'1.0', 'info' => [ 'style' => 'RPC', 'product' => 'cloud-siem', 'version' => '2022-06-16', ], 'directories' => [ [ 'id' => 187571, 'title' => '多账号管控', 'type' => 'directory', 'children' => [ 'ListRdUsers', ], ], [ 'id' => 187473, 'title' => '日志接入', 'type' => 'directory', 'children' => [ 'ListAccountsByLog', 'DescribeUserBuyStatus', 'ListProjectLogStores', 'ModifyDataSource', 'ModifyDataSourceLog', 'ModifyBindAccount', 'ListImportedLogsByProd', 'ListDataSourceTypes', 'ListDataSourceLogs', 'ListBindDataSources', 'ListAllProds', 'EnableServiceForCloudSiem', 'EnableAccessForCloudSiem', 'DescribeServiceStatus', 'DescribeProdCount', 'DescribeImportedLogCount', 'DescribeDataSourceParameters', 'DescribeDataSourceInstance', 'DescribeAuth', 'DeleteDataSourceLog', 'DeleteDataSource', 'DeleteBindAccount', 'BindAccount', 'AddUserSourceLogConfig', 'AddDataSourceLog', 'AddDataSource', 'ListBindAccount', 'ListAccountAccessId', 'SubmitImportLogTasks', ], ], [ 'id' => 186523, 'title' => '安全告警', 'type' => 'directory', 'children' => [ 'DescribeAlertsWithEntity', 'DescribeAlerts', 'DescribeAlertSource', 'DescribeAlertsCount', ], ], [ 'id' => 186560, 'title' => '事件处置', 'type' => 'directory', 'children' => [ 'ListEntities', 'DescribeEntityInfo', 'PostEventDisposeAndWhiteruleList', 'DescribeWafScope', 'DescribeEventDispose', 'DescribeEventCountByThreatLevel', 'DescribeDisposeAndPlaybook', 'DescribeCloudSiemEvents', 'DescribeCloudSiemEventDetail', 'DescribeCloudSiemAssetsCounter', 'DescribeCloudSiemAssets', 'DescribeAlertsWithEvent', 'DescribeAlertSourceWithEvent', ], ], [ 'id' => 186542, 'title' => '规则管理', 'type' => 'directory', 'children' => [ 'DescribeAlertType', 'DeleteCustomizeRule', 'DescribeAggregateFunction', 'DescribeCustomizeRuleCount', 'DescribeCustomizeRuleTest', 'DescribeCustomizeRuleTestHistogram', 'DescribeLogFields', 'DescribeLogSource', 'DescribeLogType', 'DescribeOperators', 'ListCloudSiemCustomizeRules', 'ListCloudSiemPredefinedRules', 'ListCustomizeRuleTestResult', 'PostCustomizeRule', 'PostCustomizeRuleTest', 'PostFinishCustomizeRuleTest', 'PostRuleStatusChange', ], ], [ 'id' => 186597, 'title' => '响应规则', 'type' => 'directory', 'children' => [ 'DescribeScopeUsers', 'DeleteAutomateResponseConfig', 'DescribeAutomateResponseConfigCounter', 'DescribeAutomateResponseConfigFeature', 'ListAutomateResponseConfigs', 'PostAutomateResponseConfig', 'UpdateAutomateResponseConfigStatus', ], ], [ 'id' => 186605, 'title' => '处置中心', 'type' => 'directory', 'children' => [ 'ListDisposeStrategy', 'DescribeDisposeStrategyPlaybook', ], ], [ 'id' => 186147, 'title' => '存储管理', 'type' => 'directory', 'children' => [ 'RestoreCapacity', 'GetCapacity', 'SetStorage', 'DescribeStorage', 'GetStorage', ], ], [ 'id' => 186161, 'title' => '投递管理', 'type' => 'directory', 'children' => [ 'ListDelivery', 'OpenDelivery', 'CloseDelivery', ], ], [ 'id' => 186608, 'title' => '告警加白', 'type' => 'directory', 'children' => [ 'UpdateWhiteRuleList', 'PostEventWhiteruleList', 'DescribeWhiteRuleList', 'DescribeAlertScene', 'DescribeAlertSceneByEvent', 'DeleteWhiteRuleList', ], ], ], 'components' => [ 'schemas' => [], ], 'apis' => [ 'ListRdUsers' => [ 'summary' => '列举已经接入威胁分析多账号管控的阿里云账号，被纳管到威胁分析的阿里云账号才可以使用威胁分析日志接入、事件处置等功能。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'http', 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'list', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeCode' => '154081', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'CloudSiemSuccessResponse>', 'description' => 'CloudSiemSuccessResponse>', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'array', 'items' => [ 'description' => '数据概览。', 'type' => 'object', 'properties' => [ 'Joined' => [ 'title' => '日志code。', 'description' => '是否已被威胁分析多账号管控纳管。取值：'."\n" .' - true：已被纳管。'."\n" .' - false：未被纳管。', 'type' => 'boolean', 'example' => 'true', ], 'JoinedTime' => [ 'description' => '被纳管时间。', 'type' => 'string', 'example' => '2013-10-01 00:00:00', ], 'DelegatedOrNot' => [ 'title' => '是否被委派查看自己的资源', 'description' => '是否被委派查看自己的资源', 'type' => 'boolean', 'example' => 'true', ], 'MainUserId' => [ 'title' => '购买威胁分析的云账号ID。', 'description' => '购买威胁分析的阿里云账号ID。', 'type' => 'integer', 'format' => 'int64', 'example' => '123XXXXXXXXX', ], 'SubUserId' => [ 'title' => '威胁分析云账号ID。', 'description' => '威胁分析阿里云账号ID。', 'type' => 'integer', 'format' => 'int64', 'example' => '123XXXXXXXX', ], 'SubUserName' => [ 'title' => '威胁分析云账号名字。', 'description' => '威胁分析阿里云账号名字。', 'type' => 'string', 'example' => 'sas_account_xxx', ], ], ], ], 'RequestId' => [ 'title' => '请求消息ID。', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorCode' => 'InternalError', 'errorMessage' => 'The request processing has failed due to some unknown error.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"Joined\\": true,\\n \\"JoinedTime\\": \\"2013-10-01 00:00:00\\",\\n \\"DelegatedOrNot\\": true,\\n \\"MainUserId\\": 0,\\n \\"SubUserId\\": 0,\\n \\"SubUserName\\": \\"sas_account_xxx\\"\\n }\\n ],\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', 'title' => '查看资源目录下用户信息', ], 'ListAccountsByLog' => [ 'summary' => '按日志查看账号列表。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'http', 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'list', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeCode' => '196080', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'ProdCode', 'in' => 'formData', 'schema' => [ 'title' => '产品的code。', 'description' => '产品的code。', 'type' => 'string', 'required' => true, 'example' => 'qcloud_waf', ], ], [ 'name' => 'LogCodes', 'in' => 'formData', 'style' => 'repeatList', 'schema' => [ 'title' => '日志code列表，json数组格式。', 'description' => '日志code列表，json数组格式。', 'type' => 'array', 'items' => [ 'description' => '日志code列表，json数组格式。', 'type' => 'string', 'required' => false, 'example' => '["cloud_siem_hcloud_waf_alert_log"]', ], 'required' => true, 'example' => '["cloud_siem_hcloud_waf_alert_log"]', 'maxItems' => 100, ], ], [ 'name' => 'CloudCode', 'in' => 'formData', 'schema' => [ 'title' => '多云的code。取值：'."\n" .' - hcloud：华为云。'."\n" .' - qcloud：腾讯云。 '."\n" .' - aliyun：阿里云。', 'description' => '多云的code。', 'type' => 'string', 'required' => true, 'example' => 'hcloud', 'enum' => [ 'qcloud', 'hcloud', 'aliyun', 'idc', ], ], ], [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'CloudSiemSuccessResponse>', 'description' => 'CloudSiemSuccessResponse>', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'array', 'items' => [ 'description' => '请求返回值。', 'type' => 'object', 'properties' => [ 'SubUserId' => [ 'title' => '威胁分析云账号ID。', 'description' => '威胁分析云账号ID。', 'type' => 'integer', 'format' => 'int64', 'example' => '123XXXXXXXX', ], 'MainUserId' => [ 'title' => '购买威胁分析的云账号ID。', 'description' => '购买威胁分析的云账号ID。', 'type' => 'integer', 'format' => 'int64', 'example' => '123XXXXXXXXX', ], 'AccountId' => [ 'title' => '云账号ID。', 'description' => '云账号ID。', 'type' => 'string', 'example' => '123xxxxxxx', ], 'AccountName' => [ 'title' => '云账号名称。', 'description' => '云账号名称。', 'type' => 'string', 'example' => 'sas_account_xxx', ], 'Imported' => [ 'title' => '该账号是否已经接入。取值：'."\n" .' -1：已接入。'."\n" .' -0：未接入。', 'description' => '该账号是否已经接入。取值：'."\n" .' -1：已接入。'."\n" .' -0：未接入。', 'type' => 'integer', 'format' => 'int32', 'example' => '123xxxxxxx', ], 'LogCode' => [ 'title' => '日志code。', 'description' => '日志code。', 'type' => 'string', 'example' => 'cloud_siem_waf_xxxxx', ], 'ProdCode' => [ 'title' => '日志对应的产品code。', 'description' => '日志对应的产品code。', 'type' => 'string', 'example' => 'qcloud_waf', ], ], ], ], 'RequestId' => [ 'title' => '请求消息ID。', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorCode' => 'InternalError', 'errorMessage' => 'The request processing has failed due to some unknown error.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"SubUserId\\": 0,\\n \\"MainUserId\\": 0,\\n \\"AccountId\\": \\"123xxxxxxx\\",\\n \\"AccountName\\": \\"sas_account_xxx\\",\\n \\"Imported\\": 0,\\n \\"LogCode\\": \\"cloud_siem_waf_xxxxx\\",\\n \\"ProdCode\\": \\"qcloud_waf\\"\\n }\\n ],\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', 'title' => '按日志查看账号列表', ], 'DescribeUserBuyStatus' => [ 'summary' => '查看当前阿里云用户或对应的阿里云企业组织账号是否已经购买威胁分析。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'http', 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeCode' => '157646', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'SubUserId', 'in' => 'formData', 'schema' => [ 'title' => '阿里云账号', 'description' => '阿里云账号ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '123XXXXXX', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'CloudSiemSuccessResponse', 'description' => 'CloudSiemSuccessResponse', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '返回结果。', 'type' => 'object', 'properties' => [ 'MasterUserId' => [ 'title' => '资源目录Master账号ID。', 'description' => '资源目录Master账号ID。', 'type' => 'integer', 'format' => 'int64', 'example' => '123XXXXXX', ], 'MasterUserName' => [ 'title' => '资源目录Master账号显示名称。', 'description' => '资源目录Master账号显示名称。', 'type' => 'string', 'example' => 'rd_master_xxx', ], 'MainUserId' => [ 'title' => '购买威胁分析的阿里云账号ID。', 'description' => '购买威胁分析的阿里云账号ID。', 'type' => 'integer', 'format' => 'int64', 'example' => '123XXXXXX', ], 'MainUserName' => [ 'title' => '购买威胁分析的阿里云账号名称。', 'description' => '购买威胁分析的阿里云账号名称。', 'type' => 'string', 'example' => 'sas_account_xxx', ], 'SubUserId' => [ 'title' => '当前登录阿里云账号ID。', 'description' => '当前登录阿里云账号ID。', 'type' => 'integer', 'format' => 'int64', 'example' => '123XXXXXX', ], 'SubUserName' => [ 'title' => '当前登录阿里云账号名称。', 'description' => '当前登录阿里云账号名称。', 'type' => 'string', 'example' => 'sas_account_xxx', ], 'Capacity' => [ 'title' => '购买威胁分析的SLS容量，单位GB。', 'description' => '购买威胁分析的SLS容量，单位GB。', 'type' => 'integer', 'format' => 'int32', 'example' => '1024', ], 'SasInstanceId' => [ 'title' => '云安全中心实例ID。', 'description' => '云安全中心实例ID。', 'type' => 'string', 'example' => 'sas-instance-xxxxx', ], 'CanBuy' => [ 'title' => '当前账号是否可以进行威胁分析订单操作。取值：'."\n" .' - true：可以购买、升级、变配等。'."\n" .' - false：不可以操作威胁分析订单。', 'description' => '当前账号是否可以进行威胁分析订单操作。取值：'."\n" .'- true：可以购买、升级、变配等。'."\n" .'- false：不可以操作威胁分析订单。', 'type' => 'boolean', 'example' => 'true', ], 'EndTime' => [ 'title' => '威胁分析到期时间，毫秒级时间戳。', 'description' => '威胁分析到期时间，毫秒级时间戳。', 'type' => 'integer', 'format' => 'int64', 'example' => '1669823999000', ], 'DurationDays' => [ 'title' => '距离威胁分析过期时间的天数。', 'description' => '距离威胁分析过期时间的天数。', 'type' => 'integer', 'format' => 'int64', 'example' => '3', ], 'RdOrder' => [ 'title' => '是否是siem公测版订单。', 'description' => '当前订单形态。'."\n" ."\n" .'- 0：包含威胁分析流量和威胁分析容量的订单。'."\n" ."\n" .'- 1：只包含威胁分析容量的订单。', 'type' => 'integer', 'format' => 'int32', 'example' => '1', ], ], ], 'RequestId' => [ 'title' => '请求消息ID。', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '81D8EC0C-0804-51AD-8C38-17ED0BC74892', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorCode' => 'InternalError', 'errorMessage' => 'The request processing has failed due to some unknown error.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"MasterUserId\\": 0,\\n \\"MasterUserName\\": \\"rd_master_xxx\\",\\n \\"MainUserId\\": 0,\\n \\"MainUserName\\": \\"sas_account_xxx\\",\\n \\"SubUserId\\": 0,\\n \\"SubUserName\\": \\"sas_account_xxx\\",\\n \\"Capacity\\": 1024,\\n \\"SasInstanceId\\": \\"sas-instance-xxxxx\\",\\n \\"CanBuy\\": true,\\n \\"EndTime\\": 1669823999000,\\n \\"DurationDays\\": 3,\\n \\"RdOrder\\": 1\\n },\\n \\"RequestId\\": \\"81D8EC0C-0804-51AD-8C38-17ED0BC74892\\"\\n}","type":"json"}]', 'title' => '查看阿里云用户威胁分析购买情况', ], 'ListProjectLogStores' => [ 'summary' => '根据云产品默认的sls project名字的pattern， logstore名字的pattern查找是否存在对应的project和logstore。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'http', 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'list', 'riskType' => 'none', 'chargeType' => 'free', ], 'parameters' => [ [ 'name' => 'SourceProdCode', 'in' => 'formData', 'schema' => [ 'title' => '待查询的产品code。', 'description' => '待查询的产品code。', 'type' => 'string', 'required' => true, 'example' => 'sas', ], ], [ 'name' => 'SourceLogCode', 'in' => 'formData', 'schema' => [ 'title' => '待查询的日志code。', 'description' => '待查询的日志code。', 'type' => 'string', 'required' => true, 'example' => 'cloud_siem_aegis_proc', ], ], [ 'name' => 'SubUserId', 'in' => 'formData', 'schema' => [ 'title' => '待查询云账号ID。', 'description' => '待查询阿里云账号ID。', 'type' => 'integer', 'format' => 'int64', 'required' => true, 'example' => '123XXXXXXXX', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'CloudSiemSuccessResponse>', 'description' => 'CloudSiemSuccessResponse>', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '返回结果。', 'type' => 'array', 'items' => [ 'description' => '返回结果。', 'type' => 'object', 'properties' => [ 'Project' => [ 'title' => 'sls的project名字。', 'description' => 'sls的project名字。', 'type' => 'string', 'example' => 'cloud-siem-project', ], 'LogStore' => [ 'title' => 'sls的logstore名字。', 'description' => 'sls的logstore名字。', 'type' => 'string', 'example' => 'cloud-siem-logstore', ], 'EndPoint' => [ 'title' => 'sls的project的endpoint。', 'description' => 'sls的project的endpoint。', 'type' => 'string', 'example' => 'cn-hangzhou.log.aliyuncs.com', ], 'RegionId' => [ 'title' => 'sls的project所在的region。', 'description' => 'sls的project所在的region。', 'type' => 'string', 'example' => 'cn-hangzhou', ], 'LocalName' => [ 'title' => 'sls的project所在的region名字。', 'description' => 'sls的project所在的region名字。', 'type' => 'string', 'example' => 'hangzhou', ], 'MainUserId' => [ 'title' => '购买威胁分析的阿里云账号ID。', 'description' => '购买威胁分析的阿里云账号ID。', 'type' => 'integer', 'format' => 'int64', 'example' => '123XXXXXXXXX', ], 'SubUserId' => [ 'title' => '威胁分析阿里云账号ID。', 'description' => '待操作的威胁分析阿里云账号ID。', 'type' => 'integer', 'format' => 'int64', 'example' => '123XXXXXXXX', ], 'SubUserName' => [ 'title' => '威胁分析阿里云账号名字。', 'description' => '威胁分析阿里云账号名字。', 'type' => 'string', 'example' => 'sas_account_xxxx', ], ], ], ], 'RequestId' => [ 'title' => '请求消息ID。', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorCode' => 'InternalError', 'errorMessage' => 'The request processing has failed due to some unknown error.', ], ], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"Project\\": \\"cloud-siem-project\\",\\n \\"LogStore\\": \\"cloud-siem-logstore\\",\\n \\"EndPoint\\": \\"cn-hangzhou.log.aliyuncs.com\\",\\n \\"RegionId\\": \\"cn-hangzhou\\",\\n \\"LocalName\\": \\"hangzhou\\",\\n \\"MainUserId\\": 0,\\n \\"SubUserId\\": 0,\\n \\"SubUserName\\": \\"sas_account_xxxx\\"\\n }\\n ],\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', 'title' => '自动查找SLS的LogStore信息', ], 'ModifyDataSource' => [ 'summary' => '修改已经添加的数据源描述信息。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'http', 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'update', 'riskType' => 'none', 'chargeType' => 'free', ], 'parameters' => [ [ 'name' => 'AccountId', 'in' => 'formData', 'schema' => [ 'title' => '云账号ID。', 'description' => '云账号ID。', 'type' => 'string', 'required' => false, 'example' => '123xxxxxx', ], ], [ 'name' => 'DataSourceType', 'in' => 'formData', 'schema' => [ 'title' => '数据源类型。', 'description' => '数据源类型。取值：'."\n" .'- ckafka：腾讯云ckafka。'."\n" .'- obs：华为云obs。'."\n" .'- wafApi：腾讯云waf攻击日志下载API。', 'type' => 'string', 'required' => true, 'example' => 'obs', ], ], [ 'name' => 'DataSourceInstanceId', 'in' => 'formData', 'schema' => [ 'title' => '数据源ID，由威胁分析根据具体参数计算md5生成。', 'description' => '数据源ID，由威胁分析根据具体参数计算md5生成。'."\n" .'可调用[DescribeDataSourceInstance](https://api.aliyun-inc.com/#/publishment/document/cloud-siem/863fdf54478f4cc5877e27c2a5fe9e44?tenantUuid=f382fccd88b94c5c8c864def6815b854&activeTabKey=api|DescribeDataSourceInstance)获取数据源ID。', 'type' => 'string', 'required' => true, 'example' => '220ba97c9d1fdb0b9c7e8c7ca328d7ea', ], ], [ 'name' => 'DataSourceInstanceName', 'in' => 'formData', 'schema' => [ 'title' => '数据源名称。', 'description' => '数据源名称。', 'type' => 'string', 'required' => false, 'example' => 'beijing_waf_kafka', ], ], [ 'name' => 'DataSourceInstanceRemark', 'in' => 'formData', 'schema' => [ 'title' => '数据源备注。', 'description' => '数据源备注。', 'type' => 'string', 'required' => false, 'example' => 'waf_alert_log', ], ], [ 'name' => 'DataSourceInstanceParams', 'in' => 'formData', 'schema' => [ 'title' => '数据源参数，json数组格式。', 'description' => '数据源参数，json数组格式。', 'type' => 'string', 'required' => false, 'example' => '[{"paraCode":"region_code","paraValue":"ap-guangzhou"}]', ], ], [ 'name' => 'CloudCode', 'in' => 'formData', 'schema' => [ 'title' => '多云的code。', 'description' => '多云的code。取值：'."\n" .'- qcloud：腾讯云。'."\n" .'- aliyun：阿里云。'."\n" .'- hcloud：华为云。', 'type' => 'string', 'required' => true, 'example' => 'hcloud', 'enum' => [ 'qcloud', 'hcloud', 'aliyun', ], ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'CloudSiemSuccessResponse', 'description' => 'CloudSiemSuccessResponse', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'object', 'properties' => [ 'Count' => [ 'title' => '修改数据源的数量，等于1表示成功，小于等于0表示失败。', 'description' => '修改数据源的数量，等于1表示成功，小于等于0表示失败。', 'type' => 'integer', 'format' => 'int32', 'example' => '1', ], 'DataSourceInstanceId' => [ 'title' => '数据源ID，由威胁分析根据具体参数计算md5生成。', 'description' => '数据源ID，由威胁分析根据具体参数计算md5生成。', 'type' => 'string', 'example' => '220ba97c9d1fdb0b9c7e8c7ca328d7ea', ], ], ], 'RequestId' => [ 'title' => '请求消息ID。', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorCode' => 'InternalError', 'errorMessage' => 'The request processing has failed due to some unknown error.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"Count\\": 1,\\n \\"DataSourceInstanceId\\": \\"220ba97c9d1fdb0b9c7e8c7ca328d7ea\\"\\n },\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', 'title' => '修改数据源', ], 'ModifyDataSourceLog' => [ 'summary' => '修改数据源下添加的日志相关说明信息。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'http', 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'update', 'riskType' => 'none', 'chargeType' => 'free', ], 'parameters' => [ [ 'name' => 'LogCode', 'in' => 'formData', 'schema' => [ 'title' => '日志code。', 'description' => '日志code。', 'type' => 'string', 'required' => false, 'example' => 'cloud_siem_waf_xxxxx', ], ], [ 'name' => 'AccountId', 'in' => 'formData', 'schema' => [ 'title' => '云账号ID。', 'description' => '云账号ID。', 'type' => 'string', 'required' => false, 'example' => '123xxxxxxx', ], ], [ 'name' => 'DataSourceType', 'in' => 'formData', 'schema' => [ 'title' => '数据源类型。取值：'."\n" .' - obs：华为云obs。'."\n" .' - wafApi：腾讯云waf下载api。 '."\n" .' - ckafka： 腾讯云ckafka。', 'description' => '数据源类型。取值：'."\n" .' - obs：华为云obs。'."\n" .' - wafApi：腾讯云waf下载api。 '."\n" .' - ckafka： 腾讯云ckafka。', 'type' => 'string', 'required' => false, 'example' => 'obs', ], ], [ 'name' => 'DataSourceInstanceId', 'in' => 'formData', 'schema' => [ 'title' => '数据源ID，由威胁分析根据具体参数计算md5生成。', 'description' => '数据源ID，由威胁分析根据具体参数计算md5生成。'."\n" .'可调用[DescribeDataSourceInstance](~~2639736~~)获取数据源ID。', 'type' => 'string', 'required' => true, 'example' => 'ef33097c9d1fdb0b9c7e8c7ca320pkl1', ], ], [ 'name' => 'DataSourceInstanceLogs', 'in' => 'formData', 'schema' => [ 'title' => '数据源参数详情，json数组格式。', 'description' => '数据源参数详情，json数组格式。', 'type' => 'string', 'required' => true, 'example' => '[{"LogCode":"cloud_siem_qcloud_waf_alert_log","LogParas":"[{\\"ParaCode\\":\\"api_name\\",\\"ParaValue\\":\\"GetAttackDownloadRecords\\"}]"}]', ], ], [ 'name' => 'LogInstanceId', 'in' => 'formData', 'schema' => [ 'title' => '日志ID，由威胁分析根据具体参数计算md5生成。', 'description' => '日志ID，由威胁分析根据具体参数计算md5生成。可调用[ListDataSourceLogs](~~2639707~~)获取日志ID。', 'type' => 'string', 'required' => true, 'example' => 'ef33097c9d1fdb0b9c7e8c7ca320pkl1', ], ], [ 'name' => 'CloudCode', 'in' => 'formData', 'schema' => [ 'title' => '多云的code。', 'description' => '多云的code。取值：'."\n" .'- qcloud：腾讯云。'."\n" .'- aliyun：阿里云。'."\n" .'- hcloud：华为云。', 'type' => 'string', 'required' => true, 'example' => 'hcloud', 'enum' => [ 'qcloud', 'hcloud', 'aliyun', ], ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'CloudSiemSuccessResponse', 'description' => 'CloudSiemSuccessResponse', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'object', 'properties' => [ 'Count' => [ 'title' => '修改日志的数量，等于1表示成功，小于等于0表示失败。', 'description' => '修改日志的数量，等于1表示成功，小于等于0表示失败。', 'type' => 'integer', 'format' => 'int32', 'example' => '1', ], 'LogInstanceId' => [ 'title' => '日志的ID，由威胁分析根据具体参数计算md5生成。', 'description' => '日志的ID，由威胁分析根据具体参数计算md5生成。', 'type' => 'string', 'example' => '220ba97c9d1fdb0b9c7e8c7ca328d7ea', ], ], ], 'RequestId' => [ 'title' => '请求消息ID。', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorCode' => 'InternalError', 'errorMessage' => 'The request processing has failed due to some unknown error.', ], ], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"Count\\": 1,\\n \\"LogInstanceId\\": \\"220ba97c9d1fdb0b9c7e8c7ca328d7ea\\"\\n },\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', 'title' => '修改日志', ], 'ModifyBindAccount' => [ 'summary' => '修改已经绑定的云账号。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'http', 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'update', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeCode' => '194689', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'AccessId', 'in' => 'formData', 'schema' => [ 'title' => '云账号的AccessKeyId。', 'description' => '云账号的AccessKeyId。', 'type' => 'string', 'required' => false, 'example' => 'ABCXXXXXXXXX', ], ], [ 'name' => 'AccountName', 'in' => 'formData', 'schema' => [ 'title' => '多云账号名称。', 'description' => '多云账号名称。', 'type' => 'string', 'required' => false, 'example' => 'sas_account_xxx', ], ], [ 'name' => 'BindId', 'in' => 'formData', 'schema' => [ 'title' => '绑定记录ID。ListBindAccount接口返回的BindId。', 'description' => '绑定记录ID。ListBindAccount接口返回的BindId。', 'type' => 'integer', 'format' => 'int64', 'required' => true, 'example' => '123', ], ], [ 'name' => 'AccountId', 'in' => 'formData', 'schema' => [ 'title' => '云账号ID。', 'description' => '云账号ID。', 'type' => 'string', 'required' => true, 'example' => '123xxxxxxx', ], ], [ 'name' => 'CloudCode', 'in' => 'formData', 'schema' => [ 'title' => '多云的code。', 'description' => '多云的code。', 'type' => 'string', 'required' => true, 'example' => 'hcloud', 'enum' => [ 'qcloud', 'hcloud', ], ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'CloudSiemSuccessResponse', 'description' => 'CloudSiemSuccessResponse', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'object', 'properties' => [ 'Count' => [ 'title' => '修改账号绑定的数量，等于1表示成功，小于等于0表示失败。', 'description' => '修改账号绑定的数量，等于1表示成功，小于等于0表示失败。', 'type' => 'integer', 'format' => 'int32', 'example' => '1', ], ], ], 'RequestId' => [ 'title' => '请求消息ID。', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorCode' => 'InternalError', 'errorMessage' => 'The request processing has failed due to some unknown error.', ], ], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"Count\\": 1\\n },\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', 'title' => '修改已经绑定的云账号', ], 'ListImportedLogsByProd' => [ 'summary' => '查看该产品下日志接入详情。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'http', 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'list', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeCode' => '195548', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'ProdCode', 'in' => 'formData', 'schema' => [ 'title' => '产品的code。', 'description' => '产品的code。', 'type' => 'string', 'required' => true, 'example' => 'qcloud_waf', ], ], [ 'name' => 'CloudCode', 'in' => 'formData', 'schema' => [ 'title' => '多云的code。取值：'."\n" .' - hcloud：华为云。'."\n" .' - qcloud：腾讯云。 '."\n" .' - aliyun：阿里云。', 'description' => '多云的code。取值：'."\n" .'- qcloud：腾讯云。'."\n" .'- aliyun：阿里云。'."\n" .'- hcloud：华为云。', 'type' => 'string', 'required' => true, 'enumValueTitles' => [], 'example' => 'hcloud', 'enum' => [ 'qcloud', 'hcloud', 'aliyun', 'idc', ], ], ], [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'CloudSiemSuccessResponse>', 'description' => 'CloudSiemSuccessResponse>', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'array', 'items' => [ 'description' => '请求返回值。', 'type' => 'object', 'properties' => [ 'ProdCode' => [ 'title' => '日志对应的产品code。', 'description' => '日志对应的产品code。', 'type' => 'string', 'example' => 'qcloud_waf', ], 'LogCode' => [ 'title' => '日志code。', 'description' => '日志code。', 'type' => 'string', 'example' => 'cloud_siem_waf_xxxxx', ], 'LogMdsCode' => [ 'title' => '日志显示code。', 'description' => '日志显示code。', 'type' => 'string', 'example' => '${siem.prod. cloud_siem_waf_xxxxx}', ], 'ImportedUserCount' => [ 'title' => '已接入该日志的用户数量。', 'description' => '已接入该日志的用户数量。', 'type' => 'integer', 'format' => 'int32', 'example' => '2', ], 'UnImportedUserCount' => [ 'title' => '未接入该日志的用户数量。', 'description' => '未接入该日志的用户数量。', 'type' => 'integer', 'format' => 'int32', 'example' => '3', ], 'TotalUserCount' => [ 'title' => '该日志下总共的用户数量。', 'description' => '该日志下总共的用户数量。', 'type' => 'integer', 'format' => 'int32', 'example' => '5', ], 'ModifyTime' => [ 'title' => '日志最后接入时间。', 'description' => '日志最后接入时间。', 'type' => 'string', 'example' => '2023-11-23 12:30:00', ], 'Imported' => [ 'title' => '日志是否已经接入。取值：'."\n" .' - 1：已接入。 '."\n" .' - 0：未接入。', 'description' => '日志是否已经接入。取值：'."\n" .' - 1：已接入。 '."\n" .' - 0：未接入。', 'type' => 'integer', 'format' => 'int32', 'example' => '2023-11-23 12:30:00', ], 'AutoImported' => [ 'title' => '新增账号是否自动接入。取值：'."\n" .' - 1：自动接入。 '."\n" .' - 0：不自动接入。', 'description' => '新增账号是否自动接入。取值：'."\n" .' - 1：自动接入。 '."\n" .' - 0：不自动接入。', 'type' => 'integer', 'format' => 'int32', 'example' => '2023-11-23 12:30:00', ], 'LogType' => [ 'title' => '日志类型。取值：'."\n" .' - 1：中心侧接入。 '."\n" .' - 2：预定义日志服务。 '."\n" .' -3：自定义日志服务', 'description' => '日志类型。取值：'."\n" .' - 1：中心侧接入。 '."\n" .' - 2：预定义日志服务。 '."\n" .' -3：自定义日志服务', 'type' => 'integer', 'format' => 'int32', 'example' => '2023-11-23 12:30:00', ], 'CloudCode' => [ 'title' => '多云的code。', 'description' => '多云的code。取值：'."\n" .'- qcloud：腾讯云。'."\n" .'- aliyun：阿里云。'."\n" .'- hcloud：华为云。', 'type' => 'string', 'example' => 'hcloud', 'enum' => [ 'qcloud', 'hcloud', 'aliyun', ], ], ], ], ], 'RequestId' => [ 'title' => '请求消息ID。', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorCode' => 'InternalError', 'errorMessage' => 'The request processing has failed due to some unknown error.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"ProdCode\\": \\"qcloud_waf\\",\\n \\"LogCode\\": \\"cloud_siem_waf_xxxxx\\",\\n \\"LogMdsCode\\": \\"${siem.prod. cloud_siem_waf_xxxxx}\\",\\n \\"ImportedUserCount\\": 2,\\n \\"UnImportedUserCount\\": 3,\\n \\"TotalUserCount\\": 5,\\n \\"ModifyTime\\": \\"2023-11-23 12:30:00\\",\\n \\"Imported\\": 0,\\n \\"AutoImported\\": 0,\\n \\"LogType\\": 0,\\n \\"CloudCode\\": \\"hcloud\\"\\n }\\n ],\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', 'title' => '查看该产品下日志接入详情', ], 'ListDataSourceTypes' => [ 'summary' => '枚举目前威胁分析支持的多云接入数据源类型。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'http', 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'list', 'riskType' => 'none', 'chargeType' => 'free', ], 'parameters' => [ [ 'name' => 'CloudCode', 'in' => 'formData', 'schema' => [ 'title' => '多云的code。', 'description' => '多云的code。', 'type' => 'string', 'required' => true, 'example' => 'hcloud', 'enum' => [ 'qcloud', 'hcloud', ], ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'CloudSiemSuccessResponse>', 'description' => 'CloudSiemSuccessResponse>', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'array', 'items' => [ 'type' => 'object', 'properties' => [ 'DataSourceType' => [ 'title' => '数据源类型。取值：'."\n" .' - obs：华为云obs。'."\n" .' - wafApi：腾讯云waf下载api。 '."\n" .' - ckafka： 腾讯云ckafka。', 'description' => '数据源类型。取值：'."\n" .' - obs：华为云obs。'."\n" .' - wafApi：腾讯云waf下载api。 '."\n" .' - ckafka： 腾讯云ckafka。', 'type' => 'string', 'example' => 'obs', ], 'CloudCode' => [ 'title' => '多云的code。', 'description' => '多云的code。', 'type' => 'string', 'example' => 'hcloud', 'enum' => [ 'qcloud', 'hcloud', ], ], ], ], ], 'RequestId' => [ 'title' => '请求消息ID。', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'IllegalParameter', 'errorMessage' => 'The specified parameter %s is not valid, only support %s', ], ], 500 => [ [ 'errorCode' => 'InternalError', 'errorMessage' => 'The request processing has failed due to some unknown error.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"DataSourceType\\": \\"obs\\",\\n \\"CloudCode\\": \\"hcloud\\"\\n }\\n ],\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', 'title' => '枚举数据源类型', ], 'ListDataSourceLogs' => [ 'summary' => '查看数据源下的日志列表。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'http', 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'list', 'riskType' => 'none', 'chargeType' => 'free', ], 'parameters' => [ [ 'name' => 'DataSourceInstanceId', 'in' => 'formData', 'schema' => [ 'title' => '数据源ID，由威胁分析根据具体参数计算md5生成。', 'description' => '数据源ID，由威胁分析根据具体参数计算md5生成。', 'type' => 'string', 'required' => true, 'example' => '220ba97c9d1fdb0b9c7e8c7ca328d7ea', ], ], [ 'name' => 'AccountId', 'in' => 'formData', 'schema' => [ 'title' => '云账号ID。', 'description' => '云账号ID。', 'type' => 'string', 'required' => true, 'example' => '123xxxxxx', ], ], [ 'name' => 'CloudCode', 'in' => 'formData', 'schema' => [ 'title' => '多云的code。', 'description' => '多云的code。取值：'."\n" .'- qcloud：腾讯云。'."\n" .'- aliyun：阿里云。'."\n" .'- hcloud：华为云。', 'type' => 'string', 'required' => true, 'enumValueTitles' => [], 'example' => 'hcloud', 'enum' => [ 'qcloud', 'hcloud', 'aliyun', ], ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'CloudSiemSuccessResponse', 'description' => 'CloudSiemSuccessResponse', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'object', 'properties' => [ 'SubUserId' => [ 'title' => '日志对应的阿里云账号ID。', 'description' => '日志对应的阿里云账号ID。', 'type' => 'integer', 'format' => 'int64', 'example' => '123XXXXXXXX', ], 'DataSourceInstanceId' => [ 'title' => '数据源ID，由威胁分析根据具体参数计算md5生成。', 'description' => '数据源ID，由威胁分析根据具体参数计算md5生成。', 'type' => 'string', 'example' => '220ba97c9d1fdb0b9c7e8c7ca328d7ea', ], 'DataSourceInstanceName' => [ 'title' => '数据源名称。', 'description' => '数据源名称。', 'type' => 'string', 'example' => 'waf kafka', ], 'DataSourceInstanceRemark' => [ 'title' => '数据源备注。', 'description' => '数据源备注。', 'type' => 'string', 'example' => 'waf kafka', ], 'DataSourceInstanceLogs' => [ 'title' => '该数据源下日志列表。', 'description' => '该数据源下日志列表。', 'type' => 'array', 'items' => [ 'type' => 'object', 'properties' => [ 'LogInstanceId' => [ 'title' => '日志的ID，由威胁分析根据具体参数计算md5生成。', 'description' => '日志的ID，由威胁分析根据具体参数计算md5生成。', 'type' => 'string', 'example' => '220ba97c9d1fdb0b9c7e8c7ca328d7ea', ], 'LogCode' => [ 'title' => '日志code。', 'description' => '日志code。', 'type' => 'string', 'example' => 'cloud_siem_waf_xxxxx', ], 'LogMdsCode' => [ 'title' => '日志显示code。', 'description' => '日志显示code。', 'type' => 'string', 'example' => '${siem.prod.cloud_siem_waf_xxxxx}', ], 'LogParams' => [ 'title' => '日志详细参数列表。', 'description' => '日志详细参数列表。', 'type' => 'array', 'items' => [ 'description' => '日志参数', 'type' => 'object', 'properties' => [ 'ParaCode' => [ 'title' => '日志参数code。', 'description' => '日志参数code。', 'type' => 'string', 'example' => 'region_code', ], 'ParaValue' => [ 'title' => '日志参数值。', 'description' => '日志参数值。', 'type' => 'string', 'example' => 'ap-guangzhou', ], ], ], ], 'TaskStatus' => [ 'title' => '日志对应的接入任务状态。取值：'."\n" .' - 1：已接入。 '."\n" .' - 0：未接入。', 'description' => '日志对应的接入任务状态。取值：'."\n" .' - 1：已接入。 '."\n" .' - 0：未接入。', 'type' => 'integer', 'format' => 'int32', 'example' => '1', ], ], ], ], 'AccountId' => [ 'title' => '云账号ID。', 'description' => '云账号ID。', 'type' => 'string', 'example' => '123xxxxxxx', ], 'CloudCode' => [ 'title' => '多云的code。', 'description' => '多云的code。取值：'."\n" .'- qcloud：腾讯云。'."\n" .'- aliyun：阿里云。'."\n" .'- hcloud：华为云', 'type' => 'string', 'example' => 'hcloud', 'enum' => [ 'qcloud', 'hcloud', ], ], ], ], 'RequestId' => [ 'title' => '请求消息ID。', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorCode' => 'InternalError', 'errorMessage' => 'The request processing has failed due to some unknown error.', ], ], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"SubUserId\\": 0,\\n \\"DataSourceInstanceId\\": \\"220ba97c9d1fdb0b9c7e8c7ca328d7ea\\",\\n \\"DataSourceInstanceName\\": \\"waf kafka\\",\\n \\"DataSourceInstanceRemark\\": \\"waf kafka\\",\\n \\"DataSourceInstanceLogs\\": [\\n {\\n \\"LogInstanceId\\": \\"220ba97c9d1fdb0b9c7e8c7ca328d7ea\\",\\n \\"LogCode\\": \\"cloud_siem_waf_xxxxx\\",\\n \\"LogMdsCode\\": \\"${siem.prod.cloud_siem_waf_xxxxx}\\",\\n \\"LogParams\\": [\\n {\\n \\"ParaCode\\": \\"region_code\\",\\n \\"ParaValue\\": \\"ap-guangzhou\\"\\n }\\n ],\\n \\"TaskStatus\\": 1\\n }\\n ],\\n \\"AccountId\\": \\"123xxxxxxx\\",\\n \\"CloudCode\\": \\"hcloud\\"\\n },\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', 'title' => '查看数据源下的日志列表', ], 'ListBindDataSources' => [ 'summary' => '枚举所有数据源。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'http', 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'list', 'riskType' => 'none', 'chargeType' => 'free', ], 'parameters' => [ [ 'name' => 'AccountId', 'in' => 'formData', 'schema' => [ 'title' => '云账号ID。', 'description' => '云账号ID。', 'type' => 'string', 'required' => true, 'example' => '123xxxxxxx', ], ], [ 'name' => 'CloudCode', 'in' => 'formData', 'schema' => [ 'title' => '多云的code。', 'description' => '多云的code。', 'type' => 'string', 'required' => true, 'example' => 'hcloud', 'enum' => [ 'qcloud', 'hcloud', 'aliyun', ], ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'CloudSiemSuccessResponse>', 'description' => 'CloudSiemSuccessResponse>', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'array', 'items' => [ 'type' => 'object', 'properties' => [ 'AccountName' => [ 'title' => '多云账号名称。', 'description' => '多云账号名称。', 'type' => 'string', 'example' => 'sas_tq_account_xxxx', ], 'DataSourceInstanceId' => [ 'title' => '数据源ID，由威胁分析根据具体参数计算md5生成。', 'description' => '数据源ID，由威胁分析根据具体参数计算md5生成。', 'type' => 'string', 'example' => '220ba97c9d1fdb0b9c7e8c7ca328d7ea', ], 'DataSourceType' => [ 'title' => '数据源类型。