'."\n", + 'type' => 'string', + 'example' => '176555323***', + ], + 'LogType' => [ + 'title' => '规则对应的日志类型。', + 'description' => 'The log type of the rule.'."\n", + 'type' => 'string', + 'example' => 'ALERT_ACTIVITY', + ], + 'LogSource' => [ + 'title' => '规则对应的日志源。', + 'description' => 'The log source of the rule.'."\n", + 'type' => 'string', + 'example' => 'cloud_siem_aegis_sas_alert', + ], + 'AlertSrcProd' => [ + 'title' => '事件关联告警来源产品。', + 'description' => 'The source of the alert.'."\n", + 'type' => 'string', + 'example' => 'sas', + ], + 'AlertSrcProdModule' => [ + 'title' => '事件关联告警来源产品子模块。', + 'description' => 'The sub-module of the source.'."\n", + 'type' => 'string', + 'example' => 'waf', + ], + 'AttCk' => [ + 'title' => 'ATTCT&攻击技术标签。', + 'description' => 'The tag of the ATT\\&CK attack.'."\n", + 'type' => 'string', + 'example' => 'T1595.002 Vulnerability Scanning', + ], + 'AlertDesc' => [ + 'title' => '告警描述。', + 'description' => 'The description of the alert.'."\n", + 'type' => 'string', + 'example' => 'The account you logged in this time is not in the legal account category defined by you. Please confirm the legality of the login behavior.', + ], + 'OnlineStatus' => [ + 'title' => '告警数据状态。 取值:'."\n" + .'- test:业务测试'."\n" + .'- online:上线', + 'description' => 'The status of the alert data. Valid values:'."\n" + ."\n" + .'* test: business test data.'."\n" + .'* online: online data.'."\n", + 'type' => 'string', + 'example' => 'test', + ], + 'EventName' => [ + 'title' => '告警名称,对应自定义规则名称。', + 'description' => 'The name of the alert, which corresponds to the name of the custom rule.'."\n", + 'type' => 'string', + 'example' => 'waf_scan', + ], + 'Level' => [ + 'title' => '威胁等级。取值:'."\n" + .'- serious:高危'."\n" + .'- suspicious:中危'."\n" + .'- remind:低危', + 'description' => 'The threat level. Valid values:'."\n" + ."\n" + .'* serious: high.'."\n" + .'* suspicious: medium.'."\n" + .'* remind: low.'."\n", + 'type' => 'string', + 'example' => 'remind', + ], + 'EventType' => [ + 'title' => '威胁类型 即告警类型。', + 'description' => 'The threat type, which indicates the alert type.'."\n", + 'type' => 'string', + 'example' => 'WEBSHELL', + ], + 'AlertDetail' => [ + 'title' => '告警详情 json格式。', + 'description' => 'The alert details in the JSON format.'."\n", + 'type' => 'string', + 'example' => '{"main_user_id": "165295629792****";"log_uuid_count": "99";"attack_ip": "218.92.XX.XX"}', + ], + 'LogTime' => [ + 'title' => '告警记录时间。', + 'description' => 'The time when the alert was recorded.'."\n", + 'type' => 'string', + 'example' => '2021-01-06 16:37:29', + ], + 'VerifyType' => [ + 'type' => 'string', + ], + ], + ], + ], + ], + 'example' => '123456', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorMessage' => 'The request processing has failed due to some unknown error.', + 'errorCode' => 'InternalError', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\",\\n \\"Data\\": {\\n \\"PageInfo\\": {\\n \\"CurrentPage\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 100,\\n \\"VerifiedCount\\": 30\\n },\\n \\"ResponseData\\": [\\n {\\n \\"Uuid\\": \\"sas_71e24437d2797ce8fc59692905a4****\\",\\n \\"MainUserId\\": \\"127608589417****\\",\\n \\"SubUserId\\": \\"176555323***\\",\\n \\"LogType\\": \\"ALERT_ACTIVITY\\",\\n \\"LogSource\\": \\"cloud_siem_aegis_sas_alert\\",\\n \\"AlertSrcProd\\": \\"sas\\",\\n \\"AlertSrcProdModule\\": \\"waf\\",\\n \\"AttCk\\": \\"T1595.002 Vulnerability Scanning\\",\\n \\"AlertDesc\\": \\"The account you logged in this time is not in the legal account category defined by you. Please confirm the legality of the login behavior。\\",\\n \\"OnlineStatus\\": \\"test\\",\\n \\"EventName\\": \\"waf_scan\\",\\n \\"Level\\": \\"remind\\",\\n \\"EventType\\": \\"WEBSHELL\\",\\n \\"AlertDetail\\": \\"{\\\\\\"main_user_id\\\\\\": \\\\\\"165295629792****\\\\\\";\\\\\\"log_uuid_count\\\\\\": \\\\\\"99\\\\\\";\\\\\\"attack_ip\\\\\\": \\\\\\"218.92.XX.XX\\\\\\"}\\",\\n \\"LogTime\\": \\"2023-01-06 16:37:29\\",\\n \\"VerifyType\\": \\"true\\"\\n }\\n ]\\n }\\n}","type":"json"}]', + 'title' => 'ListCustomizeRuleTestResult', + ], + 'PostCustomizeRule' => [ + 'summary' => 'Creates or updates a custom rule.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'https', + 'http', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'create', + 'riskType' => 'none', + 'chargeType' => 'free', + ], + 'parameters' => [ + [ + 'name' => 'Id', + 'in' => 'formData', + 'schema' => [ + 'title' => '自定义规则ID。', + 'description' => 'The ID of the rule.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '123456789', + ], + ], + [ + 'name' => 'RuleName', + 'in' => 'formData', + 'schema' => [ + 'title' => '规则名称。', + 'description' => 'The name of the rule.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'waf_scan', + ], + ], + [ + 'name' => 'RuleDesc', + 'in' => 'formData', + 'schema' => [ + 'title' => '规则描述。', + 'description' => 'The description of the rule.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'this rule is for waf scan', + ], + ], + [ + 'name' => 'ThreatLevel', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁等级。取值:'."\n" + .'- serious:高危'."\n" + .'- suspicious:中危'."\n" + .'- remind:低危', + 'description' => 'The risk level. Valid values:'."\n" + ."\n" + .'* serious: high'."\n" + .'* suspicious: medium'."\n" + .'* remind: low'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'remind', + ], + ], + [ + 'name' => 'AttCk', + 'in' => 'formData', + 'schema' => [ + 'title' => 'att&ck。', + 'description' => 'att&ck.', + 'type' => 'string', + 'required' => false, + 'example' => 'T1595.002 Vulnerability Scanning'."\n", + ], + ], + [ + 'name' => 'AlertType', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁类型。', + 'description' => 'The risk type.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'WEBSHELL', + ], + ], + [ + 'name' => 'AlertTypeMds', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁类型美杜莎code。', + 'description' => 'The internal code of the risk type.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '${siem_rule_type_process_abnormal_command}', + ], + ], + [ + 'name' => 'LogType', + 'in' => 'formData', + 'schema' => [ + 'title' => '规则对应的日志类型。', + 'description' => 'The log type of the rule.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'ALERT_ACTIVITY', + ], + ], + [ + 'name' => 'LogTypeMds', + 'in' => 'formData', + 'schema' => [ + 'title' => '规则对应的日志类型美杜莎code。', + 'description' => 'The internal code of the log type.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '${security_event_config.event_name.webshellName_clientav}', + ], + ], + [ + 'name' => 'LogSource', + 'in' => 'formData', + 'schema' => [ + 'title' => '规则对应的日志源。', + 'description' => 'The log source of the rule.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cloud_siem_aegis_sas_alert', + ], + ], + [ + 'name' => 'LogSourceMds', + 'in' => 'formData', + 'schema' => [ + 'title' => '规则对应的日志源美杜莎code。', + 'description' => 'The internal code of the log source.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '${sas.cloudsiem.prod.cloud_siem_aegis_sas_alert}', + ], + ], + [ + 'name' => 'RuleCondition', + 'in' => 'formData', + 'schema' => [ + 'title' => '规则查询条件json。', + 'description' => 'The query condition of the rule. The value is in the JSON format.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '[[{"not":false,"left":"alert_name","operator":"=","right":"WEBSHELL"}]]', + ], + ], + [ + 'name' => 'RuleGroup', + 'in' => 'formData', + 'schema' => [ + 'title' => '日志聚合字段,json数组格式。', + 'description' => 'The log aggregation field of the rule. The value is a JSON string.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '["asset_id"]', + ], + ], + [ + 'name' => 'RuleThreshold', + 'in' => 'formData', + 'schema' => [ + 'title' => '规则阈值配置json。', + 'description' => 'The threshold configuration of the rule. The value is in the JSON format.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '{"aggregateFunction":"count","aggregateFunctionName":"count","field":"activity_name","operator":"<=","value":1}', + ], + ], + [ + 'name' => 'QueryCycle', + 'in' => 'formData', + 'schema' => [ + 'title' => '规则窗口长度。', + 'description' => 'The window length of the rule.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '{"time":"1","unit":"HOUR"}', + ], + ], + [ + 'name' => 'EventTransferSwitch', + 'in' => 'formData', + 'schema' => [ + 'title' => '告警是否转换事件开关。 取值:'."\n" + .'- 0:不转换'."\n" + .'- 1:转换', + 'description' => 'Specifies whether to convert an alert to an event. Valid values:'."\n" + ."\n" + .'* 0: no'."\n" + .'* 1: yes'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'EventTransferType', + 'in' => 'formData', + 'schema' => [ + 'title' => '事件生成方式。 取值:'."\n" + .'- default:默认内置方式'."\n" + .'- singleToSingle:每个告警生成一个事件'."\n" + .'- allToSingle:周期内告警生成一个事件', + 'description' => 'The event generation method. Valid values:'."\n" + ."\n" + .'* default: The default method is used.'."\n" + .'* singleToSingle: The system generates an event for each alert.'."\n" + .'* allToSingle: The system generates an event for alerts within a period of time.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'allToSingle', + ], + ], + [ + 'name' => 'EventTransferExt', + 'in' => 'formData', + 'schema' => [ + 'title' => '事件生成扩展信息 当eventTransferType值为allToSingle该字段有值 表示告警聚合窗口的周期长度以及周期单位。', + 'description' => 'The extended information about event generation. If eventTransferType is set to allToSingle, the value of this parameter indicates the length and unit of the alert aggregation window.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '{"time":"1","unit":"MINUTE"}', + ], + ], + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The type of the view. Valid values:'."\n" + .'- 0: the current Alibaba Cloud account'."\n" + .'- 1: the global account', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The ID of the account that you switch from the management account.', + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '113091674488****', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'BaseResponse<CloudSiemCustomizeRule>', + 'description' => 'BaseResponse'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'object', + 'properties' => [ + 'Id' => [ + 'title' => '自定义规则ID。', + 'description' => 'The ID of the custom rule.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '123456789', + ], + 'GmtCreate' => [ + 'title' => '自定义规则创建时间。', + 'description' => 'The time when the custom rule was created.'."\n", + 'type' => 'string', + 'example' => '2021-01-06 16:37:29', + ], + 'GmtModified' => [ + 'title' => '自定义规则最后更新时间。', + 'description' => 'The time when the custom rule was last updated.'."\n", + 'type' => 'string', + 'example' => '2021-01-06 16:37:29', + ], + 'Aliuid' => [ + 'title' => 'siem主账号ID。', + 'description' => 'The ID of the Alibaba Cloud account that is used to purchase the threat analysis feature.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '127608589417****', + ], + 'RuleName' => [ + 'title' => '规则名称。', + 'description' => 'The name of the rule.'."\n", + 'type' => 'string', + 'example' => 'waf_scan', + ], + 'RuleDesc' => [ + 'title' => '规则描述。', + 'description' => 'The description of the rule.'."\n", + 'type' => 'string', + 'example' => 'this rule is for waf scan', + ], + 'RuleType' => [ + 'title' => '规则类型。 取值:'."\n" + .'- predefine:预定义'."\n" + .'- customize:自定义', + 'description' => 'The type of the rule. Valid values:'."\n" + ."\n" + .'* predefine'."\n" + .'* customize'."\n", + 'type' => 'string', + 'example' => 'customize', + ], + 'ThreatLevel' => [ + 'title' => '威胁等级。取值:'."\n" + .'- serious:高危'."\n" + .'- suspicious:中危'."\n" + .'- remind:低危', + 'description' => 'The risk level. Valid values:'."\n" + ."\n" + .'* serious: high'."\n" + .'* suspicious: medium'."\n" + .'* remind: low'."\n", + 'type' => 'string', + 'example' => 'remind', + ], + 'AlertType' => [ + 'title' => '威胁类型。', + 'description' => 'The risk type.'."\n", + 'type' => 'string', + 'example' => 'WEBSHELL', + ], + 'AlertTypeMds' => [ + 'title' => '威胁类型美杜莎code。', + 'description' => 'The internal code of the risk type.'."\n", + 'type' => 'string', + 'example' => '${siem_rule_type_process_abnormal_command}', + ], + 'LogType' => [ + 'title' => '规则对应的日志类型。', + 'description' => 'The log type of the rule.'."\n", + 'type' => 'string', + 'example' => 'ALERT_ACTIVITY', + ], + 'LogTypeMds' => [ + 'title' => '规则对应的日志类型美杜莎code。', + 'description' => 'The internal code of the log type.'."\n", + 'type' => 'string', + 'example' => '${security_event_config.event_name.webshellName_clientav}', + ], + 'LogSource' => [ + 'title' => '规则对应的日志源。', + 'description' => 'The log source of the rule.'."\n", + 'type' => 'string', + 'example' => 'cloud_siem_aegis_sas_alert', + ], + 'LogSourceMds' => [ + 'title' => '规则对应的日志源美杜莎code。', + 'description' => 'The internal code of the log source.'."\n", + 'type' => 'string', + 'example' => '${sas.cloudsiem.prod.cloud_siem_aegis_sas_alert}', + ], + 'RuleCondition' => [ + 'title' => '规则查询条件json(需要对html转义字符进行反向转义)。', + 'description' => 'The query condition of the rule. The value is in the JSON format. The HTML escape characters are reversed.'."\n", + 'type' => 'string', + 'example' => '[[{"not":false,"left":"alert_name","operator":"=","right":"WEBSHELL"}]]', + ], + 'RuleGroup' => [ + 'title' => '日志聚合字段,json数组格式(需要对html转义字符进行反向转义)。', + 'description' => 'The log aggregation field of the rule. The value is a JSON string. The HTML escape characters are reversed.'."\n", + 'type' => 'string', + 'example' => '["asset_id"]', + ], + 'RuleThreshold' => [ + 'title' => '规则阈值配置json(需要对html转义字符进行反向转义)。', + 'description' => 'The threshold configuration of the rule. The value is in the JSON format. The HTML escape characters are reversed.'."\n", + 'type' => 'string', + 'example' => '{"aggregateFunction":"count","aggregateFunctionName":"count","field":"activity_name","operator":"<=","value":1}', + ], + 'QueryCycle' => [ + 'title' => '规则窗口长度(需要对html转义字符进行反向转义)。', + 'description' => 'The window length of the rule. The HTML escape characters are reversed.'."\n", + 'type' => 'string', + 'example' => '{"time":"1","unit":"HOUR"}', + ], + 'AttCk' => [ + 'title' => '告警附加字段attck', + 'description' => '告警附加字段attck', + 'type' => 'string', + 'example' => 'T1595.002 Vulnerability Scanning', + ], + 'EventTransferSwitch' => [ + 'title' => '告警是否转换事件开关。 取值:'."\n" + .'- 0:不转换'."\n" + .'- 1:转换', + 'description' => 'Indicates whether the system generates an event for the alert. Valid values:'."\n" + ."\n" + .'* 0: no'."\n" + .'* 1: yes'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '1', + ], + 'EventTransferType' => [ + 'title' => '事件生成方式。 取值:'."\n" + .'- default:默认内置方式'."\n" + .'- singleToSingle:每个告警生成一个事件'."\n" + .'- allToSingle:周期内告警生成一个事件', + 'description' => 'The event generation method. Valid values:'."\n" + ."\n" + .'* default: The default method is used.'."\n" + .'* singleToSingle: The system generates an event for each alert.'."\n" + .'* allToSingle: The system generates an event for alerts within a period of time.'."\n", + 'type' => 'string', + 'example' => 'allToSingle', + ], + 'EventTransferExt' => [ + 'title' => '事件生成扩展信息 当eventTransferType值为allToSingle该字段有值 表示告警聚合窗口的周期长度以及周期单位(需要对html转义字符进行反向转义)。', + 'description' => 'The extended information about event generation. If eventTransferType is set to allToSingle, the value of this parameter indicates the length and unit of the alert aggregation window. The HTML escape characters are reversed.'."\n", + 'type' => 'string', + 'example' => '{"time":"1","unit":"MINUTE"}', + ], + 'Status' => [ + 'title' => '规则状态。 取值:'."\n" + .'- 0:初始状态'."\n" + .'- 10:模拟数据测试'."\n" + .'- 15:业务数据测试中'."\n" + .'- 20:业务数据测试结束'."\n" + .'- 100:规则上线', + 'description' => 'The rule status. Valid values:'."\n" + ."\n" + .'* 0: The rule is in the initial state.'."\n" + .'* 10: The simulation data is tested.'."\n" + .'* 15: The business data is being tested.'."\n" + .'* 20: The business data test ends.'."\n" + .'* 100: The rule takes effect.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '0', + ], + 'DataType' => [ + 'description' => '自动化响应规则条件字段数据类型。', + 'type' => 'integer', + 'format' => 'int32', + 'example' => 'varchar', + ], + ], + 'example' => '123456', + ], + 'Success' => [ + 'title' => '请求是否成功。取值:'."\n" + .'- true:成功'."\n" + .'- false:失败', + 'description' => 'Indicates whether the request was successful. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'Code' => [ + 'title' => '请求状态码。', + 'description' => 'The HTTP status code.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '200', + ], + 'Message' => [ + 'title' => '请求返回消息。', + 'description' => 'The returned message.'."\n", + 'type' => 'string', + 'example' => 'success', + ], + 'RequestId' => [ + 'title' => '请求id。