summaryrefslogtreecommitdiff
path: root/data/zh_cn/cloud-siem
diff options
context:
space:
mode:
authorZhineng Li <[email protected]>2026-02-13 10:54:11 +0800
committerZhineng Li <[email protected]>2026-02-13 10:54:11 +0800
commit7347bac4ab7e136157fc94777e6cf87ef9e08599 (patch)
tree0dec367dac6e152161a6f7cc0dba6ebbef1f34a2 /data/zh_cn/cloud-siem
downloadacs-metadata-full-7347bac4ab7e136157fc94777e6cf87ef9e08599.tar.gz
acs-metadata-full-7347bac4ab7e136157fc94777e6cf87ef9e08599.zip
first commitHEADv1.0.0+20260212main
Diffstat (limited to 'data/zh_cn/cloud-siem')
-rw-r--r--data/zh_cn/cloud-siem/2022-06-16/api-docs.php19752
-rw-r--r--data/zh_cn/cloud-siem/2024-12-12/api-docs.php15287
2 files changed, 35039 insertions, 0 deletions
diff --git a/data/zh_cn/cloud-siem/2022-06-16/api-docs.php b/data/zh_cn/cloud-siem/2022-06-16/api-docs.php
new file mode 100644
index 0000000..8acf3b9
--- /dev/null
+++ b/data/zh_cn/cloud-siem/2022-06-16/api-docs.php
@@ -0,0 +1,19752 @@
+<?php return [
+ 'version' => '1.0',
+ 'info' => [
+ 'style' => 'RPC',
+ 'product' => 'cloud-siem',
+ 'version' => '2022-06-16',
+ ],
+ 'directories' => [
+ [
+ 'id' => 187571,
+ 'title' => '多账号管控',
+ 'type' => 'directory',
+ 'children' => [
+ 'ListRdUsers',
+ ],
+ ],
+ [
+ 'id' => 187473,
+ 'title' => '日志接入',
+ 'type' => 'directory',
+ 'children' => [
+ 'ListAccountsByLog',
+ 'DescribeUserBuyStatus',
+ 'ListProjectLogStores',
+ 'ModifyDataSource',
+ 'ModifyDataSourceLog',
+ 'ModifyBindAccount',
+ 'ListImportedLogsByProd',
+ 'ListDataSourceTypes',
+ 'ListDataSourceLogs',
+ 'ListBindDataSources',
+ 'ListAllProds',
+ 'EnableServiceForCloudSiem',
+ 'EnableAccessForCloudSiem',
+ 'DescribeServiceStatus',
+ 'DescribeProdCount',
+ 'DescribeImportedLogCount',
+ 'DescribeDataSourceParameters',
+ 'DescribeDataSourceInstance',
+ 'DescribeAuth',
+ 'DeleteDataSourceLog',
+ 'DeleteDataSource',
+ 'DeleteBindAccount',
+ 'BindAccount',
+ 'AddUserSourceLogConfig',
+ 'AddDataSourceLog',
+ 'AddDataSource',
+ 'ListBindAccount',
+ 'ListAccountAccessId',
+ 'SubmitImportLogTasks',
+ ],
+ ],
+ [
+ 'id' => 186523,
+ 'title' => '安全告警',
+ 'type' => 'directory',
+ 'children' => [
+ 'DescribeAlertsWithEntity',
+ 'DescribeAlerts',
+ 'DescribeAlertSource',
+ 'DescribeAlertsCount',
+ ],
+ ],
+ [
+ 'id' => 186560,
+ 'title' => '事件处置',
+ 'type' => 'directory',
+ 'children' => [
+ 'ListEntities',
+ 'DescribeEntityInfo',
+ 'PostEventDisposeAndWhiteruleList',
+ 'DescribeWafScope',
+ 'DescribeEventDispose',
+ 'DescribeEventCountByThreatLevel',
+ 'DescribeDisposeAndPlaybook',
+ 'DescribeCloudSiemEvents',
+ 'DescribeCloudSiemEventDetail',
+ 'DescribeCloudSiemAssetsCounter',
+ 'DescribeCloudSiemAssets',
+ 'DescribeAlertsWithEvent',
+ 'DescribeAlertSourceWithEvent',
+ ],
+ ],
+ [
+ 'id' => 186542,
+ 'title' => '规则管理',
+ 'type' => 'directory',
+ 'children' => [
+ 'DescribeAlertType',
+ 'DeleteCustomizeRule',
+ 'DescribeAggregateFunction',
+ 'DescribeCustomizeRuleCount',
+ 'DescribeCustomizeRuleTest',
+ 'DescribeCustomizeRuleTestHistogram',
+ 'DescribeLogFields',
+ 'DescribeLogSource',
+ 'DescribeLogType',
+ 'DescribeOperators',
+ 'ListCloudSiemCustomizeRules',
+ 'ListCloudSiemPredefinedRules',
+ 'ListCustomizeRuleTestResult',
+ 'PostCustomizeRule',
+ 'PostCustomizeRuleTest',
+ 'PostFinishCustomizeRuleTest',
+ 'PostRuleStatusChange',
+ ],
+ ],
+ [
+ 'id' => 186597,
+ 'title' => '响应规则',
+ 'type' => 'directory',
+ 'children' => [
+ 'DescribeScopeUsers',
+ 'DeleteAutomateResponseConfig',
+ 'DescribeAutomateResponseConfigCounter',
+ 'DescribeAutomateResponseConfigFeature',
+ 'ListAutomateResponseConfigs',
+ 'PostAutomateResponseConfig',
+ 'UpdateAutomateResponseConfigStatus',
+ ],
+ ],
+ [
+ 'id' => 186605,
+ 'title' => '处置中心',
+ 'type' => 'directory',
+ 'children' => [
+ 'ListDisposeStrategy',
+ 'DescribeDisposeStrategyPlaybook',
+ ],
+ ],
+ [
+ 'id' => 186147,
+ 'title' => '存储管理',
+ 'type' => 'directory',
+ 'children' => [
+ 'RestoreCapacity',
+ 'GetCapacity',
+ 'SetStorage',
+ 'DescribeStorage',
+ 'GetStorage',
+ ],
+ ],
+ [
+ 'id' => 186161,
+ 'title' => '投递管理',
+ 'type' => 'directory',
+ 'children' => [
+ 'ListDelivery',
+ 'OpenDelivery',
+ 'CloseDelivery',
+ ],
+ ],
+ [
+ 'id' => 186608,
+ 'title' => '告警加白',
+ 'type' => 'directory',
+ 'children' => [
+ 'UpdateWhiteRuleList',
+ 'PostEventWhiteruleList',
+ 'DescribeWhiteRuleList',
+ 'DescribeAlertScene',
+ 'DescribeAlertSceneByEvent',
+ 'DeleteWhiteRuleList',
+ ],
+ ],
+ ],
+ 'components' => [
+ 'schemas' => [],
+ ],
+ 'apis' => [
+ 'ListRdUsers' => [
+ 'summary' => '列举已经接入威胁分析多账号管控的阿里云账号,被纳管到威胁分析的阿里云账号才可以使用威胁分析日志接入、事件处置等功能。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'http',
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'read',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'list',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeCode' => '154081',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'CloudSiemSuccessResponse<List<ListRdUsersResult>>',
+ 'description' => 'CloudSiemSuccessResponse<List<ListRdUsersResult>>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '数据概览。',
+ 'type' => 'object',
+ 'properties' => [
+ 'Joined' => [
+ 'title' => '日志code。',
+ 'description' => '是否已被威胁分析多账号管控纳管。取值:'."\n"
+ .' - true:已被纳管。'."\n"
+ .' - false:未被纳管。',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'JoinedTime' => [
+ 'description' => '被纳管时间。',
+ 'type' => 'string',
+ 'example' => '2013-10-01 00:00:00',
+ ],
+ 'DelegatedOrNot' => [
+ 'title' => '是否被委派查看自己的资源',
+ 'description' => '是否被委派查看自己的资源',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'MainUserId' => [
+ 'title' => '购买威胁分析的云账号ID。',
+ 'description' => '购买威胁分析的阿里云账号ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '123XXXXXXXXX',
+ ],
+ 'SubUserId' => [
+ 'title' => '威胁分析云账号ID。',
+ 'description' => '威胁分析阿里云账号ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '123XXXXXXXX',
+ ],
+ 'SubUserName' => [
+ 'title' => '威胁分析云账号名字。',
+ 'description' => '威胁分析阿里云账号名字。',
+ 'type' => 'string',
+ 'example' => 'sas_account_xxx',
+ ],
+ ],
+ ],
+ ],
+ 'RequestId' => [
+ 'title' => '请求消息ID。',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorCode' => 'InternalError',
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"Joined\\": true,\\n \\"JoinedTime\\": \\"2013-10-01 00:00:00\\",\\n \\"DelegatedOrNot\\": true,\\n \\"MainUserId\\": 0,\\n \\"SubUserId\\": 0,\\n \\"SubUserName\\": \\"sas_account_xxx\\"\\n }\\n ],\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]',
+ 'title' => '查看资源目录下用户信息',
+ ],
+ 'ListAccountsByLog' => [
+ 'summary' => '按日志查看账号列表。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'http',
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'read',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'list',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeCode' => '196080',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'ProdCode',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '产品的code。',
+ 'description' => '产品的code。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'qcloud_waf',
+ ],
+ ],
+ [
+ 'name' => 'LogCodes',
+ 'in' => 'formData',
+ 'style' => 'repeatList',
+ 'schema' => [
+ 'title' => '日志code列表,json数组格式。',
+ 'description' => '日志code列表,json数组格式。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '日志code列表,json数组格式。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '["cloud_siem_hcloud_waf_alert_log"]',
+ ],
+ 'required' => true,
+ 'example' => '["cloud_siem_hcloud_waf_alert_log"]',
+ 'maxItems' => 100,
+ ],
+ ],
+ [
+ 'name' => 'CloudCode',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '多云的code。取值:'."\n"
+ .' - hcloud:华为云。'."\n"
+ .' - qcloud:腾讯云。 '."\n"
+ .' - aliyun:阿里云。',
+ 'description' => '多云的code。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'hcloud',
+ 'enum' => [
+ 'qcloud',
+ 'hcloud',
+ 'aliyun',
+ 'idc',
+ ],
+ ],
+ ],
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'CloudSiemSuccessResponse<List<ListAccountsByLogResult>>',
+ 'description' => 'CloudSiemSuccessResponse<List<ListAccountsByLogResult>>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '请求返回值。',
+ 'type' => 'object',
+ 'properties' => [
+ 'SubUserId' => [
+ 'title' => '威胁分析云账号ID。',
+ 'description' => '威胁分析云账号ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '123XXXXXXXX',
+ ],
+ 'MainUserId' => [
+ 'title' => '购买威胁分析的云账号ID。',
+ 'description' => '购买威胁分析的云账号ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '123XXXXXXXXX',
+ ],
+ 'AccountId' => [
+ 'title' => '云账号ID。',
+ 'description' => '云账号ID。',
+ 'type' => 'string',
+ 'example' => '123xxxxxxx',
+ ],
+ 'AccountName' => [
+ 'title' => '云账号名称。',
+ 'description' => '云账号名称。',
+ 'type' => 'string',
+ 'example' => 'sas_account_xxx',
+ ],
+ 'Imported' => [
+ 'title' => '该账号是否已经接入。取值:'."\n"
+ .' -1:已接入。'."\n"
+ .' -0:未接入。',
+ 'description' => '该账号是否已经接入。取值:'."\n"
+ .' -1:已接入。'."\n"
+ .' -0:未接入。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '123xxxxxxx',
+ ],
+ 'LogCode' => [
+ 'title' => '日志code。',
+ 'description' => '日志code。',
+ 'type' => 'string',
+ 'example' => 'cloud_siem_waf_xxxxx',
+ ],
+ 'ProdCode' => [
+ 'title' => '日志对应的产品code。',
+ 'description' => '日志对应的产品code。',
+ 'type' => 'string',
+ 'example' => 'qcloud_waf',
+ ],
+ ],
+ ],
+ ],
+ 'RequestId' => [
+ 'title' => '请求消息ID。',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorCode' => 'InternalError',
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"SubUserId\\": 0,\\n \\"MainUserId\\": 0,\\n \\"AccountId\\": \\"123xxxxxxx\\",\\n \\"AccountName\\": \\"sas_account_xxx\\",\\n \\"Imported\\": 0,\\n \\"LogCode\\": \\"cloud_siem_waf_xxxxx\\",\\n \\"ProdCode\\": \\"qcloud_waf\\"\\n }\\n ],\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]',
+ 'title' => '按日志查看账号列表',
+ ],
+ 'DescribeUserBuyStatus' => [
+ 'summary' => '查看当前阿里云用户或对应的阿里云企业组织账号是否已经购买威胁分析。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'http',
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'read',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'get',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeCode' => '157646',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'SubUserId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '阿里云账号',
+ 'description' => '阿里云账号ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '123XXXXXX',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'CloudSiemSuccessResponse<UserBuyOrderStatusResult>',
+ 'description' => 'CloudSiemSuccessResponse<UserBuyOrderStatusResult>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '返回结果。',
+ 'type' => 'object',
+ 'properties' => [
+ 'MasterUserId' => [
+ 'title' => '资源目录Master账号ID。',
+ 'description' => '资源目录Master账号ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '123XXXXXX',
+ ],
+ 'MasterUserName' => [
+ 'title' => '资源目录Master账号显示名称。',
+ 'description' => '资源目录Master账号显示名称。',
+ 'type' => 'string',
+ 'example' => 'rd_master_xxx',
+ ],
+ 'MainUserId' => [
+ 'title' => '购买威胁分析的阿里云账号ID。',
+ 'description' => '购买威胁分析的阿里云账号ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '123XXXXXX',
+ ],
+ 'MainUserName' => [
+ 'title' => '购买威胁分析的阿里云账号名称。',
+ 'description' => '购买威胁分析的阿里云账号名称。',
+ 'type' => 'string',
+ 'example' => 'sas_account_xxx',
+ ],
+ 'SubUserId' => [
+ 'title' => '当前登录阿里云账号ID。',
+ 'description' => '当前登录阿里云账号ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '123XXXXXX',
+ ],
+ 'SubUserName' => [
+ 'title' => '当前登录阿里云账号名称。',
+ 'description' => '当前登录阿里云账号名称。',
+ 'type' => 'string',
+ 'example' => 'sas_account_xxx',
+ ],
+ 'Capacity' => [
+ 'title' => '购买威胁分析的SLS容量,单位GB。',
+ 'description' => '购买威胁分析的SLS容量,单位GB。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '1024',
+ ],
+ 'SasInstanceId' => [
+ 'title' => '云安全中心实例ID。',
+ 'description' => '云安全中心实例ID。',
+ 'type' => 'string',
+ 'example' => 'sas-instance-xxxxx',
+ ],
+ 'CanBuy' => [
+ 'title' => '当前账号是否可以进行威胁分析订单操作。取值:'."\n"
+ .' - true:可以购买、升级、变配等。'."\n"
+ .' - false:不可以操作威胁分析订单。',
+ 'description' => '当前账号是否可以进行威胁分析订单操作。取值:'."\n"
+ .'- true:可以购买、升级、变配等。'."\n"
+ .'- false:不可以操作威胁分析订单。',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'EndTime' => [
+ 'title' => '威胁分析到期时间,毫秒级时间戳。',
+ 'description' => '威胁分析到期时间,毫秒级时间戳。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '1669823999000',
+ ],
+ 'DurationDays' => [
+ 'title' => '距离威胁分析过期时间的天数。',
+ 'description' => '距离威胁分析过期时间的天数。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '3',
+ ],
+ 'RdOrder' => [
+ 'title' => '是否是siem公测版订单。',
+ 'description' => '当前订单形态。'."\n"
+ ."\n"
+ .'- 0:包含威胁分析流量和威胁分析容量的订单。'."\n"
+ ."\n"
+ .'- 1:只包含威胁分析容量的订单。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '1',
+ ],
+ ],
+ ],
+ 'RequestId' => [
+ 'title' => '请求消息ID。',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '81D8EC0C-0804-51AD-8C38-17ED0BC74892',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorCode' => 'InternalError',
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"MasterUserId\\": 0,\\n \\"MasterUserName\\": \\"rd_master_xxx\\",\\n \\"MainUserId\\": 0,\\n \\"MainUserName\\": \\"sas_account_xxx\\",\\n \\"SubUserId\\": 0,\\n \\"SubUserName\\": \\"sas_account_xxx\\",\\n \\"Capacity\\": 1024,\\n \\"SasInstanceId\\": \\"sas-instance-xxxxx\\",\\n \\"CanBuy\\": true,\\n \\"EndTime\\": 1669823999000,\\n \\"DurationDays\\": 3,\\n \\"RdOrder\\": 1\\n },\\n \\"RequestId\\": \\"81D8EC0C-0804-51AD-8C38-17ED0BC74892\\"\\n}","type":"json"}]',
+ 'title' => '查看阿里云用户威胁分析购买情况',
+ ],
+ 'ListProjectLogStores' => [
+ 'summary' => '根据云产品默认的sls project名字的pattern, logstore名字的pattern查找是否存在对应的project和logstore。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'http',
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'read',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'list',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'SourceProdCode',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '待查询的产品code。',
+ 'description' => '待查询的产品code。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'sas',
+ ],
+ ],
+ [
+ 'name' => 'SourceLogCode',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '待查询的日志code。',
+ 'description' => '待查询的日志code。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'cloud_siem_aegis_proc',
+ ],
+ ],
+ [
+ 'name' => 'SubUserId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '待查询云账号ID。',
+ 'description' => '待查询阿里云账号ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => true,
+ 'example' => '123XXXXXXXX',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'CloudSiemSuccessResponse<List<ListProjectLogStoreResult>>',
+ 'description' => 'CloudSiemSuccessResponse<List<ListProjectLogStoreResult>>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '返回结果。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '返回结果。',
+ 'type' => 'object',
+ 'properties' => [
+ 'Project' => [
+ 'title' => 'sls的project名字。',
+ 'description' => 'sls的project名字。',
+ 'type' => 'string',
+ 'example' => 'cloud-siem-project',
+ ],
+ 'LogStore' => [
+ 'title' => 'sls的logstore名字。',
+ 'description' => 'sls的logstore名字。',
+ 'type' => 'string',
+ 'example' => 'cloud-siem-logstore',
+ ],
+ 'EndPoint' => [
+ 'title' => 'sls的project的endpoint。',
+ 'description' => 'sls的project的endpoint。',
+ 'type' => 'string',
+ 'example' => 'cn-hangzhou.log.aliyuncs.com',
+ ],
+ 'RegionId' => [
+ 'title' => 'sls的project所在的region。',
+ 'description' => 'sls的project所在的region。',
+ 'type' => 'string',
+ 'example' => 'cn-hangzhou',
+ ],
+ 'LocalName' => [
+ 'title' => 'sls的project所在的region名字。',
+ 'description' => 'sls的project所在的region名字。',
+ 'type' => 'string',
+ 'example' => 'hangzhou',
+ ],
+ 'MainUserId' => [
+ 'title' => '购买威胁分析的阿里云账号ID。',
+ 'description' => '购买威胁分析的阿里云账号ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '123XXXXXXXXX',
+ ],
+ 'SubUserId' => [
+ 'title' => '威胁分析阿里云账号ID。',
+ 'description' => '待操作的威胁分析阿里云账号ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '123XXXXXXXX',
+ ],
+ 'SubUserName' => [
+ 'title' => '威胁分析阿里云账号名字。',
+ 'description' => '威胁分析阿里云账号名字。',
+ 'type' => 'string',
+ 'example' => 'sas_account_xxxx',
+ ],
+ ],
+ ],
+ ],
+ 'RequestId' => [
+ 'title' => '请求消息ID。',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorCode' => 'InternalError',
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ ],
+ ],
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"Project\\": \\"cloud-siem-project\\",\\n \\"LogStore\\": \\"cloud-siem-logstore\\",\\n \\"EndPoint\\": \\"cn-hangzhou.log.aliyuncs.com\\",\\n \\"RegionId\\": \\"cn-hangzhou\\",\\n \\"LocalName\\": \\"hangzhou\\",\\n \\"MainUserId\\": 0,\\n \\"SubUserId\\": 0,\\n \\"SubUserName\\": \\"sas_account_xxxx\\"\\n }\\n ],\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]',
+ 'title' => '自动查找SLS的LogStore信息',
+ ],
+ 'ModifyDataSource' => [
+ 'summary' => '修改已经添加的数据源描述信息。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'http',
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'write',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'update',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'AccountId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '云账号ID。',
+ 'description' => '云账号ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '123xxxxxx',
+ ],
+ ],
+ [
+ 'name' => 'DataSourceType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '数据源类型。',
+ 'description' => '数据源类型。取值:'."\n"
+ .'- ckafka:腾讯云ckafka。'."\n"
+ .'- obs:华为云obs。'."\n"
+ .'- wafApi:腾讯云waf攻击日志下载API。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'obs',
+ ],
+ ],
+ [
+ 'name' => 'DataSourceInstanceId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '数据源ID,由威胁分析根据具体参数计算md5生成。',
+ 'description' => '数据源ID,由威胁分析根据具体参数计算md5生成。'."\n"
+ .'可调用[DescribeDataSourceInstance](https://api.aliyun-inc.com/#/publishment/document/cloud-siem/863fdf54478f4cc5877e27c2a5fe9e44?tenantUuid=f382fccd88b94c5c8c864def6815b854&activeTabKey=api|DescribeDataSourceInstance)获取数据源ID。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => '220ba97c9d1fdb0b9c7e8c7ca328d7ea',
+ ],
+ ],
+ [
+ 'name' => 'DataSourceInstanceName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '数据源名称。',
+ 'description' => '数据源名称。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'beijing_waf_kafka',
+ ],
+ ],
+ [
+ 'name' => 'DataSourceInstanceRemark',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '数据源备注。',
+ 'description' => '数据源备注。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'waf_alert_log',
+ ],
+ ],
+ [
+ 'name' => 'DataSourceInstanceParams',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '数据源参数,json数组格式。',
+ 'description' => '数据源参数,json数组格式。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '[{"paraCode":"region_code","paraValue":"ap-guangzhou"}]',
+ ],
+ ],
+ [
+ 'name' => 'CloudCode',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '多云的code。',
+ 'description' => '多云的code。取值:'."\n"
+ .'- qcloud:腾讯云。'."\n"
+ .'- aliyun:阿里云。'."\n"
+ .'- hcloud:华为云。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'hcloud',
+ 'enum' => [
+ 'qcloud',
+ 'hcloud',
+ 'aliyun',
+ ],
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'CloudSiemSuccessResponse<ModifyDataSourceResult>',
+ 'description' => 'CloudSiemSuccessResponse<ModifyDataSourceResult>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'object',
+ 'properties' => [
+ 'Count' => [
+ 'title' => '修改数据源的数量,等于1表示成功,小于等于0表示失败。',
+ 'description' => '修改数据源的数量,等于1表示成功,小于等于0表示失败。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '1',
+ ],
+ 'DataSourceInstanceId' => [
+ 'title' => '数据源ID,由威胁分析根据具体参数计算md5生成。',
+ 'description' => '数据源ID,由威胁分析根据具体参数计算md5生成。',
+ 'type' => 'string',
+ 'example' => '220ba97c9d1fdb0b9c7e8c7ca328d7ea',
+ ],
+ ],
+ ],
+ 'RequestId' => [
+ 'title' => '请求消息ID。',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorCode' => 'InternalError',
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"Count\\": 1,\\n \\"DataSourceInstanceId\\": \\"220ba97c9d1fdb0b9c7e8c7ca328d7ea\\"\\n },\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]',
+ 'title' => '修改数据源',
+ ],
+ 'ModifyDataSourceLog' => [
+ 'summary' => '修改数据源下添加的日志相关说明信息。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'http',
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'write',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'update',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'LogCode',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '日志code。',
+ 'description' => '日志code。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cloud_siem_waf_xxxxx',
+ ],
+ ],
+ [
+ 'name' => 'AccountId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '云账号ID。',
+ 'description' => '云账号ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '123xxxxxxx',
+ ],
+ ],
+ [
+ 'name' => 'DataSourceType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '数据源类型。取值:'."\n"
+ .' - obs:华为云obs。'."\n"
+ .' - wafApi:腾讯云waf下载api。 '."\n"
+ .' - ckafka: 腾讯云ckafka。',
+ 'description' => '数据源类型。取值:'."\n"
+ .' - obs:华为云obs。'."\n"
+ .' - wafApi:腾讯云waf下载api。 '."\n"
+ .' - ckafka: 腾讯云ckafka。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'obs',
+ ],
+ ],
+ [
+ 'name' => 'DataSourceInstanceId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '数据源ID,由威胁分析根据具体参数计算md5生成。',
+ 'description' => '数据源ID,由威胁分析根据具体参数计算md5生成。'."\n"
+ .'可调用[DescribeDataSourceInstance](~~2639736~~)获取数据源ID。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'ef33097c9d1fdb0b9c7e8c7ca320pkl1',
+ ],
+ ],
+ [
+ 'name' => 'DataSourceInstanceLogs',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '数据源参数详情,json数组格式。',
+ 'description' => '数据源参数详情,json数组格式。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => '[{"LogCode":"cloud_siem_qcloud_waf_alert_log","LogParas":"[{\\"ParaCode\\":\\"api_name\\",\\"ParaValue\\":\\"GetAttackDownloadRecords\\"}]"}]',
+ ],
+ ],
+ [
+ 'name' => 'LogInstanceId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '日志ID,由威胁分析根据具体参数计算md5生成。',
+ 'description' => '日志ID,由威胁分析根据具体参数计算md5生成。可调用[ListDataSourceLogs](~~2639707~~)获取日志ID。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'ef33097c9d1fdb0b9c7e8c7ca320pkl1',
+ ],
+ ],
+ [
+ 'name' => 'CloudCode',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '多云的code。',
+ 'description' => '多云的code。取值:'."\n"
+ .'- qcloud:腾讯云。'."\n"
+ .'- aliyun:阿里云。'."\n"
+ .'- hcloud:华为云。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'hcloud',
+ 'enum' => [
+ 'qcloud',
+ 'hcloud',
+ 'aliyun',
+ ],
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'CloudSiemSuccessResponse<ModifyDataSourceLogResult>',
+ 'description' => 'CloudSiemSuccessResponse<ModifyDataSourceLogResult>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'object',
+ 'properties' => [
+ 'Count' => [
+ 'title' => '修改日志的数量,等于1表示成功,小于等于0表示失败。',
+ 'description' => '修改日志的数量,等于1表示成功,小于等于0表示失败。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '1',
+ ],
+ 'LogInstanceId' => [
+ 'title' => '日志的ID,由威胁分析根据具体参数计算md5生成。',
+ 'description' => '日志的ID,由威胁分析根据具体参数计算md5生成。',
+ 'type' => 'string',
+ 'example' => '220ba97c9d1fdb0b9c7e8c7ca328d7ea',
+ ],
+ ],
+ ],
+ 'RequestId' => [
+ 'title' => '请求消息ID。',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorCode' => 'InternalError',
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ ],
+ ],
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"Count\\": 1,\\n \\"LogInstanceId\\": \\"220ba97c9d1fdb0b9c7e8c7ca328d7ea\\"\\n },\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]',
+ 'title' => '修改日志',
+ ],
+ 'ModifyBindAccount' => [
+ 'summary' => '修改已经绑定的云账号。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'http',
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'write',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'update',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeCode' => '194689',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'AccessId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '云账号的AccessKeyId。',
+ 'description' => '云账号的AccessKeyId。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'ABCXXXXXXXXX',
+ ],
+ ],
+ [
+ 'name' => 'AccountName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '多云账号名称。',
+ 'description' => '多云账号名称。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'sas_account_xxx',
+ ],
+ ],
+ [
+ 'name' => 'BindId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '绑定记录ID。ListBindAccount接口返回的BindId。',
+ 'description' => '绑定记录ID。ListBindAccount接口返回的BindId。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => true,
+ 'example' => '123',
+ ],
+ ],
+ [
+ 'name' => 'AccountId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '云账号ID。',
+ 'description' => '云账号ID。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => '123xxxxxxx',
+ ],
+ ],
+ [
+ 'name' => 'CloudCode',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '多云的code。',
+ 'description' => '多云的code。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'hcloud',
+ 'enum' => [
+ 'qcloud',
+ 'hcloud',
+ ],
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'CloudSiemSuccessResponse<ModifyBindAccountResult>',
+ 'description' => 'CloudSiemSuccessResponse<ModifyBindAccountResult>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'object',
+ 'properties' => [
+ 'Count' => [
+ 'title' => '修改账号绑定的数量,等于1表示成功,小于等于0表示失败。',
+ 'description' => '修改账号绑定的数量,等于1表示成功,小于等于0表示失败。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '1',
+ ],
+ ],
+ ],
+ 'RequestId' => [
+ 'title' => '请求消息ID。',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorCode' => 'InternalError',
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ ],
+ ],
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"Count\\": 1\\n },\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]',
+ 'title' => '修改已经绑定的云账号',
+ ],
+ 'ListImportedLogsByProd' => [
+ 'summary' => '查看该产品下日志接入详情。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'http',
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'read',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'list',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeCode' => '195548',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'ProdCode',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '产品的code。',
+ 'description' => '产品的code。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'qcloud_waf',
+ ],
+ ],
+ [
+ 'name' => 'CloudCode',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '多云的code。取值:'."\n"
+ .' - hcloud:华为云。'."\n"
+ .' - qcloud:腾讯云。 '."\n"
+ .' - aliyun:阿里云。',
+ 'description' => '多云的code。取值:'."\n"
+ .'- qcloud:腾讯云。'."\n"
+ .'- aliyun:阿里云。'."\n"
+ .'- hcloud:华为云。',
+ 'type' => 'string',
+ 'required' => true,
+ 'enumValueTitles' => [],
+ 'example' => 'hcloud',
+ 'enum' => [
+ 'qcloud',
+ 'hcloud',
+ 'aliyun',
+ 'idc',
+ ],
+ ],
+ ],
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'CloudSiemSuccessResponse<List<ListImportedLogsByProdResult>>',
+ 'description' => 'CloudSiemSuccessResponse<List<ListImportedLogsByProdResult>>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '请求返回值。',
+ 'type' => 'object',
+ 'properties' => [
+ 'ProdCode' => [
+ 'title' => '日志对应的产品code。',
+ 'description' => '日志对应的产品code。',
+ 'type' => 'string',
+ 'example' => 'qcloud_waf',
+ ],
+ 'LogCode' => [
+ 'title' => '日志code。',
+ 'description' => '日志code。',
+ 'type' => 'string',
+ 'example' => 'cloud_siem_waf_xxxxx',
+ ],
+ 'LogMdsCode' => [
+ 'title' => '日志显示code。',
+ 'description' => '日志显示code。',
+ 'type' => 'string',
+ 'example' => '${siem.prod. cloud_siem_waf_xxxxx}',
+ ],
+ 'ImportedUserCount' => [
+ 'title' => '已接入该日志的用户数量。',
+ 'description' => '已接入该日志的用户数量。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '2',
+ ],
+ 'UnImportedUserCount' => [
+ 'title' => '未接入该日志的用户数量。',
+ 'description' => '未接入该日志的用户数量。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '3',
+ ],
+ 'TotalUserCount' => [
+ 'title' => '该日志下总共的用户数量。',
+ 'description' => '该日志下总共的用户数量。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '5',
+ ],
+ 'ModifyTime' => [
+ 'title' => '日志最后接入时间。',
+ 'description' => '日志最后接入时间。',
+ 'type' => 'string',
+ 'example' => '2023-11-23 12:30:00',
+ ],
+ 'Imported' => [
+ 'title' => '日志是否已经接入。取值:'."\n"
+ .' - 1:已接入。 '."\n"
+ .' - 0:未接入。',
+ 'description' => '日志是否已经接入。取值:'."\n"
+ .' - 1:已接入。 '."\n"
+ .' - 0:未接入。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '2023-11-23 12:30:00',
+ ],
+ 'AutoImported' => [
+ 'title' => '新增账号是否自动接入。取值:'."\n"
+ .' - 1:自动接入。 '."\n"
+ .' - 0:不自动接入。',
+ 'description' => '新增账号是否自动接入。取值:'."\n"
+ .' - 1:自动接入。 '."\n"
+ .' - 0:不自动接入。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '2023-11-23 12:30:00',
+ ],
+ 'LogType' => [
+ 'title' => '日志类型。取值:'."\n"
+ .' - 1:中心侧接入。 '."\n"
+ .' - 2:预定义日志服务。 '."\n"
+ .' -3:自定义日志服务',
+ 'description' => '日志类型。取值:'."\n"
+ .' - 1:中心侧接入。 '."\n"
+ .' - 2:预定义日志服务。 '."\n"
+ .' -3:自定义日志服务',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '2023-11-23 12:30:00',
+ ],
+ 'CloudCode' => [
+ 'title' => '多云的code。',
+ 'description' => '多云的code。取值:'."\n"
+ .'- qcloud:腾讯云。'."\n"
+ .'- aliyun:阿里云。'."\n"
+ .'- hcloud:华为云。',
+ 'type' => 'string',
+ 'example' => 'hcloud',
+ 'enum' => [
+ 'qcloud',
+ 'hcloud',
+ 'aliyun',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'RequestId' => [
+ 'title' => '请求消息ID。',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorCode' => 'InternalError',
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"ProdCode\\": \\"qcloud_waf\\",\\n \\"LogCode\\": \\"cloud_siem_waf_xxxxx\\",\\n \\"LogMdsCode\\": \\"${siem.prod. cloud_siem_waf_xxxxx}\\",\\n \\"ImportedUserCount\\": 2,\\n \\"UnImportedUserCount\\": 3,\\n \\"TotalUserCount\\": 5,\\n \\"ModifyTime\\": \\"2023-11-23 12:30:00\\",\\n \\"Imported\\": 0,\\n \\"AutoImported\\": 0,\\n \\"LogType\\": 0,\\n \\"CloudCode\\": \\"hcloud\\"\\n }\\n ],\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]',
+ 'title' => '查看该产品下日志接入详情',
+ ],
+ 'ListDataSourceTypes' => [
+ 'summary' => '枚举目前威胁分析支持的多云接入数据源类型。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'http',
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'read',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'list',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'CloudCode',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '多云的code。',
+ 'description' => '多云的code。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'hcloud',
+ 'enum' => [
+ 'qcloud',
+ 'hcloud',
+ ],
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'CloudSiemSuccessResponse<List<ListDataSourceTypesResult>>',
+ 'description' => 'CloudSiemSuccessResponse<List<ListDataSourceTypesResult>>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'array',
+ 'items' => [
+ 'type' => 'object',
+ 'properties' => [
+ 'DataSourceType' => [
+ 'title' => '数据源类型。取值:'."\n"
+ .' - obs:华为云obs。'."\n"
+ .' - wafApi:腾讯云waf下载api。 '."\n"
+ .' - ckafka: 腾讯云ckafka。',
+ 'description' => '数据源类型。取值:'."\n"
+ .' - obs:华为云obs。'."\n"
+ .' - wafApi:腾讯云waf下载api。 '."\n"
+ .' - ckafka: 腾讯云ckafka。',
+ 'type' => 'string',
+ 'example' => 'obs',
+ ],
+ 'CloudCode' => [
+ 'title' => '多云的code。',
+ 'description' => '多云的code。',
+ 'type' => 'string',
+ 'example' => 'hcloud',
+ 'enum' => [
+ 'qcloud',
+ 'hcloud',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'RequestId' => [
+ 'title' => '请求消息ID。',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'IllegalParameter',
+ 'errorMessage' => 'The specified parameter %s is not valid, only support %s',
+ ],
+ ],
+ 500 => [
+ [
+ 'errorCode' => 'InternalError',
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"DataSourceType\\": \\"obs\\",\\n \\"CloudCode\\": \\"hcloud\\"\\n }\\n ],\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]',
+ 'title' => '枚举数据源类型',
+ ],
+ 'ListDataSourceLogs' => [
+ 'summary' => '查看数据源下的日志列表。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'http',
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'read',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'list',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'DataSourceInstanceId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '数据源ID,由威胁分析根据具体参数计算md5生成。',
+ 'description' => '数据源ID,由威胁分析根据具体参数计算md5生成。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => '220ba97c9d1fdb0b9c7e8c7ca328d7ea',
+ ],
+ ],
+ [
+ 'name' => 'AccountId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '云账号ID。',
+ 'description' => '云账号ID。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => '123xxxxxx',
+ ],
+ ],
+ [
+ 'name' => 'CloudCode',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '多云的code。',
+ 'description' => '多云的code。取值:'."\n"
+ .'- qcloud:腾讯云。'."\n"
+ .'- aliyun:阿里云。'."\n"
+ .'- hcloud:华为云。',
+ 'type' => 'string',
+ 'required' => true,
+ 'enumValueTitles' => [],
+ 'example' => 'hcloud',
+ 'enum' => [
+ 'qcloud',
+ 'hcloud',
+ 'aliyun',
+ ],
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'CloudSiemSuccessResponse<ListDataSourceLogsResult>',
+ 'description' => 'CloudSiemSuccessResponse<ListDataSourceLogsResult>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'object',
+ 'properties' => [
+ 'SubUserId' => [
+ 'title' => '日志对应的阿里云账号ID。',
+ 'description' => '日志对应的阿里云账号ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '123XXXXXXXX',
+ ],
+ 'DataSourceInstanceId' => [
+ 'title' => '数据源ID,由威胁分析根据具体参数计算md5生成。',
+ 'description' => '数据源ID,由威胁分析根据具体参数计算md5生成。',
+ 'type' => 'string',
+ 'example' => '220ba97c9d1fdb0b9c7e8c7ca328d7ea',
+ ],
+ 'DataSourceInstanceName' => [
+ 'title' => '数据源名称。',
+ 'description' => '数据源名称。',
+ 'type' => 'string',
+ 'example' => 'waf kafka',
+ ],
+ 'DataSourceInstanceRemark' => [
+ 'title' => '数据源备注。',
+ 'description' => '数据源备注。',
+ 'type' => 'string',
+ 'example' => 'waf kafka',
+ ],
+ 'DataSourceInstanceLogs' => [
+ 'title' => '该数据源下日志列表。',
+ 'description' => '该数据源下日志列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'type' => 'object',
+ 'properties' => [
+ 'LogInstanceId' => [
+ 'title' => '日志的ID,由威胁分析根据具体参数计算md5生成。',
+ 'description' => '日志的ID,由威胁分析根据具体参数计算md5生成。',
+ 'type' => 'string',
+ 'example' => '220ba97c9d1fdb0b9c7e8c7ca328d7ea',
+ ],
+ 'LogCode' => [
+ 'title' => '日志code。',
+ 'description' => '日志code。',
+ 'type' => 'string',
+ 'example' => 'cloud_siem_waf_xxxxx',
+ ],
+ 'LogMdsCode' => [
+ 'title' => '日志显示code。',
+ 'description' => '日志显示code。',
+ 'type' => 'string',
+ 'example' => '${siem.prod.cloud_siem_waf_xxxxx}',
+ ],
+ 'LogParams' => [
+ 'title' => '日志详细参数列表。',
+ 'description' => '日志详细参数列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '日志参数',
+ 'type' => 'object',
+ 'properties' => [
+ 'ParaCode' => [
+ 'title' => '日志参数code。',
+ 'description' => '日志参数code。',
+ 'type' => 'string',
+ 'example' => 'region_code',
+ ],
+ 'ParaValue' => [
+ 'title' => '日志参数值。',
+ 'description' => '日志参数值。',
+ 'type' => 'string',
+ 'example' => 'ap-guangzhou',
+ ],
+ ],
+ ],
+ ],
+ 'TaskStatus' => [
+ 'title' => '日志对应的接入任务状态。取值:'."\n"
+ .' - 1:已接入。 '."\n"
+ .' - 0:未接入。',
+ 'description' => '日志对应的接入任务状态。取值:'."\n"
+ .' - 1:已接入。 '."\n"
+ .' - 0:未接入。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '1',
+ ],
+ ],
+ ],
+ ],
+ 'AccountId' => [
+ 'title' => '云账号ID。',
+ 'description' => '云账号ID。',
+ 'type' => 'string',
+ 'example' => '123xxxxxxx',
+ ],
+ 'CloudCode' => [
+ 'title' => '多云的code。',
+ 'description' => '多云的code。取值:'."\n"
+ .'- qcloud:腾讯云。'."\n"
+ .'- aliyun:阿里云。'."\n"
+ .'- hcloud:华为云',
+ 'type' => 'string',
+ 'example' => 'hcloud',
+ 'enum' => [
+ 'qcloud',
+ 'hcloud',
+ ],
+ ],
+ ],
+ ],
+ 'RequestId' => [
+ 'title' => '请求消息ID。',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorCode' => 'InternalError',
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ ],
+ ],
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"SubUserId\\": 0,\\n \\"DataSourceInstanceId\\": \\"220ba97c9d1fdb0b9c7e8c7ca328d7ea\\",\\n \\"DataSourceInstanceName\\": \\"waf kafka\\",\\n \\"DataSourceInstanceRemark\\": \\"waf kafka\\",\\n \\"DataSourceInstanceLogs\\": [\\n {\\n \\"LogInstanceId\\": \\"220ba97c9d1fdb0b9c7e8c7ca328d7ea\\",\\n \\"LogCode\\": \\"cloud_siem_waf_xxxxx\\",\\n \\"LogMdsCode\\": \\"${siem.prod.cloud_siem_waf_xxxxx}\\",\\n \\"LogParams\\": [\\n {\\n \\"ParaCode\\": \\"region_code\\",\\n \\"ParaValue\\": \\"ap-guangzhou\\"\\n }\\n ],\\n \\"TaskStatus\\": 1\\n }\\n ],\\n \\"AccountId\\": \\"123xxxxxxx\\",\\n \\"CloudCode\\": \\"hcloud\\"\\n },\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]',
+ 'title' => '查看数据源下的日志列表',
+ ],
+ 'ListBindDataSources' => [
+ 'summary' => '枚举所有数据源。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'http',
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'read',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'list',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'AccountId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '云账号ID。',
+ 'description' => '云账号ID。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => '123xxxxxxx',
+ ],
+ ],
+ [
+ 'name' => 'CloudCode',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '多云的code。',
+ 'description' => '多云的code。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'hcloud',
+ 'enum' => [
+ 'qcloud',
+ 'hcloud',
+ 'aliyun',
+ ],
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'CloudSiemSuccessResponse<List<ListBindDataSourcesResult>>',
+ 'description' => 'CloudSiemSuccessResponse<List<ListBindDataSourcesResult>>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'array',
+ 'items' => [
+ 'type' => 'object',
+ 'properties' => [
+ 'AccountName' => [
+ 'title' => '多云账号名称。',
+ 'description' => '多云账号名称。',
+ 'type' => 'string',
+ 'example' => 'sas_tq_account_xxxx',
+ ],
+ 'DataSourceInstanceId' => [
+ 'title' => '数据源ID,由威胁分析根据具体参数计算md5生成。',
+ 'description' => '数据源ID,由威胁分析根据具体参数计算md5生成。',
+ 'type' => 'string',
+ 'example' => '220ba97c9d1fdb0b9c7e8c7ca328d7ea',
+ ],
+ 'DataSourceType' => [
+ 'title' => '数据源类型。取值:'."\n"
+ .' - obs:华为云obs。'."\n"
+ .' - wafApi:腾讯云waf下载api。 '."\n"
+ .' - ckafka: 腾讯云ckafka。',
+ 'description' => '数据源类型。取值:'."\n"
+ .' - obs:华为云obs。'."\n"
+ .' - wafApi:腾讯云waf下载api。 '."\n"
+ .' - ckafka: 腾讯云ckafka。',
+ 'type' => 'string',
+ 'example' => 'obs',
+ ],
+ 'DataSourceName' => [
+ 'title' => '数据源名称。',
+ 'description' => '数据源名称。',
+ 'type' => 'string',
+ 'example' => 'waf_kafka',
+ ],
+ 'DataSourceRemark' => [
+ 'title' => '数据源备注。',
+ 'description' => '数据源备注。',
+ 'type' => 'string',
+ 'example' => 'waf_kafka',
+ ],
+ 'LogCount' => [
+ 'title' => '该数据源下已添加的日志的数量。',
+ 'description' => '该数据源下已添加的日志的数量。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '1',
+ ],
+ 'TaskCount' => [
+ 'title' => '该数据源下已创建的日志接入任务的数量。',
+ 'description' => '该数据源下已创建的日志接入任务的数量。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '0',
+ ],
+ 'AccountId' => [
+ 'title' => '云账号ID。',
+ 'description' => '云账号ID。',
+ 'type' => 'string',
+ 'example' => '123xxxxxxx',
+ ],
+ 'CloudCode' => [
+ 'title' => '多云的code。',
+ 'description' => '多云的code。取值:'."\n"
+ .'- qcloud:腾讯云。'."\n"
+ .'- aliyun:阿里云。'."\n"
+ .'- hcloud:华为云。',
+ 'type' => 'string',
+ 'example' => 'hcloud',
+ 'enum' => [
+ 'qcloud',
+ 'hcloud',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'RequestId' => [
+ 'title' => '请求消息ID。',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorCode' => 'InternalError',
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ ],
+ ],
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"AccountName\\": \\"sas_tq_account_xxxx\\",\\n \\"DataSourceInstanceId\\": \\"220ba97c9d1fdb0b9c7e8c7ca328d7ea\\",\\n \\"DataSourceType\\": \\"obs\\",\\n \\"DataSourceName\\": \\"waf_kafka\\",\\n \\"DataSourceRemark\\": \\"waf_kafka\\",\\n \\"LogCount\\": 1,\\n \\"TaskCount\\": 0,\\n \\"AccountId\\": \\"123xxxxxxx\\",\\n \\"CloudCode\\": \\"hcloud\\"\\n }\\n ],\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]',
+ 'title' => '枚举所有数据源',
+ ],
+ 'ListAllProds' => [
+ 'summary' => '查看当前威胁分析已经支持的数据接入的云产品列表。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'http',
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'read',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'list',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeCode' => '195975',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'CloudSiemSuccessResponse<ListAllProdsResult>',
+ 'description' => 'CloudSiemSuccessResponse<ListAllProdsResult>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'object',
+ 'properties' => [
+ 'TotalCount' => [
+ 'title' => '日志总数。',
+ 'description' => '日志总数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '19',
+ ],
+ 'PageSize' => [
+ 'title' => '每页的大小。',
+ 'description' => '每页的大小。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '10',
+ ],
+ 'CurrentPage' => [
+ 'title' => '当前页。',
+ 'description' => '当前页。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '1',
+ ],
+ 'ProdList' => [
+ 'title' => '产品列表。',
+ 'description' => '产品列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'type' => 'object',
+ 'properties' => [
+ 'ProdCode' => [
+ 'title' => '产品code。',
+ 'description' => '产品code。',
+ 'type' => 'string',
+ 'example' => 'sas',
+ ],
+ 'TotalLogCount' => [
+ 'title' => '该产品下总共的日志数量。',
+ 'description' => '该产品下总共的日志数量。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '19',
+ ],
+ 'ImportedLogCount' => [
+ 'title' => '该产品下已经接入的日志数量。',
+ 'description' => '该产品下已经接入的日志数量。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '10',
+ ],
+ 'ModifyTime' => [
+ 'title' => '该产品下日志最近接入时间。',
+ 'description' => '该产品下日志最近接入时间。',
+ 'type' => 'string',
+ 'example' => '2023-11-23 12:12:12',
+ ],
+ 'CloudCode' => [
+ 'title' => '多云的code。',
+ 'description' => '多云的code。取值:'."\n"
+ .'- qcloud:腾讯云。'."\n"
+ .'- aliyun:阿里云。'."\n"
+ .'- hcloud:华为云。',
+ 'type' => 'string',
+ 'example' => 'hcloud',
+ 'enum' => [
+ 'qcloud',
+ 'hcloud',
+ 'aliyun',
+ ],
+ ],
+ ],
+ ],
+ 'example' => '1',
+ ],
+ ],
+ ],
+ 'RequestId' => [
+ 'title' => '请求消息ID。',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorCode' => 'InternalError',
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"TotalCount\\": 19,\\n \\"PageSize\\": 10,\\n \\"CurrentPage\\": 1,\\n \\"ProdList\\": [\\n {\\n \\"ProdCode\\": \\"sas\\",\\n \\"TotalLogCount\\": 19,\\n \\"ImportedLogCount\\": 10,\\n \\"ModifyTime\\": \\"2023-11-23 12:12:12\\",\\n \\"CloudCode\\": \\"hcloud\\"\\n }\\n ]\\n },\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]',
+ 'title' => '查看云产品列表',
+ ],
+ 'EnableServiceForCloudSiem' => [
+ 'summary' => '为威胁分析开通资源目录授权,需要使用资源目录管理员调用。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'http',
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'write',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'create',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'CloudSiemSuccessResponse<Boolean>',
+ 'description' => 'CloudSiemSuccessResponse<Boolean>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。取值:'."\n"
+ .'- true:开通成功。'."\n"
+ .'- false:开通失败。',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'RequestId' => [
+ 'title' => '请求消息ID。',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorCode' => 'InternalError',
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ ],
+ ],
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": true,\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]',
+ 'title' => '开通资源目录权限',
+ ],
+ 'EnableAccessForCloudSiem' => [
+ 'summary' => '用户授权接口,点击将创建威胁分析角色AliyunServiceRoleForSasCloudSiem。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'http',
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'readAndWrite',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'create',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeCode' => '158612',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'AutoSubmit',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '是否自动接入云安全中心、Web应用防火墙、云防火墙的告警日志,默认自动接入。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'CloudSiemSuccessResponse<Boolean>',
+ 'description' => 'CloudSiemSuccessResponse<Boolean>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'RequestId' => [
+ 'title' => '请求消息ID。',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorCode' => 'InternalError',
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": true,\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]',
+ 'title' => '创建威胁分析SLR',
+ ],
+ 'DescribeServiceStatus' => [
+ 'summary' => '查看资源目录是否已给威胁分析授权。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'http',
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'read',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'get',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'CloudSiemSuccessResponse<Boolean>',
+ 'description' => 'CloudSiemSuccessResponse<Boolean>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。'."\n"
+ .'- true:已经开通权限。'."\n"
+ .'- false:未开通权限。',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'RequestId' => [
+ 'title' => '请求消息ID。',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorCode' => 'InternalError',
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": true,\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]',
+ 'title' => '查看资源目录是否已给威胁分析授权',
+ ],
+ 'DescribeProdCount' => [
+ 'summary' => '查看阿里云、腾讯云、华为云已经支持接入到威胁分析的云产品数量。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'http',
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'read',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'get',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeCode' => '195547',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '0,单账号登录;1,全局视图;2,切换视图;3,局部视图',
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'CloudSiemSuccessResponse<DescribeProdCountResult>',
+ 'description' => 'CloudSiemSuccessResponse<DescribeProdCountResult>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'object',
+ 'properties' => [
+ 'AliyunProdCount' => [
+ 'title' => '阿里云产品的数量。',
+ 'description' => '阿里云产品的数量。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '19',
+ ],
+ 'HcloudProdCount' => [
+ 'title' => '华为云产品的数量。',
+ 'description' => '华为云产品的数量。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '2',
+ ],
+ 'QcloudProdCount' => [
+ 'title' => '腾讯云产品的数量。',
+ 'description' => '腾讯云产品的数量。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '2',
+ ],
+ 'IdcProdCount' => [
+ 'title' => 'IDC产品的数量。',
+ 'description' => 'IDC产品的数量。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '2',
+ ],
+ 'AliyunImportedCount' => [
+ 'description' => '阿里云产品自动接入的数量。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '2',
+ ],
+ 'HcloudImportedCount' => [
+ 'description' => '华为云自动接入产品的数量。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '2',
+ ],
+ 'QcloudImportedCount' => [
+ 'description' => '腾讯云产品自动接入的数量。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '2',
+ ],
+ 'IdcImportedCount' => [
+ 'description' => 'IDC产品自动接入的数量。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '2',
+ ],
+ ],
+ ],
+ 'RequestId' => [
+ 'title' => '请求消息ID。',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorCode' => 'InternalError',
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"AliyunProdCount\\": 19,\\n \\"HcloudProdCount\\": 2,\\n \\"QcloudProdCount\\": 2,\\n \\"IdcProdCount\\": 2,\\n \\"AliyunImportedCount\\": 2,\\n \\"HcloudImportedCount\\": 2,\\n \\"QcloudImportedCount\\": 2,\\n \\"IdcImportedCount\\": 2\\n },\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]',
+ 'title' => '查看多云产品数量',
+ ],
+ 'DescribeImportedLogCount' => [
+ 'summary' => '查看接入日志的数量。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'http',
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'read',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'get',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeCode' => '195544',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '1',
+ 'pattern' => '^\\d+$',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '113091674488****',
+ 'pattern' => '^\\d+$',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'CloudSiemSuccessResponse<DescribeImportedLogCountResult>',
+ 'description' => 'CloudSiemSuccessResponse<DescribeImportedLogCountResult>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'object',
+ 'properties' => [
+ 'TotalLogCount' => [
+ 'title' => '日志总数。',
+ 'description' => '日志总数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '59',
+ ],
+ 'ImportedLogCount' => [
+ 'title' => '已接入的日志的数量。',
+ 'description' => '已接入的日志的数量。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '10',
+ ],
+ 'UnImportedLogCount' => [
+ 'title' => '未接入的日志的数量。',
+ 'description' => '未接入的日志的数量。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '49',
+ ],
+ ],
+ ],
+ 'RequestId' => [
+ 'title' => '请求消息ID。',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorCode' => 'InternalError',
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"TotalLogCount\\": 59,\\n \\"ImportedLogCount\\": 10,\\n \\"UnImportedLogCount\\": 49\\n },\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]',
+ 'title' => '查看接入日志的数量',
+ ],
+ 'DescribeDataSourceParameters' => [
+ 'summary' => '获取数据源参数详情。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'http',
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'read',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'get',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'DataSourceType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '接入的数据源类型。 取值: '."\n"
+ .' - ckafka:腾讯云ckafka。 '."\n"
+ .' - obs:华为云obs。 '."\n"
+ .' - wafApi:腾讯云waf攻击日志下载api。 ',
+ 'description' => '接入的数据源类型。取值:'."\n"
+ .' - **ckafka**:腾讯云ckafka。 '."\n"
+ .' - **obs**:华为云obs。 '."\n"
+ .' - **wafApi**:腾讯云waf攻击日志下载api。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'obs',
+ ],
+ ],
+ [
+ 'name' => 'CloudCode',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '多云的code。',
+ 'description' => '多云的code。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'hcloud',
+ 'enum' => [
+ 'qcloud',
+ 'hcloud',
+ 'aliyun',
+ ],
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'CloudSiemSuccessResponse<List<DescribeDataSourceParametersResult>>',
+ 'description' => 'CloudSiemSuccessResponse<List<DescribeDataSourceParametersResult>>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '请求返回值。',
+ 'type' => 'object',
+ 'properties' => [
+ 'DataSourceType' => [
+ 'title' => '数据源类型。取值:'."\n"
+ .' - obs:华为云obs。'."\n"
+ .' - wafApi:腾讯云waf下载api。 '."\n"
+ .' - ckafka: 腾讯云ckafka。',
+ 'description' => '数据源类型。取值:'."\n"
+ .' - **obs**:华为云obs。'."\n"
+ .' - **wafApi**:腾讯云waf下载api。 '."\n"
+ .' - **ckafka**: 腾讯云ckafka。',
+ 'type' => 'string',
+ 'example' => 'obs',
+ ],
+ 'ParaLevel' => [
+ 'title' => '参数级别。取值:'."\n"
+ .' - 1:数据源参数。'."\n"
+ .'- 2:日志参数。',
+ 'description' => '参数级别。取值:'."\n"
+ .' - **1**:数据源参数。'."\n"
+ .'- **2**:日志参数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '1',
+ ],
+ 'ParaCode' => [
+ 'title' => '参数code。',
+ 'description' => '参数code。',
+ 'type' => 'string',
+ 'example' => 'region_code',
+ ],
+ 'ParaName' => [
+ 'title' => '参数名字。',
+ 'description' => '参数名字。',
+ 'type' => 'string',
+ 'example' => 'region local',
+ ],
+ 'ParaType' => [
+ 'title' => '参数类型。',
+ 'description' => '参数类型。',
+ 'type' => 'string',
+ 'example' => 'string',
+ ],
+ 'Required' => [
+ 'title' => '是否必选参数。取值:'."\n"
+ .' - 1:必选。'."\n"
+ .' - 0:非必选。',
+ 'description' => '是否必选参数。取值:'."\n"
+ .' - **1**:必选。'."\n"
+ .' - **0**:非必选。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => 'string',
+ ],
+ 'FormatCheck' => [
+ 'title' => '格式校验方式。',
+ 'description' => '格式校验方式。',
+ 'type' => 'string',
+ 'example' => 'email',
+ ],
+ 'Title' => [
+ 'title' => '参数值提示。',
+ 'description' => '参数值提示。',
+ 'type' => 'string',
+ 'example' => 'obs bucket name',
+ ],
+ 'Hit' => [
+ 'title' => '更多说明。',
+ 'description' => '更多说明。',
+ 'type' => 'string',
+ 'example' => 'obs docment',
+ ],
+ 'DefaultValue' => [
+ 'title' => '默认参数值。',
+ 'description' => '默认参数值。',
+ 'type' => 'string',
+ 'example' => 'wafApi',
+ ],
+ 'Disabled' => [
+ 'title' => '是否禁止修改。取值:'."\n"
+ .' - true:禁止修改。 '."\n"
+ .' - false:可以修改。',
+ 'description' => '是否禁止修改。取值:'."\n"
+ .' - **true**:禁止修改。 '."\n"
+ .' - **false**:可以修改。',
+ 'type' => 'boolean',
+ 'example' => 'wafApi',
+ ],
+ 'CanEditted' => [
+ 'title' => '是否可编辑。取值:'."\n"
+ .' - 0:禁止修改。 '."\n"
+ .' - 1:可以修改。',
+ 'description' => '是否可编辑。取值:'."\n"
+ .' - **0**:禁止修改。 '."\n"
+ .' - **1**:可以修改。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => 'wafApi',
+ ],
+ 'ParamValue' => [
+ 'title' => '具体的参数列表。',
+ 'description' => '具体的参数列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '参数值。',
+ 'type' => 'object',
+ 'properties' => [
+ 'Label' => [
+ 'title' => '展示内容。',
+ 'description' => '展示内容。',
+ 'type' => 'string',
+ 'example' => 'guangzhou',
+ ],
+ 'Value' => [
+ 'title' => '实际的参数内容。',
+ 'description' => '实际的参数内容。',
+ 'type' => 'string',
+ 'example' => 'ap-guangzhou',
+ ],
+ ],
+ ],
+ ],
+ 'CloudCode' => [
+ 'title' => '多云的code。',
+ 'description' => '多云的code。取值:'."\n"
+ .'- **qcloud**:腾讯云。'."\n"
+ .'- **aliyun**:阿里云。'."\n"
+ .'- **hcloud**:华为云。',
+ 'type' => 'string',
+ 'example' => 'hcloud',
+ 'enum' => [
+ 'qcloud',
+ 'hcloud',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'RequestId' => [
+ 'title' => '请求消息ID。',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorCode' => 'InternalError',
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ ],
+ ],
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"DataSourceType\\": \\"obs\\",\\n \\"ParaLevel\\": 1,\\n \\"ParaCode\\": \\"region_code\\",\\n \\"ParaName\\": \\"region local\\",\\n \\"ParaType\\": \\"string\\",\\n \\"Required\\": 0,\\n \\"FormatCheck\\": \\"email\\",\\n \\"Title\\": \\"obs bucket name\\",\\n \\"Hit\\": \\"obs docment\\",\\n \\"DefaultValue\\": \\"wafApi\\",\\n \\"Disabled\\": true,\\n \\"CanEditted\\": 0,\\n \\"ParamValue\\": [\\n {\\n \\"Label\\": \\"guangzhou\\",\\n \\"Value\\": \\"ap-guangzhou\\"\\n }\\n ],\\n \\"CloudCode\\": \\"hcloud\\"\\n }\\n ],\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]',
+ 'title' => '获取数据源参数详情',
+ ],
+ 'DescribeDataSourceInstance' => [
+ 'summary' => '查看数据源详情。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'http',
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'read',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'get',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'DataSourceInstanceId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '数据源ID,由威胁分析根据具体参数计算md5生成。',
+ 'description' => '数据源ID,由威胁分析根据具体参数计算md5生成。可调用[ListDataSourceLogs](https://api.aliyun-inc.com/#/publishment/document/cloud-siem/863fdf54478f4cc5877e27c2a5fe9e44?tenantUuid=f382fccd88b94c5c8c864def6815b854&activeTabKey=api|ListDataSourceLogs)获取数据源ID。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => '220ba97c9d1fdb0b9c7e8c7ca328d7ea',
+ ],
+ ],
+ [
+ 'name' => 'AccountId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '云账号ID。',
+ 'description' => '云账号ID。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => '123xxxxxxx',
+ ],
+ ],
+ [
+ 'name' => 'CloudCode',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '多云的code。',
+ 'description' => '多云的code。取值:'."\n"
+ .'- qcloud:腾讯云。'."\n"
+ .'- aliyun:阿里云。'."\n"
+ .'- hcloud:华为云。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'hcloud',
+ 'enum' => [
+ 'qcloud',
+ 'hcloud',
+ 'aliyun',
+ ],
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'CloudSiemSuccessResponse<DescribeDataSourceInstanceResult>',
+ 'description' => 'CloudSiemSuccessResponse<DescribeDataSourceInstanceResult>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'object',
+ 'properties' => [
+ 'DataSourceInstanceId' => [
+ 'title' => '数据源ID,由威胁分析根据具体参数计算md5生成。',
+ 'description' => '数据源ID,由威胁分析根据具体参数计算md5生成。',
+ 'type' => 'string',
+ 'example' => '220ba97c9d1fdb0b9c7e8c7ca328d7ea',
+ ],
+ 'DataSourceInstanceParams' => [
+ 'title' => '数据源的详细参数列表。',
+ 'description' => '数据源的详细参数列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'type' => 'object',
+ 'properties' => [
+ 'ParaCode' => [
+ 'title' => '参数code。',
+ 'description' => '参数code。',
+ 'type' => 'string',
+ 'example' => 'region_code',
+ ],
+ 'ParaValue' => [
+ 'title' => '参数值。',
+ 'description' => '参数值。',
+ 'type' => 'string',
+ 'example' => 'ap-guangzhou',
+ ],
+ ],
+ ],
+ ],
+ 'AccountId' => [
+ 'title' => '云账号ID。',
+ 'description' => '云账号ID。',
+ 'type' => 'string',
+ 'example' => '123xxxxxxx',
+ ],
+ 'CloudCode' => [
+ 'title' => '多云的code。',
+ 'description' => '多云的code。取值:'."\n"
+ .'- qcloud:腾讯云。'."\n"
+ .'- aliyun:阿里云。'."\n"
+ .'- hcloud:华为云。',
+ 'type' => 'string',
+ 'example' => 'hcloud',
+ 'enum' => [
+ 'qcloud',
+ 'hcloud',
+ ],
+ ],
+ ],
+ ],
+ 'RequestId' => [
+ 'title' => '请求消息ID。',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorCode' => 'InternalError',
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ ],
+ ],
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"DataSourceInstanceId\\": \\"220ba97c9d1fdb0b9c7e8c7ca328d7ea\\",\\n \\"DataSourceInstanceParams\\": [\\n {\\n \\"ParaCode\\": \\"region_code\\",\\n \\"ParaValue\\": \\"ap-guangzhou\\"\\n }\\n ],\\n \\"AccountId\\": \\"123xxxxxxx\\",\\n \\"CloudCode\\": \\"hcloud\\"\\n },\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]',
+ 'title' => '查看数据源详情',
+ ],
+ 'DescribeAuth' => [
+ 'summary' => '检查阿里云账号是否已经给SIEM授权,已经创建了AliyunServiceRoleForSasCloudSiem角色。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'http',
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'read',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'get',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港,选择该项。'."\n"
+ .'- ap-southeast-1:资产属于海外地域,选择该项。',
+ 'type' => 'string',
+ 'required' => false,
+ 'enumValueTitles' => [
+ 'ap-southeast-1' => '新加坡',
+ 'cn-hangzhou' => '杭州',
+ ],
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'CloudSiemSuccessResponse<Boolean>',
+ 'description' => 'CloudSiemResponse<Boolean>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。'."\n"
+ .'- true 已经开通权限。'."\n"
+ .'- false 未开通权限。',
+ 'type' => 'boolean',
+ 'enumValueTitles' => [],
+ 'example' => 'true',
+ ],
+ 'RequestId' => [
+ 'title' => '请求消息ID。',
+ 'description' => '本次请求的id。',
+ 'type' => 'string',
+ 'example' => '4F539347-7D9A-51EA-8ABF-5D5507045C5C',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorCode' => 'InternalError',
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ ],
+ ],
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": true,\\n \\"RequestId\\": \\"4F539347-7D9A-51EA-8ABF-5D5507045C5C\\"\\n}","type":"json"}]',
+ 'title' => '检查是否已经开通SIEM权限',
+ ],
+ 'DeleteDataSourceLog' => [
+ 'summary' => '删除日志。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'http',
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'write',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'delete',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'LogInstanceId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '日志ID,由威胁分析根据具体参数计算md5生成。',
+ 'description' => '日志ID,由威胁分析根据具体参数计算md5生成。可调用[ListDataSourceLogs](https://api.aliyun-inc.com/#/publishment/document/cloud-siem/863fdf54478f4cc5877e27c2a5fe9e44?tenantUuid=f382fccd88b94c5c8c864def6815b854&activeTabKey=api|ListDataSourceLogs)获取日志ID。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'ef33097c9d1fdb0b9c7e8c7ca320pkl1',
+ ],
+ ],
+ [
+ 'name' => 'DataSourceInstanceId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '数据源ID,由威胁分析根据具体参数计算md5生成。',
+ 'description' => '数据源ID,由威胁分析根据具体参数计算md5生成。可调用[ListDataSourceLogs](https://api.aliyun-inc.com/#/publishment/document/cloud-siem/863fdf54478f4cc5877e27c2a5fe9e44?tenantUuid=f382fccd88b94c5c8c864def6815b854&activeTabKey=api|ListDataSourceLogs)获取数据源ID。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => '220ba97c9d1fdb0b9c7e8c7ca328d7ea',
+ ],
+ ],
+ [
+ 'name' => 'AccountId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '云账号ID。',
+ 'description' => '云账号ID。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => '123xxxxxxx',
+ ],
+ ],
+ [
+ 'name' => 'CloudCode',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '多云的code。',
+ 'description' => '多云的code。取值:'."\n"
+ .'- qcloud:腾讯云。'."\n"
+ .'- aliyun:阿里云。'."\n"
+ .'- hcloud:华为云。',
+ 'type' => 'string',
+ 'required' => true,
+ 'enumValueTitles' => [],
+ 'example' => 'hcloud',
+ 'enum' => [
+ 'qcloud',
+ 'hcloud',
+ 'aliyun',
+ ],
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'CloudSiemSuccessResponse<DeleteDataSourceLogResult>',
+ 'description' => 'CloudSiemSuccessResponse<DeleteDataSourceLogResult>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'object',
+ 'properties' => [
+ 'Count' => [
+ 'title' => '删除的日志的数量,等于1表示成功,小于等于0表示失败。',
+ 'description' => '删除的日志的数量,等于1表示成功,小于等于0表示失败。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '1',
+ ],
+ 'LogInstanceId' => [
+ 'title' => '日志ID,由威胁分析根据具体参数计算md5生成。',
+ 'description' => '日志ID,由威胁分析根据具体参数计算md5生成。',
+ 'type' => 'string',
+ 'example' => 'ef33097c9d1fdb0b9c7e8c7ca320pkl1',
+ ],
+ ],
+ ],
+ 'RequestId' => [
+ 'title' => '请求消息ID。',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorCode' => 'InternalError',
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ ],
+ ],
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"Count\\": 1,\\n \\"LogInstanceId\\": \\"ef33097c9d1fdb0b9c7e8c7ca320pkl1\\"\\n },\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]',
+ 'title' => '删除日志',
+ ],
+ 'DeleteDataSource' => [
+ 'summary' => '如果已添加的数据源不再使用,可以调用接口删除数据源。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'http',
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'write',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'delete',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'DataSourceInstanceId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '数据源ID,由威胁分析根据具体参数计算md5生成。',
+ 'description' => '数据源ID,由威胁分析根据具体参数计算md5生成。可调用[ListDataSourceLogs](https://api.aliyun-inc.com/#/publishment/document/cloud-siem/863fdf54478f4cc5877e27c2a5fe9e44?tenantUuid=f382fccd88b94c5c8c864def6815b854&activeTabKey=api|ListDataSourceLogs)获取数据源ID。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => '220ba97c9d1fdb0b9c7e8c7ca328d7ea',
+ ],
+ ],
+ [
+ 'name' => 'AccountId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '云账号ID。',
+ 'description' => '云账号ID。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => '123xxxxxxx',
+ ],
+ ],
+ [
+ 'name' => 'CloudCode',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '多云的code。',
+ 'description' => '多云的code。取值:'."\n"
+ .'- qcloud:腾讯云。'."\n"
+ .'- aliyun:阿里云。'."\n"
+ .'- hcloud:华为云。',
+ 'type' => 'string',
+ 'required' => true,
+ 'enumValueTitles' => [],
+ 'example' => 'hcloud',
+ 'enum' => [
+ 'qcloud',
+ 'hcloud',
+ 'aliyun',
+ ],
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'CloudSiemSuccessResponse<DeleteDataSourceResult>',
+ 'description' => 'CloudSiemSuccessResponse<DeleteDataSourceResult>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'object',
+ 'properties' => [
+ 'Count' => [
+ 'title' => '删除的数据源的数量,等于1表示成功,小于等于0表示失败。',
+ 'description' => '删除的数据源的数量,等于1表示成功,小于等于0表示失败。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '1',
+ ],
+ ],
+ ],
+ 'RequestId' => [
+ 'title' => '请求消息ID。',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorCode' => 'InternalError',
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ ],
+ ],
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"Count\\": 1\\n },\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]',
+ 'title' => '删除数据源',
+ ],
+ 'DeleteBindAccount' => [
+ 'summary' => '解除已经绑定到威胁分析数据源模块的多云(腾讯云、华为云)子账号AK,解绑后可以更换账号重新绑定。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'http',
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'write',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'delete',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeCode' => '194688',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'BindId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '绑定ID。',
+ 'description' => '绑定ID。可调用[ListBindAccount](https://api.aliyun-inc.com/#/publishment/document/cloud-siem/863fdf54478f4cc5877e27c2a5fe9e44?tenantUuid=f382fccd88b94c5c8c864def6815b854&activeTabKey=api|ListBindAccount)获取绑定ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '10',
+ ],
+ ],
+ [
+ 'name' => 'AccountId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '云账号ID。',
+ 'description' => '云账号ID。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => '123xxxxxxx',
+ ],
+ ],
+ [
+ 'name' => 'AccessId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '云账号AccessKeyId。',
+ 'description' => '云账号AccessKeyId。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'ABCXXXXXXXX',
+ ],
+ ],
+ [
+ 'name' => 'CloudCode',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '多云的code。',
+ 'description' => '多云的code。取值:'."\n"
+ .'- qcloud:腾讯云。'."\n"
+ .'- aliyun:阿里云。'."\n"
+ .'- hcloud:华为云',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'hcloud',
+ 'enum' => [
+ 'qcloud',
+ 'hcloud',
+ ],
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'CloudSiemSuccessResponse<DeleteBindAccountResult>',
+ 'description' => 'CloudSiemSuccessResponse<DeleteBindAccountResult>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'object',
+ 'properties' => [
+ 'Count' => [
+ 'title' => '删除账号绑定的数量,等于1表示成功,小于等于0表示失败。',
+ 'description' => '删除账号绑定的数量,等于1表示成功,小于等于0表示失败。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '1',
+ ],
+ ],
+ ],
+ 'RequestId' => [
+ 'title' => '请求消息ID。',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorCode' => 'InternalError',
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ ],
+ ],
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"Count\\": 1\\n },\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]',
+ 'title' => '删除已经绑定的多云账号',
+ ],
+ 'BindAccount' => [
+ 'summary' => '绑定云安全中心功能设置-多云资产中设置的多云账号到威胁分析。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'http',
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'write',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'create',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeCode' => '194690',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'AccessId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '云账号AccessKeyId。',
+ 'description' => '云账号ACCESS_KEY_ID。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'ABCXXXXXXXX',
+ ],
+ ],
+ [
+ 'name' => 'AccountName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '多云账号名称。',
+ 'description' => '多云账号名称。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'xxxx',
+ ],
+ ],
+ [
+ 'name' => 'AccountId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '云账号ID。',
+ 'description' => '云账号ID。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => '123xxxxxxx',
+ ],
+ ],
+ [
+ 'name' => 'CloudCode',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '多云的code。',
+ 'description' => '多云的code。取值:'."\n"
+ .'- aliyun:阿里云'."\n"
+ .'- hcloud:华为云'."\n"
+ .'- qcloud:腾讯云',
+ 'type' => 'string',
+ 'required' => true,
+ 'enumValueTitles' => [],
+ 'example' => 'hcloud',
+ 'enum' => [
+ 'qcloud',
+ 'hcloud',
+ ],
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'CloudSiemSuccessResponse<BindAccountResult>',
+ 'description' => 'CloudSiemResponse<BindAccountResult>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '威胁分析服务返回的具体内容。',
+ 'type' => 'object',
+ 'properties' => [
+ 'Count' => [
+ 'title' => '添加账号绑定的数量,等于1表示成功,小于等于0表示失败。',
+ 'description' => '添加账号绑定的数量。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '1',
+ ],
+ ],
+ ],
+ 'RequestId' => [
+ 'title' => '请求消息ID。',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'InvalidOperation',
+ 'errorMessage' => 'access ak "%s" already bound.',
+ ],
+ ],
+ 500 => [
+ [
+ 'errorCode' => 'InternalError',
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ ],
+ ],
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"Count\\": 1\\n },\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]',
+ 'title' => '绑定多云账号',
+ ],
+ 'AddUserSourceLogConfig' => [
+ 'summary' => '添加日志接入任务,将对应的日志数据接入到威胁分析中以便后续的告警、事件分析。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'http',
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'write',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'create',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'SourceProdCode',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '产品code。',
+ 'description' => '产品code。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'sas',
+ ],
+ ],
+ [
+ 'name' => 'SourceLogCode',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '日志code。',
+ 'description' => '日志code。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cloud_siem_aegis_proc',
+ ],
+ ],
+ [
+ 'name' => 'SubUserId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '需要接入日志的阿里云账号ID。',
+ 'description' => '需要接入日志的阿里云账号ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => true,
+ 'example' => '123XXXXXX',
+ ],
+ ],
+ [
+ 'name' => 'SourceLogInfo',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '需要接入日志的详细SLS信息,json数组格式。',
+ 'description' => '需要接入日志的详细SLS信息,json格式。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => '{"project":"wafnew-project-1335759343513432-cn-hangzhou","logStore":"wafnew-logstore","regionCode":"cn-hangzhou","prodCode":"waf"}',
+ ],
+ ],
+ [
+ 'name' => 'DisPlayLine',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '需要接入日志的详细SLS信息。',
+ 'description' => '需要接入日志的详细SLS信息。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-shanghai.siem-project.siem-logstore',
+ ],
+ ],
+ [
+ 'name' => 'Deleted',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '添加接入或删除接入。取值:'."\n"
+ .'-1:删除接入 '."\n"
+ .'0:添加接入',
+ 'description' => '添加接入或删除接入。取值:'."\n"
+ .' - -1:删除接入'."\n"
+ .' - 0:添加接入',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '0',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'CloudSiemSuccessResponse<UserSourceLogResult>',
+ 'description' => 'CloudSiemSuccessResponse<UserSourceLogResult>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'object',
+ 'properties' => [
+ 'DiplayLine' => [
+ 'title' => '需要接入日志的详细SLS信息。',
+ 'description' => '需要接入日志的详细SLS信息。',
+ 'type' => 'string',
+ 'example' => 'cn-shanghai.siem-project.siem-logstore',
+ ],
+ 'SourceProdCode' => [
+ 'title' => '产品code。',
+ 'description' => '产品code。',
+ 'type' => 'string',
+ 'example' => 'sas',
+ ],
+ 'SourceLogCode' => [
+ 'title' => '日志code。',
+ 'description' => '日志code。',
+ 'type' => 'string',
+ 'example' => 'cloud_siem_aegis_proc',
+ ],
+ 'Displayed' => [
+ 'title' => '返回接入详细信息。取值:'."\n"
+ .' - true:已接入。'."\n"
+ .' - 未接入:false。',
+ 'description' => '返回接入详细信息。'."\n"
+ .'已返回 :true'."\n"
+ .'未返回:false',
+ 'type' => 'boolean',
+ 'example' => '0',
+ ],
+ 'Imported' => [
+ 'title' => '是否已经接入。取值:'."\n"
+ .' - true:已接入。'."\n"
+ .' - 未接入:false。',
+ 'description' => '是否已经接入。'."\n"
+ .' 已接入:true'."\n"
+ .'未接入:false',
+ 'type' => 'boolean',
+ 'example' => '0',
+ ],
+ 'MainUserId' => [
+ 'title' => '购买威胁分析的阿里云账号ID。',
+ 'description' => '购买威胁分析的阿里云账号ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '123XXXXXXXXX',
+ ],
+ 'SubUserId' => [
+ 'title' => '威胁分析阿里云账号ID。',
+ 'description' => '威胁分析阿里云账号ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '123XXXXXXXX',
+ ],
+ 'SubUserName' => [
+ 'title' => '威胁分析阿里云账号名字。',
+ 'description' => '威胁分析阿里云账号名字。',
+ 'type' => 'string',
+ 'example' => 'sas_account_xxx',
+ ],
+ ],
+ ],
+ 'RequestId' => [
+ 'title' => '请求消息ID。',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorCode' => 'InternalError',
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ ],
+ ],
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"DiplayLine\\": \\"cn-shanghai.siem-project.siem-logstore\\",\\n \\"SourceProdCode\\": \\"sas\\",\\n \\"SourceLogCode\\": \\"cloud_siem_aegis_proc\\",\\n \\"Displayed\\": true,\\n \\"Imported\\": true,\\n \\"MainUserId\\": 0,\\n \\"SubUserId\\": 0,\\n \\"SubUserName\\": \\"sas_account_xxx\\"\\n },\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]',
+ 'title' => '添加日志接入',
+ ],
+ 'AddDataSourceLog' => [
+ 'summary' => '添加日志。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'http',
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'write',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'create',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'LogCode',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '日志code。',
+ 'description' => '日志code。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cloud_siem_waf_xxxxx',
+ ],
+ ],
+ [
+ 'name' => 'DataSourceInstanceId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '数据源ID,由威胁分析根据具体参数计算md5生成。',
+ 'description' => '数据源ID,由威胁分析根据具体参数计算md5生成。可调用[ListDataSourceLogs](https://api.aliyun-inc.com/#/publishment/document/cloud-siem/863fdf54478f4cc5877e27c2a5fe9e44?tenantUuid=f382fccd88b94c5c8c864def6815b854&activeTabKey=api|ListDataSourceLogs)获取数据源ID。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => '220ba97c9d1fdb0b9c7e8c7ca328d7ea',
+ ],
+ ],
+ [
+ 'name' => 'DataSourceInstanceLogs',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '数据源参数详情,json数组格式。',
+ 'description' => '数据源参数详情,json数组格式。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => '[{"LogCode":"cloud_siem_qcloud_waf_alert_log","LogParas":"[{\\"ParaCode\\":\\"api_name\\",\\"ParaValue\\":\\"GetAttackDownloadRecords\\"}]"}]',
+ ],
+ ],
+ [
+ 'name' => 'AccountId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '云账号ID。',
+ 'description' => '云账号ID。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => '123xxxxxxx',
+ ],
+ ],
+ [
+ 'name' => 'CloudCode',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '多云的code。',
+ 'description' => '多云的code。取值:'."\n"
+ .'- qcloud:腾讯云。'."\n"
+ .'- aliyun:阿里云。'."\n"
+ .'- hcloud:华为云。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'hcloud',
+ 'enum' => [
+ 'qcloud',
+ 'hcloud',
+ 'aliyun',
+ ],
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'CloudSiemSuccessResponse<AddDataSourceLogResult>',
+ 'description' => 'CloudSiemSuccessResponse<AddDataSourceLogResult>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'object',
+ 'properties' => [
+ 'Count' => [
+ 'title' => '添加的日志的数量,等于1表示成功,小于等于0表示失败。',
+ 'description' => '添加的日志的数量,等于1表示成功,小于等于0表示失败。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '1',
+ ],
+ 'LogInstanceId' => [
+ 'title' => '日志ID,由威胁分析根据具体参数计算md5生成。',
+ 'description' => '日志ID,由威胁分析根据具体参数计算md5生成。',
+ 'type' => 'string',
+ 'example' => 'ef33097c9d1fdb0b9c7e8c7ca320pkl1',
+ ],
+ ],
+ ],
+ 'RequestId' => [
+ 'title' => '请求消息ID。',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorCode' => 'InternalError',
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ ],
+ ],
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"Count\\": 1,\\n \\"LogInstanceId\\": \\"ef33097c9d1fdb0b9c7e8c7ca320pkl1\\"\\n },\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]',
+ 'title' => '添加日志',
+ ],
+ 'AddDataSource' => [
+ 'summary' => '在该绑定的多云账号下添加数据源。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'http',
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'write',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'create',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'AccountId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '云账号ID。',
+ 'description' => '云账号ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '123xxxxxxxx',
+ ],
+ ],
+ [
+ 'name' => 'DataSourceType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '数据源类型。取值:'."\n"
+ .' - obs:华为云obs。'."\n"
+ .' - wafApi:腾讯云waf下载api。 '."\n"
+ .' - ckafka: 腾讯云ckafka。',
+ 'description' => '数据源类型。取值:'."\n"
+ .' - obs:华为云obs。'."\n"
+ .' - wafApi:腾讯云waf下载api。 '."\n"
+ .' - ckafka: 腾讯云ckafka。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'obs',
+ ],
+ ],
+ [
+ 'name' => 'DataSourceInstanceName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '数据源名称。',
+ 'description' => '数据源名称。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'XX北京kafka',
+ ],
+ ],
+ [
+ 'name' => 'DataSourceInstanceRemark',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '数据源备注。',
+ 'description' => '数据源备注。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'XX云云防火墙上海实例',
+ ],
+ ],
+ [
+ 'name' => 'DataSourceInstanceParams',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '数据源参数,json数组格式。',
+ 'description' => '数据源参数,json数组格式。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '[{"paraCode":"region_code","paraValue":"ap-guangzhou"}]',
+ ],
+ ],
+ [
+ 'name' => 'CloudCode',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '多云的code。',
+ 'description' => '多云的code。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'hcloud',
+ 'enum' => [
+ 'qcloud',
+ 'hcloud',
+ 'aliyun',
+ ],
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'CloudSiemSuccessResponse<AddDataSourceResult>',
+ 'description' => 'CloudSiemSuccessResponse<AddDataSourceResult>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'object',
+ 'properties' => [
+ 'Count' => [
+ 'title' => '添加数据源的数量,等于1表示成功,小于等于0表示失败。',
+ 'description' => '添加数据源的数量,等于1表示成功,小于等于0表示失败。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '1',
+ ],
+ 'DataSourceInstanceId' => [
+ 'title' => '数据源ID,由威胁分析根据具体参数计算md5生成。',
+ 'description' => '数据源ID,由威胁分析根据具体参数计算md5生成。',
+ 'type' => 'string',
+ 'example' => '220ba97c9d1fdb0b9c7e8c7ca328d7ea',
+ ],
+ ],
+ ],
+ 'RequestId' => [
+ 'title' => '请求消息ID。',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorCode' => 'InternalError',
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"Count\\": 1,\\n \\"DataSourceInstanceId\\": \\"220ba97c9d1fdb0b9c7e8c7ca328d7ea\\"\\n },\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]',
+ 'title' => '添加数据源',
+ ],
+ 'ListBindAccount' => [
+ 'summary' => '列举已经绑定到威胁分析的多云账号列表。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'http',