取值：'."\n" .' - obs：华为云obs。'."\n" .' - wafApi：腾讯云waf下载api。 '."\n" .' - ckafka： 腾讯云ckafka。', 'description' => '数据源类型。取值：'."\n" .' - obs：华为云obs。'."\n" .' - wafApi：腾讯云waf下载api。 '."\n" .' - ckafka： 腾讯云ckafka。', 'type' => 'string', 'example' => 'obs', ], 'DataSourceName' => [ 'title' => '数据源名称。', 'description' => '数据源名称。', 'type' => 'string', 'example' => 'waf_kafka', ], 'DataSourceRemark' => [ 'title' => '数据源备注。', 'description' => '数据源备注。', 'type' => 'string', 'example' => 'waf_kafka', ], 'LogCount' => [ 'title' => '该数据源下已添加的日志的数量。', 'description' => '该数据源下已添加的日志的数量。', 'type' => 'integer', 'format' => 'int32', 'example' => '1', ], 'TaskCount' => [ 'title' => '该数据源下已创建的日志接入任务的数量。', 'description' => '该数据源下已创建的日志接入任务的数量。', 'type' => 'integer', 'format' => 'int32', 'example' => '0', ], 'AccountId' => [ 'title' => '云账号ID。', 'description' => '云账号ID。', 'type' => 'string', 'example' => '123xxxxxxx', ], 'CloudCode' => [ 'title' => '多云的code。', 'description' => '多云的code。取值：'."\n" .'- qcloud：腾讯云。'."\n" .'- aliyun：阿里云。'."\n" .'- hcloud：华为云。', 'type' => 'string', 'example' => 'hcloud', 'enum' => [ 'qcloud', 'hcloud', ], ], ], ], ], 'RequestId' => [ 'title' => '请求消息ID。', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorCode' => 'InternalError', 'errorMessage' => 'The request processing has failed due to some unknown error.', ], ], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"AccountName\\": \\"sas_tq_account_xxxx\\",\\n \\"DataSourceInstanceId\\": \\"220ba97c9d1fdb0b9c7e8c7ca328d7ea\\",\\n \\"DataSourceType\\": \\"obs\\",\\n \\"DataSourceName\\": \\"waf_kafka\\",\\n \\"DataSourceRemark\\": \\"waf_kafka\\",\\n \\"LogCount\\": 1,\\n \\"TaskCount\\": 0,\\n \\"AccountId\\": \\"123xxxxxxx\\",\\n \\"CloudCode\\": \\"hcloud\\"\\n }\\n ],\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', 'title' => '枚举所有数据源', ], 'ListAllProds' => [ 'summary' => '查看当前威胁分析已经支持的数据接入的云产品列表。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'http', 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'list', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeCode' => '195975', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'CloudSiemSuccessResponse', 'description' => 'CloudSiemSuccessResponse', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'object', 'properties' => [ 'TotalCount' => [ 'title' => '日志总数。', 'description' => '日志总数。', 'type' => 'integer', 'format' => 'int32', 'example' => '19', ], 'PageSize' => [ 'title' => '每页的大小。', 'description' => '每页的大小。', 'type' => 'integer', 'format' => 'int32', 'example' => '10', ], 'CurrentPage' => [ 'title' => '当前页。', 'description' => '当前页。', 'type' => 'integer', 'format' => 'int32', 'example' => '1', ], 'ProdList' => [ 'title' => '产品列表。', 'description' => '产品列表。', 'type' => 'array', 'items' => [ 'type' => 'object', 'properties' => [ 'ProdCode' => [ 'title' => '产品code。', 'description' => '产品code。', 'type' => 'string', 'example' => 'sas', ], 'TotalLogCount' => [ 'title' => '该产品下总共的日志数量。', 'description' => '该产品下总共的日志数量。', 'type' => 'integer', 'format' => 'int32', 'example' => '19', ], 'ImportedLogCount' => [ 'title' => '该产品下已经接入的日志数量。', 'description' => '该产品下已经接入的日志数量。', 'type' => 'integer', 'format' => 'int32', 'example' => '10', ], 'ModifyTime' => [ 'title' => '该产品下日志最近接入时间。', 'description' => '该产品下日志最近接入时间。', 'type' => 'string', 'example' => '2023-11-23 12:12:12', ], 'CloudCode' => [ 'title' => '多云的code。', 'description' => '多云的code。取值：'."\n" .'- qcloud：腾讯云。'."\n" .'- aliyun：阿里云。'."\n" .'- hcloud：华为云。', 'type' => 'string', 'example' => 'hcloud', 'enum' => [ 'qcloud', 'hcloud', 'aliyun', ], ], ], ], 'example' => '1', ], ], ], 'RequestId' => [ 'title' => '请求消息ID。', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorCode' => 'InternalError', 'errorMessage' => 'The request processing has failed due to some unknown error.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"TotalCount\\": 19,\\n \\"PageSize\\": 10,\\n \\"CurrentPage\\": 1,\\n \\"ProdList\\": [\\n {\\n \\"ProdCode\\": \\"sas\\",\\n \\"TotalLogCount\\": 19,\\n \\"ImportedLogCount\\": 10,\\n \\"ModifyTime\\": \\"2023-11-23 12:12:12\\",\\n \\"CloudCode\\": \\"hcloud\\"\\n }\\n ]\\n },\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', 'title' => '查看云产品列表', ], 'EnableServiceForCloudSiem' => [ 'summary' => '为威胁分析开通资源目录授权，需要使用资源目录管理员调用。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'http', 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'create', 'riskType' => 'none', 'chargeType' => 'free', ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'CloudSiemSuccessResponse', 'description' => 'CloudSiemSuccessResponse', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。取值：'."\n" .'- true：开通成功。'."\n" .'- false：开通失败。', 'type' => 'boolean', 'example' => 'true', ], 'RequestId' => [ 'title' => '请求消息ID。', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorCode' => 'InternalError', 'errorMessage' => 'The request processing has failed due to some unknown error.', ], ], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": true,\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', 'title' => '开通资源目录权限', ], 'EnableAccessForCloudSiem' => [ 'summary' => '用户授权接口，点击将创建威胁分析角色AliyunServiceRoleForSasCloudSiem。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'http', 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'readAndWrite', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'create', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeCode' => '158612', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'AutoSubmit', 'in' => 'formData', 'schema' => [ 'description' => '是否自动接入云安全中心、Web应用防火墙、云防火墙的告警日志，默认自动接入。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'CloudSiemSuccessResponse', 'description' => 'CloudSiemSuccessResponse', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'boolean', 'example' => 'true', ], 'RequestId' => [ 'title' => '请求消息ID。', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorCode' => 'InternalError', 'errorMessage' => 'The request processing has failed due to some unknown error.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": true,\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', 'title' => '创建威胁分析SLR', ], 'DescribeServiceStatus' => [ 'summary' => '查看资源目录是否已给威胁分析授权。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'http', 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'CloudSiemSuccessResponse', 'description' => 'CloudSiemSuccessResponse', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。'."\n" .'- true：已经开通权限。'."\n" .'- false：未开通权限。', 'type' => 'boolean', 'example' => 'true', ], 'RequestId' => [ 'title' => '请求消息ID。', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorCode' => 'InternalError', 'errorMessage' => 'The request processing has failed due to some unknown error.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": true,\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', 'title' => '查看资源目录是否已给威胁分析授权', ], 'DescribeProdCount' => [ 'summary' => '查看阿里云、腾讯云、华为云已经支持接入到威胁分析的云产品数量。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'http', 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeCode' => '195547', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'title' => '0，单账号登录；1，全局视图；2，切换视图；3，局部视图', 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'CloudSiemSuccessResponse', 'description' => 'CloudSiemSuccessResponse', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'object', 'properties' => [ 'AliyunProdCount' => [ 'title' => '阿里云产品的数量。', 'description' => '阿里云产品的数量。', 'type' => 'integer', 'format' => 'int32', 'example' => '19', ], 'HcloudProdCount' => [ 'title' => '华为云产品的数量。', 'description' => '华为云产品的数量。', 'type' => 'integer', 'format' => 'int32', 'example' => '2', ], 'QcloudProdCount' => [ 'title' => '腾讯云产品的数量。', 'description' => '腾讯云产品的数量。', 'type' => 'integer', 'format' => 'int32', 'example' => '2', ], 'IdcProdCount' => [ 'title' => 'IDC产品的数量。', 'description' => 'IDC产品的数量。', 'type' => 'integer', 'format' => 'int32', 'example' => '2', ], 'AliyunImportedCount' => [ 'description' => '阿里云产品自动接入的数量。', 'type' => 'integer', 'format' => 'int32', 'example' => '2', ], 'HcloudImportedCount' => [ 'description' => '华为云自动接入产品的数量。', 'type' => 'integer', 'format' => 'int32', 'example' => '2', ], 'QcloudImportedCount' => [ 'description' => '腾讯云产品自动接入的数量。', 'type' => 'integer', 'format' => 'int32', 'example' => '2', ], 'IdcImportedCount' => [ 'description' => 'IDC产品自动接入的数量。', 'type' => 'integer', 'format' => 'int32', 'example' => '2', ], ], ], 'RequestId' => [ 'title' => '请求消息ID。', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorCode' => 'InternalError', 'errorMessage' => 'The request processing has failed due to some unknown error.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"AliyunProdCount\\": 19,\\n \\"HcloudProdCount\\": 2,\\n \\"QcloudProdCount\\": 2,\\n \\"IdcProdCount\\": 2,\\n \\"AliyunImportedCount\\": 2,\\n \\"HcloudImportedCount\\": 2,\\n \\"QcloudImportedCount\\": 2,\\n \\"IdcImportedCount\\": 2\\n },\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', 'title' => '查看多云产品数量', ], 'DescribeImportedLogCount' => [ 'summary' => '查看接入日志的数量。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'http', 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeCode' => '195544', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'string', 'required' => false, 'example' => '1', 'pattern' => '^\\d+$', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'string', 'required' => false, 'example' => '113091674488****', 'pattern' => '^\\d+$', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'CloudSiemSuccessResponse', 'description' => 'CloudSiemSuccessResponse', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'object', 'properties' => [ 'TotalLogCount' => [ 'title' => '日志总数。', 'description' => '日志总数。', 'type' => 'integer', 'format' => 'int32', 'example' => '59', ], 'ImportedLogCount' => [ 'title' => '已接入的日志的数量。', 'description' => '已接入的日志的数量。', 'type' => 'integer', 'format' => 'int32', 'example' => '10', ], 'UnImportedLogCount' => [ 'title' => '未接入的日志的数量。', 'description' => '未接入的日志的数量。', 'type' => 'integer', 'format' => 'int32', 'example' => '49', ], ], ], 'RequestId' => [ 'title' => '请求消息ID。', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorCode' => 'InternalError', 'errorMessage' => 'The request processing has failed due to some unknown error.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"TotalLogCount\\": 59,\\n \\"ImportedLogCount\\": 10,\\n \\"UnImportedLogCount\\": 49\\n },\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', 'title' => '查看接入日志的数量', ], 'DescribeDataSourceParameters' => [ 'summary' => '获取数据源参数详情。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'http', 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', ], 'parameters' => [ [ 'name' => 'DataSourceType', 'in' => 'formData', 'schema' => [ 'title' => '接入的数据源类型。 取值: '."\n" .' - ckafka：腾讯云ckafka。 '."\n" .' - obs：华为云obs。 '."\n" .' - wafApi：腾讯云waf攻击日志下载api。 ', 'description' => '接入的数据源类型。取值：'."\n" .' - **ckafka**：腾讯云ckafka。 '."\n" .' - **obs**：华为云obs。 '."\n" .' - **wafApi**：腾讯云waf攻击日志下载api。', 'type' => 'string', 'required' => true, 'example' => 'obs', ], ], [ 'name' => 'CloudCode', 'in' => 'formData', 'schema' => [ 'title' => '多云的code。', 'description' => '多云的code。', 'type' => 'string', 'required' => true, 'example' => 'hcloud', 'enum' => [ 'qcloud', 'hcloud', 'aliyun', ], ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'CloudSiemSuccessResponse>', 'description' => 'CloudSiemSuccessResponse>', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'array', 'items' => [ 'description' => '请求返回值。', 'type' => 'object', 'properties' => [ 'DataSourceType' => [ 'title' => '数据源类型。取值：'."\n" .' - obs：华为云obs。'."\n" .' - wafApi：腾讯云waf下载api。 '."\n" .' - ckafka： 腾讯云ckafka。', 'description' => '数据源类型。取值：'."\n" .' - **obs**：华为云obs。'."\n" .' - **wafApi**：腾讯云waf下载api。 '."\n" .' - **ckafka**： 腾讯云ckafka。', 'type' => 'string', 'example' => 'obs', ], 'ParaLevel' => [ 'title' => '参数级别。取值：'."\n" .' - 1：数据源参数。'."\n" .'- 2：日志参数。', 'description' => '参数级别。取值：'."\n" .' - **1**：数据源参数。'."\n" .'- **2**：日志参数。', 'type' => 'integer', 'format' => 'int32', 'example' => '1', ], 'ParaCode' => [ 'title' => '参数code。', 'description' => '参数code。', 'type' => 'string', 'example' => 'region_code', ], 'ParaName' => [ 'title' => '参数名字。', 'description' => '参数名字。', 'type' => 'string', 'example' => 'region local', ], 'ParaType' => [ 'title' => '参数类型。', 'description' => '参数类型。', 'type' => 'string', 'example' => 'string', ], 'Required' => [ 'title' => '是否必选参数。取值：'."\n" .' - 1：必选。'."\n" .' - 0：非必选。', 'description' => '是否必选参数。取值：'."\n" .' - **1**：必选。'."\n" .' - **0**：非必选。', 'type' => 'integer', 'format' => 'int32', 'example' => 'string', ], 'FormatCheck' => [ 'title' => '格式校验方式。', 'description' => '格式校验方式。', 'type' => 'string', 'example' => 'email', ], 'Title' => [ 'title' => '参数值提示。', 'description' => '参数值提示。', 'type' => 'string', 'example' => 'obs bucket name', ], 'Hit' => [ 'title' => '更多说明。', 'description' => '更多说明。', 'type' => 'string', 'example' => 'obs docment', ], 'DefaultValue' => [ 'title' => '默认参数值。', 'description' => '默认参数值。', 'type' => 'string', 'example' => 'wafApi', ], 'Disabled' => [ 'title' => '是否禁止修改。取值：'."\n" .' - true：禁止修改。 '."\n" .' - false：可以修改。', 'description' => '是否禁止修改。取值：'."\n" .' - **true**：禁止修改。 '."\n" .' - **false**：可以修改。', 'type' => 'boolean', 'example' => 'wafApi', ], 'CanEditted' => [ 'title' => '是否可编辑。取值：'."\n" .' - 0：禁止修改。 '."\n" .' - 1：可以修改。', 'description' => '是否可编辑。取值：'."\n" .' - **0**：禁止修改。 '."\n" .' - **1**：可以修改。', 'type' => 'integer', 'format' => 'int32', 'example' => 'wafApi', ], 'ParamValue' => [ 'title' => '具体的参数列表。', 'description' => '具体的参数列表。', 'type' => 'array', 'items' => [ 'description' => '参数值。', 'type' => 'object', 'properties' => [ 'Label' => [ 'title' => '展示内容。', 'description' => '展示内容。', 'type' => 'string', 'example' => 'guangzhou', ], 'Value' => [ 'title' => '实际的参数内容。', 'description' => '实际的参数内容。', 'type' => 'string', 'example' => 'ap-guangzhou', ], ], ], ], 'CloudCode' => [ 'title' => '多云的code。', 'description' => '多云的code。取值：'."\n" .'- **qcloud**：腾讯云。'."\n" .'- **aliyun**：阿里云。'."\n" .'- **hcloud**：华为云。', 'type' => 'string', 'example' => 'hcloud', 'enum' => [ 'qcloud', 'hcloud', ], ], ], ], ], 'RequestId' => [ 'title' => '请求消息ID。', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorCode' => 'InternalError', 'errorMessage' => 'The request processing has failed due to some unknown error.', ], ], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"DataSourceType\\": \\"obs\\",\\n \\"ParaLevel\\": 1,\\n \\"ParaCode\\": \\"region_code\\",\\n \\"ParaName\\": \\"region local\\",\\n \\"ParaType\\": \\"string\\",\\n \\"Required\\": 0,\\n \\"FormatCheck\\": \\"email\\",\\n \\"Title\\": \\"obs bucket name\\",\\n \\"Hit\\": \\"obs docment\\",\\n \\"DefaultValue\\": \\"wafApi\\",\\n \\"Disabled\\": true,\\n \\"CanEditted\\": 0,\\n \\"ParamValue\\": [\\n {\\n \\"Label\\": \\"guangzhou\\",\\n \\"Value\\": \\"ap-guangzhou\\"\\n }\\n ],\\n \\"CloudCode\\": \\"hcloud\\"\\n }\\n ],\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', 'title' => '获取数据源参数详情', ], 'DescribeDataSourceInstance' => [ 'summary' => '查看数据源详情。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'http', 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', ], 'parameters' => [ [ 'name' => 'DataSourceInstanceId', 'in' => 'formData', 'schema' => [ 'title' => '数据源ID，由威胁分析根据具体参数计算md5生成。', 'description' => '数据源ID，由威胁分析根据具体参数计算md5生成。可调用[ListDataSourceLogs](https://api.aliyun-inc.com/#/publishment/document/cloud-siem/863fdf54478f4cc5877e27c2a5fe9e44?tenantUuid=f382fccd88b94c5c8c864def6815b854&activeTabKey=api|ListDataSourceLogs)获取数据源ID。', 'type' => 'string', 'required' => true, 'example' => '220ba97c9d1fdb0b9c7e8c7ca328d7ea', ], ], [ 'name' => 'AccountId', 'in' => 'formData', 'schema' => [ 'title' => '云账号ID。', 'description' => '云账号ID。', 'type' => 'string', 'required' => true, 'example' => '123xxxxxxx', ], ], [ 'name' => 'CloudCode', 'in' => 'formData', 'schema' => [ 'title' => '多云的code。', 'description' => '多云的code。取值：'."\n" .'- qcloud：腾讯云。'."\n" .'- aliyun：阿里云。'."\n" .'- hcloud：华为云。', 'type' => 'string', 'required' => true, 'example' => 'hcloud', 'enum' => [ 'qcloud', 'hcloud', 'aliyun', ], ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'CloudSiemSuccessResponse', 'description' => 'CloudSiemSuccessResponse', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'object', 'properties' => [ 'DataSourceInstanceId' => [ 'title' => '数据源ID，由威胁分析根据具体参数计算md5生成。', 'description' => '数据源ID，由威胁分析根据具体参数计算md5生成。', 'type' => 'string', 'example' => '220ba97c9d1fdb0b9c7e8c7ca328d7ea', ], 'DataSourceInstanceParams' => [ 'title' => '数据源的详细参数列表。', 'description' => '数据源的详细参数列表。', 'type' => 'array', 'items' => [ 'type' => 'object', 'properties' => [ 'ParaCode' => [ 'title' => '参数code。', 'description' => '参数code。', 'type' => 'string', 'example' => 'region_code', ], 'ParaValue' => [ 'title' => '参数值。', 'description' => '参数值。', 'type' => 'string', 'example' => 'ap-guangzhou', ], ], ], ], 'AccountId' => [ 'title' => '云账号ID。', 'description' => '云账号ID。', 'type' => 'string', 'example' => '123xxxxxxx', ], 'CloudCode' => [ 'title' => '多云的code。', 'description' => '多云的code。取值：'."\n" .'- qcloud：腾讯云。'."\n" .'- aliyun：阿里云。'."\n" .'- hcloud：华为云。', 'type' => 'string', 'example' => 'hcloud', 'enum' => [ 'qcloud', 'hcloud', ], ], ], ], 'RequestId' => [ 'title' => '请求消息ID。', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorCode' => 'InternalError', 'errorMessage' => 'The request processing has failed due to some unknown error.', ], ], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"DataSourceInstanceId\\": \\"220ba97c9d1fdb0b9c7e8c7ca328d7ea\\",\\n \\"DataSourceInstanceParams\\": [\\n {\\n \\"ParaCode\\": \\"region_code\\",\\n \\"ParaValue\\": \\"ap-guangzhou\\"\\n }\\n ],\\n \\"AccountId\\": \\"123xxxxxxx\\",\\n \\"CloudCode\\": \\"hcloud\\"\\n },\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', 'title' => '查看数据源详情', ], 'DescribeAuth' => [ 'summary' => '检查阿里云账号是否已经给SIEM授权，已经创建了AliyunServiceRoleForSasCloudSiem角色。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'http', 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港，选择该项。'."\n" .'- ap-southeast-1：资产属于海外地域，选择该项。', 'type' => 'string', 'required' => false, 'enumValueTitles' => [ 'ap-southeast-1' => '新加坡', 'cn-hangzhou' => '杭州', ], 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'CloudSiemSuccessResponse', 'description' => 'CloudSiemResponse', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。'."\n" .'- true 已经开通权限。'."\n" .'- false 未开通权限。', 'type' => 'boolean', 'enumValueTitles' => [], 'example' => 'true', ], 'RequestId' => [ 'title' => '请求消息ID。', 'description' => '本次请求的id。', 'type' => 'string', 'example' => '4F539347-7D9A-51EA-8ABF-5D5507045C5C', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorCode' => 'InternalError', 'errorMessage' => 'The request processing has failed due to some unknown error.', ], ], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": true,\\n \\"RequestId\\": \\"4F539347-7D9A-51EA-8ABF-5D5507045C5C\\"\\n}","type":"json"}]', 'title' => '检查是否已经开通SIEM权限', ], 'DeleteDataSourceLog' => [ 'summary' => '删除日志。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'http', 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'delete', 'riskType' => 'none', 'chargeType' => 'free', ], 'parameters' => [ [ 'name' => 'LogInstanceId', 'in' => 'formData', 'schema' => [ 'title' => '日志ID，由威胁分析根据具体参数计算md5生成。', 'description' => '日志ID，由威胁分析根据具体参数计算md5生成。可调用[ListDataSourceLogs](https://api.aliyun-inc.com/#/publishment/document/cloud-siem/863fdf54478f4cc5877e27c2a5fe9e44?tenantUuid=f382fccd88b94c5c8c864def6815b854&activeTabKey=api|ListDataSourceLogs)获取日志ID。', 'type' => 'string', 'required' => true, 'example' => 'ef33097c9d1fdb0b9c7e8c7ca320pkl1', ], ], [ 'name' => 'DataSourceInstanceId', 'in' => 'formData', 'schema' => [ 'title' => '数据源ID，由威胁分析根据具体参数计算md5生成。', 'description' => '数据源ID，由威胁分析根据具体参数计算md5生成。可调用[ListDataSourceLogs](https://api.aliyun-inc.com/#/publishment/document/cloud-siem/863fdf54478f4cc5877e27c2a5fe9e44?tenantUuid=f382fccd88b94c5c8c864def6815b854&activeTabKey=api|ListDataSourceLogs)获取数据源ID。', 'type' => 'string', 'required' => true, 'example' => '220ba97c9d1fdb0b9c7e8c7ca328d7ea', ], ], [ 'name' => 'AccountId', 'in' => 'formData', 'schema' => [ 'title' => '云账号ID。', 'description' => '云账号ID。', 'type' => 'string', 'required' => true, 'example' => '123xxxxxxx', ], ], [ 'name' => 'CloudCode', 'in' => 'formData', 'schema' => [ 'title' => '多云的code。', 'description' => '多云的code。取值：'."\n" .'- qcloud：腾讯云。'."\n" .'- aliyun：阿里云。'."\n" .'- hcloud：华为云。', 'type' => 'string', 'required' => true, 'enumValueTitles' => [], 'example' => 'hcloud', 'enum' => [ 'qcloud', 'hcloud', 'aliyun', ], ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'CloudSiemSuccessResponse', 'description' => 'CloudSiemSuccessResponse', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'object', 'properties' => [ 'Count' => [ 'title' => '删除的日志的数量，等于1表示成功，小于等于0表示失败。', 'description' => '删除的日志的数量，等于1表示成功，小于等于0表示失败。', 'type' => 'integer', 'format' => 'int32', 'example' => '1', ], 'LogInstanceId' => [ 'title' => '日志ID，由威胁分析根据具体参数计算md5生成。', 'description' => '日志ID，由威胁分析根据具体参数计算md5生成。', 'type' => 'string', 'example' => 'ef33097c9d1fdb0b9c7e8c7ca320pkl1', ], ], ], 'RequestId' => [ 'title' => '请求消息ID。', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorCode' => 'InternalError', 'errorMessage' => 'The request processing has failed due to some unknown error.', ], ], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"Count\\": 1,\\n \\"LogInstanceId\\": \\"ef33097c9d1fdb0b9c7e8c7ca320pkl1\\"\\n },\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', 'title' => '删除日志', ], 'DeleteDataSource' => [ 'summary' => '如果已添加的数据源不再使用，可以调用接口删除数据源。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'http', 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'delete', 'riskType' => 'none', 'chargeType' => 'free', ], 'parameters' => [ [ 'name' => 'DataSourceInstanceId', 'in' => 'formData', 'schema' => [ 'title' => '数据源ID，由威胁分析根据具体参数计算md5生成。', 'description' => '数据源ID，由威胁分析根据具体参数计算md5生成。可调用[ListDataSourceLogs](https://api.aliyun-inc.com/#/publishment/document/cloud-siem/863fdf54478f4cc5877e27c2a5fe9e44?tenantUuid=f382fccd88b94c5c8c864def6815b854&activeTabKey=api|ListDataSourceLogs)获取数据源ID。', 'type' => 'string', 'required' => true, 'example' => '220ba97c9d1fdb0b9c7e8c7ca328d7ea', ], ], [ 'name' => 'AccountId', 'in' => 'formData', 'schema' => [ 'title' => '云账号ID。', 'description' => '云账号ID。', 'type' => 'string', 'required' => true, 'example' => '123xxxxxxx', ], ], [ 'name' => 'CloudCode', 'in' => 'formData', 'schema' => [ 'title' => '多云的code。', 'description' => '多云的code。取值：'."\n" .'- qcloud：腾讯云。'."\n" .'- aliyun：阿里云。'."\n" .'- hcloud：华为云。', 'type' => 'string', 'required' => true, 'enumValueTitles' => [], 'example' => 'hcloud', 'enum' => [ 'qcloud', 'hcloud', 'aliyun', ], ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'CloudSiemSuccessResponse', 'description' => 'CloudSiemSuccessResponse', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'object', 'properties' => [ 'Count' => [ 'title' => '删除的数据源的数量，等于1表示成功，小于等于0表示失败。', 'description' => '删除的数据源的数量，等于1表示成功，小于等于0表示失败。', 'type' => 'integer', 'format' => 'int32', 'example' => '1', ], ], ], 'RequestId' => [ 'title' => '请求消息ID。', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorCode' => 'InternalError', 'errorMessage' => 'The request processing has failed due to some unknown error.', ], ], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"Count\\": 1\\n },\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', 'title' => '删除数据源', ], 'DeleteBindAccount' => [ 'summary' => '解除已经绑定到威胁分析数据源模块的多云（腾讯云、华为云）子账号AK，解绑后可以更换账号重新绑定。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'http', 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'delete', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeCode' => '194688', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'BindId', 'in' => 'formData', 'schema' => [ 'title' => '绑定ID。', 'description' => '绑定ID。可调用[ListBindAccount](https://api.aliyun-inc.com/#/publishment/document/cloud-siem/863fdf54478f4cc5877e27c2a5fe9e44?tenantUuid=f382fccd88b94c5c8c864def6815b854&activeTabKey=api|ListBindAccount)获取绑定ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '10', ], ], [ 'name' => 'AccountId', 'in' => 'formData', 'schema' => [ 'title' => '云账号ID。', 'description' => '云账号ID。', 'type' => 'string', 'required' => true, 'example' => '123xxxxxxx', ], ], [ 'name' => 'AccessId', 'in' => 'formData', 'schema' => [ 'title' => '云账号AccessKeyId。', 'description' => '云账号AccessKeyId。', 'type' => 'string', 'required' => true, 'example' => 'ABCXXXXXXXX', ], ], [ 'name' => 'CloudCode', 'in' => 'formData', 'schema' => [ 'title' => '多云的code。', 'description' => '多云的code。取值：'."\n" .'- qcloud：腾讯云。'."\n" .'- aliyun：阿里云。'."\n" .'- hcloud：华为云', 'type' => 'string', 'required' => true, 'example' => 'hcloud', 'enum' => [ 'qcloud', 'hcloud', ], ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'CloudSiemSuccessResponse', 'description' => 'CloudSiemSuccessResponse', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'object', 'properties' => [ 'Count' => [ 'title' => '删除账号绑定的数量，等于1表示成功，小于等于0表示失败。', 'description' => '删除账号绑定的数量，等于1表示成功，小于等于0表示失败。', 'type' => 'integer', 'format' => 'int32', 'example' => '1', ], ], ], 'RequestId' => [ 'title' => '请求消息ID。', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorCode' => 'InternalError', 'errorMessage' => 'The request processing has failed due to some unknown error.', ], ], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"Count\\": 1\\n },\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', 'title' => '删除已经绑定的多云账号', ], 'BindAccount' => [ 'summary' => '绑定云安全中心功能设置-多云资产中设置的多云账号到威胁分析。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'http', 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'create', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeCode' => '194690', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'AccessId', 'in' => 'formData', 'schema' => [ 'title' => '云账号AccessKeyId。', 'description' => '云账号ACCESS_KEY_ID。', 'type' => 'string', 'required' => true, 'example' => 'ABCXXXXXXXX', ], ], [ 'name' => 'AccountName', 'in' => 'formData', 'schema' => [ 'title' => '多云账号名称。', 'description' => '多云账号名称。', 'type' => 'string', 'required' => true, 'example' => 'xxxx', ], ], [ 'name' => 'AccountId', 'in' => 'formData', 'schema' => [ 'title' => '云账号ID。', 'description' => '云账号ID。', 'type' => 'string', 'required' => true, 'example' => '123xxxxxxx', ], ], [ 'name' => 'CloudCode', 'in' => 'formData', 'schema' => [ 'title' => '多云的code。', 'description' => '多云的code。取值：'."\n" .'- aliyun：阿里云'."\n" .'- hcloud：华为云'."\n" .'- qcloud：腾讯云', 'type' => 'string', 'required' => true, 'enumValueTitles' => [], 'example' => 'hcloud', 'enum' => [ 'qcloud', 'hcloud', ], ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'CloudSiemSuccessResponse', 'description' => 'CloudSiemResponse', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '威胁分析服务返回的具体内容。', 'type' => 'object', 'properties' => [ 'Count' => [ 'title' => '添加账号绑定的数量，等于1表示成功，小于等于0表示失败。', 'description' => '添加账号绑定的数量。', 'type' => 'integer', 'format' => 'int32', 'example' => '1', ], ], ], 'RequestId' => [ 'title' => '请求消息ID。', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'InvalidOperation', 'errorMessage' => 'access ak "%s" already bound.', ], ], 500 => [ [ 'errorCode' => 'InternalError', 'errorMessage' => 'The request processing has failed due to some unknown error.', ], ], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"Count\\": 1\\n },\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', 'title' => '绑定多云账号', ], 'AddUserSourceLogConfig' => [ 'summary' => '添加日志接入任务，将对应的日志数据接入到威胁分析中以便后续的告警、事件分析。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'http', 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'create', 'riskType' => 'none', 'chargeType' => 'free', ], 'parameters' => [ [ 'name' => 'SourceProdCode', 'in' => 'formData', 'schema' => [ 'title' => '产品code。', 'description' => '产品code。', 'type' => 'string', 'required' => false, 'example' => 'sas', ], ], [ 'name' => 'SourceLogCode', 'in' => 'formData', 'schema' => [ 'title' => '日志code。', 'description' => '日志code。', 'type' => 'string', 'required' => false, 'example' => 'cloud_siem_aegis_proc', ], ], [ 'name' => 'SubUserId', 'in' => 'formData', 'schema' => [ 'title' => '需要接入日志的阿里云账号ID。', 'description' => '需要接入日志的阿里云账号ID。', 'type' => 'integer', 'format' => 'int64', 'required' => true, 'example' => '123XXXXXX', ], ], [ 'name' => 'SourceLogInfo', 'in' => 'formData', 'schema' => [ 'title' => '需要接入日志的详细SLS信息，json数组格式。', 'description' => '需要接入日志的详细SLS信息，json格式。', 'type' => 'string', 'required' => true, 'example' => '{"project":"wafnew-project-1335759343513432-cn-hangzhou","logStore":"wafnew-logstore","regionCode":"cn-hangzhou","prodCode":"waf"}', ], ], [ 'name' => 'DisPlayLine', 'in' => 'formData', 'schema' => [ 'title' => '需要接入日志的详细SLS信息。', 'description' => '需要接入日志的详细SLS信息。', 'type' => 'string', 'required' => false, 'example' => 'cn-shanghai.siem-project.siem-logstore', ], ], [ 'name' => 'Deleted', 'in' => 'formData', 'schema' => [ 'title' => '添加接入或删除接入。取值：'."\n" .'-1：删除接入 '."\n" .'0：添加接入', 'description' => '添加接入或删除接入。取值：'."\n" .' - -1：删除接入'."\n" .' - 0：添加接入', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '0', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'CloudSiemSuccessResponse', 'description' => 'CloudSiemSuccessResponse', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'object', 'properties' => [ 'DiplayLine' => [ 'title' => '需要接入日志的详细SLS信息。', 'description' => '需要接入日志的详细SLS信息。', 'type' => 'string', 'example' => 'cn-shanghai.siem-project.siem-logstore', ], 'SourceProdCode' => [ 'title' => '产品code。', 'description' => '产品code。', 'type' => 'string', 'example' => 'sas', ], 'SourceLogCode' => [ 'title' => '日志code。', 'description' => '日志code。', 'type' => 'string', 'example' => 'cloud_siem_aegis_proc', ], 'Displayed' => [ 'title' => '返回接入详细信息。取值：'."\n" .' - true：已接入。'."\n" .' - 未接入：false。', 'description' => '返回接入详细信息。'."\n" .'已返回 ：true'."\n" .'未返回：false', 'type' => 'boolean', 'example' => '0', ], 'Imported' => [ 'title' => '是否已经接入。取值：'."\n" .' - true：已接入。'."\n" .' - 未接入：false。', 'description' => '是否已经接入。'."\n" .' 已接入：true'."\n" .'未接入：false', 'type' => 'boolean', 'example' => '0', ], 'MainUserId' => [ 'title' => '购买威胁分析的阿里云账号ID。', 'description' => '购买威胁分析的阿里云账号ID。', 'type' => 'integer', 'format' => 'int64', 'example' => '123XXXXXXXXX', ], 'SubUserId' => [ 'title' => '威胁分析阿里云账号ID。', 'description' => '威胁分析阿里云账号ID。', 'type' => 'integer', 'format' => 'int64', 'example' => '123XXXXXXXX', ], 'SubUserName' => [ 'title' => '威胁分析阿里云账号名字。', 'description' => '威胁分析阿里云账号名字。', 'type' => 'string', 'example' => 'sas_account_xxx', ], ], ], 'RequestId' => [ 'title' => '请求消息ID。', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorCode' => 'InternalError', 'errorMessage' => 'The request processing has failed due to some unknown error.', ], ], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"DiplayLine\\": \\"cn-shanghai.siem-project.siem-logstore\\",\\n \\"SourceProdCode\\": \\"sas\\",\\n \\"SourceLogCode\\": \\"cloud_siem_aegis_proc\\",\\n \\"Displayed\\": true,\\n \\"Imported\\": true,\\n \\"MainUserId\\": 0,\\n \\"SubUserId\\": 0,\\n \\"SubUserName\\": \\"sas_account_xxx\\"\\n },\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', 'title' => '添加日志接入', ], 'AddDataSourceLog' => [ 'summary' => '添加日志。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'http', 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'create', 'riskType' => 'none', 'chargeType' => 'free', ], 'parameters' => [ [ 'name' => 'LogCode', 'in' => 'formData', 'schema' => [ 'title' => '日志code。', 'description' => '日志code。', 'type' => 'string', 'required' => false, 'example' => 'cloud_siem_waf_xxxxx', ], ], [ 'name' => 'DataSourceInstanceId', 'in' => 'formData', 'schema' => [ 'title' => '数据源ID，由威胁分析根据具体参数计算md5生成。', 'description' => '数据源ID，由威胁分析根据具体参数计算md5生成。可调用[ListDataSourceLogs](https://api.aliyun-inc.com/#/publishment/document/cloud-siem/863fdf54478f4cc5877e27c2a5fe9e44?tenantUuid=f382fccd88b94c5c8c864def6815b854&activeTabKey=api|ListDataSourceLogs)获取数据源ID。', 'type' => 'string', 'required' => true, 'example' => '220ba97c9d1fdb0b9c7e8c7ca328d7ea', ], ], [ 'name' => 'DataSourceInstanceLogs', 'in' => 'formData', 'schema' => [ 'title' => '数据源参数详情，json数组格式。', 'description' => '数据源参数详情，json数组格式。', 'type' => 'string', 'required' => true, 'example' => '[{"LogCode":"cloud_siem_qcloud_waf_alert_log","LogParas":"[{\\"ParaCode\\":\\"api_name\\",\\"ParaValue\\":\\"GetAttackDownloadRecords\\"}]"}]', ], ], [ 'name' => 'AccountId', 'in' => 'formData', 'schema' => [ 'title' => '云账号ID。', 'description' => '云账号ID。', 'type' => 'string', 'required' => true, 'example' => '123xxxxxxx', ], ], [ 'name' => 'CloudCode', 'in' => 'formData', 'schema' => [ 'title' => '多云的code。', 'description' => '多云的code。取值：'."\n" .'- qcloud：腾讯云。'."\n" .'- aliyun：阿里云。'."\n" .'- hcloud：华为云。', 'type' => 'string', 'required' => true, 'example' => 'hcloud', 'enum' => [ 'qcloud', 'hcloud', 'aliyun', ], ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'CloudSiemSuccessResponse', 'description' => 'CloudSiemSuccessResponse', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'object', 'properties' => [ 'Count' => [ 'title' => '添加的日志的数量，等于1表示成功，小于等于0表示失败。', 'description' => '添加的日志的数量，等于1表示成功，小于等于0表示失败。', 'type' => 'integer', 'format' => 'int32', 'example' => '1', ], 'LogInstanceId' => [ 'title' => '日志ID，由威胁分析根据具体参数计算md5生成。', 'description' => '日志ID，由威胁分析根据具体参数计算md5生成。', 'type' => 'string', 'example' => 'ef33097c9d1fdb0b9c7e8c7ca320pkl1', ], ], ], 'RequestId' => [ 'title' => '请求消息ID。', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorCode' => 'InternalError', 'errorMessage' => 'The request processing has failed due to some unknown error.', ], ], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"Count\\": 1,\\n \\"LogInstanceId\\": \\"ef33097c9d1fdb0b9c7e8c7ca320pkl1\\"\\n },\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', 'title' => '添加日志', ], 'AddDataSource' => [ 'summary' => '在该绑定的多云账号下添加数据源。