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'CloudSiemCustomizeRuleUpdateExcepiton', + 'errorMessage' => 'this customize rule can only update in init status.', + ], + [ + 'errorCode' => 'CloudSiemCustomizeRuleConditionExceedExcepiton', + 'errorMessage' => 'the number of rule conditions cannot exceed 100.', + ], + [ + 'errorCode' => 'CloudSiemCustomizeRuleDuplicateRuleNameExcepiton', + 'errorMessage' => 'the rule name is duplicated.', + ], + ], + 500 => [ + [ + 'errorMessage' => 'The request processing has failed due to some unknown error.', + 'errorCode' => 'InternalError', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"Id\\": 123456789,\\n \\"GmtCreate\\": \\"2021-01-06 16:37:29\\",\\n \\"GmtModified\\": \\"2021-01-06 16:37:29\\",\\n \\"Aliuid\\": 0,\\n \\"RuleName\\": \\"waf_scan\\",\\n \\"RuleDesc\\": \\"this rule is for waf scan\\",\\n \\"RuleType\\": \\"customize\\",\\n \\"ThreatLevel\\": \\"remind\\",\\n \\"AlertType\\": \\"WEBSHELL\\",\\n \\"AlertTypeMds\\": \\"${siem_rule_type_process_abnormal_command}\\",\\n \\"LogType\\": \\"ALERT_ACTIVITY\\",\\n \\"LogTypeMds\\": \\"${security_event_config.event_name.webshellName_clientav}\\",\\n \\"LogSource\\": \\"cloud_siem_aegis_sas_alert\\",\\n \\"LogSourceMds\\": \\"${sas.cloudsiem.prod.cloud_siem_aegis_sas_alert}\\",\\n \\"RuleCondition\\": \\"[[{"not":false,"left":"alert_name","operator":"=","right":"WEBSHELL"}]]\\",\\n \\"RuleGroup\\": \\"["asset_id"]\\",\\n \\"RuleThreshold\\": \\"{"aggregateFunction":"count","aggregateFunctionName":"count","field":"activity_name","operator":"<=","value":1}\\",\\n \\"QueryCycle\\": \\"{"time":"1","unit":"HOUR"}\\",\\n \\"AttCk\\": \\"T1595.002 Vulnerability Scanning\\",\\n \\"EventTransferSwitch\\": 1,\\n \\"EventTransferType\\": \\"allToSingle\\",\\n \\"EventTransferExt\\": \\"{"time":"1","unit":"MINUTE"}\\",\\n \\"Status\\": 0,\\n \\"DataType\\": 0\\n },\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', + 'title' => 'PostCustomizeRule', + ], + 'PostCustomizeRuleTest' => [ + 'summary' => 'Submits a custom rule for testing.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'https', + 'http', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'create', + 'riskType' => 'none', + 'chargeType' => 'free', + ], + 'parameters' => [ + [ + 'name' => 'Id', + 'in' => 'formData', + 'schema' => [ + 'title' => '自定义规则ID。', + 'description' => 'The ID of the rule.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '123456789', + ], + ], + [ + 'name' => 'TestType', + 'in' => 'formData', + 'schema' => [ + 'title' => '测试类型。 取值:'."\n" + .'- simulate:模拟数据测试'."\n" + .'- business:业务数据测试'."\n" + .'- 15:业务数据测试中', + 'description' => 'The test type. Valid values:'."\n" + ."\n" + .'* simulate: simulation data test'."\n" + .'* business: business data test'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'simulate', + ], + ], + [ + 'name' => 'SimulatedData', + 'in' => 'formData', + 'schema' => [ + 'title' => '模拟测试数据 只有在测试类型为simulate情况下赋值。', + 'description' => 'The simulation data for the test. This parameter is available only when TestType is set to simulate.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '[{"key1":"value1","key2":"value2","key3":"value3","key4":"value4","key5":"value5"}]', + ], + ], + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The type of the view. Valid values:'."\n" + .'- 0: the current Alibaba Cloud account'."\n" + .'- 1: the global account', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The ID of the account that you switch from the management account.', + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '113091674488****', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The data management center of the threat analysis feature. Specify this parameter based on the region in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions inside China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'BaseResponse', + 'description' => 'BaseResponse'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'any', + 'example' => '123456', + ], + 'Success' => [ + 'title' => '请求是否成功。取值:'."\n" + .'- true:成功'."\n" + .'- false:失败', + 'description' => 'Indicates whether the request was successful. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'Code' => [ + 'title' => '请求状态码。', + 'description' => 'The HTTP status code that is returned.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '200', + ], + 'Message' => [ + 'title' => '请求返回消息。', + 'description' => 'The returned message.'."\n", + 'type' => 'string', + 'example' => 'success', + ], + 'RequestId' => [ + 'title' => '请求id。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorMessage' => 'The request processing has failed due to some unknown error.', + 'errorCode' => 'InternalError', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": \\"123456\\",\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', + 'title' => 'PostCustomizeRuleTest', + ], + 'PostFinishCustomizeRuleTest' => [ + 'summary' => 'Ends the test of a custom rule.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'https', + 'http', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'update', + 'riskType' => 'none', + 'chargeType' => 'free', + ], + 'parameters' => [ + [ + 'name' => 'Id', + 'in' => 'formData', + 'schema' => [ + 'title' => '自定义规则ID。', + 'description' => 'The ID of the rule.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '123456789', + ], + ], + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The type of the view. Valid values:'."\n" + .'- 0: the current Alibaba Cloud account'."\n" + .'- 1: the global account', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The ID of the account that you switch from the management account.', + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '113091674488****', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'BaseResponse', + 'description' => 'BaseResponse'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'any', + 'example' => '123456', + ], + 'Success' => [ + 'title' => '请求是否成功。取值:'."\n" + .'- true:成功'."\n" + .'- false:失败', + 'description' => 'Indicates whether the request was successful. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'Code' => [ + 'title' => '请求状态码。', + 'description' => 'The HTTP status code.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '200', + ], + 'Message' => [ + 'title' => '请求返回消息。', + 'description' => 'The returned message.'."\n", + 'type' => 'string', + 'example' => 'success', + ], + 'RequestId' => [ + 'title' => '请求id。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorMessage' => 'The request processing has failed due to some unknown error.', + 'errorCode' => 'InternalError', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": \\"123456\\",\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', + 'title' => 'PostFinishCustomizeRuleTest', + ], + 'PostRuleStatusChange' => [ + 'summary' => 'Updates the status of a custom rule.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'https', + 'http', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'update', + 'riskType' => 'none', + 'chargeType' => 'free', + ], + 'parameters' => [ + [ + 'name' => 'Ids', + 'in' => 'formData', + 'schema' => [ + 'title' => '规则id列表 json数组格式。', + 'description' => 'The rule IDs. The value is a JSON array.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '[123,345]', + ], + ], + [ + 'name' => 'RuleType', + 'in' => 'formData', + 'schema' => [ + 'title' => '规则类型。 取值:'."\n" + .'- predefine:预定义'."\n" + .'- customize:自定义', + 'description' => 'The type of the rule. Valid values:'."\n" + ."\n" + .'* predefine'."\n" + .'* customize'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'customize', + ], + ], + [ + 'name' => 'InUse', + 'in' => 'formData', + 'schema' => [ + 'title' => '规则开启状态。 取值:'."\n" + .'- true:开启'."\n" + .'- false:关闭', + 'description' => 'Specifies whether to enable the rule. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'required' => false, + 'example' => 'true', + ], + ], + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The type of the view. Valid values:'."\n" + .'- 0: the current Alibaba Cloud account'."\n" + .'- 1: the global account', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The ID of the account that you switch from the management account.', + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '113091674488****', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'BaseResponse', + 'description' => 'BaseResponse'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'any', + 'example' => '123456', + ], + 'Success' => [ + 'title' => '请求是否成功。取值:'."\n" + .'- true:成功'."\n" + .'- false:失败', + 'description' => 'Indicates whether the request was successful. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'Code' => [ + 'title' => '请求状态码。', + 'description' => 'The HTTP status code.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '200', + ], + 'Message' => [ + 'title' => '请求返回消息。', + 'description' => 'The returned message.'."\n", + 'type' => 'string', + 'example' => 'success', + ], + 'RequestId' => [ + 'title' => '请求id。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorMessage' => 'The request processing has failed due to some unknown error.', + 'errorCode' => 'InternalError', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": \\"123456\\",\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', + 'title' => 'PostRuleStatusChange', + ], + 'DescribeScopeUsers' => [ + 'summary' => 'Queries the list of users in the playbook scope.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'https', + 'http', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'riskType' => 'none', + 'chargeType' => 'free', + ], + 'parameters' => [ + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The type of the view. Valid values:'."\n" + .'- 0: the current Alibaba Cloud account'."\n" + .'- 1: the global account', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The ID of the account that you switch from the management account.', + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '113091674488****', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The data management center of the threat analysis feature. Specify this parameter based on the region in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions inside China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'BaseResponse<List<SoarScope>>', + 'description' => 'BaseResponse\\<List>'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'AliUid' => [ + 'title' => 'siem用户ID。', + 'description' => 'The ID of the security information and event management (SIEM) user.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '123456789****', + ], + 'UserName' => [ + 'title' => '用户名。', + 'description' => 'The username.'."\n", + 'type' => 'string', + 'example' => 'test001', + ], + 'UserId' => [ + 'title' => '多云用户ID。', + 'description' => '多云用户ID。', + 'type' => 'string', + 'example' => '123456789****', + ], + 'CloudCode' => [ + 'title' => '云code。 取值:'."\n" + .'- qcloud:腾讯云'."\n" + .'- hcloud:华为云', + 'description' => '云code。 取值:'."\n" + .'- qcloud:腾讯云'."\n" + .'- hcloud:华为云', + 'type' => 'string', + 'example' => 'qcloud', + ], + 'InstanceId' => [ + 'title' => 'waf实例ID。', + 'description' => 'The ID of the Web Application Firewall (WAF) instance.'."\n", + 'type' => 'string', + 'example' => 'waf-cn-tl123ast****', + ], + 'Domains' => [ + 'title' => 'waf实例下的防护的域名列表。', + 'description' => 'An array consisting of the domain names that are protected by the WAF instance.'."\n", + 'type' => 'array', + 'items' => [ + 'description' => 'The domain name that is protected by the WAF instance.'."\n", + 'type' => 'string', + 'example' => '[123***.com, 456***.com]', + ], + 'example' => '[123.com, 456.com]', + ], + ], + ], + 'example' => '123456', + ], + 'Success' => [ + 'title' => '请求是否成功。取值:'."\n" + .'- true:成功'."\n" + .'- false:失败', + 'description' => 'Indicates whether the request was successful. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'Code' => [ + 'title' => '请求状态码。', + 'description' => 'The HTTP status code that is returned.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '200', + ], + 'Message' => [ + 'title' => '请求返回消息。', + 'description' => 'The returned message.'."\n", + 'type' => 'string', + 'example' => 'success', + ], + 'RequestId' => [ + 'title' => '请求id。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorMessage' => 'The request processing has failed due to some unknown error.', + 'errorCode' => 'InternalError', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"AliUid\\": 0,\\n \\"UserName\\": \\"test001\\",\\n \\"UserId\\": \\"123456789****\\",\\n \\"CloudCode\\": \\"qcloud\\",\\n \\"InstanceId\\": \\"waf-cn-tl123ast****\\",\\n \\"Domains\\": [\\n \\"[123***.com, 456***.com]\\"\\n ]\\n }\\n ],\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', + 'title' => 'DescribeScopeUsers', + ], + 'DeleteAutomateResponseConfig' => [ + 'summary' => 'Deletes the automated response rule with a specified ID.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'https', + 'http', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'delete', + 'riskType' => 'none', + 'chargeType' => 'free', + ], + 'parameters' => [ + [ + 'name' => 'Id', + 'in' => 'formData', + 'schema' => [ + 'title' => '自动化响应配置规则ID。', + 'description' => 'The ID of the rule.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '123', + ], + ], + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The type of the view. Valid values:'."\n" + .'- 0: the current Alibaba Cloud account'."\n" + .'- 1: the global account', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The ID of the account that you switch from the management account.', + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '113091674488****', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'BaseResponse<String>', + 'description' => 'BaseResponse'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'string', + 'example' => '123456', + ], + 'Success' => [ + 'title' => '请求是否成功。取值:'."\n" + .'- true:成功'."\n" + .'- false:失败', + 'description' => 'Indicates whether the request was successful. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'Code' => [ + 'title' => '请求状态码。', + 'description' => 'The HTTP status code.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '200', + ], + 'Message' => [ + 'title' => '请求返回消息。', + 'description' => 'The returned message.'."\n", + 'type' => 'string', + 'example' => 'success', + ], + 'RequestId' => [ + 'title' => '请求id。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorMessage' => 'The request processing has failed due to some unknown error.', + 'errorCode' => 'InternalError', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": \\"123456\\",\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', + 'title' => 'DeleteAutomateResponseConfig', + ], + 'DescribeAutomateResponseConfigCounter' => [ + 'summary' => 'Queries the number of automated response rules.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'https', + 'http', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'riskType' => 'none', + 'chargeType' => 'free', + ], + 'parameters' => [ + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The type of the view. Valid values:'."\n" + .'- 0: the current Alibaba Cloud account'."\n" + .'- 1: the global account', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The ID of the account that you switch from the management account.', + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '113091674488****', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'BaseResponse<AutomateResponseCounter>', + 'description' => 'BaseResponse'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'object', + 'properties' => [ + 'All' => [ + 'title' => '总规则数。', + 'description' => 'The total number of rules.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '20', + ], + 'Online' => [ + 'title' => '启动规则数。', + 'description' => 'The number of enabled rules.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '10', + ], + ], + 'example' => '123456', + ], + 'Success' => [ + 'title' => '请求是否成功。取值:'."\n" + .'- true:成功'."\n" + .'- false:失败', + 'description' => 'Indicates whether the request was successful. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'Code' => [ + 'title' => '请求状态码。', + 'description' => 'The HTTP status code.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '200', + ], + 'Message' => [ + 'title' => '请求返回消息。', + 'description' => 'The returned message.'."\n", + 'type' => 'string', + 'example' => 'success', + ], + 'RequestId' => [ + 'title' => '请求id。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorMessage' => 'The request processing has failed due to some unknown error.', + 'errorCode' => 'InternalError', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"All\\": 20,\\n \\"Online\\": 10\\n },\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', + 'title' => 'DescribeAutomateResponseConfigCounter', + ], + 'DescribeAutomateResponseConfigFeature' => [ + 'summary' => 'Queries the configurable fields and operators of an automated response rule.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'https', + 'http', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'riskType' => 'none', + 'chargeType' => 'free', + ], + 'parameters' => [ + [ + 'name' => 'AutoResponseType', + 'in' => 'formData', + 'schema' => [ + 'title' => '自动化响应类型。 