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'read',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'list',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'CloudCode',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '多云的code。',
+ 'description' => '多云的code。取值:'."\n"
+ .'- qcloud:腾讯云。'."\n"
+ .'- aliyun:阿里云。'."\n"
+ .'- hcloud:华为云。',
+ 'type' => 'string',
+ 'required' => true,
+ 'enumValueTitles' => [],
+ 'example' => 'hcloud',
+ 'enum' => [
+ 'qcloud',
+ 'hcloud',
+ ],
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => '已经绑定的账号列表。',
+ 'description' => '列举已经绑定的账号。',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '结果集。',
+ 'type' => 'array',
+ 'items' => [
+ 'type' => 'object',
+ 'properties' => [
+ 'AccountName' => [
+ 'title' => '账号名称。',
+ 'description' => '账号名称。',
+ 'type' => 'string',
+ 'example' => 'XXXX公司',
+ ],
+ 'AccessId' => [
+ 'title' => '已经绑定ACCESS_KEY_ID。',
+ 'description' => '账号的AccessId。',
+ 'type' => 'string',
+ 'example' => 'ABCXXXXXXXX',
+ ],
+ 'DataSourceCount' => [
+ 'title' => '该账号下绑定数据源的数量。',
+ 'description' => '该账号下绑定数据源的数量。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '2',
+ ],
+ 'ModifyTime' => [
+ 'title' => '修改时间。',
+ 'description' => '修改时间。',
+ 'type' => 'string',
+ 'example' => '2023-11-10 12:20:35',
+ ],
+ 'CreateUser' => [
+ 'title' => '该账号绑定者。',
+ 'description' => '该账号绑定者。',
+ 'type' => 'string',
+ 'example' => '123xxxxxxx',
+ ],
+ 'BindId' => [
+ 'title' => '绑定ID。',
+ 'description' => '绑定ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '123xxxxxxx',
+ ],
+ 'AccountId' => [
+ 'title' => '云账号ID。',
+ 'description' => '云账号ID。',
+ 'type' => 'string',
+ 'example' => '123xxxxxxx',
+ ],
+ 'CloudCode' => [
+ 'title' => '多云的code。',
+ 'description' => '多云的code。取值:'."\n"
+ .'- qcloud:腾讯云。'."\n"
+ .'- aliyun:阿里云。'."\n"
+ .'- hcloud:华为云。',
+ 'type' => 'string',
+ 'enumValueTitles' => [],
+ 'example' => 'hcloud',
+ 'enum' => [
+ 'qcloud',
+ 'hcloud',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'RequestId' => [
+ 'title' => '请求消息ID。',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorCode' => 'InternalError',
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ ],
+ ],
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"AccountName\\": \\"XXXX公司\\",\\n \\"AccessId\\": \\"ABCXXXXXXXX\\",\\n \\"DataSourceCount\\": 2,\\n \\"ModifyTime\\": \\"2023-11-10 12:20:35\\",\\n \\"CreateUser\\": \\"123xxxxxxx\\",\\n \\"BindId\\": 0,\\n \\"AccountId\\": \\"123xxxxxxx\\",\\n \\"CloudCode\\": \\"hcloud\\"\\n }\\n ],\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]',
+ 'title' => '列举已经绑定的账号列表',
+ ],
+ 'ListAccountAccessId' => [
+ 'summary' => '查看已经绑定的多云AccessKeyId列表。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'http',
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'read',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'list',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeCode' => '195478',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'CloudCode',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '多云的code。',
+ 'description' => '多云的code。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'hcloud',
+ 'enum' => [
+ 'qcloud',
+ 'hcloud',
+ ],
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'CloudSiemSuccessResponse<List<ListAccountAccessIdResult>>',
+ 'description' => 'CloudSiemSuccessResponse<List<ListAccountAccessIdResult>>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '请求返回值。',
+ 'type' => 'object',
+ 'properties' => [
+ 'SubUserId' => [
+ 'title' => '多云AccessKeyId对应的阿里云账号ID。',
+ 'description' => '多云AccessKeyId对应的阿里云账号ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => 'ABCXXXXXXXX',
+ ],
+ 'AccessIdMd5' => [
+ 'title' => '多云AccessKeyId对应的MD5值。',
+ 'description' => '多云AccessKeyId对应的MD5值。',
+ 'type' => 'string',
+ 'example' => 'abcXXXXXXXX',
+ ],
+ 'AccountStr' => [
+ 'title' => '多云AccessKeyId所属的账号信息,格式为阿里云账号ID|阿里云账号名称|多云AccessKeyId。',
+ 'description' => '多云AccessKeyId所属的账号信息,格式为阿里云账号ID|阿里云账号名称|多云AccessKeyId。',
+ 'type' => 'string',
+ 'example' => '123xxxxxx|xxxx|ABCXXXXX',
+ ],
+ 'Bound' => [
+ 'title' => '该AccessKeyId是否已经被绑定到威胁分析。取值:'."\n"
+ .' - 0 : 未绑定。'."\n"
+ .' - 1:已绑定。',
+ 'description' => '该AccessKeyId是否已经被绑定到威胁分析。取值:'."\n"
+ .' - 0 : 未绑定。'."\n"
+ .' - 1:已绑定。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '1',
+ ],
+ 'AccessId' => [
+ 'title' => '已经绑定ACCESS_KEY_ID。',
+ 'description' => '已经绑定ACCESS_KEY_ID。',
+ 'type' => 'string',
+ 'example' => 'ABCXXXXXXXX',
+ ],
+ 'AccountId' => [
+ 'title' => '云账号ID。',
+ 'description' => '云账号ID。',
+ 'type' => 'string',
+ 'example' => '123xxxxxxx',
+ ],
+ 'CloudCode' => [
+ 'title' => '多云的code。',
+ 'description' => '多云的code。',
+ 'type' => 'string',
+ 'example' => 'hcloud',
+ 'enum' => [
+ 'qcloud',
+ 'hcloud',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'Success' => [
+ 'title' => '本次请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'description' => '本次请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'Code' => [
+ 'title' => 'HTTP状态码。',
+ 'description' => 'HTTP状态码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '200',
+ ],
+ 'Message' => [
+ 'title' => '返回消息描述。',
+ 'description' => '返回消息描述。',
+ 'type' => 'string',
+ 'example' => 'success',
+ ],
+ 'RequestId' => [
+ 'title' => '请求消息ID。',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorCode' => 'InternalError',
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ ],
+ ],
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"SubUserId\\": 0,\\n \\"AccessIdMd5\\": \\"abcXXXXXXXX\\",\\n \\"AccountStr\\": \\"123xxxxxx|xxxx|ABCXXXXX\\",\\n \\"Bound\\": 1,\\n \\"AccessId\\": \\"ABCXXXXXXXX\\",\\n \\"AccountId\\": \\"123xxxxxxx\\",\\n \\"CloudCode\\": \\"hcloud\\"\\n }\\n ],\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]',
+ 'title' => '查看已绑定AK列表',
+ ],
+ 'SubmitImportLogTasks' => [
+ 'summary' => '批量提交接入任务。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'http',
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'write',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'create',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeCode' => '195545',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'ProdCode',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '产品的code。',
+ 'description' => '产品的code。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'qcloud_waf',
+ ],
+ ],
+ [
+ 'name' => 'LogCodes',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '提交接入的日志列表,json数组格式。',
+ 'description' => '提交接入的日志列表,json数组格式。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '["cloud_siem_qcloud_cfw_alert_log"]',
+ ],
+ ],
+ [
+ 'name' => 'Accounts',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '提交接入的账号列表,json数组格式。取值:'."\n"
+ .' - AccountId:待接入的账号ID。 '."\n"
+ .' - Imported:'."\n"
+ .' - 0:取消接入。 '."\n"
+ .' - 1:接入。',
+ 'description' => '提交接入的账号列表,json数组格式。取值:'."\n"
+ .' - AccountId:待接入的账号ID。 '."\n"
+ .' - Imported:是否接入/取消接入该账号。取值:'."\n"
+ .' - 0:取消接入。 '."\n"
+ .' - 1:接入。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '[{"AccountId":"123123","Imported":1}]',
+ ],
+ ],
+ [
+ 'name' => 'AutoImported',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '是否自动接入配置了该日志的账号。取值:'."\n"
+ .' - 1:自动接入。 '."\n"
+ .' - 0:不自动接入。',
+ 'description' => '是否自动接入配置了该日志的账号。取值:'."\n"
+ .' - 1:自动接入。 '."\n"
+ .' - 0:不自动接入。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'CloudCode',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '多云的code。',
+ 'description' => '多云的code。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'hcloud',
+ 'enum' => [
+ 'qcloud',
+ 'hcloud',
+ 'aliyun',
+ 'idc',
+ ],
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'CloudSiemSuccessResponse<SubmitImportLogTasksResult>',
+ 'description' => 'CloudSiemSuccessResponse<SubmitImportLogTasksResult>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'object',
+ 'properties' => [
+ 'Count' => [
+ 'title' => '成功提交的日志接入任务数量。',
+ 'description' => '成功提交的日志接入任务数量。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '10',
+ ],
+ ],
+ ],
+ 'RequestId' => [
+ 'title' => '请求消息ID。',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorCode' => 'InternalError',
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'eventInfo' => [
+ 'enable' => false,
+ 'eventNames' => [],
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"Count\\": 10\\n },\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]',
+ 'title' => '提交接入任务',
+ ],
+ 'DescribeAlertsWithEntity' => [
+ 'summary' => '获取实体关联的告警列表。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'http',
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'read',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'get',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas731ZAS',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'IncidentUuid',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '事件全局唯一ID。',
+ 'description' => '事件全局唯一ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '85ea4241-798f-4684-a876-65d4f0c3****',
+ ],
+ ],
+ [
+ 'name' => 'SophonTaskId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => 'soar处置策略ID。',
+ 'description' => 'SOAR处置策略ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '577bbf90-a770-44a7-8154-586aa2d318fa',
+ ],
+ ],
+ [
+ 'name' => 'EntityId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '实体ID。',
+ 'description' => '实体ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '123456789',
+ ],
+ ],
+ [
+ 'name' => 'EntityUuid',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '实体ID。',
+ 'description' => '实体ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '123456789',
+ ],
+ ],
+ [
+ 'name' => 'StartTime',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '查询开始时间, 单位毫秒。',
+ 'description' => '查询开始时间, 单位毫秒。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '1577808000000',
+ ],
+ ],
+ [
+ 'name' => 'EndTime',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '查询结束时间, 单位毫秒。',
+ 'description' => '查询结束时间, 单位毫秒。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '1577808000000',
+ ],
+ ],
+ [
+ 'name' => 'CurrentPage',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '列表当前页号, 大于等于1。',
+ 'description' => '列表当前页号, 大于等于1。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => true,
+ 'minimum' => '1',
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'PageSize',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '列表每页条数, 最大不超过100。',
+ 'description' => '列表每页条数, 最大不超过100。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => true,
+ 'maximum' => '100',
+ 'minimum' => '1',
+ 'example' => '10',
+ ],
+ ],
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '0,单账号登录;1,全局视图;2,切换视图;3,局部视图',
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'PageResponse<List<AlertDetail>>',
+ 'description' => 'PageResponse<List<AlertDetail>>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Success' => [
+ 'title' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'description' => '请求是否成功。取值:'."\n"
+ .'- true:成功。'."\n"
+ .'- false:失败。',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'Code' => [
+ 'title' => '请求状态码。',
+ 'description' => '请求状态码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '200',
+ ],
+ 'Message' => [
+ 'title' => '请求返回消息。',
+ 'description' => '请求返回消息。',
+ 'type' => 'string',
+ 'example' => 'success',
+ ],
+ 'RequestId' => [
+ 'title' => '请求id。',
+ 'description' => '请求ID。',
+ 'type' => 'string',
+ 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****',
+ ],
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'object',
+ 'properties' => [
+ 'PageInfo' => [
+ 'title' => '分页记录。',
+ 'description' => '分页记录。',
+ 'type' => 'object',
+ 'properties' => [
+ 'CurrentPage' => [
+ 'title' => '列表当前页号。',
+ 'description' => '列表当前页号。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '1',
+ ],
+ 'PageSize' => [
+ 'title' => '每页返回记录数。',
+ 'description' => '每页返回记录数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '10',
+ ],
+ 'TotalCount' => [
+ 'title' => '记录总数。',
+ 'description' => '记录总数。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '100',
+ ],
+ ],
+ ],
+ 'ResponseData' => [
+ 'title' => '详细数据。',
+ 'description' => '详细数据。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '详细数据。',
+ 'type' => 'object',
+ 'properties' => [
+ 'Id' => [
+ 'title' => '告警唯一ID。',
+ 'description' => '告警唯一ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '123456789',
+ ],
+ 'GmtCreate' => [
+ 'title' => '告警入库时间。',
+ 'description' => '告警入库时间。',
+ 'type' => 'string',
+ 'example' => '2021-01-06 16:37:29',
+ ],
+ 'GmtModified' => [
+ 'title' => '告警最后更新时间。',
+ 'description' => '告警最后更新时间。',
+ 'type' => 'string',
+ 'example' => '2021-01-06 16:37:29',
+ ],
+ 'MainUserId' => [
+ 'title' => '告警关联siem主账号ID。',
+ 'description' => '告警关联siem主账号ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '127608589417****',
+ ],
+ 'IncidentUuid' => [
+ 'title' => '事件全局唯一id。',
+ 'description' => '事件全局唯一UUID。',
+ 'type' => 'string',
+ 'example' => '85ea4241-798f-4684-a876-65d4f0c3****',
+ ],
+ 'AlertUuid' => [
+ 'title' => '告警id。',
+ 'description' => '告警UUID。',
+ 'type' => 'string',
+ 'example' => 'sas_71e24437d2797ce8fc59692905a4****',
+ ],
+ 'LogTime' => [
+ 'title' => '告警记录时间。',
+ 'description' => '告警记录时间。',
+ 'type' => 'string',
+ 'example' => '2021-01-06 16:37:29',
+ ],
+ 'AlertSrcProd' => [
+ 'title' => '事件关联告警来源产品。',
+ 'description' => '事件关联告警来源产品。',
+ 'type' => 'string',
+ 'example' => 'sas',
+ ],
+ 'AlertTitle' => [
+ 'title' => '告警标题。',
+ 'description' => '告警标题。',
+ 'type' => 'string',
+ 'example' => 'Scan-Try SNMP weak password',
+ ],
+ 'AlertTitleEn' => [
+ 'title' => '告警标题英文。',
+ 'description' => '告警标题英文。',
+ 'type' => 'string',
+ 'example' => 'Scan-Try SNMP weak password',
+ ],
+ 'AlertType' => [
+ 'title' => '告警类型。',
+ 'description' => '告警类型。',
+ 'type' => 'string',
+ 'example' => 'Scan',
+ ],
+ 'AlertTypeEn' => [
+ 'title' => '告警类型英文。',
+ 'description' => '告警类型英文。',
+ 'type' => 'string',
+ 'example' => 'Scan',
+ ],
+ 'AlertTypeCode' => [
+ 'title' => '告警类型美杜莎code。',
+ 'description' => '告警类型美杜莎code。',
+ 'type' => 'string',
+ 'example' => 'security_event_config.event_name.webshellName',
+ ],
+ 'AlertName' => [
+ 'title' => '告警名称。',
+ 'description' => '告警名称。',
+ 'type' => 'string',
+ 'example' => 'Try SNMP weak password',
+ ],
+ 'AlertNameEn' => [
+ 'title' => '告警名称。',
+ 'description' => '告警名称。',
+ 'type' => 'string',
+ 'example' => 'Try SNMP weak password',
+ ],
+ 'AlertNameCode' => [
+ 'title' => '告警名称美杜莎code。',
+ 'description' => '告警名称美杜莎code。',
+ 'type' => 'string',
+ 'example' => 'security_event_config.event_name.webshell',
+ ],
+ 'AlertLevel' => [
+ 'title' => '威胁等级。 取值:'."\n"
+ .'- serious:高危'."\n"
+ .'- suspicious:中危'."\n"
+ .'- remind:低危',
+ 'description' => '威胁等级。 取值:'."\n"
+ .'- serious:高危。'."\n"
+ .'- suspicious:中危。'."\n"
+ .'- remind:低危。',
+ 'type' => 'string',
+ 'example' => 'remind',
+ ],
+ 'AssetList' => [
+ 'title' => '资产列表。',
+ 'description' => '资产列表。',
+ 'type' => 'string',
+ 'example' => '['."\n"
+ .' {'."\n"
+ .' "is_main_asset": "1",'."\n"
+ .' "asset_name": "47.245.*",'."\n"
+ .' "port": "22",'."\n"
+ .' "ip": "47.245.*",'."\n"
+ .' "asset_type": "ip",'."\n"
+ .' "location": "ap-southeast-1",'."\n"
+ .' "asset_id": "47.245.*",'."\n"
+ .' "net_connect_dir": "in"'."\n"
+ .' }'."\n"
+ .']',
+ ],
+ 'OccurTime' => [
+ 'title' => '告警发生时间。',
+ 'description' => '告警发生时间。',
+ 'type' => 'string',
+ 'example' => '2021-01-06 16:37:29',
+ ],
+ 'StartTime' => [
+ 'title' => '告警首次发生时间。',
+ 'description' => '告警首次发生时间。',
+ 'type' => 'string',
+ 'example' => '2021-01-06 16:37:29',
+ ],
+ 'EndTime' => [
+ 'title' => '告警结束时间。',
+ 'description' => '告警结束时间。',
+ 'type' => 'string',
+ 'example' => '2021-01-06 16:37:29',
+ ],
+ 'AlertSrcProdModule' => [
+ 'title' => '事件关联告警来源产品子模块。',
+ 'description' => '事件关联告警来源产品子模块。',
+ 'type' => 'string',
+ 'example' => 'waf',
+ ],
+ 'AlertDesc' => [
+ 'title' => '告警描述。',
+ 'description' => '告警描述。',
+ 'type' => 'string',
+ 'example' => 'The detection model found a suspicious Webshell file on your server, which may be a backdoor file implanted to maintain permissions after the attacker successfully invaded the website.',
+ ],
+ 'AlertDescEn' => [
+ 'title' => '告警英文描述。',
+ 'description' => '告警英文描述。',
+ 'type' => 'string',
+ 'example' => 'The detection model found a suspicious Webshell file on your server, which may be a backdoor file implanted to maintain permissions after the attacker successfully invaded the website.',
+ ],
+ 'AlertDescCode' => [
+ 'title' => '告警描述美杜莎code。',
+ 'description' => '告警描述美杜莎code。',
+ 'type' => 'string',
+ 'example' => 'security_event_config.event_name.webshell'."\n",
+ ],
+ 'AlertDetail' => [
+ 'title' => '告警详情。',
+ 'description' => '告警详情。',
+ 'type' => 'string',
+ 'example' => '{"main_user_id": "165295629792****";"log_uuid_count": "99";"attack_ip": "21.92.*.*"}',
+ ],
+ 'LogUuid' => [
+ 'title' => '告警log UUID。',
+ 'description' => '告警日志UUID。',
+ 'type' => 'string',
+ 'example' => 'cfw_d12e285a-a042-4d7e-be89-f8a795ef****',
+ ],
+ 'EntityList' => [
+ 'title' => '实体详情(标准化/开启索引)',
+ 'description' => '实体详情(标准化/开启索引)',
+ 'type' => 'string',
+ 'example' => '[{"entity_uuid":"55f0c0654d7e79b035a5168fcb4****","entity_type":"cloud_account","account_id":"15176874502****","main_user_id":"15176874502****","cloud_code":"alibaba_cloud","is_asset":1,"entity_id":"151768745029****"}]',
+ ],
+ 'AttCk' => [
+ 'title' => 'ATTCT&攻击技术标签。',
+ 'description' => 'ATTCT&攻击技术标签。',
+ 'type' => 'string',
+ 'example' => 'T1595.002 Vulnerability Scanning',
+ ],
+ 'SubUserId' => [
+ 'title' => '产生告警阿里账号ID。',
+ 'description' => '产生告警阿里账号ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '176555323***',
+ ],
+ 'SubUserName' => [
+ 'title' => '产生告警阿里账号ID。',
+ 'description' => '产生告警阿里账号ID。',
+ 'type' => 'string',
+ 'example' => '176555323***',
+ ],
+ 'IsDefend' => [
+ 'title' => '是否已防御',
+ 'description' => '是否已防御。取值:'."\n"
+ ."\n"
+ .'- 0:检出。'."\n"
+ .'- 1:拦截。',
+ 'type' => 'string',
+ 'example' => '1',
+ ],
+ 'AlertInfoList' => [
+ 'title' => '告警详细数据。',
+ 'description' => '告警详细数据。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '告警详细数据。',
+ 'type' => 'object',
+ 'properties' => [
+ 'Key' => [
+ 'title' => '告警详细属性key。',
+ 'description' => '告警详细属性key。',
+ 'type' => 'string',
+ 'example' => 'suspicious.wbd.wb.trojanpath',
+ ],
+ 'KeyName' => [
+ 'title' => '告警详细数据名称。',
+ 'description' => '告警详细数据名称。',
+ 'type' => 'string',
+ 'example' => 'Trojan Path'."\n",
+ ],
+ 'Values' => [
+ 'title' => '告警详细数据值。',
+ 'description' => '告警详细数据值。',
+ 'type' => 'string',
+ 'example' => '/root/test33.php',
+ ],
+ ],
+ ],
+ 'example' => 'aliyun',
+ ],
+ 'CloudCode' => [
+ 'description' => '云code。 取值:'."\n"
+ .'- aliyun:阿里云。'."\n"
+ .'- qcloud:腾讯云。'."\n"
+ .'- hcloud:华为云。',
+ 'type' => 'string',
+ 'example' => 'aliyun',
+ ],
+ 'ProductId' => [
+ 'description' => '产品ID。',
+ 'type' => 'string',
+ 'example' => 'alibaba_cloud_sas',
+ ],
+ 'VendorId' => [
+ 'description' => '云code。 取值:'."\n"
+ .'- aliyun:阿里云。'."\n"
+ .'- qcloud:腾讯云。'."\n"
+ .'- hcloud:华为云。',
+ 'type' => 'string',
+ 'example' => 'aliyun',
+ ],
+ 'DetectionRuleId' => [
+ 'description' => '检测规则ID。',
+ 'type' => 'string',
+ 'example' => 'dr-48zs4tk7qfd4rjd9****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'example' => '123456',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ 'errorCode' => 'InternalError',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\",\\n \\"Data\\": {\\n \\"PageInfo\\": {\\n \\"CurrentPage\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 100\\n },\\n \\"ResponseData\\": [\\n {\\n \\"Id\\": 123456789,\\n \\"GmtCreate\\": \\"2021-01-06 16:37:29\\",\\n \\"GmtModified\\": \\"2021-01-06 16:37:29\\",\\n \\"MainUserId\\": 0,\\n \\"IncidentUuid\\": \\"85ea4241-798f-4684-a876-65d4f0c3****\\",\\n \\"AlertUuid\\": \\"sas_71e24437d2797ce8fc59692905a4****\\",\\n \\"LogTime\\": \\"2021-01-06 16:37:29\\",\\n \\"AlertSrcProd\\": \\"sas\\",\\n \\"AlertTitle\\": \\"Scan-Try SNMP weak password\\",\\n \\"AlertTitleEn\\": \\"Scan-Try SNMP weak password\\",\\n \\"AlertType\\": \\"Scan\\",\\n \\"AlertTypeEn\\": \\"Scan\\",\\n \\"AlertTypeCode\\": \\"security_event_config.event_name.webshellName\\",\\n \\"AlertName\\": \\"Try SNMP weak password\\",\\n \\"AlertNameEn\\": \\"Try SNMP weak password\\",\\n \\"AlertNameCode\\": \\"security_event_config.event_name.webshell\\",\\n \\"AlertLevel\\": \\"remind\\",\\n \\"AssetList\\": \\"[\\\\n {\\\\n \\\\\\"is_main_asset\\\\\\": \\\\\\"1\\\\\\",\\\\n \\\\\\"asset_name\\\\\\": \\\\\\"47.245.*\\\\\\",\\\\n \\\\\\"port\\\\\\": \\\\\\"22\\\\\\",\\\\n \\\\\\"ip\\\\\\": \\\\\\"47.245.*\\\\\\",\\\\n \\\\\\"asset_type\\\\\\": \\\\\\"ip\\\\\\",\\\\n \\\\\\"location\\\\\\": \\\\\\"ap-southeast-1\\\\\\",\\\\n \\\\\\"asset_id\\\\\\": \\\\\\"47.245.*\\\\\\",\\\\n \\\\\\"net_connect_dir\\\\\\": \\\\\\"in\\\\\\"\\\\n }\\\\n]\\",\\n \\"OccurTime\\": \\"2021-01-06 16:37:29\\",\\n \\"StartTime\\": \\"2021-01-06 16:37:29\\",\\n \\"EndTime\\": \\"2021-01-06 16:37:29\\",\\n \\"AlertSrcProdModule\\": \\"waf\\",\\n \\"AlertDesc\\": \\"The detection model found a suspicious Webshell file on your server, which may be a backdoor file implanted to maintain permissions after the attacker successfully invaded the website.\\",\\n \\"AlertDescEn\\": \\"The detection model found a suspicious Webshell file on your server, which may be a backdoor file implanted to maintain permissions after the attacker successfully invaded the website.\\",\\n \\"AlertDescCode\\": \\"security_event_config.event_name.webshell\\\\n\\",\\n \\"AlertDetail\\": \\"{\\\\\\"main_user_id\\\\\\": \\\\\\"165295629792****\\\\\\";\\\\\\"log_uuid_count\\\\\\": \\\\\\"99\\\\\\";\\\\\\"attack_ip\\\\\\": \\\\\\"21.92.*.*\\\\\\"}\\",\\n \\"LogUuid\\": \\"cfw_d12e285a-a042-4d7e-be89-f8a795ef****\\",\\n \\"EntityList\\": \\"[{\\\\\\"entity_uuid\\\\\\":\\\\\\"55f0c0654d7e79b035a5168fcb4****\\\\\\",\\\\\\"entity_type\\\\\\":\\\\\\"cloud_account\\\\\\",\\\\\\"account_id\\\\\\":\\\\\\"15176874502****\\\\\\",\\\\\\"main_user_id\\\\\\":\\\\\\"15176874502****\\\\\\",\\\\\\"cloud_code\\\\\\":\\\\\\"alibaba_cloud\\\\\\",\\\\\\"is_asset\\\\\\":1,\\\\\\"entity_id\\\\\\":\\\\\\"151768745029****\\\\\\"}]\\",\\n \\"AttCk\\": \\"T1595.002 Vulnerability Scanning\\",\\n \\"SubUserId\\": 0,\\n \\"SubUserName\\": \\"176555323***\\",\\n \\"IsDefend\\": \\"1\\",\\n \\"AlertInfoList\\": [\\n {\\n \\"Key\\": \\"suspicious.wbd.wb.trojanpath\\",\\n \\"KeyName\\": \\"Trojan Path\\\\n\\",\\n \\"Values\\": \\"/root/test33.php\\"\\n }\\n ],\\n \\"CloudCode\\": \\"aliyun\\",\\n \\"ProductId\\": \\"alibaba_cloud_sas\\",\\n \\"VendorId\\": \\"aliyun\\",\\n \\"DetectionRuleId\\": \\"dr-48zs4tk7qfd4rjd9****\\"\\n }\\n ]\\n }\\n}","type":"json"}]',
+ 'title' => '获取实体关联告警列表',
+ ],
+ 'DescribeAlerts' => [
+ 'summary' => '获取用户的告警列表。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'http',
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'read',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'get',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas731ZAS',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'AlertUuid',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '事件关联告警ID。',
+ 'description' => '事件关联告警ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'sas_71e24437d2797ce8fc59692905a4****',
+ ],
+ ],
+ [
+ 'name' => 'Level',
+ 'in' => 'formData',
+ 'style' => 'repeatList',
+ 'schema' => [
+ 'title' => '威胁等级,格式为json数组。取值:'."\n"
+ .'- serious:高危'."\n"
+ .'- suspicious:中危'."\n"
+ .'- remind:低危',
+ 'description' => '威胁等级,格式为json数组。取值:'."\n"
+ .'- serious:高危'."\n"
+ .'- suspicious:中危'."\n"
+ .'- remind:低危',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '威胁等级,格式为json数组。取值:'."\n"
+ ."\n"
+ .'- serious:高危'."\n"
+ .'- suspicious:中危'."\n"
+ .'- remind:低危',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '["remind","serious"]',
+ ],
+ 'required' => false,
+ 'example' => '["serious","suspicious","remind"]',
+ 'maxItems' => 100,
+ ],
+ ],
+ [
+ 'name' => 'Source',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '事件关联告警来源产品。',
+ 'description' => '事件关联告警来源产品。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'sas',
+ ],
+ ],
+ [
+ 'name' => 'IsDefend',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '是否已防御',
+ 'description' => '是否已防御。取值:'."\n"
+ ."\n"
+ .'- 0:检出'."\n"
+ .'- 1:拦截',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'AlertTitle',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '告警标题。',
+ 'description' => '告警标题。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'Unusual Logon-login_common_account',
+ ],
+ ],
+ [
+ 'name' => 'AlertType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '告警类型。',
+ 'description' => '告警类型。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'Scan',
+ ],
+ ],
+ [
+ 'name' => 'AlertName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '告警名称。',
+ 'description' => '告警名称。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'Try SNMP weak password'."\n",
+ ],
+ ],
+ [
+ 'name' => 'AssetName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '资产名称。',
+ 'description' => '资产名称。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'hostname-****'."\n",
+ ],
+ ],
+ [
+ 'name' => 'AssetId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '资产id。',
+ 'description' => '资产id。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'F3385128-69A5-3EE8-BD05-FBEE7DB2****',
+ ],
+ ],
+ [
+ 'name' => 'EntityName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '实体名称。',
+ 'description' => '实体名称。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'launch-advisor-*****'."\n",
+ ],
+ ],
+ [
+ 'name' => 'EntityId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '实体id。',
+ 'description' => '实体id。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'f366e287ea530e7a324cbe987993****',
+ ],
+ ],
+ [
+ 'name' => 'SubUserId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '告警史记关联阿里账号ID。',
+ 'description' => '告警实际关联阿里账号ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '176555323***',
+ ],
+ ],
+ [
+ 'name' => 'LabelType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '告警史记关联阿里账号ID。',
+ 'description' => '告警查询类型。'."\n"
+ ."\n"
+ .'- system:聚合分析告警'."\n"
+ .'- custom:自定义分析告警'."\n"
+ .'- cfw:防火墙'."\n"
+ .'- waf:Web应用防火墙'."\n"
+ .'- edr:端点检测与响应'."\n"
+ .'- other:其他',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'custom',
+ ],
+ ],
+ [
+ 'name' => 'AlertStatus',
+ 'in' => 'formData',
+ 'style' => 'repeatList',
+ 'schema' => [
+ 'title' => '告警状态',
+ 'description' => '告警状态',
+ 'type' => 'array',
+ 'items' => [
+ 'title' => '告警状态',
+ 'description' => '告警状态',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ 'required' => false,
+ 'maxItems' => 100,
+ ],
+ ],
+ [
+ 'name' => 'StartTime',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '查询开始时间, 单位毫秒。',
+ 'description' => '查询开始时间, 单位毫秒。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '1577808000000',
+ ],
+ ],
+ [
+ 'name' => 'EndTime',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '查询结束时间, 单位毫秒。',
+ 'description' => '查询结束时间, 单位毫秒。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '1577808000000',
+ ],
+ ],
+ [
+ 'name' => 'CurrentPage',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '列表当前页号, 大于等于1。',
+ 'description' => '列表当前页号, 大于等于1。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => true,
+ 'minimum' => '1',
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'PageSize',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '列表每页条数, 最大不超过100。',
+ 'description' => '列表每页条数, 最大不超过100。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => true,
+ 'maximum' => '100',
+ 'minimum' => '1',
+ 'example' => '10',
+ ],
+ ],
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '0,单账号登录;1,全局视图;2,切换视图;3,局部视图',
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'PageResponse<List<AlertDetail>>',
+ 'description' => 'PageResponse<List<AlertDetail>>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Success' => [
+ 'title' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'description' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'Code' => [
+ 'title' => '请求状态码。',
+ 'description' => '请求状态码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '200',
+ ],
+ 'Message' => [
+ 'title' => '请求返回消息。',
+ 'description' => '请求返回消息。',
+ 'type' => 'string',
+ 'example' => 'success',
+ ],
+ 'RequestId' => [
+ 'title' => '请求id。',
+ 'description' => '请求ID。',
+ 'type' => 'string',
+ 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****',
+ ],
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'object',
+ 'properties' => [
+ 'PageInfo' => [
+ 'title' => '分页记录。',
+ 'description' => '分页记录。',
+ 'type' => 'object',
+ 'properties' => [
+ 'CurrentPage' => [
+ 'title' => '列表当前页号。',
+ 'description' => '列表当前页号。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '1',
+ ],
+ 'PageSize' => [
+ 'title' => '每页返回记录数。',
+ 'description' => '每页返回记录数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '10',
+ ],
+ 'TotalCount' => [
+ 'title' => '记录总数。',
+ 'description' => '记录总数。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '100',
+ ],
+ ],
+ ],
+ 'ResponseData' => [
+ 'title' => '详细数据。',
+ 'description' => '详细数据。',
+ 'type' => 'array',
+ 'items' => [
+ 'type' => 'object',
+ 'properties' => [
+ 'Id' => [
+ 'title' => '告警唯一ID。',
+ 'description' => '告警唯一ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '123456789',
+ ],
+ 'GmtCreate' => [
+ 'title' => '告警入库时间。',
+ 'description' => '告警入库时间。',
+ 'type' => 'string',
+ 'example' => '2021-01-06 16:37:29',
+ ],
+ 'GmtModified' => [
+ 'title' => '告警最后更新时间。',
+ 'description' => '告警最后更新时间。',
+ 'type' => 'string',
+ 'example' => '2021-01-06 16:37:29',
+ ],
+ 'MainUserId' => [
+ 'title' => '告警关联siem主账号ID。',
+ 'description' => '告警关联siem主账号ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '127608589417****',
+ ],
+ 'IncidentUuid' => [
+ 'title' => '事件全局唯一id。',
+ 'description' => '事件全局唯一UUID。',
+ 'type' => 'string',
+ 'example' => '85ea4241-798f-4684-a876-65d4f0c3****',
+ ],
+ 'AlertUuid' => [
+ 'title' => '告警id。',
+ 'description' => '告警UUID。',
+ 'type' => 'string',
+ 'example' => 'sas_71e24437d2797ce8fc59692905a4****',
+ ],
+ 'LogTime' => [
+ 'title' => '告警记录时间。',
+ 'description' => '告警记录时间。',
+ 'type' => 'string',
+ 'example' => '2021-01-06 16:37:29',
+ ],
+ 'AlertSrcProd' => [
+ 'title' => '事件关联告警来源产品。',
+ 'description' => '事件关联告警来源产品。',
+ 'type' => 'string',
+ 'example' => 'sas',
+ ],
+ 'AlertTitle' => [
+ 'title' => '告警标题。',
+ 'description' => '告警标题。',
+ 'type' => 'string',
+ 'example' => 'Scan-Try SNMP weak password',
+ ],
+ 'AlertTitleEn' => [
+ 'title' => '告警标题英文。',
+ 'description' => '告警标题英文。',
+ 'type' => 'string',
+ 'example' => 'Scan-Try SNMP weak password',
+ ],
+ 'AlertType' => [
+ 'title' => '告警类型。',
+ 'description' => '告警类型。',
+ 'type' => 'string',
+ 'example' => 'Scan',
+ ],
+ 'AlertTypeEn' => [
+ 'title' => '告警类型英文。',
+ 'description' => '告警类型英文。',
+ 'type' => 'string',
+ 'example' => 'Scan',
+ ],
+ 'AlertTypeCode' => [
+ 'title' => '告警类型美杜莎code。',
+ 'description' => '告警类型美杜莎code。',
+ 'type' => 'string',
+ 'example' => 'security_event_config.event_name.webshellName',
+ ],
+ 'AlertName' => [
+ 'title' => '告警名称。',
+ 'description' => '告警名称。',
+ 'type' => 'string',
+ 'example' => 'Try SNMP weak password',
+ ],
+ 'AlertNameEn' => [
+ 'title' => '告警名称。',
+ 'description' => '告警名称英文。',
+ 'type' => 'string',
+ 'example' => 'Try SNMP weak password',
+ ],
+ 'AlertNameCode' => [
+ 'title' => '告警名称美杜莎code。',
+ 'description' => '告警名称美杜莎code。',
+ 'type' => 'string',
+ 'example' => 'security_event_config.event_name.webshell',
+ ],
+ 'AlertLevel' => [
+ 'title' => '威胁等级。 取值:'."\n"
+ .'- serious:高危'."\n"
+ .'- suspicious:中危'."\n"
+ .'- remind:低危',
+ 'description' => '威胁等级。 取值:'."\n"
+ .'- serious:高危'."\n"
+ .'- suspicious:中危'."\n"
+ .'- remind:低危',
+ 'type' => 'string',
+ 'example' => 'remind',
+ ],
+ 'AssetList' => [
+ 'title' => '资产列表。',
+ 'description' => '资产列表。',
+ 'type' => 'string',
+ 'example' => '['."\n"
+ .' {'."\n"
+ .' "is_main_asset": "1",'."\n"
+ .' "asset_name": "47.245.*",'."\n"
+ .' "port": "22",'."\n"
+ .' "ip": "47.245.*",'."\n"
+ .' "asset_type": "ip",'."\n"
+ .' "location": "ap-southeast-1",'."\n"
+ .' "asset_id": "47.245.*",'."\n"
+ .' "net_connect_dir": "in"'."\n"
+ .' }'."\n"
+ .']',
+ ],
+ 'OccurTime' => [
+ 'title' => '告警发生时间。',
+ 'description' => '告警发生时间。',
+ 'type' => 'string',
+ 'example' => '2021-01-06 16:37:29',
+ ],
+ 'StartTime' => [
+ 'title' => '告警首次发生时间。',
+ 'description' => '告警首次发生时间。',
+ 'type' => 'string',
+ 'example' => '2021-01-06 16:37:29',
+ ],
+ 'EndTime' => [
+ 'title' => '告警结束时间。',
+ 'description' => '告警结束时间。',
+ 'type' => 'string',
+ 'example' => '2021-01-06 16:37:29',
+ ],
+ 'AlertSrcProdModule' => [
+ 'title' => '事件关联告警来源产品子模块。',
+ 'description' => '事件关联告警来源产品子模块。',
+ 'type' => 'string',
+ 'example' => 'waf',
+ ],
+ 'AlertDesc' => [
+ 'title' => '告警描述。',
+ 'description' => '告警描述。',
+ 'type' => 'string',
+ 'example' => 'The detection model found a suspicious Webshell file on your server, which may be a backdoor file implanted to maintain permissions after the attacker successfully invaded the website.',
+ ],
+ 'AlertDescEn' => [
+ 'title' => '告警英文描述。',
+ 'description' => '告警英文描述。',
+ 'type' => 'string',
+ 'example' => 'The detection model found a suspicious Webshell file on your server, which may be a backdoor file implanted to maintain permissions after the attacker successfully invaded the website.',
+ ],
+ 'AlertDescCode' => [
+ 'title' => '告警描述美杜莎code。',
+ 'description' => '告警描述美杜莎code。',
+ 'type' => 'string',
+ 'example' => 'security_event_config.event_name.webshell',
+ ],
+ 'AlertDetail' => [
+ 'title' => '告警详情。',
+ 'description' => '告警详情。',
+ 'type' => 'string',
+ 'example' => '{"main_user_id": "165295629792****";"log_uuid_count": "99";"attack_ip": "21.92.*.*"}',
+ ],
+ 'LogUuid' => [
+ 'title' => '告警log UUID。',
+ 'description' => '告警日志UUID。',
+ 'type' => 'string',
+ 'example' => 'cfw_d12e285a-a042-4d7e-be89-f8a795ef****',
+ ],
+ 'EntityList' => [
+ 'title' => '实体详情(标准化/开启索引)',
+ 'description' => '实体详情(标准化/开启索引)',
+ 'type' => 'string',
+ 'example' => '[{&quot;entity_user_id&quot;:&quot;198921674491****&quot;,&quot;entity_account_id&quot;:&quot;N/A&quot;,&quot;entity_uuid&quot;:&quot;6245f979d5dd9ef8dd19bdc72228****&quot;,&quot;entity_type&quot;:&quot;host&quot;,&quot;entity_name&quot;:&quot;zhh-test-20240409&quot;,&quot;is_comprised&quot;:&quot;1&quot;,&quot;os_type&quot;:&quot;linux&quot;,&quot;entity_id&quot;:&quot;a88f44dd-b8d4-4ded-831c-77a4835****&quot;,&quot;host_uuid&quot;:&quot;a88f44dd-b8d4-4ded-831c-77a4835****&quot;,&quot;host_name&quot;:&quot;zhh-test-2024****&quot;}]',
+ ],
+ 'AttCk' => [
+ 'title' => 'ATTCT&攻击技术标签。',
+ 'description' => 'ATTCT&攻击技术标签。',
+ 'type' => 'string',
+ 'example' => 'T1595.002 Vulnerability Scanning',
+ ],
+ 'SubUserId' => [
+ 'title' => '产生告警阿里账号ID。',
+ 'description' => '产生告警阿里账号ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '176555323***',
+ ],
+ 'SubUserName' => [
+ 'title' => '产生告警阿里账号ID。',
+ 'description' => '产生告警阿里账号ID。',
+ 'type' => 'string',
+ 'example' => '176555323***',
+ ],
+ 'VendorId' => [
+ 'title' => '云code。 取值:'."\n"
+ .'- aliyun:阿里云'."\n"
+ .'- qcloud:腾讯云'."\n"
+ .'- hcloud:华为云',
+ 'description' => '云code。 取值:'."\n"
+ .'- aliyun:阿里云'."\n"
+ .'- qcloud:腾讯云'."\n"
+ .'- hcloud:华为云',
+ 'type' => 'string',
+ 'example' => 'aliyun',
+ ],
+ 'IsDefend' => [
+ 'title' => '是否已防御',
+ 'description' => '是否已防御。取值:'."\n"
+ ."\n"
+ .'- 0:检出'."\n"
+ .'- 1:拦截',
+ 'type' => 'string',
+ 'example' => '1',
+ ],
+ 'AlertInfoList' => [
+ 'title' => '告警详细数据。',
+ 'description' => '告警详细数据。',
+ 'type' => 'array',
+ 'items' => [
+ 'type' => 'object',
+ 'properties' => [
+ 'Key' => [
+ 'title' => '告警详细属性key。',
+ 'description' => '告警详细属性key。',
+ 'type' => 'string',
+ 'example' => 'suspicious.wbd.wb.trojanpath',
+ ],
+ 'KeyName' => [
+ 'title' => '告警详细数据名称。',
+ 'description' => '告警详细数据名称。',
+ 'type' => 'string',
+ 'example' => 'Trojan Path',
+ ],
+ 'Values' => [
+ 'title' => '告警详细数据值。',
+ 'description' => '告警详细数据值。',
+ 'type' => 'string',
+ 'example' => '/root/test33.php',
+ ],
+ ],
+ ],
+ 'example' => 'aliyun',
+ ],
+ 'ExtendContent' => [
+ 'description' => '告警扩展信息。',
+ 'type' => 'string',
+ 'example' => '{"user":"Member","num":"1"}',
+ ],
+ 'ProductId' => [
+ 'description' => '产品ID。',
+ 'type' => 'string',
+ 'example' => 'alibaba_cloud_sas',
+ ],
+ 'CloudCode' => [
+ 'description' => '云code。 取值:'."\n"
+ .'- aliyun:阿里云'."\n"
+ .'- qcloud:腾讯云'."\n"
+ .'- hcloud:华为云',
+ 'type' => 'string',
+ 'example' => 'aliyun',
+ ],
+ 'DetectionRuleId' => [
+ 'description' => '检测规则ID。',
+ 'type' => 'string',
+ 'example' => 'dr-48zs4tk7qfd4rjd9****',
+ ],
+ 'AlertStatus' => [
+ 'title' => '告警状态',
+ 'description' => '告警状态。',
+ 'type' => 'string',
+ 'example' => '1',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'example' => '123456',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ 'errorCode' => 'InternalError',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\",\\n \\"Data\\": {\\n \\"PageInfo\\": {\\n \\"CurrentPage\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 100\\n },\\n \\"ResponseData\\": [\\n {\\n \\"Id\\": 123456789,\\n \\"GmtCreate\\": \\"2021-01-06 16:37:29\\",\\n \\"GmtModified\\": \\"2021-01-06 16:37:29\\",\\n \\"MainUserId\\": 0,\\n \\"IncidentUuid\\": \\"85ea4241-798f-4684-a876-65d4f0c3****\\",\\n \\"AlertUuid\\": \\"sas_71e24437d2797ce8fc59692905a4****\\",\\n \\"LogTime\\": \\"2021-01-06 16:37:29\\",\\n \\"AlertSrcProd\\": \\"sas\\",\\n \\"AlertTitle\\": \\"Scan-Try SNMP weak password\\",\\n \\"AlertTitleEn\\": \\"Scan-Try SNMP weak password\\",\\n \\"AlertType\\": \\"Scan\\",\\n \\"AlertTypeEn\\": \\"Scan\\",\\n \\"AlertTypeCode\\": \\"security_event_config.event_name.webshellName\\",\\n \\"AlertName\\": \\"Try SNMP weak password\\",\\n \\"AlertNameEn\\": \\"Try SNMP weak password\\",\\n \\"AlertNameCode\\": \\"security_event_config.event_name.webshell\\",\\n \\"AlertLevel\\": \\"remind\\",\\n \\"AssetList\\": \\"[\\\\n {\\\\n \\\\\\"is_main_asset\\\\\\": \\\\\\"1\\\\\\",\\\\n \\\\\\"asset_name\\\\\\": \\\\\\"47.245.*\\\\\\",\\\\n \\\\\\"port\\\\\\": \\\\\\"22\\\\\\",\\\\n \\\\\\"ip\\\\\\": \\\\\\"47.245.*\\\\\\",\\\\n \\\\\\"asset_type\\\\\\": \\\\\\"ip\\\\\\",\\\\n \\\\\\"location\\\\\\": \\\\\\"ap-southeast-1\\\\\\",\\\\n \\\\\\"asset_id\\\\\\": \\\\\\"47.245.*\\\\\\",\\\\n \\\\\\"net_connect_dir\\\\\\": \\\\\\"in\\\\\\"\\\\n }\\\\n]\\",\\n \\"OccurTime\\": \\"2021-01-06 16:37:29\\",\\n \\"StartTime\\": \\"2021-01-06 16:37:29\\",\\n \\"EndTime\\": \\"2021-01-06 16:37:29\\",\\n \\"AlertSrcProdModule\\": \\"waf\\",\\n \\"AlertDesc\\": \\"The detection model found a suspicious Webshell file on your server, which may be a backdoor file implanted to maintain permissions after the attacker successfully invaded the website.\\",\\n \\"AlertDescEn\\": \\"The detection model found a suspicious Webshell file on your server, which may be a backdoor file implanted to maintain permissions after the attacker successfully invaded the website.\\",\\n \\"AlertDescCode\\": \\"security_event_config.event_name.webshell\\",\\n \\"AlertDetail\\": \\"{\\\\\\"main_user_id\\\\\\": \\\\\\"165295629792****\\\\\\";\\\\\\"log_uuid_count\\\\\\": \\\\\\"99\\\\\\";\\\\\\"attack_ip\\\\\\": \\\\\\"21.92.*.*\\\\\\"}\\",\\n \\"LogUuid\\": \\"cfw_d12e285a-a042-4d7e-be89-f8a795ef****\\",\\n \\"EntityList\\": \\"[{&quot;entity_user_id&quot;:&quot;198921674491****&quot;,&quot;entity_account_id&quot;:&quot;N/A&quot;,&quot;entity_uuid&quot;:&quot;6245f979d5dd9ef8dd19bdc72228****&quot;,&quot;entity_type&quot;:&quot;host&quot;,&quot;entity_name&quot;:&quot;zhh-test-20240409&quot;,&quot;is_comprised&quot;:&quot;1&quot;,&quot;os_type&quot;:&quot;linux&quot;,&quot;entity_id&quot;:&quot;a88f44dd-b8d4-4ded-831c-77a4835****&quot;,&quot;host_uuid&quot;:&quot;a88f44dd-b8d4-4ded-831c-77a4835****&quot;,&quot;host_name&quot;:&quot;zhh-test-2024****&quot;}]\\",\\n \\"AttCk\\": \\"T1595.002 Vulnerability Scanning\\",\\n \\"SubUserId\\": 0,\\n \\"SubUserName\\": \\"176555323***\\",\\n \\"VendorId\\": \\"aliyun\\",\\n \\"IsDefend\\": \\"1\\",\\n \\"AlertInfoList\\": [\\n {\\n \\"Key\\": \\"suspicious.wbd.wb.trojanpath\\",\\n \\"KeyName\\": \\"Trojan Path\\",\\n \\"Values\\": \\"/root/test33.php\\"\\n }\\n ],\\n \\"ExtendContent\\": \\"{\\\\\\"user\\\\\\":\\\\\\"Member\\\\\\",\\\\\\"num\\\\\\":\\\\\\"1\\\\\\"}\\",\\n \\"ProductId\\": \\"alibaba_cloud_sas\\",\\n \\"CloudCode\\": \\"aliyun\\",\\n \\"DetectionRuleId\\": \\"dr-48zs4tk7qfd4rjd9****\\",\\n \\"AlertStatus\\": \\"1\\"\\n }\\n ]\\n }\\n}","type":"json"}]',
+ 'title' => '获取告警列表',
+ ],
+ 'DescribeAlertSource' => [
+ 'summary' => '获取告警数据源列表。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'https',
+ 'http',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'get',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'Level',
+ 'in' => 'formData',
+ 'style' => 'repeatList',
+ 'schema' => [
+ 'title' => '威胁等级,格式为json数组。取值:'."\n"
+ .'- serious:高危'."\n"
+ .'- suspicious:中危'."\n"
+ .'- remind:低危',
+ 'description' => '威胁等级,格式为json数组。取值:'."\n"
+ .'- serious:高危'."\n"
+ .'- suspicious:中危'."\n"
+ .'- remind:低危',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '威胁等级,格式为json数组。取值:'."\n"
+ ."\n"
+ .'- serious:高危'."\n"
+ .'- suspicious:中危'."\n"
+ .'- remind:低危',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '["remind","serious"]',
+ ],
+ 'required' => false,
+ 'example' => '["serious","suspicious","remind"]',
+ 'maxItems' => 100,
+ ],
+ ],
+ [
+ 'name' => 'StartTime',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '查询开始时间, 单位毫秒。',
+ 'description' => '查询开始时间, 单位毫秒。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '1577808000000',
+ ],
+ ],
+ [
+ 'name' => 'EndTime',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '查询结束时间, 单位毫秒。',
+ 'description' => '查询结束时间, 单位毫秒。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '1577808000000',
+ ],
+ ],
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'BaseResponse<List<AlertSource>>',
+ 'description' => 'BaseResponse<List<AlertSource>>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'array',
+ 'items' => [
+ 'type' => 'object',
+ 'properties' => [
+ 'SourceName' => [
+ 'title' => '告警数据源名称。',
+ 'description' => '告警数据源名称。',
+ 'type' => 'string',
+ 'example' => 'sas',
+ ],
+ 'Source' => [
+ 'title' => '告警数据源名称美杜莎code。',
+ 'description' => '告警数据源名称美杜莎code。',
+ 'type' => 'string',
+ 'example' => 'aliyun.siem.alert_datasource.sas',
+ ],
+ ],
+ ],
+ 'example' => '123456',
+ ],
+ 'Success' => [
+ 'title' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'description' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'Code' => [
+ 'title' => '请求状态码。',
+ 'description' => '请求状态码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '200',
+ ],
+ 'Message' => [
+ 'title' => '请求返回消息。',
+ 'description' => '请求返回消息。',
+ 'type' => 'string',
+ 'example' => 'success',
+ ],
+ 'RequestId' => [
+ 'title' => '请求id。',
+ 'description' => '请求ID。',
+ 'type' => 'string',
+ 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ 'errorCode' => 'InternalError',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"SourceName\\": \\"sas\\",\\n \\"Source\\": \\"aliyun.siem.alert_datasource.sas\\"\\n }\\n ],\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]',
+ 'title' => '获取告警数据源列表',
+ ],
+ 'DescribeAlertsCount' => [
+ 'summary' => '获取告警不同级别计数。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'https',
+ 'http',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'get',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'QueryType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '查询类型。',
+ 'description' => '查询类型。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'bySrcProd',
+ ],
+ ],
+ [
+ 'name' => 'StartTime',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '查询开始时间, 单位毫秒。',
+ 'description' => '查询开始时间, 单位毫秒。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '1577808000000',
+ ],
+ ],
+ [
+ 'name' => 'EndTime',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '查询结束时间, 单位毫秒。',
+ 'description' => '查询结束时间, 单位毫秒。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '1577808000000',
+ ],
+ ],
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '0,单账号登录;1,全局视图;2,切换视图;3,局部视图',
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'PlainResponse<CloudSiemAlertCounter>',
+ 'description' => 'PlainResponse<CloudSiemAlertCounter>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'object',
+ 'properties' => [
+ 'High' => [
+ 'title' => '高威胁告警数。',
+ 'description' => '高威胁告警数。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '25',
+ ],
+ 'Medium' => [
+ 'title' => '中威胁告警数。',
+ 'description' => '中威胁告警数。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '25',
+ ],
+ 'Low' => [
+ 'title' => '低威胁告警数。',
+ 'description' => '低威胁告警数。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '25',
+ ],
+ 'All' => [
+ 'title' => '告警总数。',
+ 'description' => '告警总数。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '75',
+ ],
+ 'ProductNum' => [
+ 'title' => '接入产品数。',
+ 'description' => '接入产品数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '3',
+ ],
+ 'CountMap' => [
+ 'description' => '各等级计数。',
+ 'type' => 'object',
+ 'additionalProperties' => [
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '12',
+ 'description' => '数值。',
+ ],
+ ],
+ ],
+ 'example' => '123456',
+ ],
+ 'Success' => [
+ 'title' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'description' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'Code' => [
+ 'title' => '请求状态码。',
+ 'description' => '请求状态码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '200',
+ ],
+ 'Message' => [
+ 'title' => '请求返回消息。',
+ 'description' => '请求返回消息。',
+ 'type' => 'string',
+ 'example' => 'success',
+ ],
+ 'RequestId' => [
+ 'title' => '请求id。',
+ 'description' => '请求ID。',
+ 'type' => 'string',
+ 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ 'errorCode' => 'InternalError',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"High\\": 25,\\n \\"Medium\\": 25,\\n \\"Low\\": 25,\\n \\"All\\": 75,\\n \\"ProductNum\\": 3,\\n \\"CountMap\\": {\\n \\"key\\": 12\\n }\\n },\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]',
+ 'title' => '获取告警不同级别计数',
+ ],
+ 'ListEntities' => [
+ 'summary' => '查询实体列表。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'read',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'get',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsasAFG0OH',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'IncidentUuid',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '事件ID。',
+ 'description' => '事件ID。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => '85ea4241-798f-4684-a876-65d4f0c3****',
+ ],
+ ],
+ [
+ 'name' => 'EntityType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '实体类型。',
+ 'description' => '实体类型。取值:'."\n"
+ .'- ip:ip'."\n"
+ .'- domain:域名'."\n"
+ .'- url:url'."\n"
+ .'- process:进程'."\n"
+ .'- file:文件'."\n"
+ .'- host:主机'."\n"
+ .'- cloud_account:云账号'."\n"
+ .'- container:容器'."\n"
+ .'- bucket:对象存储',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'ip',
+ ],
+ ],
+ [
+ 'name' => 'EntityName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '实体名称。',
+ 'description' => '实体名称。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'host1****',
+ ],
+ ],
+ [
+ 'name' => 'EntityUuid',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '实体ID。',
+ 'description' => '实体UUID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '6c740667-80b2-476d-8924-2e706feb****',
+ ],
+ ],
+ [
+ 'name' => 'EntityUuids',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '实体UUID列表。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '6c740667-80b2-476d-8924-2e706feb****,6c740667-80b2-476d-8924-2e706feb****',
+ ],
+ ],
+ [
+ 'name' => 'MalwareType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '恶意实体类型。 取值:'."\n"
+ .'- 0:否'."\n"
+ .'- 1:是。',
+ 'description' => '恶意实体类型。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'aliyun.siem.sas.alert_tag.miner_software',
+ ],
+ ],
+ [
+ 'name' => 'IsMalwareEntity',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '是否恶意实体。 取值:'."\n"
+ .'- 0:否'."\n"
+ .'- 1:是。',
+ 'description' => '是否恶意实体。 取值:'."\n"
+ .'- 0:否'."\n"
+ .'- 1:是',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'Tags',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '实体标签。格式为JSON数组字符串:\\"[{\\"tagKey1\\":\\"tagValue1\\"},{\\"tagKey2\\":\\"tagValue2\\"}]\\"',
+ 'description' => '实体标签。格式为JSON数组字符串:'."\n"
+ ."\n"
+ .'`"[{"tagKey1":"tagValue1"},{"tagKey2":"tagValue2"}]"`',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '[{"tagKey1":"tagValue1"},{"tagKey2":"tagValue2"}]',
+ ],
+ ],
+ [
+ 'name' => 'CurrentPage',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '列表当前页号, 大于等于1。',
+ 'description' => '列表当前页号, 大于等于1。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => true,
+ 'minimum' => '1',
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'PageSize',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '列表每页条数, 最大不超过100。',
+ 'description' => '列表每页条数, 最大不超过100。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => true,
+ 'maximum' => '100',
+ 'minimum' => '1',
+ 'example' => '10',
+ ],
+ ],
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '0,单账号登录;1,全局视图;2,切换视图;3,局部视图',
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'PageResponse<List<EntityInfo>>',
+ 'description' => 'PageResponse<List<EntityInfo>>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Success' => [
+ 'title' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'description' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'Code' => [
+ 'title' => '请求状态码。',
+ 'description' => '请求状态码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '200',
+ ],
+ 'Message' => [
+ 'title' => '请求返回消息。',
+ 'description' => '请求返回消息。',
+ 'type' => 'string',
+ 'example' => 'success',
+ ],
+ 'RequestId' => [
+ 'title' => '请求id。',
+ 'description' => '请求ID。',
+ 'type' => 'string',
+ 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****',
+ ],
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'object',
+ 'properties' => [
+ 'PageInfo' => [
+ 'title' => '分页记录。',
+ 'description' => '分页记录。',
+ 'type' => 'object',
+ 'properties' => [
+ 'CurrentPage' => [
+ 'title' => '列表当前页号。',
+ 'description' => '列表当前页号。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '1',
+ ],
+ 'PageSize' => [
+ 'title' => '每页返回记录数。',
+ 'description' => '每页返回记录数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '10',
+ ],
+ 'TotalCount' => [
+ 'title' => '记录总数。',
+ 'description' => '记录总数。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '100',
+ ],
+ ],
+ ],
+ 'ResponseData' => [
+ 'title' => '详细数据。',
+ 'description' => '详细数据。',
+ 'type' => 'array',
+ 'items' => [
+ 'type' => 'object',
+ 'properties' => [
+ 'Id' => [
+ 'title' => '实体ID。',
+ 'description' => '实体ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '123456789***',
+ ],
+ 'GmtCreate' => [
+ 'title' => '实体采集时间。',
+ 'description' => '实体采集时间。',
+ 'type' => 'string',
+ 'example' => '2021-01-06 16:37:29',
+ ],
+ 'GmtModified' => [
+ 'title' => '实体最后更新时间。',
+ 'description' => '实体最后更新时间。',
+ 'type' => 'string',
+ 'example' => '2021-01-06 16:37:29',
+ ],
+ 'Aliuid' => [
+ 'title' => 'siem主用户ID。',
+ 'description' => '阿里云账户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '123456789****',
+ ],
+ 'IncidentUuid' => [
+ 'title' => '事件ID。',
+ 'description' => '事件UUID,可以基于事件列表接口获取。',
+ 'type' => 'string',
+ 'example' => '85ea4241-798f-4684-a876-65d4f0c3****',
+ ],
+ 'AlertUuid' => [
+ 'title' => '告警ID。',
+ 'description' => '告警UUID。',
+ 'type' => 'string',
+ 'example' => 'sas_71e24437d2797ce8fc59692905a4****',
+ ],
+ 'AlertNum' => [
+ 'title' => '实体关联告警数量。',
+ 'description' => '实体关联告警数量。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '1',
+ ],
+ 'EventNum' => [
+ 'title' => '实体关联事件数量。',
+ 'description' => '实体关联事件数量。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '1',
+ ],
+ 'CloudCode' => [
+ 'title' => '实体来源云code。 取值:'."\n"
+ .'- aliyun:阿里云'."\n"
+ .'- qcloud:腾讯云'."\n"
+ .'- hcloud:华为云',
+ 'description' => '实体来源云code。 取值:'."\n"
+ .'- aliyun:阿里云'."\n"
+ .'- qcloud:腾讯云'."\n"
+ .'- hcloud:华为云',
+ 'type' => 'string',
+ 'example' => 'aliyun',
+ ],
+ 'EntityType' => [
+ 'title' => '实体类型。取值:'."\n"
+ .'- ip:ip'."\n"
+ .'- domain:域名'."\n"
+ .'- url:url'."\n"
+ .'- process:进程'."\n"
+ .'- file:文件'."\n"
+ .'- host:主机',
+ 'description' => '实体类型。取值:'."\n"
+ .'- ip:ip'."\n"
+ .'- domain:域名'."\n"
+ .'- url:url'."\n"
+ .'- process:进程'."\n"
+ .'- file:文件'."\n"
+ .'- host:主机'."\n"
+ .'- cloud_account:云账号'."\n"
+ .'- container:容器'."\n"
+ .'- bucket:对象存储',
+ 'type' => 'string',
+ 'example' => 'ip',
+ ],
+ 'EntityName' => [
+ 'title' => '实体名称。',
+ 'description' => '实体名称。',
+ 'type' => 'string',
+ 'example' => '123.123.123.123',
+ ],
+ 'EntityInfo' => [
+ 'title' => '实体展示信息 json格式。',
+ 'description' => '实体展示信息 json格式。',
+ 'type' => 'string',
+ 'example' => '{"file_path": "c:/www/leixi.jsp","file_hash": "aa0ca926ad948cd820e0a3d9a18c****","host_uuid": "efed2cf7-0b77-45d9-a97b-d2cf246b****","malware_type": "${aliyun.siem.sas.alert_tag.webshell}","host_name": "launch-advisor-2023****"}',
+ ],
+ 'SubUserId' => [
+ 'title' => '实体关联账号id',
+ 'description' => '实体关联账号ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '113091674488****',
+ ],
+ 'EntityId' => [
+ 'title' => '实体逻辑id',
+ 'description' => '实体逻辑ID。',
+ 'type' => 'string',
+ 'example' => '12345****',
+ ],
+ 'EntityUuid' => [
+ 'title' => '实体uuid',
+ 'description' => '实体UUID。',
+ 'type' => 'string',
+ 'example' => '8087b3e4aa6862852c100c8738cf****',
+ ],
+ 'MalwareType' => [
+ 'title' => '实体恶意类型',
+ 'description' => '实体恶意类型。',
+ 'type' => 'string',
+ 'example' => 'aliyun.siem.sas.alert_tag.webshell',
+ ],
+ 'IsAsset' => [
+ 'description' => '是否为资产。取值:'."\n"
+ .'+ 0:否'."\n"
+ .'+ 1:是',
+ 'type' => 'string',
+ 'example' => '1',
+ ],
+ 'IsMalware' => [
+ 'description' => '是否恶意实体。 取值:'."\n"
+ .'+ 0:否'."\n"
+ .'+ 1:是',
+ 'type' => 'string',
+ 'example' => '0',
+ ],
+ 'Tags' => [
+ 'description' => '实体标签。格式为JSON数组字符串:'."\n"
+ ."\n"
+ .'`"[{"tagKey1":"tagValue1"},{"tagKey2":"tagValue2"}]"`',
+ 'type' => 'string',
+ 'example' => '[{"tagKey1":"tagValue1"},{"tagKey2":"tagValue2"}]',
+ ],
+ 'AgentDisposalMethod' => [
+ 'description' => 'Agent推荐处置方法。',
+ 'type' => 'string',
+ 'example' => 'delete_file',
+ ],
+ 'AgentDisposalPlaybookUuid' => [
+ 'description' => 'Agent推荐处置剧本Uuid。',
+ 'type' => 'string',
+ 'example' => '12XAD-SFQ-WAF-2ca2',
+ ],
+ 'AgentDisposalSuggestion' => [
+ 'description' => 'Agent推荐处置建议。',
+ 'type' => 'string',
+ 'example' => '{}',
+ ],
+ 'AgentConfidence' => [
+ 'description' => 'Agent研判实体置信度。',
+ 'type' => 'string',
+ 'example' => '85',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'example' => '123456',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ 'errorCode' => 'InternalError',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\",\\n \\"Data\\": {\\n \\"PageInfo\\": {\\n \\"CurrentPage\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 100\\n },\\n \\"ResponseData\\": [\\n {\\n \\"Id\\": 0,\\n \\"GmtCreate\\": \\"2021-01-06 16:37:29\\",\\n \\"GmtModified\\": \\"2021-01-06 16:37:29\\",\\n \\"Aliuid\\": 0,\\n \\"IncidentUuid\\": \\"85ea4241-798f-4684-a876-65d4f0c3****\\",\\n \\"AlertUuid\\": \\"sas_71e24437d2797ce8fc59692905a4****\\",\\n \\"AlertNum\\": 1,\\n \\"EventNum\\": 1,\\n \\"CloudCode\\": \\"aliyun\\",\\n \\"EntityType\\": \\"ip\\",\\n \\"EntityName\\": \\"123.123.123.123\\",\\n \\"EntityInfo\\": \\"{\\\\\\"file_path\\\\\\": \\\\\\"c:/www/leixi.jsp\\\\\\",\\\\\\"file_hash\\\\\\": \\\\\\"aa0ca926ad948cd820e0a3d9a18c****\\\\\\",\\\\\\"host_uuid\\\\\\": \\\\\\"efed2cf7-0b77-45d9-a97b-d2cf246b****\\\\\\",\\\\\\"malware_type\\\\\\": \\\\\\"${aliyun.siem.sas.alert_tag.webshell}\\\\\\",\\\\\\"host_name\\\\\\": \\\\\\"launch-advisor-2023****\\\\\\"}\\",\\n \\"SubUserId\\": 0,\\n \\"EntityId\\": \\"12345****\\",\\n \\"EntityUuid\\": \\"8087b3e4aa6862852c100c8738cf****\\",\\n \\"MalwareType\\": \\"aliyun.siem.sas.alert_tag.webshell\\",\\n \\"IsAsset\\": \\"1\\",\\n \\"IsMalware\\": \\"0\\",\\n \\"Tags\\": \\"[{\\\\\\"tagKey1\\\\\\":\\\\\\"tagValue1\\\\\\"},{\\\\\\"tagKey2\\\\\\":\\\\\\"tagValue2\\\\\\"}]\\",\\n \\"AgentDisposalMethod\\": \\"delete_file\\",\\n \\"AgentDisposalPlaybookUuid\\": \\"12XAD-SFQ-WAF-2ca2\\",\\n \\"AgentDisposalSuggestion\\": \\"{}\\",\\n \\"AgentConfidence\\": \\"85\\"\\n }\\n ]\\n }\\n}","type":"json"}]',
+ 'title' => '查询实体列表',
+ ],
+ 'DescribeEntityInfo' => [
+ 'summary' => '获取实体详情。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'https',
+ 'http',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'get',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'EntityId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '实体逻辑ID。',
+ 'description' => '实体逻辑ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '12345',
+ ],
+ ],
+ [
+ 'name' => 'EntityIdentity',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '实体特征值,可以对处置实体进行模糊搜索。',
+ 'description' => '实体特征值,可以对处置实体进行模糊搜索。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'test22.php',
+ ],
+ ],
+ [
+ 'name' => 'IncidentUuid',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '事件全局唯一ID。',
+ 'description' => '事件全局唯一UUID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '85ea4241-798f-4684-a876-65d4f0c3****',
+ ],
+ ],
+ [
+ 'name' => 'SophonTaskId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => 'soar处置策略ID。',
+ 'description' => 'SOAR处置策略ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '577bbf90-a770-44a7-8154-586aa2d318fa',
+ ],
+ ],
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'BaseResponse<EventEntityInfo>',
+ 'description' => 'BaseResponse<EventEntityInfo>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'object',
+ 'properties' => [
+ 'EntityId' => [
+ 'title' => '实体逻辑id。',
+ 'description' => '实体逻辑ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '12345',
+ ],
+ 'EntityType' => [
+ 'title' => '实体类型,ip:ip, 域名:domain, url:url, 进程:process, 文件:file, 主机:host。',
+ 'description' => '实体类型。取值:'."\n"
+ .'- ip:ip'."\n"
+ .'- domain:域名'."\n"
+ .'- url:url'."\n"
+ .'- process:进程'."\n"
+ .'- file:文件'."\n"
+ .'- host:主机',
+ 'type' => 'string',
+ 'example' => 'ip',
+ ],
+ 'EntityInfo' => [
+ 'title' => '实体信息。',
+ 'description' => '实体信息。',
+ 'type' => 'object',
+ 'example' => '{ location: "xian", net_connect_dir: "in", malware_type: "${aliyun.siem.sas.alert_tag.login_unusual_account}" }',
+ ],
+ 'TipInfo' => [
+ 'title' => '威胁情报信息。',
+ 'description' => '威胁情报信息。',
+ 'type' => 'object',
+ 'example' => '{'."\n"
+ .' "Ip": {'."\n"
+ .' "queryHot": "0",'."\n"
+ .' "country": "China",'."\n"
+ .' "province": "shanxi",'."\n"
+ .' "ip": "221.11.XX.XXX",'."\n"
+ .' "asn": "4837",'."\n"
+ .' "asn_label": "CHINAXXX-Backbone - CHINA UNICOM ChinaXXX Backbone, CN"'."\n"
+ .' }'."\n"
+ .'}',
+ ],
+ ],
+ 'example' => '123456',
+ ],
+ 'Success' => [
+ 'title' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'description' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'Code' => [
+ 'title' => '请求状态码。',
+ 'description' => '请求状态码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '200',
+ ],
+ 'Message' => [
+ 'title' => '请求返回消息。',
+ 'description' => '请求返回消息。',
+ 'type' => 'string',
+ 'example' => 'success',
+ ],
+ 'RequestId' => [
+ 'title' => '请求id。',
+ 'description' => '请求ID。',
+ 'type' => 'string',
+ 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ 'errorCode' => 'InternalError',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"EntityId\\": 12345,\\n \\"EntityType\\": \\"ip\\",\\n \\"EntityInfo\\": {\\n \\"test\\": \\"test\\",\\n \\"test2\\": 1\\n },\\n \\"TipInfo\\": {\\n \\"Ip\\": {\\n \\"queryHot\\": \\"0\\",\\n \\"country\\": \\"China\\",\\n \\"province\\": \\"shanxi\\",\\n \\"ip\\": \\"221.11.XX.XXX\\",\\n \\"asn\\": \\"4837\\",\\n \\"asn_label\\": \\"CHINAXXX-Backbone - CHINA UNICOM ChinaXXX Backbone, CN\\"\\n }\\n }\\n },\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]',
+ 'title' => '获取实体详情',
+ ],
+ 'PostEventDisposeAndWhiteruleList' => [
+ 'summary' => '提交事件处置信息,更新事件状态,更新事件等级。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'http',
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'write',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'create',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsasAFG0OH',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'IncidentUuid',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '事件id。',
+ 'description' => '事件全局唯一UUID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '85ea4241-798f-4684-a876-65d4f0c3****',
+ ],
+ ],
+ [
+ 'name' => 'Status',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '事件状态。 取值:'."\n"
+ .'- 0:未处理 '."\n"
+ .'-1:处理中 '."\n"
+ .'-5:处理失败 '."\n"
+ .'-10:已处理',
+ 'description' => '事件状态。 取值:'."\n"
+ ."\n"
+ .'- 0:未处理 '."\n"
+ .'- 1:处理中 '."\n"
+ .'- 5:处理失败 '."\n"
+ .'- 10:已处理',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '0',
+ ],
+ ],
+ [
+ 'name' => 'Remark',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '事件备注。',
+ 'description' => '事件备注。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'dealed',
+ ],
+ ],
+ [
+ 'name' => 'EventDispose',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '事件处置配置 json对象。',
+ 'description' => '事件处置配置 json对象。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '['."\n"
+ .' {'."\n"
+ .' "playbookName": "WafBlockIP",'."\n"
+ .' "entityId": "104466118",'."\n"
+ .' "scope": ['."\n"
+ .' "176618589410****"'."\n"
+ .' ],'."\n"
+ .' "startTime": 1604168946281,'."\n"
+ .' "endTime": 1614168946281'."\n"
+ .' },'."\n"
+ .' {'."\n"
+ .' "playbookName": "WafBlockIP",'."\n"
+ .' "entityId": "104466118",'."\n"
+ .' "scope": ['."\n"
+ .' {'."\n"
+ .' "instanceId": "waf-cn-n6w1oy1****",'."\n"
+ .' "domains": ['."\n"
+ .' "lmfip.wafqax.***"'."\n"
+ .' ]'."\n"
+ .' }'."\n"
+ .' ],'."\n"
+ .' "startTime": 1604168946281,'."\n"
+ .' "endTime": 1614168946281'."\n"
+ .' }'."\n"
+ .']',
+ ],
+ ],
+ [
+ 'name' => 'ReceiverInfo',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '告警接收人配置 json对象',
+ 'description' => '告警接收人配置 json对象',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '{'."\n"
+ .' "messageTitle": "test",'."\n"
+ .' "receiver": "xiaowang",'."\n"
+ .' "channel": "message"'."\n"
+ .'}',
+ ],
+ ],
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'ThreatLevel',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁等级。取值:'."\n"
+ .'- serious:高危'."\n"
+ .'- suspicious:中危'."\n"
+ .'- remind:低危',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'remind',
+ ],
+ ],
+ [
+ 'name' => 'Owner',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '事件责任人账号uid',
+ 'description' => '事件责任人账号uid',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '1234567890xxxxxx',
+ ],
+ ],
+ [
+ 'name' => 'ResponseSource',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '处置策略来源。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'system',
+ ],
+ ],
+ [
+ 'name' => 'DisposeStrategyIds',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '处置策略ID列表。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '12,13,14',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'BaseResponse<String>',
+ 'description' => 'BaseResponse<String>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'string',
+ 'example' => '123456',
+ ],
+ 'Success' => [
+ 'title' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'description' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'Code' => [
+ 'title' => '请求状态码。',
+ 'description' => '请求状态码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '200',
+ ],
+ 'Message' => [
+ 'title' => '请求返回消息。',
+ 'description' => '请求返回消息。',
+ 'type' => 'string',
+ 'example' => 'success',
+ ],
+ 'RequestId' => [
+ 'title' => '请求id。',
+ 'description' => '请求ID。',
+ 'type' => 'string',
+ 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ 'errorCode' => 'InternalError',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": \\"123456\\",\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]',
+ 'title' => '提交事件处置信息',
+ ],
+ 'DescribeWafScope' => [
+ 'summary' => '获取作用域用户名下waf实例的域名防护列表。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'https',
+ 'http',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'get',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'EntityId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '实体ID。',
+ 'description' => '实体ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '20617784',
+ ],
+ ],
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'BaseResponse<List<WafScope>>',
+ 'description' => 'BaseResponse<List<WafScope>>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'array',
+ 'items' => [
+ 'type' => 'object',
+ 'properties' => [
+ 'InstanceId' => [
+ 'title' => 'waf实例ID。',
+ 'description' => 'Waf实例ID。',
+ 'type' => 'string',
+ 'example' => 'waf-cn-tl123ast****',
+ ],
+ 'Aliuid' => [
+ 'title' => 'siem主账号ID。',
+ 'description' => 'SIEM主账号ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '127608589417****',
+ ],
+ 'Domains' => [
+ 'title' => 'waf实例下的防护的域名列表。',
+ 'description' => 'Waf实例下的防护的域名列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => 'Waf实例下的防护的域名列表。',
+ 'type' => 'string',
+ 'example' => '[123***.com, 456***.com]',
+ ],
+ 'example' => '[123.com, 456.com]',
+ ],
+ ],
+ ],
+ 'example' => '123456',
+ ],
+ 'Success' => [
+ 'title' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'description' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'Code' => [
+ 'title' => '请求状态码。',
+ 'description' => '请求状态码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '200',
+ ],
+ 'Message' => [
+ 'title' => '请求返回消息。',
+ 'description' => '请求返回消息。',
+ 'type' => 'string',
+ 'example' => 'success',
+ ],
+ 'RequestId' => [
+ 'title' => '请求id。',
+ 'description' => '请求ID。',
+ 'type' => 'string',
+ 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ 'errorCode' => 'InternalError',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"InstanceId\\": \\"waf-cn-tl123ast****\\",\\n \\"Aliuid\\": 0,\\n \\"Domains\\": [\\n \\"[123***.com, 456***.com]\\"\\n ]\\n }\\n ],\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]',
+ 'title' => '获取作用域用户名下waf实例的域名防护列表',
+ ],
+ 'DescribeEventDispose' => [
+ 'summary' => '获取事件历史处置策略。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'https',
+ 'http',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'get',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'IncidentUuid',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '事件ID。',
+ 'description' => '事件全局唯一UUID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '85ea4241-798f-4684-a876-65d4f0c3****',
+ ],
+ ],
+ [
+ 'name' => 'CurrentPage',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '列表当前页号, 大于等于1。',
+ 'description' => '列表当前页号, 大于等于1。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'minimum' => '1',
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'PageSize',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '列表每页条数, 最大不超过100。',
+ 'description' => '列表每页条数, 最大不超过500。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'maximum' => '500',
+ 'minimum' => '1',
+ 'example' => '10',
+ ],
+ ],
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'BaseResponse<EventDisposeConfig>',
+ 'description' => 'BaseResponse<EventDisposeConfig>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'object',
+ 'properties' => [
+ 'Status' => [
+ 'title' => '事件状态。 0:未处理 1:处理中 5:处理失败 10:已处理。',
+ 'description' => '事件状态。 取值:'."\n"
+ ."\n"
+ .'- 0:未处理 '."\n"
+ .'- 1:处理中 '."\n"
+ .'- 5:处理失败 '."\n"
+ .'- 10:已处理',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '0',
+ ],
+ 'Remark' => [
+ 'title' => '事件备注。',
+ 'description' => '事件备注。',
+ 'type' => 'string',
+ 'example' => 'dealed',
+ ],
+ 'EventDispose' => [
+ 'title' => '事件处置配置 json对象。',
+ 'description' => '事件处置配置 json对象。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '事件处置配置 json对象。',
+ 'type' => 'any',
+ 'example' => '{ playbookName: "WafBlockIP", sophonTaskId: "400442a5-4f98-45ed-97db-5ab117eb0b8f", … }',
+ ],
+ 'example' => '{ playbookName: "使用安全组封禁入方向IP", sophonTaskId: "400442a5-4f98-45ed-97db-5ab117eb0b8f", … }',
+ ],
+ 'ReceiverInfo' => [
+ 'title' => '告警接收人配置 json对象',
+ 'description' => '告警接收人配置 json对象',
+ 'type' => 'object',
+ 'properties' => [
+ 'Id' => [
+ 'title' => '事件处置结果接收人记录ID。',
+ 'description' => '事件处置结果接收人记录ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '123',
+ ],
+ 'GmtCreate' => [
+ 'title' => '创建时间。',
+ 'description' => '创建时间。',
+ 'type' => 'string',
+ 'example' => '2021-01-06 16:37:29',
+ ],
+ 'GmtModified' => [
+ 'title' => '修改时间。',
+ 'description' => '修改时间。',
+ 'type' => 'string',
+ 'example' => '2021-01-06 16:37:29',
+ ],
+ 'IncidentUuid' => [
+ 'title' => '事件ID。',
+ 'description' => '事件全局唯一UUID。',
+ 'type' => 'string',
+ 'example' => '85ea4241-798f-4684-a876-65d4f0c3****',
+ ],
+ 'MessageTitle' => [
+ 'title' => '消息title。',
+ 'description' => '消息title。',
+ 'type' => 'string',
+ 'example' => 'siem event dealed message',
+ ],
+ 'Receiver' => [
+ 'title' => '接收人联系方式。',
+ 'description' => '接收人联系方式。',
+ 'type' => 'string',
+ 'example' => '138xxxxxx',
+ ],
+ 'Channel' => [
+ 'title' => '联系方式渠道。 取值:'."\n"
+ .'- message:短信 '."\n"
+ .'- mail:邮件',
+ 'description' => '联系方式渠道。 取值:'."\n"
+ .'- message:短信 '."\n"
+ .'- mail:邮件',
+ 'type' => 'string',
+ 'example' => 'message',
+ ],
+ 'Status' => [
+ 'title' => '发送状态 0:未发送 1:已发送',
+ 'description' => '发送状态。取值:'."\n"
+ ."\n"
+ .'- 0:未发送 '."\n"
+ .'- 1:已发送',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '1',
+ ],
+ ],
+ ],
+ ],
+ 'example' => '123456',
+ ],
+ 'Success' => [
+ 'title' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'description' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'Code' => [
+ 'title' => '请求状态码。',
+ 'description' => '请求状态码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '200',
+ ],
+ 'Message' => [
+ 'title' => '请求返回消息。',
+ 'description' => '请求返回消息。',
+ 'type' => 'string',
+ 'example' => 'success',
+ ],
+ 'RequestId' => [
+ 'title' => '请求id。',
+ 'description' => '请求ID。',
+ 'type' => 'string',
+ 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ 'errorCode' => 'InternalError',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"Status\\": 0,\\n \\"Remark\\": \\"dealed\\",\\n \\"EventDispose\\": [\\n \\"{ playbookName: \\\\\\"WafBlockIP\\\\\\", sophonTaskId: \\\\\\"400442a5-4f98-45ed-97db-5ab117eb0b8f\\\\\\", … }\\"\\n ],\\n \\"ReceiverInfo\\": {\\n \\"Id\\": 123,\\n \\"GmtCreate\\": \\"2021-01-06 16:37:29\\",\\n \\"GmtModified\\": \\"2021-01-06 16:37:29\\",\\n \\"IncidentUuid\\": \\"85ea4241-798f-4684-a876-65d4f0c3****\\",\\n \\"MessageTitle\\": \\"siem event dealed message\\",\\n \\"Receiver\\": \\"138xxxxxx\\",\\n \\"Channel\\": \\"message\\",\\n \\"Status\\": 1\\n }\\n },\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]',
+ 'title' => '获取事件历史处置策略',
+ ],
+ 'DescribeEventCountByThreatLevel' => [
+ 'summary' => '获取事件各类型计数。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'http',
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'read',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'get',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsasAFG0OH',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'StartTime',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '查询开始时间, 单位毫秒。',
+ 'description' => '查询开始时间, 单位毫秒。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '1577808000000',
+ ],
+ ],
+ [
+ 'name' => 'EndTime',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '查询结束时间, 单位毫秒。',
+ 'description' => '查询结束时间, 单位毫秒。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '1577808000000',
+ ],
+ ],
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '资源目录成员账号ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'PlainResponse<EventCounter>',
+ 'description' => 'PlainResponse<EventCounter>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'object',
+ 'properties' => [
+ 'EventNum' => [
+ 'title' => '事件总数。',
+ 'description' => '事件总数。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '100',
+ ],
+ 'UndealEventNum' => [
+ 'title' => '未处理事件数。',
+ 'description' => '未处理事件数。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '75',
+ ],
+ 'HighLevelEventNum' => [
+ 'title' => '高风险事件数。',
+ 'description' => '高风险事件数。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '20',
+ ],
+ 'MediumLevelEventNum' => [
+ 'title' => '中风险事件数。',
+ 'description' => '中风险事件数。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '3',
+ ],
+ 'LowLevelEventNum' => [
+ 'title' => '低分险事件数。',
+ 'description' => '低分险事件数。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '52',
+ ],
+ 'SeriousLevelEventNum' => [
+ 'description' => '严重等级计数。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '0',
+ ],
+ 'InfoLevelEventNum' => [
+ 'description' => '信息等级计数。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '0',
+ ],
+ 'EventDailyNum' => [
+ 'description' => '每日事件统计。',
+ 'type' => 'array',
+ 'items' => [
+ 'type' => 'object',
+ 'properties' => [
+ 'Date' => [
+ 'description' => '日期。',
+ 'type' => 'string',
+ 'example' => '2025-10-06',
+ ],
+ 'EventNum' => [
+ 'description' => '安全事件总数。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '100',
+ ],
+ 'UndealEventNum' => [
+ 'description' => '未处理安全事件数。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '34',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'example' => '123456',
+ ],
+ 'Success' => [
+ 'title' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'description' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'Code' => [
+ 'title' => '请求状态码。',
+ 'description' => '请求状态码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '200',
+ ],
+ 'Message' => [
+ 'title' => '请求返回消息。',
+ 'description' => '请求返回消息。',
+ 'type' => 'string',
+ 'example' => 'success',
+ ],
+ 'RequestId' => [
+ 'title' => '请求id。',
+ 'description' => '请求ID。',
+ 'type' => 'string',
+ 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ 'errorCode' => 'InternalError',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"EventNum\\": 100,\\n \\"UndealEventNum\\": 75,\\n \\"HighLevelEventNum\\": 20,\\n \\"MediumLevelEventNum\\": 3,\\n \\"LowLevelEventNum\\": 52,\\n \\"SeriousLevelEventNum\\": 0,\\n \\"InfoLevelEventNum\\": 0,\\n \\"EventDailyNum\\": [\\n {\\n \\"Date\\": \\"2025-10-06\\",\\n \\"EventNum\\": 100,\\n \\"UndealEventNum\\": 34\\n }\\n ]\\n },\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]',
+ 'title' => '获取事件各类型计数',
+ ],
+ 'DescribeDisposeAndPlaybook' => [
+ 'summary' => '获取需要被处置的实体列表与剧本列表。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'http',
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'read',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'get',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas104PTS',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'EntityType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '实体类型。取值:'."\n"
+ .'- ip:ip'."\n"
+ .'- process:进程'."\n"
+ .'- file:文件机',
+ 'description' => '实体类型。取值:'."\n"
+ .'- ip:ip'."\n"
+ .'- process:进程'."\n"
+ .'- file:文件',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'ip',
+ ],
+ ],
+ [
+ 'name' => 'IncidentUuid',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '事件id。',
+ 'description' => '事件UUID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '85ea4241-798f-4684-a876-65d4f0c3****',
+ ],
+ ],
+ [
+ 'name' => 'EntityUuid',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '实体uuid。',
+ 'description' => '实体uuid。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '85ea4241-798f-4684-a876-65d4f0c3****',
+ ],
+ ],
+ [
+ 'name' => 'CurrentPage',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '列表当前页号, 大于等于1。',
+ 'description' => '列表当前页号, 大于等于1。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'PageSize',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '列表每页条数, 最大不超过100。',
+ 'description' => '列表每页条数, 最大不超过100。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '10',
+ ],
+ ],
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '0,单账号登录;1,全局视图;2,切换视图;3,局部视图',
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'PageResponse<List<DisposeAndScopeView>>',
+ 'description' => 'PageResponse<List<DisposeAndScopeView>>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Success' => [
+ 'title' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'description' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'Code' => [
+ 'title' => '请求状态码。',
+ 'description' => '请求状态码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '200',
+ ],
+ 'Message' => [
+ 'title' => '请求返回消息。',
+ 'description' => '请求返回消息。',
+ 'type' => 'string',
+ 'example' => 'success',
+ ],
+ 'RequestId' => [
+ 'title' => '请求id。',
+ 'description' => '请求ID。',
+ 'type' => 'string',
+ 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****',
+ ],
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'object',
+ 'properties' => [
+ 'PageInfo' => [
+ 'title' => '分页记录。',
+ 'description' => '分页记录。',
+ 'type' => 'object',
+ 'properties' => [
+ 'CurrentPage' => [
+ 'title' => '列表当前页号。',
+ 'description' => '列表当前页号。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '1',
+ ],
+ 'PageSize' => [
+ 'title' => '每页返回记录数。',
+ 'description' => '每页返回记录数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '10',
+ ],
+ 'TotalCount' => [
+ 'title' => '记录总数。',