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'http', 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'create', 'riskType' => 'none', 'chargeType' => 'free', ], 'parameters' => [ [ 'name' => 'AccountId', 'in' => 'formData', 'schema' => [ 'title' => '云账号ID。', 'description' => '云账号ID。', 'type' => 'string', 'required' => false, 'example' => '123xxxxxxxx', ], ], [ 'name' => 'DataSourceType', 'in' => 'formData', 'schema' => [ 'title' => '数据源类型。取值：'."\n" .' - obs：华为云obs。'."\n" .' - wafApi：腾讯云waf下载api。 '."\n" .' - ckafka： 腾讯云ckafka。', 'description' => '数据源类型。取值：'."\n" .' - obs：华为云obs。'."\n" .' - wafApi：腾讯云waf下载api。 '."\n" .' - ckafka： 腾讯云ckafka。', 'type' => 'string', 'required' => false, 'example' => 'obs', ], ], [ 'name' => 'DataSourceInstanceName', 'in' => 'formData', 'schema' => [ 'title' => '数据源名称。', 'description' => '数据源名称。', 'type' => 'string', 'required' => false, 'example' => 'XX北京kafka', ], ], [ 'name' => 'DataSourceInstanceRemark', 'in' => 'formData', 'schema' => [ 'title' => '数据源备注。', 'description' => '数据源备注。', 'type' => 'string', 'required' => false, 'example' => 'XX云云防火墙上海实例', ], ], [ 'name' => 'DataSourceInstanceParams', 'in' => 'formData', 'schema' => [ 'title' => '数据源参数，json数组格式。', 'description' => '数据源参数，json数组格式。', 'type' => 'string', 'required' => false, 'example' => '[{"paraCode":"region_code","paraValue":"ap-guangzhou"}]', ], ], [ 'name' => 'CloudCode', 'in' => 'formData', 'schema' => [ 'title' => '多云的code。', 'description' => '多云的code。', 'type' => 'string', 'required' => true, 'example' => 'hcloud', 'enum' => [ 'qcloud', 'hcloud', 'aliyun', ], ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'CloudSiemSuccessResponse', 'description' => 'CloudSiemSuccessResponse', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'object', 'properties' => [ 'Count' => [ 'title' => '添加数据源的数量，等于1表示成功，小于等于0表示失败。', 'description' => '添加数据源的数量，等于1表示成功，小于等于0表示失败。', 'type' => 'integer', 'format' => 'int32', 'example' => '1', ], 'DataSourceInstanceId' => [ 'title' => '数据源ID，由威胁分析根据具体参数计算md5生成。', 'description' => '数据源ID，由威胁分析根据具体参数计算md5生成。', 'type' => 'string', 'example' => '220ba97c9d1fdb0b9c7e8c7ca328d7ea', ], ], ], 'RequestId' => [ 'title' => '请求消息ID。', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorCode' => 'InternalError', 'errorMessage' => 'The request processing has failed due to some unknown error.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"Count\\": 1,\\n \\"DataSourceInstanceId\\": \\"220ba97c9d1fdb0b9c7e8c7ca328d7ea\\"\\n },\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', 'title' => '添加数据源', ], 'ListBindAccount' => [ 'summary' => '列举已经绑定到威胁分析的多云账号列表。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'http', 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'list', 'riskType' => 'none', 'chargeType' => 'free', ], 'parameters' => [ [ 'name' => 'CloudCode', 'in' => 'formData', 'schema' => [ 'title' => '多云的code。', 'description' => '多云的code。取值：'."\n" .'- qcloud：腾讯云。'."\n" .'- aliyun：阿里云。'."\n" .'- hcloud：华为云。', 'type' => 'string', 'required' => true, 'enumValueTitles' => [], 'example' => 'hcloud', 'enum' => [ 'qcloud', 'hcloud', ], ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => '已经绑定的账号列表。', 'description' => '列举已经绑定的账号。', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '结果集。', 'type' => 'array', 'items' => [ 'type' => 'object', 'properties' => [ 'AccountName' => [ 'title' => '账号名称。', 'description' => '账号名称。', 'type' => 'string', 'example' => 'XXXX公司', ], 'AccessId' => [ 'title' => '已经绑定ACCESS_KEY_ID。', 'description' => '账号的AccessId。', 'type' => 'string', 'example' => 'ABCXXXXXXXX', ], 'DataSourceCount' => [ 'title' => '该账号下绑定数据源的数量。', 'description' => '该账号下绑定数据源的数量。', 'type' => 'integer', 'format' => 'int64', 'example' => '2', ], 'ModifyTime' => [ 'title' => '修改时间。', 'description' => '修改时间。', 'type' => 'string', 'example' => '2023-11-10 12:20:35', ], 'CreateUser' => [ 'title' => '该账号绑定者。', 'description' => '该账号绑定者。', 'type' => 'string', 'example' => '123xxxxxxx', ], 'BindId' => [ 'title' => '绑定ID。', 'description' => '绑定ID。', 'type' => 'integer', 'format' => 'int64', 'example' => '123xxxxxxx', ], 'AccountId' => [ 'title' => '云账号ID。', 'description' => '云账号ID。', 'type' => 'string', 'example' => '123xxxxxxx', ], 'CloudCode' => [ 'title' => '多云的code。', 'description' => '多云的code。取值：'."\n" .'- qcloud：腾讯云。'."\n" .'- aliyun：阿里云。'."\n" .'- hcloud：华为云。', 'type' => 'string', 'enumValueTitles' => [], 'example' => 'hcloud', 'enum' => [ 'qcloud', 'hcloud', ], ], ], ], ], 'RequestId' => [ 'title' => '请求消息ID。', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorCode' => 'InternalError', 'errorMessage' => 'The request processing has failed due to some unknown error.', ], ], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"AccountName\\": \\"XXXX公司\\",\\n \\"AccessId\\": \\"ABCXXXXXXXX\\",\\n \\"DataSourceCount\\": 2,\\n \\"ModifyTime\\": \\"2023-11-10 12:20:35\\",\\n \\"CreateUser\\": \\"123xxxxxxx\\",\\n \\"BindId\\": 0,\\n \\"AccountId\\": \\"123xxxxxxx\\",\\n \\"CloudCode\\": \\"hcloud\\"\\n }\\n ],\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', 'title' => '列举已经绑定的账号列表', ], 'ListAccountAccessId' => [ 'summary' => '查看已经绑定的多云AccessKeyId列表。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'http', 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'list', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeCode' => '195478', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'CloudCode', 'in' => 'formData', 'schema' => [ 'title' => '多云的code。', 'description' => '多云的code。', 'type' => 'string', 'required' => true, 'example' => 'hcloud', 'enum' => [ 'qcloud', 'hcloud', ], ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'CloudSiemSuccessResponse>', 'description' => 'CloudSiemSuccessResponse>', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'array', 'items' => [ 'description' => '请求返回值。', 'type' => 'object', 'properties' => [ 'SubUserId' => [ 'title' => '多云AccessKeyId对应的阿里云账号ID。', 'description' => '多云AccessKeyId对应的阿里云账号ID。', 'type' => 'integer', 'format' => 'int64', 'example' => 'ABCXXXXXXXX', ], 'AccessIdMd5' => [ 'title' => '多云AccessKeyId对应的MD5值。', 'description' => '多云AccessKeyId对应的MD5值。', 'type' => 'string', 'example' => 'abcXXXXXXXX', ], 'AccountStr' => [ 'title' => '多云AccessKeyId所属的账号信息，格式为阿里云账号ID|阿里云账号名称|多云AccessKeyId。', 'description' => '多云AccessKeyId所属的账号信息，格式为阿里云账号ID|阿里云账号名称|多云AccessKeyId。', 'type' => 'string', 'example' => '123xxxxxx|xxxx|ABCXXXXX', ], 'Bound' => [ 'title' => '该AccessKeyId是否已经被绑定到威胁分析。取值：'."\n" .' - 0 : 未绑定。'."\n" .' - 1：已绑定。', 'description' => '该AccessKeyId是否已经被绑定到威胁分析。取值：'."\n" .' - 0 : 未绑定。'."\n" .' - 1：已绑定。', 'type' => 'integer', 'format' => 'int32', 'example' => '1', ], 'AccessId' => [ 'title' => '已经绑定ACCESS_KEY_ID。', 'description' => '已经绑定ACCESS_KEY_ID。', 'type' => 'string', 'example' => 'ABCXXXXXXXX', ], 'AccountId' => [ 'title' => '云账号ID。', 'description' => '云账号ID。', 'type' => 'string', 'example' => '123xxxxxxx', ], 'CloudCode' => [ 'title' => '多云的code。', 'description' => '多云的code。', 'type' => 'string', 'example' => 'hcloud', 'enum' => [ 'qcloud', 'hcloud', ], ], ], ], ], 'Success' => [ 'title' => '本次请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'description' => '本次请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'type' => 'boolean', 'example' => 'true', ], 'Code' => [ 'title' => 'HTTP状态码。', 'description' => 'HTTP状态码。', 'type' => 'integer', 'format' => 'int32', 'example' => '200', ], 'Message' => [ 'title' => '返回消息描述。', 'description' => '返回消息描述。', 'type' => 'string', 'example' => 'success', ], 'RequestId' => [ 'title' => '请求消息ID。', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorCode' => 'InternalError', 'errorMessage' => 'The request processing has failed due to some unknown error.', ], ], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"SubUserId\\": 0,\\n \\"AccessIdMd5\\": \\"abcXXXXXXXX\\",\\n \\"AccountStr\\": \\"123xxxxxx|xxxx|ABCXXXXX\\",\\n \\"Bound\\": 1,\\n \\"AccessId\\": \\"ABCXXXXXXXX\\",\\n \\"AccountId\\": \\"123xxxxxxx\\",\\n \\"CloudCode\\": \\"hcloud\\"\\n }\\n ],\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', 'title' => '查看已绑定AK列表', ], 'SubmitImportLogTasks' => [ 'summary' => '批量提交接入任务。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'http', 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'create', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeCode' => '195545', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'ProdCode', 'in' => 'formData', 'schema' => [ 'title' => '产品的code。', 'description' => '产品的code。', 'type' => 'string', 'required' => true, 'example' => 'qcloud_waf', ], ], [ 'name' => 'LogCodes', 'in' => 'formData', 'schema' => [ 'title' => '提交接入的日志列表，json数组格式。', 'description' => '提交接入的日志列表，json数组格式。', 'type' => 'string', 'required' => false, 'example' => '["cloud_siem_qcloud_cfw_alert_log"]', ], ], [ 'name' => 'Accounts', 'in' => 'formData', 'schema' => [ 'title' => '提交接入的账号列表，json数组格式。取值：'."\n" .' - AccountId：待接入的账号ID。 '."\n" .' - Imported：'."\n" .' - 0：取消接入。 '."\n" .' - 1：接入。', 'description' => '提交接入的账号列表，json数组格式。取值：'."\n" .' - AccountId：待接入的账号ID。 '."\n" .' - Imported：是否接入/取消接入该账号。取值：'."\n" .' - 0：取消接入。 '."\n" .' - 1：接入。', 'type' => 'string', 'required' => false, 'example' => '[{"AccountId":"123123","Imported":1}]', ], ], [ 'name' => 'AutoImported', 'in' => 'formData', 'schema' => [ 'title' => '是否自动接入配置了该日志的账号。取值：'."\n" .' - 1：自动接入。 '."\n" .' - 0：不自动接入。', 'description' => '是否自动接入配置了该日志的账号。取值：'."\n" .' - 1：自动接入。 '."\n" .' - 0：不自动接入。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'CloudCode', 'in' => 'formData', 'schema' => [ 'title' => '多云的code。', 'description' => '多云的code。', 'type' => 'string', 'required' => true, 'example' => 'hcloud', 'enum' => [ 'qcloud', 'hcloud', 'aliyun', 'idc', ], ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'CloudSiemSuccessResponse', 'description' => 'CloudSiemSuccessResponse', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'object', 'properties' => [ 'Count' => [ 'title' => '成功提交的日志接入任务数量。', 'description' => '成功提交的日志接入任务数量。', 'type' => 'integer', 'format' => 'int32', 'example' => '10', ], ], ], 'RequestId' => [ 'title' => '请求消息ID。', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorCode' => 'InternalError', 'errorMessage' => 'The request processing has failed due to some unknown error.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'eventInfo' => [ 'enable' => false, 'eventNames' => [], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"Count\\": 10\\n },\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', 'title' => '提交接入任务', ], 'DescribeAlertsWithEntity' => [ 'summary' => '获取实体关联的告警列表。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'http', 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas731ZAS', ], ], 'parameters' => [ [ 'name' => 'IncidentUuid', 'in' => 'formData', 'schema' => [ 'title' => '事件全局唯一ID。', 'description' => '事件全局唯一ID。', 'type' => 'string', 'required' => false, 'example' => '85ea4241-798f-4684-a876-65d4f0c3****', ], ], [ 'name' => 'SophonTaskId', 'in' => 'formData', 'schema' => [ 'title' => 'soar处置策略ID。', 'description' => 'SOAR处置策略ID。', 'type' => 'string', 'required' => false, 'example' => '577bbf90-a770-44a7-8154-586aa2d318fa', ], ], [ 'name' => 'EntityId', 'in' => 'formData', 'schema' => [ 'title' => '实体ID。', 'description' => '实体ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '123456789', ], ], [ 'name' => 'EntityUuid', 'in' => 'formData', 'schema' => [ 'title' => '实体ID。', 'description' => '实体ID。', 'type' => 'string', 'required' => false, 'example' => '123456789', ], ], [ 'name' => 'StartTime', 'in' => 'formData', 'schema' => [ 'title' => '查询开始时间, 单位毫秒。', 'description' => '查询开始时间, 单位毫秒。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '1577808000000', ], ], [ 'name' => 'EndTime', 'in' => 'formData', 'schema' => [ 'title' => '查询结束时间, 单位毫秒。', 'description' => '查询结束时间, 单位毫秒。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '1577808000000', ], ], [ 'name' => 'CurrentPage', 'in' => 'formData', 'schema' => [ 'title' => '列表当前页号， 大于等于1。', 'description' => '列表当前页号， 大于等于1。', 'type' => 'integer', 'format' => 'int32', 'required' => true, 'minimum' => '1', 'example' => '1', ], ], [ 'name' => 'PageSize', 'in' => 'formData', 'schema' => [ 'title' => '列表每页条数， 最大不超过100。', 'description' => '列表每页条数， 最大不超过100。', 'type' => 'integer', 'format' => 'int32', 'required' => true, 'maximum' => '100', 'minimum' => '1', 'example' => '10', ], ], [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'title' => '0，单账号登录；1，全局视图；2，切换视图；3，局部视图', 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'PageResponse>', 'description' => 'PageResponse>', 'type' => 'object', 'properties' => [ 'Success' => [ 'title' => '请求是否成功。取值：'."\n" .'- true:成功'."\n" .'- false：失败', 'description' => '请求是否成功。取值：'."\n" .'- true：成功。'."\n" .'- false：失败。', 'type' => 'boolean', 'example' => 'true', ], 'Code' => [ 'title' => '请求状态码。', 'description' => '请求状态码。', 'type' => 'integer', 'format' => 'int32', 'example' => '200', ], 'Message' => [ 'title' => '请求返回消息。', 'description' => '请求返回消息。', 'type' => 'string', 'example' => 'success', ], 'RequestId' => [ 'title' => '请求id。', 'description' => '请求ID。', 'type' => 'string', 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', ], 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'object', 'properties' => [ 'PageInfo' => [ 'title' => '分页记录。', 'description' => '分页记录。', 'type' => 'object', 'properties' => [ 'CurrentPage' => [ 'title' => '列表当前页号。', 'description' => '列表当前页号。', 'type' => 'integer', 'format' => 'int32', 'example' => '1', ], 'PageSize' => [ 'title' => '每页返回记录数。', 'description' => '每页返回记录数。', 'type' => 'integer', 'format' => 'int32', 'example' => '10', ], 'TotalCount' => [ 'title' => '记录总数。', 'description' => '记录总数。', 'type' => 'integer', 'format' => 'int64', 'example' => '100', ], ], ], 'ResponseData' => [ 'title' => '详细数据。', 'description' => '详细数据。', 'type' => 'array', 'items' => [ 'description' => '详细数据。', 'type' => 'object', 'properties' => [ 'Id' => [ 'title' => '告警唯一ID。', 'description' => '告警唯一ID。', 'type' => 'integer', 'format' => 'int64', 'example' => '123456789', ], 'GmtCreate' => [ 'title' => '告警入库时间。', 'description' => '告警入库时间。', 'type' => 'string', 'example' => '2021-01-06 16:37:29', ], 'GmtModified' => [ 'title' => '告警最后更新时间。', 'description' => '告警最后更新时间。', 'type' => 'string', 'example' => '2021-01-06 16:37:29', ], 'MainUserId' => [ 'title' => '告警关联siem主账号ID。', 'description' => '告警关联siem主账号ID。', 'type' => 'integer', 'format' => 'int64', 'example' => '127608589417****', ], 'IncidentUuid' => [ 'title' => '事件全局唯一id。', 'description' => '事件全局唯一UUID。', 'type' => 'string', 'example' => '85ea4241-798f-4684-a876-65d4f0c3****', ], 'AlertUuid' => [ 'title' => '告警id。', 'description' => '告警UUID。', 'type' => 'string', 'example' => 'sas_71e24437d2797ce8fc59692905a4****', ], 'LogTime' => [ 'title' => '告警记录时间。', 'description' => '告警记录时间。', 'type' => 'string', 'example' => '2021-01-06 16:37:29', ], 'AlertSrcProd' => [ 'title' => '事件关联告警来源产品。', 'description' => '事件关联告警来源产品。', 'type' => 'string', 'example' => 'sas', ], 'AlertTitle' => [ 'title' => '告警标题。', 'description' => '告警标题。', 'type' => 'string', 'example' => 'Scan-Try SNMP weak password', ], 'AlertTitleEn' => [ 'title' => '告警标题英文。', 'description' => '告警标题英文。', 'type' => 'string', 'example' => 'Scan-Try SNMP weak password', ], 'AlertType' => [ 'title' => '告警类型。', 'description' => '告警类型。', 'type' => 'string', 'example' => 'Scan', ], 'AlertTypeEn' => [ 'title' => '告警类型英文。', 'description' => '告警类型英文。', 'type' => 'string', 'example' => 'Scan', ], 'AlertTypeCode' => [ 'title' => '告警类型美杜莎code。', 'description' => '告警类型美杜莎code。', 'type' => 'string', 'example' => 'security_event_config.event_name.webshellName', ], 'AlertName' => [ 'title' => '告警名称。', 'description' => '告警名称。', 'type' => 'string', 'example' => 'Try SNMP weak password', ], 'AlertNameEn' => [ 'title' => '告警名称。', 'description' => '告警名称。', 'type' => 'string', 'example' => 'Try SNMP weak password', ], 'AlertNameCode' => [ 'title' => '告警名称美杜莎code。', 'description' => '告警名称美杜莎code。', 'type' => 'string', 'example' => 'security_event_config.event_name.webshell', ], 'AlertLevel' => [ 'title' => '威胁等级。 取值：'."\n" .'- serious：高危'."\n" .'- suspicious：中危'."\n" .'- remind：低危', 'description' => '威胁等级。 取值：'."\n" .'- serious：高危。'."\n" .'- suspicious：中危。'."\n" .'- remind：低危。', 'type' => 'string', 'example' => 'remind', ], 'AssetList' => [ 'title' => '资产列表。', 'description' => '资产列表。', 'type' => 'string', 'example' => '['."\n" .' {'."\n" .' "is_main_asset": "1",'."\n" .' "asset_name": "47.245.*",'."\n" .' "port": "22",'."\n" .' "ip": "47.245.*",'."\n" .' "asset_type": "ip",'."\n" .' "location": "ap-southeast-1",'."\n" .' "asset_id": "47.245.*",'."\n" .' "net_connect_dir": "in"'."\n" .' }'."\n" .']', ], 'OccurTime' => [ 'title' => '告警发生时间。', 'description' => '告警发生时间。', 'type' => 'string', 'example' => '2021-01-06 16:37:29', ], 'StartTime' => [ 'title' => '告警首次发生时间。', 'description' => '告警首次发生时间。', 'type' => 'string', 'example' => '2021-01-06 16:37:29', ], 'EndTime' => [ 'title' => '告警结束时间。', 'description' => '告警结束时间。', 'type' => 'string', 'example' => '2021-01-06 16:37:29', ], 'AlertSrcProdModule' => [ 'title' => '事件关联告警来源产品子模块。', 'description' => '事件关联告警来源产品子模块。', 'type' => 'string', 'example' => 'waf', ], 'AlertDesc' => [ 'title' => '告警描述。', 'description' => '告警描述。', 'type' => 'string', 'example' => 'The detection model found a suspicious Webshell file on your server, which may be a backdoor file implanted to maintain permissions after the attacker successfully invaded the website.', ], 'AlertDescEn' => [ 'title' => '告警英文描述。', 'description' => '告警英文描述。', 'type' => 'string', 'example' => 'The detection model found a suspicious Webshell file on your server, which may be a backdoor file implanted to maintain permissions after the attacker successfully invaded the website.', ], 'AlertDescCode' => [ 'title' => '告警描述美杜莎code。', 'description' => '告警描述美杜莎code。', 'type' => 'string', 'example' => 'security_event_config.event_name.webshell'."\n", ], 'AlertDetail' => [ 'title' => '告警详情。', 'description' => '告警详情。', 'type' => 'string', 'example' => '{"main_user_id": "165295629792****";"log_uuid_count": "99";"attack_ip": "21.92.*.*"}', ], 'LogUuid' => [ 'title' => '告警log UUID。', 'description' => '告警日志UUID。', 'type' => 'string', 'example' => 'cfw_d12e285a-a042-4d7e-be89-f8a795ef****', ], 'EntityList' => [ 'title' => '实体详情（标准化/开启索引）', 'description' => '实体详情（标准化/开启索引）', 'type' => 'string', 'example' => '[{"entity_uuid":"55f0c0654d7e79b035a5168fcb4****","entity_type":"cloud_account","account_id":"15176874502****","main_user_id":"15176874502****","cloud_code":"alibaba_cloud","is_asset":1,"entity_id":"151768745029****"}]', ], 'AttCk' => [ 'title' => 'ATTCT&攻击技术标签。', 'description' => 'ATTCT&攻击技术标签。', 'type' => 'string', 'example' => 'T1595.002 Vulnerability Scanning', ], 'SubUserId' => [ 'title' => '产生告警阿里账号ID。', 'description' => '产生告警阿里账号ID。', 'type' => 'integer', 'format' => 'int64', 'example' => '176555323***', ], 'SubUserName' => [ 'title' => '产生告警阿里账号ID。', 'description' => '产生告警阿里账号ID。', 'type' => 'string', 'example' => '176555323***', ], 'IsDefend' => [ 'title' => '是否已防御', 'description' => '是否已防御。取值：'."\n" ."\n" .'- 0：检出。'."\n" .'- 1：拦截。', 'type' => 'string', 'example' => '1', ], 'AlertInfoList' => [ 'title' => '告警详细数据。', 'description' => '告警详细数据。', 'type' => 'array', 'items' => [ 'description' => '告警详细数据。', 'type' => 'object', 'properties' => [ 'Key' => [ 'title' => '告警详细属性key。', 'description' => '告警详细属性key。', 'type' => 'string', 'example' => 'suspicious.wbd.wb.trojanpath', ], 'KeyName' => [ 'title' => '告警详细数据名称。', 'description' => '告警详细数据名称。', 'type' => 'string', 'example' => 'Trojan Path'."\n", ], 'Values' => [ 'title' => '告警详细数据值。', 'description' => '告警详细数据值。', 'type' => 'string', 'example' => '/root/test33.php', ], ], ], 'example' => 'aliyun', ], 'CloudCode' => [ 'description' => '云code。 取值：'."\n" .'- aliyun：阿里云。'."\n" .'- qcloud：腾讯云。'."\n" .'- hcloud：华为云。', 'type' => 'string', 'example' => 'aliyun', ], 'ProductId' => [ 'description' => '产品ID。', 'type' => 'string', 'example' => 'alibaba_cloud_sas', ], 'VendorId' => [ 'description' => '云code。 取值：'."\n" .'- aliyun：阿里云。'."\n" .'- qcloud：腾讯云。'."\n" .'- hcloud：华为云。', 'type' => 'string', 'example' => 'aliyun', ], 'DetectionRuleId' => [ 'description' => '检测规则ID。', 'type' => 'string', 'example' => 'dr-48zs4tk7qfd4rjd9****', ], ], ], ], ], 'example' => '123456', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorMessage' => 'The request processing has failed due to some unknown error.', 'errorCode' => 'InternalError', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\",\\n \\"Data\\": {\\n \\"PageInfo\\": {\\n \\"CurrentPage\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 100\\n },\\n \\"ResponseData\\": [\\n {\\n \\"Id\\": 123456789,\\n \\"GmtCreate\\": \\"2021-01-06 16:37:29\\",\\n \\"GmtModified\\": \\"2021-01-06 16:37:29\\",\\n \\"MainUserId\\": 0,\\n \\"IncidentUuid\\": \\"85ea4241-798f-4684-a876-65d4f0c3****\\",\\n \\"AlertUuid\\": \\"sas_71e24437d2797ce8fc59692905a4****\\",\\n \\"LogTime\\": \\"2021-01-06 16:37:29\\",\\n \\"AlertSrcProd\\": \\"sas\\",\\n \\"AlertTitle\\": \\"Scan-Try SNMP weak password\\",\\n \\"AlertTitleEn\\": \\"Scan-Try SNMP weak password\\",\\n \\"AlertType\\": \\"Scan\\",\\n \\"AlertTypeEn\\": \\"Scan\\",\\n \\"AlertTypeCode\\": \\"security_event_config.event_name.webshellName\\",\\n \\"AlertName\\": \\"Try SNMP weak password\\",\\n \\"AlertNameEn\\": \\"Try SNMP weak password\\",\\n \\"AlertNameCode\\": \\"security_event_config.event_name.webshell\\",\\n \\"AlertLevel\\": \\"remind\\",\\n \\"AssetList\\": \\"[\\\\n {\\\\n \\\\\\"is_main_asset\\\\\\": \\\\\\"1\\\\\\",\\\\n \\\\\\"asset_name\\\\\\": \\\\\\"47.245.*\\\\\\",\\\\n \\\\\\"port\\\\\\": \\\\\\"22\\\\\\",\\\\n \\\\\\"ip\\\\\\": \\\\\\"47.245.*\\\\\\",\\\\n \\\\\\"asset_type\\\\\\": \\\\\\"ip\\\\\\",\\\\n \\\\\\"location\\\\\\": \\\\\\"ap-southeast-1\\\\\\",\\\\n \\\\\\"asset_id\\\\\\": \\\\\\"47.245.*\\\\\\",\\\\n \\\\\\"net_connect_dir\\\\\\": \\\\\\"in\\\\\\"\\\\n }\\\\n]\\",\\n \\"OccurTime\\": \\"2021-01-06 16:37:29\\",\\n \\"StartTime\\": \\"2021-01-06 16:37:29\\",\\n \\"EndTime\\": \\"2021-01-06 16:37:29\\",\\n \\"AlertSrcProdModule\\": \\"waf\\",\\n \\"AlertDesc\\": \\"The detection model found a suspicious Webshell file on your server, which may be a backdoor file implanted to maintain permissions after the attacker successfully invaded the website.\\",\\n \\"AlertDescEn\\": \\"The detection model found a suspicious Webshell file on your server, which may be a backdoor file implanted to maintain permissions after the attacker successfully invaded the website.\\",\\n \\"AlertDescCode\\": \\"security_event_config.event_name.webshell\\\\n\\",\\n \\"AlertDetail\\": \\"{\\\\\\"main_user_id\\\\\\": \\\\\\"165295629792****\\\\\\";\\\\\\"log_uuid_count\\\\\\": \\\\\\"99\\\\\\";\\\\\\"attack_ip\\\\\\": \\\\\\"21.92.*.*\\\\\\"}\\",\\n \\"LogUuid\\": \\"cfw_d12e285a-a042-4d7e-be89-f8a795ef****\\",\\n \\"EntityList\\": \\"[{\\\\\\"entity_uuid\\\\\\":\\\\\\"55f0c0654d7e79b035a5168fcb4****\\\\\\",\\\\\\"entity_type\\\\\\":\\\\\\"cloud_account\\\\\\",\\\\\\"account_id\\\\\\":\\\\\\"15176874502****\\\\\\",\\\\\\"main_user_id\\\\\\":\\\\\\"15176874502****\\\\\\",\\\\\\"cloud_code\\\\\\":\\\\\\"alibaba_cloud\\\\\\",\\\\\\"is_asset\\\\\\":1,\\\\\\"entity_id\\\\\\":\\\\\\"151768745029****\\\\\\"}]\\",\\n \\"AttCk\\": \\"T1595.002 Vulnerability Scanning\\",\\n \\"SubUserId\\": 0,\\n \\"SubUserName\\": \\"176555323***\\",\\n \\"IsDefend\\": \\"1\\",\\n \\"AlertInfoList\\": [\\n {\\n \\"Key\\": \\"suspicious.wbd.wb.trojanpath\\",\\n \\"KeyName\\": \\"Trojan Path\\\\n\\",\\n \\"Values\\": \\"/root/test33.php\\"\\n }\\n ],\\n \\"CloudCode\\": \\"aliyun\\",\\n \\"ProductId\\": \\"alibaba_cloud_sas\\",\\n \\"VendorId\\": \\"aliyun\\",\\n \\"DetectionRuleId\\": \\"dr-48zs4tk7qfd4rjd9****\\"\\n }\\n ]\\n }\\n}","type":"json"}]', 'title' => '获取实体关联告警列表', ], 'DescribeAlerts' => [ 'summary' => '获取用户的告警列表。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'http', 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas731ZAS', ], ], 'parameters' => [ [ 'name' => 'AlertUuid', 'in' => 'formData', 'schema' => [ 'title' => '事件关联告警ID。', 'description' => '事件关联告警ID。', 'type' => 'string', 'required' => false, 'example' => 'sas_71e24437d2797ce8fc59692905a4****', ], ], [ 'name' => 'Level', 'in' => 'formData', 'style' => 'repeatList', 'schema' => [ 'title' => '威胁等级，格式为json数组。取值：'."\n" .'- serious：高危'."\n" .'- suspicious：中危'."\n" .'- remind：低危', 'description' => '威胁等级，格式为json数组。取值：'."\n" .'- serious：高危'."\n" .'- suspicious：中危'."\n" .'- remind：低危', 'type' => 'array', 'items' => [ 'description' => '威胁等级，格式为json数组。取值：'."\n" ."\n" .'- serious：高危'."\n" .'- suspicious：中危'."\n" .'- remind：低危', 'type' => 'string', 'required' => false, 'example' => '["remind","serious"]', ], 'required' => false, 'example' => '["serious","suspicious","remind"]', 'maxItems' => 100, ], ], [ 'name' => 'Source', 'in' => 'formData', 'schema' => [ 'title' => '事件关联告警来源产品。', 'description' => '事件关联告警来源产品。', 'type' => 'string', 'required' => false, 'example' => 'sas', ], ], [ 'name' => 'IsDefend', 'in' => 'formData', 'schema' => [ 'title' => '是否已防御', 'description' => '是否已防御。取值：'."\n" ."\n" .'- 0：检出'."\n" .'- 1：拦截', 'type' => 'string', 'required' => false, 'example' => '1', ], ], [ 'name' => 'AlertTitle', 'in' => 'formData', 'schema' => [ 'title' => '告警标题。', 'description' => '告警标题。', 'type' => 'string', 'required' => false, 'example' => 'Unusual Logon-login_common_account', ], ], [ 'name' => 'AlertType', 'in' => 'formData', 'schema' => [ 'title' => '告警类型。', 'description' => '告警类型。', 'type' => 'string', 'required' => false, 'example' => 'Scan', ], ], [ 'name' => 'AlertName', 'in' => 'formData', 'schema' => [ 'title' => '告警名称。', 'description' => '告警名称。', 'type' => 'string', 'required' => false, 'example' => 'Try SNMP weak password'."\n", ], ], [ 'name' => 'AssetName', 'in' => 'formData', 'schema' => [ 'title' => '资产名称。', 'description' => '资产名称。', 'type' => 'string', 'required' => false, 'example' => 'hostname-****'."\n", ], ], [ 'name' => 'AssetId', 'in' => 'formData', 'schema' => [ 'title' => '资产id。', 'description' => '资产id。', 'type' => 'string', 'required' => false, 'example' => 'F3385128-69A5-3EE8-BD05-FBEE7DB2****', ], ], [ 'name' => 'EntityName', 'in' => 'formData', 'schema' => [ 'title' => '实体名称。', 'description' => '实体名称。', 'type' => 'string', 'required' => false, 'example' => 'launch-advisor-*****'."\n", ], ], [ 'name' => 'EntityId', 'in' => 'formData', 'schema' => [ 'title' => '实体id。', 'description' => '实体id。', 'type' => 'string', 'required' => false, 'example' => 'f366e287ea530e7a324cbe987993****', ], ], [ 'name' => 'SubUserId', 'in' => 'formData', 'schema' => [ 'title' => '告警史记关联阿里账号ID。', 'description' => '告警实际关联阿里账号ID。', 'type' => 'string', 'required' => false, 'example' => '176555323***', ], ], [ 'name' => 'LabelType', 'in' => 'formData', 'schema' => [ 'title' => '告警史记关联阿里账号ID。', 'description' => '告警查询类型。'."\n" ."\n" .'- system：聚合分析告警'."\n" .'- custom：自定义分析告警'."\n" .'- cfw：防火墙'."\n" .'- waf：Web应用防火墙'."\n" .'- edr：端点检测与响应'."\n" .'- other：其他', 'type' => 'string', 'required' => false, 'example' => 'custom', ], ], [ 'name' => 'AlertStatus', 'in' => 'formData', 'style' => 'repeatList', 'schema' => [ 'title' => '告警状态', 'description' => '告警状态', 'type' => 'array', 'items' => [ 'title' => '告警状态', 'description' => '告警状态', 'type' => 'string', 'required' => false, 'example' => '1', ], 'required' => false, 'maxItems' => 100, ], ], [ 'name' => 'StartTime', 'in' => 'formData', 'schema' => [ 'title' => '查询开始时间, 单位毫秒。', 'description' => '查询开始时间, 单位毫秒。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '1577808000000', ], ], [ 'name' => 'EndTime', 'in' => 'formData', 'schema' => [ 'title' => '查询结束时间, 单位毫秒。', 'description' => '查询结束时间, 单位毫秒。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '1577808000000', ], ], [ 'name' => 'CurrentPage', 'in' => 'formData', 'schema' => [ 'title' => '列表当前页号， 大于等于1。', 'description' => '列表当前页号， 大于等于1。', 'type' => 'integer', 'format' => 'int32', 'required' => true, 'minimum' => '1', 'example' => '1', ], ], [ 'name' => 'PageSize', 'in' => 'formData', 'schema' => [ 'title' => '列表每页条数， 最大不超过100。', 'description' => '列表每页条数， 最大不超过100。', 'type' => 'integer', 'format' => 'int32', 'required' => true, 'maximum' => '100', 'minimum' => '1', 'example' => '10', ], ], [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'title' => '0，单账号登录；1，全局视图；2，切换视图；3，局部视图', 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'PageResponse>', 'description' => 'PageResponse>', 'type' => 'object', 'properties' => [ 'Success' => [ 'title' => '请求是否成功。取值：'."\n" .'- true:成功'."\n" .'- false：失败', 'description' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'type' => 'boolean', 'example' => 'true', ], 'Code' => [ 'title' => '请求状态码。', 'description' => '请求状态码。', 'type' => 'integer', 'format' => 'int32', 'example' => '200', ], 'Message' => [ 'title' => '请求返回消息。', 'description' => '请求返回消息。', 'type' => 'string', 'example' => 'success', ], 'RequestId' => [ 'title' => '请求id。', 'description' => '请求ID。', 'type' => 'string', 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', ], 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'object', 'properties' => [ 'PageInfo' => [ 'title' => '分页记录。', 'description' => '分页记录。', 'type' => 'object', 'properties' => [ 'CurrentPage' => [ 'title' => '列表当前页号。', 'description' => '列表当前页号。', 'type' => 'integer', 'format' => 'int32', 'example' => '1', ], 'PageSize' => [ 'title' => '每页返回记录数。', 'description' => '每页返回记录数。', 'type' => 'integer', 'format' => 'int32', 'example' => '10', ], 'TotalCount' => [ 'title' => '记录总数。', 'description' => '记录总数。', 'type' => 'integer', 'format' => 'int64', 'example' => '100', ], ], ], 'ResponseData' => [ 'title' => '详细数据。', 'description' => '详细数据。', 'type' => 'array', 'items' => [ 'type' => 'object', 'properties' => [ 'Id' => [ 'title' => '告警唯一ID。', 'description' => '告警唯一ID。', 'type' => 'integer', 'format' => 'int64', 'example' => '123456789', ], 'GmtCreate' => [ 'title' => '告警入库时间。', 'description' => '告警入库时间。', 'type' => 'string', 'example' => '2021-01-06 16:37:29', ], 'GmtModified' => [ 'title' => '告警最后更新时间。', 'description' => '告警最后更新时间。', 'type' => 'string', 'example' => '2021-01-06 16:37:29', ], 'MainUserId' => [ 'title' => '告警关联siem主账号ID。', 'description' => '告警关联siem主账号ID。', 'type' => 'integer', 'format' => 'int64', 'example' => '127608589417****', ], 'IncidentUuid' => [ 'title' => '事件全局唯一id。', 'description' => '事件全局唯一UUID。', 'type' => 'string', 'example' => '85ea4241-798f-4684-a876-65d4f0c3****', ], 'AlertUuid' => [ 'title' => '告警id。', 'description' => '告警UUID。', 'type' => 'string', 'example' => 'sas_71e24437d2797ce8fc59692905a4****', ], 'LogTime' => [ 'title' => '告警记录时间。', 'description' => '告警记录时间。', 'type' => 'string', 'example' => '2021-01-06 16:37:29', ], 'AlertSrcProd' => [ 'title' => '事件关联告警来源产品。', 'description' => '事件关联告警来源产品。', 'type' => 'string', 'example' => 'sas', ], 'AlertTitle' => [ 'title' => '告警标题。', 'description' => '告警标题。', 'type' => 'string', 'example' => 'Scan-Try SNMP weak password', ], 'AlertTitleEn' => [ 'title' => '告警标题英文。', 'description' => '告警标题英文。', 'type' => 'string', 'example' => 'Scan-Try SNMP weak password', ], 'AlertType' => [ 'title' => '告警类型。', 'description' => '告警类型。', 'type' => 'string', 'example' => 'Scan', ], 'AlertTypeEn' => [ 'title' => '告警类型英文。', 'description' => '告警类型英文。', 'type' => 'string', 'example' => 'Scan', ], 'AlertTypeCode' => [ 'title' => '告警类型美杜莎code。', 'description' => '告警类型美杜莎code。', 'type' => 'string', 'example' => 'security_event_config.event_name.webshellName', ], 'AlertName' => [ 'title' => '告警名称。', 'description' => '告警名称。', 'type' => 'string', 'example' => 'Try SNMP weak password', ], 'AlertNameEn' => [ 'title' => '告警名称。', 'description' => '告警名称英文。', 'type' => 'string', 'example' => 'Try SNMP weak password', ], 'AlertNameCode' => [ 'title' => '告警名称美杜莎code。', 'description' => '告警名称美杜莎code。', 'type' => 'string', 'example' => 'security_event_config.event_name.webshell', ], 'AlertLevel' => [ 'title' => '威胁等级。 取值：'."\n" .'- serious：高危'."\n" .'- suspicious：中危'."\n" .'- remind：低危', 'description' => '威胁等级。 取值：'."\n" .'- serious：高危'."\n" .'- suspicious：中危'."\n" .'- remind：低危', 'type' => 'string', 'example' => 'remind', ], 'AssetList' => [ 'title' => '资产列表。', 'description' => '资产列表。', 'type' => 'string', 'example' => '['."\n" .' {'."\n" .' "is_main_asset": "1",'."\n" .' "asset_name": "47.245.*",'."\n" .' "port": "22",'."\n" .' "ip": "47.245.*",'."\n" .' "asset_type": "ip",'."\n" .' "location": "ap-southeast-1",'."\n" .' "asset_id": "47.245.*",'."\n" .' "net_connect_dir": "in"'."\n" .' }'."\n" .']', ], 'OccurTime' => [ 'title' => '告警发生时间。', 'description' => '告警发生时间。', 'type' => 'string', 'example' => '2021-01-06 16:37:29', ], 'StartTime' => [ 'title' => '告警首次发生时间。', 'description' => '告警首次发生时间。', 'type' => 'string', 'example' => '2021-01-06 16:37:29', ], 'EndTime' => [ 'title' => '告警结束时间。', 'description' => '告警结束时间。', 'type' => 'string', 'example' => '2021-01-06 16:37:29', ], 'AlertSrcProdModule' => [ 'title' => '事件关联告警来源产品子模块。', 'description' => '事件关联告警来源产品子模块。', 'type' => 'string', 'example' => 'waf', ], 'AlertDesc' => [ 'title' => '告警描述。', 'description' => '告警描述。', 'type' => 'string', 'example' => 'The detection model found a suspicious Webshell file on your server, which may be a backdoor file implanted to maintain permissions after the attacker successfully invaded the website.', ], 'AlertDescEn' => [ 'title' => '告警英文描述。', 'description' => '告警英文描述。', 'type' => 'string', 'example' => 'The detection model found a suspicious Webshell file on your server, which may be a backdoor file implanted to maintain permissions after the attacker successfully invaded the website.', ], 'AlertDescCode' => [ 'title' => '告警描述美杜莎code。', 'description' => '告警描述美杜莎code。', 'type' => 'string', 'example' => 'security_event_config.event_name.webshell', ], 'AlertDetail' => [ 'title' => '告警详情。', 'description' => '告警详情。', 'type' => 'string', 'example' => '{"main_user_id": "165295629792****";"log_uuid_count": "99";"attack_ip": "21.92.