取值:'."\n" + .'- event:事件'."\n" + .'- alert:告警', + 'description' => 'The type of the automated response rule. Valid values:'."\n" + ."\n" + .'* event'."\n" + .'* alert'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'event', + ], + ], + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The type of the view. Valid values:'."\n" + .'- 0: the current Alibaba Cloud account'."\n" + .'- 1: the global account', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The ID of the account that you switch from the management account.', + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '113091674488****', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'BaseResponse<List<AutomateResponseConfigFeature>>', + 'description' => 'BaseResponse\\<List>'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'Feature' => [ + 'title' => '自动化响应规则条件字段名称。', + 'description' => 'The name of the condition field in the automated response rule.'."\n", + 'type' => 'string', + 'example' => 'alert_desc', + ], + 'DataType' => [ + 'title' => '自动化响应规则条件字段数据类型。', + 'description' => 'The data type of the condition field in the automated response rule.'."\n", + 'type' => 'string', + 'example' => 'varchar', + ], + 'SupportOperators' => [ + 'title' => '该字段支持的操作符列表', + 'description' => 'The operators that are supported for the condition field.'."\n", + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'HasRightValue' => [ + 'title' => '是否需要右值 取值:'."\n" + .'- 需要:'."\n" + .'- false:不需要。', + 'description' => 'Indicates whether the right operand is required. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'example' => 'false', + ], + 'Operator' => [ + 'title' => '操作符。', + 'description' => 'The operator.'."\n", + 'type' => 'string', + 'example' => '<=', + ], + 'OperatorName' => [ + 'title' => '操作符显示名称。', + 'description' => 'The name of the operator.'."\n", + 'type' => 'string', + 'example' => '<=', + ], + 'OperatorDescCn' => [ + 'title' => '操作符中文描述。', + 'description' => 'The description of the operator in Chinese.'."\n", + 'type' => 'string', + 'example' => 'larger than or equal to', + ], + 'OperatorDescEn' => [ + 'title' => '操作符英文描述。', + 'description' => 'The description of the operator in English.'."\n", + 'type' => 'string', + 'example' => 'larger than or equal to', + ], + 'SupportDataType' => [ + 'title' => '当前操作符可以支持的数据类型 以逗号分隔。', + 'description' => 'The data types that are supported by the operator. The data types are separated by commas (,).'."\n", + 'type' => 'string', + 'example' => 'varchar', + ], + 'SupportTag' => [ + 'title' => '操作符支持场景 多个场景以逗号分隔 如聚合(AGGREGATE)等 默认为空。', + 'description' => 'The scenarios that are supported by the operator. Multiple scenarios are separated by commas (,), such as aggregation scenarios. By default, this parameter is empty.'."\n", + 'type' => 'array', + 'items' => [ + 'description' => 'The supported scenario.'."\n", + 'type' => 'string', + 'example' => '[AGGREGATE]', + ], + 'example' => '[AGGREGATE]', + ], + 'Index' => [ + 'title' => '操作符所处操作符列表位置。', + 'description' => 'The position of the operator in the operator list.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '3', + ], + ], + ], + ], + 'RightValueEnums' => [ + 'title' => '该字段对应的右值枚举值', + 'description' => 'The enumerated values of the right operand for the field.'."\n", + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'Value' => [ + 'title' => '右值枚举值。', + 'description' => 'The enumerated value of the right operand.'."\n", + 'type' => 'string', + 'example' => 'serious', + ], + 'ValueMds' => [ + 'title' => '右值枚举值美杜莎code。', + 'description' => 'The internal code of the enumerated value.'."\n", + 'type' => 'string', + 'example' => 'aliyun.siem.automate.feature.alert_level.serious', + ], + ], + ], + ], + ], + ], + 'example' => '123456', + ], + 'Success' => [ + 'title' => '请求是否成功。取值:'."\n" + .'- true:成功'."\n" + .'- false:失败', + 'description' => 'Indicates whether the request was successful. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'Code' => [ + 'title' => '请求状态码。', + 'description' => 'The HTTP status code.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '200', + ], + 'Message' => [ + 'title' => '请求返回消息。', + 'description' => 'The returned message.'."\n", + 'type' => 'string', + 'example' => 'success', + ], + 'RequestId' => [ + 'title' => '请求id。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorMessage' => 'The request processing has failed due to some unknown error.', + 'errorCode' => 'InternalError', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"Feature\\": \\"alert_desc\\",\\n \\"DataType\\": \\"varchar\\",\\n \\"SupportOperators\\": [\\n {\\n \\"HasRightValue\\": false,\\n \\"Operator\\": \\"<=\\",\\n \\"OperatorName\\": \\"<=\\",\\n \\"OperatorDescCn\\": \\"larger than or equal to\\",\\n \\"OperatorDescEn\\": \\"larger than or equal to\\",\\n \\"SupportDataType\\": \\"varchar\\",\\n \\"SupportTag\\": [\\n \\"[AGGREGATE]\\"\\n ],\\n \\"Index\\": 3\\n }\\n ],\\n \\"RightValueEnums\\": [\\n {\\n \\"Value\\": \\"serious\\",\\n \\"ValueMds\\": \\"aliyun.siem.automate.feature.alert_level.serious\\"\\n }\\n ]\\n }\\n ],\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', + 'title' => 'DescribeAutomateResponseConfigFeature', + ], + 'ListAutomateResponseConfigs' => [ + 'summary' => 'Queries automated response rules.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'http', + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'list', + 'riskType' => 'none', + 'chargeType' => 'free', + 'abilityTreeNodes' => [ + 'FEATUREsas104PTS', + ], + ], + 'parameters' => [ + [ + 'name' => 'Id', + 'in' => 'formData', + 'schema' => [ + 'title' => '自动化响应配置规则ID。', + 'description' => 'The ID of the automated response rule.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '123', + ], + ], + [ + 'name' => 'SubUserId', + 'in' => 'formData', + 'schema' => [ + 'title' => '规则创建用户ID。', + 'description' => 'The ID of the user who created the rule.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '17108579417****', + ], + ], + [ + 'name' => 'PlaybookUuid', + 'in' => 'formData', + 'schema' => [ + 'title' => '剧本唯一标识。', + 'description' => 'The UUID of the playbook.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'system_aliyun_aegis_kill_quara_book', + ], + ], + [ + 'name' => 'RuleName', + 'in' => 'formData', + 'schema' => [ + 'title' => '自动化响应配置规则名称。', + 'description' => 'The name of the automated response rule.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cfw kill quara book', + ], + ], + [ + 'name' => 'AutoResponseType', + 'in' => 'formData', + 'schema' => [ + 'title' => '自动化响应类型。 取值:'."\n" + .'- event:事件'."\n" + .'- alert:告警', + 'description' => 'The type of the automated response rule. Valid values:'."\n" + ."\n" + .'* event'."\n" + .'* alert'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'event', + ], + ], + [ + 'name' => 'ActionType', + 'in' => 'formData', + 'schema' => [ + 'title' => '处置动作类型。 取值:'."\n" + .'- doPlaybook:执行剧本'."\n" + .'- changeEventStatus:更改事件状态'."\n" + .'- changeThreatLevel:更改事件威胁等级', + 'description' => 'The type of the handling action. Valid values:'."\n" + ."\n" + .'* doPlaybook: runs a playbook.'."\n" + .'* changeEventStatus: changes the status of an event.'."\n" + .'* changeThreatLevel: changes the risk level of an event.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'doPlaybook', + ], + ], + [ + 'name' => 'Status', + 'in' => 'formData', + 'schema' => [ + 'title' => '规则状态。 取值:'."\n" + .'- 0:未启用'."\n" + .'- 100:启用', + 'description' => 'The status of the rule. Valid values:'."\n" + ."\n" + .'* 0: disabled'."\n" + .'* 100: enabled'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '0', + ], + ], + [ + 'name' => 'CurrentPage', + 'in' => 'formData', + 'schema' => [ + 'title' => '列表当前页号, 大于等于1。', + 'description' => 'The page number. Pages start from page 1.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'required' => true, + 'minimum' => '1', + 'example' => '1', + ], + ], + [ + 'name' => 'PageSize', + 'in' => 'formData', + 'schema' => [ + 'title' => '列表每页条数, 最大不超过100。', + 'description' => 'The number of entries per page. Maximum value: 100.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'required' => true, + 'maximum' => '100', + 'minimum' => '1', + 'example' => '10', + ], + ], + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The type of the view. Valid values:'."\n" + .'- 0: the current Alibaba Cloud account'."\n" + .'- 1: the global account', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The ID of the account that you switch from the management account.', + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '113091674488****', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + [ + 'name' => 'ResponseRuleType', + 'in' => 'formData', + 'schema' => [ + 'type' => 'string', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'PageResponse<List<CloudSiemAutomateResponseConfig>>', + 'description' => 'PageResponse\\<List>'."\n", + 'type' => 'object', + 'properties' => [ + 'Success' => [ + 'title' => '请求是否成功。取值:'."\n" + .'- true:成功'."\n" + .'- false:失败', + 'description' => 'Indicates whether the request was successful. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'Code' => [ + 'title' => '请求状态码。', + 'description' => 'The HTTP status code.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '200', + ], + 'Message' => [ + 'title' => '请求返回消息。', + 'description' => 'The returned message.'."\n", + 'type' => 'string', + 'example' => 'success', + ], + 'RequestId' => [ + 'title' => '请求id。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', + ], + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'object', + 'properties' => [ + 'PageInfo' => [ + 'title' => '分页记录。', + 'description' => 'The pagination information.'."\n", + 'type' => 'object', + 'properties' => [ + 'CurrentPage' => [ + 'title' => '列表当前页号。', + 'description' => 'The current page number.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '1', + ], + 'PageSize' => [ + 'title' => '每页返回记录数。', + 'description' => 'The number of entries per page.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '10', + ], + 'TotalCount' => [ + 'title' => '记录总数。', + 'description' => 'The total number of entries returned.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '100', + ], + ], + ], + 'ResponseData' => [ + 'title' => '详细数据。', + 'description' => 'The detailed data.'."\n", + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'Id' => [ + 'title' => '自动化响应配置规则ID。', + 'description' => 'The ID of the automated response rule.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '123', + ], + 'GmtCreate' => [ + 'title' => '创建时间。', + 'description' => 'The creation time.'."\n", + 'type' => 'string', + 'example' => '2021-01-06 16:37:29', + ], + 'GmtModified' => [ + 'title' => '修改时间。', + 'description' => 'The update time.'."\n", + 'type' => 'string', + 'example' => '2021-01-06 16:37:29', + ], + 'Aliuid' => [ + 'title' => '规则关联siem主账号ID。', + 'description' => 'The ID of the Alibaba Cloud account that is associated with the rule in SIEM.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '127608589417****', + ], + 'SubUserId' => [ + 'title' => '规则创建用户ID。', + 'description' => 'The ID of the user who created the rule.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '17108579417****', + ], + 'RuleName' => [ + 'title' => '自动化响应配置规则名称。', + 'description' => 'The name of the automated response rule.'."\n", + 'type' => 'string', + 'example' => 'cfw kill quara book', + ], + 'AutoResponseType' => [ + 'title' => '自动化响应类型。 取值:'."\n" + .'- event:事件'."\n" + .'- alert:告警', + 'description' => 'The type of the automated response rule. Valid values:'."\n" + ."\n" + .'* **event**'."\n" + .'* **alert**'."\n", + 'type' => 'string', + 'example' => 'event', + ], + 'ExecutionCondition' => [ + 'title' => '自动化响应规则触发条件 json格式。', + 'description' => 'The trigger condition of the automated response rule. The value is in the JSON format.'."\n", + 'type' => 'string', + 'example' => '[{"left":{"value":"alert_name"},"operator":"containsString","right":{"value":"webshell_online"}}]', + ], + 'ActionType' => [ + 'title' => '处置动作类型 多个值以逗号分隔。 取值:'."\n" + .'- doPlaybook:执行剧本'."\n" + .'- changeEventStatus:更改事件状态'."\n" + .'- changeThreatLevel:更改事件威胁等级', + 'description' => 'The type of the handling action. Multiple types are separated by commas (,). Valid values:'."\n" + ."\n" + .'* **doPlaybook**: runs the playbook.'."\n" + .'* **changeEventStatus**: changes the event status.'."\n" + .'* **changeThreatLevel**: changes the risk level of the event.'."\n", + 'type' => 'string', + 'example' => 'doPlaybook,changeEventStatus', + ], + 'ActionConfig' => [ + 'title' => '自动化响应规则动作配置 json数组格式。', + 'description' => 'The configuration of the action that is performed after the automated response rule is hit. The value is in the JSON format.'."\n", + 'type' => 'string', + 'example' => '['."\n" + .' {'."\n" + .' "actionType": "doPlaybook",'."\n" + .' "playbookName": "WafBlockIP",'."\n" + .' "playbookUuid": "bdad6220-6584-41b2-9704-fc6584568758"'."\n" + .' }'."\n" + .']', + ], + 'Status' => [ + 'title' => '规则状态。 取值:'."\n" + .'- 0:未启用'."\n" + .'- 100:启用', + 'description' => 'The status of the rule. Valid values:'."\n" + ."\n" + .'* **0**: disabled.'."\n" + .'* **100**: enabled.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '0', + ], + 'DataType' => [ + 'description' => 'The type of the view. Valid values:'."\n" + ."\n" + .'0: the current Alibaba Cloud account'."\n" + .'1: the global account', + 'type' => 'integer', + 'format' => 'int32', + 'example' => '1', + ], + 'ResponseRuleType' => [ + 'type' => 'string', + ], + ], + ], + ], + ], + 'example' => '123456', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorMessage' => 'The request processing has failed due to some unknown error.', + 'errorCode' => 'InternalError', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\",\\n \\"Data\\": {\\n \\"PageInfo\\": {\\n \\"CurrentPage\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 100\\n },\\n \\"ResponseData\\": [\\n {\\n \\"Id\\": 123,\\n \\"GmtCreate\\": \\"2021-01-06 16:37:29\\",\\n \\"GmtModified\\": \\"2021-01-06 16:37:29\\",\\n \\"Aliuid\\": 0,\\n \\"SubUserId\\": 0,\\n \\"RuleName\\": \\"cfw kill quara book\\",\\n \\"AutoResponseType\\": \\"event\\",\\n \\"ExecutionCondition\\": \\"[{\\\\\\"left\\\\\\":{\\\\\\"value\\\\\\":\\\\\\"alert_name\\\\\\"},\\\\\\"operator\\\\\\":\\\\\\"containsString\\\\\\",\\\\\\"right\\\\\\":{\\\\\\"value\\\\\\":\\\\\\"webshell_online\\\\\\"}}]\\",\\n \\"ActionType\\": \\"doPlaybook,changeEventStatus\\",\\n \\"ActionConfig\\": \\"[\\\\n {\\\\n \\\\\\"actionType\\\\\\": \\\\\\"doPlaybook\\\\\\",\\\\n \\\\\\"playbookName\\\\\\": \\\\\\"WafBlockIP\\\\\\",\\\\n \\\\\\"playbookUuid\\\\\\": \\\\\\"bdad6220-6584-41b2-9704-fc6584568758\\\\\\"\\\\n }\\\\n]\\",\\n \\"Status\\": 0,\\n \\"DataType\\": 0,\\n \\"ResponseRuleType\\": \\"custom\\"\\n }\\n ]\\n }\\n}","type":"json"}]', + 'title' => 'ListAutomateResponseConfigs', + ], + 'PostAutomateResponseConfig' => [ + 'summary' => 'Creates or updates an automatic response rule.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'https', + 'http', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'create', + 'riskType' => 'none', + 'chargeType' => 'free', + ], + 'parameters' => [ + [ + 'name' => 'Id', + 'in' => 'formData', + 'schema' => [ + 'title' => '自动化响应配置规则ID。', + 'description' => 'The rule ID.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '123', + ], + ], + [ + 'name' => 'SubUserId', + 'in' => 'formData', + 'schema' => [ + 'title' => '规则创建用户ID。', + 'description' => 'The ID of the user who created the rule.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '17108579417****', + ], + ], + [ + 'name' => 'RuleName', + 'in' => 'formData', + 'schema' => [ + 'title' => '自动化响应配置规则名称。', + 'description' => 'The rule name.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cfw kill quara book', + ], + ], + [ + 'name' => 'AutoResponseType', + 'in' => 'formData', + 'schema' => [ + 'title' => '自动化响应类型。 取值:'."\n" + .'- event:事件'."\n" + .'- alert:告警', + 'description' => 'The type of the automated response rule. Valid values:'."\n" + ."\n" + .'* **event**'."\n" + .'* **alert**'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'event', + ], + ], + [ + 'name' => 'ExecutionCondition', + 'in' => 'formData', + 'schema' => [ + 'title' => '自动化响应规则触发条件 json格式。', + 'description' => 'The trigger condition of the automated response rule. The value is in the JSON format.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '[{"left":{"value":"alert_name"},"operator":"containsString","right":{"value":"webshell_online"}}]', + ], + ], + [ + 'name' => 'ActionType', + 'in' => 'formData', + 'schema' => [ + 'title' => '处置动作类型 多个值以逗号分隔。 取值:'."\n" + .'- doPlaybook:执行剧本'."\n" + .'- changeEventStatus:更改事件状态'."\n" + .'