+ 'description' => '记录总数。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '100',
+ ],
+ ],
+ ],
+ 'ResponseData' => [
+ 'title' => '详细数据。',
+ 'description' => '详细数据。',
+ 'type' => 'array',
+ 'items' => [
+ 'type' => 'object',
+ 'properties' => [
+ 'EntityId' => [
+ 'title' => '实体id。',
+ 'description' => '实体ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '12345****',
+ ],
+ 'EntityType' => [
+ 'title' => '实体类型。取值:'."\n"
+ .'- ip:ip'."\n"
+ .'- domain:域名'."\n"
+ .'- url:url'."\n"
+ .'- process:进程'."\n"
+ .'- file:文件'."\n"
+ .'- host:主机',
+ 'description' => '实体类型。取值:'."\n"
+ .'- ip:ip'."\n"
+ .'- domain:域名'."\n"
+ .'- url:url'."\n"
+ .'- process:进程'."\n"
+ .'- file:文件'."\n"
+ .'- host:主机',
+ 'type' => 'string',
+ 'example' => 'ip',
+ ],
+ 'OpcodeMap' => [
+ 'title' => '实体id。',
+ 'description' => 'opcode与oplevel键值对。',
+ 'type' => 'object',
+ 'additionalProperties' => [
+ 'type' => 'string',
+ 'example' => '{"7","2"}',
+ 'description' => 'opcode与oplevel键值对。',
+ ],
+ 'example' => '12345',
+ ],
+ 'OpcodeSet' => [
+ 'title' => '实体处置推荐剧本code。',
+ 'description' => '实体处置推荐剧本code。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '实体处置推荐剧本code。',
+ 'type' => 'string',
+ 'example' => '7',
+ ],
+ 'example' => '[1,3]',
+ ],
+ 'EntityInfo' => [
+ 'title' => '实体信息。',
+ 'description' => '实体信息。',
+ 'type' => 'object',
+ 'example' => '{"file_path": "c:/www/leixi.jsp","file_hash": "aa0ca926ad948cd820e0a3d9a18c****","host_uuid": "efed2cf7-0b77-45d9-a97b-d2cf246b****","malware_type": "${aliyun.siem.sas.alert_tag.webshell}","host_name": "launch-advisor-2023****"}',
+ ],
+ 'Dispose' => [
+ 'title' => '处置对象。',
+ 'description' => '处置对象。',
+ 'type' => 'string',
+ 'example' => '192.168.*.*',
+ ],
+ 'Scope' => [
+ 'title' => '处置作用域,可进行处置用户id列表。',
+ 'description' => '处置作用域,可进行处置用户ID列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '处置作用域,可进行处置用户ID列表。',
+ 'type' => 'any',
+ 'example' => '[127608589417****]',
+ ],
+ 'example' => '176618589410****',
+ ],
+ 'PlaybookList' => [
+ 'title' => '能够处置该实体的剧本列表。',
+ 'description' => '能够处置该实体的剧本列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'type' => 'object',
+ 'properties' => [
+ 'OpCode' => [
+ 'title' => '剧本opcode,与处置实体的推荐剧本opcode相对应。',
+ 'description' => '剧本opcode,与处置实体的推荐剧本opcode相对应。',
+ 'type' => 'string',
+ 'example' => '7',
+ ],
+ 'OpLevel' => [
+ 'title' => '事件一键处置是否默认勾选,2:勾选 1:只展示不勾选。',
+ 'description' => '事件一键处置是否默认勾选。取值:'."\n"
+ ."\n"
+ .'- 2:勾选 '."\n"
+ .'- 1:只展示不勾选',
+ 'type' => 'string',
+ 'example' => '2',
+ ],
+ 'Description' => [
+ 'title' => '剧本描述。',
+ 'description' => '剧本描述。',
+ 'type' => 'string',
+ 'example' => 'WafBlockIP',
+ ],
+ 'DisplayName' => [
+ 'title' => '剧本显示名称。',
+ 'description' => '剧本显示名称。',
+ 'type' => 'string',
+ 'example' => 'WafBlockIP',
+ ],
+ 'TaskConfig' => [
+ 'title' => 'opcode配置。',
+ 'description' => 'opcode配置。',
+ 'type' => 'string',
+ 'example' => '{"opCode":"3"}',
+ ],
+ 'Name' => [
+ 'title' => '剧本名称,剧本唯一标识。',
+ 'description' => '剧本名称,剧本唯一标识。',
+ 'type' => 'string',
+ 'example' => 'kill_process_isolate_file',
+ ],
+ 'Uuid' => [
+ 'title' => '剧本uuid,剧本唯一标识。',
+ 'description' => '剧本uuid,剧本唯一标识。',
+ 'type' => 'string',
+ 'example' => 'kill_process_isolate_file',
+ ],
+ 'ParamConfig' => [
+ 'title' => '剧本的参数列表以及对应参数属性',
+ 'description' => '剧本的参数列表以及对应参数属性',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '当前剧本的入参列表以及入参格式要求。',
+ 'type' => 'any',
+ 'example' => '{'."\n"
+ .' "ParamConfig": ['."\n"
+ .' {'."\n"
+ .' "Field": "dispose",'."\n"
+ .' "Necessary": true,'."\n"
+ .' "CheckField": "[{&quot;fieldPath&quot;:&quot;$.ip&quot;,&quot;fieldName&quot;:&quot;ip&quot;}]"'."\n"
+ .' },'."\n"
+ .' {'."\n"
+ .' "Field": "alert",'."\n"
+ .' "Necessary": true,'."\n"
+ .' "CheckField": "[{&quot;fieldPath&quot;:&quot;$.host_uuid&quot;,&quot;fieldName&quot;:&quot;host_uuid&quot;}]"'."\n"
+ .' },'."\n"
+ .' {'."\n"
+ .' "Field": "scope",'."\n"
+ .' "Necessary": true,'."\n"
+ .' "Value": "$.main_user_id"'."\n"
+ .' },'."\n"
+ .' {'."\n"
+ .' "Field": "startTime",'."\n"
+ .' "Necessary": true'."\n"
+ .' },'."\n"
+ .' {'."\n"
+ .' "Field": "endTime",'."\n"
+ .' "Necessary": true'."\n"
+ .' }'."\n"
+ .' ]'."\n"
+ .'}',
+ ],
+ ],
+ 'WafPlaybook' => [
+ 'title' => '是否是waf剧本。',
+ 'description' => '是否是waf剧本。取值:'."\n"
+ ."\n"
+ .'- true:是'."\n"
+ .'- false:不是',
+ 'type' => 'boolean',
+ 'example' => 'false',
+ ],
+ 'Available' => [
+ 'description' => '是否可用。'."\n"
+ ."\n"
+ .'- 1:可用'."\n"
+ .'- 0:不可用',
+ 'type' => 'string',
+ 'example' => '1',
+ ],
+ ],
+ ],
+ 'example' => '[{"name":"云安全中心-云服务器安全","code":"1"}]',
+ ],
+ 'AlertNum' => [
+ 'title' => '该实体关联的告警数。',
+ 'description' => '该实体关联的告警数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '1',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'example' => '123456',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ 'errorCode' => 'InternalError',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\",\\n \\"Data\\": {\\n \\"PageInfo\\": {\\n \\"CurrentPage\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 100\\n },\\n \\"ResponseData\\": [\\n {\\n \\"EntityId\\": 0,\\n \\"EntityType\\": \\"ip\\",\\n \\"OpcodeMap\\": {\\n \\"key\\": \\"{\\\\\\"7\\\\\\",\\\\\\"2\\\\\\"}\\"\\n },\\n \\"OpcodeSet\\": [\\n \\"7\\"\\n ],\\n \\"EntityInfo\\": {\\n \\"file_path\\": \\"c:/www/leixi.jsp\\",\\n \\"file_hash\\": \\"aa0ca926ad948cd820e0a3d9a18c****\\",\\n \\"host_uuid\\": \\"efed2cf7-0b77-45d9-a97b-d2cf246b****\\",\\n \\"malware_type\\": \\"${aliyun.siem.sas.alert_tag.webshell}\\",\\n \\"host_name\\": \\"launch-advisor-2023****\\"\\n },\\n \\"Dispose\\": \\"192.168.*.*\\",\\n \\"Scope\\": [\\n \\"[127608589417****]\\"\\n ],\\n \\"PlaybookList\\": [\\n {\\n \\"OpCode\\": \\"7\\",\\n \\"OpLevel\\": \\"2\\",\\n \\"Description\\": \\"WafBlockIP\\",\\n \\"DisplayName\\": \\"WafBlockIP\\",\\n \\"TaskConfig\\": \\"{\\\\\\"opCode\\\\\\":\\\\\\"3\\\\\\"}\\",\\n \\"Name\\": \\"kill_process_isolate_file\\",\\n \\"Uuid\\": \\"kill_process_isolate_file\\",\\n \\"ParamConfig\\": [\\n \\"{\\\\n\\\\t\\\\\\"ParamConfig\\\\\\": [\\\\n\\\\t\\\\t{\\\\n\\\\t\\\\t\\\\t\\\\\\"Field\\\\\\": \\\\\\"dispose\\\\\\",\\\\n\\\\t\\\\t\\\\t\\\\\\"Necessary\\\\\\": true,\\\\n\\\\t\\\\t\\\\t\\\\\\"CheckField\\\\\\": \\\\\\"[{&quot;fieldPath&quot;:&quot;$.ip&quot;,&quot;fieldName&quot;:&quot;ip&quot;}]\\\\\\"\\\\n\\\\t\\\\t},\\\\n\\\\t\\\\t{\\\\n\\\\t\\\\t\\\\t\\\\\\"Field\\\\\\": \\\\\\"alert\\\\\\",\\\\n\\\\t\\\\t\\\\t\\\\\\"Necessary\\\\\\": true,\\\\n\\\\t\\\\t\\\\t\\\\\\"CheckField\\\\\\": \\\\\\"[{&quot;fieldPath&quot;:&quot;$.host_uuid&quot;,&quot;fieldName&quot;:&quot;host_uuid&quot;}]\\\\\\"\\\\n\\\\t\\\\t},\\\\n\\\\t\\\\t{\\\\n\\\\t\\\\t\\\\t\\\\\\"Field\\\\\\": \\\\\\"scope\\\\\\",\\\\n\\\\t\\\\t\\\\t\\\\\\"Necessary\\\\\\": true,\\\\n\\\\t\\\\t\\\\t\\\\\\"Value\\\\\\": \\\\\\"$.main_user_id\\\\\\"\\\\n\\\\t\\\\t},\\\\n\\\\t\\\\t{\\\\n\\\\t\\\\t\\\\t\\\\\\"Field\\\\\\": \\\\\\"startTime\\\\\\",\\\\n\\\\t\\\\t\\\\t\\\\\\"Necessary\\\\\\": true\\\\n\\\\t\\\\t},\\\\n\\\\t\\\\t{\\\\n\\\\t\\\\t\\\\t\\\\\\"Field\\\\\\": \\\\\\"endTime\\\\\\",\\\\n\\\\t\\\\t\\\\t\\\\\\"Necessary\\\\\\": true\\\\n\\\\t\\\\t}\\\\n\\\\t]\\\\n}\\"\\n ],\\n \\"WafPlaybook\\": false,\\n \\"Available\\": \\"1\\"\\n }\\n ],\\n \\"AlertNum\\": 1\\n }\\n ]\\n }\\n}","type":"json"}]',
+ 'title' => '获取需要被处置的实体列表与剧本列表',
+ ],
+ 'DescribeCloudSiemEvents' => [
+ 'summary' => '获取威胁分析与响应事件列表。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'http',
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'read',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'list',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsasAFG0OH',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'StartTime',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '查询开始时间, 单位毫秒。',
+ 'description' => '查询事件的开始时间,精确到毫秒(ms)。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '1577808000000',
+ ],
+ ],
+ [
+ 'name' => 'EndTime',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '查询结束时间, 单位毫秒。',
+ 'description' => '查询结束时间,精确到毫秒(ms)。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '1577808000000',
+ ],
+ ],
+ [
+ 'name' => 'ThreadLevel',
+ 'in' => 'formData',
+ 'style' => 'repeatList',
+ 'schema' => [
+ 'title' => '事件威胁等级,格式为json数组。取值:'."\n"
+ .'- serious:高危'."\n"
+ .'- suspicious:中危'."\n"
+ .'- remind:低危',
+ 'description' => '事件威胁等级,格式为json数组。取值:'."\n"
+ .'- serious:高危'."\n"
+ .'- suspicious:中危'."\n"
+ .'- remind:低危',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '事件威胁等级,格式为json数组。取值:'."\n"
+ ."\n"
+ .'- serious:高危'."\n"
+ .'- suspicious:中危'."\n"
+ .'- remind:低危',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '["remind","serious"]'."\n",
+ ],
+ 'required' => false,
+ 'example' => '["serious","suspicious","remind"]',
+ 'maxItems' => 100,
+ ],
+ ],
+ [
+ 'name' => 'EventName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '事件名称。',
+ 'description' => '事件名称。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'ECS unusual log in',
+ ],
+ ],
+ [
+ 'name' => 'IncidentUuid',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '事件ID。',
+ 'description' => '事件ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '85ea4241-798f-4684-a876-65d4f0c3****',
+ ],
+ ],
+ [
+ 'name' => 'AssetId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '事件关联的资产ID。',
+ 'description' => '事件关联的资产ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '6c740667-80b2-476d-8924-2e706feb****',
+ ],
+ ],
+ [
+ 'name' => 'EntityUuid',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '事件关联的实体Uuid。',
+ 'description' => '事件关联的实体Uuid。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '6c740667-80b2-476d-8924-2e706feb****',
+ ],
+ ],
+ [
+ 'name' => 'Status',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '事件状态。 取值:'."\n"
+ .'- 0:未处理'."\n"
+ .'- 1:处理中'."\n"
+ .'- 5:处理失败'."\n"
+ .'- 10:已处理',
+ 'description' => '事件状态。取值:'."\n"
+ .'- 0:未处理'."\n"
+ .'- 1:处理中'."\n"
+ .'- 5:处理失败'."\n"
+ .'- 10:已处理',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '0',
+ ],
+ ],
+ [
+ 'name' => 'OrderField',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '事件列表排列字段。 取值:'."\n"
+ .'- GmtModified:基于事件产生事件排序(默认)'."\n"
+ .'- ThreatScore:基于事件威胁评分排序。',
+ 'description' => '事件列表排列字段。 取值:'."\n"
+ .'- GmtModified:基于事件产生事件排序(默认)'."\n"
+ .'- ThreatScore:基于事件威胁评分排序',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'ThreatScore',
+ ],
+ ],
+ [
+ 'name' => 'Order',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '事件列表排列方向。 取值:'."\n"
+ .'- desc:降序排列'."\n"
+ .'- asc:升序排列。',
+ 'description' => '事件列表排列方向。 取值:'."\n"
+ .'- desc:降序排列'."\n"
+ .'- asc:升序排列',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'desc',
+ ],
+ ],
+ [
+ 'name' => 'CurrentPage',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '列表当前页号, 大于等于1。',
+ 'description' => '列表当前页号,大于等于1。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => true,
+ 'minimum' => '1',
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'PageSize',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '列表每页条数, 最大不超过100。',
+ 'description' => '列表每页条数,最大不超过100。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => true,
+ 'maximum' => '100',
+ 'minimum' => '1',
+ 'example' => '10',
+ ],
+ ],
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '0,单账号登录;1,全局视图;2,切换视图;3,局部视图',
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'PageResponse<List<SiemEvent>>',
+ 'description' => 'PageResponse<List<SiemEvent>>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Success' => [
+ 'title' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'description' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'Code' => [
+ 'title' => '请求状态码。',
+ 'description' => '请求状态码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '200',
+ ],
+ 'Message' => [
+ 'title' => '请求返回消息。',
+ 'description' => '请求返回消息。',
+ 'type' => 'string',
+ 'example' => 'success',
+ ],
+ 'RequestId' => [
+ 'title' => '请求id。',
+ 'description' => '请求ID。',
+ 'type' => 'string',
+ 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****',
+ ],
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'object',
+ 'properties' => [
+ 'PageInfo' => [
+ 'title' => '分页记录。',
+ 'description' => '分页记录。',
+ 'type' => 'object',
+ 'properties' => [
+ 'CurrentPage' => [
+ 'title' => '列表当前页号。',
+ 'description' => '列表当前页号。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '1',
+ ],
+ 'PageSize' => [
+ 'title' => '每页返回记录数。',
+ 'description' => '每页返回记录数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '10',
+ ],
+ 'TotalCount' => [
+ 'title' => '记录总数。',
+ 'description' => '记录总数。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '100',
+ ],
+ ],
+ ],
+ 'ResponseData' => [
+ 'title' => '详细数据。',
+ 'description' => '详细数据。',
+ 'type' => 'array',
+ 'items' => [
+ 'type' => 'object',
+ 'properties' => [
+ 'GmtCreate' => [
+ 'title' => '事件发生时间。',
+ 'description' => '事件发生时间。',
+ 'type' => 'string',
+ 'example' => '2021-01-06 16:37:29',
+ ],
+ 'GmtModified' => [
+ 'title' => '事件最后更新时间。',
+ 'description' => '事件最后更新时间。',
+ 'type' => 'string',
+ 'example' => '2021-01-06 16:37:29',
+ ],
+ 'Aliuid' => [
+ 'title' => '事件归属主账号ID。',
+ 'description' => '事件归属主账号ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '127608589417****',
+ ],
+ 'AlertNum' => [
+ 'title' => '事件关联告警数。',
+ 'description' => '事件关联告警数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '4',
+ ],
+ 'AssetNum' => [
+ 'title' => '事件关联资产数。',
+ 'description' => '事件关联资产数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '4',
+ ],
+ 'IncidentUuid' => [
+ 'title' => '事件全局唯一ID。',
+ 'description' => '事件全局唯一UUID。',
+ 'type' => 'string',
+ 'example' => '85ea4241-798f-4684-a876-65d4f0c3****',
+ ],
+ 'IncidentName' => [
+ 'title' => '事件名称。',
+ 'description' => '事件名称。',
+ 'type' => 'string',
+ 'example' => 'Multiple type of alerts, including Miner Network, Command line download and run malicious files, Backdoor Process, etc',
+ ],
+ 'IncidentNameEn' => [
+ 'title' => '事件英文名称。',
+ 'description' => '事件英文名称。',
+ 'type' => 'string',
+ 'example' => 'Multiple type of alerts, including Miner Network, Command line download and run malicious files, Backdoor Process, etc',
+ ],
+ 'Description' => [
+ 'title' => '事件描述。',
+ 'description' => '事件描述。',
+ 'type' => 'string',
+ 'example' => 'The threat event contains 13 Miner Network,1 Execute suspicious encoded commands on Linux, etc',
+ ],
+ 'DescriptionEn' => [
+ 'title' => '事件英文描述。',
+ 'description' => '事件英文描述。',
+ 'type' => 'string',
+ 'example' => 'The threat event contains 13 Miner Network,1 Execute suspicious encoded commands on Linux, etc',
+ ],
+ 'DataSources' => [
+ 'title' => '事件关联告警来源产品。',
+ 'description' => '事件关联告警来源产品。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '事件关联告警来源产品。',
+ 'type' => 'string',
+ 'example' => '[sas,waf]',
+ ],
+ 'example' => '[sas,waf]',
+ ],
+ 'ThreatLevel' => [
+ 'title' => '威胁等级。取值:'."\n"
+ .'- serious:高危'."\n"
+ .'- suspicious:中危'."\n"
+ .'- remind:低危',
+ 'description' => '威胁等级。取值:'."\n"
+ .'- serious:高危'."\n"
+ .'- suspicious:中危'."\n"
+ .'- remind:低危',
+ 'type' => 'string',
+ 'example' => 'remind',
+ ],
+ 'ThreatScore' => [
+ 'title' => '事件的威胁分值, 范围 0~100, 分值越高风险等级越高。',
+ 'description' => '事件的威胁分值,范围 0~100,分值越高风险等级越高。',
+ 'type' => 'number',
+ 'format' => 'float',
+ 'example' => '90.2',
+ ],
+ 'ExtContent' => [
+ 'title' => '事件扩展信息 json格式。',
+ 'description' => '事件扩展信息 json格式。',
+ 'type' => 'string',
+ 'example' => '{"event_transfer_type":"customize_rule"}',
+ ],
+ 'Status' => [
+ 'title' => '事件状态。 取值:'."\n"
+ .'- 0:未处理 '."\n"
+ .'-1:处理中 '."\n"
+ .'-5:处理失败 '."\n"
+ .'-10:已处理',
+ 'description' => '事件状态。 取值:'."\n"
+ .'- 0:未处理'."\n"
+ .'- 1:处理中'."\n"
+ .'- 5:处理失败'."\n"
+ .'- 10:已处理',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '0',
+ ],
+ 'AttCkLabels' => [
+ 'title' => 'ATTCT&攻击技术标签集合。',
+ 'description' => 'ATTCT&攻击技术标签集合。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => 'ATTCT&攻击技术标签集合。',
+ 'type' => 'string',
+ 'example' => '["T1595.002 Vulnerability Scanning"]',
+ ],
+ 'example' => '["T1595.002 Vulnerability Scanning"]',
+ ],
+ 'AttckStages' => [
+ 'description' => '攻击阶段列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'type' => 'object',
+ 'properties' => [
+ 'TacticId' => [
+ 'description' => 'ATT&CK攻击阶段ID。',
+ 'type' => 'string',
+ 'example' => 'TA0001',
+ ],
+ 'TacticName' => [
+ 'description' => '攻击阶段名称。',
+ 'type' => 'string',
+ 'example' => 'Persistence',
+ ],
+ 'AlertNum' => [
+ 'description' => '攻击阶段关联告警数量。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '21',
+ ],
+ ],
+ ],
+ ],
+ 'ReferAccount' => [
+ 'description' => '关联账号。',
+ 'type' => 'string',
+ 'example' => '127608589417****',
+ ],
+ 'IncidentType' => [
+ 'description' => '事件类型。'."\n"
+ .'- net-attack:专家规则'."\n"
+ .'- graph:图计算',
+ 'type' => 'string',
+ 'example' => 'graph',
+ ],
+ 'RuleId' => [
+ 'description' => '规则ID。',
+ 'type' => 'string',
+ 'example' => 'crecr-21d7pogu9v4a****',
+ ],
+ 'Remark' => [
+ 'title' => '事件备注。',
+ 'description' => '事件备注。',
+ 'type' => 'string',
+ 'example' => 'dealed',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'example' => '123456',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ 'errorCode' => 'InternalError',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\",\\n \\"Data\\": {\\n \\"PageInfo\\": {\\n \\"CurrentPage\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 100\\n },\\n \\"ResponseData\\": [\\n {\\n \\"GmtCreate\\": \\"2021-01-06 16:37:29\\",\\n \\"GmtModified\\": \\"2021-01-06 16:37:29\\",\\n \\"Aliuid\\": 0,\\n \\"AlertNum\\": 4,\\n \\"AssetNum\\": 4,\\n \\"IncidentUuid\\": \\"85ea4241-798f-4684-a876-65d4f0c3****\\",\\n \\"IncidentName\\": \\"Multiple type of alerts, including Miner Network, Command line download and run malicious files, Backdoor Process, etc\\",\\n \\"IncidentNameEn\\": \\"Multiple type of alerts, including Miner Network, Command line download and run malicious files, Backdoor Process, etc\\",\\n \\"Description\\": \\"The threat event contains 13 Miner Network,1 Execute suspicious encoded commands on Linux, etc\\",\\n \\"DescriptionEn\\": \\"The threat event contains 13 Miner Network,1 Execute suspicious encoded commands on Linux, etc\\",\\n \\"DataSources\\": [\\n \\"[sas,waf]\\"\\n ],\\n \\"ThreatLevel\\": \\"remind\\",\\n \\"ThreatScore\\": 90.2,\\n \\"ExtContent\\": \\"{\\\\\\"event_transfer_type\\\\\\":\\\\\\"customize_rule\\\\\\"}\\",\\n \\"Status\\": 0,\\n \\"AttCkLabels\\": [\\n \\"[\\\\\\"T1595.002 Vulnerability Scanning\\\\\\"]\\"\\n ],\\n \\"AttckStages\\": [\\n {\\n \\"TacticId\\": \\"TA0001\\",\\n \\"TacticName\\": \\"Persistence\\",\\n \\"AlertNum\\": 21\\n }\\n ],\\n \\"ReferAccount\\": \\"127608589417****\\",\\n \\"IncidentType\\": \\"graph\\",\\n \\"RuleId\\": \\"crecr-21d7pogu9v4a****\\",\\n \\"Remark\\": \\"dealed\\"\\n }\\n ]\\n }\\n}","type":"json"}]',
+ 'title' => '获取事件列表',
+ ],
+ 'DescribeCloudSiemEventDetail' => [
+ 'summary' => '获取事件详情。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'http',
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'read',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'get',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsasAFG0OH',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'IncidentUuid',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '事件ID。',
+ 'description' => '事件UUID。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => '85ea4241-798f-4684-a876-65d4f0c3****',
+ ],
+ ],
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '0,单账号登录;1,全局视图;2,切换视图;3,局部视图',
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'PlainResponse<SiemEvent>',
+ 'description' => 'PlainResponse<SiemEvent>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'object',
+ 'properties' => [
+ 'GmtCreate' => [
+ 'title' => '事件发生时间。',
+ 'description' => '事件发生时间。',
+ 'type' => 'string',
+ 'example' => '2021-01-06 16:37:29',
+ ],
+ 'GmtModified' => [
+ 'title' => '事件最后更新时间。',
+ 'description' => '事件最后更新时间。',
+ 'type' => 'string',
+ 'example' => '2021-01-06 16:37:29',
+ ],
+ 'Aliuid' => [
+ 'title' => '事件归属主账号ID。',
+ 'description' => '事件归属主账号ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '127608589417****',
+ ],
+ 'AlertNum' => [
+ 'title' => '事件关联告警数。',
+ 'description' => '事件关联告警数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '4',
+ ],
+ 'AssetNum' => [
+ 'title' => '事件关联资产数。',
+ 'description' => '事件关联资产数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '4',
+ ],
+ 'IncidentUuid' => [
+ 'title' => '事件全局唯一ID。',
+ 'description' => '事件全局唯一UUID。',
+ 'type' => 'string',
+ 'example' => '85ea4241-798f-4684-a876-65d4f0c3****',
+ ],
+ 'IncidentName' => [
+ 'title' => '事件名称。',
+ 'description' => '事件名称。',
+ 'type' => 'string',
+ 'example' => 'Multiple type of alerts, including Miner Network, Command line download and run malicious files, Backdoor Process, etc',
+ ],
+ 'IncidentNameEn' => [
+ 'title' => '事件英文名称。',
+ 'description' => '事件英文名称。',
+ 'type' => 'string',
+ 'example' => 'Multiple type of alerts, including Miner Network, Command line download and run malicious files, Backdoor Process, etc',
+ ],
+ 'Description' => [
+ 'title' => '事件描述。',
+ 'description' => '事件描述。',
+ 'type' => 'string',
+ 'example' => 'The threat event contains 13 Miner Network,1 Execute suspicious encoded commands on Linux, etc',
+ ],
+ 'DescriptionEn' => [
+ 'title' => '事件英文描述。',
+ 'description' => '事件英文描述。',
+ 'type' => 'string',
+ 'example' => 'The threat event contains 13 Miner Network,1 Execute suspicious encoded commands on Linux, etc',
+ ],
+ 'DataSources' => [
+ 'title' => '事件关联告警来源产品。',
+ 'description' => '事件关联告警来源产品。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '事件关联告警来源产品。',
+ 'type' => 'string',
+ 'example' => '[sas,waf]',
+ ],
+ 'example' => '[sas,waf]',
+ ],
+ 'ThreatLevel' => [
+ 'title' => '威胁等级。取值:'."\n"
+ .'- serious:高危'."\n"
+ .'- suspicious:中危'."\n"
+ .'- remind:低危',
+ 'description' => '威胁等级。取值:'."\n"
+ .'- serious:高危'."\n"
+ .'- suspicious:中危'."\n"
+ .'- remind:低危',
+ 'type' => 'string',
+ 'example' => 'remind',
+ ],
+ 'ThreatScore' => [
+ 'title' => '事件的威胁分值, 范围 0~100, 分值越高风险等级越高。',
+ 'description' => '事件的威胁分值, 范围 0~100, 分值越高风险等级越高。',
+ 'type' => 'number',
+ 'format' => 'float',
+ 'example' => '90.2',
+ ],
+ 'ExtContent' => [
+ 'title' => '事件扩展信息 json格式。',
+ 'description' => '事件扩展信息 json格式。',
+ 'type' => 'string',
+ 'example' => '{"event_transfer_type":"customize_rule"}',
+ ],
+ 'Status' => [
+ 'title' => '事件状态。 取值:'."\n"
+ .'- 0:未处理 '."\n"
+ .'-1:处理中 '."\n"
+ .'-5:处理失败 '."\n"
+ .'-10:已处理',
+ 'description' => '事件状态。 取值:'."\n"
+ ."\n"
+ .'- 0:未处理 '."\n"
+ .'- 1:处理中 '."\n"
+ .'- 5:处理失败 '."\n"
+ .'- 10:已处理',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '0',
+ ],
+ 'AttCkLabels' => [
+ 'title' => 'ATTCT&攻击技术标签集合。',
+ 'description' => 'ATTCT&攻击技术标签集合。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => 'ATTCT&攻击技术标签集合。',
+ 'type' => 'string',
+ 'example' => '["T1595.002 Vulnerability Scanning"]',
+ ],
+ 'example' => '["T1595.002 Vulnerability Scanning"]',
+ ],
+ 'AttckStages' => [
+ 'description' => '攻击阶段列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'type' => 'object',
+ 'properties' => [
+ 'TacticId' => [
+ 'description' => 'ATT&CK攻击阶段ID。',
+ 'type' => 'string',
+ 'example' => 'TA0008',
+ ],
+ 'TacticName' => [
+ 'description' => '攻击阶段名称。',
+ 'type' => 'string',
+ 'example' => 'Persistence',
+ ],
+ 'AlertNum' => [
+ 'description' => '攻击阶段关联告警数量。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '21',
+ ],
+ ],
+ ],
+ ],
+ 'ReferAccount' => [
+ 'description' => '关联账号。',
+ 'type' => 'string',
+ 'example' => '17661858****/****,176618448****/****',
+ ],
+ 'IncidentType' => [
+ 'description' => '事件类型。'."\n"
+ .'- net-attack:专家规则'."\n"
+ .'- graph:图计算'."\n"
+ .'- singleToSingle:告警透传'."\n"
+ .'- allToSingle:告警聚合',
+ 'type' => 'string',
+ 'example' => 'graph',
+ ],
+ 'RuleId' => [
+ 'description' => '事件生成规则。',
+ 'type' => 'string',
+ 'example' => 'net-attack/101',
+ ],
+ 'Remark' => [
+ 'title' => '事件备注。',
+ 'description' => '事件备注。',
+ 'type' => 'string',
+ 'example' => 'dealed',
+ ],
+ ],
+ 'example' => '123456',
+ ],
+ 'Success' => [
+ 'title' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'description' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'Code' => [
+ 'title' => '请求状态码。',
+ 'description' => '请求状态码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '200',
+ ],
+ 'Message' => [
+ 'title' => '请求返回消息。',
+ 'description' => '请求返回消息。',
+ 'type' => 'string',
+ 'example' => 'success',
+ ],
+ 'RequestId' => [
+ 'title' => '请求id。',
+ 'description' => '请求ID。',
+ 'type' => 'string',
+ 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ 'errorCode' => 'InternalError',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"GmtCreate\\": \\"2021-01-06 16:37:29\\",\\n \\"GmtModified\\": \\"2021-01-06 16:37:29\\",\\n \\"Aliuid\\": 0,\\n \\"AlertNum\\": 4,\\n \\"AssetNum\\": 4,\\n \\"IncidentUuid\\": \\"85ea4241-798f-4684-a876-65d4f0c3****\\",\\n \\"IncidentName\\": \\"Multiple type of alerts, including Miner Network, Command line download and run malicious files, Backdoor Process, etc\\",\\n \\"IncidentNameEn\\": \\"Multiple type of alerts, including Miner Network, Command line download and run malicious files, Backdoor Process, etc\\",\\n \\"Description\\": \\"The threat event contains 13 Miner Network,1 Execute suspicious encoded commands on Linux, etc\\",\\n \\"DescriptionEn\\": \\"The threat event contains 13 Miner Network,1 Execute suspicious encoded commands on Linux, etc\\",\\n \\"DataSources\\": [\\n \\"[sas,waf]\\"\\n ],\\n \\"ThreatLevel\\": \\"remind\\",\\n \\"ThreatScore\\": 90.2,\\n \\"ExtContent\\": \\"{\\\\\\"event_transfer_type\\\\\\":\\\\\\"customize_rule\\\\\\"}\\",\\n \\"Status\\": 0,\\n \\"AttCkLabels\\": [\\n \\"[\\\\\\"T1595.002 Vulnerability Scanning\\\\\\"]\\"\\n ],\\n \\"AttckStages\\": [\\n {\\n \\"TacticId\\": \\"TA0008\\",\\n \\"TacticName\\": \\"Persistence\\",\\n \\"AlertNum\\": 21\\n }\\n ],\\n \\"ReferAccount\\": \\"17661858****/****,176618448****/****\\",\\n \\"IncidentType\\": \\"graph\\",\\n \\"RuleId\\": \\"net-attack/101\\",\\n \\"Remark\\": \\"dealed\\"\\n },\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]',
+ 'title' => '获取事件详情',
+ ],
+ 'DescribeCloudSiemAssetsCounter' => [
+ 'summary' => '获取事件关联各类型资产计数。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'https',
+ 'http',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'get',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'IncidentUuid',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '事件id。',
+ 'description' => '事件UUID。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => '85ea4241-798f-4684-a876-65d4f0c3****',
+ ],
+ ],
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'PlainResponse<List<CloudSiemEventAssetCounter>>',
+ 'description' => 'PlainResponse<List<CloudSiemEventAssetCounter>>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'array',
+ 'items' => [
+ 'type' => 'object',
+ 'properties' => [
+ 'AssetType' => [
+ 'title' => '资产类型。取值:'."\n"
+ .'- ip:ip'."\n"
+ .'- domain:域名'."\n"
+ .'- url:url'."\n"
+ .'- process:进程'."\n"
+ .'- file:文件'."\n"
+ .'- host:主机',
+ 'description' => '资产类型。取值:'."\n"
+ .'- ip:ip'."\n"
+ .'- domain:域名'."\n"
+ .'- url:url'."\n"
+ .'- process:进程'."\n"
+ .'- file:文件'."\n"
+ .'- host:主机',
+ 'type' => 'string',
+ 'example' => 'domain',
+ ],
+ 'AssetNum' => [
+ 'title' => '资产数量。',
+ 'description' => '资产数量。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '1',
+ ],
+ ],
+ ],
+ 'example' => '123456',
+ ],
+ 'Success' => [
+ 'title' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'description' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'Code' => [
+ 'title' => '请求状态码。',
+ 'description' => '请求状态码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '200',
+ ],
+ 'Message' => [
+ 'title' => '请求返回消息。',
+ 'description' => '请求返回消息。',
+ 'type' => 'string',
+ 'example' => 'success',
+ ],
+ 'RequestId' => [
+ 'title' => '请求id。',
+ 'description' => '请求ID。',
+ 'type' => 'string',
+ 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ 'errorCode' => 'InternalError',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"AssetType\\": \\"domain\\",\\n \\"AssetNum\\": 1\\n }\\n ],\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]',
+ 'title' => '获取事件关联各类型资产计数',
+ ],
+ 'DescribeCloudSiemAssets' => [
+ 'summary' => '获取事件关联资产列表。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'https',
+ 'http',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'list',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'IncidentUuid',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '事件ID。',
+ 'description' => '事件UUID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '85ea4241-798f-4684-a876-65d4f0c3****',
+ ],
+ ],
+ [
+ 'name' => 'AssetType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '资产类型。取值:'."\n"
+ .'- ip:ip'."\n"
+ .'- domain:域名'."\n"
+ .'- url:url'."\n"
+ .'- process:进程'."\n"
+ .'- file:文件'."\n"
+ .'- host:主机',
+ 'description' => '资产类型。取值:'."\n"
+ .'- ip:ip'."\n"
+ .'- domain:域名'."\n"
+ .'- url:url'."\n"
+ .'- process:进程'."\n"
+ .'- file:文件'."\n"
+ .'- host:主机',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'ip',
+ ],
+ ],
+ [
+ 'name' => 'AssetName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '资产名称。',
+ 'description' => '资产名称。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'test123',
+ ],
+ ],
+ [
+ 'name' => 'AssetUuid',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '资产uuid。',
+ 'description' => '资产uuid。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '123456-2222-3333-5555-3435345****',
+ ],
+ ],
+ [
+ 'name' => 'CurrentPage',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '列表当前页号, 大于等于1。',
+ 'description' => '列表当前页号, 大于等于1。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => true,
+ 'minimum' => '1',
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'PageSize',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '列表每页条数, 最大不超过100。',
+ 'description' => '列表每页条数, 最大不超过100。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => true,
+ 'maximum' => '100',
+ 'minimum' => '1',
+ 'example' => '10',
+ ],
+ ],
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '0,单账号登录;1,全局视图;2,切换视图;3,局部视图',
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'PageResponse<List<AssetInfo>>',
+ 'description' => 'PageResponse<List<AssetInfo>>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Success' => [
+ 'title' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'description' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'Code' => [
+ 'title' => '请求状态码。',
+ 'description' => '请求状态码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '200',
+ ],
+ 'Message' => [
+ 'title' => '请求返回消息。',
+ 'description' => '请求返回消息。',
+ 'type' => 'string',
+ 'example' => 'success',
+ ],
+ 'RequestId' => [
+ 'title' => '请求id。',
+ 'description' => '请求ID。',
+ 'type' => 'string',
+ 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****',
+ ],
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'object',
+ 'properties' => [
+ 'PageInfo' => [
+ 'title' => '分页记录。',
+ 'description' => '分页记录。',
+ 'type' => 'object',
+ 'properties' => [
+ 'CurrentPage' => [
+ 'title' => '列表当前页号。',
+ 'description' => '列表当前页号。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '1',
+ ],
+ 'PageSize' => [
+ 'title' => '每页返回记录数。',
+ 'description' => '每页返回记录数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '10',
+ ],
+ 'TotalCount' => [
+ 'title' => '记录总数。',
+ 'description' => '记录总数。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '100',
+ ],
+ ],
+ ],
+ 'ResponseData' => [
+ 'title' => '详细数据。',
+ 'description' => '详细数据。',
+ 'type' => 'array',
+ 'items' => [
+ 'type' => 'object',
+ 'properties' => [
+ 'Id' => [
+ 'title' => '资产ID。',
+ 'description' => '资产ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '123',
+ ],
+ 'GmtCreate' => [
+ 'title' => '资产同步时间。',
+ 'description' => '资产同步时间。',
+ 'type' => 'string',
+ 'example' => '2021-01-06 16:37:29',
+ ],
+ 'GmtModified' => [
+ 'title' => '资产最后更新时间。',
+ 'description' => '资产最后更新时间。',
+ 'type' => 'string',
+ 'example' => '2021-01-06 16:37:29',
+ ],
+ 'Aliuid' => [
+ 'title' => 'siem主账号ID。',
+ 'description' => 'siem主账号ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '1276085894174392',
+ ],
+ 'SubUserId' => [
+ 'title' => '资产关联账号ID。',
+ 'description' => '资产关联账号ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '176555323***',
+ ],
+ 'IncidentUuid' => [
+ 'title' => '事件ID。',
+ 'description' => '事件UUID。',
+ 'type' => 'string',
+ 'example' => '85ea4241-798f-4684-a876-65d4f0c3****',
+ ],
+ 'AlertUuid' => [
+ 'title' => '事件关联告警ID。',
+ 'description' => '事件关联告警UUID。',
+ 'type' => 'string',
+ 'example' => 'sas_71e24437d2797ce8fc59692905a4****',
+ ],
+ 'AssetName' => [
+ 'title' => '资产名称。',
+ 'description' => '资产名称。',
+ 'type' => 'string',
+ 'example' => 'zsw-agentless-centos****',
+ ],
+ 'AssetType' => [
+ 'title' => '资产类型。取值:'."\n"
+ .'- ip:ip'."\n"
+ .'- domain:域名'."\n"
+ .'- url:url'."\n"
+ .'- process:进程'."\n"
+ .'- file:文件'."\n"
+ .'- host:主机',
+ 'description' => '资产类型。取值:'."\n"
+ .'- ip:ip'."\n"
+ .'- domain:域名'."\n"
+ .'- url:url'."\n"
+ .'- process:进程'."\n"
+ .'- file:文件'."\n"
+ .'- host:主机',
+ 'type' => 'string',
+ 'example' => 'domain',
+ ],
+ 'AssetInfo' => [
+ 'title' => '资产展示信息 json数组格式。',
+ 'description' => '资产展示信息 json数组格式。',
+ 'type' => 'array',
+ 'items' => [
+ 'type' => 'object',
+ 'properties' => [
+ 'Key' => [
+ 'title' => '告警详细属性key。',
+ 'description' => '告警详细属性key。',
+ 'type' => 'string',
+ 'example' => 'suspicious.wbd.wb.trojanpath',
+ ],
+ 'KeyName' => [
+ 'title' => '告警详细数据名称。',
+ 'description' => '告警详细数据名称。',
+ 'type' => 'string',
+ 'example' => 'Trojan Path',
+ ],
+ 'Values' => [
+ 'title' => '告警详细数据值。',
+ 'description' => '告警详细数据值。',
+ 'type' => 'string',
+ 'example' => '/root/test33.php',
+ ],
+ ],
+ ],
+ 'example' => '[{"KeyName": "${aliyun.siem.asset.asset_name}","Values": "zsw-agentless-ubuntu20","Key": "asset_name"}]',
+ ],
+ 'AssetId' => [
+ 'title' => '资产逻辑ID。',
+ 'description' => '资产逻辑ID。',
+ 'type' => 'string',
+ 'example' => '0616caeb-acb8-45e0-8520-4ee5fbe251f0',
+ ],
+ 'CloudCode' => [
+ 'title' => '实体来源云code。 取值:'."\n"
+ .'- aliyun:阿里云'."\n"
+ .'- qcloud:腾讯云'."\n"
+ .'- hcloud:华为云',
+ 'description' => '实体来源云Code。 取值:'."\n"
+ .'- aliyun:阿里云'."\n"
+ .'- qcloud:腾讯云'."\n"
+ .'- hcloud:华为云',
+ 'type' => 'string',
+ 'example' => 'aliyun',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'example' => '123456',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ 'errorCode' => 'InternalError',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\",\\n \\"Data\\": {\\n \\"PageInfo\\": {\\n \\"CurrentPage\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 100\\n },\\n \\"ResponseData\\": [\\n {\\n \\"Id\\": 123,\\n \\"GmtCreate\\": \\"2021-01-06 16:37:29\\",\\n \\"GmtModified\\": \\"2021-01-06 16:37:29\\",\\n \\"Aliuid\\": 1276085894174392,\\n \\"SubUserId\\": 0,\\n \\"IncidentUuid\\": \\"85ea4241-798f-4684-a876-65d4f0c3****\\",\\n \\"AlertUuid\\": \\"sas_71e24437d2797ce8fc59692905a4****\\",\\n \\"AssetName\\": \\"zsw-agentless-centos****\\",\\n \\"AssetType\\": \\"domain\\",\\n \\"AssetInfo\\": [\\n {\\n \\"Key\\": \\"suspicious.wbd.wb.trojanpath\\",\\n \\"KeyName\\": \\"Trojan Path\\",\\n \\"Values\\": \\"/root/test33.php\\"\\n }\\n ],\\n \\"AssetId\\": \\"0616caeb-acb8-45e0-8520-4ee5fbe251f0\\",\\n \\"CloudCode\\": \\"aliyun\\"\\n }\\n ]\\n }\\n}","type":"json"}]',
+ 'title' => '获取事件关联资产列表',
+ ],
+ 'DescribeAlertsWithEvent' => [
+ 'summary' => '获取事件关联的告警列表。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'http',
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'read',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'get',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsasAFG0OH',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'IncidentUuid',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '事件ID。',
+ 'description' => '事件ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '85ea4241-798f-4684-a876-65d4f0c3****',
+ ],
+ ],
+ [
+ 'name' => 'Level',
+ 'in' => 'formData',
+ 'style' => 'repeatList',
+ 'schema' => [
+ 'title' => '威胁等级,格式为json数组。取值:'."\n"
+ .'- serious:高危'."\n"
+ .'- suspicious:中危'."\n"
+ .'- remind:低危',
+ 'description' => '威胁等级,格式为json数组。取值:'."\n"
+ .'- serious:高危。'."\n"
+ .'- suspicious:中危。'."\n"
+ .'- remind:低危。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '威胁等级,格式为json数组。取值:'."\n"
+ ."\n"
+ .'- serious:高危。'."\n"
+ .'- suspicious:中危。'."\n"
+ .'- remind:低危。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '["remind","serious"]'."\n",
+ ],
+ 'required' => false,
+ 'example' => '["serious","suspicious","remind"]',
+ 'maxItems' => 100,
+ ],
+ ],
+ [
+ 'name' => 'AlertTitle',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '告警标题。',
+ 'description' => '告警标题。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'Scan-Try SNMP weak password'."\n",
+ ],
+ ],
+ [
+ 'name' => 'AlertType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '告警类型。',
+ 'description' => '告警类型。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'Scan',
+ ],
+ ],
+ [
+ 'name' => 'AlertName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '告警名称。',
+ 'description' => '告警名称。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'Try SNMP weak password',
+ ],
+ ],
+ [
+ 'name' => 'AssetName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '资产名称。',
+ 'description' => '资产名称。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'hostname-****',
+ ],
+ ],
+ [
+ 'name' => 'AssetId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '资产id。',
+ 'description' => '资产id。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '09414e9ebaa9c19b84d851abb91d****',
+ ],
+ ],
+ [
+ 'name' => 'EntityName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '实体名称。',
+ 'description' => '实体名称。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'launch-advisor-*****',
+ ],
+ ],
+ [
+ 'name' => 'EntityId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '实体id。',
+ 'description' => '实体id。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '21034e803f492b926cea9e5beab4****',
+ ],
+ ],
+ [
+ 'name' => 'SubUserId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '告警关联账号ID。',
+ 'description' => '告警关联账号ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '176555323***',
+ ],
+ ],
+ [
+ 'name' => 'Source',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '告警数据源。',
+ 'description' => '告警数据源。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'sas',
+ ],
+ ],
+ [
+ 'name' => 'IsDefend',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '是否已防御',
+ 'description' => '是否已防御。取值:'."\n"
+ ."\n"
+ .'- 0:检出'."\n"
+ .'- 1:拦截',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'StartTime',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '查询开始时间, 单位毫秒。',
+ 'description' => '查询开始时间, 单位毫秒。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '1577808000000',
+ ],
+ ],
+ [
+ 'name' => 'EndTime',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '查询结束时间, 单位毫秒。',
+ 'description' => '查询结束时间, 单位毫秒。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '1577808000000',
+ ],
+ ],
+ [
+ 'name' => 'CurrentPage',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '列表当前页号, 大于等于1。',
+ 'description' => '列表当前页号, 大于等于1。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => true,
+ 'minimum' => '1',
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'PageSize',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '列表每页条数, 最大不超过100。',
+ 'description' => '列表每页条数, 最大不超过100。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => true,
+ 'maximum' => '100',
+ 'minimum' => '1',
+ 'example' => '10',
+ ],
+ ],
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '0,单账号登录;1,全局视图;2,切换视图;3,局部视图',
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '资源目录成员账号ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'PageResponse<List<AlertDetail>>',
+ 'description' => 'PageResponse<List<AlertDetail>>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Success' => [
+ 'title' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'description' => '请求是否成功。取值:'."\n"
+ .'- true:成功。'."\n"
+ .'- false:失败。',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'Code' => [
+ 'title' => '请求状态码。',
+ 'description' => '请求状态码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '200',
+ ],
+ 'Message' => [
+ 'title' => '请求返回消息。',
+ 'description' => '请求返回消息。',
+ 'type' => 'string',
+ 'example' => 'success',
+ ],
+ 'RequestId' => [
+ 'title' => '请求id。',
+ 'description' => '请求ID。',
+ 'type' => 'string',
+ 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****',
+ ],
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'object',
+ 'properties' => [
+ 'PageInfo' => [
+ 'title' => '分页记录。',
+ 'description' => '分页记录。',
+ 'type' => 'object',
+ 'properties' => [
+ 'CurrentPage' => [
+ 'title' => '列表当前页号。',
+ 'description' => '列表当前页号。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '1',
+ ],
+ 'PageSize' => [
+ 'title' => '每页返回记录数。',
+ 'description' => '每页返回记录数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '10',
+ ],
+ 'TotalCount' => [
+ 'title' => '记录总数。',
+ 'description' => '记录总数。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '100',
+ ],
+ ],
+ ],
+ 'ResponseData' => [
+ 'title' => '详细数据。',
+ 'description' => '详细数据。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '详细数据。',
+ 'type' => 'object',
+ 'properties' => [
+ 'Id' => [
+ 'title' => '告警唯一ID。',
+ 'description' => '告警唯一ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '123456789',
+ ],
+ 'GmtCreate' => [
+ 'title' => '告警入库时间。',
+ 'description' => '告警入库时间。',
+ 'type' => 'string',
+ 'example' => '2021-01-06 16:37:29',
+ ],
+ 'GmtModified' => [
+ 'title' => '告警最后更新时间。',
+ 'description' => '告警最后更新时间。',
+ 'type' => 'string',
+ 'example' => '2021-01-06 16:37:29',
+ ],
+ 'MainUserId' => [
+ 'title' => '告警关联siem主账号ID。',
+ 'description' => '告警关联siem主账号ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '127608589417****',
+ ],
+ 'IncidentUuid' => [
+ 'title' => '事件全局唯一id。',
+ 'description' => '事件全局唯一UUID。',
+ 'type' => 'string',
+ 'example' => '85ea4241-798f-4684-a876-65d4f0c3****',
+ ],
+ 'AlertUuid' => [
+ 'title' => '告警id。',
+ 'description' => '告警UUID。',
+ 'type' => 'string',
+ 'example' => 'sas_71e24437d2797ce8fc59692905a4****',
+ ],
+ 'LogTime' => [
+ 'title' => '告警记录时间。',
+ 'description' => '告警记录时间。',
+ 'type' => 'string',
+ 'example' => '2021-01-06 16:37:29',
+ ],
+ 'AlertSrcProd' => [
+ 'title' => '事件关联告警来源产品。',
+ 'description' => '事件关联告警来源产品。',
+ 'type' => 'string',
+ 'example' => 'sas',
+ ],
+ 'AlertTitle' => [
+ 'title' => '告警标题。',
+ 'description' => '告警标题。',
+ 'type' => 'string',
+ 'example' => 'Scan-Try SNMP weak password',
+ ],
+ 'AlertTitleEn' => [
+ 'title' => '告警标题英文。',
+ 'description' => '告警标题英文。',
+ 'type' => 'string',
+ 'example' => 'Scan-Try SNMP weak password',
+ ],
+ 'AlertType' => [
+ 'title' => '告警类型。',
+ 'description' => '告警类型。',
+ 'type' => 'string',
+ 'example' => 'Scan',
+ ],
+ 'AlertTypeEn' => [
+ 'title' => '告警类型英文。',
+ 'description' => '告警类型英文。',
+ 'type' => 'string',
+ 'example' => 'Scan',
+ ],
+ 'AlertTypeCode' => [
+ 'title' => '告警类型美杜莎code。',
+ 'description' => '告警类型美杜莎Code。',
+ 'type' => 'string',
+ 'example' => 'security_event_config.event_name.webshellName',
+ ],
+ 'AlertName' => [
+ 'title' => '告警名称。',
+ 'description' => '告警名称。',
+ 'type' => 'string',
+ 'example' => 'Try SNMP weak password',
+ ],
+ 'AlertNameEn' => [
+ 'title' => '告警名称。',
+ 'description' => '告警名称。',
+ 'type' => 'string',
+ 'example' => 'Try SNMP weak password',
+ ],
+ 'AlertNameCode' => [
+ 'title' => '告警名称美杜莎code。',
+ 'description' => '告警名称美杜莎Code。',
+ 'type' => 'string',
+ 'example' => 'security_event_config.event_name.webshell',
+ ],
+ 'AlertLevel' => [
+ 'title' => '威胁等级。 取值:'."\n"
+ .'- serious:高危'."\n"
+ .'- suspicious:中危'."\n"
+ .'- remind:低危',
+ 'description' => '威胁等级。取值:'."\n"
+ .'- serious:高危。'."\n"
+ .'- suspicious:中危。'."\n"
+ .'- remind:低危。',
+ 'type' => 'string',
+ 'example' => 'remind',
+ ],
+ 'AssetList' => [
+ 'title' => '资产列表。',
+ 'description' => '资产列表。',
+ 'type' => 'string',
+ 'example' => '['."\n"
+ .' {'."\n"
+ .' "is_main_asset": "1",'."\n"
+ .' "asset_name": "47.245.*",'."\n"
+ .' "port": "22",'."\n"
+ .' "ip": "47.245.*",'."\n"
+ .' "asset_type": "ip",'."\n"
+ .' "location": "ap-southeast-1",'."\n"
+ .' "asset_id": "47.245.*",'."\n"
+ .' "net_connect_dir": "in"'."\n"
+ .' }'."\n"
+ .']',
+ ],
+ 'OccurTime' => [
+ 'title' => '告警发生时间。',
+ 'description' => '告警发生时间。',
+ 'type' => 'string',
+ 'example' => '2021-01-06 16:37:29',
+ ],
+ 'StartTime' => [
+ 'title' => '告警首次发生时间。',
+ 'description' => '告警首次发生时间。',
+ 'type' => 'string',
+ 'example' => '2021-01-06 16:37:29',
+ ],
+ 'EndTime' => [
+ 'title' => '告警结束时间。',
+ 'description' => '告警结束时间。',
+ 'type' => 'string',
+ 'example' => '2021-01-06 16:37:29',
+ ],
+ 'AlertSrcProdModule' => [
+ 'title' => '事件关联告警来源产品子模块。',
+ 'description' => '事件关联告警来源产品子模块。',
+ 'type' => 'string',
+ 'example' => 'waf',
+ ],
+ 'AlertDesc' => [
+ 'title' => '告警描述。',
+ 'description' => '告警描述。',
+ 'type' => 'string',
+ 'example' => 'The detection model found a suspicious Webshell file on your server, which may be a backdoor file implanted to maintain permissions after the attacker successfully invaded the website.',
+ ],
+ 'AlertDescEn' => [
+ 'title' => '告警英文描述。',
+ 'description' => '告警英文描述。',
+ 'type' => 'string',
+ 'example' => 'The detection model found a suspicious Webshell file on your server, which may be a backdoor file implanted to maintain permissions after the attacker successfully invaded the website.',
+ ],
+ 'AlertDescCode' => [
+ 'title' => '告警描述美杜莎code。',
+ 'description' => '告警描述美杜莎Code。',
+ 'type' => 'string',
+ 'example' => 'security_event_config.event_name.webshell'."\n",
+ ],
+ 'AlertDetail' => [
+ 'title' => '告警详情。',
+ 'description' => '告警详情。',
+ 'type' => 'string',
+ 'example' => '{"main_user_id": "165295629792****";"log_uuid_count": "99";"attack_ip": "21.92.*.*"}',
+ ],
+ 'LogUuid' => [
+ 'title' => '告警log UUID。',
+ 'description' => '告警日志UUID。',
+ 'type' => 'string',
+ 'example' => 'cfw_d12e285a-a042-4d7e-be89-f8a795ef****',
+ ],
+ 'EntityList' => [
+ 'title' => '实体详情(标准化/开启索引)',
+ 'description' => '实体详情。',
+ 'type' => 'string',
+ 'example' => '[{&quot;entity_user_id&quot;:&quot;198921674491****&quot;,&quot;entity_account_id&quot;:&quot;N/A&quot;,&quot;entity_uuid&quot;:&quot;6245f979d5dd9ef8dd19bdc72228****&quot;,&quot;entity_type&quot;:&quot;host&quot;,&quot;entity_name&quot;:&quot;zhh-test-20240409&quot;,&quot;is_comprised&quot;:&quot;1&quot;,&quot;os_type&quot;:&quot;linux&quot;,&quot;entity_id&quot;:&quot;a88f44dd-b8d4-4ded-831c-77a4835****&quot;,&quot;host_uuid&quot;:&quot;a88f44dd-b8d4-4ded-831c-77a4835****&quot;,&quot;host_name&quot;:&quot;zhh-test-2024****&quot;}]',
+ ],
+ 'AttCk' => [
+ 'title' => 'ATTCT&攻击技术标签。',
+ 'description' => 'ATTCT&攻击技术标签。',
+ 'type' => 'string',
+ 'example' => 'T1595.002 Vulnerability Scanning',
+ ],
+ 'SubUserId' => [
+ 'title' => '产生告警阿里账号ID。',
+ 'description' => '产生告警阿里账号ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '176555323***',
+ ],
+ 'SubUserName' => [
+ 'title' => '产生告警阿里账号ID。',
+ 'description' => '产生告警阿里账号ID。',
+ 'type' => 'string',
+ 'example' => '176555323***',
+ ],
+ 'CloudCode' => [
+ 'title' => '云code。 取值:'."\n"
+ .'- aliyun:阿里云'."\n"
+ .'- qcloud:腾讯云'."\n"
+ .'- hcloud:华为云',
+ 'description' => '云code。 取值:'."\n"
+ .'- aliyun:阿里云。'."\n"
+ .'- qcloud:腾讯云。'."\n"
+ .'- hcloud:华为云。',
+ 'type' => 'string',
+ 'example' => 'aliyun',
+ ],
+ 'IsDefend' => [
+ 'title' => '是否已防御',
+ 'description' => '是否已防御。取值:'."\n"
+ ."\n"
+ .'- 0:检出。'."\n"
+ .'- 1:拦截。',
+ 'type' => 'string',
+ 'example' => '1',
+ ],
+ 'AlertInfoList' => [
+ 'title' => '告警详细数据。',
+ 'description' => '告警详细数据。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '告警详细数据。',
+ 'type' => 'object',
+ 'properties' => [
+ 'Key' => [
+ 'title' => '告警详细属性key。',
+ 'description' => '告警详细属性KEY。',
+ 'type' => 'string',
+ 'example' => 'suspicious.wbd.wb.trojanpath',
+ ],
+ 'KeyName' => [
+ 'title' => '告警详细数据名称。',
+ 'description' => '告警详细数据名称。',
+ 'type' => 'string',
+ 'example' => 'Trojan Path'."\n",
+ ],
+ 'Values' => [
+ 'title' => '告警详细数据值。',
+ 'description' => '告警详细数据值。',
+ 'type' => 'string',
+ 'example' => '/root/test33.php',
+ ],
+ ],
+ ],
+ 'example' => 'aliyun',
+ ],
+ 'ExtendContent' => [
+ 'description' => '告警扩展信息。',
+ 'type' => 'string',
+ 'example' => '{"main_user_id": "165295629792****";"log_uuid_count": "99****"}',
+ ],
+ 'ProductId' => [
+ 'description' => '产品ID。',
+ 'type' => 'string',
+ 'example' => 'alibaba_cloud_sas',
+ ],
+ 'VendorId' => [
+ 'description' => '云code。 取值:'."\n"
+ .'- aliyun:阿里云。'."\n"
+ .'- qcloud:腾讯云。'."\n"
+ .'- hcloud:华为云。',
+ 'type' => 'string',
+ 'example' => 'aliyun',
+ ],
+ 'DetectionRuleId' => [
+ 'description' => '检测规则ID。',
+ 'type' => 'string',
+ 'example' => 'dr-48zs4tk7qfd4rjd9****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'example' => '123456',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ 'errorCode' => 'InternalError',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\",\\n \\"Data\\": {\\n \\"PageInfo\\": {\\n \\"CurrentPage\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 100\\n },\\n \\"ResponseData\\": [\\n {\\n \\"Id\\": 123456789,\\n \\"GmtCreate\\": \\"2021-01-06 16:37:29\\",\\n \\"GmtModified\\": \\"2021-01-06 16:37:29\\",\\n \\"MainUserId\\": 0,\\n \\"IncidentUuid\\": \\"85ea4241-798f-4684-a876-65d4f0c3****\\",\\n \\"AlertUuid\\": \\"sas_71e24437d2797ce8fc59692905a4****\\",\\n \\"LogTime\\": \\"2021-01-06 16:37:29\\",\\n \\"AlertSrcProd\\": \\"sas\\",\\n \\"AlertTitle\\": \\"Scan-Try SNMP weak password\\",\\n \\"AlertTitleEn\\": \\"Scan-Try SNMP weak password\\",\\n \\"AlertType\\": \\"Scan\\",\\n \\"AlertTypeEn\\": \\"Scan\\",\\n \\"AlertTypeCode\\": \\"security_event_config.event_name.webshellName\\",\\n \\"AlertName\\": \\"Try SNMP weak password\\",\\n \\"AlertNameEn\\": \\"Try SNMP weak password\\",\\n \\"AlertNameCode\\": \\"security_event_config.event_name.webshell\\",\\n \\"AlertLevel\\": \\"remind\\",\\n \\"AssetList\\": \\"[\\\\n {\\\\n \\\\\\"is_main_asset\\\\\\": \\\\\\"1\\\\\\",\\\\n \\\\\\"asset_name\\\\\\": \\\\\\"47.245.*\\\\\\",\\\\n \\\\\\"port\\\\\\": \\\\\\"22\\\\\\",\\\\n \\\\\\"ip\\\\\\": \\\\\\"47.245.*\\\\\\",\\\\n \\\\\\"asset_type\\\\\\": \\\\\\"ip\\\\\\",\\\\n \\\\\\"location\\\\\\": \\\\\\"ap-southeast-1\\\\\\",\\\\n \\\\\\"asset_id\\\\\\": \\\\\\"47.245.*\\\\\\",\\\\n \\\\\\"net_connect_dir\\\\\\": \\\\\\"in\\\\\\"\\\\n }\\\\n]\\",\\n \\"OccurTime\\": \\"2021-01-06 16:37:29\\",\\n \\"StartTime\\": \\"2021-01-06 16:37:29\\",\\n \\"EndTime\\": \\"2021-01-06 16:37:29\\",\\n \\"AlertSrcProdModule\\": \\"waf\\",\\n \\"AlertDesc\\": \\"The detection model found a suspicious Webshell file on your server, which may be a backdoor file implanted to maintain permissions after the attacker successfully invaded the website.\\",\\n \\"AlertDescEn\\": \\"The detection model found a suspicious Webshell file on your server, which may be a backdoor file implanted to maintain permissions after the attacker successfully invaded the website.\\",\\n \\"AlertDescCode\\": \\"security_event_config.event_name.webshell\\\\n\\",\\n \\"AlertDetail\\": \\"{\\\\\\"main_user_id\\\\\\": \\\\\\"165295629792****\\\\\\";\\\\\\"log_uuid_count\\\\\\": \\\\\\"99\\\\\\";\\\\\\"attack_ip\\\\\\": \\\\\\"21.92.*.*\\\\\\"}\\",\\n \\"LogUuid\\": \\"cfw_d12e285a-a042-4d7e-be89-f8a795ef****\\",\\n \\"EntityList\\": \\"[{&quot;entity_user_id&quot;:&quot;198921674491****&quot;,&quot;entity_account_id&quot;:&quot;N/A&quot;,&quot;entity_uuid&quot;:&quot;6245f979d5dd9ef8dd19bdc72228****&quot;,&quot;entity_type&quot;:&quot;host&quot;,&quot;entity_name&quot;:&quot;zhh-test-20240409&quot;,&quot;is_comprised&quot;:&quot;1&quot;,&quot;os_type&quot;:&quot;linux&quot;,&quot;entity_id&quot;:&quot;a88f44dd-b8d4-4ded-831c-77a4835****&quot;,&quot;host_uuid&quot;:&quot;a88f44dd-b8d4-4ded-831c-77a4835****&quot;,&quot;host_name&quot;:&quot;zhh-test-2024****&quot;}]\\",\\n \\"AttCk\\": \\"T1595.002 Vulnerability Scanning\\",\\n \\"SubUserId\\": 0,\\n \\"SubUserName\\": \\"176555323***\\",\\n \\"CloudCode\\": \\"aliyun\\",\\n \\"IsDefend\\": \\"1\\",\\n \\"AlertInfoList\\": [\\n {\\n \\"Key\\": \\"suspicious.wbd.wb.trojanpath\\",\\n \\"KeyName\\": \\"Trojan Path\\\\n\\",\\n \\"Values\\": \\"/root/test33.php\\"\\n }\\n ],\\n \\"ExtendContent\\": \\"{\\\\\\"main_user_id\\\\\\": \\\\\\"165295629792****\\\\\\";\\\\\\"log_uuid_count\\\\\\": \\\\\\"99****\\\\\\"}\\",\\n \\"ProductId\\": \\"alibaba_cloud_sas\\",\\n \\"VendorId\\": \\"aliyun\\",\\n \\"DetectionRuleId\\": \\"dr-48zs4tk7qfd4rjd9****\\"\\n }\\n ]\\n }\\n}","type":"json"}]',
+ 'title' => '获取事件关联的告警列表',
+ ],
+ 'DescribeAlertSourceWithEvent' => [
+ 'summary' => '获取事件关联告警数据源列表。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'https',
+ 'http',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'get',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'IncidentUuid',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '事件全局唯一id。',
+ 'description' => '事件全局唯一ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '85ea4241-798f-4684-a876-65d4f0c3****',
+ ],
+ ],
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ ."\n"
+ .'- cn-hangzhou:资产属于中国'."\n"
+ .'- ap-southeast-1:资产属于全球(不含中国)',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'BaseResponse<List<AlertSource>>',
+ 'description' => 'BaseResponse<List<AlertSource>>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'array',
+ 'items' => [
+ 'type' => 'object',
+ 'properties' => [
+ 'SourceName' => [
+ 'title' => '告警数据源名称。',
+ 'description' => '告警数据源名称。',
+ 'type' => 'string',
+ 'example' => 'sas',
+ ],
+ 'Source' => [
+ 'title' => '告警数据源名称美杜莎code。',
+ 'description' => '告警数据源名称美杜莎code。',
+ 'type' => 'string',
+ 'example' => 'aliyun.siem.alert_datasource.sas',
+ ],
+ ],
+ ],
+ 'example' => '123456',
+ ],
+ 'Success' => [
+ 'title' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'description' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'Code' => [
+ 'title' => '请求状态码。',
+ 'description' => '请求状态码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '200',
+ ],
+ 'Message' => [
+ 'title' => '请求返回消息。',
+ 'description' => '请求返回消息。',
+ 'type' => 'string',
+ 'example' => 'success',
+ ],
+ 'RequestId' => [
+ 'title' => '请求id。',
+ 'description' => '请求ID。',
+ 'type' => 'string',
+ 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ 'errorCode' => 'InternalError',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"SourceName\\": \\"sas\\",\\n \\"Source\\": \\"aliyun.siem.alert_datasource.sas\\"\\n }\\n ],\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]',
+ 'title' => '获取事件关联告警数据源列表',
+ ],
+ 'DescribeAlertType' => [
+ 'summary' => '获取自定义规则可选威胁类型列表。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'https',
+ 'http',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'get',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RuleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '规则类型。 取值:'."\n"
+ .'- predefine:预定义'."\n"
+ .'- customize:自定义',
+ 'description' => '规则类型。 取值:'."\n"
+ .'- predefine:预定义'."\n"
+ .'- customize:自定义',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'customize',
+ ],
+ ],
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'PlainResponse<List<AlertType>>',
+ 'description' => 'PlainResponse<List<AlertType>>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'array',
+ 'items' => [
+ 'type' => 'object',
+ 'properties' => [
+ 'AlertType' => [
+ 'title' => '威胁类型。',
+ 'description' => '威胁类型。',
+ 'type' => 'string',
+ 'example' => 'WEBSHELL',
+ ],
+ 'AlertTypeMds' => [
+ 'title' => '威胁类型美杜莎code。',
+ 'description' => '威胁类型美杜莎code。',
+ 'type' => 'string',
+ 'example' => 'siem_rule_type_process_abnormal_command',
+ ],
+ ],
+ ],
+ 'example' => '123456',
+ ],
+ 'Success' => [
+ 'title' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'description' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'Code' => [
+ 'title' => '请求状态码。',
+ 'description' => '请求状态码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '200',
+ ],
+ 'Message' => [
+ 'title' => '请求返回消息。',
+ 'description' => '请求返回消息。',
+ 'type' => 'string',
+ 'example' => 'success',
+ ],
+ 'RequestId' => [
+ 'title' => '请求id。',
+ 'description' => '请求ID。',
+ 'type' => 'string',
+ 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ 'errorCode' => 'InternalError',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"AlertType\\": \\"WEBSHELL\\",\\n \\"AlertTypeMds\\": \\"siem_rule_type_process_abnormal_command\\"\\n }\\n ],\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]',
+ 'title' => '获取自定义规则可选威胁类型列表',
+ ],
+ 'DeleteCustomizeRule' => [
+ 'summary' => '根据指定ID自定义规则。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'https',
+ 'http',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'delete',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RuleId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '自定义规则ID。',
+ 'description' => '自定义规则ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '123456789',
+ ],
+ ],
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '产品所在地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-shanghai',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'BaseResponse<Integer>',
+ 'description' => 'BaseResponse<Integer>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '123456',
+ ],
+ 'Success' => [
+ 'title' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'description' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'Code' => [
+ 'title' => '请求状态码。',
+ 'description' => '请求状态码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '200',
+ ],
+ 'Message' => [
+ 'title' => '请求返回消息。',
+ 'description' => '请求返回消息。',
+ 'type' => 'string',
+ 'example' => 'success',
+ ],
+ 'RequestId' => [
+ 'title' => '请求id。',
+ 'description' => '请求ID。',
+ 'type' => 'string',
+ 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'CloudSiemCustomizeRuleDeleteExcepiton',
+ 'errorMessage' => 'can not delete online customize rule.',
+ ],
+ ],
+ 500 => [
+ [
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ 'errorCode' => 'InternalError',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": 123456,\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]',
+ 'title' => '删除自定义规则',
+ ],
+ 'DescribeAggregateFunction' => [
+ 'summary' => '获取自定义规则支持的聚合函数列表。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'https',
+ 'http',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'get',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'PlainResponse<List<RuleAggregateFunction>>',
+ 'description' => 'PlainResponse<List<RuleAggregateFunction>>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'array',
+ 'items' => [
+ 'type' => 'object',
+ 'properties' => [
+ 'Function' => [
+ 'title' => '聚合函数。',
+ 'description' => '聚合函数。',
+ 'type' => 'string',
+ 'example' => 'count',
+ ],
+ 'FunctionName' => [
+ 'title' => '聚合函数显示名称。',
+ 'description' => '聚合函数显示名称。',
+ 'type' => 'string',
+ 'example' => 'Count',
+ ],
+ ],
+ ],
+ 'example' => '123456',
+ ],
+ 'Success' => [
+ 'title' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'description' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'Code' => [
+ 'title' => '请求状态码。',
+ 'description' => '请求状态码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '200',
+ ],
+ 'Message' => [
+ 'title' => '请求返回消息。',
+ 'description' => '请求返回消息。',
+ 'type' => 'string',
+ 'example' => 'success',
+ ],
+ 'RequestId' => [
+ 'title' => '请求id。',
+ 'description' => '请求ID。',
+ 'type' => 'string',
+ 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ 'errorCode' => 'InternalError',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"Function\\": \\"count\\",\\n \\"FunctionName\\": \\"Count\\"\\n }\\n ],\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]',
+ 'title' => '获取自定义规则聚合函数列表',
+ ],
+ 'DescribeCustomizeRuleCount' => [
+ 'summary' => '获取自定义规则计数。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'https',
+ 'http',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'get',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'PlainResponse<CustomizeRuleCounter>',
+ 'description' => 'PlainResponse<CustomizeRuleCounter>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'object',
+ 'properties' => [
+ 'InUseRuleNum' => [
+ 'title' => '全部规则数。',
+ 'description' => '全部规则数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '20',
+ ],
+ 'HighRuleNum' => [
+ 'title' => '高危规则数。',
+ 'description' => '高危规则数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '12',
+ ],
+ 'MediumRuleNum' => [
+ 'title' => '中危规则数。',
+ 'description' => '中危规则数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '5',
+ ],
+ 'LowRuleNum' => [
+ 'title' => '低危规则数。',
+ 'description' => '低危规则数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '3',
+ ],
+ 'TotalRuleNum' => [
+ 'title' => '总规则数',
+ 'description' => '总规则数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '10',
+ ],
+ 'CustomizeRuleNum' => [
+ 'title' => '自定义规则数',
+ 'description' => '自定义规则数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '10',
+ ],
+ 'PredefinedRuleNum' => [
+ 'title' => '预定义规则数',
+ 'description' => '预定义规则数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '10',
+ ],
+ 'UnEventRuleNum' => [
+ 'title' => '不产生事件规则数',
+ 'description' => '不产生事件规则数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '3',
+ ],
+ 'ExpertRuleNum' => [
+ 'title' => '专家规则数',
+ 'description' => '专家规则数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '7',
+ ],
+ 'GraphComputingRuleNum' => [
+ 'title' => '图计算规则数',
+ 'description' => '图计算规则数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '2',
+ ],
+ 'SingleAlertRuleNum' => [
+ 'title' => '告警透传规则数',
+ 'description' => '告警透传规则数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '3',
+ ],
+ 'AggregationRuleNum' => [
+ 'title' => '同类聚合规则数',
+ 'description' => '同类聚合规则数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '3',
+ ],
+ ],
+ 'example' => '123456',
+ ],
+ 'Success' => [
+ 'title' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'description' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'Code' => [
+ 'title' => '请求状态码。',
+ 'description' => '请求状态码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '200',
+ ],
+ 'Message' => [
+ 'title' => '请求返回消息。',
+ 'description' => '请求返回消息。',
+ 'type' => 'string',
+ 'example' => 'success',
+ ],
+ 'RequestId' => [
+ 'title' => '请求id。',
+ 'description' => '请求ID。',
+ 'type' => 'string',
+ 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ 'errorCode' => 'InternalError',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"InUseRuleNum\\": 20,\\n \\"HighRuleNum\\": 12,\\n \\"MediumRuleNum\\": 5,\\n \\"LowRuleNum\\": 3,\\n \\"TotalRuleNum\\": 10,\\n \\"CustomizeRuleNum\\": 10,\\n \\"PredefinedRuleNum\\": 10,\\n \\"UnEventRuleNum\\": 3,\\n \\"ExpertRuleNum\\": 7,\\n \\"GraphComputingRuleNum\\": 2,\\n \\"SingleAlertRuleNum\\": 3,\\n \\"AggregationRuleNum\\": 3\\n },\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]',
+ 'title' => '获取自定义规则计数',
+ ],
+ 'DescribeCustomizeRuleTest' => [
+ 'summary' => '获取模拟测试场景下的历史模拟数据。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'https',
+ 'http',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'get',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'Id',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '自定义规则ID。',
+ 'description' => '自定义规则ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '123456789',
+ ],
+ ],
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'BaseResponse<CustomizeRuleTest>',
+ 'description' => 'BaseResponse<CustomizeRuleTest>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'object',
+ 'properties' => [
+ 'Id' => [
+ 'title' => '自定义规则ID。',
+ 'description' => '自定义规则ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '123456789',
+ ],
+ 'Status' => [
+ 'title' => '规则状态。 取值:'."\n"
+ .'- 0:初始状态'."\n"
+ .'- 10:模拟数据测试'."\n"
+ .'- 15:业务数据测试中'."\n"
+ .'- 20:业务数据测试结束'."\n"
+ .'- 100:规则上线',
+ 'description' => '规则状态。 取值:'."\n"
+ .'- 0:初始状态'."\n"
+ .'- 10:模拟数据测试'."\n"
+ .'- 15:业务数据测试中'."\n"
+ .'- 20:业务数据测试结束'."\n"
+ .'- 100:规则上线',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '0',
+ ],
+ 'SimulateData' => [
+ 'title' => '模拟测试历史用例数据。',
+ 'description' => '模拟测试历史用例数据。',
+ 'type' => 'string',
+ 'example' => '[{"key1":"value1","key2":"value2","key3":"value3","key4":"value4","key5":"value5"}]',
+ ],
+ ],
+ 'example' => '123456',
+ ],
+ 'Success' => [
+ 'title' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'description' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'Code' => [
+ 'title' => '请求状态码。',
+ 'description' => '请求状态码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '200',
+ ],
+ 'Message' => [
+ 'title' => '请求返回消息。',
+ 'description' => '请求返回消息。',
+ 'type' => 'string',
+ 'example' => 'success',
+ ],
+ 'RequestId' => [
+ 'title' => '请求id。',
+ 'description' => '请求ID。',
+ 'type' => 'string',
+ 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ 'errorCode' => 'InternalError',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"Id\\": 123456789,\\n \\"Status\\": 0,\\n \\"SimulateData\\": \\"[{\\\\\\"key1\\\\\\":\\\\\\"value1\\\\\\",\\\\\\"key2\\\\\\":\\\\\\"value2\\\\\\",\\\\\\"key3\\\\\\":\\\\\\"value3\\\\\\",\\\\\\"key4\\\\\\":\\\\\\"value4\\\\\\",\\\\\\"key5\\\\\\":\\\\\\"value5\\\\\\"}]\\"\\n },\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]',
+ 'title' => '获取模拟测试场景下的历史模拟数据',
+ ],
+ 'DescribeCustomizeRuleTestHistogram' => [
+ 'summary' => '获取自定义规则业务测试结果图表。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'https',
+ 'http',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'get',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'Id',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '自定义规则ID。',
+ 'description' => '自定义规则ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '123456789',
+ ],
+ ],
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'BaseResponse<List<CustomizeRuleAlertHistogram>>',
+ 'description' => 'BaseResponse<List<CustomizeRuleAlertHistogram>>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'array',
+ 'items' => [
+ 'type' => 'object',
+ 'properties' => [
+ 'From' => [
+ 'title' => '告警时间区间的开始时间戳 单位:秒。',
+ 'description' => '告警时间区间的开始时间戳。单位:秒。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '1599897188',
+ ],
+ 'To' => [
+ 'title' => '告警时间区间的结束时间戳 单位:秒。',
+ 'description' => '告警时间区间的结束时间戳。单位:秒。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '1599997188',
+ ],
+ 'Count' => [
+ 'title' => '当前查询结果在该子时间区间内产生的告警数。',
+ 'description' => '当前查询结果在该子时间区间内产生的告警数。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '125',
+ ],
+ ],
+ ],
+ 'example' => '123456',
+ ],
+ 'Success' => [
+ 'title' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'description' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'Code' => [
+ 'title' => '请求状态码。',
+ 'description' => '请求状态码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '200',
+ ],
+ 'Message' => [
+ 'title' => '请求返回消息。',
+ 'description' => '请求返回消息。',
+ 'type' => 'string',
+ 'example' => 'success',
+ ],
+ 'RequestId' => [
+ 'title' => '请求id。',
+ 'description' => '请求ID。',
+ 'type' => 'string',
+ 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ 'errorCode' => 'InternalError',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"From\\": 1599897188,\\n \\"To\\": 1599997188,\\n \\"Count\\": 125\\n }\\n ],\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]',
+ 'title' => '获取自定义规则业务测试结果图表',
+ ],
+ 'DescribeLogFields' => [
+ 'summary' => '获取自定义规则可配置字段列表。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'https',
+ 'http',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'get',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'LogType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '规则对应的日志源。',
+ 'description' => '规则对应的日志源。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cloud_siem_aegis_sas_alert',
+ ],
+ ],
+ [
+ 'name' => 'LogSource',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '规则对应的日志源。',
+ 'description' => '规则对应的日志源。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cloud_siem_aegis_sas_alert',
+ ],
+ ],
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'PlainResponse<List<CustomizeRuleField>>',
+ 'description' => 'PlainResponse<List<CustomizeRuleField>>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'array',
+ 'items' => [
+ 'type' => 'object',
+ 'properties' => [
+ 'FieldName' => [
+ 'title' => '规则字段名称。',
+ 'description' => '规则字段名称。',
+ 'type' => 'string',
+ 'example' => 'activity_name',
+ ],
+ 'FieldDesc' => [
+ 'title' => '字段描述美杜莎code。',
+ 'description' => '字段描述美杜莎Code。',
+ 'type' => 'string',
+ 'example' => 'sas.cloudsiem.prod.activity_name',
+ ],
+ 'LogCode' => [
+ 'title' => '字段所属日志源。',
+ 'description' => '字段所属日志源。',
+ 'type' => 'string',
+ 'example' => 'cloud_siem_aegis_sas_alert',
+ ],
+ 'ActivityName' => [
+ 'title' => '字段所属日志类型。',
+ 'description' => '字段所属日志类型。',
+ 'type' => 'string',
+ 'example' => 'HTTP_ACTIVITY',
+ ],
+ 'FieldType' => [
+ 'title' => '字段数据类型。 取值:'."\n"
+ .'- varchar:字符串'."\n"
+ .'- bigint:数字',
+ 'description' => '字段数据类型。 取值:'."\n"
+ .'- varchar:字符串'."\n"
+ .'- bigint:数字',
+ 'type' => 'string',
+ 'example' => 'varchar',
+ ],
+ ],
+ ],
+ 'example' => '123456',
+ ],
+ 'Success' => [
+ 'title' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'description' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'Code' => [
+ 'title' => '请求状态码。',
+ 'description' => '请求状态码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '200',
+ ],
+ 'Message' => [
+ 'title' => '请求返回消息。',
+ 'description' => '请求返回消息。',
+ 'type' => 'string',
+ 'example' => 'success',
+ ],
+ 'RequestId' => [
+ 'title' => '请求id。',
+ 'description' => '请求ID。',
+ 'type' => 'string',
+ 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ 'errorCode' => 'InternalError',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"FieldName\\": \\"activity_name\\",\\n \\"FieldDesc\\": \\"sas.cloudsiem.prod.activity_name\\",\\n \\"LogCode\\": \\"cloud_siem_aegis_sas_alert\\",\\n \\"ActivityName\\": \\"HTTP_ACTIVITY\\",\\n \\"FieldType\\": \\"varchar\\"\\n }\\n ],\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]',
+ 'title' => '获取自定义规则可配置字段列表',
+ ],
+ 'DescribeLogSource' => [
+ 'summary' => '获取自定义规则可配置日志源列表。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'https',
+ 'http',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'get',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'LogType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '规则对应的日志类型。',
+ 'description' => '规则对应的日志类型。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'HTTP_ACTIVITY',
+ ],
+ ],
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'PlainResponse<List<LogSource>>',
+ 'description' => 'PlainResponse<List<LogSource>>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'array',
+ 'items' => [
+ 'type' => 'object',
+ 'properties' => [
+ 'LogSource' => [
+ 'title' => '规则对应的日志源。',
+ 'description' => '规则对应的日志源。',
+ 'type' => 'string',
+ 'example' => 'cloud_siem_aegis_sas_alert',
+ ],
+ 'LogSourceName' => [
+ 'title' => '规则对应的日志源美杜莎code。',
+ 'description' => '规则对应的日志源美杜莎Code。',
+ 'type' => 'string',
+ 'example' => 'sas.cloudsiem.prod.cloud_siem_aegis_sas_alert',
+ ],
+ ],
+ ],
+ 'example' => '123456',
+ ],
+ 'Success' => [
+ 'title' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'description' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'Code' => [
+ 'title' => '请求状态码。',
+ 'description' => '请求状态码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '200',
+ ],
+ 'Message' => [
+ 'title' => '请求返回消息。',
+ 'description' => '请求返回消息。',
+ 'type' => 'string',
+ 'example' => 'success',
+ ],
+ 'RequestId' => [
+ 'title' => '请求id。',
+ 'description' => '请求ID。',
+ 'type' => 'string',
+ 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ 'errorCode' => 'InternalError',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"LogSource\\": \\"cloud_siem_aegis_sas_alert\\",\\n \\"LogSourceName\\": \\"sas.cloudsiem.prod.cloud_siem_aegis_sas_alert\\"\\n }\\n ],\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]',
+ 'title' => '获取自定义规则可配置日志源列表',
+ ],
+ 'DescribeLogType' => [
+ 'summary' => '获取自定义规则可配置日志类型。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'https',
+ 'http',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'get',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'PlainResponse<List<LogType>>',
+ 'description' => 'PlainResponse<List<LogType>>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'array',
+ 'items' => [
+ 'type' => 'object',
+ 'properties' => [
+ 'LogType' => [
+ 'title' => '规则对应的日志类型。',
+ 'description' => '规则对应的日志类型。',
+ 'type' => 'string',
+ 'example' => 'HTTP_ACTIVITY',
+ ],
+ 'LogTypeName' => [
+ 'title' => '日志类型名称美杜莎code。',
+ 'description' => '日志类型名称美杜莎Code。',
+ 'type' => 'string',
+ 'example' => 'sas.cloudsiem.prod.http_activity',
+ ],
+ ],
+ ],
+ 'example' => '123456',
+ ],
+ 'Success' => [
+ 'title' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'description' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'Code' => [
+ 'title' => '请求状态码。',
+ 'description' => '请求状态码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '200',
+ ],
+ 'Message' => [
+ 'title' => '请求返回消息。',
+ 'description' => '请求返回消息。',
+ 'type' => 'string',
+ 'example' => 'success',
+ ],
+ 'RequestId' => [
+ 'title' => '请求id。',
+ 'description' => '请求ID。',
+ 'type' => 'string',
+ 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ 'errorCode' => 'InternalError',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"LogType\\": \\"HTTP_ACTIVITY\\",\\n \\"LogTypeName\\": \\"sas.cloudsiem.prod.http_activity\\"\\n }\\n ],\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]',
+ 'title' => '获取自定义规则可配置日志类型',
+ ],
+ 'DescribeOperators' => [
+ 'summary' => '获取自定义规则操作符列表。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'https',
+ 'http',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'get',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'SceneType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '操作符使用场景类型。 取值:'."\n"
+ .'- 不传:默认场景'."\n"
+ .'- AGGREGATE:聚合函数场景',
+ 'description' => '操作符使用场景类型。取值:'."\n"
+ .'- 不传:默认场景'."\n"
+ .'- AGGREGATE:聚合函数场景',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'AGGREGATE',
+ ],
+ ],
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'PlainResponse<List<CustomizeRuleOperator>>',
+ 'description' => 'PlainResponse<List<CustomizeRuleOperator>>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'array',
+ 'items' => [
+ 'type' => 'object',
+ 'properties' => [
+ 'Operator' => [
+ 'title' => '操作符。',
+ 'description' => '操作符。',
+ 'type' => 'string',
+ 'example' => '<=',
+ ],
+ 'OperatorName' => [
+ 'title' => '操作符显示名称。',
+ 'description' => '操作符显示名称。',
+ 'type' => 'string',
+ 'example' => '<=',
+ ],
+ 'OperatorDescCn' => [
+ 'title' => '操作符中文描述。',
+ 'description' => '操作符中文描述。',
+ 'type' => 'string',
+ 'example' => 'arger than or equal to',
+ ],
+ 'OperatorDescEn' => [
+ 'title' => '操作符英文描述。',
+ 'description' => '操作符英文描述。',
+ 'type' => 'string',
+ 'example' => 'larger than or equal to',
+ ],
+ 'SupportDataType' => [
+ 'title' => '当前操作符可以支持的数据类型 以逗号分隔。',
+ 'description' => '当前操作符可以支持的数据类型,以逗号分隔。',
+ 'type' => 'string',
+ 'example' => 'varchar',
+ ],
+ 'SupportTag' => [
+ 'title' => '操作符支持场景 多个场景以逗号分隔 如聚合(AGGREGATE)等 默认为空。',
+ 'description' => '操作符支持场景。多个场景以逗号分隔,如聚合(AGGREGATE)等,默认为空。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '操作符支持场景。多个场景以逗号分隔,如聚合(AGGREGATE)等,默认为空。',
+ 'type' => 'string',
+ 'example' => '[AGGREGATE]',
+ ],
+ 'example' => '[AGGREGATE]',
+ ],
+ 'Index' => [
+ 'title' => '操作符所处操作符列表位置。',
+ 'description' => '操作符所在的操作符列表位置。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '3',
+ ],
+ ],
+ ],
+ 'example' => '123456',
+ ],
+ 'Success' => [
+ 'title' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'description' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'Code' => [
+ 'title' => '请求状态码。',
+ 'description' => '请求状态码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '200',
+ ],
+ 'Message' => [
+ 'title' => '请求返回消息。',
+ 'description' => '请求返回消息。',
+ 'type' => 'string',
+ 'example' => 'success',
+ ],
+ 'RequestId' => [
+ 'title' => '请求id。',
+ 'description' => '请求ID。',
+ 'type' => 'string',
+ 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ 'errorCode' => 'InternalError',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"Operator\\": \\"<=\\",\\n \\"OperatorName\\": \\"<=\\",\\n \\"OperatorDescCn\\": \\"arger than or equal to\\",\\n \\"OperatorDescEn\\": \\"larger than or equal to\\",\\n \\"SupportDataType\\": \\"varchar\\",\\n \\"SupportTag\\": [\\n \\"[AGGREGATE]\\"\\n ],\\n \\"Index\\": 3\\n }\\n ],\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]',
+ 'title' => '获取自定义规则操作符列表',
+ ],
+ 'ListCloudSiemCustomizeRules' => [
+ 'summary' => '获取自定义规则列表。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'https',
+ 'http',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'list',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'Id',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '规则ID。',
+ 'description' => '自定义规则ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '10223',
+ ],
+ ],
+ [
+ 'name' => 'StartTime',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '查询开始时间, 单位毫秒。',