*.*"}', ], 'LogUuid' => [ 'title' => '告警log UUID。', 'description' => '告警日志UUID。', 'type' => 'string', 'example' => 'cfw_d12e285a-a042-4d7e-be89-f8a795ef****', ], 'EntityList' => [ 'title' => '实体详情（标准化/开启索引）', 'description' => '实体详情（标准化/开启索引）', 'type' => 'string', 'example' => '[{"entity_user_id":"198921674491****","entity_account_id":"N/A","entity_uuid":"6245f979d5dd9ef8dd19bdc72228****","entity_type":"host","entity_name":"zhh-test-20240409","is_comprised":"1","os_type":"linux","entity_id":"a88f44dd-b8d4-4ded-831c-77a4835****","host_uuid":"a88f44dd-b8d4-4ded-831c-77a4835****","host_name":"zhh-test-2024****"}]', ], 'AttCk' => [ 'title' => 'ATTCT&攻击技术标签。', 'description' => 'ATTCT&攻击技术标签。', 'type' => 'string', 'example' => 'T1595.002 Vulnerability Scanning', ], 'SubUserId' => [ 'title' => '产生告警阿里账号ID。', 'description' => '产生告警阿里账号ID。', 'type' => 'integer', 'format' => 'int64', 'example' => '176555323***', ], 'SubUserName' => [ 'title' => '产生告警阿里账号ID。', 'description' => '产生告警阿里账号ID。', 'type' => 'string', 'example' => '176555323***', ], 'VendorId' => [ 'title' => '云code。 取值：'."\n" .'- aliyun：阿里云'."\n" .'- qcloud：腾讯云'."\n" .'- hcloud：华为云', 'description' => '云code。 取值：'."\n" .'- aliyun：阿里云'."\n" .'- qcloud：腾讯云'."\n" .'- hcloud：华为云', 'type' => 'string', 'example' => 'aliyun', ], 'IsDefend' => [ 'title' => '是否已防御', 'description' => '是否已防御。取值：'."\n" ."\n" .'- 0：检出'."\n" .'- 1：拦截', 'type' => 'string', 'example' => '1', ], 'AlertInfoList' => [ 'title' => '告警详细数据。', 'description' => '告警详细数据。', 'type' => 'array', 'items' => [ 'type' => 'object', 'properties' => [ 'Key' => [ 'title' => '告警详细属性key。', 'description' => '告警详细属性key。', 'type' => 'string', 'example' => 'suspicious.wbd.wb.trojanpath', ], 'KeyName' => [ 'title' => '告警详细数据名称。', 'description' => '告警详细数据名称。', 'type' => 'string', 'example' => 'Trojan Path', ], 'Values' => [ 'title' => '告警详细数据值。', 'description' => '告警详细数据值。', 'type' => 'string', 'example' => '/root/test33.php', ], ], ], 'example' => 'aliyun', ], 'ExtendContent' => [ 'description' => '告警扩展信息。', 'type' => 'string', 'example' => '{"user":"Member","num":"1"}', ], 'ProductId' => [ 'description' => '产品ID。', 'type' => 'string', 'example' => 'alibaba_cloud_sas', ], 'CloudCode' => [ 'description' => '云code。 取值：'."\n" .'- aliyun：阿里云'."\n" .'- qcloud：腾讯云'."\n" .'- hcloud：华为云', 'type' => 'string', 'example' => 'aliyun', ], 'DetectionRuleId' => [ 'description' => '检测规则ID。', 'type' => 'string', 'example' => 'dr-48zs4tk7qfd4rjd9****', ], 'AlertStatus' => [ 'title' => '告警状态', 'description' => '告警状态。', 'type' => 'string', 'example' => '1', ], ], ], ], ], 'example' => '123456', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorMessage' => 'The request processing has failed due to some unknown error.', 'errorCode' => 'InternalError', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\",\\n \\"Data\\": {\\n \\"PageInfo\\": {\\n \\"CurrentPage\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 100\\n },\\n \\"ResponseData\\": [\\n {\\n \\"Id\\": 123456789,\\n \\"GmtCreate\\": \\"2021-01-06 16:37:29\\",\\n \\"GmtModified\\": \\"2021-01-06 16:37:29\\",\\n \\"MainUserId\\": 0,\\n \\"IncidentUuid\\": \\"85ea4241-798f-4684-a876-65d4f0c3****\\",\\n \\"AlertUuid\\": \\"sas_71e24437d2797ce8fc59692905a4****\\",\\n \\"LogTime\\": \\"2021-01-06 16:37:29\\",\\n \\"AlertSrcProd\\": \\"sas\\",\\n \\"AlertTitle\\": \\"Scan-Try SNMP weak password\\",\\n \\"AlertTitleEn\\": \\"Scan-Try SNMP weak password\\",\\n \\"AlertType\\": \\"Scan\\",\\n \\"AlertTypeEn\\": \\"Scan\\",\\n \\"AlertTypeCode\\": \\"security_event_config.event_name.webshellName\\",\\n \\"AlertName\\": \\"Try SNMP weak password\\",\\n \\"AlertNameEn\\": \\"Try SNMP weak password\\",\\n \\"AlertNameCode\\": \\"security_event_config.event_name.webshell\\",\\n \\"AlertLevel\\": \\"remind\\",\\n \\"AssetList\\": \\"[\\\\n {\\\\n \\\\\\"is_main_asset\\\\\\": \\\\\\"1\\\\\\",\\\\n \\\\\\"asset_name\\\\\\": \\\\\\"47.245.*\\\\\\",\\\\n \\\\\\"port\\\\\\": \\\\\\"22\\\\\\",\\\\n \\\\\\"ip\\\\\\": \\\\\\"47.245.*\\\\\\",\\\\n \\\\\\"asset_type\\\\\\": \\\\\\"ip\\\\\\",\\\\n \\\\\\"location\\\\\\": \\\\\\"ap-southeast-1\\\\\\",\\\\n \\\\\\"asset_id\\\\\\": \\\\\\"47.245.*\\\\\\",\\\\n \\\\\\"net_connect_dir\\\\\\": \\\\\\"in\\\\\\"\\\\n }\\\\n]\\",\\n \\"OccurTime\\": \\"2021-01-06 16:37:29\\",\\n \\"StartTime\\": \\"2021-01-06 16:37:29\\",\\n \\"EndTime\\": \\"2021-01-06 16:37:29\\",\\n \\"AlertSrcProdModule\\": \\"waf\\",\\n \\"AlertDesc\\": \\"The detection model found a suspicious Webshell file on your server, which may be a backdoor file implanted to maintain permissions after the attacker successfully invaded the website.\\",\\n \\"AlertDescEn\\": \\"The detection model found a suspicious Webshell file on your server, which may be a backdoor file implanted to maintain permissions after the attacker successfully invaded the website.\\",\\n \\"AlertDescCode\\": \\"security_event_config.event_name.webshell\\",\\n \\"AlertDetail\\": \\"{\\\\\\"main_user_id\\\\\\": \\\\\\"165295629792****\\\\\\";\\\\\\"log_uuid_count\\\\\\": \\\\\\"99\\\\\\";\\\\\\"attack_ip\\\\\\": \\\\\\"21.92.*.*\\\\\\"}\\",\\n \\"LogUuid\\": \\"cfw_d12e285a-a042-4d7e-be89-f8a795ef****\\",\\n \\"EntityList\\": \\"[{"entity_user_id":"198921674491****","entity_account_id":"N/A","entity_uuid":"6245f979d5dd9ef8dd19bdc72228****","entity_type":"host","entity_name":"zhh-test-20240409","is_comprised":"1","os_type":"linux","entity_id":"a88f44dd-b8d4-4ded-831c-77a4835****","host_uuid":"a88f44dd-b8d4-4ded-831c-77a4835****","host_name":"zhh-test-2024****"}]\\",\\n \\"AttCk\\": \\"T1595.002 Vulnerability Scanning\\",\\n \\"SubUserId\\": 0,\\n \\"SubUserName\\": \\"176555323***\\",\\n \\"VendorId\\": \\"aliyun\\",\\n \\"IsDefend\\": \\"1\\",\\n \\"AlertInfoList\\": [\\n {\\n \\"Key\\": \\"suspicious.wbd.wb.trojanpath\\",\\n \\"KeyName\\": \\"Trojan Path\\",\\n \\"Values\\": \\"/root/test33.php\\"\\n }\\n ],\\n \\"ExtendContent\\": \\"{\\\\\\"user\\\\\\":\\\\\\"Member\\\\\\",\\\\\\"num\\\\\\":\\\\\\"1\\\\\\"}\\",\\n \\"ProductId\\": \\"alibaba_cloud_sas\\",\\n \\"CloudCode\\": \\"aliyun\\",\\n \\"DetectionRuleId\\": \\"dr-48zs4tk7qfd4rjd9****\\",\\n \\"AlertStatus\\": \\"1\\"\\n }\\n ]\\n }\\n}","type":"json"}]', 'title' => '获取告警列表', ], 'DescribeAlertSource' => [ 'summary' => '获取告警数据源列表。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'https', 'http', ], 'security' => [ [ 'AK' => [], ], ], 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', ], 'parameters' => [ [ 'name' => 'Level', 'in' => 'formData', 'style' => 'repeatList', 'schema' => [ 'title' => '威胁等级，格式为json数组。取值：'."\n" .'- serious：高危'."\n" .'- suspicious：中危'."\n" .'- remind：低危', 'description' => '威胁等级，格式为json数组。取值：'."\n" .'- serious：高危'."\n" .'- suspicious：中危'."\n" .'- remind：低危', 'type' => 'array', 'items' => [ 'description' => '威胁等级，格式为json数组。取值：'."\n" ."\n" .'- serious：高危'."\n" .'- suspicious：中危'."\n" .'- remind：低危', 'type' => 'string', 'required' => false, 'example' => '["remind","serious"]', ], 'required' => false, 'example' => '["serious","suspicious","remind"]', 'maxItems' => 100, ], ], [ 'name' => 'StartTime', 'in' => 'formData', 'schema' => [ 'title' => '查询开始时间, 单位毫秒。', 'description' => '查询开始时间, 单位毫秒。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '1577808000000', ], ], [ 'name' => 'EndTime', 'in' => 'formData', 'schema' => [ 'title' => '查询结束时间, 单位毫秒。', 'description' => '查询结束时间, 单位毫秒。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '1577808000000', ], ], [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'BaseResponse>', 'description' => 'BaseResponse>', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'array', 'items' => [ 'type' => 'object', 'properties' => [ 'SourceName' => [ 'title' => '告警数据源名称。', 'description' => '告警数据源名称。', 'type' => 'string', 'example' => 'sas', ], 'Source' => [ 'title' => '告警数据源名称美杜莎code。', 'description' => '告警数据源名称美杜莎code。', 'type' => 'string', 'example' => 'aliyun.siem.alert_datasource.sas', ], ], ], 'example' => '123456', ], 'Success' => [ 'title' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'description' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'type' => 'boolean', 'example' => 'true', ], 'Code' => [ 'title' => '请求状态码。', 'description' => '请求状态码。', 'type' => 'integer', 'format' => 'int32', 'example' => '200', ], 'Message' => [ 'title' => '请求返回消息。', 'description' => '请求返回消息。', 'type' => 'string', 'example' => 'success', ], 'RequestId' => [ 'title' => '请求id。', 'description' => '请求ID。', 'type' => 'string', 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorMessage' => 'The request processing has failed due to some unknown error.', 'errorCode' => 'InternalError', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"SourceName\\": \\"sas\\",\\n \\"Source\\": \\"aliyun.siem.alert_datasource.sas\\"\\n }\\n ],\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', 'title' => '获取告警数据源列表', ], 'DescribeAlertsCount' => [ 'summary' => '获取告警不同级别计数。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'https', 'http', ], 'security' => [ [ 'AK' => [], ], ], 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'QueryType', 'in' => 'formData', 'schema' => [ 'title' => '查询类型。', 'description' => '查询类型。', 'type' => 'string', 'required' => false, 'example' => 'bySrcProd', ], ], [ 'name' => 'StartTime', 'in' => 'formData', 'schema' => [ 'title' => '查询开始时间, 单位毫秒。', 'description' => '查询开始时间, 单位毫秒。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '1577808000000', ], ], [ 'name' => 'EndTime', 'in' => 'formData', 'schema' => [ 'title' => '查询结束时间, 单位毫秒。', 'description' => '查询结束时间, 单位毫秒。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '1577808000000', ], ], [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'title' => '0，单账号登录；1，全局视图；2，切换视图；3，局部视图', 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'PlainResponse', 'description' => 'PlainResponse', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'object', 'properties' => [ 'High' => [ 'title' => '高威胁告警数。', 'description' => '高威胁告警数。', 'type' => 'integer', 'format' => 'int64', 'example' => '25', ], 'Medium' => [ 'title' => '中威胁告警数。', 'description' => '中威胁告警数。', 'type' => 'integer', 'format' => 'int64', 'example' => '25', ], 'Low' => [ 'title' => '低威胁告警数。', 'description' => '低威胁告警数。', 'type' => 'integer', 'format' => 'int64', 'example' => '25', ], 'All' => [ 'title' => '告警总数。', 'description' => '告警总数。', 'type' => 'integer', 'format' => 'int64', 'example' => '75', ], 'ProductNum' => [ 'title' => '接入产品数。', 'description' => '接入产品数。', 'type' => 'integer', 'format' => 'int32', 'example' => '3', ], 'CountMap' => [ 'description' => '各等级计数。', 'type' => 'object', 'additionalProperties' => [ 'type' => 'integer', 'format' => 'int64', 'example' => '12', 'description' => '数值。', ], ], ], 'example' => '123456', ], 'Success' => [ 'title' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'description' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'type' => 'boolean', 'example' => 'true', ], 'Code' => [ 'title' => '请求状态码。', 'description' => '请求状态码。', 'type' => 'integer', 'format' => 'int32', 'example' => '200', ], 'Message' => [ 'title' => '请求返回消息。', 'description' => '请求返回消息。', 'type' => 'string', 'example' => 'success', ], 'RequestId' => [ 'title' => '请求id。', 'description' => '请求ID。', 'type' => 'string', 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorMessage' => 'The request processing has failed due to some unknown error.', 'errorCode' => 'InternalError', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"High\\": 25,\\n \\"Medium\\": 25,\\n \\"Low\\": 25,\\n \\"All\\": 75,\\n \\"ProductNum\\": 3,\\n \\"CountMap\\": {\\n \\"key\\": 12\\n }\\n },\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', 'title' => '获取告警不同级别计数', ], 'ListEntities' => [ 'summary' => '查询实体列表。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsasAFG0OH', ], ], 'parameters' => [ [ 'name' => 'IncidentUuid', 'in' => 'formData', 'schema' => [ 'title' => '事件ID。', 'description' => '事件ID。', 'type' => 'string', 'required' => true, 'example' => '85ea4241-798f-4684-a876-65d4f0c3****', ], ], [ 'name' => 'EntityType', 'in' => 'formData', 'schema' => [ 'title' => '实体类型。', 'description' => '实体类型。取值：'."\n" .'- ip：ip'."\n" .'- domain：域名'."\n" .'- url：url'."\n" .'- process：进程'."\n" .'- file：文件'."\n" .'- host：主机'."\n" .'- cloud_account：云账号'."\n" .'- container：容器'."\n" .'- bucket：对象存储', 'type' => 'string', 'required' => false, 'example' => 'ip', ], ], [ 'name' => 'EntityName', 'in' => 'formData', 'schema' => [ 'title' => '实体名称。', 'description' => '实体名称。', 'type' => 'string', 'required' => false, 'example' => 'host1****', ], ], [ 'name' => 'EntityUuid', 'in' => 'formData', 'schema' => [ 'title' => '实体ID。', 'description' => '实体UUID。', 'type' => 'string', 'required' => false, 'example' => '6c740667-80b2-476d-8924-2e706feb****', ], ], [ 'name' => 'EntityUuids', 'in' => 'formData', 'schema' => [ 'description' => '实体UUID列表。', 'type' => 'string', 'required' => false, 'example' => '6c740667-80b2-476d-8924-2e706feb****,6c740667-80b2-476d-8924-2e706feb****', ], ], [ 'name' => 'MalwareType', 'in' => 'formData', 'schema' => [ 'title' => '恶意实体类型。 取值：'."\n" .'- 0:否'."\n" .'- 1:是。', 'description' => '恶意实体类型。', 'type' => 'string', 'required' => false, 'example' => 'aliyun.siem.sas.alert_tag.miner_software', ], ], [ 'name' => 'IsMalwareEntity', 'in' => 'formData', 'schema' => [ 'title' => '是否恶意实体。 取值：'."\n" .'- 0:否'."\n" .'- 1:是。', 'description' => '是否恶意实体。 取值：'."\n" .'- 0：否'."\n" .'- 1：是', 'type' => 'string', 'required' => false, 'example' => '1', ], ], [ 'name' => 'Tags', 'in' => 'formData', 'schema' => [ 'title' => '实体标签。格式为JSON数组字符串：\\"[{\\"tagKey1\\":\\"tagValue1\\"},{\\"tagKey2\\":\\"tagValue2\\"}]\\"', 'description' => '实体标签。格式为JSON数组字符串：'."\n" ."\n" .'`"[{"tagKey1":"tagValue1"},{"tagKey2":"tagValue2"}]"`', 'type' => 'string', 'required' => false, 'example' => '[{"tagKey1":"tagValue1"},{"tagKey2":"tagValue2"}]', ], ], [ 'name' => 'CurrentPage', 'in' => 'formData', 'schema' => [ 'title' => '列表当前页号， 大于等于1。', 'description' => '列表当前页号， 大于等于1。', 'type' => 'integer', 'format' => 'int32', 'required' => true, 'minimum' => '1', 'example' => '1', ], ], [ 'name' => 'PageSize', 'in' => 'formData', 'schema' => [ 'title' => '列表每页条数， 最大不超过100。', 'description' => '列表每页条数， 最大不超过100。', 'type' => 'integer', 'format' => 'int32', 'required' => true, 'maximum' => '100', 'minimum' => '1', 'example' => '10', ], ], [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'title' => '0，单账号登录；1，全局视图；2，切换视图；3，局部视图', 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'PageResponse>', 'description' => 'PageResponse>', 'type' => 'object', 'properties' => [ 'Success' => [ 'title' => '请求是否成功。取值：'."\n" .'- true:成功'."\n" .'- false：失败', 'description' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'type' => 'boolean', 'example' => 'true', ], 'Code' => [ 'title' => '请求状态码。', 'description' => '请求状态码。', 'type' => 'integer', 'format' => 'int32', 'example' => '200', ], 'Message' => [ 'title' => '请求返回消息。', 'description' => '请求返回消息。', 'type' => 'string', 'example' => 'success', ], 'RequestId' => [ 'title' => '请求id。', 'description' => '请求ID。', 'type' => 'string', 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', ], 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'object', 'properties' => [ 'PageInfo' => [ 'title' => '分页记录。', 'description' => '分页记录。', 'type' => 'object', 'properties' => [ 'CurrentPage' => [ 'title' => '列表当前页号。', 'description' => '列表当前页号。', 'type' => 'integer', 'format' => 'int32', 'example' => '1', ], 'PageSize' => [ 'title' => '每页返回记录数。', 'description' => '每页返回记录数。', 'type' => 'integer', 'format' => 'int32', 'example' => '10', ], 'TotalCount' => [ 'title' => '记录总数。', 'description' => '记录总数。', 'type' => 'integer', 'format' => 'int64', 'example' => '100', ], ], ], 'ResponseData' => [ 'title' => '详细数据。', 'description' => '详细数据。', 'type' => 'array', 'items' => [ 'type' => 'object', 'properties' => [ 'Id' => [ 'title' => '实体ID。', 'description' => '实体ID。', 'type' => 'integer', 'format' => 'int64', 'example' => '123456789***', ], 'GmtCreate' => [ 'title' => '实体采集时间。', 'description' => '实体采集时间。', 'type' => 'string', 'example' => '2021-01-06 16:37:29', ], 'GmtModified' => [ 'title' => '实体最后更新时间。', 'description' => '实体最后更新时间。', 'type' => 'string', 'example' => '2021-01-06 16:37:29', ], 'Aliuid' => [ 'title' => 'siem主用户ID。', 'description' => '阿里云账户ID。', 'type' => 'integer', 'format' => 'int64', 'example' => '123456789****', ], 'IncidentUuid' => [ 'title' => '事件ID。', 'description' => '事件UUID，可以基于事件列表接口获取。', 'type' => 'string', 'example' => '85ea4241-798f-4684-a876-65d4f0c3****', ], 'AlertUuid' => [ 'title' => '告警ID。', 'description' => '告警UUID。', 'type' => 'string', 'example' => 'sas_71e24437d2797ce8fc59692905a4****', ], 'AlertNum' => [ 'title' => '实体关联告警数量。', 'description' => '实体关联告警数量。', 'type' => 'integer', 'format' => 'int32', 'example' => '1', ], 'EventNum' => [ 'title' => '实体关联事件数量。', 'description' => '实体关联事件数量。', 'type' => 'integer', 'format' => 'int32', 'example' => '1', ], 'CloudCode' => [ 'title' => '实体来源云code。 取值：'."\n" .'- aliyun：阿里云'."\n" .'- qcloud：腾讯云'."\n" .'- hcloud：华为云', 'description' => '实体来源云code。 取值：'."\n" .'- aliyun：阿里云'."\n" .'- qcloud：腾讯云'."\n" .'- hcloud：华为云', 'type' => 'string', 'example' => 'aliyun', ], 'EntityType' => [ 'title' => '实体类型。取值：'."\n" .'- ip:ip'."\n" .'- domain：域名'."\n" .'- url：url'."\n" .'- process：进程'."\n" .'- file：文件'."\n" .'- host：主机', 'description' => '实体类型。取值：'."\n" .'- ip：ip'."\n" .'- domain：域名'."\n" .'- url：url'."\n" .'- process：进程'."\n" .'- file：文件'."\n" .'- host：主机'."\n" .'- cloud_account：云账号'."\n" .'- container：容器'."\n" .'- bucket：对象存储', 'type' => 'string', 'example' => 'ip', ], 'EntityName' => [ 'title' => '实体名称。', 'description' => '实体名称。', 'type' => 'string', 'example' => '123.123.123.123', ], 'EntityInfo' => [ 'title' => '实体展示信息 json格式。', 'description' => '实体展示信息 json格式。', 'type' => 'string', 'example' => '{"file_path": "c:/www/leixi.jsp","file_hash": "aa0ca926ad948cd820e0a3d9a18c****","host_uuid": "efed2cf7-0b77-45d9-a97b-d2cf246b****","malware_type": "${aliyun.siem.sas.alert_tag.webshell}","host_name": "launch-advisor-2023****"}', ], 'SubUserId' => [ 'title' => '实体关联账号id', 'description' => '实体关联账号ID。', 'type' => 'integer', 'format' => 'int64', 'example' => '113091674488****', ], 'EntityId' => [ 'title' => '实体逻辑id', 'description' => '实体逻辑ID。', 'type' => 'string', 'example' => '12345****', ], 'EntityUuid' => [ 'title' => '实体uuid', 'description' => '实体UUID。', 'type' => 'string', 'example' => '8087b3e4aa6862852c100c8738cf****', ], 'MalwareType' => [ 'title' => '实体恶意类型', 'description' => '实体恶意类型。', 'type' => 'string', 'example' => 'aliyun.siem.sas.alert_tag.webshell', ], 'IsAsset' => [ 'description' => '是否为资产。取值：'."\n" .'+ 0：否'."\n" .'+ 1：是', 'type' => 'string', 'example' => '1', ], 'IsMalware' => [ 'description' => '是否恶意实体。 取值：'."\n" .'+ 0：否'."\n" .'+ 1：是', 'type' => 'string', 'example' => '0', ], 'Tags' => [ 'description' => '实体标签。格式为JSON数组字符串：'."\n" ."\n" .'`"[{"tagKey1":"tagValue1"},{"tagKey2":"tagValue2"}]"`', 'type' => 'string', 'example' => '[{"tagKey1":"tagValue1"},{"tagKey2":"tagValue2"}]', ], 'AgentDisposalMethod' => [ 'description' => 'Agent推荐处置方法。', 'type' => 'string', 'example' => 'delete_file', ], 'AgentDisposalPlaybookUuid' => [ 'description' => 'Agent推荐处置剧本Uuid。', 'type' => 'string', 'example' => '12XAD-SFQ-WAF-2ca2', ], 'AgentDisposalSuggestion' => [ 'description' => 'Agent推荐处置建议。', 'type' => 'string', 'example' => '{}', ], 'AgentConfidence' => [ 'description' => 'Agent研判实体置信度。', 'type' => 'string', 'example' => '85', ], ], ], ], ], 'example' => '123456', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorMessage' => 'The request processing has failed due to some unknown error.', 'errorCode' => 'InternalError', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\",\\n \\"Data\\": {\\n \\"PageInfo\\": {\\n \\"CurrentPage\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 100\\n },\\n \\"ResponseData\\": [\\n {\\n \\"Id\\": 0,\\n \\"GmtCreate\\": \\"2021-01-06 16:37:29\\",\\n \\"GmtModified\\": \\"2021-01-06 16:37:29\\",\\n \\"Aliuid\\": 0,\\n \\"IncidentUuid\\": \\"85ea4241-798f-4684-a876-65d4f0c3****\\",\\n \\"AlertUuid\\": \\"sas_71e24437d2797ce8fc59692905a4****\\",\\n \\"AlertNum\\": 1,\\n \\"EventNum\\": 1,\\n \\"CloudCode\\": \\"aliyun\\",\\n \\"EntityType\\": \\"ip\\",\\n \\"EntityName\\": \\"123.123.123.123\\",\\n \\"EntityInfo\\": \\"{\\\\\\"file_path\\\\\\": \\\\\\"c:/www/leixi.jsp\\\\\\",\\\\\\"file_hash\\\\\\": \\\\\\"aa0ca926ad948cd820e0a3d9a18c****\\\\\\",\\\\\\"host_uuid\\\\\\": \\\\\\"efed2cf7-0b77-45d9-a97b-d2cf246b****\\\\\\",\\\\\\"malware_type\\\\\\": \\\\\\"${aliyun.siem.sas.alert_tag.webshell}\\\\\\",\\\\\\"host_name\\\\\\": \\\\\\"launch-advisor-2023****\\\\\\"}\\",\\n \\"SubUserId\\": 0,\\n \\"EntityId\\": \\"12345****\\",\\n \\"EntityUuid\\": \\"8087b3e4aa6862852c100c8738cf****\\",\\n \\"MalwareType\\": \\"aliyun.siem.sas.alert_tag.webshell\\",\\n \\"IsAsset\\": \\"1\\",\\n \\"IsMalware\\": \\"0\\",\\n \\"Tags\\": \\"[{\\\\\\"tagKey1\\\\\\":\\\\\\"tagValue1\\\\\\"},{\\\\\\"tagKey2\\\\\\":\\\\\\"tagValue2\\\\\\"}]\\",\\n \\"AgentDisposalMethod\\": \\"delete_file\\",\\n \\"AgentDisposalPlaybookUuid\\": \\"12XAD-SFQ-WAF-2ca2\\",\\n \\"AgentDisposalSuggestion\\": \\"{}\\",\\n \\"AgentConfidence\\": \\"85\\"\\n }\\n ]\\n }\\n}","type":"json"}]', 'title' => '查询实体列表', ], 'DescribeEntityInfo' => [ 'summary' => '获取实体详情。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'https', 'http', ], 'security' => [ [ 'AK' => [], ], ], 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', ], 'parameters' => [ [ 'name' => 'EntityId', 'in' => 'formData', 'schema' => [ 'title' => '实体逻辑ID。', 'description' => '实体逻辑ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '12345', ], ], [ 'name' => 'EntityIdentity', 'in' => 'formData', 'schema' => [ 'title' => '实体特征值，可以对处置实体进行模糊搜索。', 'description' => '实体特征值，可以对处置实体进行模糊搜索。', 'type' => 'string', 'required' => false, 'example' => 'test22.php', ], ], [ 'name' => 'IncidentUuid', 'in' => 'formData', 'schema' => [ 'title' => '事件全局唯一ID。', 'description' => '事件全局唯一UUID。', 'type' => 'string', 'required' => false, 'example' => '85ea4241-798f-4684-a876-65d4f0c3****', ], ], [ 'name' => 'SophonTaskId', 'in' => 'formData', 'schema' => [ 'title' => 'soar处置策略ID。', 'description' => 'SOAR处置策略ID。', 'type' => 'string', 'required' => false, 'example' => '577bbf90-a770-44a7-8154-586aa2d318fa', ], ], [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'BaseResponse', 'description' => 'BaseResponse', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'object', 'properties' => [ 'EntityId' => [ 'title' => '实体逻辑id。', 'description' => '实体逻辑ID。', 'type' => 'integer', 'format' => 'int64', 'example' => '12345', ], 'EntityType' => [ 'title' => '实体类型，ip:ip, 域名：domain， url：url， 进程：process， 文件：file， 主机：host。', 'description' => '实体类型。取值：'."\n" .'- ip：ip'."\n" .'- domain：域名'."\n" .'- url：url'."\n" .'- process：进程'."\n" .'- file：文件'."\n" .'- host：主机', 'type' => 'string', 'example' => 'ip', ], 'EntityInfo' => [ 'title' => '实体信息。', 'description' => '实体信息。', 'type' => 'object', 'example' => '{ location: "xian", net_connect_dir: "in", malware_type: "${aliyun.siem.sas.alert_tag.login_unusual_account}" }', ], 'TipInfo' => [ 'title' => '威胁情报信息。', 'description' => '威胁情报信息。', 'type' => 'object', 'example' => '{'."\n" .' "Ip": {'."\n" .' "queryHot": "0",'."\n" .' "country": "China",'."\n" .' "province": "shanxi",'."\n" .' "ip": "221.11.XX.XXX",'."\n" .' "asn": "4837",'."\n" .' "asn_label": "CHINAXXX-Backbone - CHINA UNICOM ChinaXXX Backbone, CN"'."\n" .' }'."\n" .'}', ], ], 'example' => '123456', ], 'Success' => [ 'title' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'description' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'type' => 'boolean', 'example' => 'true', ], 'Code' => [ 'title' => '请求状态码。', 'description' => '请求状态码。', 'type' => 'integer', 'format' => 'int32', 'example' => '200', ], 'Message' => [ 'title' => '请求返回消息。', 'description' => '请求返回消息。', 'type' => 'string', 'example' => 'success', ], 'RequestId' => [ 'title' => '请求id。', 'description' => '请求ID。', 'type' => 'string', 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorMessage' => 'The request processing has failed due to some unknown error.', 'errorCode' => 'InternalError', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"EntityId\\": 12345,\\n \\"EntityType\\": \\"ip\\",\\n \\"EntityInfo\\": {\\n \\"test\\": \\"test\\",\\n \\"test2\\": 1\\n },\\n \\"TipInfo\\": {\\n \\"Ip\\": {\\n \\"queryHot\\": \\"0\\",\\n \\"country\\": \\"China\\",\\n \\"province\\": \\"shanxi\\",\\n \\"ip\\": \\"221.11.XX.XXX\\",\\n \\"asn\\": \\"4837\\",\\n \\"asn_label\\": \\"CHINAXXX-Backbone - CHINA UNICOM ChinaXXX Backbone, CN\\"\\n }\\n }\\n },\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', 'title' => '获取实体详情', ], 'PostEventDisposeAndWhiteruleList' => [ 'summary' => '提交事件处置信息，更新事件状态，更新事件等级。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'http', 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'create', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsasAFG0OH', ], ], 'parameters' => [ [ 'name' => 'IncidentUuid', 'in' => 'formData', 'schema' => [ 'title' => '事件id。', 'description' => '事件全局唯一UUID。', 'type' => 'string', 'required' => false, 'example' => '85ea4241-798f-4684-a876-65d4f0c3****', ], ], [ 'name' => 'Status', 'in' => 'formData', 'schema' => [ 'title' => '事件状态。 取值：'."\n" .'- 0:未处理 '."\n" .'-1:处理中 '."\n" .'-5：处理失败 '."\n" .'-10:已处理', 'description' => '事件状态。 取值：'."\n" ."\n" .'- 0：未处理 '."\n" .'- 1：处理中 '."\n" .'- 5：处理失败 '."\n" .'- 10：已处理', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '0', ], ], [ 'name' => 'Remark', 'in' => 'formData', 'schema' => [ 'title' => '事件备注。', 'description' => '事件备注。', 'type' => 'string', 'required' => false, 'example' => 'dealed', ], ], [ 'name' => 'EventDispose', 'in' => 'formData', 'schema' => [ 'title' => '事件处置配置 json对象。', 'description' => '事件处置配置 json对象。', 'type' => 'string', 'required' => false, 'example' => '['."\n" .' {'."\n" .' "playbookName": "WafBlockIP",'."\n" .' "entityId": "104466118",'."\n" .' "scope": ['."\n" .' "176618589410****"'."\n" .' ],'."\n" .' "startTime": 1604168946281,'."\n" .' "endTime": 1614168946281'."\n" .' },'."\n" .' {'."\n" .' "playbookName": "WafBlockIP",'."\n" .' "entityId": "104466118",'."\n" .' "scope": ['."\n" .' {'."\n" .' "instanceId": "waf-cn-n6w1oy1****",'."\n" .' "domains": ['."\n" .' "lmfip.wafqax.***"'."\n" .' ]'."\n" .' }'."\n" .' ],'."\n" .' "startTime": 1604168946281,'."\n" .' "endTime": 1614168946281'."\n" .' }'."\n" .']', ], ], [ 'name' => 'ReceiverInfo', 'in' => 'formData', 'schema' => [ 'title' => '告警接收人配置 json对象', 'description' => '告警接收人配置 json对象', 'type' => 'string', 'required' => false, 'example' => '{'."\n" .' "messageTitle": "test",'."\n" .' "receiver": "xiaowang",'."\n" .' "channel": "message"'."\n" .'}', ], ], [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'ThreatLevel', 'in' => 'formData', 'schema' => [ 'description' => '威胁等级。取值：'."\n" .'- serious：高危'."\n" .'- suspicious：中危'."\n" .'- remind：低危', 'type' => 'string', 'required' => false, 'example' => 'remind', ], ], [ 'name' => 'Owner', 'in' => 'formData', 'schema' => [ 'title' => '事件责任人账号uid', 'description' => '事件责任人账号uid', 'type' => 'string', 'required' => false, 'example' => '1234567890xxxxxx', ], ], [ 'name' => 'ResponseSource', 'in' => 'formData', 'schema' => [ 'description' => '处置策略来源。', 'type' => 'string', 'required' => false, 'example' => 'system', ], ], [ 'name' => 'DisposeStrategyIds', 'in' => 'formData', 'schema' => [ 'description' => '处置策略ID列表。', 'type' => 'string', 'required' => false, 'example' => '12,13,14', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'BaseResponse', 'description' => 'BaseResponse', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'string', 'example' => '123456', ], 'Success' => [ 'title' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'description' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'type' => 'boolean', 'example' => 'true', ], 'Code' => [ 'title' => '请求状态码。', 'description' => '请求状态码。', 'type' => 'integer', 'format' => 'int32', 'example' => '200', ], 'Message' => [ 'title' => '请求返回消息。', 'description' => '请求返回消息。', 'type' => 'string', 'example' => 'success', ], 'RequestId' => [ 'title' => '请求id。', 'description' => '请求ID。', 'type' => 'string', 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorMessage' => 'The request processing has failed due to some unknown error.', 'errorCode' => 'InternalError', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": \\"123456\\",\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', 'title' => '提交事件处置信息', ], 'DescribeWafScope' => [ 'summary' => '获取作用域用户名下waf实例的域名防护列表。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'https', 'http', ], 'security' => [ [ 'AK' => [], ], ], 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', ], 'parameters' => [ [ 'name' => 'EntityId', 'in' => 'formData', 'schema' => [ 'title' => '实体ID。', 'description' => '实体ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '20617784', ], ], [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'BaseResponse>', 'description' => 'BaseResponse>', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'array', 'items' => [ 'type' => 'object', 'properties' => [ 'InstanceId' => [ 'title' => 'waf实例ID。', 'description' => 'Waf实例ID。', 'type' => 'string', 'example' => 'waf-cn-tl123ast****', ], 'Aliuid' => [ 'title' => 'siem主账号ID。', 'description' => 'SIEM主账号ID。', 'type' => 'integer', 'format' => 'int64', 'example' => '127608589417****', ], 'Domains' => [ 'title' => 'waf实例下的防护的域名列表。', 'description' => 'Waf实例下的防护的域名列表。', 'type' => 'array', 'items' => [ 'description' => 'Waf实例下的防护的域名列表。', 'type' => 'string', 'example' => '[123***.com, 456***.com]', ], 'example' => '[123.com, 456.com]', ], ], ], 'example' => '123456', ], 'Success' => [ 'title' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'description' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'type' => 'boolean', 'example' => 'true', ], 'Code' => [ 'title' => '请求状态码。', 'description' => '请求状态码。', 'type' => 'integer', 'format' => 'int32', 'example' => '200', ], 'Message' => [ 'title' => '请求返回消息。', 'description' => '请求返回消息。', 'type' => 'string', 'example' => 'success', ], 'RequestId' => [ 'title' => '请求id。', 'description' => '请求ID。', 'type' => 'string', 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorMessage' => 'The request processing has failed due to some unknown error.', 'errorCode' => 'InternalError', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"InstanceId\\": \\"waf-cn-tl123ast****\\",\\n \\"Aliuid\\": 0,\\n \\"Domains\\": [\\n \\"[123***.com, 456***.com]\\"\\n ]\\n }\\n ],\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', 'title' => '获取作用域用户名下waf实例的域名防护列表', ], 'DescribeEventDispose' => [ 'summary' => '获取事件历史处置策略。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'https', 'http', ], 'security' => [ [ 'AK' => [], ], ], 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', ], 'parameters' => [ [ 'name' => 'IncidentUuid', 'in' => 'formData', 'schema' => [ 'title' => '事件ID。', 'description' => '事件全局唯一UUID。', 'type' => 'string', 'required' => false, 'example' => '85ea4241-798f-4684-a876-65d4f0c3****', ], ], [ 'name' => 'CurrentPage', 'in' => 'formData', 'schema' => [ 'title' => '列表当前页号， 大于等于1。', 'description' => '列表当前页号， 大于等于1。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'minimum' => '1', 'example' => '1', ], ], [ 'name' => 'PageSize', 'in' => 'formData', 'schema' => [ 'title' => '列表每页条数， 最大不超过100。', 'description' => '列表每页条数， 最大不超过500。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'maximum' => '500', 'minimum' => '1', 'example' => '10', ], ], [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'BaseResponse', 'description' => 'BaseResponse', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'object', 'properties' => [ 'Status' => [ 'title' => '事件状态。 0:未处理 1:处理中 5：处理失败 10:已处理。', 'description' => '事件状态。 取值：'."\n" ."\n" .'- 0：未处理 '."\n" .'- 1：处理中 '."\n" .'- 5：处理失败 '."\n" .'- 10：已处理', 'type' => 'integer', 'format' => 'int32', 'example' => '0', ], 'Remark' => [ 'title' => '事件备注。', 'description' => '事件备注。', 'type' => 'string', 'example' => 'dealed', ], 'EventDispose' => [ 'title' => '事件处置配置 json对象。', 'description' => '事件处置配置 json对象。', 'type' => 'array', 'items' => [ 'description' => '事件处置配置 json对象。', 'type' => 'any', 'example' => '{ playbookName: "WafBlockIP", sophonTaskId: "400442a5-4f98-45ed-97db-5ab117eb0b8f", … }', ], 'example' => '{ playbookName: "使用安全组封禁入方向IP", sophonTaskId: "400442a5-4f98-45ed-97db-5ab117eb0b8f", … }', ], 'ReceiverInfo' => [ 'title' => '告警接收人配置 json对象', 'description' => '告警接收人配置 json对象', 'type' => 'object', 'properties' => [ 'Id' => [ 'title' => '事件处置结果接收人记录ID。', 'description' => '事件处置结果接收人记录ID。', 'type' => 'integer', 'format' => 'int64', 'example' => '123', ], 'GmtCreate' => [ 'title' => '创建时间。', 'description' => '创建时间。', 'type' => 'string', 'example' => '2021-01-06 16:37:29', ], 'GmtModified' => [ 'title' => '修改时间。', 'description' => '修改时间。', 'type' => 'string', 'example' => '2021-01-06 16:37:29', ], 'IncidentUuid' => [ 'title' => '事件ID。', 'description' => '事件全局唯一UUID。', 'type' => 'string', 'example' => '85ea4241-798f-4684-a876-65d4f0c3****', ], 'MessageTitle' => [ 'title' => '消息title。', 'description' => '消息title。', 'type' => 'string', 'example' => 'siem event dealed message', ], 'Receiver' => [ 'title' => '接收人联系方式。', 'description' => '接收人联系方式。', 'type' => 'string', 'example' => '138xxxxxx', ], 'Channel' => [ 'title' => '联系方式渠道。 