- changeThreatLevel:更改事件威胁等级', + 'description' => 'The type of the handling action. Multiple types are separated by commas (,). Valid values:'."\n" + ."\n" + .'* **doPlaybook**: runs the playbook.'."\n" + .'* **changeEventStatus**: changes the event status.'."\n" + .'* **changeThreatLevel**: changes the threat level of the event.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'doPlaybook,changeEventStatus', + ], + ], + [ + 'name' => 'ActionConfig', + 'in' => 'formData', + 'schema' => [ + 'title' => '自动化响应规则动作配置 json数组格式。', + 'description' => 'The action configuration of the automated response rule. The value is in the JSON format.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '['."\n" + .' {'."\n" + .' "actionType": "doPlaybook",'."\n" + .' "playbookName": "WafBlockIP",'."\n" + .' "playbookUuid": "bdad6220-6584-41b2-9704-fc6584568758"'."\n" + .' }'."\n" + .']', + ], + ], + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The type of the view. Valid values:'."\n" + .'- 0: the current Alibaba Cloud account'."\n" + .'- 1: the global account', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The ID of the account that you switch from the management account.', + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '113091674488****', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The data management center of the threat analysis feature. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* **cn-hangzhou**: Your assets reside in regions in China.'."\n" + .'* **ap-southeast-1**: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'BaseResponse<String>', + 'description' => 'BaseResponse'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'string', + 'example' => '123456', + ], + 'Success' => [ + 'title' => '请求是否成功。取值:'."\n" + .'- true:成功'."\n" + .'- false:失败', + 'description' => 'Indicates whether the request was successful. Valid values:'."\n" + ."\n" + .'* **true**'."\n" + .'* **false**'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'Code' => [ + 'title' => '请求状态码。', + 'description' => 'The HTTP status code that is returned.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '200', + ], + 'Message' => [ + 'title' => '请求返回消息。', + 'description' => 'The returned message.'."\n", + 'type' => 'string', + 'example' => 'success', + ], + 'RequestId' => [ + 'title' => '请求id。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorMessage' => 'The request processing has failed due to some unknown error.', + 'errorCode' => 'InternalError', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": \\"123456\\",\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', + 'title' => 'PostAutomateResponseConfig', + ], + 'UpdateAutomateResponseConfigStatus' => [ + 'summary' => 'Updates the status of an automatic response rule.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'https', + 'http', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'update', + 'riskType' => 'none', + 'chargeType' => 'free', + ], + 'parameters' => [ + [ + 'name' => 'Ids', + 'in' => 'formData', + 'schema' => [ + 'title' => '自动响应规则id列表,json数组。', + 'description' => 'The IDs of the automatic response rules. The value is a JSON array.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '[123,345]', + ], + ], + [ + 'name' => 'InUse', + 'in' => 'formData', + 'schema' => [ + 'title' => '规则开启状态。 取值:'."\n" + .'- true:开启'."\n" + .'- false:关闭', + 'description' => 'Specifies whether the rule is enabled. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'required' => false, + 'example' => 'true', + ], + ], + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The type of the view. Valid values:'."\n" + .'- 0: the current Alibaba Cloud account'."\n" + .'- 1: the global account', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The ID of the account that you switch from the management account.', + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '113091674488****', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The data management center of the threat analysis feature. Specify this parameter based on the region in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions inside China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'BaseResponse<String>', + 'description' => 'BaseResponse'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'string', + 'example' => '123456', + ], + 'Success' => [ + 'title' => '请求是否成功。取值:'."\n" + .'- true:成功'."\n" + .'- false:失败', + 'description' => 'Indicates whether the request was successful. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'Code' => [ + 'title' => '请求状态码。', + 'description' => 'The HTTP status code that is returned.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '200', + ], + 'Message' => [ + 'title' => '请求返回消息。', + 'description' => 'The returned message.'."\n", + 'type' => 'string', + 'example' => 'success', + ], + 'RequestId' => [ + 'title' => '请求id。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorMessage' => 'The request processing has failed due to some unknown error.', + 'errorCode' => 'InternalError', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": \\"123456\\",\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', + 'title' => 'UpdateAutomateResponseConfigStatus', + ], + 'ListDisposeStrategy' => [ + 'summary' => 'Queries handling policies.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'http', + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'list', + 'riskType' => 'none', + 'chargeType' => 'free', + 'abilityTreeNodes' => [ + 'FEATUREsasAFG0OH', + ], + ], + 'parameters' => [ + [ + 'name' => 'SophonTaskId', + 'in' => 'formData', + 'schema' => [ + 'title' => '处置策略ID。', + 'description' => 'The ID of the SOAR handling policy.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'a50a49b7-6044-4593-ab15-2b46567caadd', + ], + ], + [ + 'name' => 'EntityIdentity', + 'in' => 'formData', + 'schema' => [ + 'title' => '实体特征值,可以对处置实体进行模糊搜索。', + 'description' => 'The feature value of the entity. Fuzzy match is supported.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'test22.php', + ], + ], + [ + 'name' => 'EntityType', + 'in' => 'formData', + 'schema' => [ + 'title' => '剧本支持的实体类型。取值:'."\n" + .'- ip:ip'."\n" + .'- process:进程'."\n" + .'- file:文件', + 'description' => 'The entity type of the playbook. Valid values:'."\n" + ."\n" + .'* ip'."\n" + .'* process'."\n" + .'* file'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'ip', + ], + ], + [ + 'name' => 'PlaybookName', + 'in' => 'formData', + 'schema' => [ + 'title' => '剧本唯一标识名称。', + 'description' => 'The name of the playbook, which is the unique identifier of the playbook.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'WafBlockIP', + ], + ], + [ + 'name' => 'PlaybookUuid', + 'in' => 'formData', + 'schema' => [ + 'title' => '剧本UUID。', + 'description' => 'The UUID of the playbook.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'system_aliyun_clb_process_book', + ], + ], + [ + 'name' => 'PlaybookTypes', + 'in' => 'formData', + 'schema' => [ + 'title' => '剧本类型。 取值:'."\n" + .'- system:手动处置'."\n" + .'- custom:事件触发剧本'."\n" + .'- custom_alert:告警触发剧本'."\n" + .'- soar-manual:手动运行剧本'."\n" + .'- soar-mdr:MDR运行剧本', + 'description' => 'The type of the playbook. Valid values:'."\n" + ."\n" + .'* system: user-triggered playbook'."\n" + .'* custom: event-triggered playbook'."\n" + .'* custom_alert: alert-triggered playbook'."\n" + .'* soar-manual: user-run playbook'."\n" + .'* soar-mdr: MDR-run playbook'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'system', + ], + ], + [ + 'name' => 'EffectiveStatus', + 'in' => 'formData', + 'schema' => [ + 'title' => '策略状态。 取值:'."\n" + .'- 0:失效'."\n" + .'- 1:有效', + 'description' => 'The status of the policy. Valid values:'."\n" + ."\n" + .'* 0: invalid'."\n" + .'* 1: valid'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '0', + ], + ], + [ + 'name' => 'OrderField', + 'in' => 'formData', + 'schema' => [ + 'title' => '排序字段。 取值:'."\n" + .'- GmtModified:按更新时间排序'."\n" + .'- GmtCreate:按创建时间排序'."\n" + .'- FinishTime:按策略结束时间排序', + 'description' => 'The sort field. Valid values:'."\n" + ."\n" + .'* GmtModified: sorts the policies by update time.'."\n" + .'* GmtCreate: sorts the policies by creation time.'."\n" + .'* FinishTime: sorts the policies by end time.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'GmtModified', + ], + ], + [ + 'name' => 'Order', + 'in' => 'formData', + 'schema' => [ + 'title' => '排序方向。 取值:'."\n" + .'- desc:降序排列'."\n" + .'- asc:升序排列', + 'description' => 'The sort order. Valid values:'."\n" + ."\n" + .'* desc: descending order.'."\n" + .'* asc: ascending order.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'desc', + ], + ], + [ + 'name' => 'StartTime', + 'in' => 'formData', + 'schema' => [ + 'title' => '查询开始时间, 单位毫秒。', + 'description' => 'The beginning of the time range to query. Unit: milliseconds.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'required' => true, + 'example' => '1577808000000', + ], + ], + [ + 'name' => 'EndTime', + 'in' => 'formData', + 'schema' => [ + 'title' => '查询结束时间, 单位毫秒。', + 'description' => 'The end of the time range to query. Unit: milliseconds.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'required' => true, + 'example' => '1577808000000', + ], + ], + [ + 'name' => 'Status', + 'in' => 'formData', + 'schema' => [ + 'type' => 'integer', + 'format' => 'int32', + ], + ], + [ + 'name' => 'CurrentPage', + 'in' => 'formData', + 'schema' => [ + 'title' => '列表当前页号, 大于等于1。', + 'description' => 'The page number. Pages start from page 1.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'required' => true, + 'minimum' => '1', + 'example' => '1', + ], + ], + [ + 'name' => 'PageSize', + 'in' => 'formData', + 'schema' => [ + 'title' => '列表每页条数, 最大不超过100。', + 'description' => 'The number of entries per page. Maximum value: 100.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'required' => true, + 'maximum' => '100', + 'minimum' => '1', + 'example' => '10', + ], + ], + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The type of the view. Valid values:'."\n" + .'- 0: the current Alibaba Cloud account'."\n" + .'- 1: the global account', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + 'title' => '0,单账号登录;1,全局视图;2,切换视图;3,局部视图', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The ID of the account that you switch from the management account.', + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '113091674488****', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + [ + 'name' => 'IncidentUuid', + 'in' => 'formData', + 'schema' => [ + 'type' => 'string', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'PageResponse<List<DisposeStrategy>>', + 'description' => 'PageResponse\\<List>'."\n", + 'type' => 'object', + 'properties' => [ + 'Success' => [ + 'title' => '请求是否成功。取值:'."\n" + .'- true:成功'."\n" + .'- false:失败', + 'description' => 'Indicates whether the request was successful. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'Code' => [ + 'title' => '请求状态码。', + 'description' => 'The HTTP status code.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '200', + ], + 'Message' => [ + 'title' => '请求返回消息。', + 'description' => 'The returned message.'."\n", + 'type' => 'string', + 'example' => 'success', + ], + 'RequestId' => [ + 'title' => '请求id。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', + ], + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'object', + 'properties' => [ + 'PageInfo' => [ + 'title' => '分页记录。', + 'description' => 'The pagination information.'."\n", + 'type' => 'object', + 'properties' => [ + 'CurrentPage' => [ + 'title' => '列表当前页号。', + 'description' => 'The current page number.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '1', + ], + 'PageSize' => [ + 'title' => '每页返回记录数。', + 'description' => 'The number of entries per page.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '10', + ], + 'TotalCount' => [ + 'title' => '记录总数。', + 'description' => 'The total number of entries returned.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '100', + ], + ], + ], + 'ResponseData' => [ + 'title' => '详细数据。', + 'description' => 'The detailed data.'."\n", + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'Id' => [ + 'title' => '策略ID。', + 'description' => 'The ID of the policy.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '123', + ], + 'GmtCreate' => [ + 'title' => '创建时间。', + 'description' => 'The creation time.'."\n", + 'type' => 'string', + 'example' => '2021-01-06 16:37:29', + ], + 'GmtModified' => [ + 'title' => '修改时间。', + 'description' => 'The update time.'."\n", + 'type' => 'string', + 'example' => '2021-01-06 16:37:29', + ], + 'Aliuid' => [ + 'title' => '策略关联siem主账号ID。', + 'description' => 'The ID of the Alibaba Cloud account that is associated with the policy in SIEM.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '127608589417****', + ], + 'SubAliuid' => [ + 'title' => '配置策略阿里账号ID。', + 'description' => 'The ID of the Alibaba account that is used to configure the policy.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '176555323***', + ], + 'IncidentName' => [ + 'title' => '事件名称。', + 'description' => 'The name of the event.'."\n", + 'type' => 'string', + 'example' => 'Multiple type of alerts, including Miner Network, Command line download and run malicious files, Backdoor Process, etc', + ], + 'Scope' => [ + 'title' => '处置作用域。', + 'description' => 'The scope of the policy.'."\n", + 'type' => 'array', + 'items' => [ + 'description' => 'The scope of the policy.'."\n", + 'type' => 'any', + 'example' => '[{ aliUid: 1766185894104675 }]', + ], + 'example' => '[{ aliUid: 1766185894104675 }]', + ], + 'IncidentUuid' => [ + 'title' => '事件全局唯一ID。', + 'description' => 'The UUID of the event.'."\n", + 'type' => 'string', + 'example' => '85ea4241-798f-4684-a876-65d4f0c3****', + ], + 'AlertUuid' => [ + 'title' => '告警ID。', + 'description' => 'The UUID of the alert.'."\n", + 'type' => 'string', + 'example' => 'sas_71e24437d2797ce8fc59692905a4****', + ], + 'SophonTaskId' => [ + 'title' => 'soar处置策略ID。', + 'description' => 'The ID of the SOAR handling policy.'."\n", + 'type' => 'string', + 'example' => '577bbf90-a770-44a7-8154-586aa2d318fa', + ], + 'PlaybookName' => [ + 'title' => '剧本唯一标识名称。', + 'description' => 'The name of the playbook, which is the unique identifier of the playbook.'."\n", + 'type' => 'string', + 'example' => 'WafBlockIP', + ], + 'PlaybookUuid' => [ + 'title' => '剧本UUID。', + 'description' => 'The UUID of the playbook.'."\n", + 'type' => 'string', + 'example' => 'system_aliyun_clb_process_book', + ], + 'PlaybookType' => [ + 'title' => '剧本类型。 取值:'."\n" + .'- system:手动处置'."\n" + .'- custom:事件触发剧本'."\n" + .'- custom_alert:告警触发剧本'."\n" + .'- soar-manual:手动运行剧本'."\n" + .'- soar-mdr:MDR运行剧本', + 'description' => 'The type of the playbook. Valid values:'."\n" + ."\n" + .'* system: user-triggered playbook'."\n" + .'* custom: event-triggered playbook'."\n" + .'* custom_alert: alert-triggered playbook'."\n" + .'* soar-manual: user-run playbook'."\n" + .'* soar-mdr: MDR-run playbook'."\n", + 'type' => 'string', + 'example' => 'system', + ], + 'TaskUrl' => [ + 'title' => '剧本url', + 'type' => 'string', + ], + 'EntityId' => [ + 'title' => '实体ID。', + 'description' => 'The ID of the entity.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '123456789', + ], + 'Entity' => [ + 'title' => '实体详情, json数组格式。', + 'description' => 'The details of the entity. The value is a JSON array.'."\n", + 'type' => 'array', + 'items' => [ + 'description' => 'The item. The value is a JSON string.'."\n", + 'type' => 'any', + 'example' => '[{"ip":"1.1.1.1"}]', + ], + 'example' => '[{"ip":"1.1.1.1"}]', + ], + 'EntityType' => [ + 'title' => '实体类型。取值:'."\n" + .'- ip:ip'."\n" + .'- process:进程'."\n" + .'- file:文件', + 'description' => 'The type of the entity. Valid values:'."\n" + ."\n" + .'* ip'."\n" + .'* process'."\n" + .'* file'."\n", + 'type' => 'string', + 'example' => 'ip', + ], + 'TaskParam' => [ + 'title' => '触发剧本参数, json格式。', + 'description' => 'The parameters that are used to trigger the playbook. The value is in the JSON format.'."\n", + 'type' => 'string', + 'example' => '{'."\n" + .' "file": {'."\n" + .' "op_code": "2",'."\n" + .' "file_path": "/root/alert0913/a886.jsp",'."\n" + .' "entity_type": "file",'."\n" + .' "entity_name": "a886.jsp",'."\n" + .' "file_name": "a886.jsp",'."\n" + .' "file_owner": "USER:,GROUP:",'."\n" + .' "hash_value": "5def10c9a4287d0920d86b42420b20b0",'."\n" + .' "op_level": "2",'."\n" + .' "entity_id": "/root/alert0913/a886.jsp",'."\n" + .' "host_uuid": {'."\n" + .' "entity_type": "host",'."\n" + .' "entity_name": "N/A",'."\n" + .' "is_comprised": "1",'."\n" + .' "os_type": "linux",'."\n" + .' "entity_id": "5f58ef67-8803-4314-8d67-c87dc92b****",'."\n" + .' "host_uuid": "5f58ef67-8803-4314-8d67-c87dc92b****",'."\n" + .' "host_name": "N/A"'."\n" + .' },'."\n" + .' "malware_type": "${aliyun.siem.sas.alert_tag.webshell}"'."\n" + .' },'."\n" + .' "_sys_siem": {'."\n" + .' "cloudCode": "aliyun",'."