+ 'description' => '查询开始时间,单位毫秒。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '1577808000000',
+ ],
+ ],
+ [
+ 'name' => 'EndTime',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '查询结束时间, 单位毫秒。',
+ 'description' => '查询结束时间,单位毫秒。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '1577808000000',
+ ],
+ ],
+ [
+ 'name' => 'ThreatLevel',
+ 'in' => 'formData',
+ 'style' => 'repeatList',
+ 'schema' => [
+ 'title' => '威胁等级,格式为json数组。取值:'."\n"
+ .'- serious:高危'."\n"
+ .'- suspicious:中危'."\n"
+ .'- remind:低危',
+ 'description' => '威胁等级,JSON数组格式。取值:'."\n"
+ .'- **serious**:高危'."\n"
+ .'- **suspicious**:中危'."\n"
+ .'- **remind**:低危',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '威胁等级,JSON数组格式。取值:'."\n"
+ ."\n"
+ .'- **serious**:高危'."\n"
+ .'- **suspicious**:中危'."\n"
+ .'- **remind**:低危',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '["remind","serious"]'."\n",
+ ],
+ 'required' => false,
+ 'example' => '["serious","suspicious","remind"]',
+ 'maxItems' => 100,
+ ],
+ ],
+ [
+ 'name' => 'AlertType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '告警类型。',
+ 'description' => '告警类型。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'scan',
+ ],
+ ],
+ [
+ 'name' => 'RuleName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '规则名称, 仅支持字母、数字、下划线、点。',
+ 'description' => '规则名称,仅支持字母、数字、下划线、点。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'waf_scan',
+ ],
+ ],
+ [
+ 'name' => 'RuleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '规则类型。 取值:'."\n"
+ .'- predefine:预定义'."\n"
+ .'- customize:自定义',
+ 'description' => '规则类型。取值:'."\n"
+ .'- **predefine**:预定义'."\n"
+ .'- **customize**:自定义',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'customize',
+ ],
+ ],
+ [
+ 'name' => 'Status',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '规则状态。 取值:'."\n"
+ .'- 0:初始状态'."\n"
+ .'- 10:模拟数据测试'."\n"
+ .'- 15:业务数据测试中'."\n"
+ .'- 20:业务数据测试结束'."\n"
+ .'- 100:规则上线',
+ 'description' => '规则状态。取值:'."\n"
+ .'- **0**:初始状态'."\n"
+ .'- **10**:模拟数据测试'."\n"
+ .'- **15**:业务数据测试中'."\n"
+ .'- **20**:业务数据测试结束'."\n"
+ .'- **100**:规则上线',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '0',
+ ],
+ ],
+ [
+ 'name' => 'OrderField',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '规则列表排列字段。 取值:'."\n"
+ .'- GmtModified:基于修改时间排序'."\n"
+ .'- Id:基于规则id排序(默认)',
+ 'description' => '规则列表排列字段。 取值:'."\n"
+ .'- GmtModified:基于修改时间排序'."\n"
+ .'- Id:基于规则id排序(默认)',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'Id',
+ ],
+ ],
+ [
+ 'name' => 'Order',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '事件列表排列方向。 取值:'."\n"
+ .'- desc:降序排列'."\n"
+ .'- asc:升序排列。',
+ 'description' => '事件列表排列方向。 取值:'."\n"
+ .'- desc:降序排列'."\n"
+ .'- asc:升序排列。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'desc',
+ ],
+ ],
+ [
+ 'name' => 'CurrentPage',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '列表当前页号, 大于等于1。',
+ 'description' => '列表当前页号,大于等于1。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => true,
+ 'minimum' => '1',
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'PageSize',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '列表每页条数, 最大不超过100。',
+ 'description' => '列表每页条数,最大不超过100。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => true,
+ 'maximum' => '100',
+ 'minimum' => '1',
+ 'example' => '10',
+ ],
+ ],
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- **cn-hangzhou**:资产属于中国内地与中国香港'."\n"
+ .'- **ap-southeast-1**:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'PageResponse<List<CloudSiemCustomizeRule>>',
+ 'description' => 'PageResponse<List<CloudSiemCustomizeRule>>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Success' => [
+ 'title' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'description' => '请求是否成功。取值:'."\n"
+ .'- **true**:成功'."\n"
+ .'- **false**:失败',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'Code' => [
+ 'title' => '请求状态码。',
+ 'description' => '请求状态码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '200',
+ ],
+ 'Message' => [
+ 'title' => '请求返回消息。',
+ 'description' => '请求返回消息。',
+ 'type' => 'string',
+ 'example' => 'success',
+ ],
+ 'RequestId' => [
+ 'title' => '请求id。',
+ 'description' => '请求ID。',
+ 'type' => 'string',
+ 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****',
+ ],
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'object',
+ 'properties' => [
+ 'PageInfo' => [
+ 'title' => '分页记录。',
+ 'description' => '分页记录。',
+ 'type' => 'object',
+ 'properties' => [
+ 'CurrentPage' => [
+ 'title' => '列表当前页号。',
+ 'description' => '列表当前页号。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '1',
+ ],
+ 'PageSize' => [
+ 'title' => '每页返回记录数。',
+ 'description' => '每页返回记录数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '10',
+ ],
+ 'TotalCount' => [
+ 'title' => '记录总数。',
+ 'description' => '记录总数。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '100',
+ ],
+ ],
+ ],
+ 'ResponseData' => [
+ 'title' => '详细数据。',
+ 'description' => '详细数据。',
+ 'type' => 'array',
+ 'items' => [
+ 'type' => 'object',
+ 'properties' => [
+ 'Id' => [
+ 'title' => '自定义规则ID。',
+ 'description' => '自定义规则ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '123456789',
+ ],
+ 'GmtCreate' => [
+ 'title' => '自定义规则创建时间。',
+ 'description' => '自定义规则创建时间。',
+ 'type' => 'string',
+ 'example' => '2021-01-06 16:37:29',
+ ],
+ 'GmtModified' => [
+ 'title' => '自定义规则最后更新时间。',
+ 'description' => '自定义规则最后更新时间。',
+ 'type' => 'string',
+ 'example' => '2021-01-06 16:37:29',
+ ],
+ 'Aliuid' => [
+ 'title' => 'siem主账号ID。',
+ 'description' => 'SIEM主账号ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '127608589417****',
+ ],
+ 'RuleName' => [
+ 'title' => '规则名称。',
+ 'description' => '规则名称。',
+ 'type' => 'string',
+ 'example' => 'waf_scan',
+ ],
+ 'RuleDesc' => [
+ 'title' => '规则描述。',
+ 'description' => '规则描述。',
+ 'type' => 'string',
+ 'example' => 'this rule is for waf scan',
+ ],
+ 'RuleType' => [
+ 'title' => '规则类型。 取值:'."\n"
+ .'- predefine:预定义'."\n"
+ .'- customize:自定义',
+ 'description' => '规则类型。取值:'."\n"
+ .'- **predefine**:预定义'."\n"
+ .'- **customize**:自定义',
+ 'type' => 'string',
+ 'example' => 'customize',
+ ],
+ 'ThreatLevel' => [
+ 'title' => '威胁等级。取值:'."\n"
+ .'- serious:高危'."\n"
+ .'- suspicious:中危'."\n"
+ .'- remind:低危',
+ 'description' => '威胁等级。取值:'."\n"
+ .'- **serious**:高危'."\n"
+ .'- **suspicious**:中危'."\n"
+ .'- **remind**:低危',
+ 'type' => 'string',
+ 'example' => 'remind',
+ ],
+ 'AlertType' => [
+ 'title' => '威胁类型。',
+ 'description' => '威胁类型。',
+ 'type' => 'string',
+ 'example' => 'WEBSHELL',
+ ],
+ 'AlertTypeMds' => [
+ 'title' => '威胁类型美杜莎code。',
+ 'description' => '威胁类型美杜莎Code。',
+ 'type' => 'string',
+ 'example' => '${siem_rule_type_process_abnormal_command}',
+ ],
+ 'LogType' => [
+ 'title' => '规则对应的日志类型。',
+ 'description' => '规则对应的日志类型。',
+ 'type' => 'string',
+ 'example' => 'ALERT_ACTIVITY',
+ ],
+ 'LogTypeMds' => [
+ 'title' => '规则对应的日志类型美杜莎code。',
+ 'description' => '规则对应的日志类型美杜莎Code。',
+ 'type' => 'string',
+ 'example' => '${sas.cloudsiem.prod.alert_activity}',
+ ],
+ 'LogSource' => [
+ 'title' => '规则对应的日志源。',
+ 'description' => '规则对应的日志源。',
+ 'type' => 'string',
+ 'example' => 'cloud_siem_aegis_sas_alert',
+ ],
+ 'LogSourceMds' => [
+ 'title' => '规则对应的日志源美杜莎code。',
+ 'description' => '规则对应的日志源美杜莎Code。',
+ 'type' => 'string',
+ 'example' => '${sas.cloudsiem.prod.cloud_siem_aegis_sas_alert}',
+ ],
+ 'RuleCondition' => [
+ 'title' => '规则查询条件json(需要对html转义字符进行反向转义)。',
+ 'description' => '规则查询条件,JSON数组格式(需要对HTML转义字符进行反向转义)。',
+ 'type' => 'string',
+ 'example' => '[[{&quot;not&quot;:false,&quot;left&quot;:&quot;alert_name&quot;,&quot;operator&quot;:&quot;=&quot;,&quot;right&quot;:&quot;WEBSHELL&quot;}]]',
+ ],
+ 'RuleGroup' => [
+ 'title' => '日志聚合字段,json数组格式(需要对html转义字符进行反向转义)。',
+ 'description' => '日志聚合字段,JSON数组格式(需要对HTML转义字符进行反向转义)。',
+ 'type' => 'string',
+ 'example' => '[&quot;asset_id&quot;]',
+ ],
+ 'RuleThreshold' => [
+ 'title' => '规则阈值配置json(需要对html转义字符进行反向转义)。',
+ 'description' => '规则阈值配置json(需要对html转义字符进行反向转义)。',
+ 'type' => 'string',
+ 'example' => '{&quot;aggregateFunction&quot;:&quot;count&quot;,&quot;aggregateFunctionName&quot;:&quot;count&quot;,&quot;field&quot;:&quot;activity_name&quot;,&quot;operator&quot;:&quot;&lt;=&quot;,&quot;value&quot;:1}',
+ ],
+ 'QueryCycle' => [
+ 'title' => '规则窗口长度(需要对html转义字符进行反向转义)。',
+ 'description' => '规则窗口长度(需要对html转义字符进行反向转义)。',
+ 'type' => 'string',
+ 'example' => '{&quot;time&quot;:&quot;1&quot;,&quot;unit&quot;:&quot;HOUR&quot;}',
+ ],
+ 'AttCk' => [
+ 'title' => '告警附加字段attck',
+ 'description' => '告警附加字段attck。',
+ 'type' => 'string',
+ 'example' => 'T1595.002 Vulnerability Scanning',
+ ],
+ 'EventTransferSwitch' => [
+ 'title' => '告警是否转换事件开关。 取值:'."\n"
+ .'- 0:不转换'."\n"
+ .'- 1:转换',
+ 'description' => '告警是否转换事件开关。取值:'."\n"
+ .'- **0**:不转换'."\n"
+ .'- **1**:转换',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '1',
+ ],
+ 'EventTransferType' => [
+ 'title' => '事件生成方式。 取值:'."\n"
+ .'- default:默认内置方式'."\n"
+ .'- singleToSingle:每个告警生成一个事件'."\n"
+ .'- allToSingle:周期内告警生成一个事件',
+ 'description' => '事件生成方式。取值:'."\n"
+ .'- **default**:默认内置方式'."\n"
+ .'- **singleToSingle**:每个告警生成一个事件'."\n"
+ .'- **allToSingle**:周期内告警生成一个事件',
+ 'type' => 'string',
+ 'example' => 'allToSingle',
+ ],
+ 'EventTransferExt' => [
+ 'title' => '事件生成扩展信息 当eventTransferType值为allToSingle该字段有值 表示告警聚合窗口的周期长度以及周期单位(需要对html转义字符进行反向转义)。',
+ 'description' => '事件生成扩展信息。当**eventTransferType**值为**allToSingle**,该字段有值,表示告警聚合窗口的周期长度以及周期单位(需要对html转义字符进行反向转义)。',
+ 'type' => 'string',
+ 'example' => '{&quot;time&quot;:&quot;1&quot;,&quot;unit&quot;:&quot;MINUTE&quot;}',
+ ],
+ 'Status' => [
+ 'title' => '规则状态。 取值:'."\n"
+ .'- 0:初始状态'."\n"
+ .'- 10:模拟数据测试'."\n"
+ .'- 15:业务数据测试中'."\n"
+ .'- 20:业务数据测试结束'."\n"
+ .'- 100:规则上线',
+ 'description' => '规则状态。取值:'."\n"
+ .'- **0**:初始状态'."\n"
+ .'- **10**:模拟数据测试'."\n"
+ .'- **15**:业务数据测试中'."\n"
+ .'- **20**:业务数据测试结束'."\n"
+ .'- **100**:规则上线',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '0',
+ ],
+ 'DataType' => [
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'0:当前阿里云账号视图。'."\n"
+ .'1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '1',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'example' => '123456',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ 'errorCode' => 'InternalError',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\",\\n \\"Data\\": {\\n \\"PageInfo\\": {\\n \\"CurrentPage\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 100\\n },\\n \\"ResponseData\\": [\\n {\\n \\"Id\\": 123456789,\\n \\"GmtCreate\\": \\"2021-01-06 16:37:29\\",\\n \\"GmtModified\\": \\"2021-01-06 16:37:29\\",\\n \\"Aliuid\\": 0,\\n \\"RuleName\\": \\"waf_scan\\",\\n \\"RuleDesc\\": \\"this rule is for waf scan\\",\\n \\"RuleType\\": \\"customize\\",\\n \\"ThreatLevel\\": \\"remind\\",\\n \\"AlertType\\": \\"WEBSHELL\\",\\n \\"AlertTypeMds\\": \\"${siem_rule_type_process_abnormal_command}\\",\\n \\"LogType\\": \\"ALERT_ACTIVITY\\",\\n \\"LogTypeMds\\": \\"${sas.cloudsiem.prod.alert_activity}\\",\\n \\"LogSource\\": \\"cloud_siem_aegis_sas_alert\\",\\n \\"LogSourceMds\\": \\"${sas.cloudsiem.prod.cloud_siem_aegis_sas_alert}\\",\\n \\"RuleCondition\\": \\"[[{&quot;not&quot;:false,&quot;left&quot;:&quot;alert_name&quot;,&quot;operator&quot;:&quot;=&quot;,&quot;right&quot;:&quot;WEBSHELL&quot;}]]\\",\\n \\"RuleGroup\\": \\"[&quot;asset_id&quot;]\\",\\n \\"RuleThreshold\\": \\"{&quot;aggregateFunction&quot;:&quot;count&quot;,&quot;aggregateFunctionName&quot;:&quot;count&quot;,&quot;field&quot;:&quot;activity_name&quot;,&quot;operator&quot;:&quot;&lt;=&quot;,&quot;value&quot;:1}\\",\\n \\"QueryCycle\\": \\"{&quot;time&quot;:&quot;1&quot;,&quot;unit&quot;:&quot;HOUR&quot;}\\",\\n \\"AttCk\\": \\"T1595.002 Vulnerability Scanning\\",\\n \\"EventTransferSwitch\\": 1,\\n \\"EventTransferType\\": \\"allToSingle\\",\\n \\"EventTransferExt\\": \\"{&quot;time&quot;:&quot;1&quot;,&quot;unit&quot;:&quot;MINUTE&quot;}\\",\\n \\"Status\\": 0,\\n \\"DataType\\": 1\\n }\\n ]\\n }\\n}","type":"json"}]',
+ 'title' => '获取自定义规则列表',
+ ],
+ 'ListCloudSiemPredefinedRules' => [
+ 'summary' => '获取预定义规则列表。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'https',
+ 'http',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'list',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'Id',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '规则ID。',
+ 'description' => '规则ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '10223',
+ ],
+ ],
+ [
+ 'name' => 'StartTime',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '查询开始时间, 单位毫秒。',
+ 'description' => '查询开始时间, 单位毫秒。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '1577808000000',
+ ],
+ ],
+ [
+ 'name' => 'EndTime',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '查询结束时间, 单位毫秒。',
+ 'description' => '查询结束时间, 单位毫秒。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '1577808000000',
+ ],
+ ],
+ [
+ 'name' => 'ThreatLevel',
+ 'in' => 'formData',
+ 'style' => 'repeatList',
+ 'schema' => [
+ 'title' => '威胁等级,格式为json数组。取值:'."\n"
+ .'- serious:高危'."\n"
+ .'- suspicious:中危'."\n"
+ .'- remind:低危',
+ 'description' => '威胁等级,格式为json数组。取值:'."\n"
+ .'- serious:高危'."\n"
+ .'- suspicious:中危'."\n"
+ .'- remind:低危',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '威胁等级,格式为json数组。取值:'."\n"
+ ."\n"
+ .'- serious:高危'."\n"
+ .'- suspicious:中危'."\n"
+ .'- remind:低危',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '["remind","serious"]'."\n",
+ ],
+ 'required' => false,
+ 'example' => '["serious","suspicious","remind"]',
+ 'maxItems' => 100,
+ ],
+ ],
+ [
+ 'name' => 'AlertType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '告警类型。',
+ 'description' => '告警类型。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'scan',
+ ],
+ ],
+ [
+ 'name' => 'RuleName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '规则名称, 仅支持字母、数字、下划线、点。',
+ 'description' => '规则名称, 仅支持字母、数字、下划线、点。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'waf_scan',
+ ],
+ ],
+ [
+ 'name' => 'RuleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '规则类型。 取值:'."\n"
+ .'- predefine:预定义'."\n"
+ .'- customize:自定义',
+ 'description' => '规则类型。 取值:'."\n"
+ .'- predefine:预定义'."\n"
+ .'- customize:自定义',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'customize',
+ ],
+ ],
+ [
+ 'name' => 'EventTransferType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '事件生成方式。 取值:'."\n"
+ .'- default:默认内置方式'."\n"
+ .'- singleToSingle:每个告警生成一个事件'."\n"
+ .'- allToSingle:周期内告警生成一个事件',
+ 'description' => '事件生成方式。 取值:'."\n"
+ .'- default:默认内置方式'."\n"
+ .'- singleToSingle:每个告警生成一个事件'."\n"
+ .'- allToSingle:周期内告警生成一个事件',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'allToSingle',
+ ],
+ ],
+ [
+ 'name' => 'AttCk',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => 'att&ck。',
+ 'description' => 'att&ck。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'T1595.002 Vulnerability Scanning',
+ ],
+ ],
+ [
+ 'name' => 'LogSource',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '日志源。',
+ 'description' => '日志源。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cloud_siem_alb_flow_log',
+ ],
+ ],
+ [
+ 'name' => 'Status',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '规则状态。 取值:'."\n"
+ .'- 0:初始状态'."\n"
+ .'- 10:模拟数据测试'."\n"
+ .'- 15:业务数据测试中'."\n"
+ .'- 20:业务数据测试结束'."\n"
+ .'- 100:规则上线',
+ 'description' => '规则状态。 取值:'."\n"
+ .'- 0:初始状态'."\n"
+ .'- 10:模拟数据测试'."\n"
+ .'- 15:业务数据测试中'."\n"
+ .'- 20:业务数据测试结束'."\n"
+ .'- 100:规则上线',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '0',
+ ],
+ ],
+ [
+ 'name' => 'OrderField',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '规则列表排列字段。 取值:'."\n"
+ .'- GmtModified:基于修改时间排序'."\n"
+ .'- Id:基于规则id排序(默认)',
+ 'description' => '规则列表排列字段。 取值:'."\n"
+ .'- GmtModified:基于修改时间排序'."\n"
+ .'- Id:基于规则id排序(默认)',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'Id',
+ ],
+ ],
+ [
+ 'name' => 'Order',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '事件列表排列方向。 取值:'."\n"
+ .'- desc:降序排列'."\n"
+ .'- asc:升序排列。',
+ 'description' => '事件列表排列方向。 取值:'."\n"
+ .'- desc:降序排列'."\n"
+ .'- asc:升序排列。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'desc',
+ ],
+ ],
+ [
+ 'name' => 'CurrentPage',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '列表当前页号, 大于等于1。',
+ 'description' => '列表当前页号, 大于等于1。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => true,
+ 'minimum' => '1',
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'PageSize',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '列表每页条数, 最大不超过100。',
+ 'description' => '列表每页条数, 最大不超过100。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => true,
+ 'maximum' => '100',
+ 'minimum' => '1',
+ 'example' => '10',
+ ],
+ ],
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'PageResponse<List<CloudSiemPredefinedRule>>',
+ 'description' => 'PageResponse<List<CloudSiemPredefinedRule>>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Success' => [
+ 'title' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'description' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'Code' => [
+ 'title' => '请求状态码。',
+ 'description' => '请求状态码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '200',
+ ],
+ 'Message' => [
+ 'title' => '请求返回消息。',
+ 'description' => '请求返回消息。',
+ 'type' => 'string',
+ 'example' => 'success',
+ ],
+ 'RequestId' => [
+ 'title' => '请求id。',
+ 'description' => '请求ID。',
+ 'type' => 'string',
+ 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****',
+ ],
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'object',
+ 'properties' => [
+ 'PageInfo' => [
+ 'title' => '分页记录。',
+ 'description' => '分页记录。',
+ 'type' => 'object',
+ 'properties' => [
+ 'CurrentPage' => [
+ 'title' => '列表当前页号。',
+ 'description' => '列表当前页号。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '1',
+ ],
+ 'PageSize' => [
+ 'title' => '每页返回记录数。',
+ 'description' => '每页返回记录数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '10',
+ ],
+ 'TotalCount' => [
+ 'title' => '记录总数。',
+ 'description' => '记录总数。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '100',
+ ],
+ ],
+ ],
+ 'ResponseData' => [
+ 'title' => '详细数据。',
+ 'description' => '详细数据。',
+ 'type' => 'array',
+ 'items' => [
+ 'type' => 'object',
+ 'properties' => [
+ 'Id' => [
+ 'title' => '预定义规则ID。',
+ 'description' => '预定义规则ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '123456789',
+ ],
+ 'GmtCreate' => [
+ 'title' => '规则创建时间。',
+ 'description' => '规则创建时间。',
+ 'type' => 'string',
+ 'example' => '2021-01-06 16:37:29',
+ ],
+ 'GmtModified' => [
+ 'title' => '规则修改时间。',
+ 'description' => '规则修改时间。',
+ 'type' => 'string',
+ 'example' => '2021-01-06 16:37:29',
+ ],
+ 'RuleName' => [
+ 'title' => '规则名称。',
+ 'description' => '规则名称。',
+ 'type' => 'string',
+ 'example' => 'siem_base64-command-exec_aegis-proc',
+ ],
+ 'RuleNameCn' => [
+ 'title' => '规则中文名称。',
+ 'description' => '规则中文名称。',
+ 'type' => 'string',
+ 'example' => 'siem_base64-command-exec_aegis-proc',
+ ],
+ 'RuleNameEn' => [
+ 'title' => '规则英文名称。',
+ 'description' => '规则英文名称。',
+ 'type' => 'string',
+ 'example' => 'siem_base64-command-exec_aegis-proc',
+ ],
+ 'RuleNameMds' => [
+ 'title' => '规则名称美杜莎code。',
+ 'description' => '规则名称美杜莎Code。',
+ 'type' => 'string',
+ 'example' => '${siem_rule_name_siem_cfw-attack-count-level-up_cfw-attack}',
+ ],
+ 'RuleDescMds' => [
+ 'title' => '规则描述美杜莎code。',
+ 'description' => '规则描述美杜莎Code。',
+ 'type' => 'string',
+ 'example' => '${siem_rule_description_siem_cfw-attack-count-level-up_cfw-attack}',
+ ],
+ 'ThreatLevel' => [
+ 'title' => '威胁等级。取值:'."\n"
+ .'- serious:高危'."\n"
+ .'- suspicious:中危'."\n"
+ .'- remind:低危',
+ 'description' => '威胁等级。取值:'."\n"
+ .'- serious:高危'."\n"
+ .'- suspicious:中危'."\n"
+ .'- remind:低危',
+ 'type' => 'string',
+ 'example' => 'remind',
+ ],
+ 'AlertType' => [
+ 'title' => '威胁类型。',
+ 'description' => '威胁类型。',
+ 'type' => 'string',
+ 'example' => 'WEBSHELL',
+ ],
+ 'Source' => [
+ 'title' => '规则对应的日志源。',
+ 'description' => '规则对应的日志源。',
+ 'type' => 'string',
+ 'example' => 'cloud_siem_aegis_proc',
+ ],
+ 'EventTransferType' => [
+ 'title' => '事件生成方式。 取值:'."\n"
+ .'- default:默认内置方式'."\n"
+ .'- singleToSingle:每个告警生成一个事件'."\n"
+ .'- allToSingle:周期内告警生成一个事件',
+ 'description' => '事件生成方式。 取值:'."\n"
+ .'- default:默认内置方式'."\n"
+ .'- singleToSingle:每个告警生成一个事件'."\n"
+ .'- allToSingle:周期内告警生成一个事件',
+ 'type' => 'string',
+ 'example' => 'allToSingle',
+ ],
+ 'AttCk' => [
+ 'title' => '告警附加字段attck',
+ 'description' => '告警附加字段attck',
+ 'type' => 'string',
+ 'example' => 'T1595.002 Vulnerability Scanning',
+ ],
+ 'Status' => [
+ 'title' => '预定义规则启用状态。 取值:'."\n"
+ .'- 0:初始状态'."\n"
+ .'- 100:规则上线',
+ 'description' => '预定义规则启用状态。 取值:'."\n"
+ .'- 0:初始状态'."\n"
+ .'- 100:规则上线',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '0',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'example' => '123456',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ 'errorCode' => 'InternalError',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\",\\n \\"Data\\": {\\n \\"PageInfo\\": {\\n \\"CurrentPage\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 100\\n },\\n \\"ResponseData\\": [\\n {\\n \\"Id\\": 123456789,\\n \\"GmtCreate\\": \\"2021-01-06 16:37:29\\",\\n \\"GmtModified\\": \\"2021-01-06 16:37:29\\",\\n \\"RuleName\\": \\"siem_base64-command-exec_aegis-proc\\",\\n \\"RuleNameCn\\": \\"siem_base64-command-exec_aegis-proc\\",\\n \\"RuleNameEn\\": \\"siem_base64-command-exec_aegis-proc\\",\\n \\"RuleNameMds\\": \\"${siem_rule_name_siem_cfw-attack-count-level-up_cfw-attack}\\",\\n \\"RuleDescMds\\": \\"${siem_rule_description_siem_cfw-attack-count-level-up_cfw-attack}\\",\\n \\"ThreatLevel\\": \\"remind\\",\\n \\"AlertType\\": \\"WEBSHELL\\",\\n \\"Source\\": \\"cloud_siem_aegis_proc\\",\\n \\"EventTransferType\\": \\"allToSingle\\",\\n \\"AttCk\\": \\"T1595.002 Vulnerability Scanning\\",\\n \\"Status\\": 0\\n }\\n ]\\n }\\n}","type":"json"}]',
+ 'title' => '获取预定义规则列表',
+ ],
+ 'ListCustomizeRuleTestResult' => [
+ 'summary' => '获取自定义规则测试结果列表。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'http',
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'read',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'list',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsasASHGE7',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'Id',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '自定义规则ID。',
+ 'description' => '自定义规则ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '123456789',
+ ],
+ ],
+ [
+ 'name' => 'CurrentPage',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '列表当前页号, 大于等于1。',
+ 'description' => '列表当前页号,大于等于1。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => true,
+ 'minimum' => '1',
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'PageSize',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '列表每页条数, 最大不超过100。',
+ 'description' => '列表每页条数,最大不超过100。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => true,
+ 'maximum' => '100',
+ 'minimum' => '1',
+ 'example' => '10',
+ ],
+ ],
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'DetectionRuleId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '自定义规则ID,规则ID可以通过规则列表接口获取。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'dr-53np4nguf5jmh1vc****',
+ ],
+ ],
+ [
+ 'name' => 'VerifyType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '根据告警模板对告警字段的准确性的校验结果。'."\n"
+ ."\n"
+ .'- true:通过,启用的规则告警可以同步到产品侧'."\n"
+ .'- false:不通过,告警不能通过产品侧',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'true',
+ ],
+ ],
+ [
+ 'name' => 'StartTime',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '开始时间。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '1723057091000',
+ ],
+ ],
+ [
+ 'name' => 'EndTime',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '结束时间。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '1731797891000',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'PageResponse<List<CustomizeRuleAlert>>',
+ 'description' => 'PageResponse<List<CustomizeRuleAlert>>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Success' => [
+ 'title' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'description' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'Code' => [
+ 'title' => '请求状态码。',
+ 'description' => '请求状态码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '200',
+ ],
+ 'Message' => [
+ 'title' => '请求返回消息。',
+ 'description' => '请求返回消息。',
+ 'type' => 'string',
+ 'example' => 'success',
+ ],
+ 'RequestId' => [
+ 'title' => '请求id。',
+ 'description' => '请求ID。',
+ 'type' => 'string',
+ 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****',
+ ],
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'object',
+ 'properties' => [
+ 'PageInfo' => [
+ 'title' => '分页记录。',
+ 'description' => '分页记录。',
+ 'type' => 'object',
+ 'properties' => [
+ 'CurrentPage' => [
+ 'title' => '列表当前页号。',
+ 'description' => '列表当前页号。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '1',
+ ],
+ 'PageSize' => [
+ 'title' => '每页返回记录数。',
+ 'description' => '每页返回记录数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '10',
+ ],
+ 'TotalCount' => [
+ 'title' => '记录总数。',
+ 'description' => '记录总数。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '100',
+ ],
+ 'VerifiedCount' => [
+ 'description' => '告警校验通过数。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '30',
+ ],
+ ],
+ ],
+ 'ResponseData' => [
+ 'title' => '详细数据。',
+ 'description' => '详细数据。',
+ 'type' => 'array',
+ 'items' => [
+ 'type' => 'object',
+ 'properties' => [
+ 'Uuid' => [
+ 'title' => '告警id。',
+ 'description' => '告警UUID。',
+ 'type' => 'string',
+ 'example' => 'sas_71e24437d2797ce8fc59692905a4****',
+ ],
+ 'MainUserId' => [
+ 'title' => '告警关联siem主账号id。',
+ 'description' => '告警关联SIEM主账号ID。',
+ 'type' => 'string',
+ 'example' => '127608589417****',
+ ],
+ 'SubUserId' => [
+ 'title' => '告警史记关联阿里账号ID。',
+ 'description' => '告警关联阿里账号ID。',
+ 'type' => 'string',
+ 'example' => '176555323***',
+ ],
+ 'LogType' => [
+ 'title' => '规则对应的日志类型。',
+ 'description' => '规则对应的日志类型。',
+ 'type' => 'string',
+ 'example' => 'ALERT_ACTIVITY',
+ ],
+ 'LogSource' => [
+ 'title' => '规则对应的日志源。',
+ 'description' => '规则对应的日志源。',
+ 'type' => 'string',
+ 'example' => 'cloud_siem_aegis_sas_alert',
+ ],
+ 'AlertSrcProd' => [
+ 'title' => '事件关联告警来源产品。',
+ 'description' => '事件关联告警来源产品。',
+ 'type' => 'string',
+ 'example' => 'sas',
+ ],
+ 'AlertSrcProdModule' => [
+ 'title' => '事件关联告警来源产品子模块。',
+ 'description' => '事件关联告警来源产品子模块。',
+ 'type' => 'string',
+ 'example' => 'waf',
+ ],
+ 'AttCk' => [
+ 'title' => 'ATTCT&攻击技术标签。',
+ 'description' => 'ATTCT&攻击技术标签。',
+ 'type' => 'string',
+ 'example' => 'T1595.002 Vulnerability Scanning',
+ ],
+ 'AlertDesc' => [
+ 'title' => '告警描述。',
+ 'description' => '告警描述。',
+ 'type' => 'string',
+ 'example' => 'The account you logged in this time is not in the legal account category defined by you. Please confirm the legality of the login behavior。',
+ ],
+ 'OnlineStatus' => [
+ 'title' => '告警数据状态。 取值:'."\n"
+ .'- test:业务测试'."\n"
+ .'- online:上线',
+ 'description' => '告警数据状态。 取值:'."\n"
+ .'- test:业务测试'."\n"
+ .'- online:上线',
+ 'type' => 'string',
+ 'example' => 'test',
+ ],
+ 'EventName' => [
+ 'title' => '告警名称,对应自定义规则名称。',
+ 'description' => '告警名称,对应自定义规则名称。',
+ 'type' => 'string',
+ 'example' => 'waf_scan',
+ ],
+ 'Level' => [
+ 'title' => '威胁等级。取值:'."\n"
+ .'- serious:高危'."\n"
+ .'- suspicious:中危'."\n"
+ .'- remind:低危',
+ 'description' => '威胁等级。取值:'."\n"
+ .'- serious:高危'."\n"
+ .'- suspicious:中危'."\n"
+ .'- remind:低危',
+ 'type' => 'string',
+ 'example' => 'remind',
+ ],
+ 'EventType' => [
+ 'title' => '威胁类型 即告警类型。',
+ 'description' => '威胁类型,即告警类型。',
+ 'type' => 'string',
+ 'example' => 'WEBSHELL',
+ ],
+ 'AlertDetail' => [
+ 'title' => '告警详情 json格式。',
+ 'description' => '告警详情,JSON格式。',
+ 'type' => 'string',
+ 'example' => '{"main_user_id": "165295629792****";"log_uuid_count": "99";"attack_ip": "218.92.XX.XX"}',
+ ],
+ 'LogTime' => [
+ 'title' => '告警记录时间。',
+ 'description' => '告警记录时间。',
+ 'type' => 'string',
+ 'example' => '2023-01-06 16:37:29',
+ ],
+ 'VerifyType' => [
+ 'description' => '根据告警模板对告警的校验结果。'."\n"
+ ."\n"
+ .'- true:通过'."\n"
+ .'- false:不通过',
+ 'type' => 'string',
+ 'example' => 'true',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'example' => '123456',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ 'errorCode' => 'InternalError',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\",\\n \\"Data\\": {\\n \\"PageInfo\\": {\\n \\"CurrentPage\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 100,\\n \\"VerifiedCount\\": 30\\n },\\n \\"ResponseData\\": [\\n {\\n \\"Uuid\\": \\"sas_71e24437d2797ce8fc59692905a4****\\",\\n \\"MainUserId\\": \\"127608589417****\\",\\n \\"SubUserId\\": \\"176555323***\\",\\n \\"LogType\\": \\"ALERT_ACTIVITY\\",\\n \\"LogSource\\": \\"cloud_siem_aegis_sas_alert\\",\\n \\"AlertSrcProd\\": \\"sas\\",\\n \\"AlertSrcProdModule\\": \\"waf\\",\\n \\"AttCk\\": \\"T1595.002 Vulnerability Scanning\\",\\n \\"AlertDesc\\": \\"The account you logged in this time is not in the legal account category defined by you. Please confirm the legality of the login behavior。\\",\\n \\"OnlineStatus\\": \\"test\\",\\n \\"EventName\\": \\"waf_scan\\",\\n \\"Level\\": \\"remind\\",\\n \\"EventType\\": \\"WEBSHELL\\",\\n \\"AlertDetail\\": \\"{\\\\\\"main_user_id\\\\\\": \\\\\\"165295629792****\\\\\\";\\\\\\"log_uuid_count\\\\\\": \\\\\\"99\\\\\\";\\\\\\"attack_ip\\\\\\": \\\\\\"218.92.XX.XX\\\\\\"}\\",\\n \\"LogTime\\": \\"2023-01-06 16:37:29\\",\\n \\"VerifyType\\": \\"true\\"\\n }\\n ]\\n }\\n}","type":"json"}]',
+ 'title' => '获取自定义规则测试结果列表',
+ ],
+ 'PostCustomizeRule' => [
+ 'summary' => '添加或者更新自定义规则。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'https',
+ 'http',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'create',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'Id',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '自定义规则ID。',
+ 'description' => '自定义规则ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '123456789',
+ ],
+ ],
+ [
+ 'name' => 'RuleName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '规则名称。',
+ 'description' => '规则名称。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'waf_scan',
+ ],
+ ],
+ [
+ 'name' => 'RuleDesc',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '规则描述。',
+ 'description' => '规则描述。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'this rule is for waf scan',
+ ],
+ ],
+ [
+ 'name' => 'ThreatLevel',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁等级。取值:'."\n"
+ .'- serious:高危'."\n"
+ .'- suspicious:中危'."\n"
+ .'- remind:低危',
+ 'description' => '威胁等级。取值:'."\n"
+ .'- serious:高危'."\n"
+ .'- suspicious:中危'."\n"
+ .'- remind:低危',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'remind',
+ ],
+ ],
+ [
+ 'name' => 'AttCk',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => 'att&ck。',
+ 'description' => 'att&ck。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'T1595.002 Vulnerability Scanning'."\n",
+ ],
+ ],
+ [
+ 'name' => 'AlertType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁类型。',
+ 'description' => '威胁类型。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'WEBSHELL',
+ ],
+ ],
+ [
+ 'name' => 'AlertTypeMds',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁类型美杜莎code。',
+ 'description' => '威胁类型美杜莎Code。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '${siem_rule_type_process_abnormal_command}',
+ ],
+ ],
+ [
+ 'name' => 'LogType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '规则对应的日志类型。',
+ 'description' => '规则对应的日志类型。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'ALERT_ACTIVITY',
+ ],
+ ],
+ [
+ 'name' => 'LogTypeMds',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '规则对应的日志类型美杜莎code。',
+ 'description' => '规则对应的日志类型美杜莎Code。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '${security_event_config.event_name.webshellName_clientav}',
+ ],
+ ],
+ [
+ 'name' => 'LogSource',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '规则对应的日志源。',
+ 'description' => '规则对应的日志源。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cloud_siem_aegis_sas_alert',
+ ],
+ ],
+ [
+ 'name' => 'LogSourceMds',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '规则对应的日志源美杜莎code。',
+ 'description' => '规则对应的日志源美杜莎Code。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '${sas.cloudsiem.prod.cloud_siem_aegis_sas_alert}',
+ ],
+ ],
+ [
+ 'name' => 'RuleCondition',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '规则查询条件json。',
+ 'description' => '规则查询条件json。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '[[{"not":false,"left":"alert_name","operator":"=","right":"WEBSHELL"}]]',
+ ],
+ ],
+ [
+ 'name' => 'RuleGroup',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '日志聚合字段,json数组格式。',
+ 'description' => '日志聚合字段,json数组格式。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '["asset_id"]',
+ ],
+ ],
+ [
+ 'name' => 'RuleThreshold',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '规则阈值配置json。',
+ 'description' => '规则阈值配置json。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '{"aggregateFunction":"count","aggregateFunctionName":"count","field":"activity_name","operator":"&lt;=","value":1}',
+ ],
+ ],
+ [
+ 'name' => 'QueryCycle',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '规则窗口长度。',
+ 'description' => '规则窗口长度。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '{"time":"1","unit":"HOUR"}',
+ ],
+ ],
+ [
+ 'name' => 'EventTransferSwitch',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '告警是否转换事件开关。 取值:'."\n"
+ .'- 0:不转换'."\n"
+ .'- 1:转换',
+ 'description' => '告警是否转换事件开关。取值:'."\n"
+ .'- 0:不转换'."\n"
+ .'- 1:转换',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'EventTransferType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '事件生成方式。 取值:'."\n"
+ .'- default:默认内置方式'."\n"
+ .'- singleToSingle:每个告警生成一个事件'."\n"
+ .'- allToSingle:周期内告警生成一个事件',
+ 'description' => '事件生成方式。取值:'."\n"
+ .'- default:默认内置方式'."\n"
+ .'- singleToSingle:每个告警生成一个事件'."\n"
+ .'- allToSingle:周期内告警生成一个事件',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'allToSingle',
+ ],
+ ],
+ [
+ 'name' => 'EventTransferExt',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '事件生成扩展信息 当eventTransferType值为allToSingle该字段有值 表示告警聚合窗口的周期长度以及周期单位。',
+ 'description' => '事件生成扩展信息,当eventTransferType值为allToSingle时,该字段有值,表示告警聚合窗口的周期长度以及周期单位。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '{"time":"1","unit":"MINUTE"}',
+ ],
+ ],
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'BaseResponse<CloudSiemCustomizeRule>',
+ 'description' => 'BaseResponse<CloudSiemCustomizeRule>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'object',
+ 'properties' => [
+ 'Id' => [
+ 'title' => '自定义规则ID。',
+ 'description' => '自定义规则id。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '123456789',
+ ],
+ 'GmtCreate' => [
+ 'title' => '自定义规则创建时间。',
+ 'description' => '自定义规则创建时间。',
+ 'type' => 'string',
+ 'example' => '2021-01-06 16:37:29',
+ ],
+ 'GmtModified' => [
+ 'title' => '自定义规则最后更新时间。',
+ 'description' => '自定义规则最后更新时间。',
+ 'type' => 'string',
+ 'example' => '2021-01-06 16:37:29',
+ ],
+ 'Aliuid' => [
+ 'title' => 'siem主账号ID。',
+ 'description' => '购买威胁分析产品的阿里云账号ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '127608589417****',
+ ],
+ 'RuleName' => [
+ 'title' => '规则名称。',
+ 'description' => '规则名称。',
+ 'type' => 'string',
+ 'example' => 'waf_scan',
+ ],
+ 'RuleDesc' => [
+ 'title' => '规则描述。',
+ 'description' => '规则描述。',
+ 'type' => 'string',
+ 'example' => 'this rule is for waf scan',
+ ],
+ 'RuleType' => [
+ 'title' => '规则类型。 取值:'."\n"
+ .'- predefine:预定义'."\n"
+ .'- customize:自定义',
+ 'description' => '规则类型。取值:'."\n"
+ .'- predefine:预定义'."\n"
+ .'- customize:自定义',
+ 'type' => 'string',
+ 'example' => 'customize',
+ ],
+ 'ThreatLevel' => [
+ 'title' => '威胁等级。取值:'."\n"
+ .'- serious:高危'."\n"
+ .'- suspicious:中危'."\n"
+ .'- remind:低危',
+ 'description' => '威胁等级。取值:'."\n"
+ .'- serious:高危'."\n"
+ .'- suspicious:中危'."\n"
+ .'- remind:低危',
+ 'type' => 'string',
+ 'example' => 'remind',
+ ],
+ 'AlertType' => [
+ 'title' => '威胁类型。',
+ 'description' => '威胁类型。',
+ 'type' => 'string',
+ 'example' => 'WEBSHELL',
+ ],
+ 'AlertTypeMds' => [
+ 'title' => '威胁类型美杜莎code。',
+ 'description' => '威胁类型美杜莎Code。',
+ 'type' => 'string',
+ 'example' => '${siem_rule_type_process_abnormal_command}',
+ ],
+ 'LogType' => [
+ 'title' => '规则对应的日志类型。',
+ 'description' => '规则对应的日志类型。',
+ 'type' => 'string',
+ 'example' => 'ALERT_ACTIVITY',
+ ],
+ 'LogTypeMds' => [
+ 'title' => '规则对应的日志类型美杜莎code。',
+ 'description' => '规则对应的日志类型美杜莎Code。',
+ 'type' => 'string',
+ 'example' => '${security_event_config.event_name.webshellName_clientav}',
+ ],
+ 'LogSource' => [
+ 'title' => '规则对应的日志源。',
+ 'description' => '规则对应的日志源。',
+ 'type' => 'string',
+ 'example' => 'cloud_siem_aegis_sas_alert',
+ ],
+ 'LogSourceMds' => [
+ 'title' => '规则对应的日志源美杜莎code。',
+ 'description' => '规则对应的日志源美杜莎code。',
+ 'type' => 'string',
+ 'example' => '${sas.cloudsiem.prod.cloud_siem_aegis_sas_alert}',
+ ],
+ 'RuleCondition' => [
+ 'title' => '规则查询条件json(需要对html转义字符进行反向转义)。',
+ 'description' => '规则查询条件json(需要对html转义字符进行反向转义)。',
+ 'type' => 'string',
+ 'example' => '[[{&quot;not&quot;:false,&quot;left&quot;:&quot;alert_name&quot;,&quot;operator&quot;:&quot;=&quot;,&quot;right&quot;:&quot;WEBSHELL&quot;}]]',
+ ],
+ 'RuleGroup' => [
+ 'title' => '日志聚合字段,json数组格式(需要对html转义字符进行反向转义)。',
+ 'description' => '日志聚合字段,json数组格式(需要对html转义字符进行反向转义)。',
+ 'type' => 'string',
+ 'example' => '[&quot;asset_id&quot;]',
+ ],
+ 'RuleThreshold' => [
+ 'title' => '规则阈值配置json(需要对html转义字符进行反向转义)。',
+ 'description' => '规则阈值配置json(需要对html转义字符进行反向转义)。',
+ 'type' => 'string',
+ 'example' => '{&quot;aggregateFunction&quot;:&quot;count&quot;,&quot;aggregateFunctionName&quot;:&quot;count&quot;,&quot;field&quot;:&quot;activity_name&quot;,&quot;operator&quot;:&quot;&lt;=&quot;,&quot;value&quot;:1}',
+ ],
+ 'QueryCycle' => [
+ 'title' => '规则窗口长度(需要对html转义字符进行反向转义)。',
+ 'description' => '规则窗口长度(需要对html转义字符进行反向转义)。',
+ 'type' => 'string',
+ 'example' => '{&quot;time&quot;:&quot;1&quot;,&quot;unit&quot;:&quot;HOUR&quot;}',
+ ],
+ 'AttCk' => [
+ 'title' => '告警附加字段attck',
+ 'description' => '告警附加字段attck',
+ 'type' => 'string',
+ 'example' => 'T1595.002 Vulnerability Scanning',
+ ],
+ 'EventTransferSwitch' => [
+ 'title' => '告警是否转换事件开关。 取值:'."\n"
+ .'- 0:不转换'."\n"
+ .'- 1:转换',
+ 'description' => '告警是否转换事件开关。取值:'."\n"
+ .'- 0:不转换'."\n"
+ .'- 1:转换',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '1',
+ ],
+ 'EventTransferType' => [
+ 'title' => '事件生成方式。 取值:'."\n"
+ .'- default:默认内置方式'."\n"
+ .'- singleToSingle:每个告警生成一个事件'."\n"
+ .'- allToSingle:周期内告警生成一个事件',
+ 'description' => '事件生成方式。取值:'."\n"
+ .'- default:默认内置方式'."\n"
+ .'- singleToSingle:每个告警生成一个事件'."\n"
+ .'- allToSingle:周期内告警生成一个事件',
+ 'type' => 'string',
+ 'example' => 'allToSingle',
+ ],
+ 'EventTransferExt' => [
+ 'title' => '事件生成扩展信息 当eventTransferType值为allToSingle该字段有值 表示告警聚合窗口的周期长度以及周期单位(需要对html转义字符进行反向转义)。',
+ 'description' => '事件生成扩展信息,当eventTransferType值为allToSingle时,该字段有值,表示告警聚合窗口的周期长度以及周期单位,(需要对html转义字符进行反向转义)。',
+ 'type' => 'string',
+ 'example' => '{&quot;time&quot;:&quot;1&quot;,&quot;unit&quot;:&quot;MINUTE&quot;}',
+ ],
+ 'Status' => [
+ 'title' => '规则状态。 取值:'."\n"
+ .'- 0:初始状态'."\n"
+ .'- 10:模拟数据测试'."\n"
+ .'- 15:业务数据测试中'."\n"
+ .'- 20:业务数据测试结束'."\n"
+ .'- 100:规则上线',
+ 'description' => '规则状态。取值:'."\n"
+ .'- 0:初始状态'."\n"
+ .'- 10:模拟数据测试'."\n"
+ .'- 15:业务数据测试中'."\n"
+ .'- 20:业务数据测试结束'."\n"
+ .'- 100:规则上线',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '0',
+ ],
+ 'DataType' => [
+ 'description' => '自动化响应规则条件字段数据类型。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => 'varchar',
+ ],
+ ],
+ 'example' => '123456',
+ ],
+ 'Success' => [
+ 'title' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'description' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'Code' => [
+ 'title' => '请求状态码。',
+ 'description' => '请求状态码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '200',
+ ],
+ 'Message' => [
+ 'title' => '请求返回消息。',
+ 'description' => '请求返回消息。',
+ 'type' => 'string',
+ 'example' => 'success',
+ ],
+ 'RequestId' => [
+ 'title' => '请求id。',
+ 'description' => '请求ID。',
+ 'type' => 'string',
+ 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'CloudSiemCustomizeRuleUpdateExcepiton',
+ 'errorMessage' => 'this customize rule can only update in init status.',
+ ],
+ [
+ 'errorCode' => 'CloudSiemCustomizeRuleConditionExceedExcepiton',
+ 'errorMessage' => 'the number of rule conditions cannot exceed 100.',
+ ],
+ [
+ 'errorCode' => 'CloudSiemCustomizeRuleDuplicateRuleNameExcepiton',
+ 'errorMessage' => 'the rule name is duplicated.',
+ ],
+ ],
+ 500 => [
+ [
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ 'errorCode' => 'InternalError',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"Id\\": 123456789,\\n \\"GmtCreate\\": \\"2021-01-06 16:37:29\\",\\n \\"GmtModified\\": \\"2021-01-06 16:37:29\\",\\n \\"Aliuid\\": 0,\\n \\"RuleName\\": \\"waf_scan\\",\\n \\"RuleDesc\\": \\"this rule is for waf scan\\",\\n \\"RuleType\\": \\"customize\\",\\n \\"ThreatLevel\\": \\"remind\\",\\n \\"AlertType\\": \\"WEBSHELL\\",\\n \\"AlertTypeMds\\": \\"${siem_rule_type_process_abnormal_command}\\",\\n \\"LogType\\": \\"ALERT_ACTIVITY\\",\\n \\"LogTypeMds\\": \\"${security_event_config.event_name.webshellName_clientav}\\",\\n \\"LogSource\\": \\"cloud_siem_aegis_sas_alert\\",\\n \\"LogSourceMds\\": \\"${sas.cloudsiem.prod.cloud_siem_aegis_sas_alert}\\",\\n \\"RuleCondition\\": \\"[[{&quot;not&quot;:false,&quot;left&quot;:&quot;alert_name&quot;,&quot;operator&quot;:&quot;=&quot;,&quot;right&quot;:&quot;WEBSHELL&quot;}]]\\",\\n \\"RuleGroup\\": \\"[&quot;asset_id&quot;]\\",\\n \\"RuleThreshold\\": \\"{&quot;aggregateFunction&quot;:&quot;count&quot;,&quot;aggregateFunctionName&quot;:&quot;count&quot;,&quot;field&quot;:&quot;activity_name&quot;,&quot;operator&quot;:&quot;&lt;=&quot;,&quot;value&quot;:1}\\",\\n \\"QueryCycle\\": \\"{&quot;time&quot;:&quot;1&quot;,&quot;unit&quot;:&quot;HOUR&quot;}\\",\\n \\"AttCk\\": \\"T1595.002 Vulnerability Scanning\\",\\n \\"EventTransferSwitch\\": 1,\\n \\"EventTransferType\\": \\"allToSingle\\",\\n \\"EventTransferExt\\": \\"{&quot;time&quot;:&quot;1&quot;,&quot;unit&quot;:&quot;MINUTE&quot;}\\",\\n \\"Status\\": 0,\\n \\"DataType\\": 0\\n },\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]',
+ 'title' => '添加或者更新自定义规则',
+ ],
+ 'PostCustomizeRuleTest' => [
+ 'summary' => '提交自定义规则测试。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'https',
+ 'http',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'create',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'Id',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '自定义规则ID。',
+ 'description' => '自定义规则ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '123456789',
+ ],
+ ],
+ [
+ 'name' => 'TestType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '测试类型。 取值:'."\n"
+ .'- simulate:模拟数据测试'."\n"
+ .'- business:业务数据测试'."\n"
+ .'- 15:业务数据测试中',
+ 'description' => '测试类型。取值:'."\n"
+ .'- simulate:模拟数据测试'."\n"
+ .'- business:业务数据测试',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'simulate',
+ ],
+ ],
+ [
+ 'name' => 'SimulatedData',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '模拟测试数据 只有在测试类型为simulate情况下赋值。',
+ 'description' => '模拟测试数据,只有在测试类型为simulate情况下赋值。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '[{"key1":"value1","key2":"value2","key3":"value3","key4":"value4","key5":"value5"}]',
+ ],
+ ],
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'BaseResponse',
+ 'description' => 'BaseResponse',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'any',
+ 'example' => '123456',
+ ],
+ 'Success' => [
+ 'title' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'description' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'Code' => [
+ 'title' => '请求状态码。',
+ 'description' => '请求状态码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '200',
+ ],
+ 'Message' => [
+ 'title' => '请求返回消息。',
+ 'description' => '请求返回消息。',
+ 'type' => 'string',
+ 'example' => 'success',
+ ],
+ 'RequestId' => [
+ 'title' => '请求id。',
+ 'description' => '请求ID。',
+ 'type' => 'string',
+ 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ 'errorCode' => 'InternalError',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": \\"123456\\",\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]',
+ 'title' => '提交自定义规则测试',
+ ],
+ 'PostFinishCustomizeRuleTest' => [
+ 'summary' => '结束自定义规则测试。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'https',
+ 'http',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'update',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'Id',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '自定义规则ID。',
+ 'description' => '自定义规则ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '123456789',
+ ],
+ ],
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'BaseResponse',
+ 'description' => 'BaseResponse',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'any',
+ 'example' => '123456',
+ ],
+ 'Success' => [
+ 'title' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'description' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'Code' => [
+ 'title' => '请求状态码。',
+ 'description' => '请求状态码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '200',
+ ],
+ 'Message' => [
+ 'title' => '请求返回消息。',
+ 'description' => '请求返回消息。',
+ 'type' => 'string',
+ 'example' => 'success',
+ ],
+ 'RequestId' => [
+ 'title' => '请求id。',
+ 'description' => '请求ID。',
+ 'type' => 'string',
+ 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ 'errorCode' => 'InternalError',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": \\"123456\\",\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]',
+ 'title' => '结束自定义规则测试',
+ ],
+ 'PostRuleStatusChange' => [
+ 'summary' => '更新自定义规则状态。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'https',
+ 'http',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'update',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'Ids',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '规则id列表 json数组格式。',
+ 'description' => '规则id列表 json数组格式。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '[123,345]',
+ ],
+ ],
+ [
+ 'name' => 'RuleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '规则类型。 取值:'."\n"
+ .'- predefine:预定义'."\n"
+ .'- customize:自定义',
+ 'description' => '规则类型。 取值:'."\n"
+ .'- predefine:预定义'."\n"
+ .'- customize:自定义',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'customize',
+ ],
+ ],
+ [
+ 'name' => 'InUse',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '规则开启状态。 取值:'."\n"
+ .'- true:开启'."\n"
+ .'- false:关闭',
+ 'description' => '规则开启状态。 取值:'."\n"
+ .'- true:开启'."\n"
+ .'- false:关闭',
+ 'type' => 'boolean',
+ 'required' => false,
+ 'example' => 'true',
+ ],
+ ],
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'BaseResponse',
+ 'description' => 'BaseResponse',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'any',
+ 'example' => '123456',
+ ],
+ 'Success' => [
+ 'title' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'description' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'Code' => [
+ 'title' => '请求状态码。',
+ 'description' => '请求状态码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '200',
+ ],
+ 'Message' => [
+ 'title' => '请求返回消息。',
+ 'description' => '请求返回消息。',
+ 'type' => 'string',
+ 'example' => 'success',
+ ],
+ 'RequestId' => [
+ 'title' => '请求id。',
+ 'description' => '请求ID。',
+ 'type' => 'string',
+ 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ 'errorCode' => 'InternalError',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": \\"123456\\",\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]',
+ 'title' => '更新自定义规则状态',
+ ],
+ 'DescribeScopeUsers' => [
+ 'summary' => '获取剧本作用域用户列表。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'https',
+ 'http',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'get',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'BaseResponse<List<SoarScope>>',
+ 'description' => 'BaseResponse<List<SoarScope>>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'array',
+ 'items' => [
+ 'type' => 'object',
+ 'properties' => [
+ 'AliUid' => [
+ 'title' => 'siem用户ID。',
+ 'description' => 'SIEM用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '123456789****',
+ ],
+ 'UserName' => [
+ 'title' => '用户名。',
+ 'description' => '用户名。',
+ 'type' => 'string',
+ 'example' => 'test001',
+ ],
+ 'UserId' => [
+ 'title' => '多云用户ID。',
+ 'description' => '多云用户ID。',
+ 'type' => 'string',
+ 'example' => '123456789****',
+ ],
+ 'CloudCode' => [
+ 'title' => '云code。 取值:'."\n"
+ .'- qcloud:腾讯云'."\n"
+ .'- hcloud:华为云',
+ 'description' => '云code。 取值:'."\n"
+ .'- qcloud:腾讯云'."\n"
+ .'- hcloud:华为云',
+ 'type' => 'string',
+ 'example' => 'qcloud',
+ ],
+ 'InstanceId' => [
+ 'title' => 'waf实例ID。',
+ 'description' => 'Waf实例ID。',
+ 'type' => 'string',
+ 'example' => 'waf-cn-tl123ast****',
+ ],
+ 'Domains' => [
+ 'title' => 'waf实例下的防护的域名列表。',
+ 'description' => 'Waf实例下的防护的域名列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => 'Waf实例下的防护的域名列表。',
+ 'type' => 'string',
+ 'example' => '[123***.com, 456***.com]',
+ ],
+ 'example' => '[123.com, 456.com]',
+ ],
+ ],
+ ],
+ 'example' => '123456',
+ ],
+ 'Success' => [
+ 'title' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'description' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'Code' => [
+ 'title' => '请求状态码。',
+ 'description' => '请求状态码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '200',
+ ],
+ 'Message' => [
+ 'title' => '请求返回消息。',
+ 'description' => '请求返回消息。',
+ 'type' => 'string',
+ 'example' => 'success',
+ ],
+ 'RequestId' => [
+ 'title' => '请求id。',
+ 'description' => '请求ID。',
+ 'type' => 'string',
+ 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ 'errorCode' => 'InternalError',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"AliUid\\": 0,\\n \\"UserName\\": \\"test001\\",\\n \\"UserId\\": \\"123456789****\\",\\n \\"CloudCode\\": \\"qcloud\\",\\n \\"InstanceId\\": \\"waf-cn-tl123ast****\\",\\n \\"Domains\\": [\\n \\"[123***.com, 456***.com]\\"\\n ]\\n }\\n ],\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]',
+ 'title' => '获取剧本作用域用户列表',
+ ],
+ 'DeleteAutomateResponseConfig' => [
+ 'summary' => '删除指定ID的自动化响应规则。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'https',
+ 'http',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'delete',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'Id',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '自动化响应配置规则ID。',
+ 'description' => '自动化响应配置规则ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '123',
+ ],
+ ],
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'BaseResponse<String>',
+ 'description' => 'BaseResponse<String>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'string',
+ 'example' => '123456',
+ ],
+ 'Success' => [
+ 'title' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'description' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'Code' => [
+ 'title' => '请求状态码。',
+ 'description' => '请求状态码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '200',
+ ],
+ 'Message' => [
+ 'title' => '请求返回消息。',
+ 'description' => '请求返回消息。',
+ 'type' => 'string',
+ 'example' => 'success',
+ ],
+ 'RequestId' => [
+ 'title' => '请求id。',
+ 'description' => '请求ID。',
+ 'type' => 'string',
+ 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ 'errorCode' => 'InternalError',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": \\"123456\\",\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]',
+ 'title' => '删除自动化响应规则',
+ ],
+ 'DescribeAutomateResponseConfigCounter' => [
+ 'summary' => '获取自动化响应规则计数。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'https',
+ 'http',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'get',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'BaseResponse<AutomateResponseCounter>',
+ 'description' => 'BaseResponse<AutomateResponseCounter>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'object',
+ 'properties' => [
+ 'All' => [
+ 'title' => '总规则数。',
+ 'description' => '总规则数。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '20',
+ ],
+ 'Online' => [
+ 'title' => '启动规则数。',
+ 'description' => '启动规则数。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '10',
+ ],
+ ],
+ 'example' => '123456',
+ ],
+ 'Success' => [
+ 'title' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'description' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'Code' => [
+ 'title' => '请求状态码。',
+ 'description' => '请求状态码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '200',
+ ],
+ 'Message' => [
+ 'title' => '请求返回消息。',
+ 'description' => '请求返回消息。',
+ 'type' => 'string',
+ 'example' => 'success',
+ ],
+ 'RequestId' => [
+ 'title' => '请求id。',
+ 'description' => '请求ID。',
+ 'type' => 'string',
+ 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ 'errorCode' => 'InternalError',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"All\\": 20,\\n \\"Online\\": 10\\n },\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]',
+ 'title' => '获取自动化响应规则计数',
+ ],
+ 'DescribeAutomateResponseConfigFeature' => [
+ 'summary' => '获取自动化规则策略可配置字段及操作符。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'https',
+ 'http',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'get',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'AutoResponseType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '自动化响应类型。 取值:'."\n"
+ .'- event:事件'."\n"
+ .'- alert:告警',
+ 'description' => '自动化响应类型。取值:'."\n"
+ .'- event:事件'."\n"
+ .'- alert:告警',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'event',
+ ],
+ ],
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'BaseResponse<List<AutomateResponseConfigFeature>>',
+ 'description' => 'BaseResponse<List<AutomateResponseConfigFeature>>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'array',
+ 'items' => [
+ 'type' => 'object',
+ 'properties' => [
+ 'Feature' => [
+ 'title' => '自动化响应规则条件字段名称。',
+ 'description' => '自动化响应规则条件字段名称。',
+ 'type' => 'string',
+ 'example' => 'alert_desc',
+ ],
+ 'DataType' => [
+ 'title' => '自动化响应规则条件字段数据类型。',
+ 'description' => '自动化响应规则条件字段数据类型。',
+ 'type' => 'string',
+ 'example' => 'varchar',
+ ],
+ 'SupportOperators' => [
+ 'title' => '该字段支持的操作符列表',
+ 'description' => '该字段支持的操作符列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'type' => 'object',
+ 'properties' => [
+ 'HasRightValue' => [
+ 'title' => '是否需要右值 取值:'."\n"
+ .'- 需要:'."\n"
+ .'- false:不需要。',
+ 'description' => '是否需要右值。取值:'."\n"
+ .'- true:需要'."\n"
+ .'- false:不需要',
+ 'type' => 'boolean',
+ 'example' => 'false',
+ ],
+ 'Operator' => [
+ 'title' => '操作符。',
+ 'description' => '操作符。',
+ 'type' => 'string',
+ 'example' => '<=',
+ ],
+ 'OperatorName' => [
+ 'title' => '操作符显示名称。',
+ 'description' => '操作符显示名称。',
+ 'type' => 'string',
+ 'example' => '<=',
+ ],
+ 'OperatorDescCn' => [
+ 'title' => '操作符中文描述。',
+ 'description' => '操作符中文描述。',
+ 'type' => 'string',
+ 'example' => 'larger than or equal to',
+ ],
+ 'OperatorDescEn' => [
+ 'title' => '操作符英文描述。',
+ 'description' => '操作符英文描述。',
+ 'type' => 'string',
+ 'example' => 'larger than or equal to',
+ ],
+ 'SupportDataType' => [
+ 'title' => '当前操作符可以支持的数据类型 以逗号分隔。',
+ 'description' => '当前操作符可以支持的数据类型,以逗号分隔。',
+ 'type' => 'string',
+ 'example' => 'varchar',
+ ],
+ 'SupportTag' => [
+ 'title' => '操作符支持场景 多个场景以逗号分隔 如聚合(AGGREGATE)等 默认为空。',
+ 'description' => '操作符支持场景。多个场景以逗号分隔,如聚合等。默认为空。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '支持场景。',
+ 'type' => 'string',
+ 'example' => '[AGGREGATE]',
+ ],
+ 'example' => '[AGGREGATE]',
+ ],
+ 'Index' => [
+ 'title' => '操作符所处操作符列表位置。',
+ 'description' => '操作符所处操作符列表位置。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '3',
+ ],
+ ],
+ ],
+ ],
+ 'RightValueEnums' => [
+ 'title' => '该字段对应的右值枚举值',
+ 'description' => '该字段对应的右值枚举值。',
+ 'type' => 'array',
+ 'items' => [
+ 'type' => 'object',
+ 'properties' => [
+ 'Value' => [
+ 'title' => '右值枚举值。',
+ 'description' => '右值枚举值。',
+ 'type' => 'string',
+ 'example' => 'serious',
+ ],
+ 'ValueMds' => [
+ 'title' => '右值枚举值美杜莎code。',
+ 'description' => '右值枚举值美杜莎Code。',
+ 'type' => 'string',
+ 'example' => 'aliyun.siem.automate.feature.alert_level.serious',
+ ],
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'example' => '123456',
+ ],
+ 'Success' => [
+ 'title' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'description' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'Code' => [
+ 'title' => '请求状态码。',
+ 'description' => '请求状态码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '200',
+ ],
+ 'Message' => [
+ 'title' => '请求返回消息。',
+ 'description' => '请求返回消息。',
+ 'type' => 'string',
+ 'example' => 'success',
+ ],
+ 'RequestId' => [
+ 'title' => '请求id。',
+ 'description' => '请求ID。',
+ 'type' => 'string',
+ 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ 'errorCode' => 'InternalError',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"Feature\\": \\"alert_desc\\",\\n \\"DataType\\": \\"varchar\\",\\n \\"SupportOperators\\": [\\n {\\n \\"HasRightValue\\": false,\\n \\"Operator\\": \\"<=\\",\\n \\"OperatorName\\": \\"<=\\",\\n \\"OperatorDescCn\\": \\"larger than or equal to\\",\\n \\"OperatorDescEn\\": \\"larger than or equal to\\",\\n \\"SupportDataType\\": \\"varchar\\",\\n \\"SupportTag\\": [\\n \\"[AGGREGATE]\\"\\n ],\\n \\"Index\\": 3\\n }\\n ],\\n \\"RightValueEnums\\": [\\n {\\n \\"Value\\": \\"serious\\",\\n \\"ValueMds\\": \\"aliyun.siem.automate.feature.alert_level.serious\\"\\n }\\n ]\\n }\\n ],\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]',
+ 'title' => '获取自动化规则策略可配置字段及操作符',
+ ],
+ 'ListAutomateResponseConfigs' => [
+ 'summary' => '获取自动化响应规则列表。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'http',
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'read',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'list',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas104PTS',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'Id',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '自动化响应配置规则ID。',
+ 'description' => '自动化响应配置规则ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '123',
+ ],
+ ],
+ [
+ 'name' => 'SubUserId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '规则创建用户ID。',
+ 'description' => '规则创建用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '17108579417****',
+ ],
+ ],
+ [
+ 'name' => 'PlaybookUuid',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '剧本唯一标识。',
+ 'description' => '剧本唯一标识。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'system_aliyun_aegis_kill_quara_book',
+ ],
+ ],
+ [
+ 'name' => 'RuleName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '自动化响应配置规则名称。',
+ 'description' => '自动化响应配置规则名称。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cfw kill quara book',
+ ],
+ ],
+ [
+ 'name' => 'AutoResponseType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '自动化响应类型。 取值:'."\n"
+ .'- event:事件'."\n"
+ .'- alert:告警',
+ 'description' => '自动化响应类型。取值:'."\n"
+ .'- **event**:事件'."\n"
+ .'- **alert**:告警',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'event',
+ ],
+ ],
+ [
+ 'name' => 'ActionType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '处置动作类型。 取值:'."\n"
+ .'- doPlaybook:执行剧本'."\n"
+ .'- changeEventStatus:更改事件状态'."\n"
+ .'- changeThreatLevel:更改事件威胁等级',
+ 'description' => '处置动作类型。取值:'."\n"
+ .'- **doPlaybook**:执行剧本'."\n"
+ .'- **changeEventStatus**:更改事件状态'."\n"
+ .'- **changeThreatLevel**:更改事件威胁等级',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'doPlaybook',
+ ],
+ ],
+ [
+ 'name' => 'Status',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '规则状态。 取值:'."\n"
+ .'- 0:未启用'."\n"
+ .'- 100:启用',
+ 'description' => '规则状态。取值:'."\n"
+ .'- **0**:未启用'."\n"
+ .'- **100**:启用',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '0',
+ ],
+ ],
+ [
+ 'name' => 'CurrentPage',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '列表当前页号, 大于等于1。',
+ 'description' => '列表当前页号,大于等于1。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => true,
+ 'minimum' => '1',
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'PageSize',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '列表每页条数, 最大不超过100。',
+ 'description' => '列表每页条数,最大不超过100。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => true,
+ 'maximum' => '100',
+ 'minimum' => '1',
+ 'example' => '10',
+ ],
+ ],
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- **cn-hangzhou**:资产属于中国内地与中国香港'."\n"
+ .'- **ap-southeast-1**:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'ResponseRuleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '响应规则类型。'."\n"
+ ."\n"
+ .'- preset:预定义'."\n"
+ .'- custom:自定义',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'custom',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'PageResponse<List<CloudSiemAutomateResponseConfig>>',
+ 'description' => 'PageResponse<List<CloudSiemAutomateResponseConfig>>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Success' => [
+ 'title' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'description' => '请求是否成功。取值:'."\n"
+ .'- **true**:成功'."\n"
+ .'- **false**:失败',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'Code' => [
+ 'title' => '请求状态码。',
+ 'description' => '请求状态码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '200',
+ ],
+ 'Message' => [
+ 'title' => '请求返回消息。',
+ 'description' => '请求返回消息。',
+ 'type' => 'string',
+ 'example' => 'success',
+ ],
+ 'RequestId' => [
+ 'title' => '请求id。',
+ 'description' => '请求ID。',
+ 'type' => 'string',
+ 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****',
+ ],
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'object',
+ 'properties' => [
+ 'PageInfo' => [
+ 'title' => '分页记录。',
+ 'description' => '分页记录。',
+ 'type' => 'object',
+ 'properties' => [
+ 'CurrentPage' => [
+ 'title' => '列表当前页号。',
+ 'description' => '列表当前页号。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '1',
+ ],
+ 'PageSize' => [
+ 'title' => '每页返回记录数。',
+ 'description' => '每页返回记录数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '10',
+ ],
+ 'TotalCount' => [
+ 'title' => '记录总数。',
+ 'description' => '记录总数。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '100',
+ ],
+ ],
+ ],
+ 'ResponseData' => [
+ 'title' => '详细数据。',
+ 'description' => '详细数据。',
+ 'type' => 'array',
+ 'items' => [
+ 'type' => 'object',
+ 'properties' => [
+ 'Id' => [
+ 'title' => '自动化响应配置规则ID。',
+ 'description' => '自动化响应配置规则ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '123',
+ ],
+ 'GmtCreate' => [
+ 'title' => '创建时间。',
+ 'description' => '创建时间。',
+ 'type' => 'string',
+ 'example' => '2021-01-06 16:37:29',
+ ],
+ 'GmtModified' => [
+ 'title' => '修改时间。',
+ 'description' => '修改时间。',
+ 'type' => 'string',
+ 'example' => '2021-01-06 16:37:29',
+ ],
+ 'Aliuid' => [
+ 'title' => '规则关联siem主账号ID。',
+ 'description' => '规则关联SIEM主账号ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '127608589417****',
+ ],
+ 'SubUserId' => [
+ 'title' => '规则创建用户ID。',
+ 'description' => '规则创建用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '17108579417****',
+ ],
+ 'RuleName' => [
+ 'title' => '自动化响应配置规则名称。',
+ 'description' => '自动化响应配置规则名称。',
+ 'type' => 'string',
+ 'example' => 'cfw kill quara book',
+ ],
+ 'AutoResponseType' => [
+ 'title' => '自动化响应类型。 取值:'."\n"
+ .'- event:事件'."\n"
+ .'- alert:告警',
+ 'description' => '自动化响应类型。取值:'."\n"
+ .'- **event**:事件'."\n"
+ .'- **alert**:告警',
+ 'type' => 'string',
+ 'example' => 'event',
+ ],
+ 'ExecutionCondition' => [
+ 'title' => '自动化响应规则触发条件 json格式。',
+ 'description' => '自动化响应规则触发条件,JSON格式。',
+ 'type' => 'string',
+ 'example' => '[{"left":{"value":"alert_name"},"operator":"containsString","right":{"value":"webshell_online"}}]',
+ ],
+ 'ActionType' => [
+ 'title' => '处置动作类型 多个值以逗号分隔。 取值:'."\n"
+ .'- doPlaybook:执行剧本'."\n"
+ .'- changeEventStatus:更改事件状态'."\n"
+ .'- changeThreatLevel:更改事件威胁等级',
+ 'description' => '处置动作类型,多个值以逗号分隔。取值:'."\n"
+ .'- **doPlaybook**:执行剧本'."\n"
+ .'- **changeEventStatus**:更改事件状态'."\n"
+ .'- **changeThreatLevel**:更改事件威胁等级',
+ 'type' => 'string',
+ 'example' => 'doPlaybook,changeEventStatus',
+ ],
+ 'ActionConfig' => [
+ 'title' => '自动化响应规则动作配置 json数组格式。',
+ 'description' => '自动化响应规则动作配置,JSON数组格式。',
+ 'type' => 'string',
+ 'example' => '['."\n"
+ .' {'."\n"
+ .' "actionType": "doPlaybook",'."\n"
+ .' "playbookName": "WafBlockIP",'."\n"
+ .' "playbookUuid": "bdad6220-6584-41b2-9704-fc6584568758"'."\n"
+ .' }'."\n"
+ .']',
+ ],
+ 'Status' => [
+ 'title' => '规则状态。 取值:'."\n"
+ .'- 0:未启用'."\n"
+ .'- 100:启用',
+ 'description' => '规则状态。取值:'."\n"
+ .'- **0**:未启用'."\n"
+ .'- **100**:启用',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '0',
+ ],
+ 'DataType' => [
+ 'description' => '自动化响应规则条件字段数据类型。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => 'varchar',
+ ],
+ 'ResponseRuleType' => [
+ 'description' => '响应规则类型。'."\n"
+ ."\n"
+ .'- preset:预定义'."\n"
+ .'- custom:自定义',
+ 'type' => 'string',
+ 'example' => 'custom',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'example' => '123456',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ 'errorCode' => 'InternalError',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\",\\n \\"Data\\": {\\n \\"PageInfo\\": {\\n \\"CurrentPage\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 100\\n },\\n \\"ResponseData\\": [\\n {\\n \\"Id\\": 123,\\n \\"GmtCreate\\": \\"2021-01-06 16:37:29\\",\\n \\"GmtModified\\": \\"2021-01-06 16:37:29\\",\\n \\"Aliuid\\": 0,\\n \\"SubUserId\\": 0,\\n \\"RuleName\\": \\"cfw kill quara book\\",\\n \\"AutoResponseType\\": \\"event\\",\\n \\"ExecutionCondition\\": \\"[{\\\\\\"left\\\\\\":{\\\\\\"value\\\\\\":\\\\\\"alert_name\\\\\\"},\\\\\\"operator\\\\\\":\\\\\\"containsString\\\\\\",\\\\\\"right\\\\\\":{\\\\\\"value\\\\\\":\\\\\\"webshell_online\\\\\\"}}]\\",\\n \\"ActionType\\": \\"doPlaybook,changeEventStatus\\",\\n \\"ActionConfig\\": \\"[\\\\n {\\\\n \\\\\\"actionType\\\\\\": \\\\\\"doPlaybook\\\\\\",\\\\n \\\\\\"playbookName\\\\\\": \\\\\\"WafBlockIP\\\\\\",\\\\n \\\\\\"playbookUuid\\\\\\": \\\\\\"bdad6220-6584-41b2-9704-fc6584568758\\\\\\"\\\\n }\\\\n]\\",\\n \\"Status\\": 0,\\n \\"DataType\\": 0,\\n \\"ResponseRuleType\\": \\"custom\\"\\n }\\n ]\\n }\\n}","type":"json"}]',
+ 'title' => '获取自动化响应规则列表',
+ ],
+ 'PostAutomateResponseConfig' => [
+ 'summary' => '添加或更新自动化响应规则。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'https',
+ 'http',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'create',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'Id',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '自动化响应配置规则ID。',
+ 'description' => '自动化响应配置规则ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '123',
+ ],
+ ],
+ [
+ 'name' => 'SubUserId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '规则创建用户ID。',
+ 'description' => '规则创建用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '17108579417****',
+ ],
+ ],
+ [
+ 'name' => 'RuleName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '自动化响应配置规则名称。',
+ 'description' => '自动化响应配置规则名称。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cfw kill quara book',
+ ],
+ ],
+ [
+ 'name' => 'AutoResponseType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '自动化响应类型。 取值:'."\n"
+ .'- event:事件'."\n"
+ .'- alert:告警',
+ 'description' => '自动化响应类型。取值:'."\n"
+ .'- **event**:事件'."\n"
+ .'- **alert**:告警',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'event',
+ ],
+ ],
+ [
+ 'name' => 'ExecutionCondition',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '自动化响应规则触发条件 json格式。',
+ 'description' => '自动化响应规则触发条件,JSON格式。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '[{"left":{"value":"alert_name"},"operator":"containsString","right":{"value":"webshell_online"}}]',
+ ],
+ ],
+ [
+ 'name' => 'ActionType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '处置动作类型 多个值以逗号分隔。 取值:'."\n"
+ .'- doPlaybook:执行剧本'."\n"
+ .'- changeEventStatus:更改事件状态'."\n"
+ .'- changeThreatLevel:更改事件威胁等级',
+ 'description' => '处置动作类型,多个值以逗号分隔。取值:'."\n"
+ .'- **doPlaybook**:执行剧本'."\n"
+ .'- **changeEventStatus**:更改事件状态'."\n"
+ .'- **changeThreatLevel**:更改事件威胁等级',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'doPlaybook,changeEventStatus',
+ ],
+ ],
+ [
+ 'name' => 'ActionConfig',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '自动化响应规则动作配置 json数组格式。',
+ 'description' => '自动化响应规则动作配置,JSON数组格式。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '['."\n"
+ .' {'."\n"
+ .' "actionType": "doPlaybook",'."\n"
+ .' "playbookName": "WafBlockIP",'."\n"
+ .' "playbookUuid": "bdad6220-6584-41b2-9704-fc6584568758"'."\n"
+ .' }'."\n"
+ .']',
+ ],
+ ],
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- **cn-hangzhou**:资产属于中国内地与中国香港'."\n"
+ .'- **ap-southeast-1**:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'BaseResponse<String>',
+ 'description' => 'BaseResponse<String>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'string',
+ 'example' => '123456',
+ ],
+ 'Success' => [
+ 'title' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'description' => '请求是否成功。取值:'."\n"
+ .'- **true**:成功'."\n"
+ .'- **false**:失败',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'Code' => [
+ 'title' => '请求状态码。',
+ 'description' => '请求状态码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '200',
+ ],
+ 'Message' => [
+ 'title' => '请求返回消息。',
+ 'description' => '请求返回消息。',
+ 'type' => 'string',
+ 'example' => 'success',
+ ],
+ 'RequestId' => [
+ 'title' => '请求id。',
+ 'description' => '请求ID。',
+ 'type' => 'string',
+ 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ 'errorCode' => 'InternalError',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": \\"123456\\",\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]',
+ 'title' => '添加或更新自动化响应规则',
+ ],
+ 'UpdateAutomateResponseConfigStatus' => [
+ 'summary' => '更新自动化响应规则状态。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'https',
+ 'http',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'update',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'Ids',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '自动响应规则id列表,json数组。',
+ 'description' => '自动响应规则ID列表,json数组。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '[123,345]',
+ ],
+ ],
+ [
+ 'name' => 'InUse',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '规则开启状态。 取值:'."\n"
+ .'- true:开启'."\n"
+ .'- false:关闭',
+ 'description' => '规则开启状态。 取值:'."\n"
+ .'- true:开启'."\n"
+ .'- false:关闭',
+ 'type' => 'boolean',
+ 'required' => false,
+ 'example' => 'true',
+ ],
+ ],
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'BaseResponse<String>',
+ 'description' => 'BaseResponse<String>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'string',
+ 'example' => '123456',
+ ],
+ 'Success' => [
+ 'title' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'description' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'Code' => [
+ 'title' => '请求状态码。',
+ 'description' => '请求状态码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '200',
+ ],
+ 'Message' => [
+ 'title' => '请求返回消息。',
+ 'description' => '请求返回消息。',
+ 'type' => 'string',
+ 'example' => 'success',
+ ],
+ 'RequestId' => [
+ 'title' => '请求id。',
+ 'description' => '请求ID。',
+ 'type' => 'string',
+ 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ 'errorCode' => 'InternalError',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": \\"123456\\",\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]',
+ 'title' => '更新自动化响应规则状态',
+ ],
+ 'ListDisposeStrategy' => [
+ 'summary' => '获取系统推荐处置策略列表。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'http',
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'read',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'list',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsasAFG0OH',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'SophonTaskId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '处置策略ID。',
+ 'description' => '安全编排与自动化响应处置策略ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'a50a49b7-6044-4593-ab15-2b46567c****',
+ ],
+ ],
+ [
+ 'name' => 'EntityIdentity',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '实体特征值,可以对处置实体进行模糊搜索。',
+ 'description' => '实体特征值,可以对处置实体进行模糊搜索。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'test22.php',
+ ],
+ ],
+ [
+ 'name' => 'EntityType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '剧本支持的实体类型。取值:'."\n"
+ .'- ip:ip'."\n"
+ .'- process:进程'."\n"
+ .'- file:文件',
+ 'description' => '实体类型。取值:'."\n"
+ .'- ip:ip'."\n"
+ .'- process:进程'."\n"
+ .'- file:文件',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'ip',
+ ],
+ ],
+ [
+ 'name' => 'PlaybookName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '剧本唯一标识名称。',
+ 'description' => '剧本唯一标识名称。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'WafBlockIP',
+ ],
+ ],
+ [
+ 'name' => 'PlaybookUuid',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '剧本UUID。',
+ 'description' => '剧本UUID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'system_aliyun_clb_process_book',
+ ],
+ ],
+ [
+ 'name' => 'PlaybookTypes',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '剧本类型。 取值:'."\n"
+ .'- system:手动处置'."\n"
+ .'- custom:事件触发剧本'."\n"
+ .'- custom_alert:告警触发剧本'."\n"
+ .'- soar-manual:手动运行剧本'."\n"
+ .'- soar-mdr:MDR运行剧本',
+ 'description' => '剧本类型。取值:'."\n"
+ .'- system:手动处置'."\n"
+ .'- custom:事件触发剧本'."\n"
+ .'- custom_alert:告警触发剧本'."\n"
+ .'- soar-manual:手动运行剧本'."\n"
+ .'- soar-mdr:MDR运行剧本',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'system',
+ ],
+ ],
+ [
+ 'name' => 'EffectiveStatus',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '策略状态。 取值:'."\n"
+ .'- 0:失效'."\n"
+ .'- 1:有效',
+ 'description' => '策略状态。取值:'."\n"
+ .'- 0:失效'."\n"
+ .'- 1:有效',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '0',
+ ],
+ ],
+ [
+ 'name' => 'OrderField',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '排序字段。 取值:'."\n"
+ .'- GmtModified:按更新时间排序'."\n"
+ .'- GmtCreate:按创建时间排序'."\n"
+ .'- FinishTime:按策略结束时间排序',
+ 'description' => '排序字段。取值:'."\n"
+ .'- GmtModified:按更新时间排序'."\n"
+ .'- GmtCreate:按创建时间排序'."\n"
+ .'- FinishTime:按策略结束时间排序',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'GmtModified',
+ ],
+ ],
+ [
+ 'name' => 'Order',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '排序方向。 取值:'."\n"
+ .'- desc:降序排列'."\n"
+ .'- asc:升序排列',
+ 'description' => '排序方向。取值:'."\n"
+ .'- desc:降序排列'."\n"
+ .'- asc:升序排列',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'desc',
+ ],
+ ],
+ [
+ 'name' => 'StartTime',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '查询开始时间, 单位毫秒。',
+ 'description' => '查询开始时间,单位毫秒。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => true,
+ 'example' => '1577808000000',
+ ],
+ ],
+ [
+ 'name' => 'EndTime',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '查询结束时间, 单位毫秒。',
+ 'description' => '查询结束时间,单位毫秒。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => true,
+ 'example' => '1577808000000',
+ ],
+ ],
+ [
+ 'name' => 'Status',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '处置策略状态。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '200',
+ ],
+ ],
+ [
+ 'name' => 'CurrentPage',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '列表当前页号, 大于等于1。',
+ 'description' => '列表当前页号,大于等于1。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => true,
+ 'minimum' => '1',
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'PageSize',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '列表每页条数, 最大不超过100。',
+ 'description' => '列表每页条数,最大不超过100。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => true,
+ 'maximum' => '100',
+ 'minimum' => '1',
+ 'example' => '10',
+ ],
+ ],
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '0,单账号登录;1,全局视图;2,切换视图;3,局部视图',
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的阿里云账号ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析与响应的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'IncidentUuid',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '事件ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '49670d3bbf7aa9556a2fff3dbaa9****',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'PageResponse<List<DisposeStrategy>>',
+ 'description' => 'PageResponse<List<DisposeStrategy>>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Success' => [
+ 'title' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'description' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'Code' => [
+ 'title' => '请求状态码。',
+ 'description' => '请求状态码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '200',
+ ],
+ 'Message' => [
+ 'title' => '请求返回消息。',
+ 'description' => '请求返回消息。',
+ 'type' => 'string',
+ 'example' => 'success',
+ ],
+ 'RequestId' => [
+ 'title' => '请求id。',
+ 'description' => '请求ID。',
+ 'type' => 'string',
+ 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****',
+ ],
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'object',
+ 'properties' => [
+ 'PageInfo' => [
+ 'title' => '分页记录。',
+ 'description' => '分页记录。',
+ 'type' => 'object',
+ 'properties' => [
+ 'CurrentPage' => [
+ 'title' => '列表当前页号。',
+ 'description' => '列表当前页号。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '1',
+ ],
+ 'PageSize' => [
+ 'title' => '每页返回记录数。',
+ 'description' => '每页返回记录数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '10',
+ ],
+ 'TotalCount' => [
+ 'title' => '记录总数。',
+ 'description' => '记录总数。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '100',
+ ],
+ ],
+ ],
+ 'ResponseData' => [
+ 'title' => '详细数据。',
+ 'description' => '详细数据。',
+ 'type' => 'array',
+ 'items' => [
+ 'type' => 'object',
+ 'properties' => [
+ 'Id' => [
+ 'title' => '策略ID。',
+ 'description' => '策略ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '123',