取值：'."\n" .'- message:短信 '."\n" .'- mail：邮件', 'description' => '联系方式渠道。 取值：'."\n" .'- message：短信 '."\n" .'- mail：邮件', 'type' => 'string', 'example' => 'message', ], 'Status' => [ 'title' => '发送状态 0:未发送 1:已发送', 'description' => '发送状态。取值：'."\n" ."\n" .'- 0：未发送 '."\n" .'- 1：已发送', 'type' => 'integer', 'format' => 'int32', 'example' => '1', ], ], ], ], 'example' => '123456', ], 'Success' => [ 'title' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'description' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'type' => 'boolean', 'example' => 'true', ], 'Code' => [ 'title' => '请求状态码。', 'description' => '请求状态码。', 'type' => 'integer', 'format' => 'int32', 'example' => '200', ], 'Message' => [ 'title' => '请求返回消息。', 'description' => '请求返回消息。', 'type' => 'string', 'example' => 'success', ], 'RequestId' => [ 'title' => '请求id。', 'description' => '请求ID。', 'type' => 'string', 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorMessage' => 'The request processing has failed due to some unknown error.', 'errorCode' => 'InternalError', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"Status\\": 0,\\n \\"Remark\\": \\"dealed\\",\\n \\"EventDispose\\": [\\n \\"{ playbookName: \\\\\\"WafBlockIP\\\\\\", sophonTaskId: \\\\\\"400442a5-4f98-45ed-97db-5ab117eb0b8f\\\\\\", … }\\"\\n ],\\n \\"ReceiverInfo\\": {\\n \\"Id\\": 123,\\n \\"GmtCreate\\": \\"2021-01-06 16:37:29\\",\\n \\"GmtModified\\": \\"2021-01-06 16:37:29\\",\\n \\"IncidentUuid\\": \\"85ea4241-798f-4684-a876-65d4f0c3****\\",\\n \\"MessageTitle\\": \\"siem event dealed message\\",\\n \\"Receiver\\": \\"138xxxxxx\\",\\n \\"Channel\\": \\"message\\",\\n \\"Status\\": 1\\n }\\n },\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', 'title' => '获取事件历史处置策略', ], 'DescribeEventCountByThreatLevel' => [ 'summary' => '获取事件各类型计数。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'http', 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsasAFG0OH', ], ], 'parameters' => [ [ 'name' => 'StartTime', 'in' => 'formData', 'schema' => [ 'title' => '查询开始时间, 单位毫秒。', 'description' => '查询开始时间, 单位毫秒。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '1577808000000', ], ], [ 'name' => 'EndTime', 'in' => 'formData', 'schema' => [ 'title' => '查询结束时间, 单位毫秒。', 'description' => '查询结束时间, 单位毫秒。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '1577808000000', ], ], [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '资源目录成员账号ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'PlainResponse', 'description' => 'PlainResponse', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'object', 'properties' => [ 'EventNum' => [ 'title' => '事件总数。', 'description' => '事件总数。', 'type' => 'integer', 'format' => 'int64', 'example' => '100', ], 'UndealEventNum' => [ 'title' => '未处理事件数。', 'description' => '未处理事件数。', 'type' => 'integer', 'format' => 'int64', 'example' => '75', ], 'HighLevelEventNum' => [ 'title' => '高风险事件数。', 'description' => '高风险事件数。', 'type' => 'integer', 'format' => 'int64', 'example' => '20', ], 'MediumLevelEventNum' => [ 'title' => '中风险事件数。', 'description' => '中风险事件数。', 'type' => 'integer', 'format' => 'int64', 'example' => '3', ], 'LowLevelEventNum' => [ 'title' => '低分险事件数。', 'description' => '低分险事件数。', 'type' => 'integer', 'format' => 'int64', 'example' => '52', ], 'SeriousLevelEventNum' => [ 'description' => '严重等级计数。', 'type' => 'integer', 'format' => 'int64', 'example' => '0', ], 'InfoLevelEventNum' => [ 'description' => '信息等级计数。', 'type' => 'integer', 'format' => 'int64', 'example' => '0', ], 'EventDailyNum' => [ 'description' => '每日事件统计。', 'type' => 'array', 'items' => [ 'type' => 'object', 'properties' => [ 'Date' => [ 'description' => '日期。', 'type' => 'string', 'example' => '2025-10-06', ], 'EventNum' => [ 'description' => '安全事件总数。', 'type' => 'integer', 'format' => 'int64', 'example' => '100', ], 'UndealEventNum' => [ 'description' => '未处理安全事件数。', 'type' => 'integer', 'format' => 'int64', 'example' => '34', ], ], ], ], ], 'example' => '123456', ], 'Success' => [ 'title' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'description' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'type' => 'boolean', 'example' => 'true', ], 'Code' => [ 'title' => '请求状态码。', 'description' => '请求状态码。', 'type' => 'integer', 'format' => 'int32', 'example' => '200', ], 'Message' => [ 'title' => '请求返回消息。', 'description' => '请求返回消息。', 'type' => 'string', 'example' => 'success', ], 'RequestId' => [ 'title' => '请求id。', 'description' => '请求ID。', 'type' => 'string', 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorMessage' => 'The request processing has failed due to some unknown error.', 'errorCode' => 'InternalError', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"EventNum\\": 100,\\n \\"UndealEventNum\\": 75,\\n \\"HighLevelEventNum\\": 20,\\n \\"MediumLevelEventNum\\": 3,\\n \\"LowLevelEventNum\\": 52,\\n \\"SeriousLevelEventNum\\": 0,\\n \\"InfoLevelEventNum\\": 0,\\n \\"EventDailyNum\\": [\\n {\\n \\"Date\\": \\"2025-10-06\\",\\n \\"EventNum\\": 100,\\n \\"UndealEventNum\\": 34\\n }\\n ]\\n },\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', 'title' => '获取事件各类型计数', ], 'DescribeDisposeAndPlaybook' => [ 'summary' => '获取需要被处置的实体列表与剧本列表。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'http', 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas104PTS', ], ], 'parameters' => [ [ 'name' => 'EntityType', 'in' => 'formData', 'schema' => [ 'title' => '实体类型。取值：'."\n" .'- ip：ip'."\n" .'- process：进程'."\n" .'- file：文件机', 'description' => '实体类型。取值：'."\n" .'- ip：ip'."\n" .'- process：进程'."\n" .'- file：文件', 'type' => 'string', 'required' => false, 'example' => 'ip', ], ], [ 'name' => 'IncidentUuid', 'in' => 'formData', 'schema' => [ 'title' => '事件id。', 'description' => '事件UUID。', 'type' => 'string', 'required' => false, 'example' => '85ea4241-798f-4684-a876-65d4f0c3****', ], ], [ 'name' => 'EntityUuid', 'in' => 'formData', 'schema' => [ 'title' => '实体uuid。', 'description' => '实体uuid。', 'type' => 'string', 'required' => false, 'example' => '85ea4241-798f-4684-a876-65d4f0c3****', ], ], [ 'name' => 'CurrentPage', 'in' => 'formData', 'schema' => [ 'title' => '列表当前页号， 大于等于1。', 'description' => '列表当前页号， 大于等于1。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'PageSize', 'in' => 'formData', 'schema' => [ 'title' => '列表每页条数， 最大不超过100。', 'description' => '列表每页条数， 最大不超过100。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '10', ], ], [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'title' => '0，单账号登录；1，全局视图；2，切换视图；3，局部视图', 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'PageResponse>', 'description' => 'PageResponse>', 'type' => 'object', 'properties' => [ 'Success' => [ 'title' => '请求是否成功。取值：'."\n" .'- true:成功'."\n" .'- false：失败', 'description' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'type' => 'boolean', 'example' => 'true', ], 'Code' => [ 'title' => '请求状态码。', 'description' => '请求状态码。', 'type' => 'integer', 'format' => 'int32', 'example' => '200', ], 'Message' => [ 'title' => '请求返回消息。', 'description' => '请求返回消息。', 'type' => 'string', 'example' => 'success', ], 'RequestId' => [ 'title' => '请求id。', 'description' => '请求ID。', 'type' => 'string', 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', ], 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'object', 'properties' => [ 'PageInfo' => [ 'title' => '分页记录。', 'description' => '分页记录。', 'type' => 'object', 'properties' => [ 'CurrentPage' => [ 'title' => '列表当前页号。', 'description' => '列表当前页号。', 'type' => 'integer', 'format' => 'int32', 'example' => '1', ], 'PageSize' => [ 'title' => '每页返回记录数。', 'description' => '每页返回记录数。', 'type' => 'integer', 'format' => 'int32', 'example' => '10', ], 'TotalCount' => [ 'title' => '记录总数。', 'description' => '记录总数。', 'type' => 'integer', 'format' => 'int64', 'example' => '100', ], ], ], 'ResponseData' => [ 'title' => '详细数据。', 'description' => '详细数据。', 'type' => 'array', 'items' => [ 'type' => 'object', 'properties' => [ 'EntityId' => [ 'title' => '实体id。', 'description' => '实体ID。', 'type' => 'integer', 'format' => 'int64', 'example' => '12345****', ], 'EntityType' => [ 'title' => '实体类型。取值：'."\n" .'- ip:ip'."\n" .'- domain：域名'."\n" .'- url：url'."\n" .'- process：进程'."\n" .'- file：文件'."\n" .'- host：主机', 'description' => '实体类型。取值：'."\n" .'- ip:ip'."\n" .'- domain：域名'."\n" .'- url：url'."\n" .'- process：进程'."\n" .'- file：文件'."\n" .'- host：主机', 'type' => 'string', 'example' => 'ip', ], 'OpcodeMap' => [ 'title' => '实体id。', 'description' => 'opcode与oplevel键值对。', 'type' => 'object', 'additionalProperties' => [ 'type' => 'string', 'example' => '{"7","2"}', 'description' => 'opcode与oplevel键值对。', ], 'example' => '12345', ], 'OpcodeSet' => [ 'title' => '实体处置推荐剧本code。', 'description' => '实体处置推荐剧本code。', 'type' => 'array', 'items' => [ 'description' => '实体处置推荐剧本code。', 'type' => 'string', 'example' => '7', ], 'example' => '[1,3]', ], 'EntityInfo' => [ 'title' => '实体信息。', 'description' => '实体信息。', 'type' => 'object', 'example' => '{"file_path": "c:/www/leixi.jsp","file_hash": "aa0ca926ad948cd820e0a3d9a18c****","host_uuid": "efed2cf7-0b77-45d9-a97b-d2cf246b****","malware_type": "${aliyun.siem.sas.alert_tag.webshell}","host_name": "launch-advisor-2023****"}', ], 'Dispose' => [ 'title' => '处置对象。', 'description' => '处置对象。', 'type' => 'string', 'example' => '192.168.*.*', ], 'Scope' => [ 'title' => '处置作用域，可进行处置用户id列表。', 'description' => '处置作用域，可进行处置用户ID列表。', 'type' => 'array', 'items' => [ 'description' => '处置作用域，可进行处置用户ID列表。', 'type' => 'any', 'example' => '[127608589417****]', ], 'example' => '176618589410****', ], 'PlaybookList' => [ 'title' => '能够处置该实体的剧本列表。', 'description' => '能够处置该实体的剧本列表。', 'type' => 'array', 'items' => [ 'type' => 'object', 'properties' => [ 'OpCode' => [ 'title' => '剧本opcode，与处置实体的推荐剧本opcode相对应。', 'description' => '剧本opcode，与处置实体的推荐剧本opcode相对应。', 'type' => 'string', 'example' => '7', ], 'OpLevel' => [ 'title' => '事件一键处置是否默认勾选，2：勾选 1：只展示不勾选。', 'description' => '事件一键处置是否默认勾选。取值：'."\n" ."\n" .'- 2：勾选 '."\n" .'- 1：只展示不勾选', 'type' => 'string', 'example' => '2', ], 'Description' => [ 'title' => '剧本描述。', 'description' => '剧本描述。', 'type' => 'string', 'example' => 'WafBlockIP', ], 'DisplayName' => [ 'title' => '剧本显示名称。', 'description' => '剧本显示名称。', 'type' => 'string', 'example' => 'WafBlockIP', ], 'TaskConfig' => [ 'title' => 'opcode配置。', 'description' => 'opcode配置。', 'type' => 'string', 'example' => '{"opCode":"3"}', ], 'Name' => [ 'title' => '剧本名称，剧本唯一标识。', 'description' => '剧本名称，剧本唯一标识。', 'type' => 'string', 'example' => 'kill_process_isolate_file', ], 'Uuid' => [ 'title' => '剧本uuid，剧本唯一标识。', 'description' => '剧本uuid，剧本唯一标识。', 'type' => 'string', 'example' => 'kill_process_isolate_file', ], 'ParamConfig' => [ 'title' => '剧本的参数列表以及对应参数属性', 'description' => '剧本的参数列表以及对应参数属性', 'type' => 'array', 'items' => [ 'description' => '当前剧本的入参列表以及入参格式要求。', 'type' => 'any', 'example' => '{'."\n" .' "ParamConfig": ['."\n" .' {'."\n" .' "Field": "dispose",'."\n" .' "Necessary": true,'."\n" .' "CheckField": "[{"fieldPath":"$.ip","fieldName":"ip"}]"'."\n" .' },'."\n" .' {'."\n" .' "Field": "alert",'."\n" .' "Necessary": true,'."\n" .' "CheckField": "[{"fieldPath":"$.host_uuid","fieldName":"host_uuid"}]"'."\n" .' },'."\n" .' {'."\n" .' "Field": "scope",'."\n" .' "Necessary": true,'."\n" .' "Value": "$.main_user_id"'."\n" .' },'."\n" .' {'."\n" .' "Field": "startTime",'."\n" .' "Necessary": true'."\n" .' },'."\n" .' {'."\n" .' "Field": "endTime",'."\n" .' "Necessary": true'."\n" .' }'."\n" .' ]'."\n" .'}', ], ], 'WafPlaybook' => [ 'title' => '是否是waf剧本。', 'description' => '是否是waf剧本。取值：'."\n" ."\n" .'- true：是'."\n" .'- false：不是', 'type' => 'boolean', 'example' => 'false', ], 'Available' => [ 'description' => '是否可用。'."\n" ."\n" .'- 1：可用'."\n" .'- 0：不可用', 'type' => 'string', 'example' => '1', ], ], ], 'example' => '[{"name":"云安全中心-云服务器安全","code":"1"}]', ], 'AlertNum' => [ 'title' => '该实体关联的告警数。', 'description' => '该实体关联的告警数。', 'type' => 'integer', 'format' => 'int32', 'example' => '1', ], ], ], ], ], 'example' => '123456', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorMessage' => 'The request processing has failed due to some unknown error.', 'errorCode' => 'InternalError', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\",\\n \\"Data\\": {\\n \\"PageInfo\\": {\\n \\"CurrentPage\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 100\\n },\\n \\"ResponseData\\": [\\n {\\n \\"EntityId\\": 0,\\n \\"EntityType\\": \\"ip\\",\\n \\"OpcodeMap\\": {\\n \\"key\\": \\"{\\\\\\"7\\\\\\",\\\\\\"2\\\\\\"}\\"\\n },\\n \\"OpcodeSet\\": [\\n \\"7\\"\\n ],\\n \\"EntityInfo\\": {\\n \\"file_path\\": \\"c:/www/leixi.jsp\\",\\n \\"file_hash\\": \\"aa0ca926ad948cd820e0a3d9a18c****\\",\\n \\"host_uuid\\": \\"efed2cf7-0b77-45d9-a97b-d2cf246b****\\",\\n \\"malware_type\\": \\"${aliyun.siem.sas.alert_tag.webshell}\\",\\n \\"host_name\\": \\"launch-advisor-2023****\\"\\n },\\n \\"Dispose\\": \\"192.168.*.*\\",\\n \\"Scope\\": [\\n \\"[127608589417****]\\"\\n ],\\n \\"PlaybookList\\": [\\n {\\n \\"OpCode\\": \\"7\\",\\n \\"OpLevel\\": \\"2\\",\\n \\"Description\\": \\"WafBlockIP\\",\\n \\"DisplayName\\": \\"WafBlockIP\\",\\n \\"TaskConfig\\": \\"{\\\\\\"opCode\\\\\\":\\\\\\"3\\\\\\"}\\",\\n \\"Name\\": \\"kill_process_isolate_file\\",\\n \\"Uuid\\": \\"kill_process_isolate_file\\",\\n \\"ParamConfig\\": [\\n \\"{\\\\n\\\\t\\\\\\"ParamConfig\\\\\\": [\\\\n\\\\t\\\\t{\\\\n\\\\t\\\\t\\\\t\\\\\\"Field\\\\\\": \\\\\\"dispose\\\\\\",\\\\n\\\\t\\\\t\\\\t\\\\\\"Necessary\\\\\\": true,\\\\n\\\\t\\\\t\\\\t\\\\\\"CheckField\\\\\\": \\\\\\"[{"fieldPath":"$.ip","fieldName":"ip"}]\\\\\\"\\\\n\\\\t\\\\t},\\\\n\\\\t\\\\t{\\\\n\\\\t\\\\t\\\\t\\\\\\"Field\\\\\\": \\\\\\"alert\\\\\\",\\\\n\\\\t\\\\t\\\\t\\\\\\"Necessary\\\\\\": true,\\\\n\\\\t\\\\t\\\\t\\\\\\"CheckField\\\\\\": \\\\\\"[{"fieldPath":"$.host_uuid","fieldName":"host_uuid"}]\\\\\\"\\\\n\\\\t\\\\t},\\\\n\\\\t\\\\t{\\\\n\\\\t\\\\t\\\\t\\\\\\"Field\\\\\\": \\\\\\"scope\\\\\\",\\\\n\\\\t\\\\t\\\\t\\\\\\"Necessary\\\\\\": true,\\\\n\\\\t\\\\t\\\\t\\\\\\"Value\\\\\\": \\\\\\"$.main_user_id\\\\\\"\\\\n\\\\t\\\\t},\\\\n\\\\t\\\\t{\\\\n\\\\t\\\\t\\\\t\\\\\\"Field\\\\\\": \\\\\\"startTime\\\\\\",\\\\n\\\\t\\\\t\\\\t\\\\\\"Necessary\\\\\\": true\\\\n\\\\t\\\\t},\\\\n\\\\t\\\\t{\\\\n\\\\t\\\\t\\\\t\\\\\\"Field\\\\\\": \\\\\\"endTime\\\\\\",\\\\n\\\\t\\\\t\\\\t\\\\\\"Necessary\\\\\\": true\\\\n\\\\t\\\\t}\\\\n\\\\t]\\\\n}\\"\\n ],\\n \\"WafPlaybook\\": false,\\n \\"Available\\": \\"1\\"\\n }\\n ],\\n \\"AlertNum\\": 1\\n }\\n ]\\n }\\n}","type":"json"}]', 'title' => '获取需要被处置的实体列表与剧本列表', ], 'DescribeCloudSiemEvents' => [ 'summary' => '获取威胁分析与响应事件列表。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'http', 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'list', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsasAFG0OH', ], ], 'parameters' => [ [ 'name' => 'StartTime', 'in' => 'formData', 'schema' => [ 'title' => '查询开始时间, 单位毫秒。', 'description' => '查询事件的开始时间，精确到毫秒（ms）。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '1577808000000', ], ], [ 'name' => 'EndTime', 'in' => 'formData', 'schema' => [ 'title' => '查询结束时间, 单位毫秒。', 'description' => '查询结束时间，精确到毫秒（ms）。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '1577808000000', ], ], [ 'name' => 'ThreadLevel', 'in' => 'formData', 'style' => 'repeatList', 'schema' => [ 'title' => '事件威胁等级，格式为json数组。取值：'."\n" .'- serious：高危'."\n" .'- suspicious：中危'."\n" .'- remind：低危', 'description' => '事件威胁等级，格式为json数组。取值：'."\n" .'- serious：高危'."\n" .'- suspicious：中危'."\n" .'- remind：低危', 'type' => 'array', 'items' => [ 'description' => '事件威胁等级，格式为json数组。取值：'."\n" ."\n" .'- serious：高危'."\n" .'- suspicious：中危'."\n" .'- remind：低危', 'type' => 'string', 'required' => false, 'example' => '["remind","serious"]'."\n", ], 'required' => false, 'example' => '["serious","suspicious","remind"]', 'maxItems' => 100, ], ], [ 'name' => 'EventName', 'in' => 'formData', 'schema' => [ 'title' => '事件名称。', 'description' => '事件名称。', 'type' => 'string', 'required' => false, 'example' => 'ECS unusual log in', ], ], [ 'name' => 'IncidentUuid', 'in' => 'formData', 'schema' => [ 'title' => '事件ID。', 'description' => '事件ID。', 'type' => 'string', 'required' => false, 'example' => '85ea4241-798f-4684-a876-65d4f0c3****', ], ], [ 'name' => 'AssetId', 'in' => 'formData', 'schema' => [ 'title' => '事件关联的资产ID。', 'description' => '事件关联的资产ID。', 'type' => 'string', 'required' => false, 'example' => '6c740667-80b2-476d-8924-2e706feb****', ], ], [ 'name' => 'EntityUuid', 'in' => 'formData', 'schema' => [ 'title' => '事件关联的实体Uuid。', 'description' => '事件关联的实体Uuid。', 'type' => 'string', 'required' => false, 'example' => '6c740667-80b2-476d-8924-2e706feb****', ], ], [ 'name' => 'Status', 'in' => 'formData', 'schema' => [ 'title' => '事件状态。 取值：'."\n" .'- 0:未处理'."\n" .'- 1:处理中'."\n" .'- 5：处理失败'."\n" .'- 10:已处理', 'description' => '事件状态。取值：'."\n" .'- 0：未处理'."\n" .'- 1：处理中'."\n" .'- 5：处理失败'."\n" .'- 10：已处理', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '0', ], ], [ 'name' => 'OrderField', 'in' => 'formData', 'schema' => [ 'title' => '事件列表排列字段。 取值：'."\n" .'- GmtModified：基于事件产生事件排序（默认）'."\n" .'- ThreatScore：基于事件威胁评分排序。', 'description' => '事件列表排列字段。 取值：'."\n" .'- GmtModified：基于事件产生事件排序（默认）'."\n" .'- ThreatScore：基于事件威胁评分排序', 'type' => 'string', 'required' => false, 'example' => 'ThreatScore', ], ], [ 'name' => 'Order', 'in' => 'formData', 'schema' => [ 'title' => '事件列表排列方向。 取值：'."\n" .'- desc：降序排列'."\n" .'- asc：升序排列。', 'description' => '事件列表排列方向。 取值：'."\n" .'- desc：降序排列'."\n" .'- asc：升序排列', 'type' => 'string', 'required' => false, 'example' => 'desc', ], ], [ 'name' => 'CurrentPage', 'in' => 'formData', 'schema' => [ 'title' => '列表当前页号， 大于等于1。', 'description' => '列表当前页号，大于等于1。', 'type' => 'integer', 'format' => 'int32', 'required' => true, 'minimum' => '1', 'example' => '1', ], ], [ 'name' => 'PageSize', 'in' => 'formData', 'schema' => [ 'title' => '列表每页条数， 最大不超过100。', 'description' => '列表每页条数，最大不超过100。', 'type' => 'integer', 'format' => 'int32', 'required' => true, 'maximum' => '100', 'minimum' => '1', 'example' => '10', ], ], [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'title' => '0，单账号登录；1，全局视图；2，切换视图；3，局部视图', 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'PageResponse>', 'description' => 'PageResponse>', 'type' => 'object', 'properties' => [ 'Success' => [ 'title' => '请求是否成功。取值：'."\n" .'- true:成功'."\n" .'- false：失败', 'description' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'type' => 'boolean', 'example' => 'true', ], 'Code' => [ 'title' => '请求状态码。', 'description' => '请求状态码。', 'type' => 'integer', 'format' => 'int32', 'example' => '200', ], 'Message' => [ 'title' => '请求返回消息。', 'description' => '请求返回消息。', 'type' => 'string', 'example' => 'success', ], 'RequestId' => [ 'title' => '请求id。', 'description' => '请求ID。', 'type' => 'string', 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', ], 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'object', 'properties' => [ 'PageInfo' => [ 'title' => '分页记录。', 'description' => '分页记录。', 'type' => 'object', 'properties' => [ 'CurrentPage' => [ 'title' => '列表当前页号。', 'description' => '列表当前页号。', 'type' => 'integer', 'format' => 'int32', 'example' => '1', ], 'PageSize' => [ 'title' => '每页返回记录数。', 'description' => '每页返回记录数。', 'type' => 'integer', 'format' => 'int32', 'example' => '10', ], 'TotalCount' => [ 'title' => '记录总数。', 'description' => '记录总数。', 'type' => 'integer', 'format' => 'int64', 'example' => '100', ], ], ], 'ResponseData' => [ 'title' => '详细数据。', 'description' => '详细数据。', 'type' => 'array', 'items' => [ 'type' => 'object', 'properties' => [ 'GmtCreate' => [ 'title' => '事件发生时间。', 'description' => '事件发生时间。', 'type' => 'string', 'example' => '2021-01-06 16:37:29', ], 'GmtModified' => [ 'title' => '事件最后更新时间。', 'description' => '事件最后更新时间。', 'type' => 'string', 'example' => '2021-01-06 16:37:29', ], 'Aliuid' => [ 'title' => '事件归属主账号ID。', 'description' => '事件归属主账号ID。', 'type' => 'integer', 'format' => 'int64', 'example' => '127608589417****', ], 'AlertNum' => [ 'title' => '事件关联告警数。', 'description' => '事件关联告警数。', 'type' => 'integer', 'format' => 'int32', 'example' => '4', ], 'AssetNum' => [ 'title' => '事件关联资产数。', 'description' => '事件关联资产数。', 'type' => 'integer', 'format' => 'int32', 'example' => '4', ], 'IncidentUuid' => [ 'title' => '事件全局唯一ID。', 'description' => '事件全局唯一UUID。', 'type' => 'string', 'example' => '85ea4241-798f-4684-a876-65d4f0c3****', ], 'IncidentName' => [ 'title' => '事件名称。', 'description' => '事件名称。', 'type' => 'string', 'example' => 'Multiple type of alerts, including Miner Network, Command line download and run malicious files, Backdoor Process, etc', ], 'IncidentNameEn' => [ 'title' => '事件英文名称。', 'description' => '事件英文名称。', 'type' => 'string', 'example' => 'Multiple type of alerts, including Miner Network, Command line download and run malicious files, Backdoor Process, etc', ], 'Description' => [ 'title' => '事件描述。', 'description' => '事件描述。', 'type' => 'string', 'example' => 'The threat event contains 13 Miner Network,1 Execute suspicious encoded commands on Linux, etc', ], 'DescriptionEn' => [ 'title' => '事件英文描述。', 'description' => '事件英文描述。', 'type' => 'string', 'example' => 'The threat event contains 13 Miner Network,1 Execute suspicious encoded commands on Linux, etc', ], 'DataSources' => [ 'title' => '事件关联告警来源产品。', 'description' => '事件关联告警来源产品。', 'type' => 'array', 'items' => [ 'description' => '事件关联告警来源产品。', 'type' => 'string', 'example' => '[sas,waf]', ], 'example' => '[sas,waf]', ], 'ThreatLevel' => [ 'title' => '威胁等级。取值：'."\n" .'- serious：高危'."\n" .'- suspicious：中危'."\n" .'- remind：低危', 'description' => '威胁等级。取值：'."\n" .'- serious：高危'."\n" .'- suspicious：中危'."\n" .'- remind：低危', 'type' => 'string', 'example' => 'remind', ], 'ThreatScore' => [ 'title' => '事件的威胁分值, 范围 0~100, 分值越高风险等级越高。', 'description' => '事件的威胁分值，范围 0~100，分值越高风险等级越高。', 'type' => 'number', 'format' => 'float', 'example' => '90.2', ], 'ExtContent' => [ 'title' => '事件扩展信息 json格式。', 'description' => '事件扩展信息 json格式。', 'type' => 'string', 'example' => '{"event_transfer_type":"customize_rule"}', ], 'Status' => [ 'title' => '事件状态。 取值：'."\n" .'- 0:未处理 '."\n" .'-1:处理中 '."\n" .'-5：处理失败 '."\n" .'-10:已处理', 'description' => '事件状态。 取值：'."\n" .'- 0：未处理'."\n" .'- 1：处理中'."\n" .'- 5：处理失败'."\n" .'- 10：已处理', 'type' => 'integer', 'format' => 'int32', 'example' => '0', ], 'AttCkLabels' => [ 'title' => 'ATTCT&攻击技术标签集合。', 'description' => 'ATTCT&攻击技术标签集合。', 'type' => 'array', 'items' => [ 'description' => 'ATTCT&攻击技术标签集合。', 'type' => 'string', 'example' => '["T1595.002 Vulnerability Scanning"]', ], 'example' => '["T1595.002 Vulnerability Scanning"]', ], 'AttckStages' => [ 'description' => '攻击阶段列表。', 'type' => 'array', 'items' => [ 'type' => 'object', 'properties' => [ 'TacticId' => [ 'description' => 'ATT&CK攻击阶段ID。', 'type' => 'string', 'example' => 'TA0001', ], 'TacticName' => [ 'description' => '攻击阶段名称。', 'type' => 'string', 'example' => 'Persistence', ], 'AlertNum' => [ 'description' => '攻击阶段关联告警数量。', 'type' => 'integer', 'format' => 'int32', 'example' => '21', ], ], ], ], 'ReferAccount' => [ 'description' => '关联账号。', 'type' => 'string', 'example' => '127608589417****', ], 'IncidentType' => [ 'description' => '事件类型。'."\n" .'- net-attack：专家规则'."\n" .'- graph：图计算', 'type' => 'string', 'example' => 'graph', ], 'RuleId' => [ 'description' => '规则ID。', 'type' => 'string', 'example' => 'crecr-21d7pogu9v4a****', ], 'Remark' => [ 'title' => '事件备注。', 'description' => '事件备注。', 'type' => 'string', 'example' => 'dealed', ], ], ], ], ], 'example' => '123456', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorMessage' => 'The request processing has failed due to some unknown error.', 'errorCode' => 'InternalError', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\",\\n \\"Data\\": {\\n \\"PageInfo\\": {\\n \\"CurrentPage\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 100\\n },\\n \\"ResponseData\\": [\\n {\\n \\"GmtCreate\\": \\"2021-01-06 16:37:29\\",\\n \\"GmtModified\\": \\"2021-01-06 16:37:29\\",\\n \\"Aliuid\\": 0,\\n \\"AlertNum\\": 4,\\n \\"AssetNum\\": 4,\\n \\"IncidentUuid\\": \\"85ea4241-798f-4684-a876-65d4f0c3****\\",\\n \\"IncidentName\\": \\"Multiple type of alerts, including Miner Network, Command line download and run malicious files, Backdoor Process, etc\\",\\n \\"IncidentNameEn\\": \\"Multiple type of alerts, including Miner Network, Command line download and run malicious files, Backdoor Process, etc\\",\\n \\"Description\\": \\"The threat event contains 13 Miner Network,1 Execute suspicious encoded commands on Linux, etc\\",\\n \\"DescriptionEn\\": \\"The threat event contains 13 Miner Network,1 Execute suspicious encoded commands on Linux, etc\\",\\n \\"DataSources\\": [\\n \\"[sas,waf]\\"\\n ],\\n \\"ThreatLevel\\": \\"remind\\",\\n \\"ThreatScore\\": 90.2,\\n \\"ExtContent\\": \\"{\\\\\\"event_transfer_type\\\\\\":\\\\\\"customize_rule\\\\\\"}\\",\\n \\"Status\\": 0,\\n \\"AttCkLabels\\": [\\n \\"[\\\\\\"T1595.002 Vulnerability Scanning\\\\\\"]\\"\\n ],\\n \\"AttckStages\\": [\\n {\\n \\"TacticId\\": \\"TA0001\\",\\n \\"TacticName\\": \\"Persistence\\",\\n \\"AlertNum\\": 21\\n }\\n ],\\n \\"ReferAccount\\": \\"127608589417****\\",\\n \\"IncidentType\\": \\"graph\\",\\n \\"RuleId\\": \\"crecr-21d7pogu9v4a****\\",\\n \\"Remark\\": \\"dealed\\"\\n }\\n ]\\n }\\n}","type":"json"}]', 'title' => '获取事件列表', ], 'DescribeCloudSiemEventDetail' => [ 'summary' => '获取事件详情。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'http', 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsasAFG0OH', ], ], 'parameters' => [ [ 'name' => 'IncidentUuid', 'in' => 'formData', 'schema' => [ 'title' => '事件ID。', 'description' => '事件UUID。', 'type' => 'string', 'required' => true, 'example' => '85ea4241-798f-4684-a876-65d4f0c3****', ], ], [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'title' => '0，单账号登录；1，全局视图；2，切换视图；3，局部视图', 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'PlainResponse', 'description' => 'PlainResponse', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'object', 'properties' => [ 'GmtCreate' => [ 'title' => '事件发生时间。', 'description' => '事件发生时间。', 'type' => 'string', 'example' => '2021-01-06 16:37:29', ], 'GmtModified' => [ 'title' => '事件最后更新时间。', 'description' => '事件最后更新时间。', 'type' => 'string', 'example' => '2021-01-06 16:37:29', ], 'Aliuid' => [ 'title' => '事件归属主账号ID。', 'description' => '事件归属主账号ID。', 'type' => 'integer', 'format' => 'int64', 'example' => '127608589417****', ], 'AlertNum' => [ 'title' => '事件关联告警数。', 'description' => '事件关联告警数。', 'type' => 'integer', 'format' => 'int32', 'example' => '4', ], 'AssetNum' => [ 'title' => '事件关联资产数。', 'description' => '事件关联资产数。', 'type' => 'integer', 'format' => 'int32', 'example' => '4', ], 'IncidentUuid' => [ 'title' => '事件全局唯一ID。', 'description' => '事件全局唯一UUID。', 'type' => 'string', 'example' => '85ea4241-798f-4684-a876-65d4f0c3****', ], 'IncidentName' => [ 'title' => '事件名称。', 'description' => '事件名称。', 'type' => 'string', 'example' => 'Multiple type of alerts, including Miner Network, Command line download and run malicious files, Backdoor Process, etc', ], 'IncidentNameEn' => [ 'title' => '事件英文名称。', 'description' => '事件英文名称。', 'type' => 'string', 'example' => 'Multiple type of alerts, including Miner Network, Command line download and run malicious files, Backdoor Process, etc', ], 'Description' => [ 'title' => '事件描述。', 'description' => '事件描述。', 'type' => 'string', 'example' => 'The threat event contains 13 Miner Network,1 Execute suspicious encoded commands on Linux, etc', ], 'DescriptionEn' => [ 'title' => '事件英文描述。', 'description' => '事件英文描述。', 'type' => 'string', 'example' => 'The threat event contains 13 Miner Network,1 Execute suspicious encoded commands on Linux, etc', ], 'DataSources' => [ 'title' => '事件关联告警来源产品。', 'description' => '事件关联告警来源产品。', 'type' => 'array', 'items' => [ 'description' => '事件关联告警来源产品。', 'type' => 'string', 'example' => '[sas,waf]', ], 'example' => '[sas,waf]', ], 'ThreatLevel' => [ 'title' => '威胁等级。取值：'."\n" .'- serious：高危'."\n" .'- suspicious：中危'."\n" .'- remind：低危', 'description' => '威胁等级。取值：'."\n" .'- serious：高危'."\n" .'- suspicious：中危'."\n" .'- remind：低危', 'type' => 'string', 'example' => 'remind', ], 'ThreatScore' => [ 'title' => '事件的威胁分值, 范围 0~100, 分值越高风险等级越高。', 'description' => '事件的威胁分值, 范围 0~100, 分值越高风险等级越高。', 'type' => 'number', 'format' => 'float', 'example' => '90.2', ], 'ExtContent' => [ 'title' => '事件扩展信息 json格式。', 'description' => '事件扩展信息 json格式。', 'type' => 'string', 'example' => '{"event_transfer_type":"customize_rule"}', ], 'Status' => [ 'title' => '事件状态。 取值：'."\n" .'- 0:未处理 '."\n" .'-1:处理中 '."\n" .'-5：处理失败 '."\n" .'-10:已处理', 'description' => '事件状态。 取值：'."\n" ."\n" .'- 0：未处理 '."\n" .'- 1：处理中 '."\n" .'- 5：处理失败 '."\n" .'- 10：已处理', 'type' => 'integer', 'format' => 'int32', 'example' => '0', ], 'AttCkLabels' => [ 'title' => 'ATTCT&攻击技术标签集合。', 'description' => 'ATTCT&攻击技术标签集合。', 'type' => 'array', 'items' => [ 'description' => 'ATTCT&攻击技术标签集合。', 'type' => 'string', 'example' => '["T1595.002 Vulnerability Scanning"]', ], 'example' => '["T1595.002 Vulnerability Scanning"]', ], 'AttckStages' => [ 'description' => '攻击阶段列表。', 'type' => 'array', 'items' => [ 'type' => 'object', 'properties' => [ 'TacticId' => [ 'description' => 'ATT&CK攻击阶段ID。', 'type' => 'string', 'example' => 'TA0008', ], 'TacticName' => [ 'description' => '攻击阶段名称。', 'type' => 'string', 'example' => 'Persistence', ], 'AlertNum' => [ 'description' => '攻击阶段关联告警数量。', 'type' => 'integer', 'format' => 'int32', 'example' => '21', ], ], ], ], 'ReferAccount' => [ 'description' => '关联账号。', 'type' => 'string', 'example' => '17661858****/****,176618448****/****', ], 'IncidentType' => [ 'description' => '事件类型。'."\n" .'- net-attack：专家规则'."\n" .'- graph：图计算'."\n" .'- singleToSingle：告警透传'."\n" .'- allToSingle：告警聚合', 'type' => 'string', 'example' => 'graph', ], 'RuleId' => [ 'description' => '事件生成规则。', 'type' => 'string', 'example' => 'net-attack/101', ], 'Remark' => [ 'title' => '事件备注。', 'description' => '事件备注。', 'type' => 'string', 'example' => 'dealed', ], ], 'example' => '123456', ], 'Success' => [ 'title' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'description' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'type' => 'boolean', 'example' => 'true', ], 'Code' => [ 'title' => '请求状态码。', 'description' => '请求状态码。', 'type' => 'integer', 'format' => 'int32', 'example' => '200', ], 'Message' => [ 'title' => '请求返回消息。', 'description' => '请求返回消息。', 'type' => 'string', 'example' => 'success', ], 'RequestId' => [ 'title' => '请求id。', 'description' => '请求ID。', 'type' => 'string', 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorMessage' => 'The request processing has failed due to some unknown error.', 'errorCode' => 'InternalError', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"GmtCreate\\": \\"2021-01-06 16:37:29\\",\\n \\"GmtModified\\": \\"2021-01-06 16:37:29\\",\\n \\"Aliuid\\": 0,\\n \\"AlertNum\\": 4,\\n \\"AssetNum\\": 4,\\n \\"IncidentUuid\\": \\"85ea4241-798f-4684-a876-65d4f0c3****\\",\\n \\"IncidentName\\": \\"Multiple type of alerts, including Miner Network, Command line download and run malicious files, Backdoor Process, etc\\",\\n \\"IncidentNameEn\\": \\"Multiple type of alerts, including Miner Network, Command line download and run malicious files, Backdoor Process, etc\\",\\n \\"Description\\": \\"The threat event contains 13 Miner Network,1 Execute suspicious encoded commands on Linux, etc\\",\\n \\"DescriptionEn\\": \\"The threat event contains 13 Miner Network,1 Execute suspicious encoded commands on Linux, etc\\",\\n \\"DataSources\\": [\\n \\"[sas,waf]\\"\\n ],\\n \\"ThreatLevel\\": \\"remind\\",\\n \\"ThreatScore\\": 90.2,\\n \\"ExtContent\\": \\"{\\\\\\"event_transfer_type\\\\\\":\\\\\\"customize_rule\\\\\\"}\\",\\n \\"Status\\": 0,\\n \\"AttCkLabels\\": [\\n \\"[\\\\\\"T1595.002 Vulnerability Scanning\\\\\\"]\\"\\n ],\\n \\"AttckStages\\": [\\n {\\n \\"TacticId\\": \\"TA0008\\",\\n \\"TacticName\\": \\"Persistence\\",\\n \\"AlertNum\\": 21\\n }\\n ],\\n \\"ReferAccount\\": \\"17661858****/****,176618448****/****\\",\\n \\"IncidentType\\": \\"graph\\",\\n \\"RuleId\\": \\"net-attack/101\\",\\n \\"Remark\\": \\"dealed\\"\\n },\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', 'title' => '获取事件详情', ], 'DescribeCloudSiemAssetsCounter' => [ 'summary' => '获取事件关联各类型资产计数。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'https', 'http', ], 'security' => [ [ 'AK' => [], ], ], 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', ], 'parameters' => [ [ 'name' => 'IncidentUuid', 'in' => 'formData', 'schema' => [ 'title' => '事件id。', 'description' => '事件UUID。', 'type' => 'string', 'required' => true, 'example' => '85ea4241-798f-4684-a876-65d4f0c3****', ], ], [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'PlainResponse>', 'description' => 'PlainResponse>', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'array', 'items' => [ 'type' => 'object', 'properties' => [ 'AssetType' => [ 'title' => '资产类型。取值：'."\n" .'- ip:ip'."\n" .'- domain：域名'."\n" .'- url：url'."\n" .'- process：进程'."\n" .'- file：文件'."\n" .'- host：主机', 'description' => '资产类型。取值：'."\n" .'- ip：ip'."\n" .'- domain：域名'."\n" .'- url：url'."\n" .'- process：进程'."\n" .'- file：文件'."\n" .'