\n" + .' "alertId": "89416745494****"'."\n" + .' },'."\n" + .' "scope": ['."\n" + .' {'."\n" + .' "aliUid": 1766185894104****'."\n" + .' }'."\n" + .' ]'."\n" + .'}', + ], + 'ErrorMessage' => [ + 'title' => '任务的失败摘要信息。', + 'description' => 'The summary information about the failed task.'."\n", + 'type' => 'string', + 'example' => 'DisposalEntity failed which description is Aegis Quarantine File , return_info failed which description is Check Aegis Process Result , [ERROR DETAIL] *******.php:file not found', + ], + 'FinishTime' => [ + 'title' => '任务的结束时间。', + 'description' => 'The end time of the task.'."\n", + 'type' => 'string', + 'example' => '2021-08-10 21:34:07', + ], + 'EffectiveStatus' => [ + 'title' => '策略状态。 取值:'."\n" + .'- 0:失效'."\n" + .'- 1:有效', + 'description' => 'The status of the policy. Valid values:'."\n" + ."\n" + .'* 0: invalid'."\n" + .'* 1: valid'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '0', + ], + 'Status' => [ + 'title' => '剧本调用状态。 取值:'."\n" + .'- 200:成功'."\n" + .'- 10:删除'."\n" + .'- 5:失败'."\n" + .'- 0:初始状态', + 'description' => 'The running status of the playbook. Valid values:'."\n" + ."\n" + .'* 200: successful'."\n" + .'* 10: deleted'."\n" + .'* 5: failed'."\n" + .'* 0: initial'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '10', + ], + ], + ], + ], + ], + 'example' => '123456', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorMessage' => 'The request processing has failed due to some unknown error.', + 'errorCode' => 'InternalError', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\",\\n \\"Data\\": {\\n \\"PageInfo\\": {\\n \\"CurrentPage\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 100\\n },\\n \\"ResponseData\\": [\\n {\\n \\"Id\\": 123,\\n \\"GmtCreate\\": \\"2021-01-06 16:37:29\\",\\n \\"GmtModified\\": \\"2021-01-06 16:37:29\\",\\n \\"Aliuid\\": 0,\\n \\"SubAliuid\\": 0,\\n \\"IncidentName\\": \\"Multiple type of alerts, including Miner Network, Command line download and run malicious files, Backdoor Process, etc\\",\\n \\"Scope\\": [\\n \\"[{ aliUid: 176618589410**** }]\\"\\n ],\\n \\"IncidentUuid\\": \\"85ea4241-798f-4684-a876-65d4f0c3****\\",\\n \\"AlertUuid\\": \\"sas_71e24437d2797ce8fc59692905a4****\\",\\n \\"SophonTaskId\\": \\"577bbf90-a770-44a7-8154-586aa2d3****\\",\\n \\"PlaybookName\\": \\"WafBlockIP\\",\\n \\"PlaybookUuid\\": \\"system_aliyun_clb_process_book\\",\\n \\"PlaybookType\\": \\"system\\",\\n \\"TaskUrl\\": \\"{\\\\\\"playbookUuid\\\\\\":\\\\\\"system_aliyun_aegis_stop_container_book\\\\\\",\\\\\\"requestUuid\\\\\\":\\\\\\"e8924356-448b-4301-aee9-*******\\\\\\"}\\",\\n \\"EntityId\\": 123456789,\\n \\"Entity\\": [\\n \\"[{\\\\\\"ip\\\\\\":\\\\\\"1.1.XX.XX\\\\\\"}]\\"\\n ],\\n \\"EntityType\\": \\"ip\\",\\n \\"TaskParam\\": \\"{\\\\n \\\\\\"file\\\\\\": {\\\\n \\\\\\"op_code\\\\\\": \\\\\\"2\\\\\\",\\\\n \\\\\\"file_path\\\\\\": \\\\\\"/root/alert0913/a886.jsp\\\\\\",\\\\n \\\\\\"entity_type\\\\\\": \\\\\\"file\\\\\\",\\\\n \\\\\\"entity_name\\\\\\": \\\\\\"a886.jsp\\\\\\",\\\\n \\\\\\"file_name\\\\\\": \\\\\\"a886.jsp\\\\\\",\\\\n \\\\\\"file_owner\\\\\\": \\\\\\"USER:,GROUP:\\\\\\",\\\\n \\\\\\"hash_value\\\\\\": \\\\\\"5def10c9a4287d0920d86b42420b20b0\\\\\\",\\\\n \\\\\\"op_level\\\\\\": \\\\\\"2\\\\\\",\\\\n \\\\\\"entity_id\\\\\\": \\\\\\"/root/alert0913/a886.jsp\\\\\\",\\\\n \\\\\\"host_uuid\\\\\\": {\\\\n \\\\\\"entity_type\\\\\\": \\\\\\"host\\\\\\",\\\\n \\\\\\"entity_name\\\\\\": \\\\\\"N/A\\\\\\",\\\\n \\\\\\"is_comprised\\\\\\": \\\\\\"1\\\\\\",\\\\n \\\\\\"os_type\\\\\\": \\\\\\"linux\\\\\\",\\\\n \\\\\\"entity_id\\\\\\": \\\\\\"5f58ef67-8803-4314-8d67-c87dc92b****\\\\\\",\\\\n \\\\\\"host_uuid\\\\\\": \\\\\\"5f58ef67-8803-4314-8d67-c87dc92b****\\\\\\",\\\\n \\\\\\"host_name\\\\\\": \\\\\\"N/A\\\\\\"\\\\n },\\\\n \\\\\\"malware_type\\\\\\": \\\\\\"${aliyun.siem.sas.alert_tag.webshell}\\\\\\"\\\\n },\\\\n \\\\\\"_sys_siem\\\\\\": {\\\\n \\\\\\"cloudCode\\\\\\": \\\\\\"aliyun\\\\\\",\\\\n \\\\\\"alertId\\\\\\": \\\\\\"89416745494****\\\\\\"\\\\n },\\\\n \\\\\\"scope\\\\\\": [\\\\n {\\\\n \\\\\\"aliUid\\\\\\": 1766185894104****\\\\n }\\\\n ]\\\\n}\\",\\n \\"ErrorMessage\\": \\"DisposalEntity failed which description is Aegis Quarantine File , return_info failed which description is Check Aegis Process Result , [ERROR DETAIL] *******.php:file not found\\",\\n \\"FinishTime\\": \\"2021-08-10 21:34:07\\",\\n \\"EffectiveStatus\\": 0,\\n \\"Status\\": 10\\n }\\n ]\\n }\\n}","type":"json"}]', + 'title' => 'ListDisposeStrategy', + ], + 'DescribeDisposeStrategyPlaybook' => [ + 'summary' => 'Queries the list of playbooks that are used by a handling policy.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'https', + 'http', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'riskType' => 'none', + 'chargeType' => 'free', + ], + 'parameters' => [ + [ + 'name' => 'StartTime', + 'in' => 'formData', + 'schema' => [ + 'title' => '查询开始时间, 单位毫秒。', + 'description' => 'The beginning of the time range to query. Unit: milliseconds.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'required' => true, + 'example' => '1577808000000', + ], + ], + [ + 'name' => 'EndTime', + 'in' => 'formData', + 'schema' => [ + 'title' => '查询结束时间, 单位毫秒。', + 'description' => 'The end of the time range to query. Unit: milliseconds.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'required' => true, + 'example' => '1577808000000', + ], + ], + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The type of the view. Valid values:'."\n" + .'- 0: the current Alibaba Cloud account'."\n" + .'- 1: the global account', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The ID of the account that you switch from the management account.', + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '113091674488****', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The data management center of the threat analysis feature. Specify this parameter based on the region in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions inside China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'BaseResponse<List<StrategyPlaybookList>>', + 'description' => 'BaseResponse\\<List>'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'PlaybookName' => [ + 'title' => '剧本唯一标识名称。', + 'description' => 'The playbook name, which is the unique identifier of the playbook.'."\n", + 'type' => 'string', + 'example' => 'WafBlockIP', + ], + 'PlaybookUuid' => [ + 'title' => '剧本UUID。', + 'description' => 'The UUID of the playbook.'."\n", + 'type' => 'string', + 'example' => 'system_aliyun_clb_process_book', + ], + ], + ], + 'example' => '123456', + ], + 'Success' => [ + 'title' => '请求是否成功。取值:'."\n" + .'- true:成功'."\n" + .'- false:失败', + 'description' => 'Indicates whether the request was successful. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'Code' => [ + 'title' => '请求状态码。', + 'description' => 'The HTTP status code that is returned.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '200', + ], + 'Message' => [ + 'title' => '请求返回消息。', + 'description' => 'The returned message.'."\n", + 'type' => 'string', + 'example' => 'success', + ], + 'RequestId' => [ + 'title' => '请求id。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorMessage' => 'The request processing has failed due to some unknown error.', + 'errorCode' => 'InternalError', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"PlaybookName\\": \\"WafBlockIP\\",\\n \\"PlaybookUuid\\": \\"system_aliyun_clb_process_book\\"\\n }\\n ],\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', + 'title' => 'DescribeDisposeStrategyPlaybook', + ], + 'RestoreCapacity' => [ + 'summary' => 'Releases storage to reduce the storage usage. The release operation is irreversible and may cause data loss. Proceed with caution.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'http', + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'update', + 'abilityTreeCode' => '173446', + 'abilityTreeNodes' => [ + 'FEATUREsasRXJ9SY', + ], + ], + 'parameters' => [ + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The type of the view. Valid values:'."\n" + .'- 0: the current Alibaba Cloud account'."\n" + .'- 1: the global account', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The ID of the account that you switch from the management account.', + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '113091674488****', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'CloudSiemSuccessResponse<Boolean>', + 'description' => 'CloudSiemResponse'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'Indicates whether the release command has been sent. Valid values:'."\n" + ."\n" + .'* true: The command has been sent and the storage space is being released.'."\n" + .'* false: The command failed to be sent.'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'RequestId' => [ + 'title' => '请求消息ID。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '6276D891-58D4-55B2-87B9-74D413F7****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorCode' => 'InternalError', + 'errorMessage' => 'The request processing has failed due to some unknown error.', + ], + ], + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": true,\\n \\"RequestId\\": \\"6276D891-58D4-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', + 'title' => 'RestoreCapacity', + ], + 'GetCapacity' => [ + 'summary' => 'Queries the storage capacity usage of the threat analysis feature and the purchased storage capacity', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'http', + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'riskType' => 'none', + 'chargeType' => 'free', + 'abilityTreeCode' => '155452', + 'abilityTreeNodes' => [ + 'FEATUREsasRXJ9SY', + ], + ], + 'parameters' => [ + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The type of the view. Valid values:'."\n" + .'- 0: the current Alibaba Cloud account'."\n" + .'- 1: the global account', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The ID of the account that you switch from the management account.', + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '113091674488****', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'CloudSiemSuccessResponse<CloudSiemCapacityResponse>', + 'description' => 'CloudSiemResponse'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The information about the storage capacity.'."\n", + 'type' => 'object', + 'properties' => [ + 'UsedCapacity' => [ + 'title' => '威胁分析当前计费容量。', + 'description' => 'The billable storage capacity of the threat analysis feature. Unit: GB.'."\n", + 'type' => 'number', + 'format' => 'double', + 'example' => '10', + ], + 'PreservedCapacity' => [ + 'title' => '威胁分析用户购买容量。', + 'description' => 'The purchased storage capacity of the threat analysis feature. Unit: GB.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '9000', + ], + 'ExistLogStore' => [ + 'title' => '威胁分析用户侧LogStore是否存在,默认true。取值:'."\n" + .'- true:当前日志正常,日志分析可用'."\n" + .'- false:当前正在清理日志,日志分析不可用', + 'description' => 'Indicates whether the Logstores for the threat analysis feature exist on the user side. Valid values:'."\n" + ."\n" + .'* true: The logs are in the normal state. The log analysis feature is available.'."\n" + .'* false: The logs are being cleared. The log analysis feature is unavailable.'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'AgentManagedAssetQuota' => [ + 'title' => 'Agent调用实例量已购额度', + 'type' => 'integer', + 'format' => 'int64', + 'example' => '1', + ], + 'AgentManagedAssetUsed' => [ + 'title' => 'Agent调用实例量已用量', + 'type' => 'integer', + 'format' => 'int64', + 'example' => '1', + ], + ], + ], + 'RequestId' => [ + 'title' => '请求消息ID。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '27D27DCB-D76B-5064-8B3B-0900DEF7****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorCode' => 'InternalError', + 'errorMessage' => 'The request processing has failed due to some unknown error.', + ], + [ + 'errorCode' => 'Siem.Storage.Exception', + 'errorMessage' => 'The request timed out, try again.', + ], + ], + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"UsedCapacity\\": 10,\\n \\"PreservedCapacity\\": 9000,\\n \\"ExistLogStore\\": true,\\n \\"AgentManagedAssetQuota\\": 1,\\n \\"AgentManagedAssetUsed\\": 1\\n },\\n \\"RequestId\\": \\"27D27DCB-D76B-5064-8B3B-0900DEF7****\\"\\n}","type":"json"}]', + 'title' => 'GetCapacity', + ], + 'SetStorage' => [ + 'summary' => 'Configures the settings of log storage, such as the storage duration and storage region.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'http', + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'update', + 'abilityTreeCode' => '179221', + 'abilityTreeNodes' => [ + 'FEATUREsasRXJ9SY', + ], + ], + 'parameters' => [ + [ + 'name' => 'Ttl', + 'in' => 'formData', + 'schema' => [ + 'title' => '日志存储天数,默认180天。该值最小设置为30天,最大不能超过3000天。', + 'description' => 'The storage duration of logs. Default value: 180. Minimum value: 30. Maximum value: 3000. Unit: days.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'required' => true, + 'example' => '180', + ], + ], + [ + 'name' => 'Region', + 'in' => 'formData', + 'schema' => [ + 'title' => '日志存储地域。', + 'description' => 'The storage region of logs.'."\n" + ."\n" + .'If the data management center is **cn-hangzhou**, the default value of **Region** is cn-shanghai, which specifies the China (Shanghai) region. If the data management center is **ap-southeast-1**, the default value of **Region** is ap-southeast-1, which specifies the Singapore region.'."\n" + ."\n" + .'The region for log storage cannot be changed. To change the region, contact the technical support of threat analysis.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-shanghai', + ], + ], + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The type of the view. Valid values:'."\n" + .'- 0: the current Alibaba Cloud account'."\n" + .'- 1: the global account', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The ID of the account that you switch from the management account.', + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '113091674488****', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The data management center of the threat analysis feature. Specify this parameter based on the region where your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'CloudSiemSuccessResponse<Boolean>', + 'description' => 'CloudSiemResponse'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'Indicates whether the settings are saved. Valid values:'."\n" + ."\n" + .'* true:'."\n" + .'* false:'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'RequestId' => [ + 'title' => '请求消息ID。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '6276D891-58D4-55B2-87B9-74D413F7****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'Siem.TTL.Limit', + 'errorMessage' => 'TTL should be set 30 days at least', + ], + ], + 500 => [ + [ + 'errorCode' => 'InternalError', + 'errorMessage' => 'The request processing has failed due to some unknown error.', + ], + ], + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": true,\\n \\"RequestId\\": \\"6276D891-58D4-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', + 'title' => 'SetStorage', + ], + 'DescribeStorage' => [ + 'summary' => 'Queries the status of the Logstores for the threat analysis feature in Simple Log Service on the user side.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'http', + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'abilityTreeCode' => '190429', + 'abilityTreeNodes' => [ + 'FEATUREsasRXJ9SY', + ], + ], + 'parameters' => [ + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The type of the view. Valid values:'."\n" + .'- 0: the current Alibaba Cloud account'."\n" + .'- 1: the global account', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The ID of the account that you switch from the management account.', + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '137820528780****', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'CloudSiemSuccessResponse<Boolean>', + 'description' => 'CloudSiemResponse'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'Indicates whether the projects and Logstores that are created for the threat analysis feature exist in Simple Log Service. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'RequestId' => [ + 'title' => '请求消息ID。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => 'CCEEE128-6607-503E-AAA6-C5E57D94****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorCode' => 'InternalError', + 'errorMessage' => 'The request processing has failed due to some unknown error.', + ], + [ + 'errorCode' => 'SLS.Operation.Error', + 'errorMessage' => 'SLS service is unavailable!', + ], + ], + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": true,\\n \\"RequestId\\": \\"CCEEE128-6607-503E-AAA6-C5E57D94****\\"\\n}","type":"json"}]', + 'title' => 'DescribeStorage', + ], + 'GetStorage' => [ + 'summary' => 'Queries the storage configurations for the threat analysis feature on the user side.