+ ],
+ 'GmtCreate' => [
+ 'title' => '创建时间。',
+ 'description' => '创建时间。',
+ 'type' => 'string',
+ 'example' => '2021-01-06 16:37:29',
+ ],
+ 'GmtModified' => [
+ 'title' => '修改时间。',
+ 'description' => '修改时间。',
+ 'type' => 'string',
+ 'example' => '2021-01-06 16:37:29',
+ ],
+ 'Aliuid' => [
+ 'title' => '策略关联siem主账号ID。',
+ 'description' => '策略关联SIEM主账号ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '127608589417****',
+ ],
+ 'SubAliuid' => [
+ 'title' => '配置策略阿里账号ID。',
+ 'description' => '配置策略阿里账号ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '176555323***',
+ ],
+ 'IncidentName' => [
+ 'title' => '事件名称。',
+ 'description' => '事件名称。',
+ 'type' => 'string',
+ 'example' => 'Multiple type of alerts, including Miner Network, Command line download and run malicious files, Backdoor Process, etc',
+ ],
+ 'Scope' => [
+ 'title' => '处置作用域。',
+ 'description' => '处置作用域。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '处置作用域。',
+ 'type' => 'any',
+ 'example' => '[{ aliUid: 176618589410**** }]',
+ ],
+ 'example' => '[{ aliUid: 1766185894104675 }]',
+ ],
+ 'IncidentUuid' => [
+ 'title' => '事件全局唯一ID。',
+ 'description' => '事件全局唯一UUID。',
+ 'type' => 'string',
+ 'example' => '85ea4241-798f-4684-a876-65d4f0c3****',
+ ],
+ 'AlertUuid' => [
+ 'title' => '告警ID。',
+ 'description' => '告警UUID。',
+ 'type' => 'string',
+ 'example' => 'sas_71e24437d2797ce8fc59692905a4****',
+ ],
+ 'SophonTaskId' => [
+ 'title' => 'soar处置策略ID。',
+ 'description' => '安全编排与自动化响应处置策略ID。',
+ 'type' => 'string',
+ 'example' => '577bbf90-a770-44a7-8154-586aa2d3****',
+ ],
+ 'PlaybookName' => [
+ 'title' => '剧本唯一标识名称。',
+ 'description' => '剧本唯一标识名称。',
+ 'type' => 'string',
+ 'example' => 'WafBlockIP',
+ ],
+ 'PlaybookUuid' => [
+ 'title' => '剧本UUID。',
+ 'description' => '剧本UUID。',
+ 'type' => 'string',
+ 'example' => 'system_aliyun_clb_process_book',
+ ],
+ 'PlaybookType' => [
+ 'title' => '剧本类型。 取值:'."\n"
+ .'- system:手动处置'."\n"
+ .'- custom:事件触发剧本'."\n"
+ .'- custom_alert:告警触发剧本'."\n"
+ .'- soar-manual:手动运行剧本'."\n"
+ .'- soar-mdr:MDR运行剧本',
+ 'description' => '剧本类型。取值:'."\n"
+ .'- system:手动处置'."\n"
+ .'- custom:事件触发剧本'."\n"
+ .'- custom_alert:告警触发剧本'."\n"
+ .'- soar-manual:手动运行剧本'."\n"
+ .'- soar-mdr:MDR运行剧本',
+ 'type' => 'string',
+ 'example' => 'system',
+ ],
+ 'TaskUrl' => [
+ 'title' => '剧本url',
+ 'description' => '剧本url。',
+ 'type' => 'string',
+ 'example' => '{"playbookUuid":"system_aliyun_aegis_stop_container_book","requestUuid":"e8924356-448b-4301-aee9-*******"}',
+ ],
+ 'EntityId' => [
+ 'title' => '实体ID。',
+ 'description' => '实体ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '123456789',
+ ],
+ 'Entity' => [
+ 'title' => '实体详情, json数组格式。',
+ 'description' => '实体详情,json数组格式。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '实体详情,json数组格式。',
+ 'type' => 'any',
+ 'example' => '[{"ip":"1.1.XX.XX"}]',
+ ],
+ 'example' => '[{"ip":"1.1.1.1"}]',
+ ],
+ 'EntityType' => [
+ 'title' => '实体类型。取值:'."\n"
+ .'- ip:ip'."\n"
+ .'- process:进程'."\n"
+ .'- file:文件',
+ 'description' => '实体类型。取值:'."\n"
+ .'- ip:ip'."\n"
+ .'- process:进程'."\n"
+ .'- file:文件',
+ 'type' => 'string',
+ 'example' => 'ip',
+ ],
+ 'TaskParam' => [
+ 'title' => '触发剧本参数, json格式。',
+ 'description' => '触发剧本参数,json格式。',
+ 'type' => 'string',
+ 'example' => '{'."\n"
+ .' "file": {'."\n"
+ .' "op_code": "2",'."\n"
+ .' "file_path": "/root/alert0913/a886.jsp",'."\n"
+ .' "entity_type": "file",'."\n"
+ .' "entity_name": "a886.jsp",'."\n"
+ .' "file_name": "a886.jsp",'."\n"
+ .' "file_owner": "USER:,GROUP:",'."\n"
+ .' "hash_value": "5def10c9a4287d0920d86b42420b20b0",'."\n"
+ .' "op_level": "2",'."\n"
+ .' "entity_id": "/root/alert0913/a886.jsp",'."\n"
+ .' "host_uuid": {'."\n"
+ .' "entity_type": "host",'."\n"
+ .' "entity_name": "N/A",'."\n"
+ .' "is_comprised": "1",'."\n"
+ .' "os_type": "linux",'."\n"
+ .' "entity_id": "5f58ef67-8803-4314-8d67-c87dc92b****",'."\n"
+ .' "host_uuid": "5f58ef67-8803-4314-8d67-c87dc92b****",'."\n"
+ .' "host_name": "N/A"'."\n"
+ .' },'."\n"
+ .' "malware_type": "${aliyun.siem.sas.alert_tag.webshell}"'."\n"
+ .' },'."\n"
+ .' "_sys_siem": {'."\n"
+ .' "cloudCode": "aliyun",'."\n"
+ .' "alertId": "89416745494****"'."\n"
+ .' },'."\n"
+ .' "scope": ['."\n"
+ .' {'."\n"
+ .' "aliUid": 1766185894104****'."\n"
+ .' }'."\n"
+ .' ]'."\n"
+ .'}',
+ ],
+ 'ErrorMessage' => [
+ 'title' => '任务的失败摘要信息。',
+ 'description' => '任务的失败摘要信息。',
+ 'type' => 'string',
+ 'example' => 'DisposalEntity failed which description is Aegis Quarantine File , return_info failed which description is Check Aegis Process Result , [ERROR DETAIL] *******.php:file not found',
+ ],
+ 'FinishTime' => [
+ 'title' => '任务的结束时间。',
+ 'description' => '任务的结束时间。',
+ 'type' => 'string',
+ 'example' => '2021-08-10 21:34:07',
+ ],
+ 'EffectiveStatus' => [
+ 'title' => '策略状态。 取值:'."\n"
+ .'- 0:失效'."\n"
+ .'- 1:有效',
+ 'description' => '策略状态。取值:'."\n"
+ .'- 0:失效'."\n"
+ .'- 1:有效',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '0',
+ ],
+ 'Status' => [
+ 'title' => '剧本调用状态。 取值:'."\n"
+ .'- 200:成功'."\n"
+ .'- 10:删除'."\n"
+ .'- 5:失败'."\n"
+ .'- 0:初始状态',
+ 'description' => '剧本调用状态。取值:'."\n"
+ .'- 200:成功'."\n"
+ .'- 10:删除'."\n"
+ .'- 5:失败'."\n"
+ .'- 0:初始状态',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '10',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'example' => '123456',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ 'errorCode' => 'InternalError',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\",\\n \\"Data\\": {\\n \\"PageInfo\\": {\\n \\"CurrentPage\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 100\\n },\\n \\"ResponseData\\": [\\n {\\n \\"Id\\": 123,\\n \\"GmtCreate\\": \\"2021-01-06 16:37:29\\",\\n \\"GmtModified\\": \\"2021-01-06 16:37:29\\",\\n \\"Aliuid\\": 0,\\n \\"SubAliuid\\": 0,\\n \\"IncidentName\\": \\"Multiple type of alerts, including Miner Network, Command line download and run malicious files, Backdoor Process, etc\\",\\n \\"Scope\\": [\\n \\"[{ aliUid: 176618589410**** }]\\"\\n ],\\n \\"IncidentUuid\\": \\"85ea4241-798f-4684-a876-65d4f0c3****\\",\\n \\"AlertUuid\\": \\"sas_71e24437d2797ce8fc59692905a4****\\",\\n \\"SophonTaskId\\": \\"577bbf90-a770-44a7-8154-586aa2d3****\\",\\n \\"PlaybookName\\": \\"WafBlockIP\\",\\n \\"PlaybookUuid\\": \\"system_aliyun_clb_process_book\\",\\n \\"PlaybookType\\": \\"system\\",\\n \\"TaskUrl\\": \\"{\\\\\\"playbookUuid\\\\\\":\\\\\\"system_aliyun_aegis_stop_container_book\\\\\\",\\\\\\"requestUuid\\\\\\":\\\\\\"e8924356-448b-4301-aee9-*******\\\\\\"}\\",\\n \\"EntityId\\": 123456789,\\n \\"Entity\\": [\\n \\"[{\\\\\\"ip\\\\\\":\\\\\\"1.1.XX.XX\\\\\\"}]\\"\\n ],\\n \\"EntityType\\": \\"ip\\",\\n \\"TaskParam\\": \\"{\\\\n \\\\\\"file\\\\\\": {\\\\n \\\\\\"op_code\\\\\\": \\\\\\"2\\\\\\",\\\\n \\\\\\"file_path\\\\\\": \\\\\\"/root/alert0913/a886.jsp\\\\\\",\\\\n \\\\\\"entity_type\\\\\\": \\\\\\"file\\\\\\",\\\\n \\\\\\"entity_name\\\\\\": \\\\\\"a886.jsp\\\\\\",\\\\n \\\\\\"file_name\\\\\\": \\\\\\"a886.jsp\\\\\\",\\\\n \\\\\\"file_owner\\\\\\": \\\\\\"USER:,GROUP:\\\\\\",\\\\n \\\\\\"hash_value\\\\\\": \\\\\\"5def10c9a4287d0920d86b42420b20b0\\\\\\",\\\\n \\\\\\"op_level\\\\\\": \\\\\\"2\\\\\\",\\\\n \\\\\\"entity_id\\\\\\": \\\\\\"/root/alert0913/a886.jsp\\\\\\",\\\\n \\\\\\"host_uuid\\\\\\": {\\\\n \\\\\\"entity_type\\\\\\": \\\\\\"host\\\\\\",\\\\n \\\\\\"entity_name\\\\\\": \\\\\\"N/A\\\\\\",\\\\n \\\\\\"is_comprised\\\\\\": \\\\\\"1\\\\\\",\\\\n \\\\\\"os_type\\\\\\": \\\\\\"linux\\\\\\",\\\\n \\\\\\"entity_id\\\\\\": \\\\\\"5f58ef67-8803-4314-8d67-c87dc92b****\\\\\\",\\\\n \\\\\\"host_uuid\\\\\\": \\\\\\"5f58ef67-8803-4314-8d67-c87dc92b****\\\\\\",\\\\n \\\\\\"host_name\\\\\\": \\\\\\"N/A\\\\\\"\\\\n },\\\\n \\\\\\"malware_type\\\\\\": \\\\\\"${aliyun.siem.sas.alert_tag.webshell}\\\\\\"\\\\n },\\\\n \\\\\\"_sys_siem\\\\\\": {\\\\n \\\\\\"cloudCode\\\\\\": \\\\\\"aliyun\\\\\\",\\\\n \\\\\\"alertId\\\\\\": \\\\\\"89416745494****\\\\\\"\\\\n },\\\\n \\\\\\"scope\\\\\\": [\\\\n {\\\\n \\\\\\"aliUid\\\\\\": 1766185894104****\\\\n }\\\\n ]\\\\n}\\",\\n \\"ErrorMessage\\": \\"DisposalEntity failed which description is Aegis Quarantine File , return_info failed which description is Check Aegis Process Result , [ERROR DETAIL] *******.php:file not found\\",\\n \\"FinishTime\\": \\"2021-08-10 21:34:07\\",\\n \\"EffectiveStatus\\": 0,\\n \\"Status\\": 10\\n }\\n ]\\n }\\n}","type":"json"}]',
+ 'title' => '获取处置策略列表',
+ ],
+ 'DescribeDisposeStrategyPlaybook' => [
+ 'summary' => '获取处置策略使用的剧本列表。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'https',
+ 'http',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'get',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'StartTime',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '查询开始时间, 单位毫秒。',
+ 'description' => '查询开始时间, 单位毫秒。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => true,
+ 'example' => '1577808000000',
+ ],
+ ],
+ [
+ 'name' => 'EndTime',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '查询结束时间, 单位毫秒。',
+ 'description' => '查询结束时间, 单位毫秒。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => true,
+ 'example' => '1577808000000',
+ ],
+ ],
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'BaseResponse<List<StrategyPlaybookList>>',
+ 'description' => 'BaseResponse<List<StrategyPlaybookList>>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'array',
+ 'items' => [
+ 'type' => 'object',
+ 'properties' => [
+ 'PlaybookName' => [
+ 'title' => '剧本唯一标识名称。',
+ 'description' => '剧本唯一标识名称。',
+ 'type' => 'string',
+ 'example' => 'WafBlockIP',
+ ],
+ 'PlaybookUuid' => [
+ 'title' => '剧本UUID。',
+ 'description' => '剧本UUID。',
+ 'type' => 'string',
+ 'example' => 'system_aliyun_clb_process_book',
+ ],
+ ],
+ ],
+ 'example' => '123456',
+ ],
+ 'Success' => [
+ 'title' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'description' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'Code' => [
+ 'title' => '请求状态码。',
+ 'description' => '请求状态码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '200',
+ ],
+ 'Message' => [
+ 'title' => '请求返回消息。',
+ 'description' => '请求返回消息。',
+ 'type' => 'string',
+ 'example' => 'success',
+ ],
+ 'RequestId' => [
+ 'title' => '请求id。',
+ 'description' => '请求ID。',
+ 'type' => 'string',
+ 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ 'errorCode' => 'InternalError',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"PlaybookName\\": \\"WafBlockIP\\",\\n \\"PlaybookUuid\\": \\"system_aliyun_clb_process_book\\"\\n }\\n ],\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]',
+ 'title' => '获取处置策略使用的剧本列表',
+ ],
+ 'RestoreCapacity' => [
+ 'summary' => '释放存储空间,降低存储使用量,注意,该操作不可逆,存在数据丢失的风险,谨慎使用。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'http',
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'update',
+ 'abilityTreeCode' => '173446',
+ 'abilityTreeNodes' => [
+ 'FEATUREsasRXJ9SY',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港,选择该项。'."\n"
+ .'- ap-southeast-1:资产属于海外地域,选择该项。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'CloudSiemSuccessResponse<Boolean>',
+ 'description' => 'CloudSiemResponse<Boolean>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '是否已经发送清空指令。取值:'."\n"
+ .'- true:已经发送清空命令,正在清理中'."\n"
+ .'- false:发送失败',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'RequestId' => [
+ 'title' => '请求消息ID。',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-58D4-55B2-87B9-74D413F7****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorCode' => 'InternalError',
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ ],
+ ],
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": true,\\n \\"RequestId\\": \\"6276D891-58D4-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]',
+ 'title' => '置空已有的存储',
+ ],
+ 'GetCapacity' => [
+ 'summary' => '获取当前威胁分析存储的使用量以及预付费的购买量,单位为GB。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'http',
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'read',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'get',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeCode' => '155452',
+ 'abilityTreeNodes' => [
+ 'FEATUREsasRXJ9SY',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港,选择该项。'."\n"
+ .'- ap-southeast-1:资产属于海外地域,选择该项。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'CloudSiemSuccessResponse<CloudSiemCapacityResponse>',
+ 'description' => 'CloudSiemResponse<CloudSiemCapacityResponse>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '容量明细。',
+ 'type' => 'object',
+ 'properties' => [
+ 'UsedCapacity' => [
+ 'title' => '威胁分析当前计费容量。',
+ 'description' => '威胁分析当前计费容量(GB)。',
+ 'type' => 'number',
+ 'format' => 'double',
+ 'example' => '10',
+ ],
+ 'PreservedCapacity' => [
+ 'title' => '威胁分析用户购买容量。',
+ 'description' => '威胁分析用户购买容量(GB)。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '9000',
+ ],
+ 'ExistLogStore' => [
+ 'title' => '威胁分析用户侧LogStore是否存在,默认true。取值:'."\n"
+ .'- true:当前日志正常,日志分析可用'."\n"
+ .'- false:当前正在清理日志,日志分析不可用',
+ 'description' => '威胁分析用户侧LogStore是否存在。取值:'."\n"
+ .'- true:当前日志正常,日志分析可用'."\n"
+ .'- false:当前正在清理日志,日志分析不可用',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'AgentManagedAssetQuota' => [
+ 'title' => 'Agent调用实例量已购额度',
+ 'description' => 'Agent调用实例量已购额度',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '1',
+ ],
+ 'AgentManagedAssetUsed' => [
+ 'title' => 'Agent调用实例量已用量',
+ 'description' => 'Agent调用实例量已用量',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '1',
+ ],
+ ],
+ ],
+ 'RequestId' => [
+ 'title' => '请求消息ID。',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '27D27DCB-D76B-5064-8B3B-0900DEF7****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorCode' => 'InternalError',
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ ],
+ [
+ 'errorCode' => 'Siem.Storage.Exception',
+ 'errorMessage' => 'The request timed out, try again.',
+ ],
+ ],
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"UsedCapacity\\": 10,\\n \\"PreservedCapacity\\": 9000,\\n \\"ExistLogStore\\": true,\\n \\"AgentManagedAssetQuota\\": 1,\\n \\"AgentManagedAssetUsed\\": 1\\n },\\n \\"RequestId\\": \\"27D27DCB-D76B-5064-8B3B-0900DEF7****\\"\\n}","type":"json"}]',
+ 'title' => '获取当前企业威胁分析存储的使用量及购买量',
+ ],
+ 'SetStorage' => [
+ 'summary' => '保存用户设置的存储天数,存储地域(region)等信息。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'http',
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'update',
+ 'abilityTreeCode' => '179221',
+ 'abilityTreeNodes' => [
+ 'FEATUREsasRXJ9SY',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'Ttl',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '日志存储天数,默认180天。该值最小设置为30天,最大不能超过3000天。',
+ 'description' => '日志存储天数,默认180天。该值最小设置为30天,最大不能超过3000天。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => true,
+ 'example' => '180',
+ ],
+ ],
+ [
+ 'name' => 'Region',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '日志存储地域。',
+ 'description' => '日志存储地域。'."\n"
+ ."\n"
+ .'数据管理中心所在地为**cn-hangzhou**时,**Region**默认为上海(cn-shanghai);数据管理中心所在地为**ap-southeast-1**时,**Region**默认为新加坡(ap-southeast-1)。'."\n"
+ ."\n"
+ .'不可以修改日志存储地域。如需修改,请联系威胁分析的运营人员。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-shanghai',
+ ],
+ ],
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港,选择该项。'."\n"
+ .'- ap-southeast-1:资产属于海外地域,选择该项。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'CloudSiemSuccessResponse<Boolean>',
+ 'description' => 'CloudSiemResponse<Boolean>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '是否保存成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'RequestId' => [
+ 'title' => '请求消息ID。',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-58D4-55B2-87B9-74D413F7****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'Siem.TTL.Limit',
+ 'errorMessage' => 'TTL should be set 30 days at least',
+ ],
+ ],
+ 500 => [
+ [
+ 'errorCode' => 'InternalError',
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ ],
+ ],
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": true,\\n \\"RequestId\\": \\"6276D891-58D4-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]',
+ 'title' => '保存用户设置的存储信息',
+ ],
+ 'DescribeStorage' => [
+ 'summary' => '判断威胁分析用户的存储(用户侧日志服务中LogStore)是否正常。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'http',
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'get',
+ 'abilityTreeCode' => '190429',
+ 'abilityTreeNodes' => [
+ 'FEATUREsasRXJ9SY',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '137820528780****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港,选择该项。'."\n"
+ .'- ap-southeast-1:资产属于海外地域,选择该项。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'CloudSiemSuccessResponse<Boolean>',
+ 'description' => 'CloudSiemResponse<Boolean>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '用户的日志服务中是否存在威胁分析服务创建的Project和LogStore。取值:'."\n"
+ .'- true:存在'."\n"
+ .'- false:不存在',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'RequestId' => [
+ 'title' => '请求消息ID。',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => 'CCEEE128-6607-503E-AAA6-C5E57D94****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorCode' => 'InternalError',
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ ],
+ [
+ 'errorCode' => 'SLS.Operation.Error',
+ 'errorMessage' => 'SLS service is unavailable!',
+ ],
+ ],
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": true,\\n \\"RequestId\\": \\"CCEEE128-6607-503E-AAA6-C5E57D94****\\"\\n}","type":"json"}]',
+ 'title' => '判断威胁分析用户的存储是否存在',
+ ],
+ 'GetStorage' => [
+ 'summary' => '获取威胁分析与响应产品在用户SLS中创建的存储设置,包含存储天数、存储地域等信息。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'http',
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'read',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'get',
+ 'abilityTreeCode' => '179222',
+ 'abilityTreeNodes' => [
+ 'FEATUREsasRXJ9SY',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '127XXXX',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港,选择该项。'."\n"
+ .'- ap-southeast-1:资产属于海外地域,选择该项。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'CloudSiemSuccessResponse<CloudSiemStorageResponse>',
+ 'description' => 'CloudSiemResponse<CloudSiemStorageResponse>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '存储具体信息。',
+ 'type' => 'object',
+ 'properties' => [
+ 'Ttl' => [
+ 'title' => '存储天数。',
+ 'description' => '设置的存储天数,默认是180天。该值最小设置为30天,最大设置为3000天。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '180',
+ ],
+ 'Region' => [
+ 'title' => '存储地域(region)。',
+ 'description' => '存储地域。'."\n"
+ ."\n"
+ .'数据管理中心所在地为**cn-hangzhou**时,**Region**默认为上海(cn-shanghai);数据管理中心所在地为**ap-southeast-1**时,**Region**默认为新加坡(ap-southeast-1)。',
+ 'type' => 'string',
+ 'example' => 'cn-shanghai',
+ ],
+ 'DisplayRegion' => [
+ 'title' => '是否拥有修改存储地域的权限,默认值false。取值:'."\n"
+ .'- true:拥有修改存储地域的权限'."\n"
+ .'- false:不拥有修改存储地域的权限',
+ 'description' => '是否拥有修改存储地域的权限,默认值false。取值:'."\n"
+ .'- true:拥有修改存储地域的权限'."\n"
+ .'- false:不拥有修改存储地域的权限',
+ 'type' => 'boolean',
+ 'example' => 'false',
+ ],
+ 'CanOperate' => [
+ 'title' => '当前是否可以操作存储地域(存储地域仅能操作一次),默认值false。取值:'."\n"
+ .'- true:可以修改存储地域'."\n"
+ .'- false:不可以修改存储地域',
+ 'description' => '当前是否可以操作存储地域(存储地域仅能操作一次),默认值false。取值:'."\n"
+ .'- true:可以修改存储地域'."\n"
+ .'- false:不可以修改存储地域',
+ 'type' => 'boolean',
+ 'example' => 'false',
+ ],
+ ],
+ ],
+ 'RequestId' => [
+ 'title' => '请求消息ID。',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '97A31C3A-3F9F-5866-8979-5159E3DC****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorCode' => 'InternalError',
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ ],
+ ],
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"Ttl\\": 180,\\n \\"Region\\": \\"cn-shanghai\\",\\n \\"DisplayRegion\\": false,\\n \\"CanOperate\\": false\\n },\\n \\"RequestId\\": \\"97A31C3A-3F9F-5866-8979-5159E3DC****\\"\\n}","type":"json"}]',
+ 'title' => '获取设置的存储信息',
+ ],
+ 'ListDelivery' => [
+ 'summary' => '查看整个企业或者普通成员接入威胁分析的产品、日志列表,以及这些日志的数据投递情况。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'http',
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'list',
+ 'abilityTreeCode' => '155305',
+ 'abilityTreeNodes' => [
+ 'FEATUREsasRXJ9SY',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港,选择该项。'."\n"
+ .'- ap-southeast-1:资产属于海外地域,选择该项。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'CloudSiemSuccessResponse<CloudSiemAnalyzeResponse>',
+ 'description' => 'BaseResponse<CloudSiemAnalyzeResponse>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '返回的详细内容。',
+ 'type' => 'object',
+ 'properties' => [
+ 'ProjectName' => [
+ 'title' => '威胁分析用户侧日志服务Project名字,格式:aliyun-cloudsiem-data-${aliUid}-${region}。',
+ 'description' => '威胁分析用户侧日志服务Project名字,格式:aliyun-cloudsiem-data-${aliUid}-${region}。',
+ 'type' => 'string',
+ 'example' => 'aliyun-cloudsiem-data-127608589417****-cn-shanghai',
+ ],
+ 'LogStoreName' => [
+ 'title' => '威胁分析用户侧LogStore的名字,格式:cloud_siem。',
+ 'description' => '威胁分析用户侧LogStore的名字,格式:cloud_siem。',
+ 'type' => 'string',
+ 'example' => 'cloud-siem',
+ ],
+ 'SearchUrl' => [
+ 'title' => '日志分析页面中查询分析的URL。',
+ 'description' => '日志分析页面中查询分析的URL。',
+ 'type' => 'string',
+ 'example' => 'https://sls4service.console.aliyun.com/lognext/project/aliyun-cloudsiem-data-127608589417****-cn-shanghai'."\n"
+ .'/logsearch/cloud-siem?isShare=true&hideTopbar=true&hideSidebar=true&ignoreTabLocalStorage=true',
+ ],
+ 'DashboardUrl' => [
+ 'title' => '日志分析页面中报表展示的URL。',
+ 'description' => '日志分析页面中报表展示的URL。',
+ 'type' => 'string',
+ 'example' => 'https://sls4service.console.aliyun.com/lognext/project/aliyun-cloudsiem-data-127608589417****-cn-shanghai'."\n"
+ .'/dashboard/cloud-siem?isShare=true&hideTopbar=true&hideSidebar=true&ignoreTabLocalStorage=true',
+ ],
+ 'DisplaySwitchOrNot' => [
+ 'title' => '是否展示投递开关,默认true,取值:'."\n"
+ .'- true:显示投递开关'."\n"
+ .'- false:隐藏投递开关',
+ 'description' => '是否展示投递开关,默认true,取值:'."\n"
+ .'- true:显示投递开关'."\n"
+ .'- false:隐藏投递开关',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'ProductList' => [
+ 'title' => '接入的产品列表。',
+ 'description' => '产品列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '接入的产品列表。',
+ 'type' => 'object',
+ 'properties' => [
+ 'ProductCode' => [
+ 'title' => '云产品编码。取值:'."\n"
+ .'- qcloud_waf'."\n"
+ .'- qlcoud_cfw'."\n"
+ .'- hcloud_waf'."\n"
+ .'- hcloud_cfw'."\n"
+ .'- ddos'."\n"
+ .'- sas'."\n"
+ .'- cfw'."\n"
+ .'- config'."\n"
+ .'- csk'."\n"
+ .'- fc'."\n"
+ .'- rds'."\n"
+ .'- nas'."\n"
+ .'- apigateway'."\n"
+ .'- cdn'."\n"
+ .'- mongodb'."\n"
+ .'- eip'."\n"
+ .'- slb'."\n"
+ .'- vpc'."\n"
+ .'- actiontrail'."\n"
+ .'- waf'."\n"
+ .'- bastionhost'."\n"
+ .'- oss'."\n"
+ .'- polardb',
+ 'description' => '云产品编码。取值:'."\n"
+ .'- qcloud_waf'."\n"
+ .'- qlcoud_cfw'."\n"
+ .'- hcloud_waf'."\n"
+ .'- hcloud_cfw'."\n"
+ .'- ddos'."\n"
+ .'- sas'."\n"
+ .'- cfw'."\n"
+ .'- config'."\n"
+ .'- csk'."\n"
+ .'- fc'."\n"
+ .'- rds'."\n"
+ .'- nas'."\n"
+ .'- apigateway'."\n"
+ .'- cdn'."\n"
+ .'- mongodb'."\n"
+ .'- eip'."\n"
+ .'- slb'."\n"
+ .'- vpc'."\n"
+ .'- actiontrail'."\n"
+ .'- waf'."\n"
+ .'- bastionhost'."\n"
+ .'- oss'."\n"
+ .'- polardb',
+ 'type' => 'string',
+ 'example' => 'sas',
+ ],
+ 'ProductName' => [
+ 'title' => '所属厂商名称',
+ 'description' => '该参数已废弃,无需关注。',
+ 'type' => 'string',
+ 'example' => 'Security Center',
+ ],
+ 'LogMap' => [
+ 'title' => '存在日志分类的日志列表',
+ 'description' => '存在日志分类的日志列表,比如云安全中心,存在主机、网络等分组,分组信息为key,分组所包含的日志为value。',
+ 'type' => 'object',
+ 'additionalProperties' => [
+ 'type' => 'array',
+ 'items' => [
+ 'type' => 'object',
+ 'properties' => [
+ 'LogCode' => [
+ 'title' => '日志编码。',
+ 'type' => 'string',
+ 'example' => 'cloud_siem_config_log',
+ 'description' => '日志编码。',
+ ],
+ 'LogName' => [
+ 'title' => '日志中文名字。',
+ 'type' => 'string',
+ 'description' => '该参数已废弃,无需关注。',
+ 'example' => 'audit log',
+ ],
+ 'LogNameEn' => [
+ 'title' => '日志英文名字。',
+ 'type' => 'string',
+ 'example' => 'audit log',
+ 'description' => '该参数已废弃,无需关注。',
+ ],
+ 'LogNameKey' => [
+ 'title' => '日志语言编码,用于进行多语言名字的展示。',
+ 'type' => 'string',
+ 'example' => '${sas.cloudsiem.prod.cloud_siem_aegis_crack_from_beaver}',
+ 'description' => '日志语言编码,用于进行多语言名字的展示。',
+ ],
+ 'Status' => [
+ 'title' => '日志投递状态。',
+ 'type' => 'boolean',
+ 'description' => '日志投递状态。取值:'."\n"
+ .'- true:正在投递 '."\n"
+ .'- false:投递被关闭',
+ 'example' => 'true',
+ ],
+ 'CanOperateOrNot' => [
+ 'title' => '是否可以操作投递开关。',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ 'description' => '是否可以操作日志投递开关,日志投递开关只限于威胁分析委派管理员进行操作。取值:'."\n"
+ .'- true:可以操作 '."\n"
+ .'- false:不可以操作',
+ ],
+ 'Topic' => [
+ 'title' => '日志在用户侧存储的Topic。',
+ 'type' => 'string',
+ 'description' => '日志在LogStore中的Topic,是LogStore的索引字段,通过该字段,能够区分不同的日志。',
+ 'example' => 'sas_login_event',
+ ],
+ 'ExtraParameters' => [
+ 'title' => '扩展参数。',
+ 'type' => 'array',
+ 'items' => [
+ 'type' => 'object',
+ 'properties' => [
+ 'Key' => [
+ 'type' => 'string',
+ 'example' => 'flag',
+ 'description' => '扩展参数标识。',
+ ],
+ 'Value' => [
+ 'type' => 'string',
+ 'example' => 'value',
+ 'description' => '扩展参数值。',
+ ],
+ ],
+ 'description' => '日志描述的附加参数。',
+ ],
+ 'description' => '扩展参数。',
+ ],
+ ],
+ 'description' => '日志详情。',
+ ],
+ 'description' => '分组包含的日志列表。',
+ ],
+ ],
+ 'LogList' => [
+ 'title' => '不存在日志分类的日志列表',
+ 'description' => '没有更细分类的云产品。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '日志详情。',
+ 'type' => 'object',
+ 'properties' => [
+ 'LogCode' => [
+ 'title' => '日志编码。',
+ 'description' => '日志编码。',
+ 'type' => 'string',
+ 'example' => 'cloud_siem_config_log',
+ ],
+ 'LogName' => [
+ 'title' => '日志中文名字。',
+ 'description' => '该参数已废弃,无需关注。',
+ 'type' => 'string',
+ 'example' => 'audit log',
+ ],
+ 'LogNameEn' => [
+ 'title' => '日志英文名字。',
+ 'description' => '该参数已废弃,无需关注。',
+ 'type' => 'string',
+ 'example' => 'audit log'."\n",
+ ],
+ 'LogNameKey' => [
+ 'title' => '日志语言编码,用于进行多语言名字的展示。',
+ 'description' => '日志语言编码,用于进行多语言名字的展示。',
+ 'type' => 'string',
+ 'example' => '${sas.cloudsiem.prod.cloud_siem_aegis_crack_from_beaver}',
+ ],
+ 'Status' => [
+ 'title' => '日志投递状态。',
+ 'description' => '日志投递状态。取值:'."\n"
+ .'- true:正在投递 '."\n"
+ .'- false:投递被关闭',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'CanOperateOrNot' => [
+ 'title' => '是否可以操作投递开关。',
+ 'description' => '是否可以操作日志投递开关,日志投递开关只限于威胁分析委派管理员进行操作。取值:'."\n"
+ .'- true:可以操作'."\n"
+ .'- false:不可以操作',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'Topic' => [
+ 'title' => '日志在用户侧存储的Topic。',
+ 'description' => '日志在LogStore中的Topic,是LogStore的索引字段,通过该字段,能够区分不同的日志。',
+ 'type' => 'string',
+ 'example' => 'sas_login_event',
+ ],
+ 'ExtraParameters' => [
+ 'title' => '扩展参数。',
+ 'description' => '扩展参数。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '日志描述的附加参数。',
+ 'type' => 'object',
+ 'properties' => [
+ 'Key' => [
+ 'description' => '扩展参数标识。',
+ 'type' => 'string',
+ 'example' => 'flag',
+ ],
+ 'Value' => [
+ 'description' => '扩展参数值。',
+ 'type' => 'string',
+ 'example' => 'value',
+ ],
+ ],
+ ],
+ ],
+ ],
+ ],
+ ],
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'RequestId' => [
+ 'title' => '请求消息ID。',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-58D4-55B2-87B9-74D413F7****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorCode' => 'InternalError',
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ ],
+ [
+ 'errorCode' => 'SLS.Sls4Service.Error',
+ 'errorMessage' => 'The Simple Log Service about embedding console pages is unavailable.',
+ ],
+ ],
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"ProjectName\\": \\"aliyun-cloudsiem-data-127608589417****-cn-shanghai\\",\\n \\"LogStoreName\\": \\"cloud-siem\\",\\n \\"SearchUrl\\": \\"https://sls4service.console.aliyun.com/lognext/project/aliyun-cloudsiem-data-127608589417****-cn-shanghai\\\\n/logsearch/cloud-siem?isShare=true&hideTopbar=true&hideSidebar=true&ignoreTabLocalStorage=true\\",\\n \\"DashboardUrl\\": \\"https://sls4service.console.aliyun.com/lognext/project/aliyun-cloudsiem-data-127608589417****-cn-shanghai\\\\n/dashboard/cloud-siem?isShare=true&hideTopbar=true&hideSidebar=true&ignoreTabLocalStorage=true\\",\\n \\"DisplaySwitchOrNot\\": true,\\n \\"ProductList\\": [\\n {\\n \\"ProductCode\\": \\"sas\\",\\n \\"ProductName\\": \\"Security Center\\",\\n \\"LogMap\\": {\\n \\"key\\": [\\n {\\n \\"LogCode\\": \\"cloud_siem_config_log\\",\\n \\"LogName\\": \\"audit log\\",\\n \\"LogNameEn\\": \\"audit log\\",\\n \\"LogNameKey\\": \\"${sas.cloudsiem.prod.cloud_siem_aegis_crack_from_beaver}\\",\\n \\"Status\\": true,\\n \\"CanOperateOrNot\\": true,\\n \\"Topic\\": \\"sas_login_event\\",\\n \\"ExtraParameters\\": [\\n {\\n \\"Key\\": \\"flag\\",\\n \\"Value\\": \\"value\\"\\n }\\n ]\\n }\\n ]\\n },\\n \\"LogList\\": [\\n {\\n \\"LogCode\\": \\"cloud_siem_config_log\\",\\n \\"LogName\\": \\"audit log\\",\\n \\"LogNameEn\\": \\"audit log\\\\n\\",\\n \\"LogNameKey\\": \\"${sas.cloudsiem.prod.cloud_siem_aegis_crack_from_beaver}\\",\\n \\"Status\\": true,\\n \\"CanOperateOrNot\\": true,\\n \\"Topic\\": \\"sas_login_event\\",\\n \\"ExtraParameters\\": [\\n {\\n \\"Key\\": \\"flag\\",\\n \\"Value\\": \\"value\\"\\n }\\n ]\\n }\\n ]\\n }\\n ]\\n },\\n \\"RequestId\\": \\"6276D891-58D4-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]',
+ 'title' => '展示接入威胁分析的日志投递状态',
+ ],
+ 'OpenDelivery' => [
+ 'summary' => '开通已经接入产品日志的投递。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'http',
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'write',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'create',
+ 'riskType' => 'none',
+ 'chargeType' => 'paid',
+ 'abilityTreeCode' => '154876',
+ 'abilityTreeNodes' => [
+ 'FEATUREsasRXJ9SY',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'ProductCode',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '云产品的编码。取值:'."\n"
+ .'- qcloud_waf'."\n"
+ .'- qlcoud_cfw'."\n"
+ .'- hcloud_waf'."\n"
+ .'- hcloud_cfw'."\n"
+ .'- ddos'."\n"
+ .'- sas'."\n"
+ .'- cfw'."\n"
+ .'- config'."\n"
+ .'- csk'."\n"
+ .'- fc'."\n"
+ .'- rds'."\n"
+ .'- nas'."\n"
+ .'- apigateway'."\n"
+ .'- cdn'."\n"
+ .'- mongodb'."\n"
+ .'- eip'."\n"
+ .'- slb'."\n"
+ .'- vpc'."\n"
+ .'- actiontrail'."\n"
+ .'- waf'."\n"
+ .'- bastionhost'."\n"
+ .'- oss'."\n"
+ .'- polardb',
+ 'description' => '云产品的编码。取值:'."\n"
+ .'- qcloud_waf'."\n"
+ .'- qlcoud_cfw'."\n"
+ .'- hcloud_waf'."\n"
+ .'- hcloud_cfw'."\n"
+ .'- ddos'."\n"
+ .'- sas'."\n"
+ .'- cfw'."\n"
+ .'- config'."\n"
+ .'- csk'."\n"
+ .'- fc'."\n"
+ .'- rds'."\n"
+ .'- nas'."\n"
+ .'- apigateway'."\n"
+ .'- cdn'."\n"
+ .'- mongodb'."\n"
+ .'- eip'."\n"
+ .'- slb'."\n"
+ .'- vpc'."\n"
+ .'- actiontrail'."\n"
+ .'- waf'."\n"
+ .'- bastionhost'."\n"
+ .'- oss'."\n"
+ .'- polardb',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'cfw',
+ ],
+ ],
+ [
+ 'name' => 'LogCode',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '云产品下的日志code,比如云安全中心的进程日志,取值参考ListDelivery的返回值。',
+ 'description' => '云产品下的日志code,比如云安全中心的进程日志,非必填,缺失时表示云产品下的所有日志的操作。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cloud_siem_cfw_flow',
+ ],
+ ],
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港,选择该项。'."\n"
+ .'- ap-southeast-1:资产属于海外地域,选择该项。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'CloudSiemSuccessResponse<Boolean>',
+ 'description' => 'CloudSiemResponse<Boolean>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '开通日志投递是否成功,取值:'."\n"
+ .'- true:开通成功'."\n"
+ .'- false:开通失败',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'RequestId' => [
+ 'title' => '请求消息ID。',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '15FD134E-D69B-51E8-B052-73F97BD8****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'Siem.Delivery.MissingProductCode',
+ 'errorMessage' => 'ProductCode is mandatory for this action.',
+ ],
+ ],
+ 500 => [
+ [
+ 'errorCode' => 'InternalError',
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ ],
+ [
+ 'errorCode' => 'Siem.Delivery.ErrorMapping',
+ 'errorMessage' => 'The Mapping between productCode and logCode is error.',
+ ],
+ [
+ 'errorCode' => 'Siem.Delivery.ErrorProductCode',
+ 'errorMessage' => 'ProductCode is error for this action.',
+ ],
+ [
+ 'errorCode' => 'SLS.Ship.Error',
+ 'errorMessage' => 'The Simple Log Service about data shipping is unavailable.',
+ ],
+ ],
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": true,\\n \\"RequestId\\": \\"15FD134E-D69B-51E8-B052-73F97BD8****\\"\\n}","type":"json"}]',
+ 'title' => '开通日志的投递',
+ ],
+ 'CloseDelivery' => [
+ 'summary' => '关闭某个已经接入的云产品日志的投递,关闭后用户侧的LogStore里不再有对应日志的新内容。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'http',
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'readAndWrite',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'update',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeCode' => '154877',
+ 'abilityTreeNodes' => [
+ 'FEATUREsasRXJ9SY',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'ProductCode',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '云产品的编码。取值:'."\n"
+ .'- qcloud_waf'."\n"
+ .'- qlcoud_cfw'."\n"
+ .'- hcloud_waf'."\n"
+ .'- hcloud_cfw'."\n"
+ .'- ddos'."\n"
+ .'- sas'."\n"
+ .'- cfw'."\n"
+ .'- config'."\n"
+ .'- csk'."\n"
+ .'- fc'."\n"
+ .'- rds'."\n"
+ .'- nas'."\n"
+ .'- apigateway'."\n"
+ .'- cdn'."\n"
+ .'- mongodb'."\n"
+ .'- eip'."\n"
+ .'- slb'."\n"
+ .'- vpc'."\n"
+ .'- actiontrail'."\n"
+ .'- waf'."\n"
+ .'- bastionhost'."\n"
+ .'- oss'."\n"
+ .'- polardb',
+ 'description' => '云产品的编码。取值:'."\n"
+ .'- qcloud_waf'."\n"
+ .'- qlcoud_cfw'."\n"
+ .'- hcloud_waf'."\n"
+ .'- hcloud_cfw'."\n"
+ .'- ddos'."\n"
+ .'- sas'."\n"
+ .'- cfw'."\n"
+ .'- config'."\n"
+ .'- csk'."\n"
+ .'- fc'."\n"
+ .'- rds'."\n"
+ .'- nas'."\n"
+ .'- apigateway'."\n"
+ .'- cdn'."\n"
+ .'- mongodb'."\n"
+ .'- eip'."\n"
+ .'- slb'."\n"
+ .'- vpc'."\n"
+ .'- actiontrail'."\n"
+ .'- waf'."\n"
+ .'- bastionhost'."\n"
+ .'- oss'."\n"
+ .'- polardb',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'sas',
+ ],
+ ],
+ [
+ 'name' => 'LogCode',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '云产品下的日志code,比如云安全中心的进程日志,取值参考ListDelivery的返回值。',
+ 'description' => '云产品下的日志code,比如云安全中心的进程日志,取值参考ListDelivery的返回值。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cloud_siem_aegis_proc',
+ ],
+ ],
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港,选择该项。'."\n"
+ .'- ap-southeast-1:资产属于海外地域,选择该项。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'CloudSiemSuccessResponse<Boolean>',
+ 'description' => 'CloudSiemResponse<Boolean>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '威胁分析关闭服务的返回。取值:'."\n"
+ .'- true:关闭成功'."\n"
+ .'- false:关闭失败',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'RequestId' => [
+ 'title' => '请求消息ID。',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => 'F375A043-4F5B-55F2-A564-CC47FFC6****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'Siem.Delivery.MissingProductCode',
+ 'errorMessage' => 'ProductCode is mandatory for this action.',
+ ],
+ ],
+ 500 => [
+ [
+ 'errorCode' => 'InternalError',
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ ],
+ [
+ 'errorCode' => 'Siem.Delivery.ErrorMapping',
+ 'errorMessage' => 'The Mapping between productCode and logCode is error.',
+ ],
+ [
+ 'errorCode' => 'Siem.Delivery.ErrorProductCode',
+ 'errorMessage' => 'ProductCode is error for this action.',
+ ],
+ [
+ 'errorCode' => 'SLS.Ship.Error',
+ 'errorMessage' => 'The Simple Log Service about data shipping is unavailable.',
+ ],
+ ],
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": true,\\n \\"RequestId\\": \\"F375A043-4F5B-55F2-A564-CC47FFC6****\\"\\n}","type":"json"}]',
+ 'title' => '关闭威胁分析已接入的云产品日志的投递',
+ ],
+ 'UpdateWhiteRuleList' => [
+ 'summary' => '添加或更新告警加白规则。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'https',
+ 'http',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'update',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'WhiteRuleId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '加白规则唯一ID。',
+ 'description' => '加白规则唯一ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => true,
+ 'example' => '123456789',
+ ],
+ ],
+ [
+ 'name' => 'IncidentUuid',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '事件全局唯一ID。',
+ 'description' => '事件全局唯一ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '85ea4241-798f-4684-a876-65d4f0c3****',
+ ],
+ ],
+ [
+ 'name' => 'Expression',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '告警加白规则 json对象。',
+ 'description' => '告警加白规则,json对象。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => '['."\n"
+ .' {'."\n"
+ .' "alertName": "webshell",'."\n"
+ .' "alertNameId": "webshell",'."\n"
+ .' "alertType": "command",'."\n"
+ .' "alertTypeId": "command",'."\n"
+ .' "expression": {'."\n"
+ .' "status": 1,'."\n"
+ .' "conditions": ['."\n"
+ .' {'."\n"
+ .' "isNot": false,'."\n"
+ .' "left": {'."\n"
+ .' "value": "file_path"'."\n"
+ .' },'."\n"
+ .' "operator": "gt",'."\n"
+ .' "right": {'."\n"
+ .' "value": "cp"'."\n"
+ .' }'."\n"
+ .' }'."\n"
+ .' ]'."\n"
+ .' }'."\n"
+ .' }'."\n"
+ .']',
+ ],
+ ],
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'BaseResponse',
+ 'description' => 'BaseResponse',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'any',
+ 'example' => '123456',
+ ],
+ 'Success' => [
+ 'title' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'description' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'Code' => [
+ 'title' => '请求状态码。',
+ 'description' => '请求状态码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '200',
+ ],
+ 'Message' => [
+ 'title' => '请求返回消息。',
+ 'description' => '请求返回消息。',
+ 'type' => 'string',
+ 'example' => 'success',
+ ],
+ 'RequestId' => [
+ 'title' => '请求id。',
+ 'description' => '请求ID。',
+ 'type' => 'string',
+ 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ 'errorCode' => 'InternalError',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": \\"123456\\",\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]',
+ 'title' => '添加或更新告警加白规则',
+ ],
+ 'PostEventWhiteruleList' => [
+ 'summary' => '提交告警加白规则。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'https',
+ 'http',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'create',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'IncidentUuid',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '事件全局唯一ID。',
+ 'description' => '事件全局唯一ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '85ea4241-798f-4684-a876-65d4f0c3****',
+ ],
+ ],
+ [
+ 'name' => 'WhiteruleList',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '告警加白规则 json对象。',
+ 'description' => '告警加白规则,json对象。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => '['."\n"
+ .' {'."\n"
+ .' "alertName": "webshell",'."\n"
+ .' "alertNameId": "webshell",'."\n"
+ .' "alertType": "command",'."\n"
+ .' "alertTypeId": "command",'."\n"
+ .' "expression": {'."\n"
+ .' "status": 1,'."\n"
+ .' "conditions": ['."\n"
+ .' {'."\n"
+ .' "isNot": false,'."\n"
+ .' "left": {'."\n"
+ .' "value": "file_path"'."\n"
+ .' },'."\n"
+ .' "operator": "gt",'."\n"
+ .' "right": {'."\n"
+ .' "value": "cp"'."\n"
+ .' }'."\n"
+ .' }'."\n"
+ .' ]'."\n"
+ .' }'."\n"
+ .' }'."\n"
+ .']',
+ ],
+ ],
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'BaseResponse<String>',
+ 'description' => 'BaseResponse<String>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'string',
+ 'example' => '123456',
+ ],
+ 'Success' => [
+ 'title' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'description' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'Code' => [
+ 'title' => '请求状态码。',
+ 'description' => '请求状态码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '200',
+ ],
+ 'Message' => [
+ 'title' => '请求返回消息。',
+ 'description' => '请求返回消息。',
+ 'type' => 'string',
+ 'example' => 'success',
+ ],
+ 'RequestId' => [
+ 'title' => '请求id。',
+ 'description' => '请求ID。',
+ 'type' => 'string',
+ 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ 'errorCode' => 'InternalError',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": \\"123456\\",\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]',
+ 'title' => '提交告警加白规则',
+ ],
+ 'DescribeWhiteRuleList' => [
+ 'summary' => '获取告警加白规则列表。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'https',
+ 'http',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'list',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'AlertType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '告警类型。',
+ 'description' => '告警类型。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'scan',
+ ],
+ ],
+ [
+ 'name' => 'AlertName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '告警名称。',
+ 'description' => '告警名称。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'Try SNMP weak password',
+ ],
+ ],
+ [
+ 'name' => 'IncidentUuid',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '事件ID。',
+ 'description' => '事件全局唯一UUID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '85ea4241-798f-4684-a876-65d4f0c3****',
+ ],
+ ],
+ [
+ 'name' => 'CurrentPage',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '列表当前页号, 大于等于1。',
+ 'description' => '列表当前页号, 大于等于1。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => true,
+ 'minimum' => '1',
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'PageSize',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '列表每页条数, 最大不超过100。',
+ 'description' => '列表每页条数, 最大不超过100。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => true,
+ 'maximum' => '100',
+ 'minimum' => '1',
+ 'example' => '10',
+ ],
+ ],
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'PageResponse<List<WhitelistRule>>',
+ 'description' => 'PageResponse<List<WhitelistRule>>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Success' => [
+ 'title' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'description' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'Code' => [
+ 'title' => '请求状态码。',
+ 'description' => '请求状态码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '200',
+ ],
+ 'Message' => [
+ 'title' => '请求返回消息。',
+ 'description' => '请求返回消息。',
+ 'type' => 'string',
+ 'example' => 'success',
+ ],
+ 'RequestId' => [
+ 'title' => '请求id。',
+ 'description' => '请求ID。',
+ 'type' => 'string',
+ 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****',
+ ],
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'object',
+ 'properties' => [
+ 'PageInfo' => [
+ 'title' => '分页记录。',
+ 'description' => '分页记录。',
+ 'type' => 'object',
+ 'properties' => [
+ 'CurrentPage' => [
+ 'title' => '列表当前页号。',
+ 'description' => '列表当前页号。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '1',
+ ],
+ 'PageSize' => [
+ 'title' => '每页返回记录数。',
+ 'description' => '每页返回记录数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '10',
+ ],
+ 'TotalCount' => [
+ 'title' => '记录总数。',
+ 'description' => '记录总数。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '100',
+ ],
+ ],
+ ],
+ 'ResponseData' => [
+ 'title' => '详细数据。',
+ 'description' => '详细数据。',
+ 'type' => 'array',
+ 'items' => [
+ 'type' => 'object',
+ 'properties' => [
+ 'Id' => [
+ 'title' => '加白规则唯一ID。',
+ 'description' => '加白规则唯一ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '123456789',
+ ],
+ 'GmtCreate' => [
+ 'title' => '创建时间。',
+ 'description' => '创建时间。',
+ 'type' => 'string',
+ 'example' => '2021-01-06 16:37:29',
+ ],
+ 'GmtModified' => [
+ 'title' => '修改时间。',
+ 'description' => '修改时间。',
+ 'type' => 'string',
+ 'example' => '2021-01-06 16:37:29',
+ ],
+ 'Aliuid' => [
+ 'title' => '规则关联siem主账号ID。',
+ 'description' => '开通威胁分析的阿里云账号ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '127608589417****',
+ ],
+ 'SubAliuid' => [
+ 'title' => '规则创建阿里账号ID。',
+ 'description' => '创建规则的阿里云账号ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '176555323***',
+ ],
+ 'AlertType' => [
+ 'title' => '告警类型。',
+ 'description' => '告警类型。',
+ 'type' => 'string',
+ 'example' => 'scan',
+ ],
+ 'AlertTypeId' => [
+ 'title' => '告警类型标识。',
+ 'description' => '告警类型标识。',
+ 'type' => 'string',
+ 'example' => 'scan',
+ ],
+ 'AlertName' => [
+ 'title' => '告警名称。',
+ 'description' => '告警名称。',
+ 'type' => 'string',
+ 'example' => 'Try SNMP weak password',
+ ],
+ 'AlertNameId' => [
+ 'title' => '告警名称标识。',
+ 'description' => '告警名称标识。',
+ 'type' => 'string',
+ 'example' => 'Try SNMP weak password',
+ ],
+ 'Status' => [
+ 'title' => '规则启用状态。 取值:'."\n"
+ .'- 1:开启'."\n"
+ .'- 0:关闭',
+ 'description' => '规则启用状态。 取值:'."\n"
+ .'- 1:开启'."\n"
+ .'- 0:关闭',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '1',
+ ],
+ 'IncidentUuid' => [
+ 'title' => '事件全局唯一ID。',
+ 'description' => '事件全局唯一UUID。',
+ 'type' => 'string',
+ 'example' => '85ea4241-798f-4684-a876-65d4f0c3****',
+ ],
+ 'AlertUuid' => [
+ 'title' => '告警ID。',
+ 'description' => '告警UUID。',
+ 'type' => 'string',
+ 'example' => 'sas_71e24437d2797ce8fc59692905a4****',
+ ],
+ 'Expression' => [
+ 'title' => '规则集 json数组格式。',
+ 'description' => '规则集 json数组格式。',
+ 'type' => 'object',
+ 'properties' => [
+ 'Logic' => [
+ 'description' => '条件逻辑关系。',
+ 'type' => 'string',
+ 'example' => '(1&2)|(3&4)',
+ ],
+ 'Conditions' => [
+ 'description' => '规则表达式数组。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '规则表达式数组。',
+ 'type' => 'object',
+ 'properties' => [
+ 'ItemId' => [
+ 'description' => '条件ID。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '1',
+ ],
+ 'Operator' => [
+ 'description' => '分派规则条件聚合方式。'."\n"
+ ."\n"
+ .'- `=`:等于'."\n"
+ .'- `<>`:不等于'."\n"
+ .'- `in`:包含'."\n"
+ .'- `not in`:不包含'."\n"
+ .'- `REGEXP`:匹配正则'."\n"
+ .'- `NOT REGEXP`:正则不匹配',
+ 'type' => 'string',
+ 'example' => 'REGEXP',
+ ],
+ 'IsNot' => [
+ 'description' => '对结果是否取反。 取值:'."\n"
+ ."\n"
+ .'- true:取反'."\n"
+ .'- false:不取反',
+ 'type' => 'boolean',
+ 'example' => 'false',
+ ],
+ 'Left' => [
+ 'description' => '条件左值。',
+ 'type' => 'object',
+ 'properties' => [
+ 'Value' => [
+ 'description' => '左值变量名称。',
+ 'type' => 'string',
+ 'example' => 'ip',
+ ],
+ 'IsVar' => [
+ 'description' => '是否是变量。'."\n"
+ ."\n"
+ .'- true:变量'."\n"
+ .'- false:常量',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'Type' => [
+ 'description' => '是否是常量。取值:'."\n"
+ ."\n"
+ .'- true:是'."\n"
+ .'- false:否',
+ 'type' => 'string',
+ 'example' => 'false',
+ ],
+ 'Modifier' => [
+ 'description' => '备注信息。',
+ 'type' => 'string',
+ 'example' => 'length',
+ ],
+ 'ModifierParam' => [
+ 'description' => '备注信息键值对。',
+ 'type' => 'object',
+ 'additionalProperties' => [
+ 'type' => 'any',
+ 'example' => '{"tage":"description"}',
+ 'description' => '备注信息键值对。',
+ ],
+ ],
+ ],
+ ],
+ 'Right' => [
+ 'description' => '右值对象。',
+ 'type' => 'object',
+ 'properties' => [
+ 'Value' => [
+ 'description' => '右值。',
+ 'type' => 'string',
+ 'example' => '12345',
+ ],
+ 'IsVar' => [
+ 'description' => '指定右变量值是常量,还是运行时变量(从运行时上下文中获取具体值)。'."\n"
+ ."\n"
+ .'- true:运行时变量'."\n"
+ .'- false:常量',
+ 'type' => 'boolean',
+ 'example' => 'false',
+ ],
+ 'Type' => [
+ 'description' => '数据类型。',
+ 'type' => 'string',
+ 'example' => 'String',
+ ],
+ 'Modifier' => [
+ 'description' => '备注信息。',
+ 'type' => 'string',
+ 'example' => 'length',
+ ],
+ 'ModifierParam' => [
+ 'description' => '备注信息键值对。',
+ 'type' => 'object',
+ 'additionalProperties' => [
+ 'type' => 'any',
+ 'example' => '{"tage":"description"}',
+ 'description' => '备注信息键值对。',
+ ],
+ ],
+ ],
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'example' => '[{"conditions":[{"isNot":false,"itemId":0,"left":{"value":"host_uuid.host_name"},"operator":"containsString","right":{"value":"Cloud-MCH"}}]}]',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'example' => '123456',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ 'errorCode' => 'InternalError',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\",\\n \\"Data\\": {\\n \\"PageInfo\\": {\\n \\"CurrentPage\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 100\\n },\\n \\"ResponseData\\": [\\n {\\n \\"Id\\": 123456789,\\n \\"GmtCreate\\": \\"2021-01-06 16:37:29\\",\\n \\"GmtModified\\": \\"2021-01-06 16:37:29\\",\\n \\"Aliuid\\": 0,\\n \\"SubAliuid\\": 0,\\n \\"AlertType\\": \\"scan\\",\\n \\"AlertTypeId\\": \\"scan\\",\\n \\"AlertName\\": \\"Try SNMP weak password\\",\\n \\"AlertNameId\\": \\"Try SNMP weak password\\",\\n \\"Status\\": 1,\\n \\"IncidentUuid\\": \\"85ea4241-798f-4684-a876-65d4f0c3****\\",\\n \\"AlertUuid\\": \\"sas_71e24437d2797ce8fc59692905a4****\\",\\n \\"Expression\\": {\\n \\"Logic\\": \\"(1&2)|(3&4)\\",\\n \\"Conditions\\": [\\n {\\n \\"ItemId\\": 1,\\n \\"Operator\\": \\"REGEXP\\",\\n \\"IsNot\\": false,\\n \\"Left\\": {\\n \\"Value\\": \\"ip\\",\\n \\"IsVar\\": true,\\n \\"Type\\": \\"false\\",\\n \\"Modifier\\": \\"length\\",\\n \\"ModifierParam\\": {\\n \\"key\\": \\"{\\\\\\"tage\\\\\\":\\\\\\"description\\\\\\"}\\"\\n }\\n },\\n \\"Right\\": {\\n \\"Value\\": \\"12345\\",\\n \\"IsVar\\": false,\\n \\"Type\\": \\"String\\",\\n \\"Modifier\\": \\"length\\",\\n \\"ModifierParam\\": {\\n \\"key\\": \\"{\\\\\\"tage\\\\\\":\\\\\\"description\\\\\\"}\\"\\n }\\n }\\n }\\n ]\\n }\\n }\\n ]\\n }\\n}","type":"json"}]',
+ 'title' => '获取告警加白规则列表',
+ ],
+ 'DescribeAlertScene' => [
+ 'summary' => '获取告警加白场景。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'https',
+ 'http',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'get',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'BaseResponse<List<SceneAndTarget>>',
+ 'description' => 'BaseResponse<List<SceneAndTarget>>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'array',
+ 'items' => [
+ 'type' => 'object',
+ 'properties' => [
+ 'AlertType' => [
+ 'title' => '告警类型展示值,随中英文环境变化。',
+ 'description' => '告警类型展示值,随中英文环境变化。',
+ 'type' => 'string',
+ 'example' => 'unusual login',
+ ],
+ 'AlertTypeId' => [
+ 'title' => '告警类型标识。',
+ 'description' => '告警类型标识。',
+ 'type' => 'string',
+ 'example' => 'unusual login',
+ ],
+ 'AlertName' => [
+ 'title' => '告警名称展示值,随中英文环境变化。',
+ 'description' => '告警名称展示值,随中英文环境变化。',
+ 'type' => 'string',
+ 'example' => 'login_common_ip',
+ ],
+ 'AlertNameId' => [
+ 'title' => '告警名称标识。',
+ 'description' => '告警名称标识。',
+ 'type' => 'string',
+ 'example' => 'login_common_ip',
+ ],
+ 'AlertTile' => [
+ 'title' => '告警title展示值,随中英文环境变化。',
+ 'description' => '告警标题展示值,随中英文环境变化。',
+ 'type' => 'string',
+ 'example' => 'unusual login-login_common_ip',
+ ],
+ 'AlertTileId' => [
+ 'title' => '告警title 标识。',
+ 'description' => '告警标题标识。',
+ 'type' => 'string',
+ 'example' => 'unusual login-login_common_ip',
+ ],
+ 'Targets' => [
+ 'title' => '加白对象。',
+ 'description' => '加白对象。',
+ 'type' => 'array',
+ 'items' => [
+ 'type' => 'object',
+ 'properties' => [
+ 'Type' => [
+ 'title' => '可以加白的实体属性字段。',
+ 'description' => '可以加白的实体属性字段。',
+ 'type' => 'string',
+ 'example' => 'host_uuid',
+ ],
+ 'Name' => [
+ 'title' => '可以加白的实体属性字段展示名。',
+ 'description' => '可以加白的实体属性字段展示名。',
+ 'type' => 'string',
+ 'example' => 'HOST UUID',
+ ],
+ 'Value' => [
+ 'title' => '加白规则默认展示的右值。',
+ 'description' => '加白规则默认展示的右值。',
+ 'type' => 'string',
+ 'example' => '441862da-a539-4cc0-a00d-47395582****',
+ ],
+ 'Values' => [
+ 'title' => '加白规则可选的右值。',
+ 'description' => '加白规则可选的右值。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '右值。',
+ 'type' => 'string',
+ 'example' => '[441862da-a539-4cc0-a00d-47395582****]',
+ ],
+ 'example' => '["441862da-a539-4cc0-a00d-473955826881"]',
+ ],
+ ],
+ ],
+ 'example' => '[{"Type": "host_uuid","Value": "441862da-a539-4cc0-a00d-473955826881","Values": ["441862da-a539-4cc0-a00d-473955826881"],"Name": "${aliyun.siem.entity.host_uuid}"}]',
+ ],
+ ],
+ ],
+ 'example' => '123456',
+ ],
+ 'Success' => [
+ 'title' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'description' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'Code' => [
+ 'title' => '请求状态码。',
+ 'description' => '请求状态码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '200',
+ ],
+ 'Message' => [
+ 'title' => '请求返回消息。',
+ 'description' => '请求返回消息。',
+ 'type' => 'string',
+ 'example' => 'success',
+ ],
+ 'RequestId' => [
+ 'title' => '请求id。',
+ 'description' => '请求ID。',
+ 'type' => 'string',
+ 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ 'errorCode' => 'InternalError',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"AlertType\\": \\"unusual login\\",\\n \\"AlertTypeId\\": \\"unusual login\\",\\n \\"AlertName\\": \\"login_common_ip\\",\\n \\"AlertNameId\\": \\"login_common_ip\\",\\n \\"AlertTile\\": \\"unusual login-login_common_ip\\",\\n \\"AlertTileId\\": \\"unusual login-login_common_ip\\",\\n \\"Targets\\": [\\n {\\n \\"Type\\": \\"host_uuid\\",\\n \\"Name\\": \\"HOST UUID\\",\\n \\"Value\\": \\"441862da-a539-4cc0-a00d-47395582****\\",\\n \\"Values\\": [\\n \\"[441862da-a539-4cc0-a00d-47395582****]\\"\\n ]\\n }\\n ]\\n }\\n ],\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]',
+ 'title' => '获取告警加白规则场景列表',
+ ],
+ 'DescribeAlertSceneByEvent' => [
+ 'summary' => '获取告警加白场景与加白对象列表。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'https',
+ 'http',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'get',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'IncidentUuid',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '事件ID。',
+ 'description' => '事件ID。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => '85ea4241-798f-4684-a876-65d4f0c3****',
+ ],
+ ],
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'BaseResponse<List<SceneAndTarget>>',
+ 'description' => 'BaseResponse<List<SceneAndTarget>>',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'array',
+ 'items' => [
+ 'type' => 'object',
+ 'properties' => [
+ 'AlertType' => [
+ 'title' => '告警类型展示值,随中英文环境变化。',
+ 'description' => '告警类型展示值,随中英文环境变化。',
+ 'type' => 'string',
+ 'example' => 'Unusual Logon',
+ ],
+ 'AlertTypeId' => [
+ 'title' => '告警类型标识。',
+ 'description' => '告警类型标识。',
+ 'type' => 'string',
+ 'example' => 'Unusual Logon',
+ ],
+ 'AlertName' => [
+ 'title' => '告警名称展示值,随中英文环境变化。',
+ 'description' => '告警名称展示值,随中英文环境变化。',
+ 'type' => 'string',
+ 'example' => 'login_common_ip',
+ ],
+ 'AlertNameId' => [
+ 'title' => '告警名称标识。',
+ 'description' => '告警名称标识。',
+ 'type' => 'string',
+ 'example' => 'login_common_ip',
+ ],
+ 'AlertTile' => [
+ 'title' => '告警title展示值,随中英文环境变化。',
+ 'description' => '告警标题展示值,随中英文环境变化。',
+ 'type' => 'string',
+ 'example' => 'Unusual Logon-login_common_ip',
+ ],
+ 'AlertTileId' => [
+ 'title' => '告警title 标识。',
+ 'description' => '告警标题标识。',
+ 'type' => 'string',
+ 'example' => 'Unusual Logon-login_common_ip',
+ ],
+ 'Targets' => [
+ 'title' => '加白对象。',
+ 'description' => '加白对象。',
+ 'type' => 'array',
+ 'items' => [
+ 'type' => 'object',
+ 'properties' => [
+ 'Type' => [
+ 'title' => '可以加白的实体属性字段。',
+ 'description' => '可以加白的实体属性字段。',
+ 'type' => 'string',
+ 'example' => 'host_uuid',
+ ],
+ 'Name' => [
+ 'title' => '可以加白的实体属性字段展示名。',
+ 'description' => '可以加白的实体属性字段展示名。',
+ 'type' => 'string',
+ 'example' => 'host uuid',
+ ],
+ 'Value' => [
+ 'title' => '加白规则默认展示的右值。',
+ 'description' => '加白规则默认展示的右值。',
+ 'type' => 'string',
+ 'example' => '441862da-a539-4cc0-a00d-47395582****',
+ ],
+ 'Values' => [
+ 'title' => '加白规则可选的右值。',
+ 'description' => '加白规则可选的右值。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '右值。',
+ 'type' => 'string',
+ 'example' => '[441862da-a539-4cc0-a00d-47395582****]',
+ ],
+ 'example' => '["441862da-a539-4cc0-a00d-473955826881"]',
+ ],
+ ],
+ ],
+ 'example' => '[{"Type": "host_uuid","Value": "441862da-a539-4cc0-a00d-473955826881","Values": ["441862da-a539-4cc0-a00d-473955826881"],"Name": "${aliyun.siem.entity.host_uuid}"}]',
+ ],
+ ],
+ ],
+ 'example' => '123456',
+ ],
+ 'Success' => [
+ 'title' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'description' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'Code' => [
+ 'title' => '请求状态码。',
+ 'description' => '请求状态码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '200',
+ ],
+ 'Message' => [
+ 'title' => '请求返回消息。',
+ 'description' => '请求返回消息。',
+ 'type' => 'string',
+ 'example' => 'success',
+ ],
+ 'RequestId' => [
+ 'title' => '请求id。',
+ 'description' => '请求ID。',
+ 'type' => 'string',
+ 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ 'errorCode' => 'InternalError',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"AlertType\\": \\"Unusual Logon\\",\\n \\"AlertTypeId\\": \\"Unusual Logon\\",\\n \\"AlertName\\": \\"login_common_ip\\",\\n \\"AlertNameId\\": \\"login_common_ip\\",\\n \\"AlertTile\\": \\"Unusual Logon-login_common_ip\\",\\n \\"AlertTileId\\": \\"Unusual Logon-login_common_ip\\",\\n \\"Targets\\": [\\n {\\n \\"Type\\": \\"host_uuid\\",\\n \\"Name\\": \\"host uuid\\",\\n \\"Value\\": \\"441862da-a539-4cc0-a00d-47395582****\\",\\n \\"Values\\": [\\n \\"[441862da-a539-4cc0-a00d-47395582****]\\"\\n ]\\n }\\n ]\\n }\\n ],\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]',
+ 'title' => '获取告警加白场景与加白对象列表',
+ ],
+ 'DeleteWhiteRuleList' => [
+ 'summary' => '删除指定ID的告警加白规则。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'https',
+ 'http',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'delete',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'Id',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '加白规则唯一ID。',
+ 'description' => '加白规则唯一ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => true,
+ 'example' => '123456789',
+ ],
+ ],
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '视图类型。'."\n"
+ ."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'BaseResponse',
+ 'description' => 'BaseResponse',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'title' => '请求返回值。',
+ 'description' => '请求返回值。',
+ 'type' => 'any',
+ 'example' => '123456',
+ ],
+ 'Success' => [
+ 'title' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'description' => '请求是否成功。取值:'."\n"
+ .'- true:成功'."\n"
+ .'- false:失败',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'Code' => [
+ 'title' => '请求状态码。',
+ 'description' => '请求状态码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '200',
+ ],
+ 'Message' => [
+ 'title' => '请求返回消息。',
+ 'description' => '请求返回消息。',
+ 'type' => 'string',
+ 'example' => 'success',
+ ],
+ 'RequestId' => [
+ 'title' => '请求id。',
+ 'description' => '请求ID。',
+ 'type' => 'string',
+ 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 500 => [
+ [
+ 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ 'errorCode' => 'InternalError',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": \\"123456\\",\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]',
+ 'title' => '删除告警加白规则',
+ ],
+ ],
+ 'endpoints' => [
+ [
+ 'regionId' => 'cn-shanghai',
+ 'endpoint' => 'cloud-siem.cn-shanghai.aliyuncs.com',
+ ],
+ [
+ 'regionId' => 'ap-southeast-1',
+ 'endpoint' => 'cloud-siem.ap-southeast-1.aliyuncs.com',
+ ],
+ ],
+];
diff --git a/data/zh_cn/cloud-siem/2024-12-12/api-docs.php b/data/zh_cn/cloud-siem/2024-12-12/api-docs.php
new file mode 100644
index 0000000..5f47e8f
--- /dev/null
+++ b/data/zh_cn/cloud-siem/2024-12-12/api-docs.php
@@ -0,0 +1,15287 @@
+<?php return [
+ 'version' => '1.0',
+ 'info' => [
+ 'style' => 'RPC',
+ 'product' => 'cloud-siem',
+ 'version' => '2024-12-12',
+ ],
+ 'directories' => [
+ [
+ 'id' => 332850,
+ 'title' => '账号管理',
+ 'type' => 'directory',
+ 'children' => [
+ 'GetUserConfig',
+ ],
+ ],
+ [
+ 'id' => 332852,
+ 'title' => '版本升级',
+ 'type' => 'directory',
+ 'children' => [
+ 'CheckUpgradeItem',
+ 'ExecuteUpgrade',
+ 'ListUpgradeItems',
+ ],
+ ],
+ [
+ 'id' => 332856,
+ 'title' => '日志管理',
+ 'type' => 'directory',
+ 'children' => [
+ 'UpdateDataStorage',
+ 'UpdateDataStorageTtl',
+ 'UpdateDataStorageDelivery',
+ 'ResetDataStorage',
+ 'GetDataStorage',
+ ],
+ ],
+ [
+ 'id' => 332862,
+ 'title' => '数据源',
+ 'type' => 'directory',
+ 'children' => [
+ 'CreateDataSource',
+ 'UpdateDataSource',
+ 'RefreshDataSource',
+ 'DeleteDataSource',
+ 'ListDataSources',
+ 'UpdateDataSourceTemplate',
+ 'ListDataSourceTemplates',
+ 'CreateLogStore',
+ 'DeleteLogStore',
+ 'ValidateLogStore',
+ 'ListLogRegions',
+ 'ListLogProjects',
+ 'ListLogStores',
+ 'GetLogTicket',
+ ],
+ ],
+ [
+ 'id' => 332881,
+ 'title' => '数据接入',
+ 'type' => 'directory',
+ 'children' => [
+ 'CreateProduct',
+ 'UpdateProduct',
+ 'DeleteProduct',
+ 'ListProducts',
+ 'CreateVendor',
+ 'UpdateVendor',
+ 'DeleteVendor',
+ 'ListVendors',
+ 'CreateDataIngestion',
+ 'EnableDataIngestion',
+ 'DisableDataIngestion',
+ 'UpdateDataIngestion',
+ 'DeleteDataIngestion',
+ 'GetDataBatchIngestion',
+ 'UpdateDataBatchIngestion',
+ 'ListDataIngestions',
+ 'UpdateDataIngestionTemplate',
+ 'ListDataIngestionTemplates',
+ 'ListTrafficStatistics',
+ 'ExecuteLogQuery',
+ ],
+ ],
+ [
+ 'id' => 332906,
+ 'title' => '数据标准化',
+ 'type' => 'directory',
+ 'children' => [
+ 'CreateNormalizationRule',
+ 'UpdateNormalizationRule',
+ 'DeleteNormalizationRule',
+ 'ValidateNormalizationRule',
+ 'GetNormalizationRule',
+ 'GetNormalizationSchema',
+ 'GetNormalizationRuleVersion',
+ 'DeleteNormalizationRuleVersion',
+ 'SetDefaultNormalizationRuleVersion',
+ 'ListNormalizationRuleVersions',
+ 'ListNormalizationRules',
+ 'ListNormalizationFields',
+ 'ListNormalizationCategories',
+ 'ListNormalizationRuleCapacities',
+ 'ListNormalizationSchemas',
+ ],
+ ],
+ [
+ 'id' => 332922,
+ 'title' => '数据集',
+ 'type' => 'directory',
+ 'children' => [
+ 'CreateDataSet',
+ 'UpdateDataSet',
+ 'DeleteDataSet',
+ 'ListDataSets',
+ 'UpdateDataSetRecord',
+ 'DeleteDataSetRecord',
+ 'ListDataSetRecords',
+ ],
+ ],
+ [
+ 'id' => 332930,
+ 'title' => '检测规则',
+ 'type' => 'directory',
+ 'children' => [
+ 'CreateDetectionRule',
+ 'UpdateDetectionRule',
+ 'DeleteDetectionRule',
+ 'ListDetectionRules',
+ 'GetDetectionStatistic',
+ ],
+ ],
+ [
+ 'id' => 332936,
+ 'title' => '事件处置',
+ 'type' => 'directory',
+ 'children' => [
+ 'GetIncident',
+ 'ListIncidents',
+ ],
+ ],
+ [
+ 'id' => 332939,
+ 'title' => '导出任务',
+ 'type' => 'directory',
+ 'children' => [
+ 'CreateExportTask',
+ 'GetExportTask',
+ ],
+ ],
+ [
+ 'id' => 0,
+ 'title' => '其它',
+ 'type' => 'directory',
+ 'children' => [
+ 'UpdateNormalizationSchema',
+ 'CreateNormalizationSchema',
+ ],
+ ],
+ ],
+ 'components' => [
+ 'schemas' => [],
+ ],
+ 'apis' => [
+ 'GetUserConfig' => [
+ 'summary' => '获取用户信息。',
+ 'methods' => [
+ 'post',
+ 'get',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'read',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'get',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'en',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '173326*******',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ 'User' => [
+ 'description' => '用户。',
+ 'type' => 'object',
+ 'properties' => [
+ 'CtdrVersion' => [
+ 'description' => '当前CTDR版本。',
+ 'type' => 'string',
+ 'example' => 'v2',
+ ],
+ 'DataStorageVersion' => [
+ 'description' => '升级状态。取值:'."\n"
+ .'- pending:待升级。'."\n"
+ .'- upgrading:升级中。'."\n"
+ .'- success:升级成功。'."\n"
+ .'- failed:升级失败。',
+ 'type' => 'string',
+ 'example' => 'pending',
+ ],
+ 'UpgradeStatus' => [
+ 'description' => '要升级的CTDR版本。',
+ 'type' => 'string',
+ 'example' => 'v2',
+ ],
+ 'UpgradeCtdrVersion' => [
+ 'description' => '日志管理版本。',
+ 'type' => 'string',
+ 'example' => 'v2',
+ ],
+ ],
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'IdempotentParameterMismatch',
+ 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"User\\": {\\n \\"CtdrVersion\\": \\"v2\\",\\n \\"DataStorageVersion\\": \\"pending\\",\\n \\"UpgradeStatus\\": \\"v2\\",\\n \\"UpgradeCtdrVersion\\": \\"v2\\"\\n }\\n}","type":"json"}]',
+ 'title' => '获取用户信息',
+ 'description' => '入参JsonConfig是一个非常复杂的JSON配置,为此我们提供了辅助工具类帮助具体配置示例,请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。',
+ ],
+ 'CheckUpgradeItem' => [
+ 'summary' => '检查版本升级项。',
+ 'path' => '',
+ 'methods' => [
+ 'post',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'read',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'none',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'UpgradeItemId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '升级项ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'dispose_task_upgrade',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-shanghai',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'title' => 'Id of the request',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ 'UpgradeItem' => [
+ 'description' => '升级项。',
+ 'type' => 'object',
+ 'properties' => [
+ 'UpgradeItemId' => [
+ 'description' => '升级项ID。',
+ 'type' => 'string',
+ 'example' => 'incident_upgrade',
+ ],
+ 'CheckStatus' => [
+ 'description' => '卡点状态',
+ 'type' => 'string',
+ 'example' => 'success',
+ ],
+ 'CheckResult' => [
+ 'description' => '模块名文案',
+ 'type' => 'string',
+ 'example' => 'OK',
+ ],
+ ],
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"UpgradeItem\\": {\\n \\"UpgradeItemId\\": \\"incident_upgrade\\",\\n \\"CheckStatus\\": \\"success\\",\\n \\"CheckResult\\": \\"OK\\"\\n }\\n}","type":"json"}]',
+ 'title' => '检查版本升级项',
+ 'description' => '入参JsonConfig是一个非常复杂的JSON配置,为此我们提供了辅助工具类帮助具体配置示例,请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。',
+ ],
+ 'ExecuteUpgrade' => [
+ 'summary' => '执行版本升级。',
+ 'path' => '',
+ 'methods' => [
+ 'post',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'readAndWrite',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'update',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '173326*******',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'title' => 'Id of the request',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]',
+ 'title' => '执行版本升级',
+ 'description' => '入参JsonConfig是一个非常复杂的JSON配置,为此我们提供了辅助工具类帮助具体配置示例,请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。',
+ ],
+ 'ListUpgradeItems' => [
+ 'summary' => '获取版本升级项列表。',
+ 'path' => '',
+ 'methods' => [
+ 'post',
+ 'get',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'read',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'list',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'MaxResults',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '本次读取的最大数据量。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'minimum' => '0',
+ 'example' => '50',
+ ],
+ ],
+ [
+ 'name' => 'NextToken',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '是否拥有下一次查询的令牌(Token)。取值:第一次查询和没有下一次查询时,均无需填写。如果有下一次查询,取值为上一次API调用返回的NextToken值。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'title' => 'Id of the request',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ 'UpgradeItems' => [
+ 'description' => '升级项列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '升级项。',
+ 'type' => 'object',
+ 'properties' => [
+ 'UpgradeItemId' => [
+ 'description' => '升级项ID。',
+ 'type' => 'string',
+ 'example' => 'data_storage_2_upgrade',
+ ],
+ ],
+ ],
+ ],
+ 'NextToken' => [
+ 'description' => '是否拥有下一次查询的令牌(Token)。取值:第一次查询和没有下一次查询时,均无需填写。如果有下一次查询,取值为上一次API调用返回的NextToken值。',
+ 'type' => 'string',
+ 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****',
+ ],
+ 'MaxResults' => [
+ 'description' => '本次读取的最大数据量。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '50',
+ ],
+ 'TotalCount' => [
+ 'description' => '记录总数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '57',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"UpgradeItems\\": [\\n {\\n \\"UpgradeItemId\\": \\"data_storage_2_upgrade\\"\\n }\\n ],\\n \\"NextToken\\": \\"AAAAAUqcj6VO4E3ECWIrFczs****\\",\\n \\"MaxResults\\": 50,\\n \\"TotalCount\\": 57\\n}","type":"json"}]',
+ 'title' => '获取版本升级项列表',
+ 'description' => '入参JsonConfig是一个非常复杂的JSON配置,为此我们提供了辅助工具类帮助具体配置示例,请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。',
+ ],
+ 'UpdateDataStorage' => [
+ 'summary' => '修改日志管理中的日志存储地域。',
+ 'methods' => [
+ 'post',
+ 'get',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'write',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'update',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsasRXJ9SY',
+ ],
+ 'tenantRelevance' => 'publicInformation',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'DataStorageRegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '日志存储的地域。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'cn-shanghai',
+ ],
+ ],
+ [
+ 'name' => 'DeliveryStatus',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '日志管理全局投递开关,暂未放开设置。取值:'."\n"
+ .'- enable:开通全部投递。'."\n"
+ .'- disable:关闭全部投递。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'enable',
+ 'maxLength' => 1000,
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'BaseResponse',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => 'EA7FC160-8D86-5ABE-A08A-7962FDC1****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"EA7FC160-8D86-5ABE-A08A-7962FDC1****\\"\\n}","type":"json"}]',
+ 'title' => '修改日志管理中的日志存储地域',
+ ],
+ 'UpdateDataStorageTtl' => [
+ 'summary' => '修改日志的存储时长。',
+ 'methods' => [
+ 'post',
+ 'get',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'write',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'update',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsasRXJ9SY',
+ ],
+ 'autoTest' => true,
+ 'tenantRelevance' => 'tenant',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'LogStoreName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析用户日志库名字。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'network-activity',
+ 'maxLength' => 1000,
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'LogStoreTtl',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '日志库的存储时长。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '180',
+ ],
+ ],
+ [
+ 'name' => 'LogStoreHotTtl',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '使用阿里云日志服务热存方式的存储时长。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '180',
+ ],
+ ],
+ [
+ 'name' => 'LogStoreColdTtl',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '使用阿里云日志服务冷存方式的存储时长,暂未放开设置。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '0',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'BaseResponse',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => 'D92E4FCF-4584-5E50-9C02-26B79A9C****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"D92E4FCF-4584-5E50-9C02-26B79A9C****\\"\\n}","type":"json"}]',
+ 'title' => '修改日志的存储时长',
+ ],
+ 'UpdateDataStorageDelivery' => [
+ 'summary' => '修改日志投递状态。',
+ 'methods' => [
+ 'post',
+ 'get',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'write',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'update',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsasRXJ9SY',
+ ],
+ 'autoTest' => true,
+ 'tenantRelevance' => 'tenant',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'LogCode',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '日志code。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'aegis-log-login',
+ ],
+ ],
+ [
+ 'name' => 'LogDeliveryStatus',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '日志投递状态。取值:'."\n"
+ .'- enable:开通投递。'."\n"
+ .'- disable:关闭投递。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'enable',
+ 'maxLength' => 1000,
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'BaseResponse',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6D7FBF4A-5B95-5760-8B5A-BF8983D4****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6D7FBF4A-5B95-5760-8B5A-BF8983D4****\\"\\n}","type":"json"}]',
+ 'title' => '修改日志投递状态',
+ ],
+ 'ResetDataStorage' => [
+ 'summary' => '重置用户的日志存储。',
+ 'methods' => [
+ 'post',
+ 'get',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'readAndWrite',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'update',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsasRXJ9SY',
+ ],
+ 'autoTest' => true,
+ 'tenantRelevance' => 'tenant',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'BaseResponse',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]',
+ 'title' => '重置用户的日志存储',
+ ],
+ 'GetDataStorage' => [
+ 'summary' => '获取日志管理中用户日志详情。',
+ 'methods' => [
+ 'post',
+ 'get',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'read',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'get',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsasRXJ9SY',
+ ],
+ 'autoTest' => true,
+ 'tenantRelevance' => 'tenant',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'DataResponse<DataStorageBean>',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'Data' => [
+ 'description' => '返回的详细内容。',
+ 'type' => 'object',
+ 'properties' => [
+ 'DataStorageRegionId' => [
+ 'description' => '用户侧日志的存储地域。',
+ 'type' => 'string',
+ 'example' => 'cn-shanghai',
+ ],
+ 'DataStorageTotalCapacity' => [
+ 'description' => '预付费场景下购买的存储用量。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '100',
+ ],
+ 'DataStorageUsedCapacity' => [
+ 'description' => '用户日志管理中使用的存储量。',
+ 'type' => 'number',
+ 'format' => 'double',
+ 'example' => '100.0',
+ ],
+ 'LogProject' => [
+ 'description' => '用户日志对应存储的 SLS Project 名称。',
+ 'type' => 'string',
+ 'example' => 'aliyun-cloudsiem-data-171835723111****-cn-shanghai',
+ ],
+ 'SasLogStores' => [
+ 'description' => '云安全中心原始日志存储详情。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '云安全中心原始日志存储详情。',
+ 'type' => 'object',
+ 'properties' => [
+ 'LogName' => [
+ 'description' => '日志名称。',
+ 'type' => 'string',
+ 'example' => 'Process Snapshot',
+ ],
+ 'LogStoreName' => [
+ 'description' => '日志所在日志库的名字。',
+ 'type' => 'string',
+ 'example' => 'sas-security-log',
+ ],
+ 'LogDeliveryStatus' => [
+ 'description' => '日志投递情况。取值:'."\n"
+ .'- enable:开通该日志的投递。'."\n"
+ .'- disable:取消该日志的投递。',
+ 'type' => 'string',
+ 'example' => 'enable',
+ ],
+ 'LogStoreTtl' => [
+ 'description' => '该日志所在日志库的存储时长,至少存储30天。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '180',
+ ],
+ 'LogDeliveryUpdateTime' => [
+ 'description' => '最近一次操作日志投递的时间。',
+ 'type' => 'string',
+ 'example' => '2025-07-16T15:10:29',
+ ],
+ 'LogDeliveryPermission' => [
+ 'description' => '是否允许操作日志投递开关,未购买的情况下无法进行投递。取值:'."\n"
+ .'- allow:允许。'."\n"
+ .'- deny:不允许。',
+ 'type' => 'string',
+ 'example' => 'deny',
+ ],
+ 'LogDeliveryGroup' => [
+ 'description' => '日志所在的分组。取值:'."\n"
+ .'- host:主机日志。'."\n"
+ .'- security:安全日志。',
+ 'type' => 'string',
+ 'example' => 'host',
+ ],
+ 'LogSearchConditions' => [
+ 'title' => 'JSON Array ["key":"product_code", "value":"ctdr"]',
+ 'description' => '日志默认查询条件,多个日志存储在一个日志库的时候需要通过查询条件进行单日志查询。',
+ 'type' => 'string',
+ 'example' => '[{\\"__topic__\\":\\"sas-net-block\\"}]',
+ ],
+ 'LogCode' => [
+ 'description' => '日志编码。',
+ 'type' => 'string',
+ 'example' => 'sas-net-block',
+ ],
+ 'LogStoreExisted' => [
+ 'description' => '日志所在的日志库是否创存在。取值:'."\n"
+ .'- true:存在。'."\n"
+ .'- false:不存在。',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ ],
+ ],
+ ],
+ 'NormalizationLogStores' => [
+ 'description' => '标准化数据的日志库详情。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '标准化数据的日志库详情。',
+ 'type' => 'object',
+ 'properties' => [
+ 'LogStoreName' => [
+ 'description' => '存储标准化数据的日志库名字。',
+ 'type' => 'string',
+ 'example' => 'vulnerability-activity',
+ ],
+ 'LogStoreTtl' => [
+ 'description' => '存储标准化数据的存储时长。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '180',
+ ],
+ ],
+ ],
+ ],
+ 'NormalizationLogViews' => [
+ 'description' => '标准化数据集详情。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '标准化数据集详情。',
+ 'type' => 'object',
+ 'properties' => [
+ 'CategoryName' => [
+ 'description' => '标准化日志分类。',
+ 'type' => 'string',
+ 'example' => 'Security Category',
+ ],
+ 'ActivityName' => [
+ 'description' => '标准化日志的日志类型。',
+ 'type' => 'string',
+ 'example' => 'API security risk log',
+ ],
+ 'LogViewName' => [
+ 'description' => '标准化数据集名字。',
+ 'type' => 'string',
+ 'example' => 'risk_activity',
+ ],
+ 'LogStoreName' => [
+ 'description' => '威胁分析存储标准化日志的日志库。',
+ 'type' => 'string',
+ 'example' => 'risk-activity',
+ ],
+ 'DetectionRuleReferenceCount' => [
+ 'description' => '该标准化数据集在威胁分析接入中心被引用的次数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '3',
+ ],
+ 'DetectionRuleReferenceProductIds' => [
+ 'description' => '该标准化数据集在威胁分析接入中心被引用的产品列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '威胁分析接入中心的产品ID。',
+ 'type' => 'string',
+ 'example' => 'azure_active_directory',
+ ],
+ ],
+ 'LogSearchConditions' => [
+ 'title' => 'JSON Array ["key":"product_code", "value":"ctdr"]',
+ 'description' => '标准化数据集中查询日志类型的查询语句。',
+ 'type' => 'string',
+ 'example' => '[{\\"SCHEMA\\":\\"AZURE_ACTIVE_DIRECTORY_AUDIT_ACTIVITY\\"}]',
+ ],
+ 'LogViewExisted' => [
+ 'description' => '标准化数据集是否存在。取值:'."\n"
+ .'- true:存在。'."\n"
+ .'- false:不存在。',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ ],
+ ],
+ ],
+ 'ColdStorageUsedCapacity' => [
+ 'description' => '用户日志使用冷存储的使用量。',
+ 'type' => 'number',
+ 'format' => 'double',
+ 'example' => '100.0',
+ ],
+ 'DataStorageUsedCapacityDetail' => [
+ 'description' => '日志管理用户使用的存储详情。',
+ 'type' => 'string',
+ 'example' => '{\\"purchasedHotStorageCapacity\\":1000,\\"usedHotStorageCapacity\\":4.2,\\"usedHotStorageCapacityDetail\\":{\\"ap-southeast-1\\":4.2,\\"cn-shenzhen\\":0.0,\\"cn-shanghai\\":0.0}}',
+ ],
+ 'DataStorageRegionPermission' => [
+ 'description' => '是否可以修改存储地域。默认不可以,联系产品经理可以进行地域重置并且只能重置一次。取值:'."\n"
+ .'- allow:可以修改。'."\n"
+ .'- deny:不可以修改。',
+ 'type' => 'string',
+ 'example' => 'deny',
+ ],
+ ],
+ ],
+ 'RequestId' => [