- host：主机', 'type' => 'string', 'example' => 'domain', ], 'AssetNum' => [ 'title' => '资产数量。', 'description' => '资产数量。', 'type' => 'integer', 'format' => 'int32', 'example' => '1', ], ], ], 'example' => '123456', ], 'Success' => [ 'title' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'description' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'type' => 'boolean', 'example' => 'true', ], 'Code' => [ 'title' => '请求状态码。', 'description' => '请求状态码。', 'type' => 'integer', 'format' => 'int32', 'example' => '200', ], 'Message' => [ 'title' => '请求返回消息。', 'description' => '请求返回消息。', 'type' => 'string', 'example' => 'success', ], 'RequestId' => [ 'title' => '请求id。', 'description' => '请求ID。', 'type' => 'string', 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorMessage' => 'The request processing has failed due to some unknown error.', 'errorCode' => 'InternalError', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"AssetType\\": \\"domain\\",\\n \\"AssetNum\\": 1\\n }\\n ],\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', 'title' => '获取事件关联各类型资产计数', ], 'DescribeCloudSiemAssets' => [ 'summary' => '获取事件关联资产列表。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'https', 'http', ], 'security' => [ [ 'AK' => [], ], ], 'deprecated' => false, 'systemTags' => [ 'operationType' => 'list', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'IncidentUuid', 'in' => 'formData', 'schema' => [ 'title' => '事件ID。', 'description' => '事件UUID。', 'type' => 'string', 'required' => false, 'example' => '85ea4241-798f-4684-a876-65d4f0c3****', ], ], [ 'name' => 'AssetType', 'in' => 'formData', 'schema' => [ 'title' => '资产类型。取值：'."\n" .'- ip：ip'."\n" .'- domain：域名'."\n" .'- url：url'."\n" .'- process:进程'."\n" .'- file:文件'."\n" .'- host:主机', 'description' => '资产类型。取值：'."\n" .'- ip：ip'."\n" .'- domain：域名'."\n" .'- url：url'."\n" .'- process：进程'."\n" .'- file：文件'."\n" .'- host：主机', 'type' => 'string', 'required' => false, 'example' => 'ip', ], ], [ 'name' => 'AssetName', 'in' => 'formData', 'schema' => [ 'title' => '资产名称。', 'description' => '资产名称。', 'type' => 'string', 'required' => false, 'example' => 'test123', ], ], [ 'name' => 'AssetUuid', 'in' => 'formData', 'schema' => [ 'title' => '资产uuid。', 'description' => '资产uuid。', 'type' => 'string', 'required' => false, 'example' => '123456-2222-3333-5555-3435345****', ], ], [ 'name' => 'CurrentPage', 'in' => 'formData', 'schema' => [ 'title' => '列表当前页号， 大于等于1。', 'description' => '列表当前页号， 大于等于1。', 'type' => 'integer', 'format' => 'int32', 'required' => true, 'minimum' => '1', 'example' => '1', ], ], [ 'name' => 'PageSize', 'in' => 'formData', 'schema' => [ 'title' => '列表每页条数， 最大不超过100。', 'description' => '列表每页条数， 最大不超过100。', 'type' => 'integer', 'format' => 'int32', 'required' => true, 'maximum' => '100', 'minimum' => '1', 'example' => '10', ], ], [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'title' => '0，单账号登录；1，全局视图；2，切换视图；3，局部视图', 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'PageResponse>', 'description' => 'PageResponse>', 'type' => 'object', 'properties' => [ 'Success' => [ 'title' => '请求是否成功。取值：'."\n" .'- true:成功'."\n" .'- false：失败', 'description' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'type' => 'boolean', 'example' => 'true', ], 'Code' => [ 'title' => '请求状态码。', 'description' => '请求状态码。', 'type' => 'integer', 'format' => 'int32', 'example' => '200', ], 'Message' => [ 'title' => '请求返回消息。', 'description' => '请求返回消息。', 'type' => 'string', 'example' => 'success', ], 'RequestId' => [ 'title' => '请求id。', 'description' => '请求ID。', 'type' => 'string', 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', ], 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'object', 'properties' => [ 'PageInfo' => [ 'title' => '分页记录。', 'description' => '分页记录。', 'type' => 'object', 'properties' => [ 'CurrentPage' => [ 'title' => '列表当前页号。', 'description' => '列表当前页号。', 'type' => 'integer', 'format' => 'int32', 'example' => '1', ], 'PageSize' => [ 'title' => '每页返回记录数。', 'description' => '每页返回记录数。', 'type' => 'integer', 'format' => 'int32', 'example' => '10', ], 'TotalCount' => [ 'title' => '记录总数。', 'description' => '记录总数。', 'type' => 'integer', 'format' => 'int64', 'example' => '100', ], ], ], 'ResponseData' => [ 'title' => '详细数据。', 'description' => '详细数据。', 'type' => 'array', 'items' => [ 'type' => 'object', 'properties' => [ 'Id' => [ 'title' => '资产ID。', 'description' => '资产ID。', 'type' => 'integer', 'format' => 'int64', 'example' => '123', ], 'GmtCreate' => [ 'title' => '资产同步时间。', 'description' => '资产同步时间。', 'type' => 'string', 'example' => '2021-01-06 16:37:29', ], 'GmtModified' => [ 'title' => '资产最后更新时间。', 'description' => '资产最后更新时间。', 'type' => 'string', 'example' => '2021-01-06 16:37:29', ], 'Aliuid' => [ 'title' => 'siem主账号ID。', 'description' => 'siem主账号ID。', 'type' => 'integer', 'format' => 'int64', 'example' => '1276085894174392', ], 'SubUserId' => [ 'title' => '资产关联账号ID。', 'description' => '资产关联账号ID。', 'type' => 'integer', 'format' => 'int64', 'example' => '176555323***', ], 'IncidentUuid' => [ 'title' => '事件ID。', 'description' => '事件UUID。', 'type' => 'string', 'example' => '85ea4241-798f-4684-a876-65d4f0c3****', ], 'AlertUuid' => [ 'title' => '事件关联告警ID。', 'description' => '事件关联告警UUID。', 'type' => 'string', 'example' => 'sas_71e24437d2797ce8fc59692905a4****', ], 'AssetName' => [ 'title' => '资产名称。', 'description' => '资产名称。', 'type' => 'string', 'example' => 'zsw-agentless-centos****', ], 'AssetType' => [ 'title' => '资产类型。取值：'."\n" .'- ip:ip'."\n" .'- domain：域名'."\n" .'- url：url'."\n" .'- process：进程'."\n" .'- file：文件'."\n" .'- host：主机', 'description' => '资产类型。取值：'."\n" .'- ip：ip'."\n" .'- domain：域名'."\n" .'- url：url'."\n" .'- process：进程'."\n" .'- file：文件'."\n" .'- host：主机', 'type' => 'string', 'example' => 'domain', ], 'AssetInfo' => [ 'title' => '资产展示信息 json数组格式。', 'description' => '资产展示信息 json数组格式。', 'type' => 'array', 'items' => [ 'type' => 'object', 'properties' => [ 'Key' => [ 'title' => '告警详细属性key。', 'description' => '告警详细属性key。', 'type' => 'string', 'example' => 'suspicious.wbd.wb.trojanpath', ], 'KeyName' => [ 'title' => '告警详细数据名称。', 'description' => '告警详细数据名称。', 'type' => 'string', 'example' => 'Trojan Path', ], 'Values' => [ 'title' => '告警详细数据值。', 'description' => '告警详细数据值。', 'type' => 'string', 'example' => '/root/test33.php', ], ], ], 'example' => '[{"KeyName": "${aliyun.siem.asset.asset_name}","Values": "zsw-agentless-ubuntu20","Key": "asset_name"}]', ], 'AssetId' => [ 'title' => '资产逻辑ID。', 'description' => '资产逻辑ID。', 'type' => 'string', 'example' => '0616caeb-acb8-45e0-8520-4ee5fbe251f0', ], 'CloudCode' => [ 'title' => '实体来源云code。 取值：'."\n" .'- aliyun：阿里云'."\n" .'- qcloud：腾讯云'."\n" .'- hcloud：华为云', 'description' => '实体来源云Code。 取值：'."\n" .'- aliyun：阿里云'."\n" .'- qcloud：腾讯云'."\n" .'- hcloud：华为云', 'type' => 'string', 'example' => 'aliyun', ], ], ], ], ], 'example' => '123456', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorMessage' => 'The request processing has failed due to some unknown error.', 'errorCode' => 'InternalError', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\",\\n \\"Data\\": {\\n \\"PageInfo\\": {\\n \\"CurrentPage\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 100\\n },\\n \\"ResponseData\\": [\\n {\\n \\"Id\\": 123,\\n \\"GmtCreate\\": \\"2021-01-06 16:37:29\\",\\n \\"GmtModified\\": \\"2021-01-06 16:37:29\\",\\n \\"Aliuid\\": 1276085894174392,\\n \\"SubUserId\\": 0,\\n \\"IncidentUuid\\": \\"85ea4241-798f-4684-a876-65d4f0c3****\\",\\n \\"AlertUuid\\": \\"sas_71e24437d2797ce8fc59692905a4****\\",\\n \\"AssetName\\": \\"zsw-agentless-centos****\\",\\n \\"AssetType\\": \\"domain\\",\\n \\"AssetInfo\\": [\\n {\\n \\"Key\\": \\"suspicious.wbd.wb.trojanpath\\",\\n \\"KeyName\\": \\"Trojan Path\\",\\n \\"Values\\": \\"/root/test33.php\\"\\n }\\n ],\\n \\"AssetId\\": \\"0616caeb-acb8-45e0-8520-4ee5fbe251f0\\",\\n \\"CloudCode\\": \\"aliyun\\"\\n }\\n ]\\n }\\n}","type":"json"}]', 'title' => '获取事件关联资产列表', ], 'DescribeAlertsWithEvent' => [ 'summary' => '获取事件关联的告警列表。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'http', 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsasAFG0OH', ], ], 'parameters' => [ [ 'name' => 'IncidentUuid', 'in' => 'formData', 'schema' => [ 'title' => '事件ID。', 'description' => '事件ID。', 'type' => 'string', 'required' => false, 'example' => '85ea4241-798f-4684-a876-65d4f0c3****', ], ], [ 'name' => 'Level', 'in' => 'formData', 'style' => 'repeatList', 'schema' => [ 'title' => '威胁等级，格式为json数组。取值：'."\n" .'- serious：高危'."\n" .'- suspicious：中危'."\n" .'- remind：低危', 'description' => '威胁等级，格式为json数组。取值：'."\n" .'- serious：高危。'."\n" .'- suspicious：中危。'."\n" .'- remind：低危。', 'type' => 'array', 'items' => [ 'description' => '威胁等级，格式为json数组。取值：'."\n" ."\n" .'- serious：高危。'."\n" .'- suspicious：中危。'."\n" .'- remind：低危。', 'type' => 'string', 'required' => false, 'example' => '["remind","serious"]'."\n", ], 'required' => false, 'example' => '["serious","suspicious","remind"]', 'maxItems' => 100, ], ], [ 'name' => 'AlertTitle', 'in' => 'formData', 'schema' => [ 'title' => '告警标题。', 'description' => '告警标题。', 'type' => 'string', 'required' => false, 'example' => 'Scan-Try SNMP weak password'."\n", ], ], [ 'name' => 'AlertType', 'in' => 'formData', 'schema' => [ 'title' => '告警类型。', 'description' => '告警类型。', 'type' => 'string', 'required' => false, 'example' => 'Scan', ], ], [ 'name' => 'AlertName', 'in' => 'formData', 'schema' => [ 'title' => '告警名称。', 'description' => '告警名称。', 'type' => 'string', 'required' => false, 'example' => 'Try SNMP weak password', ], ], [ 'name' => 'AssetName', 'in' => 'formData', 'schema' => [ 'title' => '资产名称。', 'description' => '资产名称。', 'type' => 'string', 'required' => false, 'example' => 'hostname-****', ], ], [ 'name' => 'AssetId', 'in' => 'formData', 'schema' => [ 'title' => '资产id。', 'description' => '资产id。', 'type' => 'string', 'required' => false, 'example' => '09414e9ebaa9c19b84d851abb91d****', ], ], [ 'name' => 'EntityName', 'in' => 'formData', 'schema' => [ 'title' => '实体名称。', 'description' => '实体名称。', 'type' => 'string', 'required' => false, 'example' => 'launch-advisor-*****', ], ], [ 'name' => 'EntityId', 'in' => 'formData', 'schema' => [ 'title' => '实体id。', 'description' => '实体id。', 'type' => 'string', 'required' => false, 'example' => '21034e803f492b926cea9e5beab4****', ], ], [ 'name' => 'SubUserId', 'in' => 'formData', 'schema' => [ 'title' => '告警关联账号ID。', 'description' => '告警关联账号ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '176555323***', ], ], [ 'name' => 'Source', 'in' => 'formData', 'schema' => [ 'title' => '告警数据源。', 'description' => '告警数据源。', 'type' => 'string', 'required' => false, 'example' => 'sas', ], ], [ 'name' => 'IsDefend', 'in' => 'formData', 'schema' => [ 'title' => '是否已防御', 'description' => '是否已防御。取值：'."\n" ."\n" .'- 0：检出'."\n" .'- 1：拦截', 'type' => 'string', 'required' => false, 'example' => '1', ], ], [ 'name' => 'StartTime', 'in' => 'formData', 'schema' => [ 'title' => '查询开始时间, 单位毫秒。', 'description' => '查询开始时间, 单位毫秒。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '1577808000000', ], ], [ 'name' => 'EndTime', 'in' => 'formData', 'schema' => [ 'title' => '查询结束时间, 单位毫秒。', 'description' => '查询结束时间, 单位毫秒。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '1577808000000', ], ], [ 'name' => 'CurrentPage', 'in' => 'formData', 'schema' => [ 'title' => '列表当前页号， 大于等于1。', 'description' => '列表当前页号， 大于等于1。', 'type' => 'integer', 'format' => 'int32', 'required' => true, 'minimum' => '1', 'example' => '1', ], ], [ 'name' => 'PageSize', 'in' => 'formData', 'schema' => [ 'title' => '列表每页条数， 最大不超过100。', 'description' => '列表每页条数， 最大不超过100。', 'type' => 'integer', 'format' => 'int32', 'required' => true, 'maximum' => '100', 'minimum' => '1', 'example' => '10', ], ], [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'title' => '0，单账号登录；1，全局视图；2，切换视图；3，局部视图', 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '资源目录成员账号ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'PageResponse>', 'description' => 'PageResponse>', 'type' => 'object', 'properties' => [ 'Success' => [ 'title' => '请求是否成功。取值：'."\n" .'- true:成功'."\n" .'- false：失败', 'description' => '请求是否成功。取值：'."\n" .'- true：成功。'."\n" .'- false：失败。', 'type' => 'boolean', 'example' => 'true', ], 'Code' => [ 'title' => '请求状态码。', 'description' => '请求状态码。', 'type' => 'integer', 'format' => 'int32', 'example' => '200', ], 'Message' => [ 'title' => '请求返回消息。', 'description' => '请求返回消息。', 'type' => 'string', 'example' => 'success', ], 'RequestId' => [ 'title' => '请求id。', 'description' => '请求ID。', 'type' => 'string', 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', ], 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'object', 'properties' => [ 'PageInfo' => [ 'title' => '分页记录。', 'description' => '分页记录。', 'type' => 'object', 'properties' => [ 'CurrentPage' => [ 'title' => '列表当前页号。', 'description' => '列表当前页号。', 'type' => 'integer', 'format' => 'int32', 'example' => '1', ], 'PageSize' => [ 'title' => '每页返回记录数。', 'description' => '每页返回记录数。', 'type' => 'integer', 'format' => 'int32', 'example' => '10', ], 'TotalCount' => [ 'title' => '记录总数。', 'description' => '记录总数。', 'type' => 'integer', 'format' => 'int64', 'example' => '100', ], ], ], 'ResponseData' => [ 'title' => '详细数据。', 'description' => '详细数据。', 'type' => 'array', 'items' => [ 'description' => '详细数据。', 'type' => 'object', 'properties' => [ 'Id' => [ 'title' => '告警唯一ID。', 'description' => '告警唯一ID。', 'type' => 'integer', 'format' => 'int64', 'example' => '123456789', ], 'GmtCreate' => [ 'title' => '告警入库时间。', 'description' => '告警入库时间。', 'type' => 'string', 'example' => '2021-01-06 16:37:29', ], 'GmtModified' => [ 'title' => '告警最后更新时间。', 'description' => '告警最后更新时间。', 'type' => 'string', 'example' => '2021-01-06 16:37:29', ], 'MainUserId' => [ 'title' => '告警关联siem主账号ID。', 'description' => '告警关联siem主账号ID。', 'type' => 'integer', 'format' => 'int64', 'example' => '127608589417****', ], 'IncidentUuid' => [ 'title' => '事件全局唯一id。', 'description' => '事件全局唯一UUID。', 'type' => 'string', 'example' => '85ea4241-798f-4684-a876-65d4f0c3****', ], 'AlertUuid' => [ 'title' => '告警id。', 'description' => '告警UUID。', 'type' => 'string', 'example' => 'sas_71e24437d2797ce8fc59692905a4****', ], 'LogTime' => [ 'title' => '告警记录时间。', 'description' => '告警记录时间。', 'type' => 'string', 'example' => '2021-01-06 16:37:29', ], 'AlertSrcProd' => [ 'title' => '事件关联告警来源产品。', 'description' => '事件关联告警来源产品。', 'type' => 'string', 'example' => 'sas', ], 'AlertTitle' => [ 'title' => '告警标题。', 'description' => '告警标题。', 'type' => 'string', 'example' => 'Scan-Try SNMP weak password', ], 'AlertTitleEn' => [ 'title' => '告警标题英文。', 'description' => '告警标题英文。', 'type' => 'string', 'example' => 'Scan-Try SNMP weak password', ], 'AlertType' => [ 'title' => '告警类型。', 'description' => '告警类型。', 'type' => 'string', 'example' => 'Scan', ], 'AlertTypeEn' => [ 'title' => '告警类型英文。', 'description' => '告警类型英文。', 'type' => 'string', 'example' => 'Scan', ], 'AlertTypeCode' => [ 'title' => '告警类型美杜莎code。', 'description' => '告警类型美杜莎Code。', 'type' => 'string', 'example' => 'security_event_config.event_name.webshellName', ], 'AlertName' => [ 'title' => '告警名称。', 'description' => '告警名称。', 'type' => 'string', 'example' => 'Try SNMP weak password', ], 'AlertNameEn' => [ 'title' => '告警名称。', 'description' => '告警名称。', 'type' => 'string', 'example' => 'Try SNMP weak password', ], 'AlertNameCode' => [ 'title' => '告警名称美杜莎code。', 'description' => '告警名称美杜莎Code。', 'type' => 'string', 'example' => 'security_event_config.event_name.webshell', ], 'AlertLevel' => [ 'title' => '威胁等级。 取值：'."\n" .'- serious：高危'."\n" .'- suspicious：中危'."\n" .'- remind：低危', 'description' => '威胁等级。取值：'."\n" .'- serious：高危。'."\n" .'- suspicious：中危。'."\n" .'- remind：低危。', 'type' => 'string', 'example' => 'remind', ], 'AssetList' => [ 'title' => '资产列表。', 'description' => '资产列表。', 'type' => 'string', 'example' => '['."\n" .' {'."\n" .' "is_main_asset": "1",'."\n" .' "asset_name": "47.245.*",'."\n" .' "port": "22",'."\n" .' "ip": "47.245.*",'."\n" .' "asset_type": "ip",'."\n" .' "location": "ap-southeast-1",'."\n" .' "asset_id": "47.245.*",'."\n" .' "net_connect_dir": "in"'."\n" .' }'."\n" .']', ], 'OccurTime' => [ 'title' => '告警发生时间。', 'description' => '告警发生时间。', 'type' => 'string', 'example' => '2021-01-06 16:37:29', ], 'StartTime' => [ 'title' => '告警首次发生时间。', 'description' => '告警首次发生时间。', 'type' => 'string', 'example' => '2021-01-06 16:37:29', ], 'EndTime' => [ 'title' => '告警结束时间。', 'description' => '告警结束时间。', 'type' => 'string', 'example' => '2021-01-06 16:37:29', ], 'AlertSrcProdModule' => [ 'title' => '事件关联告警来源产品子模块。', 'description' => '事件关联告警来源产品子模块。', 'type' => 'string', 'example' => 'waf', ], 'AlertDesc' => [ 'title' => '告警描述。', 'description' => '告警描述。', 'type' => 'string', 'example' => 'The detection model found a suspicious Webshell file on your server, which may be a backdoor file implanted to maintain permissions after the attacker successfully invaded the website.', ], 'AlertDescEn' => [ 'title' => '告警英文描述。', 'description' => '告警英文描述。', 'type' => 'string', 'example' => 'The detection model found a suspicious Webshell file on your server, which may be a backdoor file implanted to maintain permissions after the attacker successfully invaded the website.', ], 'AlertDescCode' => [ 'title' => '告警描述美杜莎code。', 'description' => '告警描述美杜莎Code。', 'type' => 'string', 'example' => 'security_event_config.event_name.webshell'."\n", ], 'AlertDetail' => [ 'title' => '告警详情。', 'description' => '告警详情。', 'type' => 'string', 'example' => '{"main_user_id": "165295629792****";"log_uuid_count": "99";"attack_ip": "21.92.*.*"}', ], 'LogUuid' => [ 'title' => '告警log UUID。', 'description' => '告警日志UUID。', 'type' => 'string', 'example' => 'cfw_d12e285a-a042-4d7e-be89-f8a795ef****', ], 'EntityList' => [ 'title' => '实体详情（标准化/开启索引）', 'description' => '实体详情。', 'type' => 'string', 'example' => '[{"entity_user_id":"198921674491****","entity_account_id":"N/A","entity_uuid":"6245f979d5dd9ef8dd19bdc72228****","entity_type":"host","entity_name":"zhh-test-20240409","is_comprised":"1","os_type":"linux","entity_id":"a88f44dd-b8d4-4ded-831c-77a4835****","host_uuid":"a88f44dd-b8d4-4ded-831c-77a4835****","host_name":"zhh-test-2024****"}]', ], 'AttCk' => [ 'title' => 'ATTCT&攻击技术标签。', 'description' => 'ATTCT&攻击技术标签。', 'type' => 'string', 'example' => 'T1595.002 Vulnerability Scanning', ], 'SubUserId' => [ 'title' => '产生告警阿里账号ID。', 'description' => '产生告警阿里账号ID。', 'type' => 'integer', 'format' => 'int64', 'example' => '176555323***', ], 'SubUserName' => [ 'title' => '产生告警阿里账号ID。', 'description' => '产生告警阿里账号ID。', 'type' => 'string', 'example' => '176555323***', ], 'CloudCode' => [ 'title' => '云code。 取值：'."\n" .'- aliyun：阿里云'."\n" .'- qcloud：腾讯云'."\n" .'- hcloud：华为云', 'description' => '云code。 取值：'."\n" .'- aliyun：阿里云。'."\n" .'- qcloud：腾讯云。'."\n" .'- hcloud：华为云。', 'type' => 'string', 'example' => 'aliyun', ], 'IsDefend' => [ 'title' => '是否已防御', 'description' => '是否已防御。取值：'."\n" ."\n" .'- 0：检出。'."\n" .'- 1：拦截。', 'type' => 'string', 'example' => '1', ], 'AlertInfoList' => [ 'title' => '告警详细数据。', 'description' => '告警详细数据。', 'type' => 'array', 'items' => [ 'description' => '告警详细数据。', 'type' => 'object', 'properties' => [ 'Key' => [ 'title' => '告警详细属性key。', 'description' => '告警详细属性KEY。', 'type' => 'string', 'example' => 'suspicious.wbd.wb.trojanpath', ], 'KeyName' => [ 'title' => '告警详细数据名称。', 'description' => '告警详细数据名称。', 'type' => 'string', 'example' => 'Trojan Path'."\n", ], 'Values' => [ 'title' => '告警详细数据值。', 'description' => '告警详细数据值。', 'type' => 'string', 'example' => '/root/test33.php', ], ], ], 'example' => 'aliyun', ], 'ExtendContent' => [ 'description' => '告警扩展信息。', 'type' => 'string', 'example' => '{"main_user_id": "165295629792****";"log_uuid_count": "99****"}', ], 'ProductId' => [ 'description' => '产品ID。', 'type' => 'string', 'example' => 'alibaba_cloud_sas', ], 'VendorId' => [ 'description' => '云code。 取值：'."\n" .'- aliyun：阿里云。'."\n" .'- qcloud：腾讯云。'."\n" .'- hcloud：华为云。', 'type' => 'string', 'example' => 'aliyun', ], 'DetectionRuleId' => [ 'description' => '检测规则ID。', 'type' => 'string', 'example' => 'dr-48zs4tk7qfd4rjd9****', ], ], ], ], ], 'example' => '123456', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorMessage' => 'The request processing has failed due to some unknown error.', 'errorCode' => 'InternalError', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\",\\n \\"Data\\": {\\n \\"PageInfo\\": {\\n \\"CurrentPage\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 100\\n },\\n \\"ResponseData\\": [\\n {\\n \\"Id\\": 123456789,\\n \\"GmtCreate\\": \\"2021-01-06 16:37:29\\",\\n \\"GmtModified\\": \\"2021-01-06 16:37:29\\",\\n \\"MainUserId\\": 0,\\n \\"IncidentUuid\\": \\"85ea4241-798f-4684-a876-65d4f0c3****\\",\\n \\"AlertUuid\\": \\"sas_71e24437d2797ce8fc59692905a4****\\",\\n \\"LogTime\\": \\"2021-01-06 16:37:29\\",\\n \\"AlertSrcProd\\": \\"sas\\",\\n \\"AlertTitle\\": \\"Scan-Try SNMP weak password\\",\\n \\"AlertTitleEn\\": \\"Scan-Try SNMP weak password\\",\\n \\"AlertType\\": \\"Scan\\",\\n \\"AlertTypeEn\\": \\"Scan\\",\\n \\"AlertTypeCode\\": \\"security_event_config.event_name.webshellName\\",\\n \\"AlertName\\": \\"Try SNMP weak password\\",\\n \\"AlertNameEn\\": \\"Try SNMP weak password\\",\\n \\"AlertNameCode\\": \\"security_event_config.event_name.webshell\\",\\n \\"AlertLevel\\": \\"remind\\",\\n \\"AssetList\\": \\"[\\\\n {\\\\n \\\\\\"is_main_asset\\\\\\": \\\\\\"1\\\\\\",\\\\n \\\\\\"asset_name\\\\\\": \\\\\\"47.245.*\\\\\\",\\\\n \\\\\\"port\\\\\\": \\\\\\"22\\\\\\",\\\\n \\\\\\"ip\\\\\\": \\\\\\"47.245.*\\\\\\",\\\\n \\\\\\"asset_type\\\\\\": \\\\\\"ip\\\\\\",\\\\n \\\\\\"location\\\\\\": \\\\\\"ap-southeast-1\\\\\\",\\\\n \\\\\\"asset_id\\\\\\": \\\\\\"47.245.*\\\\\\",\\\\n \\\\\\"net_connect_dir\\\\\\": \\\\\\"in\\\\\\"\\\\n }\\\\n]\\",\\n \\"OccurTime\\": \\"2021-01-06 16:37:29\\",\\n \\"StartTime\\": \\"2021-01-06 16:37:29\\",\\n \\"EndTime\\": \\"2021-01-06 16:37:29\\",\\n \\"AlertSrcProdModule\\": \\"waf\\",\\n \\"AlertDesc\\": \\"The detection model found a suspicious Webshell file on your server, which may be a backdoor file implanted to maintain permissions after the attacker successfully invaded the website.\\",\\n \\"AlertDescEn\\": \\"The detection model found a suspicious Webshell file on your server, which may be a backdoor file implanted to maintain permissions after the attacker successfully invaded the website.\\",\\n \\"AlertDescCode\\": \\"security_event_config.event_name.webshell\\\\n\\",\\n \\"AlertDetail\\": \\"{\\\\\\"main_user_id\\\\\\": \\\\\\"165295629792****\\\\\\";\\\\\\"log_uuid_count\\\\\\": \\\\\\"99\\\\\\";\\\\\\"attack_ip\\\\\\": \\\\\\"21.92.*.*\\\\\\"}\\",\\n \\"LogUuid\\": \\"cfw_d12e285a-a042-4d7e-be89-f8a795ef****\\",\\n \\"EntityList\\": \\"[{"entity_user_id":"198921674491****","entity_account_id":"N/A","entity_uuid":"6245f979d5dd9ef8dd19bdc72228****","entity_type":"host","entity_name":"zhh-test-20240409","is_comprised":"1","os_type":"linux","entity_id":"a88f44dd-b8d4-4ded-831c-77a4835****","host_uuid":"a88f44dd-b8d4-4ded-831c-77a4835****","host_name":"zhh-test-2024****"}]\\",\\n \\"AttCk\\": \\"T1595.002 Vulnerability Scanning\\",\\n \\"SubUserId\\": 0,\\n \\"SubUserName\\": \\"176555323***\\",\\n \\"CloudCode\\": \\"aliyun\\",\\n \\"IsDefend\\": \\"1\\",\\n \\"AlertInfoList\\": [\\n {\\n \\"Key\\": \\"suspicious.wbd.wb.trojanpath\\",\\n \\"KeyName\\": \\"Trojan Path\\\\n\\",\\n \\"Values\\": \\"/root/test33.php\\"\\n }\\n ],\\n \\"ExtendContent\\": \\"{\\\\\\"main_user_id\\\\\\": \\\\\\"165295629792****\\\\\\";\\\\\\"log_uuid_count\\\\\\": \\\\\\"99****\\\\\\"}\\",\\n \\"ProductId\\": \\"alibaba_cloud_sas\\",\\n \\"VendorId\\": \\"aliyun\\",\\n \\"DetectionRuleId\\": \\"dr-48zs4tk7qfd4rjd9****\\"\\n }\\n ]\\n }\\n}","type":"json"}]', 'title' => '获取事件关联的告警列表', ], 'DescribeAlertSourceWithEvent' => [ 'summary' => '获取事件关联告警数据源列表。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'https', 'http', ], 'security' => [ [ 'AK' => [], ], ], 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', ], 'parameters' => [ [ 'name' => 'IncidentUuid', 'in' => 'formData', 'schema' => [ 'title' => '事件全局唯一id。', 'description' => '事件全局唯一ID。', 'type' => 'string', 'required' => false, 'example' => '85ea4241-798f-4684-a876-65d4f0c3****', ], ], [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" ."\n" .'- cn-hangzhou：资产属于中国'."\n" .'- ap-southeast-1：资产属于全球（不含中国）', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'BaseResponse>', 'description' => 'BaseResponse>', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'array', 'items' => [ 'type' => 'object', 'properties' => [ 'SourceName' => [ 'title' => '告警数据源名称。', 'description' => '告警数据源名称。', 'type' => 'string', 'example' => 'sas', ], 'Source' => [ 'title' => '告警数据源名称美杜莎code。', 'description' => '告警数据源名称美杜莎code。', 'type' => 'string', 'example' => 'aliyun.siem.alert_datasource.sas', ], ], ], 'example' => '123456', ], 'Success' => [ 'title' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'description' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'type' => 'boolean', 'example' => 'true', ], 'Code' => [ 'title' => '请求状态码。', 'description' => '请求状态码。', 'type' => 'integer', 'format' => 'int32', 'example' => '200', ], 'Message' => [ 'title' => '请求返回消息。', 'description' => '请求返回消息。', 'type' => 'string', 'example' => 'success', ], 'RequestId' => [ 'title' => '请求id。', 'description' => '请求ID。', 'type' => 'string', 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorMessage' => 'The request processing has failed due to some unknown error.', 'errorCode' => 'InternalError', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"SourceName\\": \\"sas\\",\\n \\"Source\\": \\"aliyun.siem.alert_datasource.sas\\"\\n }\\n ],\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', 'title' => '获取事件关联告警数据源列表', ], 'DescribeAlertType' => [ 'summary' => '获取自定义规则可选威胁类型列表。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'https', 'http', ], 'security' => [ [ 'AK' => [], ], ], 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', ], 'parameters' => [ [ 'name' => 'RuleType', 'in' => 'formData', 'schema' => [ 'title' => '规则类型。 取值：'."\n" .'- predefine：预定义'."\n" .'- customize：自定义', 'description' => '规则类型。 取值：'."\n" .'- predefine：预定义'."\n" .'- customize：自定义', 'type' => 'string', 'required' => false, 'example' => 'customize', ], ], [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'PlainResponse>', 'description' => 'PlainResponse>', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'array', 'items' => [ 'type' => 'object', 'properties' => [ 'AlertType' => [ 'title' => '威胁类型。', 'description' => '威胁类型。', 'type' => 'string', 'example' => 'WEBSHELL', ], 'AlertTypeMds' => [ 'title' => '威胁类型美杜莎code。', 'description' => '威胁类型美杜莎code。', 'type' => 'string', 'example' => 'siem_rule_type_process_abnormal_command', ], ], ], 'example' => '123456', ], 'Success' => [ 'title' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'description' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'type' => 'boolean', 'example' => 'true', ], 'Code' => [ 'title' => '请求状态码。', 'description' => '请求状态码。', 'type' => 'integer', 'format' => 'int32', 'example' => '200', ], 'Message' => [ 'title' => '请求返回消息。', 'description' => '请求返回消息。', 'type' => 'string', 'example' => 'success', ], 'RequestId' => [ 'title' => '请求id。', 'description' => '请求ID。', 'type' => 'string', 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorMessage' => 'The request processing has failed due to some unknown error.', 'errorCode' => 'InternalError', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"AlertType\\": \\"WEBSHELL\\",\\n \\"AlertTypeMds\\": \\"siem_rule_type_process_abnormal_command\\"\\n }\\n ],\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', 'title' => '获取自定义规则可选威胁类型列表', ], 'DeleteCustomizeRule' => [ 'summary' => '根据指定ID自定义规则。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'https', 'http', ], 'security' => [ [ 'AK' => [], ], ], 'deprecated' => false, 'systemTags' => [ 'operationType' => 'delete', 'riskType' => 'none', 'chargeType' => 'free', ], 'parameters' => [ [ 'name' => 'RuleId', 'in' => 'formData', 'schema' => [ 'title' => '自定义规则ID。', 'description' => '自定义规则ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '123456789', ], ], [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '产品所在地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-shanghai', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'BaseResponse', 'description' => 'BaseResponse', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'integer', 'format' => 'int32', 'example' => '123456', ], 'Success' => [ 'title' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'description' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'type' => 'boolean', 'example' => 'true', ], 'Code' => [ 'title' => '请求状态码。', 'description' => '请求状态码。', 'type' => 'integer', 'format' => 'int32', 'example' => '200', ], 'Message' => [ 'title' => '请求返回消息。', 'description' => '请求返回消息。', 'type' => 'string', 'example' => 'success', ], 'RequestId' => [ 'title' => '请求id。', 'description' => '请求ID。', 'type' => 'string', 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'CloudSiemCustomizeRuleDeleteExcepiton', 'errorMessage' => 'can not delete online customize rule.', ], ], 500 => [ [ 'errorMessage' => 'The request processing has failed due to some unknown error.', 'errorCode' => 'InternalError', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": 123456,\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', 'title' => '删除自定义规则', ], 'DescribeAggregateFunction' => [ 'summary' => '获取自定义规则支持的聚合函数列表。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'https', 'http', ], 'security' => [ [ 'AK' => [], ], ], 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', ], 'parameters' => [ [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'PlainResponse>', 'description' => 'PlainResponse>', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'array', 'items' => [ 'type' => 'object', 'properties' => [ 'Function' => [ 'title' => '聚合函数。', 'description' => '聚合函数。', 'type' => 'string', 'example' => 'count', ], 'FunctionName' => [ 'title' => '聚合函数显示名称。', 'description' => '聚合函数显示名称。', 'type' => 'string', 'example' => 'Count', ], ], ], 'example' => '123456', ], 'Success' => [ 'title' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'description' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'type' => 'boolean', 'example' => 'true', ], 'Code' => [ 'title' => '请求状态码。', 'description' => '请求状态码。', 'type' => 'integer', 'format' => 'int32', 'example' => '200', ], 'Message' => [ 'title' => '请求返回消息。', 'description' => '请求返回消息。', 'type' => 'string', 'example' => 'success', ], 'RequestId' => [ 'title' => '请求id。', 'description' => '请求ID。', 'type' => 'string', 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorMessage' => 'The request processing has failed due to some unknown error.', 'errorCode' => 'InternalError', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"Function\\": \\"count\\",\\n \\"FunctionName\\": \\"Count\\"\\n }\\n ],\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', 'title' => '获取自定义规则聚合函数列表', ], 'DescribeCustomizeRuleCount' => [ 'summary' => '获取自定义规则计数。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'https', 'http', ], 'security' => [ [ 'AK' => [], ], ], 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', ], 'parameters' => [ [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'PlainResponse', 'description' => 'PlainResponse', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'object', 'properties' => [ 'InUseRuleNum' => [ 'title' => '全部规则数。', 'description' => '全部规则数。', 'type' => 'integer', 'format' => 'int32', 'example' => '20', ], 'HighRuleNum' => [ 'title' => '高危规则数。', 'description' => '高危规则数。', 'type' => 'integer', 'format' => 'int32', 'example' => '12', ], 'MediumRuleNum' => [ 'title' => '中危规则数。', 'description' => '中危规则数。', 'type' => 'integer', 'format' => 'int32', 'example' => '5', ], 'LowRuleNum' => [ 'title' => '低危规则数。', 'description' => '低危规则数。', 'type' => 'integer', 'format' => 'int32', 'example' => '3', ], 'TotalRuleNum' => [ 'title' => '总规则数', 'description' => '总规则数。', 'type' => 'integer', 'format' => 'int32', 'example' => '10', ], 'CustomizeRuleNum' => [ 'title' => '自定义规则数', 'description' => '自定义规则数。', 'type' => 'integer', 'format' => 'int32', 'example' => '10', ], 'PredefinedRuleNum' => [ 'title' => '预定义规则数', 'description' => '预定义规则数。', 'type' => 'integer', 'format' => 'int32', 'example' => '10', ], 'UnEventRuleNum' => [ 'title' => '不产生事件规则数', 'description' => '不产生事件规则数。', 'type' => 'integer', 'format' => 'int32', 'example' => '3', ], 'ExpertRuleNum' => [ 'title' => '专家规则数', 'description' => '专家规则数。', 'type' => 'integer', 'format' => 'int32', 'example' => '7', ], 'GraphComputingRuleNum' => [ 'title' => '图计算规则数', 'description' => '图计算规则数。', 'type' => 'integer', 'format' => 'int32', 'example' => '2', ], 'SingleAlertRuleNum' => [ 'title' => '告警透传规则数', 'description' => '告警透传规则数。', 'type' => 'integer', 'format' => 'int32', 'example' => '3', ], 'AggregationRuleNum' => [ 'title' => '同类聚合规则数', 'description' => '同类聚合规则数。', 'type' => 'integer', 'format' => 'int32', 'example' => '3', ], ], 'example' => '123456', ], 'Success' => [ 'title' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'description' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'type' => 'boolean', 'example' => 'true', ], 'Code' => [ 'title' => '请求状态码。', 'description' => '请求状态码。', 'type' => 'integer', 'format' => 'int32', 'example' => '200', ], 'Message' => [ 'title' => '请求返回消息。', 'description' => '请求返回消息。', 'type' => 'string', 'example' => 'success', ], 'RequestId' => [ 'title' => '请求id。', 'description' => '请求ID。', 'type' => 'string', 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorMessage' => 'The request processing has failed due to some unknown error.', 'errorCode' => 'InternalError', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"InUseRuleNum\\": 20,\\n \\"HighRuleNum\\": 12,\\n \\"MediumRuleNum\\": 5,\\n \\"LowRuleNum\\": 3,\\n \\"TotalRuleNum\\": 10,\\n \\"CustomizeRuleNum\\": 10,\\n \\"PredefinedRuleNum\\": 10,\\n \\"UnEventRuleNum\\": 3,\\n \\"ExpertRuleNum\\": 7,\\n \\"GraphComputingRuleNum\\": 2,\\n \\"SingleAlertRuleNum\\": 3,\\n \\"AggregationRuleNum\\": 3\\n },\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', 'title' => '获取自定义规则计数', ], 'DescribeCustomizeRuleTest' => [ 'summary' => '获取模拟测试场景下的历史模拟数据。