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'http', + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'abilityTreeCode' => '179222', + 'abilityTreeNodes' => [ + 'FEATUREsasRXJ9SY', + ], + ], + 'parameters' => [ + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The type of the view. Valid values:'."\n" + .'- 0: the current Alibaba Cloud account'."\n" + .'- 1: the global account', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The ID of the account that you switch from the management account.', + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '127XXXX', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The data management center of the threat analysis feature. Specify this parameter based on the region where your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'CloudSiemSuccessResponse<CloudSiemStorageResponse>', + 'description' => 'CloudSiemResponse'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The information about the storage.'."\n", + 'type' => 'object', + 'properties' => [ + 'Ttl' => [ + 'title' => '存储天数。', + 'description' => 'The storage period of logs. Unit: day. Default value: 180. Valid values: 30 to 3000.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '180', + ], + 'Region' => [ + 'title' => '存储地域(region)。', + 'description' => 'The region where the data is stored.'."\n" + ."\n" + .'If the data management center is **cn-hangzhou**, the default value of **Region** is cn-shanghai, which specifies the China (Shanghai) region. If the data management center is **ap-southeast-1**, the default value of **Region** is ap-southeast-1, which specifies the Singapore region.'."\n", + 'type' => 'string', + 'example' => 'cn-shanghai', + ], + 'DisplayRegion' => [ + 'title' => '是否拥有修改存储地域的权限,默认值false。取值:'."\n" + .'- true:拥有修改存储地域的权限'."\n" + .'- false:不拥有修改存储地域的权限', + 'description' => 'Indicates whether the storage region can be changed. Default value: false Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'example' => 'false', + ], + 'CanOperate' => [ + 'title' => '当前是否可以操作存储地域(存储地域仅能操作一次),默认值false。取值:'."\n" + .'- true:可以修改存储地域'."\n" + .'- false:不可以修改存储地域', + 'description' => 'Indicates whether the storage region can be changed for once. Default value: false Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'example' => 'false', + ], + ], + ], + 'RequestId' => [ + 'title' => '请求消息ID。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '97A31C3A-3F9F-5866-8979-5159E3DC****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorCode' => 'InternalError', + 'errorMessage' => 'The request processing has failed due to some unknown error.', + ], + ], + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"Ttl\\": 180,\\n \\"Region\\": \\"cn-shanghai\\",\\n \\"DisplayRegion\\": false,\\n \\"CanOperate\\": false\\n },\\n \\"RequestId\\": \\"97A31C3A-3F9F-5866-8979-5159E3DC****\\"\\n}","type":"json"}]', + 'title' => 'GetStorage', + ], + 'ListDelivery' => [ + 'summary' => 'Queries the information about the cloud services that are integrated with the threat analysis feature, the logs of the cloud services, and the delivery of the logs.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'http', + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'list', + 'abilityTreeCode' => '155305', + 'abilityTreeNodes' => [ + 'FEATUREsasRXJ9SY', + ], + ], + 'parameters' => [ + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The type of the view. Valid values:'."\n" + .'- 0: the current Alibaba Cloud account'."\n" + .'- 1: the global account', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The ID of the account that you switch from the management account.', + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '113091674488****', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'CloudSiemSuccessResponse<CloudSiemAnalyzeResponse>', + 'description' => 'BaseResponse'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The response parameters.'."\n", + 'type' => 'object', + 'properties' => [ + 'ProjectName' => [ + 'title' => '威胁分析用户侧日志服务Project名字,格式:aliyun-cloudsiem-data-${aliUid}-${region}。', + 'description' => 'The name of the project for the threat analysis feature in Simple Log service on the user side. The value is in the aliyun-cloudsiem-data-${aliUid}-${region} format.'."\n", + 'type' => 'string', + 'example' => 'aliyun-cloudsiem-data-127608589417****-cn-shanghai', + ], + 'LogStoreName' => [ + 'title' => '威胁分析用户侧LogStore的名字,格式:cloud_siem。', + 'description' => 'The name of the Logstore for the threat analysis feature on the user side. The value is in the cloud_siem format.'."\n", + 'type' => 'string', + 'example' => 'cloud-siem', + ], + 'SearchUrl' => [ + 'title' => '日志分析页面中查询分析的URL。', + 'description' => 'The URL that is used for log analysis.'."\n", + 'type' => 'string', + 'example' => 'https://sls4service.console.aliyun.com/lognext/project/aliyun-cloudsiem-data-127608589417****-cn-shanghai'."\n" + .'/logsearch/cloud-siem?isShare=true&hideTopbar=true&hideSidebar=true&ignoreTabLocalStorage=true', + ], + 'DashboardUrl' => [ + 'title' => '日志分析页面中报表展示的URL。', + 'description' => 'The URL that is displayed in charts.'."\n", + 'type' => 'string', + 'example' => 'https://sls4service.console.aliyun.com/lognext/project/aliyun-cloudsiem-data-127608589417****-cn-shanghai'."\n" + .'/dashboard/cloud-siem?isShare=true&hideTopbar=true&hideSidebar=true&ignoreTabLocalStorage=true', + ], + 'DisplaySwitchOrNot' => [ + 'title' => '是否展示投递开关,默认true,取值:'."\n" + .'- true:显示投递开关'."\n" + .'- false:隐藏投递开关', + 'description' => 'Indicates whether the log delivery switch is displayed. Default value: true. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'ProductList' => [ + 'title' => '接入的产品列表。', + 'description' => 'The cloud services.'."\n", + 'type' => 'array', + 'items' => [ + 'description' => '', + 'type' => 'object', + 'properties' => [ + 'ProductCode' => [ + 'title' => '云产品编码。取值:'."\n" + .'- qcloud_waf'."\n" + .'- qlcoud_cfw'."\n" + .'- hcloud_waf'."\n" + .'- hcloud_cfw'."\n" + .'- ddos'."\n" + .'- sas'."\n" + .'- cfw'."\n" + .'- config'."\n" + .'- csk'."\n" + .'- fc'."\n" + .'- rds'."\n" + .'- nas'."\n" + .'- apigateway'."\n" + .'- cdn'."\n" + .'- mongodb'."\n" + .'- eip'."\n" + .'- slb'."\n" + .'- vpc'."\n" + .'- actiontrail'."\n" + .'- waf'."\n" + .'- bastionhost'."\n" + .'- oss'."\n" + .'- polardb', + 'description' => 'The code of the cloud service. Valid values:'."\n" + ."\n" + .'* qcloud_waf'."\n" + .'* qlcoud_cfw'."\n" + .'* hcloud_waf'."\n" + .'* hcloud_cfw'."\n" + .'* ddos'."\n" + .'* sas'."\n" + .'* cfw'."\n" + .'* config'."\n" + .'* csk'."\n" + .'* fc'."\n" + .'* rds'."\n" + .'* nas'."\n" + .'* apigateway'."\n" + .'* cdn'."\n" + .'* mongodb'."\n" + .'* eip'."\n" + .'* slb'."\n" + .'* vpc'."\n" + .'* actiontrail'."\n" + .'* waf'."\n" + .'* bastionhost'."\n" + .'* oss'."\n" + .'* polardb'."\n", + 'type' => 'string', + 'example' => 'sas', + ], + 'ProductName' => [ + 'title' => '所属厂商名称', + 'description' => 'This parameter is deprecated.'."\n", + 'type' => 'string', + 'example' => 'Security Center', + ], + 'LogMap' => [ + 'title' => '存在日志分类的日志列表', + 'description' => 'The log group. For example, in Security Center, the logs of hosts and networks are stored in different groups. Key indicates the group information, and value indicates the logs in the group.'."\n", + 'type' => 'object', + 'additionalProperties' => [ + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'LogCode' => [ + 'title' => '日志编码。', + 'type' => 'string', + 'example' => 'cloud_siem_config_log', + 'description' => 'The code of the log.'."\n", + ], + 'LogName' => [ + 'title' => '日志中文名字。', + 'type' => 'string', + 'description' => 'This parameter is deprecated.'."\n", + 'example' => 'audit log', + ], + 'LogNameEn' => [ + 'title' => '日志英文名字。', + 'type' => 'string', + 'example' => 'audit log', + 'description' => 'This parameter is deprecated.'."\n", + ], + 'LogNameKey' => [ + 'title' => '日志语言编码,用于进行多语言名字的展示。', + 'type' => 'string', + 'example' => '${sas.cloudsiem.prod.cloud_siem_aegis_crack_from_beaver}', + 'description' => 'The language code of the log that is used to indicate the language in which the log is displayed.'."\n", + ], + 'Status' => [ + 'title' => '日志投递状态。', + 'type' => 'boolean', + 'description' => 'The status of the log delivery. Valid values:'."\n" + ."\n" + .'* true: The logs are being delivered.'."\n" + .'* false: The log delivery feature is disabled.'."\n", + 'example' => 'true', + ], + 'CanOperateOrNot' => [ + 'title' => '是否可以操作投递开关。', + 'type' => 'boolean', + 'example' => 'true', + 'description' => 'Indicates whether the log delivery feature can be enabled or disabled. The feature can be enabled or disabled only by the administrator of the threat analysis feature. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + ], + 'Topic' => [ + 'title' => '日志在用户侧存储的Topic。', + 'type' => 'string', + 'description' => 'The topic of the log in the Logstore. The value is an index field in the Logstore that can be used to distinguish different logs.'."\n", + 'example' => 'sas_login_event', + ], + 'ExtraParameters' => [ + 'title' => '扩展参数。', + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'Key' => [ + 'type' => 'string', + 'example' => 'flag', + 'description' => 'The ID of the extended parameter.'."\n", + ], + 'Value' => [ + 'type' => 'string', + 'example' => 'value', + 'description' => 'The value of the extended parameter.'."\n", + ], + ], + 'description' => '', + ], + 'description' => 'The extended parameter.'."\n", + ], + ], + 'description' => '', + ], + 'description' => 'The logs in a log group.'."\n", + ], + ], + 'LogList' => [ + 'title' => '不存在日志分类的日志列表', + 'description' => 'The logs of the cloud services.'."\n", + 'type' => 'array', + 'items' => [ + 'description' => '', + 'type' => 'object', + 'properties' => [ + 'LogCode' => [ + 'title' => '日志编码。', + 'description' => 'The code of the log.'."\n", + 'type' => 'string', + 'example' => 'cloud_siem_config_log', + ], + 'LogName' => [ + 'title' => '日志中文名字。', + 'description' => 'This parameter is deprecated.'."\n", + 'type' => 'string', + 'example' => 'audit log', + ], + 'LogNameEn' => [ + 'title' => '日志英文名字。', + 'description' => 'This parameter is deprecated.'."\n", + 'type' => 'string', + 'example' => 'audit log'."\n", + ], + 'LogNameKey' => [ + 'title' => '日志语言编码,用于进行多语言名字的展示。', + 'description' => 'The language code of the log that is used to indicate the language in which the log is displayed.'."\n", + 'type' => 'string', + 'example' => '${sas.cloudsiem.prod.cloud_siem_aegis_crack_from_beaver}', + ], + 'Status' => [ + 'title' => '日志投递状态。', + 'description' => 'The status of the log delivery. Valid values:'."\n" + ."\n" + .'* true: The logs are being delivered.'."\n" + .'* false: The log delivery feature is disabled.'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'CanOperateOrNot' => [ + 'title' => '是否可以操作投递开关。', + 'description' => 'Indicates whether the log delivery feature can be enabled or disabled. The feature can be enabled or disabled only by the administrator of the threat analysis feature. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'Topic' => [ + 'title' => '日志在用户侧存储的Topic。', + 'description' => 'The topic of the log in the Logstore. The value is an index field in the Logstore that can be used to distinguish different logs.'."\n", + 'type' => 'string', + 'example' => 'sas_login_event', + ], + 'ExtraParameters' => [ + 'title' => '扩展参数。', + 'description' => 'The extended parameter.'."\n", + 'type' => 'array', + 'items' => [ + 'description' => '', + 'type' => 'object', + 'properties' => [ + 'Key' => [ + 'description' => 'The ID of the extended parameter.'."\n", + 'type' => 'string', + 'example' => 'flag', + ], + 'Value' => [ + 'description' => 'The value of the extended parameter.'."\n", + 'type' => 'string', + 'example' => 'value', + ], + ], + ], + ], + ], + ], + ], + ], + ], + ], + ], + ], + 'RequestId' => [ + 'title' => '请求消息ID。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '6276D891-58D4-55B2-87B9-74D413F7****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorCode' => 'InternalError', + 'errorMessage' => 'The request processing has failed due to some unknown error.', + ], + [ + 'errorCode' => 'SLS.Sls4Service.Error', + 'errorMessage' => 'The Simple Log Service about embedding console pages is unavailable.', + ], + ], + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"ProjectName\\": \\"aliyun-cloudsiem-data-127608589417****-cn-shanghai\\",\\n \\"LogStoreName\\": \\"cloud-siem\\",\\n \\"SearchUrl\\": \\"https://sls4service.console.aliyun.com/lognext/project/aliyun-cloudsiem-data-127608589417****-cn-shanghai\\\\n/logsearch/cloud-siem?isShare=true&hideTopbar=true&hideSidebar=true&ignoreTabLocalStorage=true\\",\\n \\"DashboardUrl\\": \\"https://sls4service.console.aliyun.com/lognext/project/aliyun-cloudsiem-data-127608589417****-cn-shanghai\\\\n/dashboard/cloud-siem?isShare=true&hideTopbar=true&hideSidebar=true&ignoreTabLocalStorage=true\\",\\n \\"DisplaySwitchOrNot\\": true,\\n \\"ProductList\\": [\\n {\\n \\"ProductCode\\": \\"sas\\",\\n \\"ProductName\\": \\"Security Center\\",\\n \\"LogMap\\": {\\n \\"key\\": [\\n {\\n \\"LogCode\\": \\"cloud_siem_config_log\\",\\n \\"LogName\\": \\"audit log\\",\\n \\"LogNameEn\\": \\"audit log\\",\\n \\"LogNameKey\\": \\"${sas.cloudsiem.prod.cloud_siem_aegis_crack_from_beaver}\\",\\n \\"Status\\": true,\\n \\"CanOperateOrNot\\": true,\\n \\"Topic\\": \\"sas_login_event\\",\\n \\"ExtraParameters\\": [\\n {\\n \\"Key\\": \\"flag\\",\\n \\"Value\\": \\"value\\"\\n }\\n ]\\n }\\n ]\\n },\\n \\"LogList\\": [\\n {\\n \\"LogCode\\": \\"cloud_siem_config_log\\",\\n \\"LogName\\": \\"audit log\\",\\n \\"LogNameEn\\": \\"audit log\\\\n\\",\\n \\"LogNameKey\\": \\"${sas.cloudsiem.prod.cloud_siem_aegis_crack_from_beaver}\\",\\n \\"Status\\": true,\\n \\"CanOperateOrNot\\": true,\\n \\"Topic\\": \\"sas_login_event\\",\\n \\"ExtraParameters\\": [\\n {\\n \\"Key\\": \\"flag\\",\\n \\"Value\\": \\"value\\"\\n }\\n ]\\n }\\n ]\\n }\\n ]\\n },\\n \\"RequestId\\": \\"6276D891-58D4-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', + 'title' => 'ListDelivery', + ], + 'OpenDelivery' => [ + 'summary' => 'Enables the log delivery feature for a cloud service that is integrated with Simple Log Service.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'http', + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'write', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'create', + 'riskType' => 'none', + 'chargeType' => 'paid', + 'abilityTreeCode' => '154876', + 'abilityTreeNodes' => [ + 'FEATUREsasRXJ9SY', + ], + ], + 'parameters' => [ + [ + 'name' => 'ProductCode', + 'in' => 'formData', + 'schema' => [ + 'title' => '云产品的编码。取值:'."\n" + .'- qcloud_waf'."\n" + .'- qlcoud_cfw'."\n" + .'- hcloud_waf'."\n" + .'- hcloud_cfw'."\n" + .'- ddos'."\n" + .'- sas'."\n" + .'- cfw'."\n" + .'- config'."\n" + .'- csk'."\n" + .'- fc'."\n" + .'- rds'."\n" + .'- nas'."\n" + .'- apigateway'."\n" + .'- cdn'."\n" + .'- mongodb'."\n" + .'- eip'."\n" + .'- slb'."\n" + .'- vpc'."\n" + .'- actiontrail'."\n" + .'- waf'."\n" + .'- bastionhost'."\n" + .'- oss'."\n" + .'- polardb', + 'description' => 'The code of the cloud service. Valid values:'."\n" + ."\n" + .'* qcloud_waf'."\n" + .'* qlcoud_cfw'."\n" + .'* hcloud_waf'."\n" + .'* hcloud_cfw'."\n" + .'* ddos'."\n" + .'* sas'."\n" + .'* cfw'."\n" + .'* config'."\n" + .'* csk'."\n" + .'* fc'."\n" + .'* rds'."\n" + .'* nas'."\n" + .'* apigateway'."\n" + .'* cdn'."\n" + .'* mongodb'."\n" + .'* eip'."\n" + .'* slb'."\n" + .'* vpc'."\n" + .'* actiontrail'."\n" + .'* waf'."\n" + .'* bastionhost'."\n" + .'* oss'."\n" + .'* polardb'."\n", + 'type' => 'string', + 'required' => true, + 'example' => 'cfw', + ], + ], + [ + 'name' => 'LogCode', + 'in' => 'formData', + 'schema' => [ + 'title' => '云产品下的日志code,比如云安全中心的进程日志,取值参考ListDelivery的返回值。', + 'description' => 'The log code of the cloud service, such as the code of the process log for Security Center. This parameter is optional. If you leave this parameter empty, operations are performed on all logs of the cloud service.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cloud_siem_cfw_flow', + ], + ], + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The type of the view. Valid values:'."\n" + .'- 0: the current Alibaba Cloud account'."\n" + .'- 1: the global account', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The ID of the account that you switch from the management account.', + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '113091674488****', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the region where your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'CloudSiemSuccessResponse<Boolean>', + 'description' => 'CloudSiemResponse'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'Indicates whether the log delivery feature is enabled. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'RequestId' => [ + 'title' => '请求消息ID。