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '81FB0DEA-52C1-55A0-8631-8E1B9A9D****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"DataStorageRegionId\\": \\"cn-shanghai\\",\\n \\"DataStorageTotalCapacity\\": 100,\\n \\"DataStorageUsedCapacity\\": 100,\\n \\"LogProject\\": \\"aliyun-cloudsiem-data-171835723111****-cn-shanghai\\",\\n \\"SasLogStores\\": [\\n {\\n \\"LogName\\": \\"Process Snapshot\\",\\n \\"LogStoreName\\": \\"sas-security-log\\",\\n \\"LogDeliveryStatus\\": \\"enable\\",\\n \\"LogStoreTtl\\": 180,\\n \\"LogDeliveryUpdateTime\\": \\"2025-07-16T15:10:29\\",\\n \\"LogDeliveryPermission\\": \\"deny\\",\\n \\"LogDeliveryGroup\\": \\"host\\",\\n \\"LogSearchConditions\\": \\"[{\\\\\\\\\\\\\\"__topic__\\\\\\\\\\\\\\":\\\\\\\\\\\\\\"sas-net-block\\\\\\\\\\\\\\"}]\\",\\n \\"LogCode\\": \\"sas-net-block\\",\\n \\"LogStoreExisted\\": true\\n }\\n ],\\n \\"NormalizationLogStores\\": [\\n {\\n \\"LogStoreName\\": \\"vulnerability-activity\\",\\n \\"LogStoreTtl\\": 180\\n }\\n ],\\n \\"NormalizationLogViews\\": [\\n {\\n \\"CategoryName\\": \\"Security Category\\",\\n \\"ActivityName\\": \\"API security risk log\\",\\n \\"LogViewName\\": \\"risk_activity\\",\\n \\"LogStoreName\\": \\"risk-activity\\",\\n \\"DetectionRuleReferenceCount\\": 3,\\n \\"DetectionRuleReferenceProductIds\\": [\\n \\"azure_active_directory\\"\\n ],\\n \\"LogSearchConditions\\": \\"[{\\\\\\\\\\\\\\"SCHEMA\\\\\\\\\\\\\\":\\\\\\\\\\\\\\"AZURE_ACTIVE_DIRECTORY_AUDIT_ACTIVITY\\\\\\\\\\\\\\"}]\\",\\n \\"LogViewExisted\\": true\\n }\\n ],\\n \\"ColdStorageUsedCapacity\\": 100,\\n \\"DataStorageUsedCapacityDetail\\": \\"{\\\\\\\\\\\\\\"purchasedHotStorageCapacity\\\\\\\\\\\\\\":1000,\\\\\\\\\\\\\\"usedHotStorageCapacity\\\\\\\\\\\\\\":4.2,\\\\\\\\\\\\\\"usedHotStorageCapacityDetail\\\\\\\\\\\\\\":{\\\\\\\\\\\\\\"ap-southeast-1\\\\\\\\\\\\\\":4.2,\\\\\\\\\\\\\\"cn-shenzhen\\\\\\\\\\\\\\":0.0,\\\\\\\\\\\\\\"cn-shanghai\\\\\\\\\\\\\\":0.0}}\\",\\n \\"DataStorageRegionPermission\\": \\"deny\\"\\n },\\n \\"RequestId\\": \\"81FB0DEA-52C1-55A0-8631-8E1B9A9D****\\"\\n}","type":"json"}]',
+ 'title' => '获取日志管理中用户日志详情',
+ ],
+ 'CreateDataSource' => [
+ 'summary' => '创建数据源。',
+ 'methods' => [
+ 'post',
+ 'get',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'write',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'create',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '173326*******',
+ ],
+ ],
+ [
+ 'name' => 'DataSourceName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '数据源名称。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'AD_LOG',
+ ],
+ ],
+ [
+ 'name' => 'DataSourceType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '数据源类型。取值:'."\n"
+ .' - preset'."\n"
+ .' - custom',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'preset',
+ ],
+ ],
+ [
+ 'name' => 'DataSourceFrom',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '数据来源。取值:'."\n"
+ .'- center'."\n"
+ .'- custom',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'center',
+ ],
+ ],
+ [
+ 'name' => 'LogUserId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '数据接入用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '173326*******',
+ ],
+ ],
+ [
+ 'name' => 'LogRegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '日志存储地域ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'LogProjectName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '日志服务项目名称。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'aliyun-cloudsiem-data-173326*******-cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'LogStoreName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '日志服务LogStore名称。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'mde_raw',
+ ],
+ ],
+ [
+ 'name' => 'DataSourceStores',
+ 'in' => 'formData',
+ 'style' => 'flat',
+ 'schema' => [
+ 'description' => '日志服务项目列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '日志服务项目列表。',
+ 'type' => 'object',
+ 'properties' => [
+ 'LogRegionId' => [
+ 'description' => '日志存储地域ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ 'LogProjectName' => [
+ 'description' => '日志服务项目名称。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'aliyun-cloudsiem-data-173326*******-cn-hangzhou',
+ ],
+ 'LogStoreName' => [
+ 'description' => '日志服务LogStore名称。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'actiontrail_management-events',
+ ],
+ 'DataSourceStoreStatus' => [
+ 'description' => '日志存储状态。取值:'."\n"
+ .'- normal'."\n"
+ .'- abnormal',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'normal',
+ ],
+ 'DataSourceStoreId' => [
+ 'description' => '日志存储ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ 'DataSourceStoreFrom' => [
+ 'description' => '数据来源。取值:'."\n"
+ .'- center'."\n"
+ .'- custom',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'center',
+ ],
+ ],
+ 'required' => false,
+ ],
+ 'required' => false,
+ ],
+ ],
+ [
+ 'name' => 'DataSourceTemplateId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '数据源模版ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'dst_alibaba_cloud_nas_audit_log_1358117679873357',
+ ],
+ ],
+ [
+ 'name' => 'DataSourceIds',
+ 'in' => 'formData',
+ 'style' => 'json',
+ 'schema' => [
+ 'description' => '数据源ID列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '数据源ID列表。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'alibaba_cloud_waf_flow_log_1766185894104675',
+ ],
+ 'required' => false,
+ ],
+ ],
+ [
+ 'name' => 'DataSourceRecognizer',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '数据源识别器。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'alibaba_cloud_waf_flow_log_1766185894104675',
+ ],
+ ],
+ [
+ 'name' => 'DataSourceRecognizeEnabled',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '自动发现新数据源。',
+ 'type' => 'boolean',
+ 'required' => false,
+ 'example' => 'true',
+ ],
+ ],
+ [
+ 'name' => 'DataSourceReferences',
+ 'in' => 'formData',
+ 'style' => 'json',
+ 'schema' => [
+ 'description' => '数据源关联数据接入ID。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '数据源关联数据接入ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'ds-014frtpy28m5ct2eoyo1',
+ ],
+ 'required' => false,
+ ],
+ ],
+ [
+ 'name' => 'Order',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '排序方向。取值:'."\n"
+ .'- desc:降序排列。'."\n"
+ .'- asc:升序排列。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'desc',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'title' => 'Id of the request',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ 'DataSourceId' => [
+ 'description' => '数据源ID。',
+ 'type' => 'string',
+ 'example' => 'ds-jl67vixpe1scwysgyu3x',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'IdempotentParameterMismatch',
+ 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"DataSourceId\\": \\"ds-jl67vixpe1scwysgyu3x\\"\\n}","type":"json"}]',
+ 'title' => '创建数据源',
+ 'description' => '入参JsonConfig是一个非常复杂的JSON配置,为此我们提供了辅助工具类帮助具体配置示例,请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。',
+ ],
+ 'UpdateDataSource' => [
+ 'summary' => '更新数据源。',
+ 'methods' => [
+ 'post',
+ 'get',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'write',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'update',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '173326*******',
+ ],
+ ],
+ [
+ 'name' => 'DataSourceId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '数据源ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'ds-014frtpy28m5ct2eoyo1',
+ ],
+ ],
+ [
+ 'name' => 'DataSourceName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '数据源名称。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'ActiontrailLog',
+ ],
+ ],
+ [
+ 'name' => 'LogUserId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '数据接入用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '173326*******',
+ ],
+ ],
+ [
+ 'name' => 'DataSourceStores',
+ 'in' => 'formData',
+ 'style' => 'flat',
+ 'schema' => [
+ 'description' => '日志服务LogStore列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '日志服务LogStore。',
+ 'type' => 'object',
+ 'properties' => [
+ 'LogRegionId' => [
+ 'description' => '日志存储地域ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ 'LogProjectName' => [
+ 'description' => '日志服务项目名称。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'aliyun-cloudsiem-data-173326*******-cn-hangzhou',
+ ],
+ 'LogStoreName' => [
+ 'description' => '日志服务LogStore名称。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-rds-sqlaudit',
+ ],
+ 'DataSourceStoreFrom' => [
+ 'description' => '数据来源。取值:'."\n"
+ .'- center'."\n"
+ .'- custom',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'custom',
+ ],
+ 'DataSourceStoreId' => [
+ 'description' => '日志存储ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ 'required' => false,
+ ],
+ 'required' => false,
+ ],
+ ],
+ [
+ 'name' => 'DataSourceRecognizeEnabled',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '自动发现新日志库。',
+ 'type' => 'boolean',
+ 'required' => false,
+ 'example' => 'true',
+ ],
+ ],
+ [
+ 'name' => 'DataSourceFrom',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '数据来源。取值:'."\n"
+ .'- center'."\n"
+ .'- custom',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'custom',
+ ],
+ ],
+ [
+ 'name' => 'OrderField',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '规则列表排列字段。 取值:'."\n"
+ .'- GmtModified:基于修改时间排序。'."\n"
+ .'- Id:基于规则id排序(默认)。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'Id',
+ ],
+ ],
+ [
+ 'name' => 'LogStoreName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '日志服务LogStore名称。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-rds-sqlaudit',
+ ],
+ ],
+ [
+ 'name' => 'LogProjectName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '日志服务项目名称。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'aliyun-cloudsiem-data-173326*******-cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'LogRegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '日志存储地域ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'title' => 'Id of the request',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'IdempotentParameterMismatch',
+ 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]',
+ 'title' => '更新数据源',
+ 'description' => '入参JsonConfig是一个非常复杂的JSON配置,为此我们提供了辅助工具类帮助具体配置示例,请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。',
+ ],
+ 'RefreshDataSource' => [
+ 'summary' => '刷新数据源。',
+ 'methods' => [
+ 'post',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'write',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'update',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ 'autoTest' => true,
+ 'tenantRelevance' => 'tenant',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '接收消息的语言类型。取值:'."\n"
+ ."\n"
+ .'- **zh**(默认):中文'."\n"
+ .'- **en**:英文',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'DataSourceId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '数据源ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'ds-jl67vixpe1scwysgyu3x',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => 'Schema of Response',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'title' => 'Id of the request',
+ 'description' => 'Id of the request',
+ 'type' => 'string',
+ 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]',
+ 'title' => '刷新数据源',
+ 'description' => '发送通知有频率和时间的限定。'."\n"
+ .'每天每个用户在08:00-20:00点最多收到两次通知,其余时间不会发送。',
+ ],
+ 'DeleteDataSource' => [
+ 'summary' => '删除数据源。',
+ 'methods' => [
+ 'post',
+ 'get',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'write',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'delete',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '173326*******',
+ ],
+ ],
+ [
+ 'name' => 'DataSourceId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '数据源ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'ds-txejfbrh94k5cx58a4qh',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'title' => 'Id of the request',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'IdempotentParameterMismatch',
+ 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]',
+ 'title' => '删除数据源',
+ 'description' => '入参JsonConfig是一个非常复杂的JSON配置,为此我们提供了辅助工具类帮助具体配置示例,请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。',
+ ],
+ 'ListDataSources' => [
+ 'summary' => '获取数据源列表。',
+ 'methods' => [
+ 'post',
+ 'get',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'read',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'list',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '173326*******',
+ ],
+ ],
+ [
+ 'name' => 'DataSourceIds',
+ 'in' => 'formData',
+ 'style' => 'simple',
+ 'schema' => [
+ 'description' => '数据源ID列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '数据源ID列表。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'alibaba_cloud_waf_alert_log_173326*******,alibaba_cloud_waf_flow_log_173326*******',
+ ],
+ 'required' => false,
+ ],
+ ],
+ [
+ 'name' => 'DataSourceName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '数据源名称。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'alibaba_cloud_waf_alert_log',
+ ],
+ ],
+ [
+ 'name' => 'DataSourceType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '数据源类型。取值:'."\n"
+ .' - preset'."\n"
+ .' - custom',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'custom',
+ ],
+ ],
+ [
+ 'name' => 'LogUserIds',
+ 'in' => 'formData',
+ 'style' => 'simple',
+ 'schema' => [
+ 'description' => '数据接入用户ID列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '数据接入用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '173326*******',
+ ],
+ 'required' => false,
+ ],
+ ],
+ [
+ 'name' => 'LogRegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '日志存储地域ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'LogProjectName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '日志服务项目名称。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'aliyun-cloudsiem-data-173326*******-cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'LogStoreName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '日志服务LogStore名称。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'audit-activity',
+ ],
+ ],
+ [
+ 'name' => 'DataSourceTemplateIds',
+ 'in' => 'formData',
+ 'style' => 'simple',
+ 'schema' => [
+ 'description' => '数据源模版ID列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '数据源模版ID列表。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'alibaba_cloud_sas_account_snapshot_log_173326*******',
+ ],
+ 'required' => false,
+ ],
+ ],
+ [
+ 'name' => 'OrderField',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '排序字段。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'UpdateTime',
+ ],
+ ],
+ [
+ 'name' => 'Order',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '排序。取值:'."\n"
+ .'- desc'."\n"
+ .'- asc',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'desc',
+ ],
+ ],
+ [
+ 'name' => 'PageNumber',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '分页参数:当前页码。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'PageSize',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '分页参数:每页显示条数。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '5',
+ ],
+ ],
+ [
+ 'name' => 'MaxResults',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '本次读取的最大数据量。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'minimum' => '0',
+ 'example' => '50',
+ ],
+ ],
+ [
+ 'name' => 'NextToken',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '是否拥有下一次查询的令牌(Token)。取值:第一次查询和没有下一次查询时,均无需填写。如果有下一次查询,取值为上一次API调用返回的NextToken值。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****',
+ ],
+ ],
+ [
+ 'name' => 'DataSourceFrom',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '数据来源。取值:'."\n"
+ .'- center'."\n"
+ .'- custom',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'center',
+ ],
+ ],
+ [
+ 'name' => 'DataSourceStoreStatus',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => 'LogStore状态。取值:'."\n"
+ .'- normal'."\n"
+ .'- abnormal',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'normal',
+ ],
+ ],
+ [
+ 'name' => 'DataSourceStatus',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '数据源状态。取值:'."\n"
+ .'- unconfigured'."\n"
+ .'- normal'."\n"
+ .'- abnormal',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'unconfigured',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ 'DataSources' => [
+ 'description' => '事件关联告警来源产品。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '事件关联告警来源产品。',
+ 'type' => 'object',
+ 'properties' => [
+ 'CreateTime' => [
+ 'description' => '创建时间。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '1733269771123',
+ ],
+ 'UpdateTime' => [
+ 'description' => '更新时间。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '1733269771123',
+ ],
+ 'DataSourceId' => [
+ 'description' => '数据源ID。',
+ 'type' => 'string',
+ 'example' => 'ds-scpfegri73oyoknbc90c',
+ ],
+ 'DataSourceName' => [
+ 'description' => '数据源名称。',
+ 'type' => 'string',
+ 'example' => 'AD_LOG',
+ ],
+ 'DataSourceType' => [
+ 'description' => '数据源类型。取值:'."\n"
+ .' - preset'."\n"
+ .' - custom',
+ 'type' => 'string',
+ 'example' => 'custom',
+ ],
+ 'LogUserId' => [
+ 'description' => '数据接入用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '173326*******',
+ ],
+ 'LogRegionId' => [
+ 'description' => '日志存储地域ID。',
+ 'type' => 'string',
+ 'example' => 'cn-hangzhou',
+ ],
+ 'LogProjectName' => [
+ 'description' => '日志服务项目名称。',
+ 'type' => 'string',
+ 'example' => 'aliyun-cloudsiem-data-173326*******-cn-hangzhou',
+ ],
+ 'DataSourceFrom' => [
+ 'description' => '数据来源。取值:'."\n"
+ .'- center'."\n"
+ .'- custom',
+ 'type' => 'string',
+ 'example' => 'center',
+ ],
+ 'LogStoreName' => [
+ 'description' => '日志服务LogStore名称。',
+ 'type' => 'string',
+ 'example' => 'audit-activity',
+ ],
+ 'DataSourceTemplateId' => [
+ 'description' => '数据源模版ID。',
+ 'type' => 'string',
+ 'example' => 'alibaba_cloud_sas_account_snapshot_log_173326*******',
+ ],
+ 'DataSourceStores' => [
+ 'description' => '日志服务列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '日志服务。',
+ 'type' => 'object',
+ 'properties' => [
+ 'DataSourceStoreId' => [
+ 'description' => '日志存储ID。',
+ 'type' => 'string',
+ 'example' => 'di_xxxx_source_1',
+ ],
+ 'DataSourceStoreStatus' => [
+ 'title' => '日志存储状态码',
+ 'description' => '日志存储状态。取值:'."\n"
+ .'- normal'."\n"
+ .'- abnormal',
+ 'type' => 'string',
+ 'example' => 'normal',
+ ],
+ 'DataSourceStoreFrom' => [
+ 'description' => '数据来源。取值:'."\n"
+ .'- center'."\n"
+ .'- custom',
+ 'type' => 'string',
+ 'example' => 'center',
+ ],
+ 'LogRegionId' => [
+ 'description' => '日志存储地域ID。',
+ 'type' => 'string',
+ 'example' => 'cn-hangzhou',
+ ],
+ 'LogProjectName' => [
+ 'description' => '日志服务项目名称。',
+ 'type' => 'string',
+ 'example' => 'aliyun-cloudsiem-data-173326*******-cn-hangzhou',
+ ],
+ 'LogStoreName' => [
+ 'description' => '日志服务LogStore名称。',
+ 'type' => 'string',
+ 'example' => 'audit-activity',
+ ],
+ 'CreateTime' => [
+ 'description' => '创建时间。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '1733269771123',
+ ],
+ 'UpdateTime' => [
+ 'description' => '更新时间。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '1733269771123',
+ ],
+ 'CheckTime' => [
+ 'description' => '检查时间。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '1733269771123',
+ ],
+ 'DataSourceStoreStatusCode' => [
+ 'title' => '日志存储状态码',
+ 'description' => '日志存储状态码',
+ 'type' => 'string',
+ 'example' => 'LogStoreNotExist',
+ ],
+ ],
+ ],
+ ],
+ 'DataSourceRecognizer' => [
+ 'description' => '数据源识别器。',
+ 'type' => 'string',
+ 'example' => 'alibaba_cloud_sas_account_snapshot',
+ ],
+ 'DataSourceRecognizeEnabled' => [
+ 'description' => '自动发现新日志库。',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'DataSourceReferences' => [
+ 'description' => '数据源关联数据接入ID列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '数据源关联数据接入ID。',
+ 'type' => 'object',
+ 'properties' => [
+ 'DataIngestionId' => [
+ 'description' => '数据接入ID。',
+ 'type' => 'string',
+ 'example' => 'alibaba_cloud_sas_account_snapshot_log_173326*******',
+ ],
+ ],
+ ],
+ ],
+ 'DataSourceStatus' => [
+ 'description' => '数据源状态。取值:'."\n"
+ .'- unconfigured'."\n"
+ .'- normal'."\n"
+ .'- abnormal',
+ 'type' => 'string',
+ 'example' => 'unconfigured',
+ ],
+ ],
+ ],
+ ],
+ 'PageNumber' => [
+ 'description' => '分页参数:当前页码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '1',
+ ],
+ 'PageSize' => [
+ 'description' => '分页参数:每页显示条数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '1',
+ ],
+ 'TotalCount' => [
+ 'description' => '记录总数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '2',
+ ],
+ 'TotalPage' => [
+ 'description' => '总页数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '1',
+ ],
+ 'MaxResults' => [
+ 'description' => '本次读取的最大数据量。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '50',
+ ],
+ 'NextToken' => [
+ 'description' => '是否拥有下一次查询的令牌(Token)。取值:第一次查询和没有下一次查询时,均无需填写。如果有下一次查询,取值为上一次API调用返回的NextToken值。',
+ 'type' => 'string',
+ 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'IdempotentParameterMismatch',
+ 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"DataSources\\": [\\n {\\n \\"CreateTime\\": 1733269771123,\\n \\"UpdateTime\\": 1733269771123,\\n \\"DataSourceId\\": \\"ds-scpfegri73oyoknbc90c\\",\\n \\"DataSourceName\\": \\"AD_LOG\\",\\n \\"DataSourceType\\": \\"custom\\",\\n \\"LogUserId\\": 0,\\n \\"LogRegionId\\": \\"cn-hangzhou\\",\\n \\"LogProjectName\\": \\"aliyun-cloudsiem-data-173326*******-cn-hangzhou\\",\\n \\"DataSourceFrom\\": \\"center\\",\\n \\"LogStoreName\\": \\"audit-activity\\",\\n \\"DataSourceTemplateId\\": \\"alibaba_cloud_sas_account_snapshot_log_173326*******\\",\\n \\"DataSourceStores\\": [\\n {\\n \\"DataSourceStoreId\\": \\"di_xxxx_source_1\\",\\n \\"DataSourceStoreStatus\\": \\"normal\\",\\n \\"DataSourceStoreFrom\\": \\"center\\",\\n \\"LogRegionId\\": \\"cn-hangzhou\\",\\n \\"LogProjectName\\": \\"aliyun-cloudsiem-data-173326*******-cn-hangzhou\\",\\n \\"LogStoreName\\": \\"audit-activity\\",\\n \\"CreateTime\\": 1733269771123,\\n \\"UpdateTime\\": 1733269771123,\\n \\"CheckTime\\": 1733269771123,\\n \\"DataSourceStoreStatusCode\\": \\"LogStoreNotExist\\"\\n }\\n ],\\n \\"DataSourceRecognizer\\": \\"alibaba_cloud_sas_account_snapshot\\",\\n \\"DataSourceRecognizeEnabled\\": true,\\n \\"DataSourceReferences\\": [\\n {\\n \\"DataIngestionId\\": \\"alibaba_cloud_sas_account_snapshot_log_173326*******\\"\\n }\\n ],\\n \\"DataSourceStatus\\": \\"unconfigured\\"\\n }\\n ],\\n \\"PageNumber\\": 1,\\n \\"PageSize\\": 1,\\n \\"TotalCount\\": 2,\\n \\"TotalPage\\": 1,\\n \\"MaxResults\\": 50,\\n \\"NextToken\\": \\"AAAAAUqcj6VO4E3ECWIrFczs****\\"\\n}","type":"json"}]',
+ 'title' => '获取数据源列表',
+ 'description' => '发送通知有频率和时间的限定。'."\n"
+ .'每天每个用户在08:00-20:00点最多收到两次通知,其余时间不会发送。',
+ ],
+ 'UpdateDataSourceTemplate' => [
+ 'summary' => '修改数据源模板。',
+ 'path' => '',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'write',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'update',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ 'tenantRelevance' => 'tenant',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'DataSourceTemplateId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '数据源模版ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'alibaba_cloud_actiontrail_event_ingestion'."\n",
+ ],
+ ],
+ [
+ 'name' => 'DataSourceTemplateName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '数据源模版名称。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'alibaba_cloud_actiontrail_event_ingestion'."\n",
+ ],
+ ],
+ [
+ 'name' => 'LogUserIds',
+ 'in' => 'formData',
+ 'style' => 'simple',
+ 'schema' => [
+ 'description' => '数据批量接入用户ID列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '数据批量接入用户ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '173326*******',
+ ],
+ 'required' => false,
+ ],
+ ],
+ [
+ 'name' => 'LogRegionIds',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '日志存储地域ID列表。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'LogProjectPattern',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '日志服务项目名称匹配规则。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'aliyun-cloudsiem-data-173326*******',
+ ],
+ ],
+ [
+ 'name' => 'LogStorePattern',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '日志服务LogStore名称匹配规则。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'audit-activity',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '173326*******',
+ ],
+ ],
+ [
+ 'name' => 'AutoScanNew',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '是否自动发现新用户'."\n"
+ .'- enabled:启用。'."\n"
+ .'- disabled:禁用。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'enabled',
+ ],
+ ],
+ [
+ 'name' => 'DataSourceRecognizeEnabled',
+ 'in' => 'query',
+ 'schema' => [
+ 'description' => '自动发现新数据源。',
+ 'type' => 'boolean',
+ 'required' => false,
+ 'example' => 'true',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'title' => 'Id of the request',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]',
+ 'title' => '更新数据源模版',
+ 'description' => '入参JsonConfig是一个非常复杂的JSON配置,为此我们提供了辅助工具类帮助具体配置示例,请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。',
+ ],
+ 'ListDataSourceTemplates' => [
+ 'summary' => '查询数据源模板。',
+ 'path' => '',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'read',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'list',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'DataSourceTemplateIds',
+ 'in' => 'formData',
+ 'style' => 'simple',
+ 'schema' => [
+ 'description' => '数据源模版ID列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '数据源模版ID列表。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'alibaba_cloud_actiontrail_event_ingestion',
+ ],
+ 'required' => false,
+ 'minItems' => 0,
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '173326*******',
+ ],
+ ],
+ [
+ 'name' => 'PageNumber',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '分页参数:当前页码。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'PageSize',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '分页参数:每页显示条数。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '10',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ 'DataSourceTemplates' => [
+ 'description' => '数据源模版列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '数据源模版。',
+ 'type' => 'object',
+ 'properties' => [
+ 'CreateTime' => [
+ 'description' => '创建时间。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '1733269771123',
+ ],
+ 'DataSourceTemplateId' => [
+ 'description' => '数据源模版ID。',
+ 'type' => 'string',
+ 'example' => 'alibaba_cloud_actiontrail_event_ingestion',
+ ],
+ 'DataSourceTemplateName' => [
+ 'description' => '数据源模版名称。',
+ 'type' => 'string',
+ 'example' => 'alibaba_cloud_actiontrail_event_ingestion',
+ ],
+ 'LogProjectPattern' => [
+ 'description' => '日志服务项目名称匹配规则。',
+ 'type' => 'string',
+ 'example' => 'aliyun-cloudsiem-data-173326*******',
+ ],
+ 'LogRegionIds' => [
+ 'description' => '日志存储地域ID列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '日志存储地域ID。',
+ 'type' => 'string',
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ 'LogStorePattern' => [
+ 'description' => '日志服务LogStore名称匹配规则。',
+ 'type' => 'string',
+ 'example' => 'audit-activity',
+ ],
+ 'LogUserIds' => [
+ 'description' => '数据批量接入用户ID列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '数据批量接入用户ID。',
+ 'type' => 'string',
+ 'example' => '173326*******',
+ ],
+ ],
+ 'UpdateTime' => [
+ 'description' => '更新时间。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '1733269771123',
+ ],
+ 'DataSourceFrom' => [
+ 'description' => '数据来源。取值:'."\n"
+ .'- center'."\n"
+ .'- custom',
+ 'type' => 'string',
+ 'example' => 'custom',
+ ],
+ 'AutoScanNew' => [
+ 'description' => '是否自动发现新用户,取值:'."\n"
+ .'- enabled:启用。'."\n"
+ .'- disabled:禁用。',
+ 'type' => 'string',
+ 'example' => 'enabled',
+ ],
+ 'DataSourceRecognizer' => [
+ 'description' => '数据源识别器。',
+ 'type' => 'string',
+ 'example' => 'alibaba_cloud_actiontrail_event_ingestion',
+ ],
+ 'DataSourceRecognizeEnabled' => [
+ 'description' => '自动发现新数据源。',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ ],
+ ],
+ ],
+ 'PageNumber' => [
+ 'description' => '分页参数:当前页码。',
+ 'type' => 'string',
+ 'example' => '1',
+ ],
+ 'PageSize' => [
+ 'description' => '分页参数:每页显示条数。',
+ 'type' => 'string',
+ 'example' => '10',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"DataSourceTemplates\\": [\\n {\\n \\"CreateTime\\": 1733269771123,\\n \\"DataSourceTemplateId\\": \\"alibaba_cloud_actiontrail_event_ingestion\\",\\n \\"DataSourceTemplateName\\": \\"alibaba_cloud_actiontrail_event_ingestion\\",\\n \\"LogProjectPattern\\": \\"aliyun-cloudsiem-data-173326*******\\",\\n \\"LogRegionIds\\": [\\n \\"cn-hangzhou\\"\\n ],\\n \\"LogStorePattern\\": \\"audit-activity\\",\\n \\"LogUserIds\\": [\\n \\"173326*******\\"\\n ],\\n \\"UpdateTime\\": 1733269771123,\\n \\"DataSourceFrom\\": \\"custom\\",\\n \\"AutoScanNew\\": \\"enabled\\",\\n \\"DataSourceRecognizer\\": \\"alibaba_cloud_actiontrail_event_ingestion\\",\\n \\"DataSourceRecognizeEnabled\\": true\\n }\\n ],\\n \\"PageNumber\\": \\"1\\",\\n \\"PageSize\\": \\"10\\"\\n}","type":"json"}]',
+ 'title' => '获取数据源模版列表',
+ 'description' => '发送通知有频率和时间的限定。'."\n"
+ .'每天每个用户在08:00-20:00点最多收到两次通知,其余时间不会发送。',
+ ],
+ 'CreateLogStore' => [
+ 'summary' => '创建限制性的用户侧存储。',
+ 'methods' => [
+ 'post',
+ 'get',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'write',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'create',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '173326*******',
+ ],
+ ],
+ [
+ 'name' => 'LogUserId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '数据接入用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '173326*******',
+ ],
+ ],
+ [
+ 'name' => 'LogRegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '日志存储地域ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'LogProjectName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '日志服务项目名称。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'aliyun-cloudsiem-channel-173326*******-cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'LogStoreName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '日志服务LogStore名称。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'logstoreqykug',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'title' => 'Id of the request',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'IdempotentParameterMismatch',
+ 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]',
+ 'title' => '创建日志库',
+ 'description' => '入参JsonConfig是一个非常复杂的JSON配置,为此我们提供了辅助工具类帮助具体配置示例,请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。',
+ ],
+ 'DeleteLogStore' => [
+ 'summary' => '删除LogStore。',
+ 'methods' => [
+ 'post',
+ 'get',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'write',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'create',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '173326*******',
+ ],
+ ],
+ [
+ 'name' => 'LogUserId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '数据接入用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '173326*******',
+ ],
+ ],
+ [
+ 'name' => 'LogRegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '日志存储地域ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'LogProjectName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '日志服务项目名称。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'aliyun-cloudsiem-data-173326*******-cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'LogStoreName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '日志服务LogStore名称。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'rds-logstore',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'title' => 'Id of the request',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'IdempotentParameterMismatch',
+ 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]',
+ 'title' => '删除日志库',
+ 'description' => '入参JsonConfig是一个非常复杂的JSON配置,为此我们提供了辅助工具类帮助具体配置示例,请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。',
+ ],
+ 'ValidateLogStore' => [
+ 'summary' => '校验日志存储。',
+ 'methods' => [
+ 'post',
+ 'get',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'readAndWrite',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'none',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ 'tenantRelevance' => 'tenant',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '173326*******',
+ ],
+ ],
+ [
+ 'name' => 'LogUserId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '数据接入用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '173326*******',
+ ],
+ ],
+ [
+ 'name' => 'LogRegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '日志存储地域ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'LogProjectName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '日志服务项目名称。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'aliyun-cloudsiem-data-173326*******-cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'LogStoreName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '日志服务LogStore名称。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'ssglauncher-log',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'title' => 'Id of the request',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'IdempotentParameterMismatch',
+ 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]',
+ 'title' => '校验日志存储',
+ 'description' => '入参JsonConfig是一个非常复杂的JSON配置,为此我们提供了辅助工具类帮助具体配置示例,请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。',
+ ],
+ 'ListLogRegions' => [
+ 'summary' => '获取所有的区域。',
+ 'path' => '',
+ 'methods' => [
+ 'post',
+ 'get',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'read',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'get',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ 'tenantRelevance' => 'publicInformation',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '173326*******',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'title' => 'Id of the request',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ 'LogRegions' => [
+ 'description' => '日志存储地域ID列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '日志存储地域ID。',
+ 'type' => 'string',
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"LogRegions\\": [\\n \\"cn-hangzhou\\"\\n ]\\n}","type":"json"}]',
+ 'title' => '获取日志服务Region列表',
+ 'description' => '入参JsonConfig是一个非常复杂的JSON配置,为此我们提供了辅助工具类帮助具体配置示例,请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。',
+ ],
+ 'ListLogProjects' => [
+ 'summary' => '获取日志项目列表。',
+ 'methods' => [
+ 'post',
+ 'get',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'readAndWrite',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'list',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '资源目录成员账号ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '173326*******',
+ ],
+ ],
+ [
+ 'name' => 'LogUserId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '数据接入用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '173326*******',
+ ],
+ ],
+ [
+ 'name' => 'LogRegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '日志存储地域ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'MaxResults',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '本次读取的最大数据量。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'minimum' => '0',
+ 'example' => '50',
+ ],
+ ],
+ [
+ 'name' => 'NextToken',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '是否拥有下一次查询的令牌(Token)。取值:第一次查询和没有下一次查询时,均无需填写。如果有下一次查询,取值为上一次API调用返回的NextToken值。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'title' => 'Id of the request',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ 'LogProjects' => [
+ 'description' => '日志服务项目列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '日志服务项目。',
+ 'type' => 'string',
+ 'example' => 'aliyun-cloudsiem-channel-173326*******-cn-beijing',
+ ],
+ ],
+ 'MaxResults' => [
+ 'description' => '本次读取的最大数据量。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '50',
+ ],
+ 'NextToken' => [
+ 'description' => '是否拥有下一次查询的令牌(Token)。取值:第一次查询和没有下一次查询时,均无需填写。如果有下一次查询,取值为上一次API调用返回的NextToken值。',
+ 'type' => 'string',
+ 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****',
+ ],
+ 'TotalCount' => [
+ 'description' => '记录总数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '57',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'IdempotentParameterMismatch',
+ 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"LogProjects\\": [\\n \\"aliyun-cloudsiem-channel-173326*******-cn-beijing\\"\\n ],\\n \\"MaxResults\\": 50,\\n \\"NextToken\\": \\"AAAAAUqcj6VO4E3ECWIrFczs****\\",\\n \\"TotalCount\\": 57\\n}","type":"json"}]',
+ 'title' => '获取日志库列表',
+ 'description' => '入参JsonConfig是一个非常复杂的JSON配置,为此我们提供了辅助工具类帮助具体配置示例,请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。',
+ ],
+ 'ListLogStores' => [
+ 'summary' => '获取日志存储列表。',
+ 'methods' => [
+ 'post',
+ 'get',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'readAndWrite',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'list',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '173326*******',
+ ],
+ ],
+ [
+ 'name' => 'LogUserId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '数据接入用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '173326*******',
+ ],
+ ],
+ [
+ 'name' => 'LogRegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '日志存储地域ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'LogProjectName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '日志服务项目名称。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'aliyun-cloudsiem-data-173326*******-cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'MaxResults',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '本次读取的最大数据量。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'minimum' => '0',
+ 'example' => '50',
+ ],
+ ],
+ [
+ 'name' => 'NextToken',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '是否拥有下一次查询的令牌(Token)。取值:第一次查询和没有下一次查询时,均无需填写。如果有下一次查询,取值为上一次API调用返回的NextToken值。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'title' => 'Id of the request',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ 'LogStores' => [
+ 'description' => '日志服务日志库LogStore列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '日志服务日志库LogStore。',
+ 'type' => 'string',
+ 'example' => 'wadaaaa',
+ ],
+ ],
+ 'MaxResults' => [
+ 'description' => '本次读取的最大数据量。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '50',
+ ],
+ 'NextToken' => [
+ 'description' => '是否拥有下一次查询的令牌(Token)。取值:第一次查询和没有下一次查询时,均无需填写。如果有下一次查询,取值为上一次API调用返回的NextToken值。',
+ 'type' => 'string',
+ 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****',
+ ],
+ 'TotalCount' => [
+ 'description' => '记录总数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '57',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'IdempotentParameterMismatch',
+ 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"LogStores\\": [\\n \\"wadaaaa\\"\\n ],\\n \\"MaxResults\\": 50,\\n \\"NextToken\\": \\"AAAAAUqcj6VO4E3ECWIrFczs****\\",\\n \\"TotalCount\\": 57\\n}","type":"json"}]',
+ 'title' => '获取日志存储列表',
+ 'description' => '发送通知有频率和时间的限定。'."\n"
+ .'每天每个用户在08:00-20:00点最多收到两次通知,其余时间不会发送。',
+ ],
+ 'GetLogTicket' => [
+ 'summary' => '获取日志凭证。',
+ 'methods' => [
+ 'post',
+ 'get',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'read',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'get',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '173326*******',
+ ],
+ ],
+ [
+ 'name' => 'LogUserId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '数据接入用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '173326*******',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '173326*******',
+ ],
+ 'LogTicket' => [
+ 'description' => '日志服务Ticket。',
+ 'type' => 'string',
+ 'example' => '*******',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'IdempotentParameterMismatch',
+ 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"173326*******\\",\\n \\"LogTicket\\": \\"*******\\"\\n}","type":"json"}]',
+ 'title' => '获取日志服务凭证',
+ 'description' => '入参JsonConfig是一个非常复杂的JSON配置,为此我们提供了辅助工具类帮助具体配置示例,请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。',
+ ],
+ 'CreateProduct' => [
+ 'summary' => '创建产品。',
+ 'methods' => [
+ 'post',
+ 'get',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'write',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'create',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '173326*******',
+ ],
+ ],
+ [
+ 'name' => 'VendorName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '厂商名称。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '111',
+ ],
+ ],
+ [
+ 'name' => 'ProductName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '产品名称。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'alibaba_cloud_sas',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'title' => 'Id of the request',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ 'ProductId' => [
+ 'description' => '产品ID。',
+ 'type' => 'string',
+ 'example' => 'alibaba_cloud_sas',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'IdempotentParameterMismatch',
+ 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"ProductId\\": \\"alibaba_cloud_sas\\"\\n}","type":"json"}]',
+ 'title' => '创建产品',
+ 'description' => '入参JsonConfig是一个非常复杂的JSON配置,为此我们提供了辅助工具类帮助具体配置示例,请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。',
+ ],
+ 'UpdateProduct' => [
+ 'summary' => '更新产品。',
+ 'methods' => [
+ 'post',
+ 'get',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'write',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'update',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'en',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '1733269771123',
+ ],
+ ],
+ [
+ 'name' => 'ProductId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '产品ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'alibaba_cloud_sas',
+ ],
+ ],
+ [
+ 'name' => 'ProductName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '产品名称。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'alibaba_cloud_sas',
+ ],
+ ],
+ [
+ 'name' => 'VendorName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '厂商名称。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '111',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'title' => 'Id of the request',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'IdempotentParameterMismatch',
+ 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]',
+ 'title' => '更新产品',
+ 'description' => '入参JsonConfig是一个非常复杂的JSON配置,为此我们提供了辅助工具类帮助具体配置示例,请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。',
+ ],
+ 'DeleteProduct' => [
+ 'summary' => '删除产品。',
+ 'methods' => [
+ 'post',
+ 'get',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'write',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'delete',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '173326*******',
+ ],
+ ],
+ [
+ 'name' => 'ProductId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '产品ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'alibaba_cloud_sas',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'title' => 'Id of the request',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'IdempotentParameterMismatch',
+ 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]',
+ 'title' => '删除产品',
+ 'description' => '入参JsonConfig是一个非常复杂的JSON配置,为此我们提供了辅助工具类帮助具体配置示例,请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。',
+ ],
+ 'ListProducts' => [
+ 'summary' => '获取产品列表。',
+ 'methods' => [
+ 'post',
+ 'get',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'read',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'list',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '173326*******',
+ ],
+ ],
+ [
+ 'name' => 'ProductIds',
+ 'in' => 'formData',
+ 'style' => 'simple',
+ 'schema' => [
+ 'description' => '产品ID列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '产品ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'alibaba_cloud_sas',
+ ],
+ 'required' => false,
+ ],
+ ],
+ [
+ 'name' => 'ProductName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '产品名称。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'sas',
+ ],
+ ],
+ [
+ 'name' => 'ProductType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '产品类型。取值:'."\n"
+ .'- preset'."\n"
+ .'- custom',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'preset',
+ ],
+ ],
+ [
+ 'name' => 'VendorId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '厂商ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'vd-qlsw5eocx94w9',
+ ],
+ ],
+ [
+ 'name' => 'MaxResults',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '本次读取的最大数据量。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'minimum' => '0',
+ 'example' => '50',
+ ],
+ ],
+ [
+ 'name' => 'NextToken',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '是否拥有下一次查询的令牌(Token)。取值:第一次查询和没有下一次查询时,均无需填写。如果有下一次查询,取值为上一次API调用返回的NextToken值。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ 'Products' => [
+ 'description' => '产品列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '产品。',
+ 'type' => 'object',
+ 'properties' => [
+ 'CreateTime' => [
+ 'description' => '创建时间。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '1733269771123',
+ ],
+ 'UpdateTime' => [
+ 'description' => '更新时间。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '1733269771123',
+ ],
+ 'ProductId' => [
+ 'description' => '产品ID。',
+ 'type' => 'string',
+ 'example' => 'alibaba_cloud_sas',
+ ],
+ 'ProductAlias' => [
+ 'description' => '产品别名。',
+ 'type' => 'string',
+ 'example' => 'alibaba_cloud_sas',
+ ],
+ 'ProductName' => [
+ 'description' => '该参数已废弃,无需关注。',
+ 'type' => 'string',
+ 'example' => 'sas',
+ ],
+ 'ProductType' => [
+ 'description' => '产品类型。取值:'."\n"
+ .'- preset'."\n"
+ .'- custom',
+ 'type' => 'string',
+ 'example' => 'preset',
+ ],
+ 'VendorId' => [
+ 'description' => '厂商ID。',
+ 'type' => 'string',
+ 'example' => 'vd-qlsw5eocx94w9',
+ ],
+ 'VendorName' => [
+ 'description' => '厂商名称。',
+ 'type' => 'string',
+ 'example' => '111',
+ ],
+ 'DataIngestionStatus' => [
+ 'description' => '数据接入状态。取值:'."\n"
+ .'- enabled:启用。'."\n"
+ .'- disabled:禁用。',
+ 'type' => 'boolean',
+ 'example' => 'enabled',
+ ],
+ 'TotalDataIngestionCount' => [
+ 'description' => '总数据接入数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '10',
+ ],
+ 'EnabledDataIngestionCount' => [
+ 'description' => '已启用数据接入数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '1',
+ ],
+ 'AllowAddDataIngestion' => [
+ 'description' => '是否允许添加数据采集。',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'AbnormalDataIngestionCount' => [
+ 'description' => '异常数据接入数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '2',
+ ],
+ 'ActiveTime' => [
+ 'description' => '激活时间。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '1733269771123',
+ ],
+ ],
+ ],
+ ],
+ 'MaxResults' => [
+ 'description' => '本次读取的最大数据量。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '50',
+ ],
+ 'NextToken' => [
+ 'description' => '是否拥有下一次查询的令牌(Token)。取值:第一次查询和没有下一次查询时,均无需填写。如果有下一次查询,取值为上一次API调用返回的NextToken值。',
+ 'type' => 'string',
+ 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****',
+ ],
+ 'TotalCount' => [
+ 'description' => '记录总数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '57',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'IdempotentParameterMismatch',
+ 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"Products\\": [\\n {\\n \\"CreateTime\\": 1733269771123,\\n \\"UpdateTime\\": 1733269771123,\\n \\"ProductId\\": \\"alibaba_cloud_sas\\",\\n \\"ProductAlias\\": \\"alibaba_cloud_sas\\",\\n \\"ProductName\\": \\"sas\\",\\n \\"ProductType\\": \\"preset\\",\\n \\"VendorId\\": \\"vd-qlsw5eocx94w9\\",\\n \\"VendorName\\": \\"111\\",\\n \\"DataIngestionStatus\\": true,\\n \\"TotalDataIngestionCount\\": 10,\\n \\"EnabledDataIngestionCount\\": 1,\\n \\"AllowAddDataIngestion\\": true,\\n \\"AbnormalDataIngestionCount\\": 2,\\n \\"ActiveTime\\": 1733269771123\\n }\\n ],\\n \\"MaxResults\\": 50,\\n \\"NextToken\\": \\"AAAAAUqcj6VO4E3ECWIrFczs****\\",\\n \\"TotalCount\\": 57\\n}","type":"json"}]',
+ 'title' => '获取产品列表',
+ 'description' => '入参JsonConfig是一个非常复杂的JSON配置,为此我们提供了辅助工具类帮助具体配置示例,请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。',
+ ],
+ 'CreateVendor' => [
+ 'summary' => '创建厂商。',
+ 'path' => '',
+ 'methods' => [
+ 'post',
+ 'get',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'write',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'create',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'en',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '173326*******',
+ ],
+ ],
+ [
+ 'name' => 'VendorName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '厂商名称。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '111',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'title' => 'Id of the request',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ 'VendorId' => [
+ 'description' => '厂商ID。',
+ 'type' => 'string',
+ 'example' => 'vd-qlsw5eocx94w9',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'IdempotentParameterMismatch',
+ 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"VendorId\\": \\"vd-qlsw5eocx94w9\\"\\n}","type":"json"}]',
+ 'title' => '创建厂商',
+ 'description' => '发送通知有频率和时间的限定。'."\n"
+ .'每天每个用户在08:00-20:00点最多收到两次通知,其余时间不会发送。',
+ ],
+ 'UpdateVendor' => [
+ 'summary' => '更新厂商。',
+ 'methods' => [
+ 'post',
+ 'get',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'write',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'update',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '173326*******'."\n",
+ ],
+ ],
+ [
+ 'name' => 'VendorId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '厂商ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'vd-qlsw5eocx94w9',
+ ],
+ ],
+ [
+ 'name' => 'VendorName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '厂商名称。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '111',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'title' => 'Id of the request',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'IdempotentParameterMismatch',
+ 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]',
+ 'title' => '更新厂商',
+ 'description' => '发送通知有频率和时间的限定。'."\n"
+ .'每天每个用户在08:00-20:00点最多收到两次通知,其余时间不会发送。',
+ ],
+ 'DeleteVendor' => [
+ 'summary' => '删除厂商。',
+ 'methods' => [
+ 'post',
+ 'get',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'write',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'delete',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '173326*******',
+ ],
+ ],
+ [
+ 'name' => 'VendorId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '厂商ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'vd-qlsw5eocx94w9',
+ ],
+ ],
+ [
+ 'name' => 'VendorName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '厂商名称。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '111',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'title' => 'Id of the request',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'IdempotentParameterMismatch',
+ 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]',
+ 'title' => '删除厂商',
+ 'description' => '发送通知有频率和时间的限定。'."\n"
+ .'每天每个用户在08:00-20:00点最多收到两次通知,其余时间不会发送。',
+ ],
+ 'ListVendors' => [
+ 'summary' => '获取厂商列表。',
+ 'path' => '',
+ 'methods' => [
+ 'post',
+ 'get',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'read',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'list',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'en'."\n",
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '173326*******'."\n",
+ ],
+ ],
+ [
+ 'name' => 'VendorIds',
+ 'in' => 'formData',
+ 'style' => 'simple',
+ 'schema' => [
+ 'description' => '厂商列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '厂商ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'vd-qlsw5eocx94w9',
+ ],
+ 'required' => false,
+ ],
+ ],
+ [
+ 'name' => 'VendorName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '厂商名称。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '111',
+ ],
+ ],
+ [
+ 'name' => 'VendorType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '厂商类型。取值:'."\n"
+ .'- preset'."\n"
+ .'- custom',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'preset',
+ ],
+ ],
+ [
+ 'name' => 'MaxResults',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '本次读取的最大数据量。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'minimum' => '0',
+ 'example' => '50',
+ ],
+ ],
+ [
+ 'name' => 'NextToken',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '是否拥有下一次查询的令牌(Token)。取值:第一次查询和没有下一次查询时,均无需填写。如果有下一次查询,取值为上一次API调用返回的NextToken值。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ 'Vendors' => [
+ 'description' => '厂商。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '厂商。',
+ 'type' => 'object',
+ 'properties' => [
+ 'CreateTime' => [
+ 'description' => '创建时间。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '1733269771123',
+ ],
+ 'UpdateTime' => [
+ 'description' => '更新时间。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '1733269771123',
+ ],
+ 'VendorId' => [
+ 'description' => '厂商ID。',
+ 'type' => 'string',
+ 'example' => 'vd-qlsw5eocx94w9',
+ ],
+ 'VendorName' => [
+ 'description' => '厂商名称。',
+ 'type' => 'string',
+ 'example' => '111',
+ ],
+ 'VendorType' => [
+ 'description' => '厂商类型。取值:'."\n"
+ .'- preset'."\n"
+ .'- custom',
+ 'type' => 'string',
+ 'example' => 'preset',
+ ],
+ ],
+ ],
+ ],
+ 'MaxResults' => [
+ 'description' => '本次读取的最大数据量。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'minimum' => '0',
+ 'example' => '50',
+ ],
+ 'NextToken' => [
+ 'description' => '是否拥有下一次查询的令牌(Token)。取值:第一次查询和没有下一次查询时,均无需填写。如果有下一次查询,取值为上一次API调用返回的NextToken值。',
+ 'type' => 'string',
+ 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****',
+ ],
+ 'TotalCount' => [
+ 'description' => '记录总数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '57',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'IdempotentParameterMismatch',
+ 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"Vendors\\": [\\n {\\n \\"CreateTime\\": 1733269771123,\\n \\"UpdateTime\\": 1733269771123,\\n \\"VendorId\\": \\"vd-qlsw5eocx94w9\\",\\n \\"VendorName\\": \\"111\\",\\n \\"VendorType\\": \\"preset\\"\\n }\\n ],\\n \\"MaxResults\\": 50,\\n \\"NextToken\\": \\"AAAAAUqcj6VO4E3ECWIrFczs****\\",\\n \\"TotalCount\\": 57\\n}","type":"json"}]',
+ 'title' => '获取厂商列表',
+ 'description' => '发送通知有频率和时间的限定。'."\n"
+ .'每天每个用户在08:00-20:00点最多收到两次通知,其余时间不会发送。',
+ ],
+ 'CreateDataIngestion' => [
+ 'summary' => '创建接入策略。',
+ 'methods' => [
+ 'post',
+ 'get',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'write',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'create',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '173326*******',
+ ],
+ ],
+ [
+ 'name' => 'DataIngestionMode',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '数据接入模式。取值:'."\n"
+ .'- realtime'."\n"
+ .'- scan',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'realtime',
+ ],
+ ],
+ [
+ 'name' => 'DataSourceId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '数据源ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'ds-3g6lyf4eonngyohaq7tr',
+ ],
+ ],
+ [
+ 'name' => 'NormalizationRuleId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '标准化规则ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'nr-hdmady54piigkjfv17yp',
+ ],
+ ],
+ [
+ 'name' => 'DataSourceEditable',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '数据源是否可以编辑。',
+ 'type' => 'boolean',
+ 'required' => false,
+ 'example' => 'true',
+ ],
+ ],
+ [
+ 'name' => 'DataIngestionStateCode',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '数据接入异常状态Code。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'UserUnauthorized',
+ ],
+ ],
+ [
+ 'name' => 'CapacityCount',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '关联安全能力数量。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '10',
+ ],
+ ],
+ [
+ 'name' => 'StreamJobId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '任务流JobId。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '802c0129b6cfd50861d4b25deea29afb',
+ ],
+ ],
+ [
+ 'name' => 'DataIngestionType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '数据接入类型。取值:'."\n"
+ .'- preset'."\n"
+ .'- custom',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'custom',
+ ],
+ ],
+ [
+ 'name' => 'ScanDataSourceId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '扫描模式数据源Id。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'ds-014frtpy28m5ct2eoyo1',
+ ],
+ ],
+ [
+ 'name' => 'UpdateTime',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '更新时间。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '1733269771123',
+ ],
+ ],
+ [
+ 'name' => 'NormalizationRuleEditable',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '标准化规则是否可以编辑。',
+ 'type' => 'boolean',
+ 'required' => false,
+ 'example' => 'true',
+ ],
+ ],
+ [
+ 'name' => 'ProductId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '产品ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'alibaba_cloud_sas',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'title' => 'Id of the request',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ 'DataIngestionId' => [
+ 'description' => '数据接入ID。',
+ 'type' => 'string',
+ 'example' => 'di-yxtm3l2rwa7fr5uvxtc7',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'IdempotentParameterMismatch',
+ 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"DataIngestionId\\": \\"di-yxtm3l2rwa7fr5uvxtc7\\"\\n}","type":"json"}]',
+ 'title' => '创建接入策略',
+ 'description' => '发送通知有频率和时间的限定。'."\n"
+ .'每天每个用户在08:00-20:00点最多收到两次通知,其余时间不会发送。',
+ ],
+ 'EnableDataIngestion' => [
+ 'summary' => '启动接入策略。',
+ 'methods' => [
+ 'post',
+ 'get',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'readAndWrite',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'update',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '173326*******',
+ ],
+ ],
+ [
+ 'name' => 'DataIngestionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '数据接入ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'alibaba_cloud_sas_netstat_ingestion_173326*******',
+ ],
+ ],
+ [
+ 'name' => 'ProductId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '产品ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'alibaba_cloud_sas',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'title' => 'Id of the request',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'IdempotentParameterMismatch',
+ 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]',
+ 'title' => '启动接入策略',
+ 'description' => '发送通知有频率和时间的限定。'."\n"
+ .'每天每个用户在08:00-20:00点最多收到两次通知,其余时间不会发送。',
+ ],
+ 'DisableDataIngestion' => [
+ 'summary' => '停止接入策略。',
+ 'methods' => [
+ 'post',
+ 'get',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'readAndWrite',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'update',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '173326*******',
+ ],
+ ],
+ [
+ 'name' => 'DataIngestionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '数据接入ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'alibaba_cloud_sas_netstat_ingestion_173326*******',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'title' => 'Id of the request',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'IdempotentParameterMismatch',
+ 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]',
+ 'title' => '停止接入策略',
+ 'description' => '发送通知有频率和时间的限定。'."\n"
+ .'每天每个用户在08:00-20:00点最多收到两次通知,其余时间不会发送。',
+ ],
+ 'UpdateDataIngestion' => [
+ 'summary' => '更新接入策略。',
+ 'methods' => [
+ 'post',
+ 'get',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'write',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'update',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '173326*******',
+ ],
+ ],
+ [
+ 'name' => 'DataIngestionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '数据接入ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'alibaba_cloud_actiontrail_event_ingestion_173326*******',
+ ],
+ ],
+ [
+ 'name' => 'DataIngestionMode',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '数据接入模式。取值:'."\n"
+ .'- realtime'."\n"
+ .'- scan',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'realtime',
+ ],
+ ],
+ [
+ 'name' => 'DataSourceId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '数据源ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'alibaba_cloud_actiontrail_event_log_173326*******',
+ ],
+ ],
+ [
+ 'name' => 'NormalizationRuleId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '标准化规则ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'alibaba_cloud_actiontrail_event_rule',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'title' => 'Id of the request',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'IdempotentParameterMismatch',
+ 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]',
+ 'title' => '更新接入策略',
+ 'description' => '发送通知有频率和时间的限定。'."\n"
+ .'每天每个用户在08:00-20:00点最多收到两次通知,其余时间不会发送。',
+ ],
+ 'DeleteDataIngestion' => [
+ 'summary' => '删除接入策略。',
+ 'methods' => [
+ 'post',
+ 'get',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'write',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'get',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '173326*******',
+ ],
+ ],
+ [
+ 'name' => 'DataIngestionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '数据接入ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'alibaba_cloud_sas_netstat_ingestion_173326*******',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'title' => 'Id of the request',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'IdempotentParameterMismatch',
+ 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]',
+ 'title' => '删除接入策略',
+ 'description' => '发送通知有频率和时间的限定。'."\n"
+ .'每天每个用户在08:00-20:00点最多收到两次通知,其余时间不会发送。',
+ ],
+ 'GetDataBatchIngestion' => [
+ 'summary' => '获取数据批量接入。',
+ 'methods' => [
+ 'post',
+ 'get',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'read',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'get',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '173326*******'."\n",
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ 'DataBatchIngestion' => [
+ 'description' => '数据批量接入。',
+ 'type' => 'object',
+ 'properties' => [
+ 'DataBatchIngestionStatus' => [
+ 'description' => '数据批量接入状态。取值:'."\n"
+ .'- pending:待生效。'."\n"
+ .'- running:生效中。'."\n"
+ .'- success:生效成功。'."\n"
+ .'- failed:生效失败。',
+ 'type' => 'string',
+ 'example' => 'pending',
+ ],
+ 'DataBatchIngestionSetTime' => [
+ 'description' => '数据批量接入设置时间。',
+ 'type' => 'string',
+ 'example' => '1733269771123',
+ ],
+ 'DataBatchIngestionEffectTime' => [
+ 'description' => '数据批量接入生效时间。',
+ 'type' => 'string',
+ 'example' => '1733269771123',
+ ],
+ 'LogUserIds' => [
+ 'description' => '数据批量接入用户ID列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '数据批量接入用户ID。',
+ 'type' => 'string',
+ 'example' => '173326*******',
+ ],
+ ],
+ 'AutoScanNew' => [
+ 'description' => '是否自动发现新用户。取值:'."\n"
+ .'- enabled:启用。'."\n"
+ .'- disabled:禁用。',
+ 'type' => 'string',
+ 'example' => 'enabled',
+ ],
+ 'DataIngestions' => [
+ 'description' => '数据接入列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '数据接入对象。',
+ 'type' => 'object',
+ 'properties' => [
+ 'DataIngestionId' => [
+ 'description' => '数据接入ID。',
+ 'type' => 'string',
+ 'example' => 'alibaba_cloud_sas_process_ingestion_173326*******',
+ ],
+ 'DataIngestionStatus' => [
+ 'description' => '数据接入状态。取值:'."\n"
+ .'- enabled:启用。'."\n"
+ .'- disabled:禁用。',
+ 'type' => 'string',
+ 'example' => 'enabled',
+ ],
+ 'DataSourceId' => [
+ 'description' => '数据源ID。',
+ 'type' => 'string',
+ 'example' => 'alibaba_cloud_sas_process_log_173326*******',
+ ],
+ 'ProductId' => [
+ 'description' => '产品ID。',
+ 'type' => 'string',
+ 'example' => 'alibaba_cloud_sas',
+ ],
+ 'VendorId' => [
+ 'description' => '厂商ID。',
+ 'type' => 'string',
+ 'example' => 'alibaba_cloud',
+ ],
+ ],
+ ],
+ ],
+ 'RecommendDataIngestionIds' => [
+ 'description' => '推荐接入ID列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '推荐接入ID。',
+ 'type' => 'string',
+ 'example' => 'alibaba_cloud_sas_process_log_173326*******',
+ ],
+ ],
+ 'ApsaraDataIngestionIds' => [
+ 'description' => '阿里云产品接入ID列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '阿里云产品接入ID。',
+ 'type' => 'string',
+ 'example' => 'alibaba_cloud_sas_process_log_173326*******',
+ ],
+ ],
+ 'DataSourceRecognizeEnabled' => [
+ 'description' => '自动发现新日志库。',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'DataBatchIngestionMode' => [
+ 'description' => '批量数据接入模式。',
+ 'type' => 'string',
+ 'example' => 'full',
+ ],
+ ],
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'IdempotentParameterMismatch',
+ 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"DataBatchIngestion\\": {\\n \\"DataBatchIngestionStatus\\": \\"pending\\",\\n \\"DataBatchIngestionSetTime\\": \\"1733269771123\\",\\n \\"DataBatchIngestionEffectTime\\": \\"1733269771123\\",\\n \\"LogUserIds\\": [\\n \\"173326*******\\"\\n ],\\n \\"AutoScanNew\\": \\"enabled\\",\\n \\"DataIngestions\\": [\\n {\\n \\"DataIngestionId\\": \\"alibaba_cloud_sas_process_ingestion_173326*******\\",\\n \\"DataIngestionStatus\\": \\"enabled\\",\\n \\"DataSourceId\\": \\"alibaba_cloud_sas_process_log_173326*******\\",\\n \\"ProductId\\": \\"alibaba_cloud_sas\\",\\n \\"VendorId\\": \\"alibaba_cloud\\"\\n }\\n ],\\n \\"RecommendDataIngestionIds\\": [\\n \\"alibaba_cloud_sas_process_log_173326*******\\"\\n ],\\n \\"ApsaraDataIngestionIds\\": [\\n \\"alibaba_cloud_sas_process_log_173326*******\\"\\n ],\\n \\"DataSourceRecognizeEnabled\\": true,\\n \\"DataBatchIngestionMode\\": \\"full\\"\\n }\\n}","type":"json"}]',
+ 'title' => '获取数据批量接入',
+ 'description' => '入参JsonConfig是一个非常复杂的JSON配置,为此我们提供了辅助工具类帮助具体配置示例,请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。',
+ ],
+ 'UpdateDataBatchIngestion' => [
+ 'summary' => '更新数据批量接入。',
+ 'methods' => [
+ 'post',
+ 'get',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'read',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'get',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '173326*******',
+ ],
+ ],
+ [
+ 'name' => 'LogUserIds',
+ 'in' => 'formData',
+ 'style' => 'simple',
+ 'schema' => [
+ 'description' => '数据批量接入用户ID列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '数据批量接入用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '173326*******',
+ ],
+ 'required' => false,
+ ],
+ ],
+ [
+ 'name' => 'AutoScanNew',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '是否自动发现新用户'."\n"
+ .'- enabled:启用。'."\n"
+ .'- disabled:禁用。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'enabled',
+ ],
+ ],
+ [
+ 'name' => 'DataIngestionIds',
+ 'in' => 'formData',
+ 'style' => 'simple',
+ 'schema' => [
+ 'description' => '接入策略ID列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '接入策略ID列表。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'alibaba_cloud_actiontrail_event_ingestion_173326*******',
+ ],
+ 'required' => false,
+ ],
+ ],
+ [
+ 'name' => 'DataSourceRecognizeEnabled',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '自动发现新日志库。',
+ 'type' => 'boolean',
+ 'required' => false,
+ 'example' => 'true',
+ ],
+ ],
+ [
+ 'name' => 'DataBatchIngestionMode',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '批量数据接入模式。取值:'."\n"
+ .'- full'."\n"
+ .'- increment',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'full',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'IdempotentParameterMismatch',
+ 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]',
+ 'title' => '更新数据批量接入策略',
+ 'description' => '入参JsonConfig是一个非常复杂的JSON配置,为此我们提供了辅助工具类帮助具体配置示例,请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。',
+ ],
+ 'ListDataIngestions' => [
+ 'summary' => '获取数据接入策略列表。',
+ 'methods' => [
+ 'post',
+ 'get',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'readAndWrite',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'get',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '173326*******',
+ ],
+ ],
+ [
+ 'name' => 'DataIngestionIds',
+ 'in' => 'formData',
+ 'style' => 'simple',
+ 'schema' => [
+ 'description' => '接入策略ID列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '接入策略ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'alibaba_cloud_sas_netstat_ingestion_173326*******',
+ ],
+ 'required' => false,
+ ],
+ ],
+ [
+ 'name' => 'DataIngestionStatus',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '数据接入状态。取值:'."\n"
+ .'- enabled:启用。'."\n"
+ .'- disabled:禁用。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'enabled',
+ ],
+ ],
+ [
+ 'name' => 'ProductId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '产品ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'alibaba_cloud_sas',
+ ],
+ ],
+ [
+ 'name' => 'DataIngestionTemplateIds',
+ 'in' => 'formData',
+ 'style' => 'simple',
+ 'schema' => [
+ 'description' => '数据接入模版ID列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '数据接入模版ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'alibaba_cloud_sas_netstat_ingestion',
+ ],
+ 'required' => false,
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'title' => 'Id of the request',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ 'DataIngestions' => [
+ 'description' => '数据接入列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '数据接入。',
+ 'type' => 'object',
+ 'properties' => [
+ 'CreateTime' => [
+ 'description' => '创建时间。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '1733269771123',
+ ],
+ 'UpdateTime' => [
+ 'description' => '更新时间。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '1733269771123',
+ ],
+ 'DataIngestionId' => [
+ 'description' => '数据接入ID。',
+ 'type' => 'string',
+ 'example' => 'alibaba_cloud_sas_netstat_ingestion_173326*******',
+ ],
+ 'DataIngestionType' => [
+ 'description' => '数据接入类型。取值:'."\n"
+ .'- preset'."\n"
+ .'- custom',
+ 'type' => 'string',
+ 'example' => 'preset',
+ ],
+ 'DataIngestionMode' => [
+ 'description' => '数据接入模式。取值:'."\n"
+ .'- realtime'."\n"
+ .'- scan',
+ 'type' => 'string',
+ 'example' => 'realtime',
+ ],
+ 'DataIngestionStatus' => [
+ 'description' => '数据接入状态。取值:'."\n"
+ .'- enabled:启用。'."\n"
+ .'- disabled:禁用。',
+ 'type' => 'string',
+ 'example' => 'enabled',
+ ],
+ 'DataIngestionState' => [
+ 'description' => '数据接入形态。取值:'."\n"
+ .'- ingested'."\n"
+ .'- uningested'."\n"
+ .'- abnorma',
+ 'type' => 'string',
+ 'example' => 'ingested',
+ ],
+ 'DataSourceId' => [
+ 'description' => '数据源ID。',
+ 'type' => 'string',
+ 'example' => 'ds-scpfegri73oyoknbc90c',
+ ],
+ 'NormalizationRuleId' => [
+ 'description' => '标准化规则ID。',
+ 'type' => 'string',
+ 'example' => 'nr-0aywiqdtaqdvwac7xkbjsf3a',
+ ],
+ 'StreamJobId' => [
+ 'description' => '任务流JobId。',
+ 'type' => 'string',
+ 'example' => '73a78aa245e3b1299d6ceed093de7bd8',
+ ],
+ 'CapacityCount' => [
+ 'description' => '关联安全能力数量。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '3',
+ ],
+ 'DataSourceEditable' => [
+ 'description' => '数据源是否可以编辑。',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'NormalizationRuleEditable' => [
+ 'description' => '标准化规则是否可以编辑。',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'DataIngestionModeEditable' => [
+ 'description' => '数据接入模式是否可以编辑。',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'DataIngestionTemplateId' => [
+ 'description' => '数据接入模版ID。',
+ 'type' => 'string',
+ 'example' => 'alibaba_cloud_sas_netstat_ingestion',
+ ],
+ 'RealtimeDataSourceId' => [
+ 'description' => '实时模式数据源Id。',
+ 'type' => 'string',
+ 'example' => 'ds-scpfegri73oyoknbc90c',
+ ],
+ 'ScanDataSourceId' => [
+ 'description' => '扫描模式数据源Id。',
+ 'type' => 'string',
+ 'example' => 'ds-scpfegri73oyoknbc90c',
+ ],
+ 'DataIngestionStateCode' => [
+ 'description' => '数据接入异常状态Code。',
+ 'type' => 'string',
+ 'example' => 'UserUnauthorized',
+ ],
+ 'ActiveTime' => [
+ 'description' => '激活时间。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '1733269771123',
+ ],
+ ],
+ ],
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'IdempotentParameterMismatch',
+ 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"DataIngestions\\": [\\n {\\n \\"CreateTime\\": 1733269771123,\\n \\"UpdateTime\\": 1733269771123,\\n \\"DataIngestionId\\": \\"alibaba_cloud_sas_netstat_ingestion_173326*******\\",\\n \\"DataIngestionType\\": \\"preset\\",\\n \\"DataIngestionMode\\": \\"realtime\\",\\n \\"DataIngestionStatus\\": \\"enabled\\",\\n \\"DataIngestionState\\": \\"ingested\\",\\n \\"DataSourceId\\": \\"ds-scpfegri73oyoknbc90c\\",\\n \\"NormalizationRuleId\\": \\"nr-0aywiqdtaqdvwac7xkbjsf3a\\",\\n \\"StreamJobId\\": \\"73a78aa245e3b1299d6ceed093de7bd8\\",\\n \\"CapacityCount\\": 3,\\n \\"DataSourceEditable\\": true,\\n \\"NormalizationRuleEditable\\": true,\\n \\"DataIngestionModeEditable\\": true,\\n \\"DataIngestionTemplateId\\": \\"alibaba_cloud_sas_netstat_ingestion\\",\\n \\"RealtimeDataSourceId\\": \\"ds-scpfegri73oyoknbc90c\\",\\n \\"ScanDataSourceId\\": \\"ds-scpfegri73oyoknbc90c\\",\\n \\"DataIngestionStateCode\\": \\"UserUnauthorized\\",\\n \\"ActiveTime\\": 1733269771123\\n }\\n ]\\n}","type":"json"}]',
+ 'title' => '获取数据接入策略列表',
+ 'description' => '发送通知有频率和时间的限定。'."\n"
+ .'每天每个用户在08:00-20:00点最多收到两次通知,其余时间不会发送。',
+ ],
+ 'UpdateDataIngestionTemplate' => [
+ 'summary' => '更新接入模板。',
+ 'path' => '',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'write',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'update',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ 'tenantRelevance' => 'tenant',
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'DataIngestionTemplateId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '数据接入模版ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'alibaba_cloud_actiontrail_event_ingestion_173326*******',
+ ],
+ ],
+ [
+ 'name' => 'DataIngestionTemplateName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '数据源模版名称。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'alibaba_cloud_actiontrail_event_ingestion_173326*******',
+ ],
+ ],
+ [
+ 'name' => 'NormalizationRuleId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '标准化规则ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'alibaba_cloud_actiontrail_event_rule',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '173326*******',
+ ],
+ ],
+ [
+ 'name' => 'DataIngestionStatus',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '数据接入状态。取值:'."\n"
+ .'- enabled:启用。'."\n"
+ .'- disabled:禁用。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'enabled',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'title' => 'Id of the request',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]',
+ 'title' => '更新数据接入模版',
+ 'description' => '发送通知有频率和时间的限定。'."\n"
+ .'每天每个用户在08:00-20:00点最多收到两次通知,其余时间不会发送。',
+ ],
+ 'ListDataIngestionTemplates' => [
+ 'summary' => '查询接入模板。',
+ 'path' => '',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'read',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'list',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'DataSourceTemplateIds',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '数据源模版ID列表。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'alibaba_cloud_sas_account_snapshot_log_173326*******',
+ ],
+ ],
+ [
+ 'name' => 'DataIngestionTemplateStatus',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '数据接入模版状态。取值:'."\n"
+ .'- pending'."\n"
+ .'- running'."\n"
+ .'- success'."\n"
+ .'- failed',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'running',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '173326*******',
+ ],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'ProductId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '产品ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'alibaba_cloud_sas',
+ ],
+ ],
+ [
+ 'name' => 'PageNumber',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '分页参数:当前页码。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'PageSize',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '分页参数:每页显示条数。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '10',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ 'DataIngestionTemplates' => [
+ 'description' => '数据接入模版列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '数据接入模版。',
+ 'type' => 'object',
+ 'properties' => [
+ 'CreateTime' => [
+ 'description' => '创建时间。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '1733269771123',
+ ],
+ 'DataIngestionStatus' => [
+ 'description' => '数据接入状态。取值:'."\n"
+ .'- enabled:启用。'."\n"
+ .'- disabled:禁用。',
+ 'type' => 'string',
+ 'example' => 'enabled',
+ ],
+ 'DataIngestionTemplateId' => [
+ 'description' => '数据接入模版ID。',
+ 'type' => 'string',
+ 'example' => 'alibaba_cloud_sas_account_snapshot_log',
+ ],
+ 'DataIngestionTemplateName' => [
+ 'description' => '数据源模版名称。',
+ 'type' => 'string',
+ 'example' => 'alibaba_cloud_sas_account_snapshot_log',
+ ],
+ 'DataSourceTemplateId' => [
+ 'description' => '数据源模版ID。',
+ 'type' => 'string',
+ 'example' => 'alibaba_cloud_sas_account_snapshot_log_173326*******',
+ ],
+ 'NormalizationRuleId' => [
+ 'description' => '标准化规则ID。',
+ 'type' => 'string',
+ 'example' => 'alibaba_cloud_actiontrail_event_rule',
+ ],
+ 'NormalizationRuleName' => [
+ 'description' => '标准化规则名称。',
+ 'type' => 'string',
+ 'example' => 'normalization_rule_ke1RN',
+ ],
+ 'UpdateTime' => [
+ 'description' => '更新时间。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '173326*******',
+ ],
+ 'CapacityCount' => [
+ 'description' => '关联安全能力数量。',
+ 'type' => 'string',
+ 'example' => '3',
+ ],
+ 'DataIngestionMode' => [
+ 'description' => '数据接入模式。取值:'."\n"
+ .'- realtime'."\n"
+ .'- scan',
+ 'type' => 'string',
+ 'example' => 'realtime',
+ ],
+ 'DataIngestionTemplateStatus' => [
+ 'description' => '数据接入模版状态。取值:'."\n"
+ .'- pending'."\n"
+ .'- running'."\n"
+ .'- success'."\n"
+ .'- failed',
+ 'type' => 'string',
+ 'example' => 'running',
+ ],
+ ],
+ ],
+ ],
+ 'PageNumber' => [
+ 'description' => '分页参数:当前页码。',
+ 'type' => 'string',
+ 'example' => '1',
+ ],
+ 'PageSize' => [
+ 'description' => '分页参数:每页显示条数。',
+ 'type' => 'string',
+ 'example' => '10',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"DataIngestionTemplates\\": [\\n {\\n \\"CreateTime\\": 1733269771123,\\n \\"DataIngestionStatus\\": \\"enabled\\",\\n \\"DataIngestionTemplateId\\": \\"alibaba_cloud_sas_account_snapshot_log\\",\\n \\"DataIngestionTemplateName\\": \\"alibaba_cloud_sas_account_snapshot_log\\",\\n \\"DataSourceTemplateId\\": \\"alibaba_cloud_sas_account_snapshot_log_173326*******\\",\\n \\"NormalizationRuleId\\": \\"alibaba_cloud_actiontrail_event_rule\\",\\n \\"NormalizationRuleName\\": \\"normalization_rule_ke1RN\\",\\n \\"UpdateTime\\": 0,\\n \\"CapacityCount\\": \\"3\\",\\n \\"DataIngestionMode\\": \\"realtime\\",\\n \\"DataIngestionTemplateStatus\\": \\"running\\"\\n }\\n ],\\n \\"PageNumber\\": \\"1\\",\\n \\"PageSize\\": \\"10\\"\\n}","type":"json"}]',