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'https', 'http', ], 'security' => [ [ 'AK' => [], ], ], 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', ], 'parameters' => [ [ 'name' => 'Id', 'in' => 'formData', 'schema' => [ 'title' => '自定义规则ID。', 'description' => '自定义规则ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '123456789', ], ], [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'BaseResponse', 'description' => 'BaseResponse', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'object', 'properties' => [ 'Id' => [ 'title' => '自定义规则ID。', 'description' => '自定义规则ID。', 'type' => 'integer', 'format' => 'int64', 'example' => '123456789', ], 'Status' => [ 'title' => '规则状态。 取值：'."\n" .'- 0：初始状态'."\n" .'- 10：模拟数据测试'."\n" .'- 15：业务数据测试中'."\n" .'- 20：业务数据测试结束'."\n" .'- 100：规则上线', 'description' => '规则状态。 取值：'."\n" .'- 0：初始状态'."\n" .'- 10：模拟数据测试'."\n" .'- 15：业务数据测试中'."\n" .'- 20：业务数据测试结束'."\n" .'- 100：规则上线', 'type' => 'integer', 'format' => 'int32', 'example' => '0', ], 'SimulateData' => [ 'title' => '模拟测试历史用例数据。', 'description' => '模拟测试历史用例数据。', 'type' => 'string', 'example' => '[{"key1":"value1","key2":"value2","key3":"value3","key4":"value4","key5":"value5"}]', ], ], 'example' => '123456', ], 'Success' => [ 'title' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'description' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'type' => 'boolean', 'example' => 'true', ], 'Code' => [ 'title' => '请求状态码。', 'description' => '请求状态码。', 'type' => 'integer', 'format' => 'int32', 'example' => '200', ], 'Message' => [ 'title' => '请求返回消息。', 'description' => '请求返回消息。', 'type' => 'string', 'example' => 'success', ], 'RequestId' => [ 'title' => '请求id。', 'description' => '请求ID。', 'type' => 'string', 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorMessage' => 'The request processing has failed due to some unknown error.', 'errorCode' => 'InternalError', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"Id\\": 123456789,\\n \\"Status\\": 0,\\n \\"SimulateData\\": \\"[{\\\\\\"key1\\\\\\":\\\\\\"value1\\\\\\",\\\\\\"key2\\\\\\":\\\\\\"value2\\\\\\",\\\\\\"key3\\\\\\":\\\\\\"value3\\\\\\",\\\\\\"key4\\\\\\":\\\\\\"value4\\\\\\",\\\\\\"key5\\\\\\":\\\\\\"value5\\\\\\"}]\\"\\n },\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', 'title' => '获取模拟测试场景下的历史模拟数据', ], 'DescribeCustomizeRuleTestHistogram' => [ 'summary' => '获取自定义规则业务测试结果图表。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'https', 'http', ], 'security' => [ [ 'AK' => [], ], ], 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', ], 'parameters' => [ [ 'name' => 'Id', 'in' => 'formData', 'schema' => [ 'title' => '自定义规则ID。', 'description' => '自定义规则ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '123456789', ], ], [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'BaseResponse>', 'description' => 'BaseResponse>', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'array', 'items' => [ 'type' => 'object', 'properties' => [ 'From' => [ 'title' => '告警时间区间的开始时间戳 单位：秒。', 'description' => '告警时间区间的开始时间戳。单位：秒。', 'type' => 'integer', 'format' => 'int64', 'example' => '1599897188', ], 'To' => [ 'title' => '告警时间区间的结束时间戳 单位：秒。', 'description' => '告警时间区间的结束时间戳。单位：秒。', 'type' => 'integer', 'format' => 'int64', 'example' => '1599997188', ], 'Count' => [ 'title' => '当前查询结果在该子时间区间内产生的告警数。', 'description' => '当前查询结果在该子时间区间内产生的告警数。', 'type' => 'integer', 'format' => 'int64', 'example' => '125', ], ], ], 'example' => '123456', ], 'Success' => [ 'title' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'description' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'type' => 'boolean', 'example' => 'true', ], 'Code' => [ 'title' => '请求状态码。', 'description' => '请求状态码。', 'type' => 'integer', 'format' => 'int32', 'example' => '200', ], 'Message' => [ 'title' => '请求返回消息。', 'description' => '请求返回消息。', 'type' => 'string', 'example' => 'success', ], 'RequestId' => [ 'title' => '请求id。', 'description' => '请求ID。', 'type' => 'string', 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorMessage' => 'The request processing has failed due to some unknown error.', 'errorCode' => 'InternalError', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"From\\": 1599897188,\\n \\"To\\": 1599997188,\\n \\"Count\\": 125\\n }\\n ],\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', 'title' => '获取自定义规则业务测试结果图表', ], 'DescribeLogFields' => [ 'summary' => '获取自定义规则可配置字段列表。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'https', 'http', ], 'security' => [ [ 'AK' => [], ], ], 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', ], 'parameters' => [ [ 'name' => 'LogType', 'in' => 'formData', 'schema' => [ 'title' => '规则对应的日志源。', 'description' => '规则对应的日志源。', 'type' => 'string', 'required' => false, 'example' => 'cloud_siem_aegis_sas_alert', ], ], [ 'name' => 'LogSource', 'in' => 'formData', 'schema' => [ 'title' => '规则对应的日志源。', 'description' => '规则对应的日志源。', 'type' => 'string', 'required' => false, 'example' => 'cloud_siem_aegis_sas_alert', ], ], [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'PlainResponse>', 'description' => 'PlainResponse>', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'array', 'items' => [ 'type' => 'object', 'properties' => [ 'FieldName' => [ 'title' => '规则字段名称。', 'description' => '规则字段名称。', 'type' => 'string', 'example' => 'activity_name', ], 'FieldDesc' => [ 'title' => '字段描述美杜莎code。', 'description' => '字段描述美杜莎Code。', 'type' => 'string', 'example' => 'sas.cloudsiem.prod.activity_name', ], 'LogCode' => [ 'title' => '字段所属日志源。', 'description' => '字段所属日志源。', 'type' => 'string', 'example' => 'cloud_siem_aegis_sas_alert', ], 'ActivityName' => [ 'title' => '字段所属日志类型。', 'description' => '字段所属日志类型。', 'type' => 'string', 'example' => 'HTTP_ACTIVITY', ], 'FieldType' => [ 'title' => '字段数据类型。 取值：'."\n" .'- varchar：字符串'."\n" .'- bigint：数字', 'description' => '字段数据类型。 取值：'."\n" .'- varchar：字符串'."\n" .'- bigint：数字', 'type' => 'string', 'example' => 'varchar', ], ], ], 'example' => '123456', ], 'Success' => [ 'title' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'description' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'type' => 'boolean', 'example' => 'true', ], 'Code' => [ 'title' => '请求状态码。', 'description' => '请求状态码。', 'type' => 'integer', 'format' => 'int32', 'example' => '200', ], 'Message' => [ 'title' => '请求返回消息。', 'description' => '请求返回消息。', 'type' => 'string', 'example' => 'success', ], 'RequestId' => [ 'title' => '请求id。', 'description' => '请求ID。', 'type' => 'string', 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorMessage' => 'The request processing has failed due to some unknown error.', 'errorCode' => 'InternalError', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"FieldName\\": \\"activity_name\\",\\n \\"FieldDesc\\": \\"sas.cloudsiem.prod.activity_name\\",\\n \\"LogCode\\": \\"cloud_siem_aegis_sas_alert\\",\\n \\"ActivityName\\": \\"HTTP_ACTIVITY\\",\\n \\"FieldType\\": \\"varchar\\"\\n }\\n ],\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', 'title' => '获取自定义规则可配置字段列表', ], 'DescribeLogSource' => [ 'summary' => '获取自定义规则可配置日志源列表。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'https', 'http', ], 'security' => [ [ 'AK' => [], ], ], 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', ], 'parameters' => [ [ 'name' => 'LogType', 'in' => 'formData', 'schema' => [ 'title' => '规则对应的日志类型。', 'description' => '规则对应的日志类型。', 'type' => 'string', 'required' => false, 'example' => 'HTTP_ACTIVITY', ], ], [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'PlainResponse>', 'description' => 'PlainResponse>', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'array', 'items' => [ 'type' => 'object', 'properties' => [ 'LogSource' => [ 'title' => '规则对应的日志源。', 'description' => '规则对应的日志源。', 'type' => 'string', 'example' => 'cloud_siem_aegis_sas_alert', ], 'LogSourceName' => [ 'title' => '规则对应的日志源美杜莎code。', 'description' => '规则对应的日志源美杜莎Code。', 'type' => 'string', 'example' => 'sas.cloudsiem.prod.cloud_siem_aegis_sas_alert', ], ], ], 'example' => '123456', ], 'Success' => [ 'title' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'description' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'type' => 'boolean', 'example' => 'true', ], 'Code' => [ 'title' => '请求状态码。', 'description' => '请求状态码。', 'type' => 'integer', 'format' => 'int32', 'example' => '200', ], 'Message' => [ 'title' => '请求返回消息。', 'description' => '请求返回消息。', 'type' => 'string', 'example' => 'success', ], 'RequestId' => [ 'title' => '请求id。', 'description' => '请求ID。', 'type' => 'string', 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorMessage' => 'The request processing has failed due to some unknown error.', 'errorCode' => 'InternalError', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"LogSource\\": \\"cloud_siem_aegis_sas_alert\\",\\n \\"LogSourceName\\": \\"sas.cloudsiem.prod.cloud_siem_aegis_sas_alert\\"\\n }\\n ],\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', 'title' => '获取自定义规则可配置日志源列表', ], 'DescribeLogType' => [ 'summary' => '获取自定义规则可配置日志类型。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'https', 'http', ], 'security' => [ [ 'AK' => [], ], ], 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', ], 'parameters' => [ [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'PlainResponse>', 'description' => 'PlainResponse>', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'array', 'items' => [ 'type' => 'object', 'properties' => [ 'LogType' => [ 'title' => '规则对应的日志类型。', 'description' => '规则对应的日志类型。', 'type' => 'string', 'example' => 'HTTP_ACTIVITY', ], 'LogTypeName' => [ 'title' => '日志类型名称美杜莎code。', 'description' => '日志类型名称美杜莎Code。', 'type' => 'string', 'example' => 'sas.cloudsiem.prod.http_activity', ], ], ], 'example' => '123456', ], 'Success' => [ 'title' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'description' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'type' => 'boolean', 'example' => 'true', ], 'Code' => [ 'title' => '请求状态码。', 'description' => '请求状态码。', 'type' => 'integer', 'format' => 'int32', 'example' => '200', ], 'Message' => [ 'title' => '请求返回消息。', 'description' => '请求返回消息。', 'type' => 'string', 'example' => 'success', ], 'RequestId' => [ 'title' => '请求id。', 'description' => '请求ID。', 'type' => 'string', 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorMessage' => 'The request processing has failed due to some unknown error.', 'errorCode' => 'InternalError', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"LogType\\": \\"HTTP_ACTIVITY\\",\\n \\"LogTypeName\\": \\"sas.cloudsiem.prod.http_activity\\"\\n }\\n ],\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', 'title' => '获取自定义规则可配置日志类型', ], 'DescribeOperators' => [ 'summary' => '获取自定义规则操作符列表。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'https', 'http', ], 'security' => [ [ 'AK' => [], ], ], 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', ], 'parameters' => [ [ 'name' => 'SceneType', 'in' => 'formData', 'schema' => [ 'title' => '操作符使用场景类型。 取值：'."\n" .'- 不传：默认场景'."\n" .'- AGGREGATE：聚合函数场景', 'description' => '操作符使用场景类型。取值：'."\n" .'- 不传：默认场景'."\n" .'- AGGREGATE：聚合函数场景', 'type' => 'string', 'required' => false, 'example' => 'AGGREGATE', ], ], [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'PlainResponse>', 'description' => 'PlainResponse>', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'array', 'items' => [ 'type' => 'object', 'properties' => [ 'Operator' => [ 'title' => '操作符。', 'description' => '操作符。', 'type' => 'string', 'example' => '<=', ], 'OperatorName' => [ 'title' => '操作符显示名称。', 'description' => '操作符显示名称。', 'type' => 'string', 'example' => '<=', ], 'OperatorDescCn' => [ 'title' => '操作符中文描述。', 'description' => '操作符中文描述。', 'type' => 'string', 'example' => 'arger than or equal to', ], 'OperatorDescEn' => [ 'title' => '操作符英文描述。', 'description' => '操作符英文描述。', 'type' => 'string', 'example' => 'larger than or equal to', ], 'SupportDataType' => [ 'title' => '当前操作符可以支持的数据类型 以逗号分隔。', 'description' => '当前操作符可以支持的数据类型，以逗号分隔。', 'type' => 'string', 'example' => 'varchar', ], 'SupportTag' => [ 'title' => '操作符支持场景 多个场景以逗号分隔 如聚合（AGGREGATE）等 默认为空。', 'description' => '操作符支持场景。多个场景以逗号分隔，如聚合（AGGREGATE）等，默认为空。', 'type' => 'array', 'items' => [ 'description' => '操作符支持场景。多个场景以逗号分隔，如聚合（AGGREGATE）等，默认为空。', 'type' => 'string', 'example' => '[AGGREGATE]', ], 'example' => '[AGGREGATE]', ], 'Index' => [ 'title' => '操作符所处操作符列表位置。', 'description' => '操作符所在的操作符列表位置。', 'type' => 'integer', 'format' => 'int32', 'example' => '3', ], ], ], 'example' => '123456', ], 'Success' => [ 'title' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'description' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'type' => 'boolean', 'example' => 'true', ], 'Code' => [ 'title' => '请求状态码。', 'description' => '请求状态码。', 'type' => 'integer', 'format' => 'int32', 'example' => '200', ], 'Message' => [ 'title' => '请求返回消息。', 'description' => '请求返回消息。', 'type' => 'string', 'example' => 'success', ], 'RequestId' => [ 'title' => '请求id。', 'description' => '请求ID。', 'type' => 'string', 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorMessage' => 'The request processing has failed due to some unknown error.', 'errorCode' => 'InternalError', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"Operator\\": \\"<=\\",\\n \\"OperatorName\\": \\"<=\\",\\n \\"OperatorDescCn\\": \\"arger than or equal to\\",\\n \\"OperatorDescEn\\": \\"larger than or equal to\\",\\n \\"SupportDataType\\": \\"varchar\\",\\n \\"SupportTag\\": [\\n \\"[AGGREGATE]\\"\\n ],\\n \\"Index\\": 3\\n }\\n ],\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', 'title' => '获取自定义规则操作符列表', ], 'ListCloudSiemCustomizeRules' => [ 'summary' => '获取自定义规则列表。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'https', 'http', ], 'security' => [ [ 'AK' => [], ], ], 'deprecated' => false, 'systemTags' => [ 'operationType' => 'list', 'riskType' => 'none', 'chargeType' => 'free', ], 'parameters' => [ [ 'name' => 'Id', 'in' => 'formData', 'schema' => [ 'title' => '规则ID。', 'description' => '自定义规则ID。', 'type' => 'string', 'required' => false, 'example' => '10223', ], ], [ 'name' => 'StartTime', 'in' => 'formData', 'schema' => [ 'title' => '查询开始时间, 单位毫秒。', 'description' => '查询开始时间，单位毫秒。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '1577808000000', ], ], [ 'name' => 'EndTime', 'in' => 'formData', 'schema' => [ 'title' => '查询结束时间, 单位毫秒。', 'description' => '查询结束时间，单位毫秒。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '1577808000000', ], ], [ 'name' => 'ThreatLevel', 'in' => 'formData', 'style' => 'repeatList', 'schema' => [ 'title' => '威胁等级，格式为json数组。取值：'."\n" .'- serious：高危'."\n" .'- suspicious：中危'."\n" .'- remind：低危', 'description' => '威胁等级，JSON数组格式。取值：'."\n" .'- **serious**：高危'."\n" .'- **suspicious**：中危'."\n" .'- **remind**：低危', 'type' => 'array', 'items' => [ 'description' => '威胁等级，JSON数组格式。取值：'."\n" ."\n" .'- **serious**：高危'."\n" .'- **suspicious**：中危'."\n" .'- **remind**：低危', 'type' => 'string', 'required' => false, 'example' => '["remind","serious"]'."\n", ], 'required' => false, 'example' => '["serious","suspicious","remind"]', 'maxItems' => 100, ], ], [ 'name' => 'AlertType', 'in' => 'formData', 'schema' => [ 'title' => '告警类型。', 'description' => '告警类型。', 'type' => 'string', 'required' => false, 'example' => 'scan', ], ], [ 'name' => 'RuleName', 'in' => 'formData', 'schema' => [ 'title' => '规则名称, 仅支持字母、数字、下划线、点。', 'description' => '规则名称，仅支持字母、数字、下划线、点。', 'type' => 'string', 'required' => false, 'example' => 'waf_scan', ], ], [ 'name' => 'RuleType', 'in' => 'formData', 'schema' => [ 'title' => '规则类型。 取值：'."\n" .'- predefine：预定义'."\n" .'- customize：自定义', 'description' => '规则类型。取值：'."\n" .'- **predefine**：预定义'."\n" .'- **customize**：自定义', 'type' => 'string', 'required' => false, 'example' => 'customize', ], ], [ 'name' => 'Status', 'in' => 'formData', 'schema' => [ 'title' => '规则状态。 取值：'."\n" .'- 0：初始状态'."\n" .'- 10：模拟数据测试'."\n" .'- 15：业务数据测试中'."\n" .'- 20：业务数据测试结束'."\n" .'- 100：规则上线', 'description' => '规则状态。取值：'."\n" .'- **0**：初始状态'."\n" .'- **10**：模拟数据测试'."\n" .'- **15**：业务数据测试中'."\n" .'- **20**：业务数据测试结束'."\n" .'- **100**：规则上线', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '0', ], ], [ 'name' => 'OrderField', 'in' => 'formData', 'schema' => [ 'title' => '规则列表排列字段。 取值：'."\n" .'- GmtModified：基于修改时间排序'."\n" .'- Id：基于规则id排序（默认）', 'description' => '规则列表排列字段。 取值：'."\n" .'- GmtModified：基于修改时间排序'."\n" .'- Id：基于规则id排序（默认）', 'type' => 'string', 'required' => false, 'example' => 'Id', ], ], [ 'name' => 'Order', 'in' => 'formData', 'schema' => [ 'title' => '事件列表排列方向。 取值：'."\n" .'- desc：降序排列'."\n" .'- asc：升序排列。', 'description' => '事件列表排列方向。 取值：'."\n" .'- desc：降序排列'."\n" .'- asc：升序排列。', 'type' => 'string', 'required' => false, 'example' => 'desc', ], ], [ 'name' => 'CurrentPage', 'in' => 'formData', 'schema' => [ 'title' => '列表当前页号， 大于等于1。', 'description' => '列表当前页号，大于等于1。', 'type' => 'integer', 'format' => 'int32', 'required' => true, 'minimum' => '1', 'example' => '1', ], ], [ 'name' => 'PageSize', 'in' => 'formData', 'schema' => [ 'title' => '列表每页条数， 最大不超过100。', 'description' => '列表每页条数，最大不超过100。', 'type' => 'integer', 'format' => 'int32', 'required' => true, 'maximum' => '100', 'minimum' => '1', 'example' => '10', ], ], [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- **cn-hangzhou**：资产属于中国内地与中国香港'."\n" .'- **ap-southeast-1**：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'PageResponse>', 'description' => 'PageResponse>', 'type' => 'object', 'properties' => [ 'Success' => [ 'title' => '请求是否成功。取值：'."\n" .'- true:成功'."\n" .'- false：失败', 'description' => '请求是否成功。取值：'."\n" .'- **true**：成功'."\n" .'- **false**：失败', 'type' => 'boolean', 'example' => 'true', ], 'Code' => [ 'title' => '请求状态码。', 'description' => '请求状态码。', 'type' => 'integer', 'format' => 'int32', 'example' => '200', ], 'Message' => [ 'title' => '请求返回消息。', 'description' => '请求返回消息。', 'type' => 'string', 'example' => 'success', ], 'RequestId' => [ 'title' => '请求id。', 'description' => '请求ID。', 'type' => 'string', 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', ], 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'object', 'properties' => [ 'PageInfo' => [ 'title' => '分页记录。', 'description' => '分页记录。', 'type' => 'object', 'properties' => [ 'CurrentPage' => [ 'title' => '列表当前页号。', 'description' => '列表当前页号。', 'type' => 'integer', 'format' => 'int32', 'example' => '1', ], 'PageSize' => [ 'title' => '每页返回记录数。', 'description' => '每页返回记录数。', 'type' => 'integer', 'format' => 'int32', 'example' => '10', ], 'TotalCount' => [ 'title' => '记录总数。', 'description' => '记录总数。', 'type' => 'integer', 'format' => 'int64', 'example' => '100', ], ], ], 'ResponseData' => [ 'title' => '详细数据。', 'description' => '详细数据。', 'type' => 'array', 'items' => [ 'type' => 'object', 'properties' => [ 'Id' => [ 'title' => '自定义规则ID。', 'description' => '自定义规则ID。', 'type' => 'integer', 'format' => 'int64', 'example' => '123456789', ], 'GmtCreate' => [ 'title' => '自定义规则创建时间。', 'description' => '自定义规则创建时间。', 'type' => 'string', 'example' => '2021-01-06 16:37:29', ], 'GmtModified' => [ 'title' => '自定义规则最后更新时间。', 'description' => '自定义规则最后更新时间。', 'type' => 'string', 'example' => '2021-01-06 16:37:29', ], 'Aliuid' => [ 'title' => 'siem主账号ID。', 'description' => 'SIEM主账号ID。', 'type' => 'integer', 'format' => 'int64', 'example' => '127608589417****', ], 'RuleName' => [ 'title' => '规则名称。', 'description' => '规则名称。', 'type' => 'string', 'example' => 'waf_scan', ], 'RuleDesc' => [ 'title' => '规则描述。', 'description' => '规则描述。', 'type' => 'string', 'example' => 'this rule is for waf scan', ], 'RuleType' => [ 'title' => '规则类型。 取值：'."\n" .'- predefine：预定义'."\n" .'- customize：自定义', 'description' => '规则类型。取值：'."\n" .'- **predefine**：预定义'."\n" .'- **customize**：自定义', 'type' => 'string', 'example' => 'customize', ], 'ThreatLevel' => [ 'title' => '威胁等级。取值：'."\n" .'- serious：高危'."\n" .'- suspicious：中危'."\n" .'- remind：低危', 'description' => '威胁等级。取值：'."\n" .'- **serious**：高危'."\n" .'- **suspicious**：中危'."\n" .'- **remind**：低危', 'type' => 'string', 'example' => 'remind', ], 'AlertType' => [ 'title' => '威胁类型。', 'description' => '威胁类型。', 'type' => 'string', 'example' => 'WEBSHELL', ], 'AlertTypeMds' => [ 'title' => '威胁类型美杜莎code。', 'description' => '威胁类型美杜莎Code。', 'type' => 'string', 'example' => '${siem_rule_type_process_abnormal_command}', ], 'LogType' => [ 'title' => '规则对应的日志类型。', 'description' => '规则对应的日志类型。', 'type' => 'string', 'example' => 'ALERT_ACTIVITY', ], 'LogTypeMds' => [ 'title' => '规则对应的日志类型美杜莎code。', 'description' => '规则对应的日志类型美杜莎Code。', 'type' => 'string', 'example' => '${sas.cloudsiem.prod.alert_activity}', ], 'LogSource' => [ 'title' => '规则对应的日志源。', 'description' => '规则对应的日志源。', 'type' => 'string', 'example' => 'cloud_siem_aegis_sas_alert', ], 'LogSourceMds' => [ 'title' => '规则对应的日志源美杜莎code。', 'description' => '规则对应的日志源美杜莎Code。', 'type' => 'string', 'example' => '${sas.cloudsiem.prod.cloud_siem_aegis_sas_alert}', ], 'RuleCondition' => [ 'title' => '规则查询条件json(需要对html转义字符进行反向转义)。', 'description' => '规则查询条件，JSON数组格式（需要对HTML转义字符进行反向转义）。', 'type' => 'string', 'example' => '[[{"not":false,"left":"alert_name","operator":"=","right":"WEBSHELL"}]]', ], 'RuleGroup' => [ 'title' => '日志聚合字段,json数组格式(需要对html转义字符进行反向转义)。', 'description' => '日志聚合字段，JSON数组格式（需要对HTML转义字符进行反向转义）。', 'type' => 'string', 'example' => '["asset_id"]', ], 'RuleThreshold' => [ 'title' => '规则阈值配置json(需要对html转义字符进行反向转义)。', 'description' => '规则阈值配置json（需要对html转义字符进行反向转义）。', 'type' => 'string', 'example' => '{"aggregateFunction":"count","aggregateFunctionName":"count","field":"activity_name","operator":"<=","value":1}', ], 'QueryCycle' => [ 'title' => '规则窗口长度(需要对html转义字符进行反向转义)。', 'description' => '规则窗口长度（需要对html转义字符进行反向转义）。', 'type' => 'string', 'example' => '{"time":"1","unit":"HOUR"}', ], 'AttCk' => [ 'title' => '告警附加字段attck', 'description' => '告警附加字段attck。', 'type' => 'string', 'example' => 'T1595.002 Vulnerability Scanning', ], 'EventTransferSwitch' => [ 'title' => '告警是否转换事件开关。 取值：'."\n" .'- 0：不转换'."\n" .'- 1：转换', 'description' => '告警是否转换事件开关。取值：'."\n" .'- **0**：不转换'."\n" .'- **1**：转换', 'type' => 'integer', 'format' => 'int32', 'example' => '1', ], 'EventTransferType' => [ 'title' => '事件生成方式。 取值：'."\n" .'- default:默认内置方式'."\n" .'- singleToSingle：每个告警生成一个事件'."\n" .'- allToSingle：周期内告警生成一个事件', 'description' => '事件生成方式。取值：'."\n" .'- **default**：默认内置方式'."\n" .'- **singleToSingle**：每个告警生成一个事件'."\n" .'- **allToSingle**：周期内告警生成一个事件', 'type' => 'string', 'example' => 'allToSingle', ], 'EventTransferExt' => [ 'title' => '事件生成扩展信息 当eventTransferType值为allToSingle该字段有值 表示告警聚合窗口的周期长度以及周期单位(需要对html转义字符进行反向转义)。', 'description' => '事件生成扩展信息。当**eventTransferType**值为**allToSingle**，该字段有值，表示告警聚合窗口的周期长度以及周期单位（需要对html转义字符进行反向转义）。', 'type' => 'string', 'example' => '{"time":"1","unit":"MINUTE"}', ], 'Status' => [ 'title' => '规则状态。 取值：'."\n" .'- 0：初始状态'."\n" .'- 10：模拟数据测试'."\n" .'- 15：业务数据测试中'."\n" .'- 20：业务数据测试结束'."\n" .'- 100：规则上线', 'description' => '规则状态。取值：'."\n" .'- **0**：初始状态'."\n" .'- **10**：模拟数据测试'."\n" .'- **15**：业务数据测试中'."\n" .'- **20**：业务数据测试结束'."\n" .'- **100**：规则上线', 'type' => 'integer', 'format' => 'int32', 'example' => '0', ], 'DataType' => [ 'description' => '视图类型。'."\n" ."\n" .'0：当前阿里云账号视图。'."\n" .'1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'example' => '1', ], ], ], ], ], 'example' => '123456', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorMessage' => 'The request processing has failed due to some unknown error.', 'errorCode' => 'InternalError', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\",\\n \\"Data\\": {\\n \\"PageInfo\\": {\\n \\"CurrentPage\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 100\\n },\\n \\"ResponseData\\": [\\n {\\n \\"Id\\": 123456789,\\n \\"GmtCreate\\": \\"2021-01-06 16:37:29\\",\\n \\"GmtModified\\": \\"2021-01-06 16:37:29\\",\\n \\"Aliuid\\": 0,\\n \\"RuleName\\": \\"waf_scan\\",\\n \\"RuleDesc\\": \\"this rule is for waf scan\\",\\n \\"RuleType\\": \\"customize\\",\\n \\"ThreatLevel\\": \\"remind\\",\\n \\"AlertType\\": \\"WEBSHELL\\",\\n \\"AlertTypeMds\\": \\"${siem_rule_type_process_abnormal_command}\\",\\n \\"LogType\\": \\"ALERT_ACTIVITY\\",\\n \\"LogTypeMds\\": \\"${sas.cloudsiem.prod.alert_activity}\\",\\n \\"LogSource\\": \\"cloud_siem_aegis_sas_alert\\",\\n \\"LogSourceMds\\": \\"${sas.cloudsiem.prod.cloud_siem_aegis_sas_alert}\\",\\n \\"RuleCondition\\": \\"[[{"not":false,"left":"alert_name","operator":"=","right":"WEBSHELL"}]]\\",\\n \\"RuleGroup\\": \\"["asset_id"]\\",\\n \\"RuleThreshold\\": \\"{"aggregateFunction":"count","aggregateFunctionName":"count","field":"activity_name","operator":"<=","value":1}\\",\\n \\"QueryCycle\\": \\"{"time":"1","unit":"HOUR"}\\",\\n \\"AttCk\\": \\"T1595.002 Vulnerability Scanning\\",\\n \\"EventTransferSwitch\\": 1,\\n \\"EventTransferType\\": \\"allToSingle\\",\\n \\"EventTransferExt\\": \\"{"time":"1","unit":"MINUTE"}\\",\\n \\"Status\\": 0,\\n \\"DataType\\": 1\\n }\\n ]\\n }\\n}","type":"json"}]', 'title' => '获取自定义规则列表', ], 'ListCloudSiemPredefinedRules' => [ 'summary' => '获取预定义规则列表。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'https', 'http', ], 'security' => [ [ 'AK' => [], ], ], 'deprecated' => false, 'systemTags' => [ 'operationType' => 'list', 'riskType' => 'none', 'chargeType' => 'free', ], 'parameters' => [ [ 'name' => 'Id', 'in' => 'formData', 'schema' => [ 'title' => '规则ID。', 'description' => '规则ID。', 'type' => 'string', 'required' => false, 'example' => '10223', ], ], [ 'name' => 'StartTime', 'in' => 'formData', 'schema' => [ 'title' => '查询开始时间, 单位毫秒。', 'description' => '查询开始时间, 单位毫秒。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '1577808000000', ], ], [ 'name' => 'EndTime', 'in' => 'formData', 'schema' => [ 'title' => '查询结束时间, 单位毫秒。', 'description' => '查询结束时间, 单位毫秒。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '1577808000000', ], ], [ 'name' => 'ThreatLevel', 'in' => 'formData', 'style' => 'repeatList', 'schema' => [ 'title' => '威胁等级，格式为json数组。取值：'."\n" .'- serious：高危'."\n" .'- suspicious：中危'."\n" .'- remind：低危', 'description' => '威胁等级，格式为json数组。取值：'."\n" .'- serious：高危'."\n" .'- suspicious：中危'."\n" .'- remind：低危', 'type' => 'array', 'items' => [ 'description' => '威胁等级，格式为json数组。取值：'."\n" ."\n" .'- serious：高危'."\n" .'- suspicious：中危'."\n" .'- remind：低危', 'type' => 'string', 'required' => false, 'example' => '["remind","serious"]'."\n", ], 'required' => false, 'example' => '["serious","suspicious","remind"]', 'maxItems' => 100, ], ], [ 'name' => 'AlertType', 'in' => 'formData', 'schema' => [ 'title' => '告警类型。', 'description' => '告警类型。', 'type' => 'string', 'required' => false, 'example' => 'scan', ], ], [ 'name' => 'RuleName', 'in' => 'formData', 'schema' => [ 'title' => '规则名称, 仅支持字母、数字、下划线、点。', 'description' => '规则名称, 仅支持字母、数字、下划线、点。', 'type' => 'string', 'required' => false, 'example' => 'waf_scan', ], ], [ 'name' => 'RuleType', 'in' => 'formData', 'schema' => [ 'title' => '规则类型。 取值：'."\n" .'- predefine：预定义'."\n" .'- customize：自定义', 'description' => '规则类型。 取值：'."\n" .'- predefine：预定义'."\n" .'- customize：自定义', 'type' => 'string', 'required' => false, 'example' => 'customize', ], ], [ 'name' => 'EventTransferType', 'in' => 'formData', 'schema' => [ 'title' => '事件生成方式。 取值：'."\n" .'- default:默认内置方式'."\n" .'- singleToSingle：每个告警生成一个事件'."\n" .'- allToSingle：周期内告警生成一个事件', 'description' => '事件生成方式。 取值：'."\n" .'- default:默认内置方式'."\n" .'- singleToSingle：每个告警生成一个事件'."\n" .'- allToSingle：周期内告警生成一个事件', 'type' => 'string', 'required' => false, 'example' => 'allToSingle', ], ], [ 'name' => 'AttCk', 'in' => 'formData', 'schema' => [ 'title' => 'att&ck。', 'description' => 'att&ck。', 'type' => 'string', 'required' => false, 'example' => 'T1595.002 Vulnerability Scanning', ], ], [ 'name' => 'LogSource', 'in' => 'formData', 'schema' => [ 'title' => '日志源。', 'description' => '日志源。', 'type' => 'string', 'required' => false, 'example' => 'cloud_siem_alb_flow_log', ], ], [ 'name' => 'Status', 'in' => 'formData', 'schema' => [ 'title' => '规则状态。 取值：'."\n" .'- 0：初始状态'."\n" .'- 10：模拟数据测试'."\n" .'- 15：业务数据测试中'."\n" .'- 20：业务数据测试结束'."\n" .'- 100：规则上线', 'description' => '规则状态。 取值：'."\n" .'- 0：初始状态'."\n" .'- 10：模拟数据测试'."\n" .'- 15：业务数据测试中'."\n" .'- 20：业务数据测试结束'."\n" .'- 100：规则上线', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '0', ], ], [ 'name' => 'OrderField', 'in' => 'formData', 'schema' => [ 'title' => '规则列表排列字段。 取值：'."\n" .'- GmtModified：基于修改时间排序'."\n" .'- Id：基于规则id排序（默认）', 'description' => '规则列表排列字段。 取值：'."\n" .'- GmtModified：基于修改时间排序'."\n" .'- Id：基于规则id排序（默认）', 'type' => 'string', 'required' => false, 'example' => 'Id', ], ], [ 'name' => 'Order', 'in' => 'formData', 'schema' => [ 'title' => '事件列表排列方向。 取值：'."\n" .'- desc：降序排列'."\n" .'- asc：升序排列。', 'description' => '事件列表排列方向。 取值：'."\n" .'- desc：降序排列'."\n" .'- asc：升序排列。', 'type' => 'string', 'required' => false, 'example' => 'desc', ], ], [ 'name' => 'CurrentPage', 'in' => 'formData', 'schema' => [ 'title' => '列表当前页号， 大于等于1。', 'description' => '列表当前页号， 大于等于1。', 'type' => 'integer', 'format' => 'int32', 'required' => true, 'minimum' => '1', 'example' => '1', ], ], [ 'name' => 'PageSize', 'in' => 'formData', 'schema' => [ 'title' => '列表每页条数， 最大不超过100。', 'description' => '列表每页条数， 最大不超过100。', 'type' => 'integer', 'format' => 'int32', 'required' => true, 'maximum' => '100', 'minimum' => '1', 'example' => '10', ], ], [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'PageResponse>', 'description' => 'PageResponse>', 'type' => 'object', 'properties' => [ 'Success' => [ 'title' => '请求是否成功。取值：'."\n" .'- true:成功'."\n" .'- false：失败', 'description' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'type' => 'boolean', 'example' => 'true', ], 'Code' => [ 'title' => '请求状态码。', 'description' => '请求状态码。', 'type' => 'integer', 'format' => 'int32', 'example' => '200', ], 'Message' => [ 'title' => '请求返回消息。', 'description' => '请求返回消息。', 'type' => 'string', 'example' => 'success', ], 'RequestId' => [ 'title' => '请求id。', 'description' => '请求ID。', 'type' => 'string', 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', ], 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'object', 'properties' => [ 'PageInfo' => [ 'title' => '分页记录。', 'description' => '分页记录。', 'type' => 'object', 'properties' => [ 'CurrentPage' => [ 'title' => '列表当前页号。', 'description' => '列表当前页号。', 'type' => 'integer', 'format' => 'int32', 'example' => '1', ], 'PageSize' => [ 'title' => '每页返回记录数。', 'description' => '每页返回记录数。', 'type' => 'integer', 'format' => 'int32', 'example' => '10', ], 'TotalCount' => [ 'title' => '记录总数。', 'description' => '记录总数。', 'type' => 'integer', 'format' => 'int64', 'example' => '100', ], ], ], 'ResponseData' => [ 'title' => '详细数据。', 'description' => '详细数据。', 'type' => 'array', 'items' => [ 'type' => 'object', 'properties' => [ 'Id' => [ 'title' => '预定义规则ID。', 'description' => '预定义规则ID。', 'type' => 'integer', 'format' => 'int64', 'example' => '123456789', ], 'GmtCreate' => [ 'title' => '规则创建时间。', 'description' => '规则创建时间。', 'type' => 'string', 'example' => '2021-01-06 16:37:29', ], 'GmtModified' => [ 'title' => '规则修改时间。', 'description' => '规则修改时间。', 'type' => 'string', 'example' => '2021-01-06 16:37:29', ], 'RuleName' => [ 'title' => '规则名称。', 'description' => '规则名称。', 'type' => 'string', 'example' => 'siem_base64-command-exec_aegis-proc', ], 'RuleNameCn' => [ 'title' => '规则中文名称。', 'description' => '规则中文名称。', 'type' => 'string', 'example' => 'siem_base64-command-exec_aegis-proc', ], 'RuleNameEn' => [ 'title' => '规则英文名称。', 'description' => '规则英文名称。', 'type' => 'string', 'example' => 'siem_base64-command-exec_aegis-proc', ], 'RuleNameMds' => [ 'title' => '规则名称美杜莎code。', 'description' => '规则名称美杜莎Code。', 'type' => 'string', 'example' => '${siem_rule_name_siem_cfw-attack-count-level-up_cfw-attack}', ], 'RuleDescMds' => [ 'title' => '规则描述美杜莎code。', 'description' => '规则描述美杜莎Code。', 'type' => 'string', 'example' => '${siem_rule_description_siem_cfw-attack-count-level-up_cfw-attack}', ], 'ThreatLevel' => [ 'title' => '威胁等级。取值：'."\n" .'- serious：高危'."\n" .'- suspicious：中危'."\n" .'- remind：低危', 'description' => '威胁等级。取值：'."\n" .'- serious：高危'."\n" .'- suspicious：中危'."\n" .'- remind：低危', 'type' => 'string', 'example' => 'remind', ], 'AlertType' => [ 'title' => '威胁类型。', 'description' => '威胁类型。', 'type' => 'string', 'example' => 'WEBSHELL', ], 'Source' => [ 'title' => '规则对应的日志源。', 'description' => '规则对应的日志源。', 'type' => 'string', 'example' => 'cloud_siem_aegis_proc', ], 'EventTransferType' => [ 'title' => '事件生成方式。 取值：'."\n" .'- default:默认内置方式'."\n" .'- singleToSingle：每个告警生成一个事件'."\n" .'- allToSingle：周期内告警生成一个事件', 'description' => '事件生成方式。 取值：'."\n" .'- default:默认内置方式'."\n" .'- singleToSingle：每个告警生成一个事件'."\n" .'- allToSingle：周期内告警生成一个事件', 'type' => 'string', 'example' => 'allToSingle', ], 'AttCk' => [ 'title' => '告警附加字段attck', 'description' => '告警附加字段attck', 'type' => 'string', 'example' => 'T1595.002 Vulnerability Scanning', ], 'Status' => [ 'title' => '预定义规则启用状态。 取值：'."\n" .'- 0：初始状态'."\n" .'- 100：规则上线', 'description' => '预定义规则启用状态。 取值：'."\n" .'- 0：初始状态'."\n" .'- 100：规则上线', 'type' => 'integer', 'format' => 'int32', 'example' => '0', ], ], ], ], ], 'example' => '123456', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorMessage' => 'The request processing has failed due to some unknown error.', 'errorCode' => 'InternalError', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\",\\n \\"Data\\": {\\n \\"PageInfo\\": {\\n \\"CurrentPage\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 100\\n },\\n \\"ResponseData\\": [\\n {\\n \\"Id\\": 123456789,\\n \\"GmtCreate\\": \\"2021-01-06 16:37:29\\",\\n \\"GmtModified\\": \\"2021-01-06 16:37:29\\",\\n \\"RuleName\\": \\"siem_base64-command-exec_aegis-proc\\",\\n \\"RuleNameCn\\": \\"siem_base64-command-exec_aegis-proc\\",\\n \\"RuleNameEn\\": \\"siem_base64-command-exec_aegis-proc\\",\\n \\"RuleNameMds\\": \\"${siem_rule_name_siem_cfw-attack-count-level-up_cfw-attack}\\",\\n \\"RuleDescMds\\": \\"${siem_rule_description_siem_cfw-attack-count-level-up_cfw-attack}\\",\\n \\"ThreatLevel\\": \\"remind\\",\\n \\"AlertType\\": \\"WEBSHELL\\",\\n \\"Source\\": \\"cloud_siem_aegis_proc\\",\\n \\"EventTransferType\\": \\"allToSingle\\",\\n \\"AttCk\\": \\"T1595.002 Vulnerability Scanning\\",\\n \\"Status\\": 0\\n }\\n ]\\n }\\n}","type":"json"}]', 'title' => '获取预定义规则列表', ], 'ListCustomizeRuleTestResult' => [ 'summary' => '获取自定义规则测试结果列表。