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '15FD134E-D69B-51E8-B052-73F97BD8****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'Siem.Delivery.MissingProductCode', + 'errorMessage' => 'ProductCode is mandatory for this action.', + ], + ], + 500 => [ + [ + 'errorCode' => 'InternalError', + 'errorMessage' => 'The request processing has failed due to some unknown error.', + ], + [ + 'errorCode' => 'Siem.Delivery.ErrorMapping', + 'errorMessage' => 'The Mapping between productCode and logCode is error.', + ], + [ + 'errorCode' => 'Siem.Delivery.ErrorProductCode', + 'errorMessage' => 'ProductCode is error for this action.', + ], + [ + 'errorCode' => 'SLS.Ship.Error', + 'errorMessage' => 'The Simple Log Service about data shipping is unavailable.', + ], + ], + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": true,\\n \\"RequestId\\": \\"15FD134E-D69B-51E8-B052-73F97BD8****\\"\\n}","type":"json"}]', + 'title' => 'OpenDelivery', + ], + 'CloseDelivery' => [ + 'summary' => 'Disables the log delivery feature for a cloud service.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'http', + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'readAndWrite', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'update', + 'riskType' => 'none', + 'chargeType' => 'free', + 'abilityTreeCode' => '154877', + 'abilityTreeNodes' => [ + 'FEATUREsasRXJ9SY', + ], + ], + 'parameters' => [ + [ + 'name' => 'ProductCode', + 'in' => 'formData', + 'schema' => [ + 'title' => '云产品的编码。取值:'."\n" + .'- qcloud_waf'."\n" + .'- qlcoud_cfw'."\n" + .'- hcloud_waf'."\n" + .'- hcloud_cfw'."\n" + .'- ddos'."\n" + .'- sas'."\n" + .'- cfw'."\n" + .'- config'."\n" + .'- csk'."\n" + .'- fc'."\n" + .'- rds'."\n" + .'- nas'."\n" + .'- apigateway'."\n" + .'- cdn'."\n" + .'- mongodb'."\n" + .'- eip'."\n" + .'- slb'."\n" + .'- vpc'."\n" + .'- actiontrail'."\n" + .'- waf'."\n" + .'- bastionhost'."\n" + .'- oss'."\n" + .'- polardb', + 'description' => 'The code of the cloud service. Valid values:'."\n" + ."\n" + .'* qcloud_waf'."\n" + .'* qlcoud_cfw'."\n" + .'* hcloud_waf'."\n" + .'* hcloud_cfw'."\n" + .'* ddos'."\n" + .'* sas'."\n" + .'* cfw'."\n" + .'* config'."\n" + .'* csk'."\n" + .'* fc'."\n" + .'* rds'."\n" + .'* nas'."\n" + .'* apigateway'."\n" + .'* cdn'."\n" + .'* mongodb'."\n" + .'* eip'."\n" + .'* slb'."\n" + .'* vpc'."\n" + .'* actiontrail'."\n" + .'* waf'."\n" + .'* bastionhost'."\n" + .'* oss'."\n" + .'* polardb'."\n", + 'type' => 'string', + 'required' => true, + 'example' => 'sas', + ], + ], + [ + 'name' => 'LogCode', + 'in' => 'formData', + 'schema' => [ + 'title' => '云产品下的日志code,比如云安全中心的进程日志,取值参考ListDelivery的返回值。', + 'description' => 'The log code of the cloud service, such as the code of the process log for Security Center. You can obtain the log code from the response of the ListDelivery operation.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cloud_siem_aegis_proc', + ], + ], + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The type of the view. Valid values:'."\n" + .'- 0: the current Alibaba Cloud account'."\n" + .'- 1: the global account', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The ID of the account that you switch from the management account.', + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '113091674488****', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the region where your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'CloudSiemSuccessResponse<Boolean>', + 'description' => 'CloudSiemResponse'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'Indicates whether the threat analysis feature was disabled. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'RequestId' => [ + 'title' => '请求消息ID。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => 'F375A043-4F5B-55F2-A564-CC47FFC6****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'Siem.Delivery.MissingProductCode', + 'errorMessage' => 'ProductCode is mandatory for this action.', + ], + ], + 500 => [ + [ + 'errorCode' => 'InternalError', + 'errorMessage' => 'The request processing has failed due to some unknown error.', + ], + [ + 'errorCode' => 'Siem.Delivery.ErrorMapping', + 'errorMessage' => 'The Mapping between productCode and logCode is error.', + ], + [ + 'errorCode' => 'Siem.Delivery.ErrorProductCode', + 'errorMessage' => 'ProductCode is error for this action.', + ], + [ + 'errorCode' => 'SLS.Ship.Error', + 'errorMessage' => 'The Simple Log Service about data shipping is unavailable.', + ], + ], + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": true,\\n \\"RequestId\\": \\"F375A043-4F5B-55F2-A564-CC47FFC6****\\"\\n}","type":"json"}]', + 'title' => 'CloseDelivery', + ], + 'UpdateWhiteRuleList' => [ + 'summary' => 'Creates or updates an alert whitelist rule.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'https', + 'http', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'update', + 'riskType' => 'none', + 'chargeType' => 'free', + ], + 'parameters' => [ + [ + 'name' => 'WhiteRuleId', + 'in' => 'formData', + 'schema' => [ + 'title' => '加白规则唯一ID。', + 'description' => 'The unique ID of the whitelist rule.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'required' => true, + 'example' => '123456789', + ], + ], + [ + 'name' => 'IncidentUuid', + 'in' => 'formData', + 'schema' => [ + 'title' => '事件全局唯一ID。', + 'description' => 'The UUID of the event.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '85ea4241-798f-4684-a876-65d4f0c3****', + ], + ], + [ + 'name' => 'Expression', + 'in' => 'formData', + 'schema' => [ + 'title' => '告警加白规则 json对象。', + 'description' => 'The alert whitelist rule. The value is a JSON object.'."\n", + 'type' => 'string', + 'required' => true, + 'example' => '['."\n" + .' {'."\n" + .' "alertName": "webshell",'."\n" + .' "alertNameId": "webshell",'."\n" + .' "alertType": "command",'."\n" + .' "alertTypeId": "command",'."\n" + .' "expression": {'."\n" + .' "status": 1,'."\n" + .' "conditions": ['."\n" + .' {'."\n" + .' "isNot": false,'."\n" + .' "left": {'."\n" + .' "value": "file_path"'."\n" + .' },'."\n" + .' "operator": "gt",'."\n" + .' "right": {'."\n" + .' "value": "cp"'."\n" + .' }'."\n" + .' }'."\n" + .' ]'."\n" + .' }'."\n" + .' }'."\n" + .']', + ], + ], + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'type' => 'integer', + 'format' => 'int32', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'type' => 'integer', + 'format' => 'int64', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'BaseResponse', + 'description' => 'BaseResponse'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'any', + 'example' => '123456', + ], + 'Success' => [ + 'title' => '请求是否成功。取值:'."\n" + .'- true:成功'."\n" + .'- false:失败', + 'description' => 'Indicates whether the request was successful. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'Code' => [ + 'title' => '请求状态码。', + 'description' => 'The HTTP status code.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '200', + ], + 'Message' => [ + 'title' => '请求返回消息。', + 'description' => 'The returned message.'."\n", + 'type' => 'string', + 'example' => 'success', + ], + 'RequestId' => [ + 'title' => '请求id。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorMessage' => 'The request processing has failed due to some unknown error.', + 'errorCode' => 'InternalError', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": \\"123456\\",\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', + 'title' => 'UpdateWhiteRuleList', + ], + 'PostEventWhiteruleList' => [ + 'summary' => 'Submits an alert whitelist rule.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'https', + 'http', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'create', + 'riskType' => 'none', + 'chargeType' => 'free', + ], + 'parameters' => [ + [ + 'name' => 'IncidentUuid', + 'in' => 'formData', + 'schema' => [ + 'title' => '事件全局唯一ID。', + 'description' => 'The UUID of the event.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '85ea4241-798f-4684-a876-65d4f0c3****', + ], + ], + [ + 'name' => 'WhiteruleList', + 'in' => 'formData', + 'schema' => [ + 'title' => '告警加白规则 json对象。', + 'description' => 'The alert whitelist rule. The value is a JSON object.'."\n", + 'type' => 'string', + 'required' => true, + 'example' => '['."\n" + .' {'."\n" + .' "alertName": "webshell",'."\n" + .' "alertNameId": "webshell",'."\n" + .' "alertType": "command",'."\n" + .' "alertTypeId": "command",'."\n" + .' "expression": {'."\n" + .' "status": 1,'."\n" + .' "conditions": ['."\n" + .' {'."\n" + .' "isNot": false,'."\n" + .' "left": {'."\n" + .' "value": "file_path"'."\n" + .' },'."\n" + .' "operator": "gt",'."\n" + .' "right": {'."\n" + .' "value": "cp"'."\n" + .' }'."\n" + .' }'."\n" + .' ]'."\n" + .' }'."\n" + .' }'."\n" + .']', + ], + ], + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The type of the view. Valid values:'."\n" + .'- 0: the current Alibaba Cloud account'."\n" + .'- 1: the global account', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The ID of the account that you switch from the management account.', + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '113091674488****', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'BaseResponse<String>', + 'description' => 'BaseResponse'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'string', + 'example' => '123456', + ], + 'Success' => [ + 'title' => '请求是否成功。取值:'."\n" + .'- true:成功'."\n" + .'- false:失败', + 'description' => 'Indicates whether the request was successful. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'Code' => [ + 'title' => '请求状态码。', + 'description' => 'The HTTP status code.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '200', + ], + 'Message' => [ + 'title' => '请求返回消息。', + 'description' => 'The returned message.'."\n", + 'type' => 'string', + 'example' => 'success', + ], + 'RequestId' => [ + 'title' => '请求id。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorMessage' => 'The request processing has failed due to some unknown error.', + 'errorCode' => 'InternalError', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": \\"123456\\",\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', + 'title' => 'PostEventWhiteruleList', + ], + 'DescribeWhiteRuleList' => [ + 'summary' => 'Queries a list of whitelist rules for alerts.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'https', + 'http', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'list', + 'riskType' => 'none', + 'chargeType' => 'free', + ], + 'parameters' => [ + [ + 'name' => 'AlertType', + 'in' => 'formData', + 'schema' => [ + 'title' => '告警类型。', + 'description' => 'The type of the alert.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'scan', + ], + ], + [ + 'name' => 'AlertName', + 'in' => 'formData', + 'schema' => [ + 'title' => '告警名称。', + 'description' => 'The name of the alert.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'Try SNMP weak password', + ], + ], + [ + 'name' => 'IncidentUuid', + 'in' => 'formData', + 'schema' => [ + 'title' => '事件ID。', + 'description' => 'The UUID of the event.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '85ea4241-798f-4684-a876-65d4f0c3****', + ], + ], + [ + 'name' => 'CurrentPage', + 'in' => 'formData', + 'schema' => [ + 'title' => '列表当前页号, 大于等于1。', + 'description' => 'The page number. Pages start from page 1.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'required' => true, + 'minimum' => '1', + 'example' => '1', + ], + ], + [ + 'name' => 'PageSize', + 'in' => 'formData', + 'schema' => [ + 'title' => '列表每页条数, 最大不超过100。', + 'description' => 'The number of entries per page. Valid values: 1 to 100.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'required' => true, + 'maximum' => '100', + 'minimum' => '1', + 'example' => '10', + ], + ], + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The type of the view. Valid values:'."\n" + .'- 0: the current Alibaba Cloud account'."\n" + .'- 1: the global account', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The ID of the account that you switch from the management account.', + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '113091674488****', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'PageResponse<List<WhitelistRule>>', + 'description' => 'PageResponse\\<List>'."\n", + 'type' => 'object', + 'properties' => [ + 'Success' => [ + 'title' => '请求是否成功。取值:'."\n" + .'- true:成功'."\n" + .'- false:失败', + 'description' => 'Indicates whether the request was successful. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'Code' => [ + 'title' => '请求状态码。', + 'description' => 'The response code.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '200', + ], + 'Message' => [ + 'title' => '请求返回消息。', + 'description' => 'The returned message.'."\n", + 'type' => 'string', + 'example' => 'success', + ], + 'RequestId' => [ + 'title' => '请求id。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', + ], + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'object', + 'properties' => [ + 'PageInfo' => [ + 'title' => '分页记录。', + 'description' => 'The pagination information.'."\n", + 'type' => 'object', + 'properties' => [ + 'CurrentPage' => [ + 'title' => '列表当前页号。', + 'description' => 'The current page number.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '1', + ], + 'PageSize' => [ + 'title' => '每页返回记录数。', + 'description' => 'The number of entries per page.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '10', + ], + 'TotalCount' => [ + 'title' => '记录总数。', + 'description' => 'The total number of entries returned.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '100', + ], + ], + ], + 'ResponseData' => [ + 'title' => '详细数据。', + 'description' => 'The detailed data.'."\n", + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'Id' => [ + 'title' => '加白规则唯一ID。', + 'description' => 'The ID of the whitelist rule.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '123456789', + ], + 'GmtCreate' => [ + 'title' => '创建时间。', + 'description' => 'The time when the whitelist rule was created.'."\n", + 'type' => 'string', + 'example' => '2021-01-06 16:37:29', + ], + 'GmtModified' => [ + 'title' => '修改时间。', + 'description' => 'The time when the whitelist rule was modified.'."\n", + 'type' => 'string', + 'example' => '2021-01-06 16:37:29', + ], + 'Aliuid' => [ + 'title' => '规则关联siem主账号ID。', + 'description' => 'The ID of the Alibaba Cloud account that is used to purchase the threat analysis feature.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '127608589417****', + ], + 'SubAliuid' => [ + 'title' => '规则创建阿里账号ID。', + 'description' => 'The ID of the Alibaba Cloud account that is used to create the whitelist rule.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '176555323***', + ], + 'AlertType' => [ + 'title' => '告警类型。', + 'description' => 'The alert type.'."\n", + 'type' => 'string', + 'example' => 'scan', + ], + 'AlertTypeId' => [ + 'title' => '告警类型标识。', + 'description' => 'The ID of the alert type.'."\n", + 'type' => 'string', + 'example' => 'scan', + ], + 'AlertName' => [ + 'title' => '告警名称。', + 'description' => 'The alert name.'."\n", + 'type' => 'string', + 'example' => 'Try SNMP weak password', + ], + 'AlertNameId' => [ + 'title' => '告警名称标识。', + 'description' => 'The ID of the alert name.'."\n", + 'type' => 'string', + 'example' => 'Try SNMP weak password', + ], + 'Status' => [ + 'title' => '规则启用状态。 取值:'."\n" + .'- 1:开启'."\n" + .'- 0:关闭', + 'description' => 'The status of the whitelist rule. Valid values:'."\n" + ."\n" + .'* 1: enabled.'."\n" + .'* 0: disabled.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '1', + ], + 'IncidentUuid' => [ + 'title' => '事件全局唯一ID。', + 'description' => 'The UUID of the event.'."\n", + 'type' => 'string', + 'example' => '85ea4241-798f-4684-a876-65d4f0c3****', + ], + 'AlertUuid' => [ + 'title' => '告警ID。', + 'description' => 'The UUID of the alert.'."\n", + 'type' => 'string', + 'example' => 'sas_71e24437d2797ce8fc59692905a4****', + ], + 'Expression' => [ + 'title' => '规则集 json数组格式。', + 'description' => 'The conditions in the rule. The value is a JSON array.'."\n", + 'type' => 'object', + 'properties' => [ + 'Logic' => [ + 'description' => 'The logical relationships among the rule conditions.'."\n", + 'type' => 'string', + 'example' => '(1&2)|(3&4)', + ], + 'Conditions' => [ + 'description' => 'The rule conditions.'."\n", + 'type' => 'array', + 'items' => [ + 'description' => '', + 'type' => 'object', + 'properties' => [ + 'ItemId' => [ + 'description' => 'The ID of the rule condition.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '1', + ], + 'Operator' => [ + 'description' => 'The logical operator of the rule condition. Valid values:'."\n" + ."\n" + .'* `=`: equals to.'."\n" + .'* `<>`: does not equal to.'."\n" + .'* `in`: contains.'."\n" + .'* `not in`: does not contain.'."\n" + .'* `REGEXP`: matches a regular expression.'."\n" + .'* `NOT REGEXP`: does not match a regular expression.'."\n", + 'type' => 'string', + 'example' => 'REGEXP', + ], + 'IsNot' => [ + 'description' => 'Indicates whether the result is inverted. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'example' => 'false', + ], + 'Left' => [ + 'description' => 'The left operand of the rule condition.'."\n", + 'type' => 'object', + 'properties' => [ + 'Value' => [ + 'description' => 'The variable of the left operand.'."\n", + 'type' => 'string', + 'example' => 'ip', + ], + 'IsVar' => [ + 'description' => 'Indicates whether the left operand is a variable. Valid values:'."\n" + ."\n" + .'* true: variable.'."\n" + .'* false: constant.'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'Type' => [ + 'description' => 'Indicates whether the left operand is a constant. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'string', + 'example' => 'false', + ], + 'Modifier' => [ + 'description' => 'The remarks on the right operand.'."\n", + 'type' => 'string', + 'example' => 'length', + ], + 'ModifierParam' => [ + 'description' => 'The key-value pair information of the remarks.'."\n", + 'type' => 'object', + 'additionalProperties' => [ + 'type' => 'any', + 'example' => '{"tage":"description"}', + 'description' => 'The key-value pair.'."\n", + ], + ], + ], + ], + 'Right' => [ + 'description' => 'The right operand of the rule condition.'."\n", + 'type' => 'object', + 'properties' => [ + 'Value' => [ + 'description' => 'The right operand.'."\n", + 'type' => 'string', + 'example' => '12345', + ], + 'IsVar' => [ + 'description' => 'Indicates whether the right operand is a constant or a runtime variable that is obtained from the runtime context. Valid values:'."\n" + ."\n" + .'* true: runtime variable.'."\n" + .'* false: constant.'."\n", + 'type' => 'boolean', + 'example' => 'false', + ], + 'Type' => [ + 'description' => 'The data type of the right operand.'."\n", + 'type' => 'string', + 'example' => 'String', + ], + 'Modifier' => [ + 'description' => 'The remarks on the right operand.'."\n", + 'type' => 'string', + 'example' => 'length', + ], + 'ModifierParam' => [ + 'description' => 'The key-value pair information of the remarks.'."\n", + 'type' => 'object', + 'additionalProperties' => [ + 'type' => 'any', + 'example' => '{"tage":"description"}', + 'description' => 'The key-value pair.'."\n", + ], + ], + ], + ], + ], + ], + ], + ], + 'example' => '[{"conditions":[{"isNot":false,"itemId":0,"left":{"value":"host_uuid.host_name"},"operator":"containsString","right":{"value":"Cloud-MCH"}}]}]', + ], + ], + ], + ], + ], + 'example' => '123456', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorMessage' => 'The request processing has failed due to some unknown error.', + 'errorCode' => 'InternalError', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\",\\n \\"Data\\": {\\n \\"PageInfo\\": {\\n \\"CurrentPage\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 100\\n },\\n \\"ResponseData\\": [\\n {\\n \\"Id\\": 123456789,\\n \\"GmtCreate\\": \\"2021-01-06 16:37:29\\",\\n \\"GmtModified\\": \\"2021-01-06 16:37:29\\",\\n \\"Aliuid\\": 0,\\n \\"SubAliuid\\": 0,\\n \\"AlertType\\": \\"scan\\",\\n \\"AlertTypeId\\": \\"scan\\",\\n \\"AlertName\\": \\"Try SNMP weak password\\",\\n \\"AlertNameId\\": \\"Try SNMP weak password\\",\\n \\"Status\\": 1,\\n \\"IncidentUuid\\": \\"85ea4241-798f-4684-a876-65d4f0c3****\\",\\n \\"AlertUuid\\": \\"sas_71e24437d2797ce8fc59692905a4****\\",\\n \\"Expression\\": {\\n \\"Logic\\": \\"(1&2)|(3&4)\\",\\n \\"Conditions\\": [\\n {\\n \\"ItemId\\": 1,\\n \\"Operator\\": \\"REGEXP\\",\\n \\"IsNot\\": false,\\n \\"Left\\": {\\n \\"Value\\": \\"ip\\",\\n \\"IsVar\\": true,\\n \\"Type\\": \\"false\\",\\n \\"Modifier\\": \\"length\\",\\n \\"ModifierParam\\": {\\n \\"key\\": \\"{\\\\\\"tage\\\\\\":\\\\\\"description\\\\\\"}\\"\\n }\\n },\\n \\"Right\\": {\\n \\"Value\\": \\"12345\\",\\n \\"IsVar\\": false,\\n \\"Type\\": \\"String\\",\\n \\"Modifier\\": \\"length\\",\\n \\"ModifierParam\\": {\\n \\"key\\": \\"{\\\\\\"tage\\\\\\":\\\\\\"description\\\\\\"}\\"\\n }\\n }\\n }\\n ]\\n }\\n }\\n ]\\n }\\n}","type":"json"}]', + 'title' => 'DescribeWhiteRuleList', + ], + 'DescribeAlertScene' => [ + 'summary' => 'Queries the scenarios in which an alert needs to be added to the whitelist.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'https', + 'http', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'riskType' => 'none', + 'chargeType' => 'free', + ], + 'parameters' => [ + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The type of the view. Valid values:'."\n" + .'- 0: the current Alibaba Cloud account'."\n" + .'- 1: the global account', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The ID of the account that you switch from the management account.', + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '113091674488****', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'BaseResponse<List<SceneAndTarget>>', + 'description' => 'BaseResponse\\<List>'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'AlertType' => [ + 'title' => '告警类型展示值,随中英文环境变化。', + 'description' => 'The type of the alert. The value varies based on the display language (Chinese or English) of the Security Center console.'."\n", + 'type' => 'string', + 'example' => 'unusual login', + ], + 'AlertTypeId' => [ + 'title' => '告警类型标识。', + 'description' => 'The ID of the alert type.'."\n", + 'type' => 'string', + 'example' => 'unusual login', + ], + 'AlertName' => [ + 'title' => '告警名称展示值,随中英文环境变化。', + 'description' => 'The name of the alert. The value varies based on the display language (Chinese or English) of the Security Center console.'."\n", + 'type' => 'string', + 'example' => 'login_common_ip', + ], + 'AlertNameId' => [ + 'title' => '告警名称标识。', + 'description' => 'The ID of the alert name.'."\n", + 'type' => 'string', + 'example' => 'login_common_ip', + ], + 'AlertTile' => [ + 'title' => '告警title展示值,随中英文环境变化。', + 'description' => 'The title of the alert notification. The value varies based on the display language (Chinese or English) of the Security Center console.'."\n", + 'type' => 'string', + 'example' => 'unusual login-login_common_ip', + ], + 'AlertTileId' => [ + 'title' => '告警title 标识。', + 'description' => 'The ID of the alert title.'."\n", + 'type' => 'string', + 'example' => 'unusual login-login_common_ip', + ], + 'Targets' => [ + 'title' => '加白对象。', + 'description' => 'The information about the entities for which you need to add the alert to the whitelist.'."\n", + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'Type' => [ + 'title' => '可以加白的实体属性字段。', + 'description' => 'The attribute of the entity.'."\n", + 'type' => 'string', + 'example' => 'host_uuid', + ], + 'Name' => [ + 'title' => '可以加白的实体属性字段展示名。', + 'description' => 'The display name of the attribute for the entity.'."\n", + 'type' => 'string', + 'example' => 'HOST UUID', + ], + 'Value' => [ + 'title' => '加白规则默认展示的右值。', + 'description' => 'The right operand that is displayed by default in the whitelist rule.'."\n", + 'type' => 'string', + 'example' => '441862da-a539-4cc0-a00d-47395582****', + ], + 'Values' => [ + 'title' => '加白规则可选的右值。', + 'description' => 'The right operands supported by the whitelist rule.'."\n", + 'type' => 'array', + 'items' => [ + 'description' => 'The right operand.'."\n", + 'type' => 'string', + 'example' => '[441862da-a539-4cc0-a00d-47395582****]', + ], + 'example' => '["441862da-a539-4cc0-a00d-473955826881"]', + ], + ], + ], + 'example' => '[{"Type": "host_uuid","Value": "441862da-a539-4cc0-a00d-473955826881","Values": ["441862da-a539-4cc0-a00d-473955826881"],"Name": "${aliyun.siem.entity.host_uuid}"}]', + ], + ], + ], + 'example' => '123456', + ], + 'Success' => [ + 'title' => '请求是否成功。取值:'."\n" + .'- true:成功'."\n" + .'- false:失败', + 'description' => 'Indicates whether the request was successful. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'Code' => [ + 'title' => '请求状态码。', + 'description' => 'The response code.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '200', + ], + 'Message' => [ + 'title' => '请求返回消息。', + 'description' => 'The returned message.'."\n", + 'type' => 'string', + 'example' => 'success', + ], + 'RequestId' => [ + 'title' => '请求id。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorMessage' => 'The request processing has failed due to some unknown error.', + 'errorCode' => 'InternalError', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"AlertType\\": \\"unusual login\\",\\n \\"AlertTypeId\\": \\"unusual login\\",\\n \\"AlertName\\": \\"login_common_ip\\",\\n \\"AlertNameId\\": \\"login_common_ip\\",\\n \\"AlertTile\\": \\"unusual login-login_common_ip\\",\\n \\"AlertTileId\\": \\"unusual login-login_common_ip\\",\\n \\"Targets\\": [\\n {\\n \\"Type\\": \\"host_uuid\\",\\n \\"Name\\": \\"HOST UUID\\",\\n \\"Value\\": \\"441862da-a539-4cc0-a00d-47395582****\\",\\n \\"Values\\": [\\n \\"[441862da-a539-4cc0-a00d-47395582****]\\"\\n ]\\n }\\n ]\\n }\\n ],\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', + 'title' => 'DescribeAlertScene', + ], + 'DescribeAlertSceneByEvent' => [ + 'summary' => 'Queries the scenarios and objects that can be added to an alert whitelist rule.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'https', + 'http', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'riskType' => 'none', + 'chargeType' => 'free', + ], + 'parameters' => [ + [ + 'name' => 'IncidentUuid', + 'in' => 'formData', + 'schema' => [ + 'title' => '事件ID。', + 'description' => 'The ID of the event.'."\n", + 'type' => 'string', + 'required' => true, + 'example' => '85ea4241-798f-4684-a876-65d4f0c3****', + ], + ], + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The type of the view. Valid values:'."\n" + .'- 0: the current Alibaba Cloud account'."\n" + .'- 1: the global account', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The ID of the account that you switch from the management account.', + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '113091674488****', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'BaseResponse<List<SceneAndTarget>>', + 'description' => 'BaseResponse\\<List>'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'AlertType' => [ + 'title' => '告警类型展示值,随中英文环境变化。', + 'description' => 'The alert type. The display name of the alert type varies based on the language of the system, such as Chinese and English.'."\n", + 'type' => 'string', + 'example' => 'Unusual Logon', + ], + 'AlertTypeId' => [ + 'title' => '告警类型标识。', + 'description' => 'The ID of the alert type.'."\n", + 'type' => 'string', + 'example' => 'Unusual Logon', + ], + 'AlertName' => [ + 'title' => '告警名称展示值,随中英文环境变化。', + 'description' => 'The alert name. The display name of the alert name varies based on the language of the system, such as Chinese and English.'."\n", + 'type' => 'string', + 'example' => 'login_common_ip', + ], + 'AlertNameId' => [ + 'title' => '告警名称标识。', + 'description' => 'The ID of the alert name.'."\n", + 'type' => 'string', + 'example' => 'login_common_ip', + ], + 'AlertTile' => [ + 'title' => '告警title展示值,随中英文环境变化。', + 'description' => 'The alert title. The display name of the alert title varies based on the language of the system, such as Chinese and English.'."\n", + 'type' => 'string', + 'example' => 'Unusual Logon-login_common_ip', + ], + 'AlertTileId' => [ + 'title' => '告警title 标识。', + 'description' => 'The ID of the alert title.'."\n", + 'type' => 'string', + 'example' => 'Unusual Logon-login_common_ip', + ], + 'Targets' => [ + 'title' => '加白对象。', + 'description' => 'The objects that can be added to the whitelist.'."\n", + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'Type' => [ + 'title' => '可以加白的实体属性字段。', + 'description' => 'The entity attribute field that can be added to the whitelist.'."\n", + 'type' => 'string', + 'example' => 'host_uuid', + ], + 'Name' => [ + 'title' => '可以加白的实体属性字段展示名。', + 'description' => 'The display name of the entity attribute field that can be added to the whitelist.'."\n", + 'type' => 'string', + 'example' => 'host uuid', + ], + 'Value' => [ + 'title' => '加白规则默认展示的右值。', + 'description' => 'The right operand that is displayed by default in the whitelist rule.'."\n", + 'type' => 'string', + 'example' => '441862da-a539-4cc0-a00d-47395582****', + ], + 'Values' => [ + 'title' => '加白规则可选的右值。', + 'description' => 'The supported right operands of the whitelist rule.'."\n", + 'type' => 'array', + 'items' => [ + 'description' => 'The right operand.'."\n", + 'type' => 'string', + 'example' => '[441862da-a539-4cc0-a00d-47395582****]', + ], + 'example' => '["441862da-a539-4cc0-a00d-473955826881"]', + ], + ], + ], + 'example' => '[{"Type": "host_uuid","Value": "441862da-a539-4cc0-a00d-473955826881","Values": ["441862da-a539-4cc0-a00d-473955826881"],"Name": "${aliyun.siem.entity.host_uuid}"}]', + ], + ], + ], + 'example' => '123456', + ], + 'Success' => [ + 'title' => '请求是否成功。取值:'."\n" + .'- true:成功'."\n" + .'- false:失败', + 'description' => 'Indicates whether the request was successful. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'Code' => [ + 'title' => '请求状态码。', + 'description' => 'The HTTP status code.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '200', + ], + 'Message' => [ + 'title' => '请求返回消息。', + 'description' => 'The returned message.'."\n", + 'type' => 'string', + 'example' => 'success', + ], + 'RequestId' => [ + 'title' => '请求id。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorMessage' => 'The request processing has failed due to some unknown error.', + 'errorCode' => 'InternalError', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"AlertType\\": \\"Unusual Logon\\",\\n \\"AlertTypeId\\": \\"Unusual Logon\\",\\n \\"AlertName\\": \\"login_common_ip\\",\\n \\"AlertNameId\\": \\"login_common_ip\\",\\n \\"AlertTile\\": \\"Unusual Logon-login_common_ip\\",\\n \\"AlertTileId\\": \\"Unusual Logon-login_common_ip\\",\\n \\"Targets\\": [\\n {\\n \\"Type\\": \\"host_uuid\\",\\n \\"Name\\": \\"host uuid\\",\\n \\"Value\\": \\"441862da-a539-4cc0-a00d-47395582****\\",\\n \\"Values\\": [\\n \\"[441862da-a539-4cc0-a00d-47395582****]\\"\\n ]\\n }\\n ]\\n }\\n ],\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', + 'title' => 'DescribeAlertSceneByEvent', + ], + 'DeleteWhiteRuleList' => [ + 'summary' => 'Deletes an alert whitelist rule with a specified ID.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'https', + 'http', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'delete', + 'riskType' => 'none', + 'chargeType' => 'free', + ], + 'parameters' => [ + [ + 'name' => 'Id', + 'in' => 'formData', + 'schema' => [ + 'title' => '加白规则唯一ID。', + 'description' => 'The unique ID of the whitelist rule.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'required' => true, + 'example' => '123456789', + ], + ], + [ + 'name' => 'RoleType', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The type of the view. Valid values:'."\n" + .'- 0: the current Alibaba Cloud account'."\n" + .'- 1: the global account', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'RoleFor', + 'in' => 'formData', + 'schema' => [ + 'description' => 'The ID of the account that you switch from the management account.', + 'type' => 'integer', + 'format' => 'int64', + 'required' => false, + 'example' => '113091674488****', + ], + ], + [ + 'name' => 'RegionId', + 'in' => 'formData', + 'schema' => [ + 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n" + .'- cn-hangzhou:资产属于中国内地与中国香港'."\n" + .'- ap-southeast-1:资产属于海外地域', + 'description' => 'The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:'."\n" + ."\n" + .'* cn-hangzhou: Your assets reside in regions in China.'."\n" + .'* ap-southeast-1: Your assets reside in regions outside China.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'cn-hangzhou', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'BaseResponse', + 'description' => 'BaseResponse'."\n", + 'type' => 'object', + 'properties' => [ + 'Data' => [ + 'title' => '请求返回值。', + 'description' => 'The data returned.'."\n", + 'type' => 'any', + 'example' => '123456', + ], + 'Success' => [ + 'title' => '请求是否成功。取值:'."\n" + .'- true:成功'."\n" + .'- false:失败', + 'description' => 'Indicates whether the request was successful. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'Code' => [ + 'title' => '请求状态码。', + 'description' => 'The HTTP status code.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '200', + ], + 'Message' => [ + 'title' => '请求返回消息。', + 'description' => 'The returned message.'."\n", + 'type' => 'string', + 'example' => 'success', + ], + 'RequestId' => [ + 'title' => '请求id。', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 500 => [ + [ + 'errorMessage' => 'The request processing has failed due to some unknown error.', + 'errorCode' => 'InternalError', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": \\"123456\\",\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', + 'title' => 'DeleteWhiteRuleList', + ], + ], + 'endpoints' => [ + [ + 'regionId' => 'cn-shanghai', + 'endpoint' => 'cloud-siem.cn-shanghai.aliyuncs.com', + ], + [ + 'regionId' => 'ap-southeast-1', + 'endpoint' => 'cloud-siem.ap-southeast-1.aliyuncs.com', + ], + ], +]; |