+ 'title' => '获取数据接入模版列表',
+ 'description' => '发送通知有频率和时间的限定。'."\n"
+ .'每天每个用户在08:00-20:00点最多收到两次通知,其余时间不会发送。',
+ ],
+ 'ListTrafficStatistics' => [
+ 'summary' => '获取流量统计列表。',
+ 'methods' => [
+ 'post',
+ 'get',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'readAndWrite',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'get',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '173326*******',
+ ],
+ ],
+ [
+ 'name' => 'TrafficStatisticPeriod',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '统计周期。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '30',
+ ],
+ ],
+ [
+ 'name' => 'TrafficStatisticPeriodType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '统计粒度。取值:'."\n"
+ .'- day:天,默认。'."\n"
+ .'- hour:小时。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'day',
+ ],
+ ],
+ [
+ 'name' => 'TrafficStatisticType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '统计维度。取值:'."\n"
+ .'- Region'."\n"
+ .'- Product'."\n"
+ .'- DataIngetion'."\n"
+ .'- logUserId',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'Region',
+ ],
+ ],
+ [
+ 'name' => 'ProductId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '产品ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'alibaba_cloud_sas',
+ ],
+ ],
+ [
+ 'name' => 'TrafficType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '日志流量类型:'."\n"
+ .'- "commonLogTraffic":通用日志流量 (默认)'."\n"
+ .'- "agentAnalysisLogTraffic":AI智能分析日志流量',
+ 'description' => '日志流量类型:'."\n"
+ .'- "commonLogTraffic":通用日志流量 (默认)'."\n"
+ .'- "agentAnalysisLogTraffic":AI智能分析日志流量',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'agentAnalysisLogTraffic',
+ 'default' => 'commonLogTraffic',
+ ],
+ ],
+ [
+ 'name' => 'RegionTag',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '地域。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'LogUserIds',
+ 'in' => 'formData',
+ 'style' => 'simple',
+ 'schema' => [
+ 'description' => '数据批量接入用户ID列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '数据批量接入用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '173326*******',
+ ],
+ 'required' => false,
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'title' => 'Id of the request',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ 'TrafficStatistics' => [
+ 'description' => '流量统计列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '流量统计。',
+ 'type' => 'object',
+ 'properties' => [
+ 'TrafficStatisticTarget' => [
+ 'description' => '统计目标。',
+ 'type' => 'string',
+ 'example' => 'all',
+ ],
+ 'TrafficStatisticData' => [
+ 'description' => '统计信息。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '流量信息。',
+ 'type' => 'object',
+ 'properties' => [
+ 'TrafficStatisticTime' => [
+ 'description' => '统计时间。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '20250815',
+ ],
+ 'TrafficStatisticValue' => [
+ 'description' => '统计值。',
+ 'type' => 'number',
+ 'format' => 'double',
+ 'example' => '1.699814',
+ ],
+ ],
+ ],
+ ],
+ ],
+ ],
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'IdempotentParameterMismatch',
+ 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"TrafficStatistics\\": [\\n {\\n \\"TrafficStatisticTarget\\": \\"all\\",\\n \\"TrafficStatisticData\\": [\\n {\\n \\"TrafficStatisticTime\\": 20250815,\\n \\"TrafficStatisticValue\\": 1.699814\\n }\\n ]\\n }\\n ]\\n}","type":"json"}]',
+ 'title' => '获取流量统计列表',
+ 'description' => '入参JsonConfig是一个非常复杂的JSON配置,为此我们提供了辅助工具类帮助具体配置示例,请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。',
+ ],
+ 'ExecuteLogQuery' => [
+ 'summary' => '执行数据查询。',
+ 'methods' => [
+ 'post',
+ 'get',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'read',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'get',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '173326*******',
+ ],
+ ],
+ [
+ 'name' => 'LogUserId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '数据接入用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '173326*******',
+ ],
+ ],
+ [
+ 'name' => 'LogRegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '日志存储地域ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'LogProjectName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '日志服务项目名称。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'slsaudit-center-173326*******-cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'LogStoreName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '日志服务项目名称。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'huawei-cn-cfw',
+ ],
+ ],
+ [
+ 'name' => 'LogQuery',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '日志服务查询语句。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '*',
+ ],
+ ],
+ [
+ 'name' => 'ExtendContentPacked',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '用于标识否将非标准字段打包到扩展字段extend_content,取值:'."\n"
+ .'- "enabled" :启用打包'."\n"
+ .'- "disabled" :不启用打包'."\n"
+ .'默认:"disabled"',
+ 'description' => '用于标识否将非标准字段打包到扩展字段extend_content。取值:'."\n"
+ .'- enabled:开启。'."\n"
+ .'- disabled:禁用。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'enabled',
+ ],
+ ],
+ [
+ 'name' => 'NormalizationSchemaId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '如果启用打包,则需要指定NormalizationSchemaId',
+ 'description' => '如果启用打包,则需要指定NormalizationSchemaId',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'WAF_ALERT_ACTIVITY',
+ ],
+ ],
+ [
+ 'name' => 'StartTime',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '开始时间。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '1733269771123',
+ ],
+ ],
+ [
+ 'name' => 'EndTime',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '结束时间。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '1733269771123',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ 'QueryResult' => [
+ 'description' => '请求结果。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '请求结果。',
+ 'type' => 'any',
+ 'example' => '[]',
+ ],
+ 'example' => '[]。',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'IdempotentParameterMismatch',
+ 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"QueryResult\\": [\\n \\"[]\\"\\n ]\\n}","type":"json"}]',
+ 'title' => '执行日志服务查询',
+ 'description' => '入参JsonConfig是一个非常复杂的JSON配置,为此我们提供了辅助工具类帮助具体配置示例,请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。',
+ ],
+ 'CreateNormalizationRule' => [
+ 'summary' => '创建标准化规则。',
+ 'methods' => [
+ 'post',
+ 'get',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'write',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'create',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '资源目录成员账号ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '173326*******',
+ ],
+ ],
+ [
+ 'name' => 'NormalizationRuleName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '标准化规则名称。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'normalization_rule_Z57np',
+ ],
+ ],
+ [
+ 'name' => 'NormalizationRuleDescription',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '标准化规则描述。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'normalization_rule_Z57np',
+ ],
+ ],
+ [
+ 'name' => 'NormalizationRuleFormat',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '标准化规则格式。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'SPL',
+ ],
+ ],
+ [
+ 'name' => 'NormalizationRuleExpression',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '标准化规则表达式。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '* | pack-fields -include=\'[\\s\\S]+\' as extend_content',
+ ],
+ ],
+ [
+ 'name' => 'NormalizationCategoryId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '标准化规则分类ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'NETWORK_CATEGORY',
+ ],
+ ],
+ [
+ 'name' => 'NormalizationSchemaId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '标准化结构ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'HTTP_ACTIVITY',
+ ],
+ ],
+ [
+ 'name' => 'VendorId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '标准化规则对应的厂商ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'alibaba_cloud',
+ ],
+ ],
+ [
+ 'name' => 'ProductId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '产品ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'alibaba_cloud_sas',
+ ],
+ ],
+ [
+ 'name' => 'NormalizationRuleMode',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '标准化规则模式。取值:'."\n"
+ .'- both'."\n"
+ .'- scan'."\n"
+ .'- realtime',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'both',
+ ],
+ ],
+ [
+ 'name' => 'ExtendContentPacked',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '用于标识否将非标准字段打包到扩展字段extend_content,取值:'."\n"
+ .' - "enabled" :启用打包'."\n"
+ .' - "disabled" :不启用打包'."\n"
+ .' 默认:"disabled"',
+ 'description' => '用于标识否将非标准字段打包到扩展字段extend_content。取值:'."\n"
+ .'- enabled:启用。'."\n"
+ .'- disabled:禁用。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'enabled',
+ ],
+ ],
+ [
+ 'name' => 'NormalizationRuleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '标准化规则类型。取值:'."\n"
+ .'- predefined:预定义标准化规则。'."\n"
+ .'- custom:自定义标准化规则。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'custom',
+ ],
+ ],
+ [
+ 'name' => 'OrderField',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '规则列表排列字段。 取值:'."\n"
+ .'- GmtModified:基于修改时间排序。'."\n"
+ .'- Id:基于规则id排序(默认)。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'Id',
+ ],
+ ],
+ [
+ 'name' => 'NormalizationRuleVersion',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '标准化规则版本。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'NormalizationRuleIds',
+ 'in' => 'formData',
+ 'style' => 'json',
+ 'schema' => [
+ 'description' => '标准化规则ID列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '标准化规则ID列表。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'alibaba_cloud_cfw_alert_extract_rule,alibaba_cloud_cfw_flow_rule,alibaba_cloud_ndr_http_rule,alibaba_cloud_ndr_dns_rule,alibaba_cloud_ndr_attack_alert_rule',
+ ],
+ 'required' => false,
+ ],
+ ],
+ [
+ 'name' => 'ExtendFieldStoreMode',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '扩展字段存储模式,可选项:flat、pack、reject。',
+ 'description' => '扩展字段存储模式,可选项:flat、pack、reject。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'flat',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'title' => 'Id of the request',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ 'NormalizationRuleId' => [
+ 'description' => '标准化规则ID。',
+ 'type' => 'string',
+ 'example' => 'nr-z0b2ssjteut85uoh9nzp',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'IdempotentParameterMismatch',
+ 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"NormalizationRuleId\\": \\"nr-z0b2ssjteut85uoh9nzp\\"\\n}","type":"json"}]',
+ 'title' => '创建标准化规则',
+ 'description' => '入参JsonConfig是一个非常复杂的JSON配置,为此我们提供了辅助工具类帮助具体配置示例,请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。',
+ ],
+ 'UpdateNormalizationRule' => [
+ 'summary' => '更新标准化规则。',
+ 'methods' => [
+ 'post',
+ 'get',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'write',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'update',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '173326*******',
+ ],
+ ],
+ [
+ 'name' => 'NormalizationRuleId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '标准化规则ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'nr-z0b2ssjteut85uoh9nzp',
+ ],
+ ],
+ [
+ 'name' => 'NormalizationRuleName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '标准化规则名称。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'normalization_rule_Z57np',
+ ],
+ ],
+ [
+ 'name' => 'NormalizationRuleDescription',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '标准化规则描述。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'normalization_rule_Z57np',
+ ],
+ ],
+ [
+ 'name' => 'NormalizationRuleFormat',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '标准化规则格式。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'SPL',
+ ],
+ ],
+ [
+ 'name' => 'NormalizationRuleExpression',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '标准化规则表达式。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '* | pack-fields -include=\'[\\s\\S]+\' as extend_content',
+ ],
+ ],
+ [
+ 'name' => 'NormalizationSchemaId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '标准化结构ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'HTTP_ACTIVITY',
+ ],
+ ],
+ [
+ 'name' => 'VendorId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '标准化规则对应的厂商ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'alibaba_cloud',
+ ],
+ ],
+ [
+ 'name' => 'ProductId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '产品ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'alibaba_cloud_sas',
+ ],
+ ],
+ [
+ 'name' => 'NormalizationRuleMode',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '标准化规则模式。取值:'."\n"
+ .'- both'."\n"
+ .'- scan'."\n"
+ .'- realtime',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'both',
+ ],
+ ],
+ [
+ 'name' => 'ExtendContentPacked',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '用于标识否将非标准字段打包到扩展字段extend_content,取值:'."\n"
+ .'- "enabled" :启用打包'."\n"
+ .'- "disabled" :不启用打包'."\n"
+ .'默认:"disabled"',
+ 'description' => '用于标识否将非标准字段打包到扩展字段extend_content。取值:'."\n"
+ .'- enabled:启用。'."\n"
+ .'- disabled:禁用。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'enabled',
+ ],
+ ],
+ [
+ 'name' => 'OrderField',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '规则列表排列字段。 取值:'."\n"
+ .'- GmtModified:基于修改时间排序。'."\n"
+ .'- Id:基于规则id排序(默认)。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'Id',
+ ],
+ ],
+ [
+ 'name' => 'NormalizationRuleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '标准化规则类型。取值:'."\n"
+ .'- predefined:预定义标准化规则。'."\n"
+ .'- custom:自定义标准化规则。'."\n",
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'custom',
+ ],
+ ],
+ [
+ 'name' => 'NormalizationRuleIds',
+ 'in' => 'formData',
+ 'style' => 'json',
+ 'schema' => [
+ 'description' => '标准化规则ID列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '标准化规则ID列表。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'nr-68unzx95g5avl0n7aife,nr-lc2gzp4ysxksl0ke7l2q',
+ ],
+ 'required' => false,
+ ],
+ ],
+ [
+ 'name' => 'ExtendFieldStoreMode',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '扩展字段存储模式,可选项:flat、pack、reject。',
+ 'description' => '扩展字段存储模式,可选项:flat、pack、reject。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'flat',
+ ],
+ ],
+ [
+ 'name' => 'NormalizationCategoryId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '所属标准化类目',
+ 'description' => '所属标准化类目',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'HOST_CATEGORY',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'title' => 'Id of the request',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'IdempotentParameterMismatch',
+ 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]',
+ 'title' => '更新标准化规则',
+ 'description' => '入参JsonConfig是一个非常复杂的JSON配置,为此我们提供了辅助工具类帮助具体配置示例,请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。',
+ ],
+ 'DeleteNormalizationRule' => [
+ 'summary' => '删除标准化规则。',
+ 'methods' => [
+ 'post',
+ 'get',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'write',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'delete',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '173326*******',
+ ],
+ ],
+ [
+ 'name' => 'NormalizationRuleId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '标准化规则ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'nr-z0b2ssjteut85uoh9nzp',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'IdempotentParameterMismatch',
+ 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]',
+ 'title' => '删除标准化规则',
+ 'description' => '入参JsonConfig是一个非常复杂的JSON配置,为此我们提供了辅助工具类帮助具体配置示例,请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。',
+ ],
+ 'ValidateNormalizationRule' => [
+ 'summary' => '校验标准化规则。',
+ 'methods' => [
+ 'post',
+ 'get',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'readAndWrite',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'none',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '173326*******',
+ ],
+ ],
+ [
+ 'name' => 'Data',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '规则ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '123456',
+ ],
+ ],
+ [
+ 'name' => 'NormalizationCategoryId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '规则所属标准化类目。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'NETWORK_CATEGORY',
+ ],
+ ],
+ [
+ 'name' => 'NormalizationSchemaId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '规则所属标准化模式ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'HTTP_ACTIVITY',
+ ],
+ ],
+ [
+ 'name' => 'VendorId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '厂商ID。',
+ 'description' => '厂商ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'alibaba_cloud',
+ ],
+ ],
+ [
+ 'name' => 'ProductId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '产品ID。',
+ 'description' => '产品ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'alibaba_cloud_sas',
+ ],
+ ],
+ [
+ 'name' => 'ExtendFieldStoreMode',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '扩展字段存储模式,取值:flat、pack、reject。',
+ 'description' => '扩展字段存储模式,取值:flat、pack、reject。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'flat',
+ ],
+ ],
+ [
+ 'name' => 'NormalizationRuleMode',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '标准化规则模式。取值:both、realtime',
+ 'description' => '标准化规则模式。取值:both、realtime',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'realtime',
+ ],
+ ],
+ [
+ 'name' => 'LogSample',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '日志样例,JSON格式。',
+ 'description' => '日志样例,JSON格式。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '{"aaa":"bbb","xxx":"yyy"}',
+ ],
+ ],
+ [
+ 'name' => 'NormalizationRuleExpression',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '标准化规则表达式。',
+ 'description' => '标准化规则表达式。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '*',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'title' => 'Id of the request',
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ 'ValidateResult' => [
+ 'description' => '校验结果列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '校验结果。',
+ 'type' => 'object',
+ 'properties' => [
+ 'FieldName' => [
+ 'description' => '字段名称。',
+ 'type' => 'string',
+ 'example' => 'host',
+ ],
+ 'FieldValue' => [
+ 'description' => '字段信息。',
+ 'type' => 'string',
+ 'example' => 'ze',
+ ],
+ 'NormalizationFieldName' => [
+ 'description' => '标准化字段名称。',
+ 'type' => 'string',
+ 'example' => 'host',
+ ],
+ 'NormalizationFieldRequired' => [
+ 'description' => '标准化字段是否必填。',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'Result' => [
+ 'description' => '校验结果,取值:'."\n"
+ .'- 1:校验通过。'."\n"
+ .'- 0:警告。'."\n"
+ .'- 1:校验不通过。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '1',
+ ],
+ 'Message' => [
+ 'description' => '校验原因,取值:'."\n"
+ .'- OperationDenied.TheValueIsRequired: 必填参数为空。'."\n"
+ .'- OperationDenied.TheValueIsNull: 参数值为空。'."\n"
+ .'- OperationDenied.TheEnumValueNotSupport: 字段值不在枚举值范围内。'."\n"
+ .'- OperationDenied.TheValueLessThanMin: 字段值小于设定的最小值。'."\n"
+ .'- OperationDenied.TheValueMoreThanMax: 字段值大于设定的最大值。'."\n"
+ .'- OperationDenied.TheValueNotMatchRegularExpression: 字段值正则匹配不通过。'."\n"
+ .'- success: 验证通过。',
+ 'type' => 'string',
+ 'example' => 'success',
+ ],
+ 'NormalizationFieldType' => [
+ 'title' => '标准字段类型,支持text、long、double、json四种类型。',
+ 'description' => '标准字段类型,支持text、long、double、json四种类型。',
+ 'type' => 'string',
+ 'example' => 'text',
+ ],
+ 'NormalizationFieldFrom' => [
+ 'title' => '标准字段来源,preset-内置,custom-自定义。',
+ 'description' => '标准字段来源,preset-内置,custom-自定义。',
+ 'type' => 'string',
+ 'example' => 'preset',
+ ],
+ 'NormalizationFieldReserved' => [
+ 'title' => '是否是系统内置的标准字段名。',
+ 'description' => '是否是系统内置的标准字段名。',
+ 'type' => 'boolean',
+ ],
+ 'NormalizationFieldValidationStatus' => [
+ 'title' => '标准字段校验状态,取值:pass、fail。',
+ 'description' => '标准字段校验状态,取值:pass、fail。',
+ 'type' => 'string',
+ 'example' => 'pass',
+ ],
+ 'NormalizationFieldValidationReason' => [
+ 'title' => '标准字段校验失败原因。',
+ 'description' => '标准字段校验失败原因。',
+ 'type' => 'string',
+ 'example' => 'OperationDenied.TheValueIsRequired',
+ ],
+ 'LogFieldName' => [
+ 'title' => '日志字段名。',
+ 'description' => '日志字段名。',
+ 'type' => 'string',
+ 'example' => 'aaa',
+ ],
+ 'LogFieldValue' => [
+ 'title' => '日志字段值。',
+ 'description' => '日志字段值。',
+ 'type' => 'string',
+ 'example' => 'bbb',
+ ],
+ ],
+ ],
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'IdempotentParameterMismatch',
+ 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"ValidateResult\\": [\\n {\\n \\"FieldName\\": \\"host\\",\\n \\"FieldValue\\": \\"ze\\",\\n \\"NormalizationFieldName\\": \\"host\\",\\n \\"NormalizationFieldRequired\\": true,\\n \\"Result\\": 1,\\n \\"Message\\": \\"success\\",\\n \\"NormalizationFieldType\\": \\"text\\",\\n \\"NormalizationFieldFrom\\": \\"preset\\",\\n \\"NormalizationFieldReserved\\": true,\\n \\"NormalizationFieldValidationStatus\\": \\"pass\\",\\n \\"NormalizationFieldValidationReason\\": \\"OperationDenied.TheValueIsRequired\\",\\n \\"LogFieldName\\": \\"aaa\\",\\n \\"LogFieldValue\\": \\"bbb\\"\\n }\\n ]\\n}","type":"json"}]',
+ 'title' => '校验标准化规则',
+ 'description' => '入参JsonConfig是一个非常复杂的JSON配置,为此我们提供了辅助工具类帮助具体配置示例,请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。',
+ ],
+ 'GetNormalizationRule' => [
+ 'summary' => '获取标准化规则信息。',
+ 'methods' => [
+ 'post',
+ 'get',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'read',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'get',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '173326*******',
+ ],
+ ],
+ [
+ 'name' => 'NormalizationRuleId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '标准化规则ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'nr-z0b2ssjteut85uoh9nzp',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ 'NormalizationRule' => [
+ 'description' => '标准化规则。',
+ 'type' => 'object',
+ 'properties' => [
+ 'CreateTime' => [
+ 'description' => '创建时间。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '1733269771123',
+ ],
+ 'UpdateTime' => [
+ 'description' => '更新时间。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '1733269771123',
+ ],
+ 'NormalizationRuleId' => [
+ 'description' => '标准化规则ID。',
+ 'type' => 'string',
+ 'example' => 'nr-z0b2ssjteut85uoh9nzp',
+ ],
+ 'NormalizationRuleName' => [
+ 'description' => '标准化规则名称。',
+ 'type' => 'string',
+ 'example' => 'normalization_rule_Z57np',
+ ],
+ 'NormalizationRuleType' => [
+ 'description' => '标准化规则类型。取值:'."\n"
+ .'- predefined:预定义标准化规则。'."\n"
+ .'- custom:自定义标准化规则。'."\n",
+ 'type' => 'string',
+ 'example' => 'predefined',
+ ],
+ 'NormalizationRuleFormat' => [
+ 'description' => '标准化规则格式。',
+ 'type' => 'string',
+ 'example' => 'SPL',
+ ],
+ 'NormalizationRuleDescription' => [
+ 'description' => '标准化规则描述。',
+ 'type' => 'string',
+ 'example' => 'normalization_rule_Z57np',
+ ],
+ 'NormalizationRuleVersion' => [
+ 'description' => '标准化规则版本。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => 'V1',
+ ],
+ 'NormalizationRuleExpression' => [
+ 'description' => '标准化规则表达式。',
+ 'type' => 'string',
+ 'example' => '* | pack-fields -include=\'[\\s\\S]+\' as extend_content',
+ ],
+ 'NormalizationRuleStatus' => [
+ 'description' => '标准化规则状态。',
+ 'type' => 'string',
+ 'example' => 'started',
+ ],
+ 'NormalizationCategoryId' => [
+ 'description' => '标准化规则分类ID。',
+ 'type' => 'string',
+ 'example' => 'NETWORK_CATEGORY',
+ ],
+ 'NormalizationSchemaId' => [
+ 'description' => '标准化结构ID。',
+ 'type' => 'string',
+ 'example' => 'HTTP_ACTIVITY',
+ ],
+ 'VendorId' => [
+ 'description' => '标准化规则对应的厂商ID。',
+ 'type' => 'string',
+ 'example' => 'alibaba_cloud',
+ ],
+ 'ProductId' => [
+ 'description' => '产品ID。',
+ 'type' => 'string',
+ 'example' => 'alibaba_cloud_sas',
+ ],
+ 'NormalizationRuleMode' => [
+ 'description' => '标准化规则模式。取值:'."\n"
+ .'- both'."\n"
+ .'- scan'."\n"
+ .'- realtime',
+ 'type' => 'string',
+ 'example' => 'both',
+ ],
+ 'ExtendContentPacked' => [
+ 'description' => '用于标识否将非标准字段打包到扩展字段extend_content。取值:'."\n"
+ .'- enabled:启用。'."\n"
+ .'- disabled:禁用。',
+ 'type' => 'string',
+ 'example' => 'enabled',
+ ],
+ 'OrderField' => [
+ 'description' => '规则列表排列字段。 取值:'."\n"
+ .'- GmtModified:基于修改时间排序'."\n"
+ .'- Id:基于规则id排序(默认)',
+ 'type' => 'string',
+ 'example' => 'GmtModified',
+ ],
+ 'NormalizationRuleIds' => [
+ 'description' => '标准化规则ID列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '标准化规则ID列表。',
+ 'type' => 'string',
+ 'example' => 'nr-z0b2ssjteut85uoh9nzp',
+ ],
+ ],
+ 'ExtendFieldStoreMode' => [
+ 'title' => '扩展字段存储模式,flat-原样接入,reject-不接入,pack-打包到extend_content字段。',
+ 'description' => '扩展字段存储模式,flat-原样接入,reject-不接入,pack-打包到extend_content字段。',
+ 'type' => 'string',
+ 'example' => 'flat',
+ ],
+ ],
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'IdempotentParameterMismatch',
+ 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"NormalizationRule\\": {\\n \\"CreateTime\\": 1733269771123,\\n \\"UpdateTime\\": 1733269771123,\\n \\"NormalizationRuleId\\": \\"nr-z0b2ssjteut85uoh9nzp\\",\\n \\"NormalizationRuleName\\": \\"normalization_rule_Z57np\\",\\n \\"NormalizationRuleType\\": \\"predefined\\",\\n \\"NormalizationRuleFormat\\": \\"SPL\\",\\n \\"NormalizationRuleDescription\\": \\"normalization_rule_Z57np\\",\\n \\"NormalizationRuleVersion\\": 0,\\n \\"NormalizationRuleExpression\\": \\"* | pack-fields -include=\'[\\\\\\\\s\\\\\\\\S]+\' as extend_content\\",\\n \\"NormalizationRuleStatus\\": \\"started\\",\\n \\"NormalizationCategoryId\\": \\"NETWORK_CATEGORY\\",\\n \\"NormalizationSchemaId\\": \\"HTTP_ACTIVITY\\",\\n \\"VendorId\\": \\"alibaba_cloud\\",\\n \\"ProductId\\": \\"alibaba_cloud_sas\\",\\n \\"NormalizationRuleMode\\": \\"both\\",\\n \\"ExtendContentPacked\\": \\"enabled\\",\\n \\"OrderField\\": \\"GmtModified\\",\\n \\"NormalizationRuleIds\\": [\\n \\"nr-z0b2ssjteut85uoh9nzp\\"\\n ],\\n \\"ExtendFieldStoreMode\\": \\"flat\\"\\n }\\n}","type":"json"}]',
+ 'title' => '获取标准化规则信息',
+ 'description' => '入参JsonConfig是一个非常复杂的JSON配置,为此我们提供了辅助工具类帮助具体配置示例,请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。',
+ ],
+ 'GetNormalizationSchema' => [
+ 'summary' => '获取标准化Schema。',
+ 'methods' => [
+ 'post',
+ 'get',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'read',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'get',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '173326*******',
+ ],
+ ],
+ [
+ 'name' => 'NormalizationSchemaType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '标准化结构类型。取值:'."\n"
+ .'- log:日志。'."\n"
+ .'- entity:实体。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'log',
+ ],
+ ],
+ [
+ 'name' => 'NormalizationSchemaId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '标准化规则分类ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'HTTP_ACTIVITY',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ 'NormalizationSchema' => [
+ 'description' => '标准化结构。',
+ 'type' => 'object',
+ 'properties' => [
+ 'NormalizationSchemaId' => [
+ 'description' => '标准化结构ID。',
+ 'type' => 'string',
+ 'example' => 'HTTP_ACTIVITY',
+ ],
+ 'NormalizationSchemaName' => [
+ 'description' => '标准化结构名称。',
+ 'type' => 'string',
+ 'example' => 'normalization_rule_Z57np',
+ ],
+ 'NormalizationCategoryId' => [
+ 'description' => '标准化规则分类ID。',
+ 'type' => 'string',
+ 'example' => 'NETWORK_CATEGORY',
+ ],
+ 'NormalizationFields' => [
+ 'description' => '标准化字段列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '标准化字段。',
+ 'type' => 'object',
+ 'properties' => [
+ 'NormalizationFieldName' => [
+ 'title' => '标准字段名。',
+ 'description' => '标准化字段名称。',
+ 'type' => 'string',
+ 'example' => 'cloud_user',
+ ],
+ 'NormalizationFieldType' => [
+ 'title' => '标准字段类型,支持text、long、double、json四种类型。',
+ 'description' => '标准化字段类型。取值:'."\n"
+ .'- varchar'."\n"
+ .'- bigint'."\n"
+ .'- double',
+ 'type' => 'string',
+ 'example' => 'varchar',
+ ],
+ 'NormalizationFieldRequired' => [
+ 'title' => '是否为必填字段',
+ 'description' => '是否为必填字段',
+ 'type' => 'boolean',
+ ],
+ 'NormalizationFieldDescription' => [
+ 'title' => '标准字段描述。',
+ 'description' => '标准化字段描述。',
+ 'type' => 'string',
+ 'example' => 'cloud_user',
+ ],
+ 'NormalizationFieldExample' => [
+ 'title' => '标准字段示例。',
+ 'description' => '标准化字段样例。',
+ 'type' => 'string',
+ 'example' => '173326*******',
+ ],
+ 'NormalizationFieldReserved' => [
+ 'title' => '是否是系统内置的标准字段名。',
+ 'description' => '标准化字段是否保留。',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'NormalizationFieldFrom' => [
+ 'title' => '标准字段来源,preset-内置,custom-自定义。',
+ 'description' => '标准字段来源,preset-内置,custom-自定义。',
+ 'type' => 'string',
+ 'example' => 'preset',
+ ],
+ 'NormalizationFieldTokenize' => [
+ 'title' => '标准字段是否分词。',
+ 'description' => '标准字段是否分词。',
+ 'type' => 'boolean',
+ ],
+ 'NormalizationFieldJsonIndexAll' => [
+ 'title' => 'json类型的标准字段是否针对所有key建立索引。',
+ 'description' => 'json类型的标准字段是否针对所有key建立索引。',
+ 'type' => 'boolean',
+ ],
+ 'NormalizationFieldJsonKeys' => [
+ 'title' => 'json类型的标准字段key列表。',
+ 'description' => 'json类型的标准字段key列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'title' => 'json类型的标准字段key。',
+ 'description' => 'json类型的标准字段key。',
+ 'type' => 'object',
+ 'properties' => [
+ 'NormalizationFieldName' => [
+ 'title' => 'json类型的标准字段key名称。',
+ 'description' => 'json类型的标准字段key名称。',
+ 'type' => 'string',
+ 'example' => 'cloud_code',
+ ],
+ 'NormalizationFieldType' => [
+ 'title' => 'json类型的标准字段key类型。',
+ 'description' => 'json类型的标准字段key类型。',
+ 'type' => 'string',
+ 'example' => 'varchar',
+ ],
+ 'NormalizationFieldRequired' => [
+ 'title' => 'json类型的标准字段key是否必填。',
+ 'description' => 'json类型的标准字段key是否必填。',
+ 'type' => 'boolean',
+ ],
+ 'NormalizationFieldDescription' => [
+ 'title' => 'json类型的标准字段key描述。',
+ 'description' => 'json类型的标准字段key描述。',
+ 'type' => 'string',
+ 'example' => '云code,枚举值:\\n<br>● alibaba_cloud\\n<br>● huawei_cloud\\n<br>● tencent_cloud',
+ ],
+ 'NormalizationFieldExample' => [
+ 'title' => 'json类型的标准字段key示例。',
+ 'description' => 'json类型的标准字段key示例。',
+ 'type' => 'string',
+ 'example' => 'alibaba_cloud',
+ ],
+ 'NormalizationFieldFrom' => [
+ 'title' => 'json类型的标准字段key来源。',
+ 'description' => 'json类型的标准字段key来源。',
+ 'type' => 'string',
+ 'example' => 'preset',
+ ],
+ 'NormalizationFieldTokenize' => [
+ 'title' => 'json类型的标准字段key是否分词。',
+ 'description' => 'json类型的标准字段key是否分词。',
+ 'type' => 'boolean',
+ ],
+ 'NormalizationFieldReserved' => [
+ 'title' => '是否是系统内置的标准字段名。',
+ 'description' => '是否是系统内置的标准字段名。',
+ 'type' => 'boolean',
+ ],
+ 'CreateTime' => [
+ 'title' => '创建时间。',
+ 'description' => '创建时间。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '1736386610000',
+ ],
+ 'UpdateTime' => [
+ 'title' => '更新时间。',
+ 'description' => '更新时间。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '1736386610000',
+ ],
+ ],
+ ],
+ ],
+ 'CreateTime' => [
+ 'title' => '创建时间。',
+ 'description' => '创建时间。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '1736386610000',
+ ],
+ 'UpdateTime' => [
+ 'title' => '更新时间。',
+ 'description' => '更新时间。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '1736386610000',
+ ],
+ 'NormalizationFieldRequirement' => [
+ 'description' => '标准化字段是否必填。',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ ],
+ ],
+ ],
+ 'TargetLogStore' => [
+ 'title' => '日志服务 LogStore。',
+ 'description' => '日志服务LogStore。',
+ 'type' => 'string',
+ 'example' => 'network-activity',
+ ],
+ 'TargetStoreView' => [
+ 'title' => '日志服务 StoreView。',
+ 'description' => '日志服务StoreView。',
+ 'type' => 'string',
+ 'example' => 'network_activity',
+ ],
+ 'NormalizationSchemaType' => [
+ 'title' => '标准结构类型,preset-预定义,custom-自定义',
+ 'description' => '标准化结构类型。取值:'."\n"
+ .'- log'."\n"
+ .'- entity'."\n"
+ .'- incident',
+ 'type' => 'string',
+ 'example' => 'log',
+ ],
+ 'UpdateTime' => [
+ 'title' => '更新时间。',
+ 'description' => '更新时间。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '1733269771123',
+ ],
+ 'CreateTime' => [
+ 'title' => '创建时间。',
+ 'description' => '创建时间。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '1733269771123',
+ ],
+ 'NormalizationSchemaReferences' => [
+ 'title' => '标准化结构引用列表。',
+ 'description' => '标准化结构引用列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'title' => '标准化结构引用。',
+ 'description' => '标准化结构引用。',
+ 'type' => 'object',
+ 'properties' => [
+ 'NormalizationRuleId' => [
+ 'title' => '标准化规则ID。',
+ 'description' => '标准化规则ID。',
+ 'type' => 'string',
+ 'example' => 'alibaba_cloud_cfw_flow_rule',
+ ],
+ ],
+ ],
+ ],
+ 'NormalizationSchemaFrom' => [
+ 'title' => '标准化结构来源:preset-预定义,custom-自定义。',
+ 'description' => '标准化结构来源:preset-预定义,custom-自定义。',
+ 'type' => 'string',
+ 'example' => 'preset',
+ ],
+ 'NormalizationSchemaDescription' => [
+ 'title' => '标准化结构描述。',
+ 'description' => '标准化结构描述。',
+ 'type' => 'string',
+ 'example' => '网络五元组日志',
+ ],
+ ],
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'IdempotentParameterMismatch',
+ 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"NormalizationSchema\\": {\\n \\"NormalizationSchemaId\\": \\"HTTP_ACTIVITY\\",\\n \\"NormalizationSchemaName\\": \\"normalization_rule_Z57np\\",\\n \\"NormalizationCategoryId\\": \\"NETWORK_CATEGORY\\",\\n \\"NormalizationFields\\": [\\n {\\n \\"NormalizationFieldName\\": \\"cloud_user\\",\\n \\"NormalizationFieldType\\": \\"varchar\\",\\n \\"NormalizationFieldRequired\\": true,\\n \\"NormalizationFieldDescription\\": \\"cloud_user\\",\\n \\"NormalizationFieldExample\\": \\"173326*******\\",\\n \\"NormalizationFieldReserved\\": true,\\n \\"NormalizationFieldFrom\\": \\"preset\\",\\n \\"NormalizationFieldTokenize\\": true,\\n \\"NormalizationFieldJsonIndexAll\\": true,\\n \\"NormalizationFieldJsonKeys\\": [\\n {\\n \\"NormalizationFieldName\\": \\"cloud_code\\",\\n \\"NormalizationFieldType\\": \\"varchar\\",\\n \\"NormalizationFieldRequired\\": true,\\n \\"NormalizationFieldDescription\\": \\"云code,枚举值:\\\\\\\\n<br>● alibaba_cloud\\\\\\\\n<br>● huawei_cloud\\\\\\\\n<br>● tencent_cloud\\",\\n \\"NormalizationFieldExample\\": \\"alibaba_cloud\\",\\n \\"NormalizationFieldFrom\\": \\"preset\\",\\n \\"NormalizationFieldTokenize\\": true,\\n \\"NormalizationFieldReserved\\": true,\\n \\"CreateTime\\": 1736386610000,\\n \\"UpdateTime\\": 1736386610000\\n }\\n ],\\n \\"CreateTime\\": 1736386610000,\\n \\"UpdateTime\\": 1736386610000,\\n \\"NormalizationFieldRequirement\\": true\\n }\\n ],\\n \\"TargetLogStore\\": \\"network-activity\\",\\n \\"TargetStoreView\\": \\"network_activity\\",\\n \\"NormalizationSchemaType\\": \\"log\\",\\n \\"UpdateTime\\": 1733269771123,\\n \\"CreateTime\\": 1733269771123,\\n \\"NormalizationSchemaReferences\\": [\\n {\\n \\"NormalizationRuleId\\": \\"alibaba_cloud_cfw_flow_rule\\"\\n }\\n ],\\n \\"NormalizationSchemaFrom\\": \\"preset\\",\\n \\"NormalizationSchemaDescription\\": \\"网络五元组日志\\"\\n }\\n}","type":"json"}]',
+ 'title' => '获取标准化Schema',
+ 'description' => '入参JsonConfig是一个非常复杂的JSON配置,为此我们提供了辅助工具类帮助具体配置示例,请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。',
+ ],
+ 'GetNormalizationRuleVersion' => [
+ 'summary' => '获取标准化规则版本信息。',
+ 'methods' => [
+ 'post',
+ 'get',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'read',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'get',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '173326*******',
+ ],
+ ],
+ [
+ 'name' => 'NormalizationRuleId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '标准化规则ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'nr-z0b2ssjteut85uoh9nzp',
+ ],
+ ],
+ [
+ 'name' => 'NormalizationRuleVersion',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '标准化规则版本。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ 'NormalizationRuleVersion' => [
+ 'description' => '标准化规则版本。',
+ 'type' => 'object',
+ 'properties' => [
+ 'CreateTime' => [
+ 'description' => '创建时间。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '1733269771123',
+ ],
+ 'UpdateTime' => [
+ 'description' => '更新时间。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '1733269771123',
+ ],
+ 'NormalizationRuleId' => [
+ 'description' => '标准化规则ID。',
+ 'type' => 'string',
+ 'example' => 'nr-z0b2ssjteut85uoh9nzp',
+ ],
+ 'NormalizationRuleName' => [
+ 'description' => '标准化规则名称。',
+ 'type' => 'string',
+ 'example' => 'normalization_rule_Z57np',
+ ],
+ 'NormalizationRuleType' => [
+ 'description' => '标准化规则类型。取值:'."\n"
+ .'- predefined:预定义标准化规则。'."\n"
+ .'- custom:自定义标准化规则。',
+ 'type' => 'string',
+ 'example' => 'predefined',
+ ],
+ 'NormalizationRuleFormat' => [
+ 'description' => '标准化规则格式。',
+ 'type' => 'string',
+ 'example' => 'SPL',
+ ],
+ 'NormalizationRuleDescription' => [
+ 'description' => '标准化规则描述。',
+ 'type' => 'string',
+ 'example' => 'normalization_rule_Z57np',
+ ],
+ 'NormalizationRuleVersion' => [
+ 'description' => '标准化规则版本。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => 'V1',
+ ],
+ 'NormalizationRuleExpression' => [
+ 'description' => '标准化规则表达式。',
+ 'type' => 'string',
+ 'example' => '* | pack-fields -include=\'[\\s\\S]+\' as extend_content',
+ ],
+ 'NormalizationRuleStatus' => [
+ 'description' => '标准化规则状态。',
+ 'type' => 'string',
+ 'example' => 'started',
+ ],
+ 'NormalizationCategoryId' => [
+ 'description' => '标准化规则分类ID。',
+ 'type' => 'string',
+ 'example' => 'NETWORK_CATEGORY',
+ ],
+ 'NormalizationSchemaId' => [
+ 'description' => '标准化结构ID。',
+ 'type' => 'string',
+ 'example' => 'HTTP_ACTIVITY',
+ ],
+ 'VendorId' => [
+ 'description' => '标准化规则对应的厂商ID。',
+ 'type' => 'string',
+ 'example' => 'alibaba_cloud',
+ ],
+ 'ProductId' => [
+ 'description' => '产品ID。',
+ 'type' => 'string',
+ 'example' => 'alibaba_cloud_sas',
+ ],
+ 'NormalizationRuleVersionName' => [
+ 'description' => '标准化规则版本名称。',
+ 'type' => 'string',
+ 'example' => 'v1',
+ ],
+ 'RegionId' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'IdempotentParameterMismatch',
+ 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"NormalizationRuleVersion\\": {\\n \\"CreateTime\\": 1733269771123,\\n \\"UpdateTime\\": 1733269771123,\\n \\"NormalizationRuleId\\": \\"nr-z0b2ssjteut85uoh9nzp\\",\\n \\"NormalizationRuleName\\": \\"normalization_rule_Z57np\\",\\n \\"NormalizationRuleType\\": \\"predefined\\",\\n \\"NormalizationRuleFormat\\": \\"SPL\\",\\n \\"NormalizationRuleDescription\\": \\"normalization_rule_Z57np\\",\\n \\"NormalizationRuleVersion\\": 0,\\n \\"NormalizationRuleExpression\\": \\"* | pack-fields -include=\'[\\\\\\\\s\\\\\\\\S]+\' as extend_content\\",\\n \\"NormalizationRuleStatus\\": \\"started\\",\\n \\"NormalizationCategoryId\\": \\"NETWORK_CATEGORY\\",\\n \\"NormalizationSchemaId\\": \\"HTTP_ACTIVITY\\",\\n \\"VendorId\\": \\"alibaba_cloud\\",\\n \\"ProductId\\": \\"alibaba_cloud_sas\\",\\n \\"NormalizationRuleVersionName\\": \\"v1\\",\\n \\"RegionId\\": \\"cn-hangzhou\\"\\n }\\n}","type":"json"}]',
+ 'title' => '获取标准化规则版本信息',
+ 'description' => '入参JsonConfig是一个非常复杂的JSON配置,为此我们提供了辅助工具类帮助具体配置示例,请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。',
+ ],
+ 'DeleteNormalizationRuleVersion' => [
+ 'summary' => '删除标准化规则版本。',
+ 'methods' => [
+ 'post',
+ 'get',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'write',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'delete',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '173326*******',
+ ],
+ ],
+ [
+ 'name' => 'NormalizationRuleId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '标准化规则ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'nr-z0b2ssjteut85uoh9nzp',
+ ],
+ ],
+ [
+ 'name' => 'NormalizationRuleVersion',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '标准化规则版本。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'IdempotentParameterMismatch',
+ 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]',
+ 'title' => '删除标准化规则版本',
+ 'description' => '入参JsonConfig是一个非常复杂的JSON配置,为此我们提供了辅助工具类帮助具体配置示例,请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。',
+ ],
+ 'SetDefaultNormalizationRuleVersion' => [
+ 'summary' => '设置标准化规则默认版本。',
+ 'methods' => [
+ 'post',
+ 'get',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'write',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'none',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '173326*******',
+ ],
+ ],
+ [
+ 'name' => 'NormalizationRuleVersion',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '标准化规则版本。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => 'V1',
+ ],
+ ],
+ [
+ 'name' => 'NormalizationRuleId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '标准化规则ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'nr-z0b2ssjteut85uoh9nzp',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ 'NormalizationRuleVersion' => [
+ 'description' => '标准化规则版本。',
+ 'type' => 'object',
+ 'properties' => [
+ 'CreateTime' => [
+ 'description' => '创建时间。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '1733269771123',
+ ],
+ 'UpdateTime' => [
+ 'description' => '更新时间。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '1733269771123',
+ ],
+ 'NormalizationRuleId' => [
+ 'description' => '标准化规则ID。',
+ 'type' => 'string',
+ 'example' => 'nr-z0b2ssjteut85uoh9nzp',
+ ],
+ 'NormalizationRuleName' => [
+ 'description' => '标准化规则名称。',
+ 'type' => 'string',
+ 'example' => 'normalization_rule_Z57np',
+ ],
+ 'NormalizationRuleType' => [
+ 'description' => '标准化规则类型。取值:'."\n"
+ .'- predefined:预定义标准化规则。'."\n"
+ .'- custom:自定义标准化规则。',
+ 'type' => 'string',
+ 'example' => 'predefined',
+ ],
+ 'NormalizationRuleFormat' => [
+ 'description' => '标准化规则格式。',
+ 'type' => 'string',
+ 'example' => 'SPL',
+ ],
+ 'NormalizationRuleDescription' => [
+ 'description' => '标准化规则描述。',
+ 'type' => 'string',
+ 'example' => 'normalization_rule_Z57np',
+ ],
+ 'NormalizationRuleVersion' => [
+ 'description' => '标准化规则当前版本。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => 'V1',
+ ],
+ 'NormalizationRuleExpression' => [
+ 'description' => '标准化规则表达式。',
+ 'type' => 'string',
+ 'example' => '* | pack-fields -include=\'[\\s\\S]+\' as extend_content',
+ ],
+ 'NormalizationRuleStatus' => [
+ 'description' => '标准化规则状态。',
+ 'type' => 'string',
+ 'example' => 'started',
+ ],
+ 'NormalizationCategoryId' => [
+ 'description' => '标准化规则分类ID。',
+ 'type' => 'string',
+ 'example' => 'NETWORK_CATEGORY',
+ ],
+ 'NormalizationSchemaId' => [
+ 'description' => '标准化结构ID。',
+ 'type' => 'string',
+ 'example' => 'HTTP_ACTIVITY',
+ ],
+ 'VendorId' => [
+ 'description' => '标准化规则对应的厂商ID。',
+ 'type' => 'string',
+ 'example' => 'alibaba_cloud',
+ ],
+ 'ProductId' => [
+ 'description' => '产品ID。',
+ 'type' => 'string',
+ 'example' => 'alibaba_cloud_sas',
+ ],
+ ],
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'IdempotentParameterMismatch',
+ 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"NormalizationRuleVersion\\": {\\n \\"CreateTime\\": 1733269771123,\\n \\"UpdateTime\\": 1733269771123,\\n \\"NormalizationRuleId\\": \\"nr-z0b2ssjteut85uoh9nzp\\",\\n \\"NormalizationRuleName\\": \\"normalization_rule_Z57np\\",\\n \\"NormalizationRuleType\\": \\"predefined\\",\\n \\"NormalizationRuleFormat\\": \\"SPL\\",\\n \\"NormalizationRuleDescription\\": \\"normalization_rule_Z57np\\",\\n \\"NormalizationRuleVersion\\": 0,\\n \\"NormalizationRuleExpression\\": \\"* | pack-fields -include=\'[\\\\\\\\s\\\\\\\\S]+\' as extend_content\\",\\n \\"NormalizationRuleStatus\\": \\"started\\",\\n \\"NormalizationCategoryId\\": \\"NETWORK_CATEGORY\\",\\n \\"NormalizationSchemaId\\": \\"HTTP_ACTIVITY\\",\\n \\"VendorId\\": \\"alibaba_cloud\\",\\n \\"ProductId\\": \\"alibaba_cloud_sas\\"\\n }\\n}","type":"json"}]',
+ 'title' => '设置标准化规则默认版本',
+ 'description' => '发送通知有频率和时间的限定。'."\n"
+ .'每天每个用户在08:00-20:00点最多收到两次通知,其余时间不会发送。',
+ ],
+ 'ListNormalizationRuleVersions' => [
+ 'summary' => '获取标准化规则版本列表。',
+ 'methods' => [
+ 'post',
+ 'get',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'read',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'list',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '173326*******',
+ ],
+ ],
+ [
+ 'name' => 'NormalizationRuleId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '标准化规则ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'nr-z0b2ssjteut85uoh9nzp',
+ ],
+ ],
+ [
+ 'name' => 'MaxResults',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '本次读取的最大数据量。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'minimum' => '0',
+ 'example' => '50',
+ ],
+ ],
+ [
+ 'name' => 'NextToken',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '是否拥有下一次查询的令牌(Token)。取值:第一次查询和没有下一次查询时,均无需填写。如果有下一次查询,取值为上一次API调用返回的NextToken值。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ 'NormalizationRuleVersions' => [
+ 'description' => '标准化规则版本列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '标准化规则版本。',
+ 'type' => 'object',
+ 'properties' => [
+ 'CreateTime' => [
+ 'description' => '创建时间。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '1733269771123',
+ ],
+ 'UpdateTime' => [
+ 'description' => '更新时间。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '1733269771123',
+ ],
+ 'NormalizationRuleId' => [
+ 'description' => '标准化规则ID。',
+ 'type' => 'string',
+ 'example' => 'nr-z0b2ssjteut85uoh9nzp',
+ ],
+ 'NormalizationRuleVersion' => [
+ 'description' => '标准化规则版本。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => 'V1',
+ ],
+ 'NormalizationRuleExpression' => [
+ 'description' => '标准化规则表达式。',
+ 'type' => 'string',
+ 'example' => '* | pack-fields -include=\'[\\s\\S]+\' as extend_content',
+ ],
+ ],
+ ],
+ ],
+ 'MaxResults' => [
+ 'description' => '本次读取的最大数据量。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '50',
+ ],
+ 'NextToken' => [
+ 'description' => '是否拥有下一次查询的令牌(Token)。取值:第一次查询和没有下一次查询时,均无需填写。如果有下一次查询,取值为上一次API调用返回的NextToken值。',
+ 'type' => 'string',
+ 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****',
+ ],
+ 'TotalCount' => [
+ 'description' => '记录总数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '57',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'IdempotentParameterMismatch',
+ 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"NormalizationRuleVersions\\": [\\n {\\n \\"CreateTime\\": 1733269771123,\\n \\"UpdateTime\\": 1733269771123,\\n \\"NormalizationRuleId\\": \\"nr-z0b2ssjteut85uoh9nzp\\",\\n \\"NormalizationRuleVersion\\": 0,\\n \\"NormalizationRuleExpression\\": \\"* | pack-fields -include=\'[\\\\\\\\s\\\\\\\\S]+\' as extend_content\\"\\n }\\n ],\\n \\"MaxResults\\": 50,\\n \\"NextToken\\": \\"AAAAAUqcj6VO4E3ECWIrFczs****\\",\\n \\"TotalCount\\": 57\\n}","type":"json"}]',
+ 'title' => '获取标准化规则版本列表',
+ 'description' => '入参JsonConfig是一个非常复杂的JSON配置,为此我们提供了辅助工具类帮助具体配置示例,请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。',
+ ],
+ 'ListNormalizationRules' => [
+ 'summary' => '获取标准化规则列表。',
+ 'methods' => [
+ 'post',
+ 'get',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'read',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'list',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '173326*******',
+ ],
+ ],
+ [
+ 'name' => 'NormalizationRuleIds',
+ 'in' => 'formData',
+ 'style' => 'simple',
+ 'schema' => [
+ 'description' => '标准化规则ID列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '标准化规则ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'nr-z0b2ssjteut85uoh9nzp',
+ ],
+ 'required' => false,
+ ],
+ ],
+ [
+ 'name' => 'NormalizationRuleName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '标准化规则名称。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'normalization_rule_Z57np',
+ ],
+ ],
+ [
+ 'name' => 'NormalizationRuleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '标准化规则类型。取值:'."\n"
+ .'- predefined:预定义标准化规则。'."\n"
+ .'- custom:自定义标准化规则。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'predefined',
+ ],
+ ],
+ [
+ 'name' => 'NormalizationCategoryId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '标准化规则分类ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'NETWORK_CATEGORY',
+ ],
+ ],
+ [
+ 'name' => 'NormalizationSchemaId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '标准化结构ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'HTTP_ACTIVITY',
+ ],
+ ],
+ [
+ 'name' => 'VendorId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '标准化规则对应的厂商ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'alibaba_cloud',
+ ],
+ ],
+ [
+ 'name' => 'ProductId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '产品ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'alibaba_cloud_sas',
+ ],
+ ],
+ [
+ 'name' => 'PageNumber',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '分页参数:当前页码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '3',
+ ],
+ ],
+ [
+ 'name' => 'PageSize',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '分页参数:每页显示条数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '10',
+ ],
+ ],
+ [
+ 'name' => 'OrderField',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '排序字段。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'UpdateTime',
+ ],
+ ],
+ [
+ 'name' => 'OrderType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '排序类型。取值:'."\n"
+ .'- desc'."\n"
+ .'- asc',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'desc',
+ ],
+ ],
+ [
+ 'name' => 'MaxResults',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '本次读取的最大数据量。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'minimum' => '0',
+ 'example' => '50',
+ ],
+ ],
+ [
+ 'name' => 'NextToken',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '是否拥有下一次查询的令牌(Token)。取值:第一次查询和没有下一次查询时,均无需填写。如果有下一次查询,取值为上一次API调用返回的NextToken值。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ 'NormalizationRules' => [
+ 'description' => '标准化规则列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '标准化规则。',
+ 'type' => 'object',
+ 'properties' => [
+ 'CreateTime' => [
+ 'description' => '创建时间。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '1733269771123',
+ ],
+ 'UpdateTime' => [
+ 'description' => '更新时间。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '1733269771123',
+ ],
+ 'NormalizationRuleId' => [
+ 'description' => '标准化规则ID。',
+ 'type' => 'string',
+ 'example' => 'nr-z0b2ssjteut85uoh9nzp',
+ ],
+ 'NormalizationRuleName' => [
+ 'description' => '标准化规则名称。',
+ 'type' => 'string',
+ 'example' => 'normalization_rule_Z57np',
+ ],
+ 'NormalizationRuleType' => [
+ 'description' => '标准化规则类型。取值:'."\n"
+ .'- predefined:预定义标准化规则。'."\n"
+ .'- custom:自定义标准化规则。'."\n",
+ 'type' => 'string',
+ 'example' => 'predefined',
+ ],
+ 'NormalizationRuleFormat' => [
+ 'description' => '标准化规则格式。',
+ 'type' => 'string',
+ 'example' => 'SPL',
+ ],
+ 'NormalizationRuleDescription' => [
+ 'description' => '标准化规则描述。',
+ 'type' => 'string',
+ 'example' => 'normalization_rule_Z57np',
+ ],
+ 'NormalizationRuleVersion' => [
+ 'description' => '标准化规则当前版本。',
+ 'type' => 'string',
+ 'example' => 'V1',
+ ],
+ 'NormalizationRuleExpression' => [
+ 'description' => '标准化规则表达式。',
+ 'type' => 'string',
+ 'example' => '* | pack-fields -include=\'[\\s\\S]+\' as extend_content',
+ ],
+ 'NormalizationRuleStatus' => [
+ 'description' => '标准化规则状态。',
+ 'type' => 'string',
+ 'example' => 'started',
+ ],
+ 'NormalizationCategoryId' => [
+ 'description' => '标准化规则分类ID。',
+ 'type' => 'string',
+ 'example' => 'NETWORK_CATEGORY',
+ ],
+ 'NormalizationSchemaId' => [
+ 'description' => '标准化结构ID。',
+ 'type' => 'string',
+ 'example' => 'HTTP_ACTIVITY',
+ ],
+ 'VendorId' => [
+ 'description' => '标准化规则对应的厂商ID。',
+ 'type' => 'string',
+ 'example' => 'alibaba_cloud',
+ ],
+ 'ProductId' => [
+ 'description' => '产品ID。'."\n"
+ ."\n",
+ 'type' => 'string',
+ 'example' => 'alibaba_cloud_sas',
+ ],
+ 'NormalizationRuleReferences' => [
+ 'description' => '关联的接入策略列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '关联的接入策略。',
+ 'type' => 'object',
+ 'properties' => [
+ 'DataIngestionId' => [
+ 'description' => '数据接入ID。',
+ 'type' => 'string',
+ 'example' => 'alibaba_cloud_bot_flow_ingestion_173326*******',
+ ],
+ ],
+ ],
+ ],
+ 'NormalizationRuleMode' => [
+ 'description' => '标准化规则模式。取值:'."\n"
+ .'- both'."\n"
+ .'- scan'."\n"
+ .'- realtime',
+ 'type' => 'string',
+ 'example' => 'both',
+ ],
+ 'ExtendContentPacked' => [
+ 'description' => '用于标识否将非标准字段打包到扩展字段extend_content。取值:'."\n"
+ .'- enabled:启用。'."\n"
+ .'- disabled:禁用。',
+ 'type' => 'string',
+ 'example' => 'enabled',
+ ],
+ 'ExtendFieldStoreMode' => [
+ 'title' => '扩展字段存储模式,flat-原样接入,reject-不接入,pack-打包到extend_content字段。',
+ 'description' => '扩展字段存储模式,flat-原样接入,reject-不接入,pack-打包到extend_content字段。',
+ 'type' => 'string',
+ 'example' => 'flat',
+ ],
+ ],
+ ],
+ ],
+ 'PageNumber' => [
+ 'description' => '分页参数:当前页码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '1',
+ ],
+ 'PageSize' => [
+ 'description' => '分页参数:每页显示条数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '2',
+ ],
+ 'TotalCount' => [
+ 'description' => '记录总数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '5',
+ ],
+ 'TotalPage' => [
+ 'description' => '总页数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '1',
+ ],
+ 'MaxResults' => [
+ 'description' => '本次读取的最大数据量。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '50',
+ ],
+ 'NextToken' => [
+ 'description' => '是否拥有下一次查询的令牌(Token)。取值:第一次查询和没有下一次查询时,均无需填写。如果有下一次查询,取值为上一次API调用返回的NextToken值。',
+ 'type' => 'string',
+ 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'IdempotentParameterMismatch',
+ 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"NormalizationRules\\": [\\n {\\n \\"CreateTime\\": 1733269771123,\\n \\"UpdateTime\\": 1733269771123,\\n \\"NormalizationRuleId\\": \\"nr-z0b2ssjteut85uoh9nzp\\",\\n \\"NormalizationRuleName\\": \\"normalization_rule_Z57np\\",\\n \\"NormalizationRuleType\\": \\"predefined\\",\\n \\"NormalizationRuleFormat\\": \\"SPL\\",\\n \\"NormalizationRuleDescription\\": \\"normalization_rule_Z57np\\",\\n \\"NormalizationRuleVersion\\": \\"V1\\",\\n \\"NormalizationRuleExpression\\": \\"* | pack-fields -include=\'[\\\\\\\\s\\\\\\\\S]+\' as extend_content\\",\\n \\"NormalizationRuleStatus\\": \\"started\\",\\n \\"NormalizationCategoryId\\": \\"NETWORK_CATEGORY\\",\\n \\"NormalizationSchemaId\\": \\"HTTP_ACTIVITY\\",\\n \\"VendorId\\": \\"alibaba_cloud\\",\\n \\"ProductId\\": \\"alibaba_cloud_sas\\",\\n \\"NormalizationRuleReferences\\": [\\n {\\n \\"DataIngestionId\\": \\"alibaba_cloud_bot_flow_ingestion_173326*******\\"\\n }\\n ],\\n \\"NormalizationRuleMode\\": \\"both\\",\\n \\"ExtendContentPacked\\": \\"enabled\\",\\n \\"ExtendFieldStoreMode\\": \\"flat\\"\\n }\\n ],\\n \\"PageNumber\\": 1,\\n \\"PageSize\\": 2,\\n \\"TotalCount\\": 5,\\n \\"TotalPage\\": 1,\\n \\"MaxResults\\": 50,\\n \\"NextToken\\": \\"AAAAAUqcj6VO4E3ECWIrFczs****\\"\\n}","type":"json"}]',
+ 'title' => '获取标准化规则列表',
+ 'description' => '发送通知有频率和时间的限定。'."\n"
+ .'每天每个用户在08:00-20:00点最多收到两次通知,其余时间不会发送。',
+ ],
+ 'ListNormalizationFields' => [
+ 'summary' => '获取标准化字段列表。',
+ 'methods' => [
+ 'post',
+ 'get',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'read',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'list',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '173326*******',
+ ],
+ ],
+ [
+ 'name' => 'Name',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '字段名称。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'category',
+ ],
+ ],
+ [
+ 'name' => 'MaxResults',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '本次读取的最大数据量。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'minimum' => '0',
+ 'example' => '50',
+ ],
+ ],
+ [
+ 'name' => 'NextToken',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '是否拥有下一次查询的令牌(Token)。取值:第一次查询和没有下一次查询时,均无需填写。如果有下一次查询,取值为上一次API调用返回的NextToken值。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ 'NormalizationFields' => [
+ 'description' => '标准化字段列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '标准化字段。',
+ 'type' => 'object',
+ 'properties' => [
+ 'NormalizationFieldName' => [
+ 'description' => '标准化字段名称。',
+ 'type' => 'string',
+ 'example' => 'cloud_user',
+ ],
+ 'NormalizationFieldType' => [
+ 'description' => '标准化字段类型。取值:'."\n"
+ .'- varchar'."\n"
+ .'- bigint'."\n"
+ .'- double',
+ 'type' => 'string',
+ 'example' => 'varchar',
+ ],
+ 'NormalizationFieldRequired' => [
+ 'title' => '标准字段key是否必填。',
+ 'description' => '标准字段key是否必填。',
+ 'type' => 'boolean',
+ ],
+ 'NormalizationFieldDescription' => [
+ 'description' => '标准化字段描述。',
+ 'type' => 'string',
+ 'example' => 'cloud_user',
+ ],
+ 'NormalizationFieldExample' => [
+ 'description' => '标准化字段样例。',
+ 'type' => 'string',
+ 'example' => '173326*******',
+ ],
+ 'NormalizationCategoryId' => [
+ 'description' => '标准化类目ID。',
+ 'type' => 'string',
+ 'example' => 'NETWORK_CATEGORY',
+ ],
+ 'NormalizationSchemaId' => [
+ 'description' => '标准化结构ID。',
+ 'type' => 'string',
+ 'example' => 'NETWORK_SESSION_ACTIVITY',
+ ],
+ 'NormalizationFieldReserved' => [
+ 'description' => '标准化字段是否保留。',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ 'NormalizationFieldFrom' => [
+ 'title' => 'json类型的标准字段key来源。',
+ 'description' => 'json类型的标准字段key来源。',
+ 'type' => 'string',
+ 'example' => 'preset',
+ ],
+ 'NormalizationFieldTokenize' => [
+ 'title' => '标准字段是否分词。',
+ 'description' => '标准字段是否分词。',
+ 'type' => 'boolean',
+ ],
+ 'NormalizationFieldJsonIndexAll' => [
+ 'title' => 'json类型的标准字段是否针对所有key建立索引。',
+ 'description' => 'json类型的标准字段是否针对所有key建立索引。',
+ 'type' => 'boolean',
+ ],
+ 'NormalizationFieldJsonKeys' => [
+ 'title' => 'json类型的标准字段key列表。',
+ 'description' => 'json类型的标准字段key列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'title' => 'json类型的标准字段key。',
+ 'description' => 'json类型的标准字段key。',
+ 'type' => 'object',
+ 'properties' => [
+ 'NormalizationFieldName' => [
+ 'title' => 'json类型的标准字段key名称。',
+ 'description' => 'json类型的标准字段key名称。',
+ 'type' => 'string',
+ 'example' => 'alert_level',
+ ],
+ 'NormalizationFieldType' => [
+ 'title' => 'json类型的标准字段key类型。',
+ 'description' => 'json类型的标准字段key类型。',
+ 'type' => 'string',
+ 'example' => 'text',
+ ],
+ 'NormalizationFieldRequired' => [
+ 'title' => 'json类型的标准字段key是否必填。',
+ 'description' => 'json类型的标准字段key是否必填。',
+ 'type' => 'boolean',
+ ],
+ 'NormalizationFieldDescription' => [
+ 'title' => 'json类型的标准字段key描述。',
+ 'description' => 'json类型的标准字段key描述。',
+ 'type' => 'string',
+ 'example' => 'alert_level',
+ ],
+ 'NormalizationFieldExample' => [
+ 'title' => 'json类型的标准字段key示例。',
+ 'description' => 'json类型的标准字段key示例。',
+ 'type' => 'string',
+ 'example' => '1',
+ ],
+ 'NormalizationFieldFrom' => [
+ 'title' => 'json类型的标准字段key来源。',
+ 'description' => 'json类型的标准字段key来源。',
+ 'type' => 'string',
+ 'example' => 'preset',
+ ],
+ 'NormalizationFieldTokenize' => [
+ 'title' => 'json类型的标准字段key是否分词。',
+ 'description' => 'json类型的标准字段key是否分词。',
+ 'type' => 'boolean',
+ ],
+ 'NormalizationFieldReserved' => [
+ 'title' => '是否是系统内置的标准字段key。',
+ 'description' => '是否是系统内置的标准字段key。',
+ 'type' => 'boolean',
+ ],
+ 'CreateTime' => [
+ 'title' => '创建时间。',
+ 'description' => '创建时间。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '1736386610000',
+ ],
+ 'UpdateTime' => [
+ 'title' => '更新时间。',
+ 'description' => '更新时间。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '1736386610000',
+ ],
+ ],
+ ],
+ ],
+ 'CreateTime' => [
+ 'title' => '创建时间。',
+ 'description' => '创建时间。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '1736386610000',
+ ],
+ 'UpdateTime' => [
+ 'title' => '更新时间。',
+ 'description' => '更新时间。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '1736386610000',
+ ],
+ 'NormalizationFieldRequirement' => [
+ 'description' => '标准化字段是否必填。',
+ 'type' => 'boolean',
+ 'example' => 'true',
+ ],
+ ],
+ ],
+ ],
+ 'MaxResults' => [
+ 'description' => '本次读取的最大数据量。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '50',
+ ],
+ 'NextToken' => [
+ 'description' => '是否拥有下一次查询的令牌(Token)。取值:第一次查询和没有下一次查询时,均无需填写。如果有下一次查询,取值为上一次API调用返回的NextToken值。',
+ 'type' => 'string',
+ 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****',
+ ],
+ 'TotalCount' => [
+ 'description' => '记录总数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '57',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'IdempotentParameterMismatch',
+ 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"NormalizationFields\\": [\\n {\\n \\"NormalizationFieldName\\": \\"cloud_user\\",\\n \\"NormalizationFieldType\\": \\"varchar\\",\\n \\"NormalizationFieldRequired\\": true,\\n \\"NormalizationFieldDescription\\": \\"cloud_user\\",\\n \\"NormalizationFieldExample\\": \\"173326*******\\",\\n \\"NormalizationCategoryId\\": \\"NETWORK_CATEGORY\\",\\n \\"NormalizationSchemaId\\": \\"NETWORK_SESSION_ACTIVITY\\",\\n \\"NormalizationFieldReserved\\": true,\\n \\"NormalizationFieldFrom\\": \\"preset\\",\\n \\"NormalizationFieldTokenize\\": true,\\n \\"NormalizationFieldJsonIndexAll\\": true,\\n \\"NormalizationFieldJsonKeys\\": [\\n {\\n \\"NormalizationFieldName\\": \\"alert_level\\",\\n \\"NormalizationFieldType\\": \\"text\\",\\n \\"NormalizationFieldRequired\\": true,\\n \\"NormalizationFieldDescription\\": \\"alert_level\\",\\n \\"NormalizationFieldExample\\": \\"1\\",\\n \\"NormalizationFieldFrom\\": \\"preset\\",\\n \\"NormalizationFieldTokenize\\": true,\\n \\"NormalizationFieldReserved\\": true,\\n \\"CreateTime\\": 1736386610000,\\n \\"UpdateTime\\": 1736386610000\\n }\\n ],\\n \\"CreateTime\\": 1736386610000,\\n \\"UpdateTime\\": 1736386610000,\\n \\"NormalizationFieldRequirement\\": true\\n }\\n ],\\n \\"MaxResults\\": 50,\\n \\"NextToken\\": \\"AAAAAUqcj6VO4E3ECWIrFczs****\\",\\n \\"TotalCount\\": 57\\n}","type":"json"}]',
+ 'title' => '获取标准化字段列表',
+ 'description' => '入参JsonConfig是一个非常复杂的JSON配置,为此我们提供了辅助工具类帮助具体配置示例,请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。',
+ ],
+ 'ListNormalizationCategories' => [
+ 'summary' => '获取标准化Category列表',
+ 'methods' => [
+ 'post',
+ 'get',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'read',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'list',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '173326*******',
+ ],
+ ],
+ [
+ 'name' => 'NormalizationCategoryType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '标准化规则类目类型。取值:'."\n"
+ .'- log'."\n"
+ .'- entity',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'entity',
+ ],
+ ],
+ [
+ 'name' => 'MaxResults',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '本次读取的最大数据量。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'minimum' => '0',
+ 'example' => '50',
+ ],
+ ],
+ [
+ 'name' => 'NextToken',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '是否拥有下一次查询的令牌(Token)。取值:第一次查询和没有下一次查询时,均无需填写。如果有下一次查询,取值为上一次API调用返回的NextToken值。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ 'NormalizationCategories' => [
+ 'description' => '标准化类目列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '标准化类目。',
+ 'type' => 'object',
+ 'properties' => [
+ 'NormalizationCategoryId' => [
+ 'description' => '标准化类目ID。',
+ 'type' => 'string',
+ 'example' => 'COMMON_CATEGORY',
+ ],
+ 'NormalizationCategoryName' => [
+ 'description' => '标准化类目名称。',
+ 'type' => 'string',
+ 'example' => 'COMMON_CATEGORY',
+ ],
+ ],
+ ],
+ ],
+ 'MaxResults' => [
+ 'description' => '本次读取的最大数据量。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '50',
+ ],
+ 'NextToken' => [
+ 'description' => '是否拥有下一次查询的令牌(Token)。取值:第一次查询和没有下一次查询时,均无需填写。如果有下一次查询,取值为上一次API调用返回的NextToken值。',
+ 'type' => 'string',
+ 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****',
+ ],
+ 'TotalCount' => [
+ 'description' => '记录总数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '57',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'IdempotentParameterMismatch',
+ 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"NormalizationCategories\\": [\\n {\\n \\"NormalizationCategoryId\\": \\"COMMON_CATEGORY\\",\\n \\"NormalizationCategoryName\\": \\"COMMON_CATEGORY\\"\\n }\\n ],\\n \\"MaxResults\\": 50,\\n \\"NextToken\\": \\"AAAAAUqcj6VO4E3ECWIrFczs****\\",\\n \\"TotalCount\\": 57\\n}","type":"json"}]',
+ 'title' => '获取标准化Category列表',
+ 'description' => '发送通知有频率和时间的限定。'."\n"
+ .'每天每个用户在08:00-20:00点最多收到两次通知,其余时间不会发送。',
+ ],
+ 'ListNormalizationRuleCapacities' => [
+ 'summary' => '获取标准化规则安全能力列表。',
+ 'methods' => [
+ 'post',
+ 'get',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'read',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'list',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '173326*******',
+ ],
+ ],
+ [
+ 'name' => 'NormalizationRuleId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '标准化规则ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'nr-z0b2ssjteut85uoh9nzp',
+ ],
+ ],
+ [
+ 'name' => 'MaxResults',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '本次读取的最大数据量。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'minimum' => '0',
+ 'example' => '50',
+ ],
+ ],
+ [
+ 'name' => 'NextToken',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '是否拥有下一次查询的令牌(Token)。取值:第一次查询和没有下一次查询时,均无需填写。如果有下一次查询,取值为上一次API调用返回的NextToken值。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****',
+ ],
+ ],
+ [
+ 'name' => 'NormalizationRuleIds',
+ 'in' => 'formData',
+ 'style' => 'simple',
+ 'schema' => [
+ 'description' => '标准化规则ID列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '标准化规则ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'nr-z0b2ssjteut85uoh9nzp',
+ ],
+ 'required' => false,
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ 'NormalizationRuleCapacities' => [
+ 'description' => '标准化规则关联的安全能力列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '标准化规则关联的安全能力。',
+ 'type' => 'object',
+ 'properties' => [
+ 'CapacityType' => [
+ 'description' => '安全能力类型。取值:'."\n"
+ .'- detection_preset_rule:预定义分析规则。'."\n"
+ .'- detection_custom_rule:自定义分析规则。'."\n"
+ .'- incident_investigation:安全事件处理。'."\n"
+ .'- soar_playbooks:预定义剧本。',
+ 'type' => 'string',
+ 'example' => 'detection_preset_rule',
+ ],
+ 'Capacities' => [
+ 'description' => '安全能力列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '安全能力。',
+ 'type' => 'string',
+ 'example' => 'NETWORK_SESSION_ACTIVITY',
+ ],
+ ],
+ 'NormalizationRuleId' => [
+ 'description' => '标准化规则ID。',
+ 'type' => 'string',
+ 'example' => 'nr-z0b2ssjteut85uoh9nzp',
+ ],
+ ],
+ ],
+ ],
+ 'PageNumber' => [
+ 'description' => '分页参数:当前页码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '1',
+ ],
+ 'PageSize' => [
+ 'description' => '分页参数:每页显示条数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '10',
+ ],
+ 'TotalCount' => [
+ 'description' => '记录总数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '57',
+ ],
+ 'TotalPage' => [
+ 'description' => '总页数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '3',
+ ],
+ 'MaxResults' => [
+ 'description' => '本次读取的最大数据量。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '50',
+ ],
+ 'NextToken' => [
+ 'description' => '是否拥有下一次查询的令牌(Token)。取值:第一次查询和没有下一次查询时,均无需填写。如果有下一次查询,取值为上一次API调用返回的NextToken值。',
+ 'type' => 'string',
+ 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'IdempotentParameterMismatch',
+ 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"NormalizationRuleCapacities\\": [\\n {\\n \\"CapacityType\\": \\"detection_preset_rule\\",\\n \\"Capacities\\": [\\n \\"NETWORK_SESSION_ACTIVITY\\"\\n ],\\n \\"NormalizationRuleId\\": \\"nr-z0b2ssjteut85uoh9nzp\\"\\n }\\n ],\\n \\"PageNumber\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 57,\\n \\"TotalPage\\": 3,\\n \\"MaxResults\\": 50,\\n \\"NextToken\\": \\"AAAAAUqcj6VO4E3ECWIrFczs****\\"\\n}","type":"json"}]',
+ 'title' => '获取标准化规则安全能力列表',
+ 'description' => '入参JsonConfig是一个非常复杂的JSON配置,为此我们提供了辅助工具类帮助具体配置示例,请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。',
+ ],
+ 'ListNormalizationSchemas' => [
+ 'summary' => '获取标准化Schema列表。',
+ 'methods' => [
+ 'post',
+ 'get',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'read',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'list',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '请求和接收消息的语言类型。取值:'."\n"
+ ."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '173326*******',
+ ],
+ ],
+ [
+ 'name' => 'NormalizationSchemaType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '标准化结构类型。取值:'."\n"
+ .'- log:日志。'."\n"
+ .'- entity:实体。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'entity',
+ ],
+ ],
+ [
+ 'name' => 'NormalizationCategoryId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '标准化规则分类ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'NETWORK_CATEGORY',
+ ],
+ ],
+ [
+ 'name' => 'MaxResults',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '本次读取的最大数据量。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'minimum' => '0',
+ 'example' => '50',
+ ],
+ ],
+ [
+ 'name' => 'NextToken',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '是否拥有下一次查询的令牌(Token)。取值:第一次查询和没有下一次查询时,均无需填写。如果有下一次查询,取值为上一次API调用返回的NextToken值。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ 'NormalizationSchemas' => [
+ 'description' => '标准化结构列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '标准化结构。',
+ 'type' => 'object',
+ 'properties' => [
+ 'NormalizationSchemaId' => [
+ 'description' => '标准化结构ID。',
+ 'type' => 'string',
+ 'example' => 'HTTP_ACTIVITY',
+ ],
+ 'NormalizationSchemaName' => [
+ 'description' => '标准化结构名称。',
+ 'type' => 'string',
+ 'example' => 'normalization_rule_Z57np',
+ ],
+ 'NormalizationCategoryId' => [
+ 'description' => '标准化规则分类ID。',
+ 'type' => 'string',
+ 'example' => 'NETWORK_CATEGORY',
+ ],
+ 'NormalizationSchemaTargetLogStore' => [
+ 'description' => '标准化输出的LogStore。',
+ 'type' => 'string',
+ 'example' => 'network-activity',
+ ],
+ 'CreateTime' => [
+ 'title' => '创建时间。',
+ 'description' => '创建时间。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '1736386610000',
+ ],
+ 'UpdateTime' => [
+ 'title' => '更新时间。',
+ 'description' => '更新时间。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '1736386610000',
+ ],
+ 'NormalizationSchemaDescription' => [
+ 'title' => '标准结构描述。',
+ 'description' => '标准结构描述。',
+ 'type' => 'string',
+ 'example' => 'Network flow log',
+ ],
+ 'NormalizationSchemaFrom' => [
+ 'title' => '标准化结构来源:preset-预定义,custom-自定义。',
+ 'description' => '标准化结构来源:preset-预定义,custom-自定义。',
+ 'type' => 'string',
+ 'example' => 'preset',
+ ],
+ 'TargetLogStore' => [
+ 'title' => '日志服务 LogStore。',
+ 'description' => '日志服务 LogStore。',
+ 'type' => 'string',
+ 'example' => 'network-activity',
+ ],
+ 'TargetStoreView' => [
+ 'title' => '日志服务 StoreView。',
+ 'description' => '日志服务 StoreView。',
+ 'type' => 'string',
+ 'example' => 'network-activity',
+ ],
+ ],
+ ],
+ ],
+ 'MaxResults' => [
+ 'description' => '本次读取的最大数据量。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '50',
+ ],
+ 'NextToken' => [
+ 'description' => '是否拥有下一次查询的令牌(Token)。取值:第一次查询和没有下一次查询时,均无需填写。如果有下一次查询,取值为上一次API调用返回的NextToken值。',
+ 'type' => 'string',
+ 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****',
+ ],
+ 'TotalCount' => [
+ 'description' => '记录总数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '57',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'IdempotentParameterMismatch',
+ 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"NormalizationSchemas\\": [\\n {\\n \\"NormalizationSchemaId\\": \\"HTTP_ACTIVITY\\",\\n \\"NormalizationSchemaName\\": \\"normalization_rule_Z57np\\",\\n \\"NormalizationCategoryId\\": \\"NETWORK_CATEGORY\\",\\n \\"NormalizationSchemaTargetLogStore\\": \\"network-activity\\",\\n \\"CreateTime\\": 1736386610000,\\n \\"UpdateTime\\": 1736386610000,\\n \\"NormalizationSchemaDescription\\": \\"Network flow log\\",\\n \\"NormalizationSchemaFrom\\": \\"preset\\",\\n \\"TargetLogStore\\": \\"network-activity\\",\\n \\"TargetStoreView\\": \\"network-activity\\"\\n }\\n ],\\n \\"MaxResults\\": 50,\\n \\"NextToken\\": \\"AAAAAUqcj6VO4E3ECWIrFczs****\\",\\n \\"TotalCount\\": 57\\n}","type":"json"}]',
+ 'title' => '获取标准化Schema列表',
+ 'description' => '入参JsonConfig是一个非常复杂的JSON配置,为此我们提供了辅助工具类帮助具体配置示例,请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。',
+ ],
+ 'CreateDataSet' => [
+ 'summary' => '创建数据集。',
+ 'methods' => [
+ 'post',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'write',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'create',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsasASHGE7',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'DataSetName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '数据集名称',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'lmftest',
+ 'maxLength' => 100,
+ ],
+ ],
+ [
+ 'name' => 'DataSetDescription',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '数据集描述。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'lmftest contains ip list',
+ 'maxLength' => 1000,
+ ],
+ ],
+ [
+ 'name' => 'DataSetFieldKeyName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '数据集唯一键名称。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'ip',
+ ],
+ ],
+ [
+ 'name' => 'DataSetFileName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '上传的数据集文件名称。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'cloudsiem-dataset/1358117679873357_17433*****.csv',
+ ],
+ ],
+ [
+ 'name' => 'IpWhitelistRecognizers',
+ 'in' => 'formData',
+ 'style' => 'flat',
+ 'schema' => [
+ 'description' => '识别器列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '识别器。',
+ 'type' => 'object',
+ 'properties' => [
+ 'IpWhitelistRecognizerType' => [
+ 'description' => '识别器识别的IP类型。取值:'."\n"
+ .'- sas_vulnerability_scanner_ip:云安全中心漏洞Web扫描器IP地址。'."\n"
+ .'- waf_back_source_ip:Web应用防火墙回源IP地址。'."\n"
+ .'- ddos_back_source_ip:DDoS防护回源IP地址。'."\n"
+ .'- esa_back_source_ip:边缘安全加速ESA回源节点IP地址。'."\n"
+ .'- ecs_public_ip:云服务器ECS公网IP地址。'."\n"
+ .'- slb_public_ip:负载均衡SLB公网IP地址。'."\n"
+ .'- vpc_eip:弹性公网IP(EIP)地址。'."\n"
+ .'- cdn_back_source_ip:内容分发网络CDN回源IP地址。'."\n"
+ .'- ga_back_source_ip:全球加速GA回源IP地址。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'waf_back_source_ip',
+ ],
+ 'AutoRecognizeStatus' => [
+ 'description' => '自动识别状态。取值:'."\n"
+ .'- enabled:已启用。'."\n"
+ .'- disabled:未启用。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'enabled',
+ ],
+ 'RecognizeScope' => [
+ 'description' => '识别范围。取值:'."\n"
+ .'- current_account:仅当前账户。'."\n"
+ .'- rd_accounts:开启多账号。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'current_account',
+ ],
+ ],
+ 'required' => false,
+ ],
+ 'required' => false,
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'DataSetStatus',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '数据集状态。取值:'."\n"
+ .'- 0:删除。'."\n"
+ .'- 1:启用。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'DataSetType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '数据集类型。取值:'."\n"
+ .'- custom:自定义。'."\n"
+ .'- preset:预定义。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'custom',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****',
+ ],
+ 'DataSetRecordStatistic' => [
+ 'description' => '数据集创建返回结果。',
+ 'type' => 'object',
+ 'properties' => [
+ 'NewDataSetRecordCount' => [
+ 'description' => '新增数据集记录数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '6',
+ ],
+ 'DataSetId' => [
+ 'description' => '数据集ID。',
+ 'type' => 'string',
+ 'example' => 'dataset-qt0n8246gs9nackg****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'IdempotentParameterMismatch',
+ 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\",\\n \\"DataSetRecordStatistic\\": {\\n \\"NewDataSetRecordCount\\": 6,\\n \\"DataSetId\\": \\"dataset-qt0n8246gs9nackg****\\"\\n }\\n}","type":"json"}]',
+ 'title' => '创建数据集',
+ ],
+ 'UpdateDataSet' => [
+ 'summary' => '更新数据集。',
+ 'methods' => [
+ 'post',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'write',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'update',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsasASHGE7',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'DataSetId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '数据集ID。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'dataset-10iy8mbifnb4gniv****',
+ ],
+ ],
+ [
+ 'name' => 'DataSetDescription',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '数据集描述。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'lmftest desc',
+ 'maxLength' => 1000,
+ ],
+ ],
+ [
+ 'name' => 'IpWhitelistRecognizers',
+ 'in' => 'formData',
+ 'style' => 'flat',
+ 'schema' => [
+ 'description' => '识别器识别的IP类型。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '识别器识别的IP类型。',
+ 'type' => 'object',
+ 'properties' => [
+ 'IpWhitelistRecognizerType' => [
+ 'description' => '识别器识别的IP类型。取值:'."\n"
+ .'- sas_vulnerability_scanner_ip:云安全中心漏洞Web扫描器IP地址。'."\n"
+ .'- waf_back_source_ip:Web应用防火墙回源IP地址。'."\n"
+ .'- ddos_back_source_ip:DDoS防护回源IP地址。'."\n"
+ .'- esa_back_source_ip:边缘安全加速ESA回源节点IP地址。'."\n"
+ .'- ecs_public_ip:云服务器ECS公网IP地址。'."\n"
+ .'- slb_public_ip:负载均衡SLB公网IP地址。'."\n"
+ .'- vpc_eip:弹性公网IP(EIP)地址。'."\n"
+ .'- cdn_back_source_ip:内容分发网络CDN回源IP地址。'."\n"
+ .'- ga_back_source_ip:全球加速GA回源IP地址。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cdn_back_source_ip',
+ ],
+ 'AutoRecognizeStatus' => [
+ 'description' => '自动识别状态。取值:'."\n"
+ .'- enabled:启用。'."\n"
+ .'- disabled:禁用。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'enabled',
+ ],
+ 'RecognizeScope' => [
+ 'description' => '识别范围。取值:'."\n"
+ .'- current_account:仅当前账户。'."\n"
+ .'- rd_accounts:开启多账号。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'current_account',
+ ],
+ ],
+ 'required' => false,
+ ],
+ 'required' => false,
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'DataSetName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '数据集名称。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'lmftest',
+ ],
+ ],
+ [
+ 'name' => 'DataSetFileName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '上传的数据集文件名称。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cloudsiem-dataset/1358117679873357_1743387731614.csv',
+ ],
+ ],
+ [
+ 'name' => 'DataSetStatus',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '数据集状态。取值:'."\n"
+ .'- 0:删除。'."\n"
+ .'- 1:启用。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => 'DE7E77A9-BFAD-5EAA-9B48-A96760E9DF0B',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'IdempotentParameterMismatch',
+ 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"DE7E77A9-BFAD-5EAA-9B48-A96760E9DF0B\\"\\n}","type":"json"}]',
+ 'title' => '更新数据集',
+ 'description' => '发送通知有频率和时间的限定。'."\n"
+ .'每天每个用户在08:00-20:00点最多收到两次通知,其余时间不会发送。',
+ ],
+ 'DeleteDataSet' => [
+ 'summary' => '删除数据集。',
+ 'methods' => [
+ 'post',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'write',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'delete',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsasASHGE7',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'DataSetId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '数据集ID。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'dataset-10iy8mbifnb4gniv****',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'IdempotentParameterMismatch',
+ 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]',
+ 'title' => '删除数据集',
+ ],
+ 'ListDataSets' => [
+ 'summary' => '获取数据集列表。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'read',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'list',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsasASHGE7',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'DataSetId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '数据集ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'dataset-qt0n8246gs9nackg****',
+ ],
+ ],
+ [
+ 'name' => 'DataSetName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '数据集名称。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'lmftest',
+ ],
+ ],
+ [
+ 'name' => 'DataSetStatus',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '数据集状态。取值:'."\n"
+ .'- 0:删除 。'."\n"
+ .'- 1:启用。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '0',
+ ],
+ ],
+ [
+ 'name' => 'OrderFieldName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '排序字段。取值:'."\n"
+ .'- GmtCreate:创建时间 。'."\n"
+ .'- GmtModified:更新时间。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'GmtCreate',
+ ],
+ ],
+ [
+ 'name' => 'OrderDirection',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '排序方向,取值为:'."\n"
+ .'- **asc**(默认值):正序。'."\n"
+ .'- **desc**:倒序。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'asc',
+ ],
+ ],
+ [
+ 'name' => 'PageNumber',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '分页参数:当前页码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'PageSize',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '分页参数:每页显示条数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'maximum' => '100',
+ 'minimum' => '1',
+ 'example' => '10',
+ ],
+ ],
+ [
+ 'name' => 'DataSetIds',
+ 'in' => 'formData',
+ 'style' => 'simple',
+ 'schema' => [
+ 'description' => '数据集ID列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '数据集ID列表。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '["dataset-1lz4nf2x08mklchy****"]',
+ ],
+ 'required' => false,
+ 'maxItems' => 50,
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'MaxResults',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '使用NextToken方式查询时,每次最多返回的结果数。取值范围:1~100。默认值:50。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '50',
+ ],
+ ],
+ [
+ 'name' => 'NextToken',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '下一个查询开始Token。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****',
+ ],
+ ],
+ [
+ 'name' => 'DataSetType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '数据集类型。取值:'."\n"
+ .'- custom:自定义。'."\n"
+ .'- preset:预定义。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'custom',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '157CFBB5-B56F-566F-8991-B3C51799****',
+ ],
+ 'DataSets' => [
+ 'description' => '数据集列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '数据集。',
+ 'type' => 'object',
+ 'properties' => [
+ 'CreateTime' => [
+ 'description' => '创建时间。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '1713787368000',
+ ],
+ 'UpdateTime' => [
+ 'description' => '更新时间。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '1713787368000',
+ ],
+ 'DataSetId' => [
+ 'description' => '数据集ID。',
+ 'type' => 'string',
+ 'example' => 'dataset-t8ha6p7k61rmniqw****',
+ ],
+ 'DataSetName' => [
+ 'description' => '数据集名称。',
+ 'type' => 'string',
+ 'example' => 'lmftest',
+ ],
+ 'DataSetDescription' => [
+ 'description' => '数据集描述。',
+ 'type' => 'string',
+ 'example' => 'lmftest desc',
+ ],
+ 'DataSetFieldNames' => [
+ 'description' => '数据集字段名称。',
+ 'type' => 'string',
+ 'example' => '["ip","region"]',
+ ],
+ 'DataSetFieldKeyName' => [
+ 'description' => '数据集唯一键名称。',
+ 'type' => 'string',
+ 'example' => 'ip',
+ ],
+ 'DataSetFileName' => [
+ 'description' => '上传的数据集文件名称。',
+ 'type' => 'string',
+ 'example' => 'cloudsiem-dataset/1358117679873357_174338773****.csv',
+ ],
+ 'DataSetStatus' => [
+ 'description' => '数据集状态。取值:'."\n"
+ .'- 0:删除。'."\n"
+ .'- 1:启用。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '1',
+ ],
+ 'DataSetReferences' => [
+ 'description' => '数据集引用数据。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '数据集引用数据。',
+ 'type' => 'object',
+ 'properties' => [
+ 'DataSetId' => [
+ 'description' => '数据集ID。',
+ 'type' => 'string',
+ 'example' => 'dataset-nhcrmjpx1zsorlaq****',
+ ],
+ 'DataSetReferenceType' => [
+ 'description' => '与数据集关联的服务类型。取值:'."\n"
+ .'- custom_rule:自定义规则 。'."\n"
+ .'- playbook:剧本。',
+ 'type' => 'string',
+ 'example' => 'playbook',
+ ],
+ 'DataSetReferenceId' => [
+ 'description' => '与数据集关联的规则或剧本id。',
+ 'type' => 'string',
+ 'example' => '456232',
+ ],
+ 'DataSetReferenceName' => [
+ 'description' => '与数据集关联的规则或剧本名称。',
+ 'type' => 'string',
+ 'example' => 'playbook_name',
+ ],
+ ],
+ ],
+ ],
+ 'DataSetType' => [
+ 'description' => '数据集类型。取值:'."\n"
+ .'- custom:自定义。'."\n"
+ .'- preset:预定义。',
+ 'type' => 'string',
+ 'example' => 'preset',
+ ],
+ 'IpWhitelistRecognizers' => [
+ 'description' => '识别器列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '识别器。',
+ 'type' => 'object',
+ 'properties' => [
+ 'IpWhitelistRecognizerType' => [
+ 'description' => '识别器识别的IP类型。取值:'."\n"
+ .'- sas_vulnerability_scanner_ip:云安全中心漏洞Web扫描器IP地址。'."\n"
+ .'- waf_back_source_ip:Web应用防火墙回源IP地址。'."\n"
+ .'- ddos_back_source_ip:DDoS防护回源IP地址。'."\n"
+ .'- esa_back_source_ip:边缘安全加速ESA回源节点IP地址。'."\n"
+ .'- ecs_public_ip:云服务器ECS公网IP地址。'."\n"
+ .'- slb_public_ip:负载均衡SLB公网IP地址。'."\n"
+ .'- vpc_eip:弹性公网IP(EIP)地址。'."\n"
+ .'- cdn_back_source_ip:内容分发网络CDN回源IP地址。'."\n"
+ .'- ga_back_source_ip:全球加速GA回源IP地址。',
+ 'type' => 'string',
+ 'example' => 'waf_back_source_ip',
+ ],
+ 'AutoRecognizeStatus' => [
+ 'description' => '自动识别状态。取值:'."\n"
+ .'- enabled:已启用。'."\n"
+ .'- disabled:未启用。',
+ 'type' => 'string',
+ 'example' => 'enabled',
+ ],
+ 'RecognizeScope' => [
+ 'description' => '识别范围。取值:'."\n"
+ .'- current_account:仅当前账户。'."\n"
+ .'- rd_accounts:开启多账号。',
+ 'type' => 'string',
+ 'example' => 'current_account',
+ ],
+ 'UpdateTime' => [
+ 'description' => '更新时间。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '1713787368000',
+ ],
+ ],
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'PageNumber' => [
+ 'description' => '分页参数:当前页码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '1',
+ ],
+ 'PageSize' => [
+ 'description' => '分页参数:每页显示条数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '10',
+ ],
+ 'TotalCount' => [
+ 'description' => '记录总数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '57',
+ ],
+ 'MaxResults' => [
+ 'description' => '使用NextToken方式查询时,每次最多返回的结果数。取值范围:1~100。默认值:50。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '50',
+ ],
+ 'NextToken' => [
+ 'description' => '下一个查询开始Token。',
+ 'type' => 'string',
+ 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'IdempotentParameterMismatch',
+ 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"157CFBB5-B56F-566F-8991-B3C51799****\\",\\n \\"DataSets\\": [\\n {\\n \\"CreateTime\\": 1713787368000,\\n \\"UpdateTime\\": 1713787368000,\\n \\"DataSetId\\": \\"dataset-t8ha6p7k61rmniqw****\\",\\n \\"DataSetName\\": \\"lmftest\\",\\n \\"DataSetDescription\\": \\"lmftest desc\\",\\n \\"DataSetFieldNames\\": \\"[\\\\\\"ip\\\\\\",\\\\\\"region\\\\\\"]\\",\\n \\"DataSetFieldKeyName\\": \\"ip\\",\\n \\"DataSetFileName\\": \\"cloudsiem-dataset/1358117679873357_174338773****.csv\\",\\n \\"DataSetStatus\\": 1,\\n \\"DataSetReferences\\": [\\n {\\n \\"DataSetId\\": \\"dataset-nhcrmjpx1zsorlaq****\\",\\n \\"DataSetReferenceType\\": \\"playbook\\",\\n \\"DataSetReferenceId\\": \\"456232\\",\\n \\"DataSetReferenceName\\": \\"playbook_name\\"\\n }\\n ],\\n \\"DataSetType\\": \\"preset\\",\\n \\"IpWhitelistRecognizers\\": [\\n {\\n \\"IpWhitelistRecognizerType\\": \\"waf_back_source_ip\\",\\n \\"AutoRecognizeStatus\\": \\"enabled\\",\\n \\"RecognizeScope\\": \\"current_account\\",\\n \\"UpdateTime\\": 1713787368000\\n }\\n ]\\n }\\n ],\\n \\"PageNumber\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 57,\\n \\"MaxResults\\": 50,\\n \\"NextToken\\": \\"AAAAAUqcj6VO4E3ECWIrFczs****\\"\\n}","type":"json"}]',
+ 'title' => '获取数据集列表',
+ ],
+ 'UpdateDataSetRecord' => [
+ 'summary' => '更新数据集记录。',
+ 'methods' => [
+ 'post',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'write',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'update',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsasASHGE7',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'DataSetId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '数据集ID。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'dataset-10iy8mbifnb4gniv****',
+ ],
+ ],
+ [
+ 'name' => 'DataSetRecords',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '数据集记录内容,json数组格式。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '[{\\"ip\\":\\"1.1.1.1\\",\\"userid\\":\\"1234\\",\\"name\\":\\"a12401\\"},'."\n"
+ .' {\\"ip\\":\\"2.2.2.2\\",\\"userid\\":\\"33333\\",\\"name\\":\\"a12401\\"}]',
+ ],
+ ],
+ [
+ 'name' => 'DataSetFileName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '上传的数据集文件名称。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cloudsiem-dataset/1358117679873357_174338773****.csv',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****',
+ ],
+ 'DataSetRecordStatistic' => [
+ 'description' => '数据集更新结果。',
+ 'type' => 'object',
+ 'properties' => [
+ 'NewDataSetRecordCount' => [
+ 'description' => '新增数据集记录数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '12',
+ ],
+ 'UpdateDataSetRecordCount' => [
+ 'description' => '更新数据集记录数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '4',
+ ],
+ ],
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'IdempotentParameterMismatch',
+ 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\",\\n \\"DataSetRecordStatistic\\": {\\n \\"NewDataSetRecordCount\\": 12,\\n \\"UpdateDataSetRecordCount\\": 4\\n }\\n}","type":"json"}]',
+ 'title' => '更新数据集记录',
+ 'description' => '发送通知有频率和时间的限定。'."\n"
+ .'每天每个用户在08:00-20:00点最多收到两次通知,其余时间不会发送。',
+ ],
+ 'DeleteDataSetRecord' => [
+ 'summary' => '删除数据集记录。',
+ 'methods' => [
+ 'post',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'write',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'delete',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsasASHGE7',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'DataSetId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '数据集ID。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'dataset-10iy8mbifnb4gniv****',
+ ],
+ ],
+ [
+ 'name' => 'DataSetRecordIds',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '数据集记录ID列表, json数组格式。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => '[1,2,3,4]',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'IdempotentParameterMismatch',
+ 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]',
+ 'title' => '删除数据集记录',
+ ],
+ 'ListDataSetRecords' => [
+ 'summary' => '获取数据集记录列表。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'read',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'list',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsasASHGE7',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'DataSetId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '数据集ID。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'dataset-nhcrmjpx1zsorlaq****',
+ ],
+ ],
+ [
+ 'name' => 'PageNumber',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '分页参数:当前页码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => true,
+ 'minimum' => '1',
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'PageSize',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '分页参数:每页显示条数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => true,
+ 'maximum' => '100',
+ 'minimum' => '1',
+ 'example' => '10',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'MaxResults',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '使用NextToken方式查询时,每次最多返回的结果数。取值范围:1~100。默认值:50。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '50',
+ ],
+ ],
+ [
+ 'name' => 'NextToken',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '下一个查询开始Token。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****',
+ ],
+ 'DataSetRecords' => [
+ 'description' => '数据集记录列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '数据集记录。',
+ 'type' => 'object',
+ 'properties' => [
+ 'CreateTime' => [
+ 'description' => '创建时间。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '1658974643000',
+ ],
+ 'UpdateTime' => [
+ 'description' => '更新时间。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '1658974643000',
+ ],
+ 'DataSetId' => [
+ 'description' => '数据集ID。',
+ 'type' => 'string',
+ 'example' => 'dataset-t8ha6p7k61rmniqw****',
+ ],
+ 'DataSetName' => [
+ 'description' => '数据集名称。',
+ 'type' => 'string',
+ 'example' => 'lmftest',
+ ],
+ 'DataSetRecordId' => [
+ 'description' => '数据集记录ID。',
+ 'type' => 'string',
+ 'example' => '124566',
+ ],
+ 'DataSetRecordValues' => [
+ 'description' => '数据集记录值。',
+ 'type' => 'string',
+ 'example' => '{"ip":"10.0.*.*/8","region":"shanghai"}',
+ ],
+ ],
+ ],
+ ],
+ 'PageNumber' => [
+ 'description' => '分页参数:当前页码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '1',
+ ],
+ 'PageSize' => [
+ 'description' => '分页参数:每页显示条数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '10',
+ ],
+ 'TotalCount' => [
+ 'description' => '记录总数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '57',
+ ],
+ 'MaxResults' => [
+ 'description' => '使用NextToken方式查询时,每次最多返回的结果数。取值范围:1~100。默认值:50。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '50',
+ ],
+ 'NextToken' => [
+ 'description' => '下一个查询开始Token。',
+ 'type' => 'string',
+ 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'IdempotentParameterMismatch',
+ 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\",\\n \\"DataSetRecords\\": [\\n {\\n \\"CreateTime\\": 1658974643000,\\n \\"UpdateTime\\": 1658974643000,\\n \\"DataSetId\\": \\"dataset-t8ha6p7k61rmniqw****\\",\\n \\"DataSetName\\": \\"lmftest\\",\\n \\"DataSetRecordId\\": \\"124566\\",\\n \\"DataSetRecordValues\\": \\"{\\\\\\"ip\\\\\\":\\\\\\"10.0.*.*/8\\\\\\",\\\\\\"region\\\\\\":\\\\\\"shanghai\\\\\\"}\\"\\n }\\n ],\\n \\"PageNumber\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 57,\\n \\"MaxResults\\": 50,\\n \\"NextToken\\": \\"AAAAAUqcj6VO4E3ECWIrFczs****\\"\\n}","type":"json"}]',
+ 'title' => '获取数据集记录列表',
+ ],
+ 'CreateDetectionRule' => [
+ 'summary' => '创建检测规则。',
+ 'methods' => [
+ 'post',
+ 'get',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'write',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'create',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsasASHGE7',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'DetectionRuleName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '检测规则名称。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'dr-ha1i09ob3zmqrs85****',
+ 'maxLength' => 100,
+ ],
+ ],
+ [
+ 'name' => 'DetectionRuleDescription',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '检测规则描述。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'dr-123',
+ 'maxLength' => 2000,
+ ],
+ ],
+ [
+ 'name' => 'DetectionRuleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '检测规则类型。取值:'."\n"
+ .'- preset:预置检测规则。'."\n"
+ .'- custom:自定义检测规则。'."\n"
+ .'- custom_template:规则模版。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'custom',
+ 'enum' => [
+ 'custom',
+ ],
+ ],
+ ],
+ [
+ 'name' => 'DetectionRuleStatus',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '检测规则状态。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '0',
+ ],
+ ],
+ [
+ 'name' => 'AlertType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '告警类型。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'WebShell',
+ ],
+ ],
+ [
+ 'name' => 'AlertLevel',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '告警威胁等级。 取值:'."\n"
+ .'- 5:严重。'."\n"
+ .'- 4:高危。'."\n"
+ .'- 3:中危。'."\n"
+ .'- 2:低危。'."\n"
+ .'- 1:信息。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => '1',
+ 'enum' => [
+ '1',
+ '2',
+ '3',
+ '4',
+ '5',
+ ],
+ ],
+ ],
+ [
+ 'name' => 'AlertTacticId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '告警战术阶段。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'TA0042',
+ ],
+ ],
+ [
+ 'name' => 'AlertAttCk',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '告警Att&Ck。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'Discovery',
+ ],
+ ],
+ [
+ 'name' => 'DetectionExpressionType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '检测规则表达式类型。取值:'."\n"
+ .'- sql:SQL。'."\n"
+ .'- playbook:剧本。',
+ 'type' => 'string',
+ 'required' => false,
+ 'enumValueTitles' => [
+ 'sql' => 'sql',
+ 'playbook' => 'playbook',
+ ],
+ 'example' => 'sql',
+ 'enum' => [
+ 'sql',
+ 'graphical',
+ 'playbook',
+ ],
+ ],
+ ],
+ [
+ 'name' => 'DetectionExpressionContent',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '检测规则表达式内容。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '*|set session mode=scan;SELECT * FROM log'."\n"
+ .'WHERE schema = \'PROCESS_START_ACTIVITY\''."\n"
+ .'AND ('."\n"
+ .' proc_path LIKE \'%/groups\''."\n"
+ .' OR ('."\n"
+ .' ('."\n"
+ .' proc_path LIKE \'%/cat\''."\n"
+ .' OR proc_path LIKE \'%/head\''."\n"
+ .' OR proc_path LIKE \'%/tail\''."\n"
+ .' OR proc_path LIKE \'%/more\''."\n"
+ .' )'."\n"
+ .' AND cmdline LIKE \'%/etc/group%\''."\n"
+ .' )'."\n"
+ .')'."\n",
+ ],
+ ],
+ [
+ 'name' => 'LogCategoryId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '日志规范化类别ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'NETWORK_CATEGORY',
+ ],
+ ],
+ [
+ 'name' => 'LogSchemaId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '日志规范化方案ID。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'API_RISK_ACTIVITY',
+ ],
+ ],
+ [
+ 'name' => 'AlertSchemaId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '检测规则告警模版ID。取值:'."\n"
+ .'- ALERT_ACTIVITY:其他告警。'."\n"
+ .'- EDR_ALERT_ACTIVITY:端点检测响应与告警。'."\n"
+ .'- FIREWALL_ALERT_ACTIVITY:防火墙告警。'."\n"
+ .'- WAF_ALERT_ACTIVITY:web应用防火墙告警。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'ALERT_ACTIVITY',
+ ],
+ ],
+ [
+ 'name' => 'ScheduleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '调度类型。取值:'."\n"
+ .'- fixed_rate:固定间隔。'."\n"
+ .'- cron:cron表达式。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'fixed_rate',
+ 'enum' => [
+ 'fixed_rate',
+ 'cron',
+ ],
+ ],
+ ],
+ [
+ 'name' => 'ScheduleExpression',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '调度Cron表达式,ScheduleType取值为cron时需填写。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '0/5 * * * *',
+ ],
+ ],
+ [
+ 'name' => 'ScheduleMaxRetries',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '超时最大重试次数,取值1~100',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'ScheduleBeginTime',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '调度开始时间(13位时间戳)。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '1733269771123',
+ ],
+ ],
+ [
+ 'name' => 'ScheduleWindow',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '调度窗口长度。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '5m',
+ ],
+ ],
+ [
+ 'name' => 'ScheduleMaxTimeout',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '超时最长时间,单位秒,取值60~1800。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '60',
+ ],
+ ],
+ [
+ 'name' => 'AlertThresholdPeriod',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '告警阈值周期长度。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '5m',
+ ],
+ ],
+ [
+ 'name' => 'AlertThresholdCount',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '告警阈值次数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '10',
+ ],
+ ],
+ [
+ 'name' => 'AlertThresholdGroup',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '告警阈值字段列表,以英文逗号分隔。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'alert_type,ip',
+ ],
+ ],
+ [
+ 'name' => 'IncidentAggregationType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '事件聚合类型。取值:'."\n"
+ .'- none:不生成事件。'."\n"
+ .'- graph_compute:图计算(预定义规则支持)。'."\n"
+ .'- expert:专家规则。'."\n"
+ .'- passthrough:告警透出(1对1)。'."\n"
+ .'- window:同类聚合(窗口)。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'window',
+ ],
+ ],
+ [
+ 'name' => 'IncidentAggregationExpression',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '事件聚合周期配置。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '5m',
+ ],
+ ],
+ [
+ 'name' => 'PlaybookUuid',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '剧本的UUID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'system_aliyun_clb_process_book',
+ ],
+ ],
+ [
+ 'name' => 'PlaybookParameters',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '剧本用户自定义参数。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '{'."\n"
+ .' "ip": {'."\n"
+ .' "ip": "124.23.*.*"'."\n"
+ .' }'."\n"
+ .'}',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'EntityMappings',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '实体映射配置。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '[{\\"NormalizationSchemaId\\":\\"host\\",\\"NormalizationFieldMappings\\":[{\\"NormalizationFieldName\\":\\"uuid\\",\\"MappingFieldName\\":\\"host\\",\\"NormalizationFieldType\\":\\"varchar\\"}]}]',
+ ],
+ ],
+ [
+ 'name' => 'DetectionRuleTemplateId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '检测规则模板ID。',
+ 'description' => '检测规则模板ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cfw-out-ip_aegis-netstat',
+ ],
+ ],
+ [
+ 'name' => 'DetectionRuleTemplateVersion',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '检测规则模板版本。',
+ 'description' => '检测规则模板版本。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'v1.0.0',
+ ],
+ ],
+ [
+ 'name' => 'AlertName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '告警名称,支持使用$$引用查询输出字段',
+ 'description' => '告警名称,支持使用$$引用查询输出字段',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'Detected high-frequency multi-type network attacks from $src_ip$',
+ ],
+ ],
+ [
+ 'name' => 'AlertDescription',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '告警描述,支持使用$$引用查询输出字段',
+ 'description' => '告警描述,支持使用$$引用查询输出字段',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'Alert from: $product_code$, detected network attack from $src_ip$, affected assets include: $dst_ip$',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '5CC09D0C-1CD7-54BD-A853-DCB2D945****',
+ ],
+ 'DetectionRuleId' => [
+ 'description' => '检测规则ID。',
+ 'type' => 'string',
+ 'example' => 'dr-ha1i09ob3zmqrs85****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'IdempotentParameterMismatch',
+ 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"5CC09D0C-1CD7-54BD-A853-DCB2D945****\\",\\n \\"DetectionRuleId\\": \\"dr-ha1i09ob3zmqrs85****\\"\\n}","type":"json"}]',
+ 'title' => '创建检测规则',
+ ],
+ 'UpdateDetectionRule' => [
+ 'summary' => '更新检测规则。',
+ 'methods' => [
+ 'post',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'write',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'update',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsasASHGE7',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'DetectionRuleId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '检测规则ID。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'jndi-attack-success_http_dns',
+ ],
+ ],
+ [
+ 'name' => 'DetectionRuleName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '检测规则名称。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'CTDR Port Scan Behavior',
+ 'maxLength' => 100,
+ ],
+ ],
+ [
+ 'name' => 'DetectionRuleDescription',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '检测规则描述。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'Check the enumeration behavior of local system groups. An attacker may attempt to find the Local Systems group and its permission settings.',
+ 'maxLength' => 2000,
+ ],
+ ],
+ [
+ 'name' => 'DetectionRuleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '检测规则类型。取值:'."\n"
+ .'- preset:预置检测规则。'."\n"
+ .'- custom:自定义检测规则。'."\n"
+ .'- custom_template:规则模版。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'custom',
+ 'enum' => [
+ 'custom',
+ 'preset',
+ 'custom_template',
+ ],
+ ],
+ ],
+ [
+ 'name' => 'DetectionRuleStatus',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '检测规则状态。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'enabled',
+ 'enum' => [
+ 'disabled',
+ 'enabled',
+ 'testing',
+ ],
+ ],
+ ],
+ [
+ 'name' => 'AlertType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '告警类型。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'siem_rule_type_alert_storm',
+ ],
+ ],
+ [
+ 'name' => 'AlertLevel',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '告警威胁等级。 取值:'."\n"
+ .'- 5:严重。'."\n"
+ .'- 4:高危。'."\n"
+ .'- 3:中危。'."\n"
+ .'- 2:低危。'."\n"
+ .'- 1:信息。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'AlertTacticId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '告警战术阶段。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'TA0042',
+ ],
+ ],
+ [
+ 'name' => 'AlertAttCk',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '告警Att&Ck。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'Discovery',
+ ],
+ ],
+ [
+ 'name' => 'DetectionExpressionType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '检测规则表达式内容。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'sql',
+ ],
+ ],
+ [
+ 'name' => 'DetectionExpressionContent',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '检测规则表达式内容。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '*|set session mode=scan;SELECT * FROM log'."\n"
+ .'WHERE schema = \'PROCESS_START_ACTIVITY\''."\n"
+ .'AND ('."\n"
+ .' proc_path LIKE \'%/groups\''."\n"
+ .' OR ('."\n"
+ .' ('."\n"
+ .' proc_path LIKE \'%/cat\''."\n"
+ .' OR proc_path LIKE \'%/head\''."\n"
+ .' OR proc_path LIKE \'%/tail\''."\n"
+ .' OR proc_path LIKE \'%/more\''."\n"
+ .' )'."\n"
+ .' AND cmdline LIKE \'%/etc/group%\''."\n"
+ .' )'."\n"
+ .')',
+ ],
+ ],
+ [
+ 'name' => 'LogCategoryId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '日志规范化类别ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'NETWORK_CATEGORY',
+ ],
+ ],
+ [
+ 'name' => 'LogSchemaId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '日志规范化方案ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'API_RISK_ACTIVITY',
+ ],
+ ],
+ [
+ 'name' => 'AlertSchemaId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '检测规则告警模版ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'ALERT_ACTIVITY',
+ ],
+ ],
+ [
+ 'name' => 'ScheduleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '调度类型。取值:'."\n"
+ .'- fixed_rate:固定间隔。'."\n"
+ .'- cron:cron表达式。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'fixed_rate',
+ ],
+ ],
+ [
+ 'name' => 'ScheduleExpression',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '调度Cron表达式,ScheduleType取值为cron时需填写。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '1h',
+ ],
+ ],
+ [
+ 'name' => 'ScheduleMaxRetries',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '超时最大重试次数,取值1~100。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'ScheduleBeginTime',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '调度开始时间(13位时间戳)。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '1733269771123',
+ ],
+ ],
+ [
+ 'name' => 'ScheduleWindow',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '调度窗口长度。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '5m',
+ ],
+ ],
+ [
+ 'name' => 'ScheduleMaxTimeout',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '超时最长时间,单位秒,取值60~1800。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '60',
+ ],
+ ],
+ [
+ 'name' => 'AlertThresholdPeriod',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '告警阈值周期长度。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '5m',
+ ],
+ ],
+ [
+ 'name' => 'AlertThresholdCount',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '告警阈值次数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '10',
+ ],
+ ],
+ [
+ 'name' => 'AlertThresholdGroup',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '告警阈值字段列表,以英文逗号分隔。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'alert_type,ip',
+ ],
+ ],
+ [
+ 'name' => 'IncidentAggregationType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '事件聚合类型。取值:'."\n"
+ .'- none:不生成事件。'."\n"
+ .'- graph_compute:图计算(预定义规则支持)。'."\n"
+ .'- expert:专家规则。'."\n"
+ .'- passthrough:告警透出(1对1)。'."\n"
+ .'- window:同类聚合(窗口)。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'window',
+ ],
+ ],
+ [
+ 'name' => 'IncidentAggregationExpression',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '事件聚合周期配置。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '60m',
+ ],
+ ],
+ [
+ 'name' => 'PlaybookParameters',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '剧本用户自定义参数。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '{'."\n"
+ .' "ip": {'."\n"
+ .' "ip": "124.23.*.*"'."\n"
+ .' }'."\n"
+ .'}',
+ ],
+ ],
+ [
+ 'name' => 'PlaybookUuid',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '剧本唯一标识。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '31568394-7a86-487c-b8ec-b3f42b59****',
+ ],
+ ],
+ [
+ 'name' => 'EntityMappings',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '实体映射配置。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '[{\\"NormalizationSchemaId\\":\\"host\\",\\"NormalizationFieldMappings\\":[{\\"NormalizationFieldName\\":\\"uuid\\",\\"MappingFieldName\\":\\"host\\",\\"NormalizationFieldType\\":\\"varchar\\"}]}]',
+ ],
+ ],
+ [
+ 'name' => 'AlertName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '告警名称,支持使用$$引用查询输出字段',
+ 'description' => '告警名称,支持使用$$引用查询输出字段',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'Detected high-frequency multi-type network attacks from $src_ip$',
+ ],
+ ],
+ [
+ 'name' => 'AlertDescription',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '告警描述,支持使用$$引用查询输出字段',
+ 'description' => '告警描述,支持使用$$引用查询输出字段',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'Alert from: $product_code$, detected network attack from $src_ip$, affected assets include: $dst_ip$',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => 'B88A2D41-87B8-537E-A7D3-3416A39F****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'IdempotentParameterMismatch',
+ 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"B88A2D41-87B8-537E-A7D3-3416A39F****\\"\\n}","type":"json"}]',
+ 'title' => '更新检测规则',
+ 'description' => '入参JsonConfig是一个非常复杂的JSON配置,为此我们提供了辅助工具类帮助具体配置示例,请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。',
+ ],
+ 'DeleteDetectionRule' => [
+ 'summary' => '删除检测规则。',
+ 'methods' => [
+ 'post',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'write',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'delete',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsasASHGE7',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'DetectionRuleId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '检测规则ID。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'dr-53np4nguf5jmh1vc****',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'IdempotentParameterMismatch',
+ 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]',
+ 'title' => '删除检测规则',
+ ],
+ 'ListDetectionRules' => [
+ 'summary' => '获取检测规则列表。',
+ 'methods' => [
+ 'post',
+ 'get',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'read',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'list',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsasASHGE7',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'DetectionRuleName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '检测规则名称。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'Detect Discovery Behavior for Local Systems Groups',
+ ],
+ ],
+ [
+ 'name' => 'DetectionRuleId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '检测规则ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'dr-ppa85gfw69tgwkys****',
+ ],
+ ],
+ [
+ 'name' => 'DetectionRuleIds',
+ 'in' => 'formData',
+ 'style' => 'simple',
+ 'schema' => [
+ 'description' => '检测规则ID列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '检测规则ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'dr-ppa85gfw69tgwkys****'."\n",
+ ],
+ 'required' => false,
+ ],
+ ],
+ [
+ 'name' => 'DetectionRuleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '检测规则类型。'."\n"
+ ."\n"
+ .'- preset:预置检测规则。'."\n"
+ .'- custom:自定义检测规则。'."\n"
+ .'- custom_template:规则模版。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'preset',
+ ],
+ ],
+ [
+ 'name' => 'DetectionRuleStatus',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '检测规则状态。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'enabled',
+ ],
+ ],
+ [
+ 'name' => 'AlertType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '告警类型。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'siem_rule_type_alert_storm',
+ ],
+ ],
+ [
+ 'name' => 'AlertLevel',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '告警威胁等级。 取值:'."\n"
+ .'- 5:严重。'."\n"
+ .'- 4:高危。'."\n"
+ .'- 3:中危。'."\n"
+ .'- 2:低危。'."\n"
+ .'- 1:信息。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'AlertTacticId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '告警战术阶段。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'TA0042',
+ ],
+ ],
+ [
+ 'name' => 'AlertAttCk',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '告警Att&Ck。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'Discovery',
+ ],
+ ],
+ [
+ 'name' => 'IncidentAggregationType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '事件聚合类型。取值:'."\n"
+ .'- none:不生成事件。'."\n"
+ .'- graph_compute:图计算(预定义规则支持)。'."\n"
+ .'- expert:专家规则。'."\n"
+ .'- passthrough:告警透出(1对1)。'."\n"
+ .'- window:同类聚合(窗口)。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'graph_compute',
+ ],
+ ],
+ [
+ 'name' => 'LogCategoryId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '日志规范化类别ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'NETWORK_CATEGORY',
+ ],
+ ],
+ [
+ 'name' => 'LogSchemaId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '日志规范化方案ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'API_RISK_ACTIVITY',
+ ],
+ ],
+ [
+ 'name' => 'DetectionExpressionType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '检测规则表达式内容。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'playbook',
+ ],
+ ],
+ [
+ 'name' => 'OrderFieldName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '排序字段。取值:'."\n"
+ .'- GmtCreate:创建时间 。'."\n"
+ .'- GmtModified:更新时间。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'GmtModified',
+ ],
+ ],
+ [
+ 'name' => 'OrderDirection',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '排序方向,取值为:'."\n"
+ ."\n"
+ .'- **asc**:正序,为默认值。'."\n"
+ .'- **desc**:倒序。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'asc',
+ ],
+ ],
+ [
+ 'name' => 'PageNumber',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '分页参数:当前页码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'minimum' => '1',
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'PageSize',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '分页参数:每页显示条数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'maximum' => '100',
+ 'minimum' => '1',
+ 'example' => '100',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'MaxResults',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '本次读取的最大数据量。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '50',
+ ],
+ ],
+ [
+ 'name' => 'NextToken',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '下一个查询开始Token。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '508DCFFD-4508-54BF-A8A0-E97A0FA6****',
+ ],
+ 'DetectionRules' => [
+ 'description' => '检测规则列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '检测规则。',
+ 'type' => 'object',
+ 'properties' => [
+ 'CreateTime' => [
+ 'description' => '创建时间。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '2023-03-21 13:47:01',
+ ],
+ 'UpdateTime' => [
+ 'description' => '更新时间。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '2023-04-16 10:51:00',
+ ],
+ 'DetectionRuleId' => [
+ 'description' => '检测规则ID。',
+ 'type' => 'string',
+ 'example' => 'jndi-attack-success_http_netstat',
+ ],
+ 'DetectionRuleName' => [
+ 'description' => '检测规则名称。',
+ 'type' => 'string',
+ 'example' => 'Detect Discovery Behavior for Local Systems Groups'."\n",
+ ],
+ 'DetectionRuleDescription' => [
+ 'description' => '检测规则描述。',
+ 'type' => 'string',
+ 'example' => 'Check the enumeration behavior of local system groups. An attacker may attempt to find the Local Systems group and its permission settings.',
+ ],
+ 'DetectionRuleType' => [
+ 'description' => '检测规则类型。取值:'."\n"
+ .'- preset:预置检测规则。'."\n"
+ .'- custom:自定义检测规则。'."\n"
+ .'- custom_template:规则模版。',
+ 'type' => 'string',
+ 'example' => 'custom',
+ ],
+ 'DetectionRuleStatus' => [
+ 'description' => '检测规则状态。取值:'."\n"
+ .'- enabled:启用。'."\n"
+ .'- disabled:禁用。'."\n"
+ .'- testing:测试。',
+ 'type' => 'string',
+ 'example' => 'enabled',
+ ],
+ 'DetectionExpressionType' => [
+ 'description' => '检测规则表达式内容。',
+ 'type' => 'string',
+ 'example' => 'playbook',
+ ],
+ 'DetectionExpressionContent' => [
+ 'description' => '检测规则表达式内容。',
+ 'type' => 'string',
+ 'example' => '*|set session mode=scan;SELECT * FROM log'."\n"
+ .'WHERE schema = \'PROCESS_START_ACTIVITY\''."\n"
+ .'AND ('."\n"
+ .' proc_path LIKE \'%/groups\''."\n"
+ .' OR ('."\n"
+ .' ('."\n"
+ .' proc_path LIKE \'%/cat\''."\n"
+ .' OR proc_path LIKE \'%/head\''."\n"
+ .' OR proc_path LIKE \'%/tail\''."\n"
+ .' OR proc_path LIKE \'%/more\''."\n"
+ .' )'."\n"
+ .' AND cmdline LIKE \'%/etc/group%\''."\n"
+ .' )'."\n"
+ .')',
+ ],
+ 'LogCategoryId' => [
+ 'description' => '日志规范化类别ID。',
+ 'type' => 'string',
+ 'example' => 'NETWORK_CATEGORY',
+ ],
+ 'LogSchemaId' => [
+ 'description' => '日志规范化方案ID。',
+ 'type' => 'string',
+ 'example' => 'API_RISK_ACTIVITY',
+ ],
+ 'AlertSchemaId' => [
+ 'description' => '检测规则告警模版ID。取值:'."\n"
+ .'- ALERT_ACTIVITY:其他告警。'."\n"
+ .'- EDR_ALERT_ACTIVITY:端点检测响应与告警。'."\n"
+ .'- FIREWALL_ALERT_ACTIVITY:防火墙告警。'."\n"
+ .'- WAF_ALERT_ACTIVITY:web应用防火墙告警。',
+ 'type' => 'string',
+ 'example' => 'ALERT_ACTIVITY',
+ ],
+ 'ScheduleType' => [
+ 'description' => '调度类型。取值:'."\n"
+ ."\n"
+ .'- fixed_rate:固定间隔'."\n"
+ .'- cron:cron表达式',
+ 'type' => 'string',
+ 'example' => 'fixed_rate',
+ ],
+ 'ScheduleExpression' => [
+ 'description' => '调度Cron表达式,ScheduleType取值为cron时需填写。',
+ 'type' => 'string',
+ 'example' => '5m',
+ ],
+ 'ScheduleMaxRetries' => [
+ 'description' => '超时最大重试次数,取值1~100。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '1',
+ ],
+ 'ScheduleBeginTime' => [
+ 'description' => '调度开始时间(13位时间戳)。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '1733269771123',
+ ],
+ 'ScheduleWindow' => [
+ 'description' => '调度窗口长度。',
+ 'type' => 'string',
+ 'example' => '5m',
+ ],
+ 'ScheduleMaxTimeout' => [
+ 'description' => '超时最长时间,单位秒,取值60~1800。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '60',
+ ],
+ 'AlertType' => [
+ 'description' => '告警类型。',
+ 'type' => 'string',
+ 'example' => 'WebShell',
+ ],
+ 'AlertLevel' => [
+ 'description' => '告警威胁等级。 取值:'."\n"
+ .'- 5:严重。'."\n"
+ .'- 4:高危。'."\n"
+ .'- 3:中危。'."\n"
+ .'- 2:低危。'."\n"
+ .'- 1:信息。',
+ 'type' => 'string',
+ 'example' => '1',
+ ],
+ 'AlertTacticId' => [
+ 'description' => '告警战术阶段。',
+ 'type' => 'string',
+ 'example' => 'TA0042',
+ ],
+ 'AlertAttCk' => [
+ 'description' => '告警Att&Ck。',
+ 'type' => 'string',
+ 'example' => 'Discovery',
+ ],
+ 'AlertThresholdPeriod' => [
+ 'description' => '告警阈值周期长度。',
+ 'type' => 'string',
+ 'example' => '5m',
+ ],
+ 'AlertThresholdCount' => [
+ 'description' => '告警阈值次数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '10',
+ ],
+ 'AlertThresholdGroup' => [
+ 'description' => '告警阈值字段列表,以英文逗号分隔。',
+ 'type' => 'string',
+ 'example' => 'alert_type,ip',
+ ],
+ 'IncidentAggregationType' => [
+ 'description' => '事件聚合类型。取值:'."\n"
+ .'- none:不生成事件。'."\n"
+ .'- graph_compute:图计算(预定义规则支持)。'."\n"
+ .'- expert:专家规则。'."\n"
+ .'- passthrough:告警透出(1对1)。'."\n"
+ .'- window:同类聚合(窗口)。',
+ 'type' => 'string',
+ 'example' => 'passthrough',
+ ],
+ 'IncidentAggregationExpression' => [
+ 'description' => '事件聚合周期配置。',
+ 'type' => 'string',
+ 'example' => '5m',
+ ],
+ 'PlaybookUuid' => [
+ 'description' => '剧本UUID。',
+ 'type' => 'string',
+ 'example' => 'dde983ed-eb56-45ea-ac2e-3b12b2a9****',
+ ],
+ 'PlaybookParameters' => [
+ 'description' => '剧本用户自定义参数。',
+ 'type' => 'string',
+ 'example' => '{'."\n"
+ .' "ip": {'."\n"
+ .' "ip": "124.23.*.*"'."\n"
+ .' }'."\n"
+ .'}',
+ ],
+ 'Playbook' => [
+ 'description' => '剧本的XML配置。',
+ 'type' => 'object',
+ 'properties' => [
+ 'Flow' => [
+ 'description' => '剧本流程配置。',
+ 'type' => 'string',
+ 'example' => '['."\n"
+ .' {'."\n"
+ .' "id": "EndEvent_1fqpq4h",'."\n"
+ .' "zIndex": 1,'."\n"
+ .' "data": {'."\n"
+ .' "nodeType": "endEvent",'."\n"
+ .' "appType": "basic",'."\n"
+ .' "valueData": {'."\n"
+ ."\n"
+ .' },'."\n"
+ .' "icon": "icon-radio-off-full"'."\n"
+ .' },'."\n"
+ .' "position": {'."\n"
+ .' "x": 1369,'."\n"
+ .' "y": 174'."\n"
+ .' }'."\n"
+ .' }'."\n"
+ .']',
+ ],
+ 'Config' => [
+ 'description' => '调用剧本入参配置。',
+ 'type' => 'string',
+ 'example' => '['."\n"
+ .' {'."\n"
+ .' "name": "expireDay",'."\n"
+ .' "dataType": "Integer",'."\n"
+ .' "required": true,'."\n"
+ .' "isArray": false,'."\n"
+ .' "example": "7",'."\n"
+ .' "description": "desc",'."\n"
+ .' "typeName": "Integer",'."\n"
+ .' "dataClass": "normal",'."\n"
+ .' "stanchDefaultValue": "7"'."\n"
+ .' }'."\n"
+ .']',
+ ],
+ ],
+ ],
+ 'EntityMappings' => [
+ 'description' => '实体映射配置。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '实体映射配置。',
+ 'type' => 'object',
+ 'properties' => [
+ 'NormalizationSchemaId' => [
+ 'description' => '实体类型ID。',
+ 'type' => 'string',
+ 'example' => 'ip',
+ ],
+ 'NormalizationFieldMappings' => [
+ 'description' => '实体映射配置。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '实体映射配置。',
+ 'type' => 'object',
+ 'properties' => [
+ 'NormalizationFieldName' => [
+ 'description' => '实体标准字段。',
+ 'type' => 'string',
+ 'example' => 'src_ip',
+ ],
+ 'MappingFieldName' => [
+ 'description' => '映射字段。',
+ 'type' => 'string',
+ 'example' => 'ip',
+ ],
+ 'NormalizationFieldType' => [
+ 'description' => '实体标准字段数据类型。',
+ 'type' => 'string',
+ 'example' => 'vachar',
+ ],
+ ],
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'AlertName' => [
+ 'description' => '告警名称,支持使用$$引用查询输出字段',
+ 'type' => 'string',
+ 'example' => 'Detected high-frequency multi-type network attacks from $src_ip$',
+ ],
+ 'AlertDescription' => [
+ 'description' => '告警描述,支持使用$$引用查询输出字段',
+ 'type' => 'string',
+ 'example' => 'Alert from: $product_code$, detected network attack from $src_ip$, affected assets include: $dst_ip$',
+ ],
+ ],
+ ],
+ ],
+ 'PageNumber' => [
+ 'description' => '分页参数:当前页码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '2',
+ ],
+ 'PageSize' => [
+ 'description' => '分页参数:每页显示条数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '10',
+ ],
+ 'TotalCount' => [
+ 'description' => '记录总数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '6',
+ ],
+ 'MaxResults' => [
+ 'description' => '本次读取的最大数据量。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '50',
+ ],
+ 'NextToken' => [
+ 'description' => '下一个查询开始Token。',
+ 'type' => 'string',
+ 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'IdempotentParameterMismatch',
+ 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"508DCFFD-4508-54BF-A8A0-E97A0FA6****\\",\\n \\"DetectionRules\\": [\\n {\\n \\"CreateTime\\": 0,\\n \\"UpdateTime\\": 0,\\n \\"DetectionRuleId\\": \\"jndi-attack-success_http_netstat\\",\\n \\"DetectionRuleName\\": \\"Detect Discovery Behavior for Local Systems Groups\\\\n\\",\\n \\"DetectionRuleDescription\\": \\"Check the enumeration behavior of local system groups. An attacker may attempt to find the Local Systems group and its permission settings.\\",\\n \\"DetectionRuleType\\": \\"custom\\",\\n \\"DetectionRuleStatus\\": \\"enabled\\",\\n \\"DetectionExpressionType\\": \\"playbook\\",\\n \\"DetectionExpressionContent\\": \\"*|set session mode=scan;SELECT * FROM log\\\\nWHERE schema = \'PROCESS_START_ACTIVITY\'\\\\nAND (\\\\n proc_path LIKE \'%/groups\'\\\\n OR (\\\\n (\\\\n proc_path LIKE \'%/cat\'\\\\n OR proc_path LIKE \'%/head\'\\\\n OR proc_path LIKE \'%/tail\'\\\\n OR proc_path LIKE \'%/more\'\\\\n )\\\\n AND cmdline LIKE \'%/etc/group%\'\\\\n )\\\\n)\\",\\n \\"LogCategoryId\\": \\"NETWORK_CATEGORY\\",\\n \\"LogSchemaId\\": \\"API_RISK_ACTIVITY\\",\\n \\"AlertSchemaId\\": \\"ALERT_ACTIVITY\\",\\n \\"ScheduleType\\": \\"fixed_rate\\",\\n \\"ScheduleExpression\\": \\"5m\\",\\n \\"ScheduleMaxRetries\\": 1,\\n \\"ScheduleBeginTime\\": 1733269771123,\\n \\"ScheduleWindow\\": \\"5m\\",\\n \\"ScheduleMaxTimeout\\": 60,\\n \\"AlertType\\": \\"WebShell\\",\\n \\"AlertLevel\\": \\"1\\",\\n \\"AlertTacticId\\": \\"TA0042\\",\\n \\"AlertAttCk\\": \\"Discovery\\",\\n \\"AlertThresholdPeriod\\": \\"5m\\",\\n \\"AlertThresholdCount\\": 10,\\n \\"AlertThresholdGroup\\": \\"alert_type,ip\\",\\n \\"IncidentAggregationType\\": \\"passthrough\\",\\n \\"IncidentAggregationExpression\\": \\"5m\\",\\n \\"PlaybookUuid\\": \\"dde983ed-eb56-45ea-ac2e-3b12b2a9****\\",\\n \\"PlaybookParameters\\": \\"{\\\\n \\\\\\"ip\\\\\\": {\\\\n \\\\\\"ip\\\\\\": \\\\\\"124.23.*.*\\\\\\"\\\\n }\\\\n}\\",\\n \\"Playbook\\": {\\n \\"Flow\\": \\"[\\\\n {\\\\n \\\\\\"id\\\\\\": \\\\\\"EndEvent_1fqpq4h\\\\\\",\\\\n \\\\\\"zIndex\\\\\\": 1,\\\\n \\\\\\"data\\\\\\": {\\\\n \\\\\\"nodeType\\\\\\": \\\\\\"endEvent\\\\\\",\\\\n \\\\\\"appType\\\\\\": \\\\\\"basic\\\\\\",\\\\n \\\\\\"valueData\\\\\\": {\\\\n\\\\n },\\\\n \\\\\\"icon\\\\\\": \\\\\\"icon-radio-off-full\\\\\\"\\\\n },\\\\n \\\\\\"position\\\\\\": {\\\\n \\\\\\"x\\\\\\": 1369,\\\\n \\\\\\"y\\\\\\": 174\\\\n }\\\\n }\\\\n]\\",\\n \\"Config\\": \\"[\\\\n {\\\\n \\\\\\"name\\\\\\": \\\\\\"expireDay\\\\\\",\\\\n \\\\\\"dataType\\\\\\": \\\\\\"Integer\\\\\\",\\\\n \\\\\\"required\\\\\\": true,\\\\n \\\\\\"isArray\\\\\\": false,\\\\n \\\\\\"example\\\\\\": \\\\\\"7\\\\\\",\\\\n \\\\\\"description\\\\\\": \\\\\\"desc\\\\\\",\\\\n \\\\\\"typeName\\\\\\": \\\\\\"Integer\\\\\\",\\\\n \\\\\\"dataClass\\\\\\": \\\\\\"normal\\\\\\",\\\\n \\\\\\"stanchDefaultValue\\\\\\": \\\\\\"7\\\\\\"\\\\n }\\\\n]\\"\\n },\\n \\"EntityMappings\\": [\\n {\\n \\"NormalizationSchemaId\\": \\"ip\\",\\n \\"NormalizationFieldMappings\\": [\\n {\\n \\"NormalizationFieldName\\": \\"src_ip\\",\\n \\"MappingFieldName\\": \\"ip\\",\\n \\"NormalizationFieldType\\": \\"vachar\\"\\n }\\n ]\\n }\\n ],\\n \\"AlertName\\": \\"Detected high-frequency multi-type network attacks from $src_ip$\\",\\n \\"AlertDescription\\": \\"Alert from: $product_code$, detected network attack from $src_ip$, affected assets include: $dst_ip$\\"\\n }\\n ],\\n \\"PageNumber\\": 2,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 6,\\n \\"MaxResults\\": 50,\\n \\"NextToken\\": \\"AAAAAUqcj6VO4E3ECWIrFczs****\\"\\n}","type":"json"}]',
+ 'title' => '获取自定义规则列表',
+ 'description' => '发送通知有频率和时间的限定。'."\n"
+ .'每天每个用户在08:00-20:00点最多收到两次通知,其余时间不会发送。',
+ ],
+ 'GetDetectionStatistic' => [
+ 'summary' => '获取检测规则计数。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'read',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'get',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsasASHGE7',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6FB890AC-90B2-5EEA-845B-F7C86FB2****',
+ ],
+ 'DetectionStatistic' => [
+ 'description' => '检测规则计数结果。',
+ 'type' => 'object',
+ 'properties' => [
+ 'DetectionRuleOnlineCount' => [
+ 'description' => '在线规则数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '10',
+ ],
+ 'DetectionRuleTestCount' => [
+ 'description' => '测试规则数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '5',
+ ],
+ 'DetectionRuleTemplateCount' => [
+ 'description' => '规则模版数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '20',
+ ],
+ 'GraphComputeRuleCount' => [
+ 'description' => '图计算规则数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '12',
+ ],
+ 'WindowRuleCount' => [
+ 'description' => '同类聚合规则数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '6',
+ ],
+ 'PassthroughRuleCount' => [
+ 'description' => '告警透传规则数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '2',
+ ],
+ ],
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'IdempotentParameterMismatch',
+ 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6FB890AC-90B2-5EEA-845B-F7C86FB2****\\",\\n \\"DetectionStatistic\\": {\\n \\"DetectionRuleOnlineCount\\": 10,\\n \\"DetectionRuleTestCount\\": 5,\\n \\"DetectionRuleTemplateCount\\": 20,\\n \\"GraphComputeRuleCount\\": 12,\\n \\"WindowRuleCount\\": 6,\\n \\"PassthroughRuleCount\\": 2\\n }\\n}","type":"json"}]',
+ 'title' => '获取检测规则计数',
+ ],
+ 'GetIncident' => [
+ 'summary' => '获取事件详情。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'read',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'get',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsasASHGE7',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'IncidentUuid',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '事件UUID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '85ea4241-798f-4684-a876-65d4f0c3****',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****',
+ ],
+ 'Incident' => [
+ 'description' => '事件信息。',
+ 'type' => 'object',
+ 'properties' => [
+ 'CreateTime' => [
+ 'description' => '创建时间。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '1757386075000',
+ ],
+ 'UpdateTime' => [
+ 'description' => '更新时间。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '1757386075000',
+ ],
+ 'IncidentUuid' => [
+ 'description' => '事件UUID。',
+ 'type' => 'string',
+ 'example' => '85ea4241-798f-4684-a876-65d4f0c3****',
+ ],
+ 'Owner' => [
+ 'title' => '事件责任人',
+ 'description' => '事件责任人',
+ 'type' => 'string',
+ 'example' => '1234567890xxxxxx',
+ ],
+ 'IncidentDescription' => [
+ 'description' => '事件描述。',
+ 'type' => 'string',
+ 'example' => 'Forti incident desc',
+ ],
+ 'IncidentName' => [
+ 'description' => '事件名称。',
+ 'type' => 'string',
+ 'example' => 'Forti',
+ ],
+ 'ThreatLevel' => [
+ 'description' => '威胁等级。取值:'."\n"
+ .'- 5:严重。'."\n"
+ .'- 4:高危。'."\n"
+ .'- 3:中危。'."\n"
+ .'- 2:低危。'."\n"
+ .'- 1:信息。',
+ 'type' => 'string',
+ 'example' => '2',
+ ],
+ 'IncidentAggregationType' => [
+ 'description' => '事件聚合类型。取值:'."\n"
+ ."\n"
+ .'- none:不生成事件'."\n"
+ .'- graph_compute:图计算(预定义规则支持)'."\n"
+ .'- expert:专家规则'."\n"
+ .'- passthrough:告警透出(1对1)'."\n"
+ .'- window:同类聚合(窗口)',
+ 'type' => 'string',
+ 'example' => 'window',
+ ],
+ 'ThreatScore' => [
+ 'description' => '事件的威胁分值, 范围 0~100, 分值越高风险等级越高。',
+ 'type' => 'string',
+ 'example' => '90',
+ ],
+ 'DetectionRuleId' => [
+ 'description' => '检测规则ID。',
+ 'type' => 'string',
+ 'example' => 'dr-fy2zvgiykjifbiim****',
+ ],
+ 'RelateAlertCount' => [
+ 'description' => '事件关联告警数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '23',
+ ],
+ 'RelateAssetCount' => [
+ 'description' => '事件关联资产数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '2',
+ ],
+ 'IncidentRemark' => [
+ 'description' => '事件备注。',
+ 'type' => 'string',
+ 'example' => 'Remark',
+ ],
+ 'AttckTactics' => [
+ 'description' => '事件关联告警攻击阶段计数。',
+ 'type' => 'any',
+ 'example' => '{'."\n"
+ .' "AttckTactics": ['."\n"
+ .' {'."\n"
+ .' "tacticName": "Reconnaissance",'."\n"
+ .' "alertNum": 0,'."\n"
+ .' "tacticId": "TA0040"'."\n"
+ .' }'."\n"
+ .' ]'."\n"
+ .'}',
+ ],
+ 'IncidentTags' => [
+ 'description' => '事件标签。',
+ 'type' => 'string',
+ 'example' => '["sys:data_source:waf"]',
+ ],
+ 'RelateDataSourceIds' => [
+ 'description' => '关联的数据源列表。',
+ 'type' => 'any',
+ 'example' => '["siem"]',
+ ],
+ 'RelateUserIds' => [
+ 'description' => '事件关联用户ID列表。',
+ 'type' => 'any',
+ 'example' => '["176618589410****","1130916744888****"]',
+ ],
+ 'IncidentStatus' => [
+ 'description' => '事件状态。取值:'."\n"
+ .'- 0:未处理。'."\n"
+ .'- 1:处理中。'."\n"
+ .'- 5:处理失败。'."\n"
+ .'- 10:已处理。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '0',
+ ],
+ ],
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'IdempotentParameterMismatch',
+ 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\",\\n \\"Incident\\": {\\n \\"CreateTime\\": 1757386075000,\\n \\"UpdateTime\\": 1757386075000,\\n \\"IncidentUuid\\": \\"85ea4241-798f-4684-a876-65d4f0c3****\\",\\n \\"Owner\\": \\"1234567890xxxxxx\\",\\n \\"IncidentDescription\\": \\"Forti incident desc\\",\\n \\"IncidentName\\": \\"Forti\\",\\n \\"ThreatLevel\\": \\"2\\",\\n \\"IncidentAggregationType\\": \\"window\\",\\n \\"ThreatScore\\": \\"90\\",\\n \\"DetectionRuleId\\": \\"dr-fy2zvgiykjifbiim****\\",\\n \\"RelateAlertCount\\": 23,\\n \\"RelateAssetCount\\": 2,\\n \\"IncidentRemark\\": \\"Remark\\",\\n \\"AttckTactics\\": \\"{\\\\n\\\\t\\\\\\"AttckTactics\\\\\\": [\\\\n\\\\t\\\\t{\\\\n\\\\t\\\\t\\\\t\\\\\\"tacticName\\\\\\": \\\\\\"Reconnaissance\\\\\\",\\\\n\\\\t\\\\t\\\\t\\\\\\"alertNum\\\\\\": 0,\\\\n\\\\t\\\\t\\\\t\\\\\\"tacticId\\\\\\": \\\\\\"TA0040\\\\\\"\\\\n\\\\t\\\\t}\\\\n\\\\t]\\\\n}\\",\\n \\"IncidentTags\\": \\"[\\\\\\"sys:data_source:waf\\\\\\"]\\",\\n \\"RelateDataSourceIds\\": \\"[\\\\\\"siem\\\\\\"]\\",\\n \\"RelateUserIds\\": \\"[\\\\\\"176618589410****\\\\\\",\\\\\\"1130916744888****\\\\\\"]\\",\\n \\"IncidentStatus\\": 0\\n }\\n}","type":"json"}]',
+ 'title' => '获取事件详情',
+ ],
+ 'ListIncidents' => [
+ 'summary' => '获取事件列表。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'read',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'list',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsasASHGE7',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'IncidentName',
+ 'in' => 'query',
+ 'schema' => [
+ 'description' => '事件名称。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'ECS unusual log in',
+ ],
+ ],
+ [
+ 'name' => 'IncidentUuids',
+ 'in' => 'query',
+ 'style' => 'simple',
+ 'schema' => [
+ 'description' => '事件UUID列表,多个UUID以半角逗号分隔。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '事件UUID列表,多个UUID以半角逗号分隔。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '85ea4241-798f-4684-a876-65d4f0c3****,90ea4241-798f-4684-a876-65d4f0c3****'."\n"
+ ."\n",
+ ],
+ 'required' => false,
+ ],
+ ],
+ [
+ 'name' => 'IncidentStatus',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '事件状态。取值:'."\n"
+ .'- 0:未处理。'."\n"
+ .'- 1:处理中。'."\n"
+ .'- 5:处理失败。'."\n"
+ .'- 10:已处理。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '0',
+ ],
+ ],
+ [
+ 'name' => 'ThreatLevel',
+ 'in' => 'formData',
+ 'style' => 'repeatList',
+ 'schema' => [
+ 'description' => '威胁等级。取值:'."\n"
+ .'- 5:严重。'."\n"
+ .'- 4:高危。'."\n"
+ .'- 3:中危。'."\n"
+ .'- 2:低危。'."\n"
+ .'- 1:信息。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '威胁等级。取值:'."\n"
+ .'- 5:严重。'."\n"
+ .'- 4:高危。'."\n"
+ .'- 3:中危。'."\n"
+ .'- 2:低危。'."\n"
+ .'- 1:信息。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '2',
+ ],
+ 'required' => false,
+ 'maxItems' => 100,
+ ],
+ ],
+ [
+ 'name' => 'RelateAssetId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '事件关联的资产ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '6c740667-80b2-476d-8924-2e706feb****'."\n",
+ ],
+ ],
+ [
+ 'name' => 'RelateEntityId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '事件关联的实体ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'b920ed22259f5412099e97dfda96****',
+ ],
+ ],
+ [
+ 'name' => 'IncidentTags',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '',
+ 'description' => '事件标签。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '[{\\"data_source\\":[\\"sas\\"]}]',
+ ],
+ ],
+ [
+ 'name' => 'AlertUuid',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '告警ID。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'sas_71e24437d2797ce8fc59692905a4****',
+ ],
+ ],
+ [
+ 'name' => 'StartTime',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '开始时间的时间戳,精确到毫秒(ms)。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '1690102943000',
+ ],
+ ],
+ [
+ 'name' => 'EndTime',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '结束时间的时间戳,精确到毫秒(ms)。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '1749090526055',
+ ],
+ ],
+ [
+ 'name' => 'OrderFieldName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '列表排序字段名称。'."\n"
+ .'- GmtModified:事件更新时间(默认)。'."\n"
+ .'- ThreatScore:威胁评分。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'GmtModified',
+ ],
+ ],
+ [
+ 'name' => 'OrderDirection',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '排序方向。取值:'."\n"
+ .'- **desc**(默认值):倒序。'."\n"
+ .'- **asc**:正序。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'desc',
+ ],
+ ],
+ [
+ 'name' => 'PageNumber',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '分页参数:当前页码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => true,
+ 'minimum' => '1',
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'PageSize',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '分页参数:每页显示条数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => true,
+ 'maximum' => '100',
+ 'minimum' => '1',
+ 'example' => '10',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'RoleType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '视图类型。取值:'."\n"
+ .'- 0:当前阿里云账号视图。'."\n"
+ .'- 1:企业下所有账号的视图。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '1',
+ ],
+ ],
+ [
+ 'name' => 'MaxResults',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '本次读取的最大数据量。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'required' => false,
+ 'example' => '10',
+ ],
+ ],
+ [
+ 'name' => 'NextToken',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '是否拥有下一次查询的令牌(Token)。取值:第一次查询和没有下一次查询时,均无需填写。如果有下一次查询,取值为上一次API调用返回的NextToken值。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'AAAAASLVeIxed4466E0LVmGkzwS6hJKd9DGVGMDRM6Lu****',
+ ],
+ ],
+ [
+ 'name' => 'Owners',
+ 'in' => 'formData',
+ 'style' => 'repeatList',
+ 'schema' => [
+ 'title' => '事件责任人账号uid',
+ 'description' => '事件责任人账号uid',
+ 'type' => 'array',
+ 'items' => [
+ 'title' => '事件责任人账号uid',
+ 'description' => '事件责任人账号uid',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '1234567890xxxxxx',
+ ],
+ 'required' => false,
+ 'maxItems' => 100,
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ 'Incidents' => [
+ 'description' => '事件列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => '事件。',
+ 'type' => 'object',
+ 'properties' => [
+ 'IncidentName' => [
+ 'description' => '事件名称。',
+ 'type' => 'string',
+ 'example' => 'ECS unusual log in',
+ ],
+ 'ThreatLevel' => [
+ 'description' => '威胁等级。取值:'."\n"
+ .'- 5:严重。'."\n"
+ .'- 4:高危。'."\n"
+ .'- 3:中危。'."\n"
+ .'- 2:低危。'."\n"
+ .'- 1:信息。',
+ 'type' => 'string',
+ 'example' => '2',
+ ],
+ 'IncidentStatus' => [
+ 'description' => '事件状态。取值:'."\n"
+ .'- 0:未处理。'."\n"
+ .'- 1:处理中。'."\n"
+ .'- 5:处理失败。'."\n"
+ .'- 10:已处理。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '0',
+ ],
+ 'Owner' => [
+ 'title' => '事件责任人账号uid'."\n",
+ 'description' => '事件责任人账号uid'."\n",
+ 'type' => 'string',
+ 'example' => '1234567890xxxxxx',
+ ],
+ 'CreateTime' => [
+ 'description' => '创建时间。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '1603248483000',
+ ],
+ 'UpdateTime' => [
+ 'description' => '更新时间。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '1603248483000',
+ ],
+ 'RelateAssetCount' => [
+ 'description' => '事件关联资产数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '4',
+ ],
+ 'IncidentUuid' => [
+ 'description' => '事件UUID。',
+ 'type' => 'string',
+ 'example' => 'dbb1d7211c9285c862aa89385098****',
+ ],
+ 'IncidentRemark' => [
+ 'description' => '事件备注。',
+ 'type' => 'string',
+ 'example' => 'remark',
+ ],
+ 'RelateAlertCount' => [
+ 'description' => '事件关联告警数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '3',
+ ],
+ 'IncidentTags' => [
+ 'title' => '事件标签。',
+ 'description' => '事件标签。',
+ 'type' => 'string',
+ 'example' => '["sys:data_source:siem","sys:trigger_type:auto"]',
+ ],
+ 'DetectionRuleId' => [
+ 'description' => '检测规则ID。',
+ 'type' => 'string',
+ 'example' => 'dr-qo5ww6ux0uc28*****',
+ ],
+ ],
+ ],
+ ],
+ 'PageNumber' => [
+ 'description' => '分页参数:当前页码。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '1',
+ ],
+ 'PageSize' => [
+ 'description' => '分页参数:每页显示条数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '10',
+ ],
+ 'TotalCount' => [
+ 'description' => '记录总数。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '57',
+ ],
+ 'MaxResults' => [
+ 'description' => '本次读取的最大数据量。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '50',
+ ],
+ 'NextToken' => [
+ 'description' => '是否拥有下一次查询的令牌(Token)。取值:第一次查询和没有下一次查询时,均无需填写。如果有下一次查询,取值为上一次API调用返回的NextToken值。',
+ 'type' => 'string',
+ 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'IdempotentParameterMismatch',
+ 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"Incidents\\": [\\n {\\n \\"IncidentName\\": \\"ECS unusual log in\\",\\n \\"ThreatLevel\\": \\"2\\",\\n \\"IncidentStatus\\": 0,\\n \\"Owner\\": \\"1234567890xxxxxx\\",\\n \\"CreateTime\\": 1603248483000,\\n \\"UpdateTime\\": 1603248483000,\\n \\"RelateAssetCount\\": 4,\\n \\"IncidentUuid\\": \\"dbb1d7211c9285c862aa89385098****\\",\\n \\"IncidentRemark\\": \\"remark\\",\\n \\"RelateAlertCount\\": 3,\\n \\"IncidentTags\\": \\"[\\\\\\"sys:data_source:siem\\\\\\",\\\\\\"sys:trigger_type:auto\\\\\\"]\\",\\n \\"DetectionRuleId\\": \\"dr-qo5ww6ux0uc28*****\\"\\n }\\n ],\\n \\"PageNumber\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 57,\\n \\"MaxResults\\": 50,\\n \\"NextToken\\": \\"AAAAAUqcj6VO4E3ECWIrFczs****\\"\\n}","type":"json"}]',
+ 'title' => '获取事件列表',
+ ],
+ 'CreateExportTask' => [
+ 'summary' => '创建导出任务。',
+ 'methods' => [
+ 'post',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'write',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'create',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsasASHGE7',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'ExportTaskParameter',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '导出任务参数,基于查询条件拼接为,格式为json。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '{'."\n"
+ .' "IncidentName": "name",'."\n"
+ .' "IncidentStatus": "1",'."\n"
+ .' "ThreatLevel":["1","2"],'."\n"
+ .' "IncidentUuids":"315EE627-39DC-560A-8DFD-CBF66AD9****"'."\n"
+ .'}',
+ ],
+ ],
+ [
+ 'name' => 'ExportTaskType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '导出类型。取值:'."\n"
+ .'- incident_list:事件列表。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'incident_list',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ 'FileName' => [
+ 'description' => '导出文件的名称。',
+ 'type' => 'string',
+ 'example' => 'event_1193842352994186_17344888****.xlsx',
+ ],
+ 'Id' => [
+ 'description' => '导出任务ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '400151',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'IdempotentParameterMismatch',
+ 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"FileName\\": \\"event_1193842352994186_17344888****.xlsx\\",\\n \\"Id\\": 400151\\n}","type":"json"}]',
+ 'title' => '创建导出任务',
+ ],
+ 'GetExportTask' => [
+ 'summary' => '获取导出任务进度。',
+ 'methods' => [
+ 'get',
+ 'post',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'read',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'get',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsasASHGE7',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'ExportId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '导出任务的ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '200013',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => '返回体。',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'description' => '请求消息ID。',
+ 'type' => 'string',
+ 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****',
+ ],
+ 'FileName' => [
+ 'description' => '文件名称。',
+ 'type' => 'string',
+ 'example' => 'event_1193842352994186_17344888****.xlsx',
+ ],
+ 'Id' => [
+ 'description' => '导出任务ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'example' => '400185',
+ ],
+ 'ExportType' => [
+ 'description' => '导出类型。取值:'."\n"
+ .'- incident_list:事件列表。',
+ 'type' => 'string',
+ 'example' => 'incident_list',
+ ],
+ 'ExportStatus' => [
+ 'description' => '任务状态。取值:'."\n"
+ .'- success:导出成功。'."\n"
+ .'- exporting:导出中。',
+ 'type' => 'string',
+ 'example' => 'success',
+ ],
+ 'Progress' => [
+ 'description' => '导出进度。',
+ 'type' => 'integer',
+ 'format' => 'int32',
+ 'example' => '66',
+ ],
+ 'GmtCreate' => [
+ 'description' => '创建时间。',
+ 'type' => 'string',
+ 'example' => '1605076118000',
+ ],
+ 'Link' => [
+ 'description' => '导出后Excel的下载链接。',
+ 'type' => 'string',
+ 'example' => 'https://cloud-siem-user-dataset.oss-cn-shanghai.aliyuncs.com/export_file/17661858******5/event_17661858******5_175748****.xlsx',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [
+ 400 => [
+ [
+ 'errorCode' => 'IdempotentParameterMismatch',
+ 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.',
+ ],
+ ],
+ ],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\",\\n \\"FileName\\": \\"event_1193842352994186_17344888****.xlsx\\",\\n \\"Id\\": 400185,\\n \\"ExportType\\": \\"incident_list\\",\\n \\"ExportStatus\\": \\"success\\",\\n \\"Progress\\": 66,\\n \\"GmtCreate\\": \\"1605076118000\\",\\n \\"Link\\": \\"https://cloud-siem-user-dataset.oss-cn-shanghai.aliyuncs.com/export_file/17661858******5/event_17661858******5_175748****.xlsx\\"\\n}","type":"json"}]',
+ 'title' => '获取导出任务进度',
+ ],
+ 'UpdateNormalizationSchema' => [
+ 'summary' => '更新标准化结构。',
+ 'methods' => [
+ 'post',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'write',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'update',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地。'."\n"
+ .'- ap-southeast-1:资产属于海外地域。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'NormalizationSchemaType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '标准化结构类型,当前仅支持log。',
+ 'description' => '标准化结构类型:'."\n"
+ .'- log - 日志。'."\n"
+ .'- entity - 实体。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'log',
+ ],
+ ],
+ [
+ 'name' => 'NormalizationSchemaId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '标准化结构ID。',
+ 'description' => '标准化结构ID。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'WAF_ALERT_ACTIVITY',
+ ],
+ ],
+ [
+ 'name' => 'NormalizationSchemaName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '标准化结构名称。',
+ 'description' => '标准化结构名称。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'ProcessQuery',
+ ],
+ ],
+ [
+ 'name' => 'NormalizationSchemaDescription',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '标准化结构描述',
+ 'description' => '标准化结构描述',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'ProcessQuery',
+ ],
+ ],
+ [
+ 'name' => 'NormalizationFields',
+ 'in' => 'formData',
+ 'style' => 'repeatList',
+ 'schema' => [
+ 'description' => '标准化字段。',
+ 'type' => 'array',
+ 'items' => [
+ 'title' => '',
+ 'description' => '标准化字段。',
+ 'type' => 'object',
+ 'properties' => [
+ 'NormalizationFieldName' => [
+ 'title' => '标准化字段名。',
+ 'description' => '标准化字段名。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'cloud_user',
+ ],
+ 'NormalizationFieldType' => [
+ 'title' => '标准字段类型,支持text、long、double、json四种类型。',
+ 'description' => '标准字段类型,支持text、long、double、json四种类型。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'varchar',
+ ],
+ 'NormalizationFieldRequired' => [
+ 'title' => '标准字段是否必填。',
+ 'description' => '标准字段是否必填。',
+ 'type' => 'boolean',
+ 'required' => false,
+ ],
+ 'NormalizationFieldDescription' => [
+ 'title' => '标准字段描述。',
+ 'description' => '标准字段描述。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cloud_user',
+ ],
+ 'NormalizationFieldExample' => [
+ 'title' => '标准字段示例',
+ 'description' => '标准字段示例',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '173326*******',
+ ],
+ 'NormalizationFieldFrom' => [
+ 'description' => 'json类型的标准字段key来源。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'preset',
+ ],
+ 'NormalizationFieldTokenize' => [
+ 'title' => '标准字段是否分词。',
+ 'description' => '标准字段是否分词。',
+ 'type' => 'boolean',
+ 'required' => false,
+ ],
+ 'NormalizationFieldJsonIndexAll' => [
+ 'title' => 'json类型的标准字段是否针对所有key建立索引。',
+ 'description' => 'json类型的标准字段是否针对所有key建立索引。',
+ 'type' => 'boolean',
+ 'required' => false,
+ ],
+ 'NormalizationFieldJsonKeys' => [
+ 'title' => 'json类型的标准字段key列表。',
+ 'description' => 'json类型的标准字段key列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => 'json类型的标准字段key。',
+ 'type' => 'object',
+ 'properties' => [
+ 'NormalizationFieldName' => [
+ 'title' => 'json类型的标准字段key名称。',
+ 'description' => 'json类型的标准字段key名称。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'alert_name',
+ ],
+ 'NormalizationFieldType' => [
+ 'title' => 'json类型的标准字段key类型,支持text、long、double、json四种类型',
+ 'description' => 'json类型的标准字段key类型,支持text、long、double、json四种类型',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'text',
+ ],
+ 'NormalizationFieldRequired' => [
+ 'title' => 'json类型的标准字段key是否必填。',
+ 'description' => 'json类型的标准字段key是否必填。',
+ 'type' => 'boolean',
+ 'required' => false,
+ ],
+ 'NormalizationFieldDescription' => [
+ 'title' => 'json类型的标准字段key描述。',
+ 'description' => 'json类型的标准字段key描述。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '告警等级',
+ ],
+ 'NormalizationFieldExample' => [
+ 'title' => 'json类型的标准字段key示例。',
+ 'description' => 'json类型的标准字段key示例。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '枚举值:1、2、3、4、5',
+ ],
+ 'NormalizationFieldFrom' => [
+ 'description' => 'json类型的标准字段key来源。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'preset',
+ ],
+ 'NormalizationFieldTokenize' => [
+ 'title' => 'json类型的标准字段key是否分词。',
+ 'description' => 'json类型的标准字段key是否分词。',
+ 'type' => 'boolean',
+ 'required' => false,
+ 'example' => 'true',
+ ],
+ ],
+ 'required' => false,
+ ],
+ 'required' => false,
+ 'maxItems' => 100,
+ ],
+ ],
+ 'required' => false,
+ ],
+ 'required' => false,
+ 'maxItems' => 100,
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => 'Schema of Response',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'title' => '请求消息 ID。',
+ 'description' => '请求消息 ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]',
+ 'title' => '更新标准化结构',
+ 'description' => '入参JsonConfig是一个非常复杂的JSON配置,为此我们提供了辅助工具类帮助具体配置示例,请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。',
+ ],
+ 'CreateNormalizationSchema' => [
+ 'summary' => '创建数据源。',
+ 'methods' => [
+ 'post',
+ ],
+ 'schemes' => [
+ 'https',
+ ],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'operationType' => 'write',
+ 'deprecated' => false,
+ 'systemTags' => [
+ 'operationType' => 'create',
+ 'riskType' => 'none',
+ 'chargeType' => 'free',
+ 'abilityTreeNodes' => [
+ 'FEATUREsas5NAHBX',
+ ],
+ ],
+ 'parameters' => [
+ [
+ 'name' => 'RegionId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域,选择管理中心所在地。取值:'."\n"
+ .'- cn-hangzhou:资产属于中国内地与中国香港'."\n"
+ .'- ap-southeast-1:资产属于海外地域',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cn-hangzhou',
+ ],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '返回消息的语言类型。取值:'."\n"
+ .'- **zh**(默认):中文。'."\n"
+ .'- **en**:英文。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'zh',
+ ],
+ ],
+ [
+ 'name' => 'RoleFor',
+ 'in' => 'formData',
+ 'schema' => [
+ 'description' => '管理员切换成其他成员视角的用户ID。',
+ 'type' => 'integer',
+ 'format' => 'int64',
+ 'required' => false,
+ 'example' => '113091674488****',
+ ],
+ ],
+ [
+ 'name' => 'NormalizationSchemaType',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '标准化结构类型,当前仅支持log。',
+ 'description' => '标准化结构类型:'."\n"
+ .'- log - 日志。'."\n"
+ .'- entity - 实体。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'log',
+ ],
+ ],
+ [
+ 'name' => 'NormalizationSchemaId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '标准化结构ID。',
+ 'description' => '标准化结构ID。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'PROCESS_QUERY_DNS_ACTIVITY',
+ ],
+ ],
+ [
+ 'name' => 'NormalizationSchemaName',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '标准化结构名称。',
+ 'description' => '标准化结构名称。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'ProcessQuery',
+ ],
+ ],
+ [
+ 'name' => 'NormalizationSchemaDescription',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '标准化结构描述',
+ 'description' => '标准化结构描述',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'ProcessQuery',
+ ],
+ ],
+ [
+ 'name' => 'NormalizationCategoryId',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '标准化分类ID。',
+ 'description' => '标准化分类ID。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'NETWORK_CATEGORY',
+ ],
+ ],
+ [
+ 'name' => 'TargetLogStore',
+ 'in' => 'formData',
+ 'schema' => [
+ 'title' => '日志服务 LogStore。',
+ 'description' => '日志服务 LogStore。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'xxx-activity',
+ ],
+ ],
+ [
+ 'name' => 'NormalizationFields',
+ 'in' => 'formData',
+ 'style' => 'repeatList',
+ 'schema' => [
+ 'description' => '标准化字段。',
+ 'type' => 'array',
+ 'items' => [
+ 'title' => '',
+ 'description' => '标准化字段。',
+ 'type' => 'object',
+ 'properties' => [
+ 'NormalizationFieldName' => [
+ 'title' => '标准化字段名。',
+ 'description' => '标准化字段名。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'cloud_user',
+ ],
+ 'NormalizationFieldType' => [
+ 'title' => '标准字段类型,支持text、long、double、json四种类型。',
+ 'description' => '标准字段类型,支持text、long、double、json四种类型。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'varchar',
+ ],
+ 'NormalizationFieldRequired' => [
+ 'title' => '标准字段是否必填。',
+ 'description' => '标准字段是否必填。',
+ 'type' => 'boolean',
+ 'required' => false,
+ 'example' => 'true',
+ ],
+ 'NormalizationFieldDescription' => [
+ 'title' => '标准字段描述。',
+ 'description' => '标准字段描述。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'cloud_user',
+ ],
+ 'NormalizationFieldFrom' => [
+ 'description' => 'json类型的标准字段key来源。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'preset',
+ ],
+ 'NormalizationFieldExample' => [
+ 'title' => '标准字段示例',
+ 'description' => '标准字段示例',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '173326*******',
+ ],
+ 'NormalizationFieldTokenize' => [
+ 'title' => '标准字段是否分词。',
+ 'description' => '标准字段是否分词。',
+ 'type' => 'boolean',
+ 'required' => false,
+ 'example' => 'true',
+ ],
+ 'NormalizationFieldJsonIndexAll' => [
+ 'title' => 'json类型的标准字段是否针对所有key建立索引。',
+ 'description' => 'json类型的标准字段是否针对所有key建立索引。',
+ 'type' => 'boolean',
+ 'required' => false,
+ 'example' => 'true',
+ ],
+ 'NormalizationFieldJsonKeys' => [
+ 'title' => 'json类型的标准字段key列表。',
+ 'description' => 'json类型的标准字段key列表。',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => 'json类型的标准字段key。',
+ 'type' => 'object',
+ 'properties' => [
+ 'NormalizationFieldName' => [
+ 'title' => 'json类型的标准字段key名称。',
+ 'description' => 'json类型的标准字段key名称。',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'alert_level',
+ ],
+ 'NormalizationFieldType' => [
+ 'title' => 'json类型的标准字段key类型,支持text、long、double、json四种类型',
+ 'description' => 'json类型的标准字段key类型,支持text、long、double、json四种类型',
+ 'type' => 'string',
+ 'required' => true,
+ 'example' => 'text',
+ ],
+ 'NormalizationFieldRequired' => [
+ 'title' => 'json类型的标准字段key是否必填。',
+ 'description' => 'json类型的标准字段key是否必填。',
+ 'type' => 'boolean',
+ 'required' => false,
+ 'example' => 'true',
+ ],
+ 'NormalizationFieldDescription' => [
+ 'title' => 'json类型的标准字段key描述。',
+ 'description' => 'json类型的标准字段key描述。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'The alert severity levels are represented by the values 1, 2, 3, and 4.',
+ ],
+ 'NormalizationFieldFrom' => [
+ 'description' => 'json类型的标准字段key来源。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => 'preset',
+ ],
+ 'NormalizationFieldExample' => [
+ 'title' => 'json类型的标准字段key示例。',
+ 'description' => 'json类型的标准字段key示例。',
+ 'type' => 'string',
+ 'required' => false,
+ 'example' => '1, 2, 3, 4',
+ ],
+ 'NormalizationFieldTokenize' => [
+ 'title' => 'json类型的标准字段key是否分词。',
+ 'description' => 'json类型的标准字段key是否分词。',
+ 'type' => 'boolean',
+ 'required' => false,
+ 'example' => 'true',
+ ],
+ ],
+ 'required' => false,
+ ],
+ 'required' => false,
+ 'maxItems' => 100,
+ ],
+ 'NormalizationFieldRequirement' => [
+ 'description' => '标准化字段是否必填。',
+ 'type' => 'boolean',
+ 'required' => false,
+ 'example' => 'true',
+ ],
+ 'NormalizationFieldReserved' => [
+ 'description' => '标准化字段是否保留。',
+ 'type' => 'boolean',
+ 'required' => false,
+ 'example' => 'true',
+ ],
+ ],
+ 'required' => false,
+ ],
+ 'required' => false,
+ 'maxItems' => 100,
+ ],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
+ 'schema' => [
+ 'title' => 'Schema of Response',
+ 'description' => 'Schema of Response',
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => [
+ 'title' => '请求消息 ID。',
+ 'description' => '请求消息 ID。',
+ 'type' => 'string',
+ 'example' => '6276D891-*****-55B2-87B9-74D413F7****',
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'errorCodes' => [],
+ 'staticInfo' => [
+ 'returnType' => 'synchronous',
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]',
+ 'title' => '创建标准化结构',
+ 'description' => '入参JsonConfig是一个非常复杂的JSON配置,为此我们提供了辅助工具类帮助具体配置示例,请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。',
+ ],
+ ],
+ 'endpoints' => [
+ [
+ 'regionId' => 'cn-shanghai',
+ 'endpoint' => 'cloud-siem.cn-shanghai.aliyuncs.com',
+ ],
+ [
+ 'regionId' => 'ap-southeast-1',
+ 'endpoint' => 'cloud-siem.ap-southeast-1.aliyuncs.com',
+ ],
+ ],
+];
generated by cgit v1.2.3 (git 2.46.0) at 2026-03-07 11:37:17 +0000