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'http', 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'list', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsasASHGE7', ], ], 'parameters' => [ [ 'name' => 'Id', 'in' => 'formData', 'schema' => [ 'title' => '自定义规则ID。', 'description' => '自定义规则ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '123456789', ], ], [ 'name' => 'CurrentPage', 'in' => 'formData', 'schema' => [ 'title' => '列表当前页号， 大于等于1。', 'description' => '列表当前页号，大于等于1。', 'type' => 'integer', 'format' => 'int32', 'required' => true, 'minimum' => '1', 'example' => '1', ], ], [ 'name' => 'PageSize', 'in' => 'formData', 'schema' => [ 'title' => '列表每页条数， 最大不超过100。', 'description' => '列表每页条数，最大不超过100。', 'type' => 'integer', 'format' => 'int32', 'required' => true, 'maximum' => '100', 'minimum' => '1', 'example' => '10', ], ], [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'DetectionRuleId', 'in' => 'formData', 'schema' => [ 'description' => '自定义规则ID，规则ID可以通过规则列表接口获取。', 'type' => 'string', 'required' => false, 'example' => 'dr-53np4nguf5jmh1vc****', ], ], [ 'name' => 'VerifyType', 'in' => 'formData', 'schema' => [ 'description' => '根据告警模板对告警字段的准确性的校验结果。'."\n" ."\n" .'- true：通过，启用的规则告警可以同步到产品侧'."\n" .'- false：不通过，告警不能通过产品侧', 'type' => 'string', 'required' => false, 'example' => 'true', ], ], [ 'name' => 'StartTime', 'in' => 'formData', 'schema' => [ 'description' => '开始时间。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '1723057091000', ], ], [ 'name' => 'EndTime', 'in' => 'formData', 'schema' => [ 'description' => '结束时间。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '1731797891000', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'PageResponse>', 'description' => 'PageResponse>', 'type' => 'object', 'properties' => [ 'Success' => [ 'title' => '请求是否成功。取值：'."\n" .'- true:成功'."\n" .'- false：失败', 'description' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'type' => 'boolean', 'example' => 'true', ], 'Code' => [ 'title' => '请求状态码。', 'description' => '请求状态码。', 'type' => 'integer', 'format' => 'int32', 'example' => '200', ], 'Message' => [ 'title' => '请求返回消息。', 'description' => '请求返回消息。', 'type' => 'string', 'example' => 'success', ], 'RequestId' => [ 'title' => '请求id。', 'description' => '请求ID。', 'type' => 'string', 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', ], 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'object', 'properties' => [ 'PageInfo' => [ 'title' => '分页记录。', 'description' => '分页记录。', 'type' => 'object', 'properties' => [ 'CurrentPage' => [ 'title' => '列表当前页号。', 'description' => '列表当前页号。', 'type' => 'integer', 'format' => 'int32', 'example' => '1', ], 'PageSize' => [ 'title' => '每页返回记录数。', 'description' => '每页返回记录数。', 'type' => 'integer', 'format' => 'int32', 'example' => '10', ], 'TotalCount' => [ 'title' => '记录总数。', 'description' => '记录总数。', 'type' => 'integer', 'format' => 'int64', 'example' => '100', ], 'VerifiedCount' => [ 'description' => '告警校验通过数。', 'type' => 'integer', 'format' => 'int64', 'example' => '30', ], ], ], 'ResponseData' => [ 'title' => '详细数据。', 'description' => '详细数据。', 'type' => 'array', 'items' => [ 'type' => 'object', 'properties' => [ 'Uuid' => [ 'title' => '告警id。', 'description' => '告警UUID。', 'type' => 'string', 'example' => 'sas_71e24437d2797ce8fc59692905a4****', ], 'MainUserId' => [ 'title' => '告警关联siem主账号id。', 'description' => '告警关联SIEM主账号ID。', 'type' => 'string', 'example' => '127608589417****', ], 'SubUserId' => [ 'title' => '告警史记关联阿里账号ID。', 'description' => '告警关联阿里账号ID。', 'type' => 'string', 'example' => '176555323***', ], 'LogType' => [ 'title' => '规则对应的日志类型。', 'description' => '规则对应的日志类型。', 'type' => 'string', 'example' => 'ALERT_ACTIVITY', ], 'LogSource' => [ 'title' => '规则对应的日志源。', 'description' => '规则对应的日志源。', 'type' => 'string', 'example' => 'cloud_siem_aegis_sas_alert', ], 'AlertSrcProd' => [ 'title' => '事件关联告警来源产品。', 'description' => '事件关联告警来源产品。', 'type' => 'string', 'example' => 'sas', ], 'AlertSrcProdModule' => [ 'title' => '事件关联告警来源产品子模块。', 'description' => '事件关联告警来源产品子模块。', 'type' => 'string', 'example' => 'waf', ], 'AttCk' => [ 'title' => 'ATTCT&攻击技术标签。', 'description' => 'ATTCT&攻击技术标签。', 'type' => 'string', 'example' => 'T1595.002 Vulnerability Scanning', ], 'AlertDesc' => [ 'title' => '告警描述。', 'description' => '告警描述。', 'type' => 'string', 'example' => 'The account you logged in this time is not in the legal account category defined by you. Please confirm the legality of the login behavior。', ], 'OnlineStatus' => [ 'title' => '告警数据状态。 取值：'."\n" .'- test：业务测试'."\n" .'- online：上线', 'description' => '告警数据状态。 取值：'."\n" .'- test：业务测试'."\n" .'- online：上线', 'type' => 'string', 'example' => 'test', ], 'EventName' => [ 'title' => '告警名称，对应自定义规则名称。', 'description' => '告警名称，对应自定义规则名称。', 'type' => 'string', 'example' => 'waf_scan', ], 'Level' => [ 'title' => '威胁等级。取值：'."\n" .'- serious：高危'."\n" .'- suspicious：中危'."\n" .'- remind：低危', 'description' => '威胁等级。取值：'."\n" .'- serious：高危'."\n" .'- suspicious：中危'."\n" .'- remind：低危', 'type' => 'string', 'example' => 'remind', ], 'EventType' => [ 'title' => '威胁类型 即告警类型。', 'description' => '威胁类型，即告警类型。', 'type' => 'string', 'example' => 'WEBSHELL', ], 'AlertDetail' => [ 'title' => '告警详情 json格式。', 'description' => '告警详情，JSON格式。', 'type' => 'string', 'example' => '{"main_user_id": "165295629792****";"log_uuid_count": "99";"attack_ip": "218.92.XX.XX"}', ], 'LogTime' => [ 'title' => '告警记录时间。', 'description' => '告警记录时间。', 'type' => 'string', 'example' => '2023-01-06 16:37:29', ], 'VerifyType' => [ 'description' => '根据告警模板对告警的校验结果。'."\n" ."\n" .'- true：通过'."\n" .'- false：不通过', 'type' => 'string', 'example' => 'true', ], ], ], ], ], 'example' => '123456', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorMessage' => 'The request processing has failed due to some unknown error.', 'errorCode' => 'InternalError', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\",\\n \\"Data\\": {\\n \\"PageInfo\\": {\\n \\"CurrentPage\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 100,\\n \\"VerifiedCount\\": 30\\n },\\n \\"ResponseData\\": [\\n {\\n \\"Uuid\\": \\"sas_71e24437d2797ce8fc59692905a4****\\",\\n \\"MainUserId\\": \\"127608589417****\\",\\n \\"SubUserId\\": \\"176555323***\\",\\n \\"LogType\\": \\"ALERT_ACTIVITY\\",\\n \\"LogSource\\": \\"cloud_siem_aegis_sas_alert\\",\\n \\"AlertSrcProd\\": \\"sas\\",\\n \\"AlertSrcProdModule\\": \\"waf\\",\\n \\"AttCk\\": \\"T1595.002 Vulnerability Scanning\\",\\n \\"AlertDesc\\": \\"The account you logged in this time is not in the legal account category defined by you. Please confirm the legality of the login behavior。\\",\\n \\"OnlineStatus\\": \\"test\\",\\n \\"EventName\\": \\"waf_scan\\",\\n \\"Level\\": \\"remind\\",\\n \\"EventType\\": \\"WEBSHELL\\",\\n \\"AlertDetail\\": \\"{\\\\\\"main_user_id\\\\\\": \\\\\\"165295629792****\\\\\\";\\\\\\"log_uuid_count\\\\\\": \\\\\\"99\\\\\\";\\\\\\"attack_ip\\\\\\": \\\\\\"218.92.XX.XX\\\\\\"}\\",\\n \\"LogTime\\": \\"2023-01-06 16:37:29\\",\\n \\"VerifyType\\": \\"true\\"\\n }\\n ]\\n }\\n}","type":"json"}]', 'title' => '获取自定义规则测试结果列表', ], 'PostCustomizeRule' => [ 'summary' => '添加或者更新自定义规则。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'https', 'http', ], 'security' => [ [ 'AK' => [], ], ], 'deprecated' => false, 'systemTags' => [ 'operationType' => 'create', 'riskType' => 'none', 'chargeType' => 'free', ], 'parameters' => [ [ 'name' => 'Id', 'in' => 'formData', 'schema' => [ 'title' => '自定义规则ID。', 'description' => '自定义规则ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '123456789', ], ], [ 'name' => 'RuleName', 'in' => 'formData', 'schema' => [ 'title' => '规则名称。', 'description' => '规则名称。', 'type' => 'string', 'required' => false, 'example' => 'waf_scan', ], ], [ 'name' => 'RuleDesc', 'in' => 'formData', 'schema' => [ 'title' => '规则描述。', 'description' => '规则描述。', 'type' => 'string', 'required' => false, 'example' => 'this rule is for waf scan', ], ], [ 'name' => 'ThreatLevel', 'in' => 'formData', 'schema' => [ 'title' => '威胁等级。取值：'."\n" .'- serious：高危'."\n" .'- suspicious：中危'."\n" .'- remind：低危', 'description' => '威胁等级。取值：'."\n" .'- serious：高危'."\n" .'- suspicious：中危'."\n" .'- remind：低危', 'type' => 'string', 'required' => false, 'example' => 'remind', ], ], [ 'name' => 'AttCk', 'in' => 'formData', 'schema' => [ 'title' => 'att&ck。', 'description' => 'att&ck。', 'type' => 'string', 'required' => false, 'example' => 'T1595.002 Vulnerability Scanning'."\n", ], ], [ 'name' => 'AlertType', 'in' => 'formData', 'schema' => [ 'title' => '威胁类型。', 'description' => '威胁类型。', 'type' => 'string', 'required' => false, 'example' => 'WEBSHELL', ], ], [ 'name' => 'AlertTypeMds', 'in' => 'formData', 'schema' => [ 'title' => '威胁类型美杜莎code。', 'description' => '威胁类型美杜莎Code。', 'type' => 'string', 'required' => false, 'example' => '${siem_rule_type_process_abnormal_command}', ], ], [ 'name' => 'LogType', 'in' => 'formData', 'schema' => [ 'title' => '规则对应的日志类型。', 'description' => '规则对应的日志类型。', 'type' => 'string', 'required' => false, 'example' => 'ALERT_ACTIVITY', ], ], [ 'name' => 'LogTypeMds', 'in' => 'formData', 'schema' => [ 'title' => '规则对应的日志类型美杜莎code。', 'description' => '规则对应的日志类型美杜莎Code。', 'type' => 'string', 'required' => false, 'example' => '${security_event_config.event_name.webshellName_clientav}', ], ], [ 'name' => 'LogSource', 'in' => 'formData', 'schema' => [ 'title' => '规则对应的日志源。', 'description' => '规则对应的日志源。', 'type' => 'string', 'required' => false, 'example' => 'cloud_siem_aegis_sas_alert', ], ], [ 'name' => 'LogSourceMds', 'in' => 'formData', 'schema' => [ 'title' => '规则对应的日志源美杜莎code。', 'description' => '规则对应的日志源美杜莎Code。', 'type' => 'string', 'required' => false, 'example' => '${sas.cloudsiem.prod.cloud_siem_aegis_sas_alert}', ], ], [ 'name' => 'RuleCondition', 'in' => 'formData', 'schema' => [ 'title' => '规则查询条件json。', 'description' => '规则查询条件json。', 'type' => 'string', 'required' => false, 'example' => '[[{"not":false,"left":"alert_name","operator":"=","right":"WEBSHELL"}]]', ], ], [ 'name' => 'RuleGroup', 'in' => 'formData', 'schema' => [ 'title' => '日志聚合字段,json数组格式。', 'description' => '日志聚合字段，json数组格式。', 'type' => 'string', 'required' => false, 'example' => '["asset_id"]', ], ], [ 'name' => 'RuleThreshold', 'in' => 'formData', 'schema' => [ 'title' => '规则阈值配置json。', 'description' => '规则阈值配置json。', 'type' => 'string', 'required' => false, 'example' => '{"aggregateFunction":"count","aggregateFunctionName":"count","field":"activity_name","operator":"<=","value":1}', ], ], [ 'name' => 'QueryCycle', 'in' => 'formData', 'schema' => [ 'title' => '规则窗口长度。', 'description' => '规则窗口长度。', 'type' => 'string', 'required' => false, 'example' => '{"time":"1","unit":"HOUR"}', ], ], [ 'name' => 'EventTransferSwitch', 'in' => 'formData', 'schema' => [ 'title' => '告警是否转换事件开关。 取值：'."\n" .'- 0：不转换'."\n" .'- 1：转换', 'description' => '告警是否转换事件开关。取值：'."\n" .'- 0：不转换'."\n" .'- 1：转换', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'EventTransferType', 'in' => 'formData', 'schema' => [ 'title' => '事件生成方式。 取值：'."\n" .'- default:默认内置方式'."\n" .'- singleToSingle：每个告警生成一个事件'."\n" .'- allToSingle：周期内告警生成一个事件', 'description' => '事件生成方式。取值：'."\n" .'- default：默认内置方式'."\n" .'- singleToSingle：每个告警生成一个事件'."\n" .'- allToSingle：周期内告警生成一个事件', 'type' => 'string', 'required' => false, 'example' => 'allToSingle', ], ], [ 'name' => 'EventTransferExt', 'in' => 'formData', 'schema' => [ 'title' => '事件生成扩展信息 当eventTransferType值为allToSingle该字段有值 表示告警聚合窗口的周期长度以及周期单位。', 'description' => '事件生成扩展信息，当eventTransferType值为allToSingle时，该字段有值，表示告警聚合窗口的周期长度以及周期单位。', 'type' => 'string', 'required' => false, 'example' => '{"time":"1","unit":"MINUTE"}', ], ], [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'BaseResponse', 'description' => 'BaseResponse', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'object', 'properties' => [ 'Id' => [ 'title' => '自定义规则ID。', 'description' => '自定义规则id。', 'type' => 'integer', 'format' => 'int64', 'example' => '123456789', ], 'GmtCreate' => [ 'title' => '自定义规则创建时间。', 'description' => '自定义规则创建时间。', 'type' => 'string', 'example' => '2021-01-06 16:37:29', ], 'GmtModified' => [ 'title' => '自定义规则最后更新时间。', 'description' => '自定义规则最后更新时间。', 'type' => 'string', 'example' => '2021-01-06 16:37:29', ], 'Aliuid' => [ 'title' => 'siem主账号ID。', 'description' => '购买威胁分析产品的阿里云账号ID。', 'type' => 'integer', 'format' => 'int64', 'example' => '127608589417****', ], 'RuleName' => [ 'title' => '规则名称。', 'description' => '规则名称。', 'type' => 'string', 'example' => 'waf_scan', ], 'RuleDesc' => [ 'title' => '规则描述。', 'description' => '规则描述。', 'type' => 'string', 'example' => 'this rule is for waf scan', ], 'RuleType' => [ 'title' => '规则类型。 取值：'."\n" .'- predefine：预定义'."\n" .'- customize：自定义', 'description' => '规则类型。取值：'."\n" .'- predefine：预定义'."\n" .'- customize：自定义', 'type' => 'string', 'example' => 'customize', ], 'ThreatLevel' => [ 'title' => '威胁等级。取值：'."\n" .'- serious：高危'."\n" .'- suspicious：中危'."\n" .'- remind：低危', 'description' => '威胁等级。取值：'."\n" .'- serious：高危'."\n" .'- suspicious：中危'."\n" .'- remind：低危', 'type' => 'string', 'example' => 'remind', ], 'AlertType' => [ 'title' => '威胁类型。', 'description' => '威胁类型。', 'type' => 'string', 'example' => 'WEBSHELL', ], 'AlertTypeMds' => [ 'title' => '威胁类型美杜莎code。', 'description' => '威胁类型美杜莎Code。', 'type' => 'string', 'example' => '${siem_rule_type_process_abnormal_command}', ], 'LogType' => [ 'title' => '规则对应的日志类型。', 'description' => '规则对应的日志类型。', 'type' => 'string', 'example' => 'ALERT_ACTIVITY', ], 'LogTypeMds' => [ 'title' => '规则对应的日志类型美杜莎code。', 'description' => '规则对应的日志类型美杜莎Code。', 'type' => 'string', 'example' => '${security_event_config.event_name.webshellName_clientav}', ], 'LogSource' => [ 'title' => '规则对应的日志源。', 'description' => '规则对应的日志源。', 'type' => 'string', 'example' => 'cloud_siem_aegis_sas_alert', ], 'LogSourceMds' => [ 'title' => '规则对应的日志源美杜莎code。', 'description' => '规则对应的日志源美杜莎code。', 'type' => 'string', 'example' => '${sas.cloudsiem.prod.cloud_siem_aegis_sas_alert}', ], 'RuleCondition' => [ 'title' => '规则查询条件json(需要对html转义字符进行反向转义)。', 'description' => '规则查询条件json（需要对html转义字符进行反向转义）。', 'type' => 'string', 'example' => '[[{"not":false,"left":"alert_name","operator":"=","right":"WEBSHELL"}]]', ], 'RuleGroup' => [ 'title' => '日志聚合字段,json数组格式(需要对html转义字符进行反向转义)。', 'description' => '日志聚合字段,json数组格式（需要对html转义字符进行反向转义）。', 'type' => 'string', 'example' => '["asset_id"]', ], 'RuleThreshold' => [ 'title' => '规则阈值配置json(需要对html转义字符进行反向转义)。', 'description' => '规则阈值配置json（需要对html转义字符进行反向转义）。', 'type' => 'string', 'example' => '{"aggregateFunction":"count","aggregateFunctionName":"count","field":"activity_name","operator":"<=","value":1}', ], 'QueryCycle' => [ 'title' => '规则窗口长度(需要对html转义字符进行反向转义)。', 'description' => '规则窗口长度（需要对html转义字符进行反向转义）。', 'type' => 'string', 'example' => '{"time":"1","unit":"HOUR"}', ], 'AttCk' => [ 'title' => '告警附加字段attck', 'description' => '告警附加字段attck', 'type' => 'string', 'example' => 'T1595.002 Vulnerability Scanning', ], 'EventTransferSwitch' => [ 'title' => '告警是否转换事件开关。 取值：'."\n" .'- 0：不转换'."\n" .'- 1：转换', 'description' => '告警是否转换事件开关。取值：'."\n" .'- 0：不转换'."\n" .'- 1：转换', 'type' => 'integer', 'format' => 'int32', 'example' => '1', ], 'EventTransferType' => [ 'title' => '事件生成方式。 取值：'."\n" .'- default:默认内置方式'."\n" .'- singleToSingle：每个告警生成一个事件'."\n" .'- allToSingle：周期内告警生成一个事件', 'description' => '事件生成方式。取值：'."\n" .'- default：默认内置方式'."\n" .'- singleToSingle：每个告警生成一个事件'."\n" .'- allToSingle：周期内告警生成一个事件', 'type' => 'string', 'example' => 'allToSingle', ], 'EventTransferExt' => [ 'title' => '事件生成扩展信息 当eventTransferType值为allToSingle该字段有值 表示告警聚合窗口的周期长度以及周期单位(需要对html转义字符进行反向转义)。', 'description' => '事件生成扩展信息，当eventTransferType值为allToSingle时，该字段有值，表示告警聚合窗口的周期长度以及周期单位，（需要对html转义字符进行反向转义）。', 'type' => 'string', 'example' => '{"time":"1","unit":"MINUTE"}', ], 'Status' => [ 'title' => '规则状态。 取值：'."\n" .'- 0：初始状态'."\n" .'- 10：模拟数据测试'."\n" .'- 15：业务数据测试中'."\n" .'- 20：业务数据测试结束'."\n" .'- 100：规则上线', 'description' => '规则状态。取值：'."\n" .'- 0：初始状态'."\n" .'- 10：模拟数据测试'."\n" .'- 15：业务数据测试中'."\n" .'- 20：业务数据测试结束'."\n" .'- 100：规则上线', 'type' => 'integer', 'format' => 'int32', 'example' => '0', ], 'DataType' => [ 'description' => '自动化响应规则条件字段数据类型。', 'type' => 'integer', 'format' => 'int32', 'example' => 'varchar', ], ], 'example' => '123456', ], 'Success' => [ 'title' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'description' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'type' => 'boolean', 'example' => 'true', ], 'Code' => [ 'title' => '请求状态码。', 'description' => '请求状态码。', 'type' => 'integer', 'format' => 'int32', 'example' => '200', ], 'Message' => [ 'title' => '请求返回消息。', 'description' => '请求返回消息。', 'type' => 'string', 'example' => 'success', ], 'RequestId' => [ 'title' => '请求id。', 'description' => '请求ID。', 'type' => 'string', 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'CloudSiemCustomizeRuleUpdateExcepiton', 'errorMessage' => 'this customize rule can only update in init status.', ], [ 'errorCode' => 'CloudSiemCustomizeRuleConditionExceedExcepiton', 'errorMessage' => 'the number of rule conditions cannot exceed 100.', ], [ 'errorCode' => 'CloudSiemCustomizeRuleDuplicateRuleNameExcepiton', 'errorMessage' => 'the rule name is duplicated.', ], ], 500 => [ [ 'errorMessage' => 'The request processing has failed due to some unknown error.', 'errorCode' => 'InternalError', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"Id\\": 123456789,\\n \\"GmtCreate\\": \\"2021-01-06 16:37:29\\",\\n \\"GmtModified\\": \\"2021-01-06 16:37:29\\",\\n \\"Aliuid\\": 0,\\n \\"RuleName\\": \\"waf_scan\\",\\n \\"RuleDesc\\": \\"this rule is for waf scan\\",\\n \\"RuleType\\": \\"customize\\",\\n \\"ThreatLevel\\": \\"remind\\",\\n \\"AlertType\\": \\"WEBSHELL\\",\\n \\"AlertTypeMds\\": \\"${siem_rule_type_process_abnormal_command}\\",\\n \\"LogType\\": \\"ALERT_ACTIVITY\\",\\n \\"LogTypeMds\\": \\"${security_event_config.event_name.webshellName_clientav}\\",\\n \\"LogSource\\": \\"cloud_siem_aegis_sas_alert\\",\\n \\"LogSourceMds\\": \\"${sas.cloudsiem.prod.cloud_siem_aegis_sas_alert}\\",\\n \\"RuleCondition\\": \\"[[{"not":false,"left":"alert_name","operator":"=","right":"WEBSHELL"}]]\\",\\n \\"RuleGroup\\": \\"["asset_id"]\\",\\n \\"RuleThreshold\\": \\"{"aggregateFunction":"count","aggregateFunctionName":"count","field":"activity_name","operator":"<=","value":1}\\",\\n \\"QueryCycle\\": \\"{"time":"1","unit":"HOUR"}\\",\\n \\"AttCk\\": \\"T1595.002 Vulnerability Scanning\\",\\n \\"EventTransferSwitch\\": 1,\\n \\"EventTransferType\\": \\"allToSingle\\",\\n \\"EventTransferExt\\": \\"{"time":"1","unit":"MINUTE"}\\",\\n \\"Status\\": 0,\\n \\"DataType\\": 0\\n },\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', 'title' => '添加或者更新自定义规则', ], 'PostCustomizeRuleTest' => [ 'summary' => '提交自定义规则测试。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'https', 'http', ], 'security' => [ [ 'AK' => [], ], ], 'deprecated' => false, 'systemTags' => [ 'operationType' => 'create', 'riskType' => 'none', 'chargeType' => 'free', ], 'parameters' => [ [ 'name' => 'Id', 'in' => 'formData', 'schema' => [ 'title' => '自定义规则ID。', 'description' => '自定义规则ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '123456789', ], ], [ 'name' => 'TestType', 'in' => 'formData', 'schema' => [ 'title' => '测试类型。 取值：'."\n" .'- simulate：模拟数据测试'."\n" .'- business：业务数据测试'."\n" .'- 15：业务数据测试中', 'description' => '测试类型。取值：'."\n" .'- simulate：模拟数据测试'."\n" .'- business：业务数据测试', 'type' => 'string', 'required' => false, 'example' => 'simulate', ], ], [ 'name' => 'SimulatedData', 'in' => 'formData', 'schema' => [ 'title' => '模拟测试数据 只有在测试类型为simulate情况下赋值。', 'description' => '模拟测试数据，只有在测试类型为simulate情况下赋值。', 'type' => 'string', 'required' => false, 'example' => '[{"key1":"value1","key2":"value2","key3":"value3","key4":"value4","key5":"value5"}]', ], ], [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'BaseResponse', 'description' => 'BaseResponse', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'any', 'example' => '123456', ], 'Success' => [ 'title' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'description' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'type' => 'boolean', 'example' => 'true', ], 'Code' => [ 'title' => '请求状态码。', 'description' => '请求状态码。', 'type' => 'integer', 'format' => 'int32', 'example' => '200', ], 'Message' => [ 'title' => '请求返回消息。', 'description' => '请求返回消息。', 'type' => 'string', 'example' => 'success', ], 'RequestId' => [ 'title' => '请求id。', 'description' => '请求ID。', 'type' => 'string', 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorMessage' => 'The request processing has failed due to some unknown error.', 'errorCode' => 'InternalError', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": \\"123456\\",\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', 'title' => '提交自定义规则测试', ], 'PostFinishCustomizeRuleTest' => [ 'summary' => '结束自定义规则测试。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'https', 'http', ], 'security' => [ [ 'AK' => [], ], ], 'deprecated' => false, 'systemTags' => [ 'operationType' => 'update', 'riskType' => 'none', 'chargeType' => 'free', ], 'parameters' => [ [ 'name' => 'Id', 'in' => 'formData', 'schema' => [ 'title' => '自定义规则ID。', 'description' => '自定义规则ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '123456789', ], ], [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'BaseResponse', 'description' => 'BaseResponse', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'any', 'example' => '123456', ], 'Success' => [ 'title' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'description' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'type' => 'boolean', 'example' => 'true', ], 'Code' => [ 'title' => '请求状态码。', 'description' => '请求状态码。', 'type' => 'integer', 'format' => 'int32', 'example' => '200', ], 'Message' => [ 'title' => '请求返回消息。', 'description' => '请求返回消息。', 'type' => 'string', 'example' => 'success', ], 'RequestId' => [ 'title' => '请求id。', 'description' => '请求ID。', 'type' => 'string', 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorMessage' => 'The request processing has failed due to some unknown error.', 'errorCode' => 'InternalError', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": \\"123456\\",\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', 'title' => '结束自定义规则测试', ], 'PostRuleStatusChange' => [ 'summary' => '更新自定义规则状态。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'https', 'http', ], 'security' => [ [ 'AK' => [], ], ], 'deprecated' => false, 'systemTags' => [ 'operationType' => 'update', 'riskType' => 'none', 'chargeType' => 'free', ], 'parameters' => [ [ 'name' => 'Ids', 'in' => 'formData', 'schema' => [ 'title' => '规则id列表 json数组格式。', 'description' => '规则id列表 json数组格式。', 'type' => 'string', 'required' => false, 'example' => '[123,345]', ], ], [ 'name' => 'RuleType', 'in' => 'formData', 'schema' => [ 'title' => '规则类型。 取值：'."\n" .'- predefine：预定义'."\n" .'- customize：自定义', 'description' => '规则类型。 取值：'."\n" .'- predefine：预定义'."\n" .'- customize：自定义', 'type' => 'string', 'required' => false, 'example' => 'customize', ], ], [ 'name' => 'InUse', 'in' => 'formData', 'schema' => [ 'title' => '规则开启状态。 取值：'."\n" .'- true：开启'."\n" .'- false：关闭', 'description' => '规则开启状态。 取值：'."\n" .'- true：开启'."\n" .'- false：关闭', 'type' => 'boolean', 'required' => false, 'example' => 'true', ], ], [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'BaseResponse', 'description' => 'BaseResponse', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'any', 'example' => '123456', ], 'Success' => [ 'title' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'description' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'type' => 'boolean', 'example' => 'true', ], 'Code' => [ 'title' => '请求状态码。', 'description' => '请求状态码。', 'type' => 'integer', 'format' => 'int32', 'example' => '200', ], 'Message' => [ 'title' => '请求返回消息。', 'description' => '请求返回消息。', 'type' => 'string', 'example' => 'success', ], 'RequestId' => [ 'title' => '请求id。', 'description' => '请求ID。', 'type' => 'string', 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorMessage' => 'The request processing has failed due to some unknown error.', 'errorCode' => 'InternalError', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": \\"123456\\",\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', 'title' => '更新自定义规则状态', ], 'DescribeScopeUsers' => [ 'summary' => '获取剧本作用域用户列表。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'https', 'http', ], 'security' => [ [ 'AK' => [], ], ], 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', ], 'parameters' => [ [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'BaseResponse>', 'description' => 'BaseResponse>', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'array', 'items' => [ 'type' => 'object', 'properties' => [ 'AliUid' => [ 'title' => 'siem用户ID。', 'description' => 'SIEM用户ID。', 'type' => 'integer', 'format' => 'int64', 'example' => '123456789****', ], 'UserName' => [ 'title' => '用户名。', 'description' => '用户名。', 'type' => 'string', 'example' => 'test001', ], 'UserId' => [ 'title' => '多云用户ID。', 'description' => '多云用户ID。', 'type' => 'string', 'example' => '123456789****', ], 'CloudCode' => [ 'title' => '云code。 取值：'."\n" .'- qcloud：腾讯云'."\n" .'- hcloud：华为云', 'description' => '云code。 取值：'."\n" .'- qcloud：腾讯云'."\n" .'- hcloud：华为云', 'type' => 'string', 'example' => 'qcloud', ], 'InstanceId' => [ 'title' => 'waf实例ID。', 'description' => 'Waf实例ID。', 'type' => 'string', 'example' => 'waf-cn-tl123ast****', ], 'Domains' => [ 'title' => 'waf实例下的防护的域名列表。', 'description' => 'Waf实例下的防护的域名列表。', 'type' => 'array', 'items' => [ 'description' => 'Waf实例下的防护的域名列表。', 'type' => 'string', 'example' => '[123***.com, 456***.com]', ], 'example' => '[123.com, 456.com]', ], ], ], 'example' => '123456', ], 'Success' => [ 'title' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'description' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'type' => 'boolean', 'example' => 'true', ], 'Code' => [ 'title' => '请求状态码。', 'description' => '请求状态码。', 'type' => 'integer', 'format' => 'int32', 'example' => '200', ], 'Message' => [ 'title' => '请求返回消息。', 'description' => '请求返回消息。', 'type' => 'string', 'example' => 'success', ], 'RequestId' => [ 'title' => '请求id。', 'description' => '请求ID。', 'type' => 'string', 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorMessage' => 'The request processing has failed due to some unknown error.', 'errorCode' => 'InternalError', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"AliUid\\": 0,\\n \\"UserName\\": \\"test001\\",\\n \\"UserId\\": \\"123456789****\\",\\n \\"CloudCode\\": \\"qcloud\\",\\n \\"InstanceId\\": \\"waf-cn-tl123ast****\\",\\n \\"Domains\\": [\\n \\"[123***.com, 456***.com]\\"\\n ]\\n }\\n ],\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', 'title' => '获取剧本作用域用户列表', ], 'DeleteAutomateResponseConfig' => [ 'summary' => '删除指定ID的自动化响应规则。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'https', 'http', ], 'security' => [ [ 'AK' => [], ], ], 'deprecated' => false, 'systemTags' => [ 'operationType' => 'delete', 'riskType' => 'none', 'chargeType' => 'free', ], 'parameters' => [ [ 'name' => 'Id', 'in' => 'formData', 'schema' => [ 'title' => '自动化响应配置规则ID。', 'description' => '自动化响应配置规则ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '123', ], ], [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'BaseResponse', 'description' => 'BaseResponse', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'string', 'example' => '123456', ], 'Success' => [ 'title' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'description' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'type' => 'boolean', 'example' => 'true', ], 'Code' => [ 'title' => '请求状态码。', 'description' => '请求状态码。', 'type' => 'integer', 'format' => 'int32', 'example' => '200', ], 'Message' => [ 'title' => '请求返回消息。', 'description' => '请求返回消息。', 'type' => 'string', 'example' => 'success', ], 'RequestId' => [ 'title' => '请求id。', 'description' => '请求ID。', 'type' => 'string', 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorMessage' => 'The request processing has failed due to some unknown error.', 'errorCode' => 'InternalError', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": \\"123456\\",\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', 'title' => '删除自动化响应规则', ], 'DescribeAutomateResponseConfigCounter' => [ 'summary' => '获取自动化响应规则计数。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'https', 'http', ], 'security' => [ [ 'AK' => [], ], ], 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', ], 'parameters' => [ [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'BaseResponse', 'description' => 'BaseResponse', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'object', 'properties' => [ 'All' => [ 'title' => '总规则数。', 'description' => '总规则数。', 'type' => 'integer', 'format' => 'int64', 'example' => '20', ], 'Online' => [ 'title' => '启动规则数。', 'description' => '启动规则数。', 'type' => 'integer', 'format' => 'int64', 'example' => '10', ], ], 'example' => '123456', ], 'Success' => [ 'title' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'description' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'type' => 'boolean', 'example' => 'true', ], 'Code' => [ 'title' => '请求状态码。', 'description' => '请求状态码。', 'type' => 'integer', 'format' => 'int32', 'example' => '200', ], 'Message' => [ 'title' => '请求返回消息。', 'description' => '请求返回消息。', 'type' => 'string', 'example' => 'success', ], 'RequestId' => [ 'title' => '请求id。', 'description' => '请求ID。', 'type' => 'string', 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorMessage' => 'The request processing has failed due to some unknown error.', 'errorCode' => 'InternalError', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"All\\": 20,\\n \\"Online\\": 10\\n },\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', 'title' => '获取自动化响应规则计数', ], 'DescribeAutomateResponseConfigFeature' => [ 'summary' => '获取自动化规则策略可配置字段及操作符。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'https', 'http', ], 'security' => [ [ 'AK' => [], ], ], 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', ], 'parameters' => [ [ 'name' => 'AutoResponseType', 'in' => 'formData', 'schema' => [ 'title' => '自动化响应类型。 取值：'."\n" .'- event：事件'."\n" .'- alert：告警', 'description' => '自动化响应类型。取值：'."\n" .'- event：事件'."\n" .'- alert：告警', 'type' => 'string', 'required' => false, 'example' => 'event', ], ], [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'BaseResponse>', 'description' => 'BaseResponse>', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'array', 'items' => [ 'type' => 'object', 'properties' => [ 'Feature' => [ 'title' => '自动化响应规则条件字段名称。', 'description' => '自动化响应规则条件字段名称。', 'type' => 'string', 'example' => 'alert_desc', ], 'DataType' => [ 'title' => '自动化响应规则条件字段数据类型。', 'description' => '自动化响应规则条件字段数据类型。', 'type' => 'string', 'example' => 'varchar', ], 'SupportOperators' => [ 'title' => '该字段支持的操作符列表', 'description' => '该字段支持的操作符列表。', 'type' => 'array', 'items' => [ 'type' => 'object', 'properties' => [ 'HasRightValue' => [ 'title' => '是否需要右值 取值:'."\n" .'- 需要：'."\n" .'- false：不需要。', 'description' => '是否需要右值。取值：'."\n" .'- true：需要'."\n" .'- false：不需要', 'type' => 'boolean', 'example' => 'false', ], 'Operator' => [ 'title' => '操作符。', 'description' => '操作符。', 'type' => 'string', 'example' => '<=', ], 'OperatorName' => [ 'title' => '操作符显示名称。', 'description' => '操作符显示名称。', 'type' => 'string', 'example' => '<=', ], 'OperatorDescCn' => [ 'title' => '操作符中文描述。', 'description' => '操作符中文描述。', 'type' => 'string', 'example' => 'larger than or equal to', ], 'OperatorDescEn' => [ 'title' => '操作符英文描述。', 'description' => '操作符英文描述。', 'type' => 'string', 'example' => 'larger than or equal to', ], 'SupportDataType' => [ 'title' => '当前操作符可以支持的数据类型 以逗号分隔。', 'description' => '当前操作符可以支持的数据类型，以逗号分隔。', 'type' => 'string', 'example' => 'varchar', ], 'SupportTag' => [ 'title' => '操作符支持场景 多个场景以逗号分隔 如聚合（AGGREGATE）等 默认为空。', 'description' => '操作符支持场景。多个场景以逗号分隔，如聚合等。默认为空。', 'type' => 'array', 'items' => [ 'description' => '支持场景。', 'type' => 'string', 'example' => '[AGGREGATE]', ], 'example' => '[AGGREGATE]', ], 'Index' => [ 'title' => '操作符所处操作符列表位置。', 'description' => '操作符所处操作符列表位置。', 'type' => 'integer', 'format' => 'int32', 'example' => '3', ], ], ], ], 'RightValueEnums' => [ 'title' => '该字段对应的右值枚举值', 'description' => '该字段对应的右值枚举值。', 'type' => 'array', 'items' => [ 'type' => 'object', 'properties' => [ 'Value' => [ 'title' => '右值枚举值。', 'description' => '右值枚举值。', 'type' => 'string', 'example' => 'serious', ], 'ValueMds' => [ 'title' => '右值枚举值美杜莎code。', 'description' => '右值枚举值美杜莎Code。', 'type' => 'string', 'example' => 'aliyun.siem.automate.feature.alert_level.serious', ], ], ], ], ], ], 'example' => '123456', ], 'Success' => [ 'title' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'description' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'type' => 'boolean', 'example' => 'true', ], 'Code' => [ 'title' => '请求状态码。', 'description' => '请求状态码。', 'type' => 'integer', 'format' => 'int32', 'example' => '200', ], 'Message' => [ 'title' => '请求返回消息。', 'description' => '请求返回消息。', 'type' => 'string', 'example' => 'success', ], 'RequestId' => [ 'title' => '请求id。', 'description' => '请求ID。', 'type' => 'string', 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorMessage' => 'The request processing has failed due to some unknown error.', 'errorCode' => 'InternalError', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"Feature\\": \\"alert_desc\\",\\n \\"DataType\\": \\"varchar\\",\\n \\"SupportOperators\\": [\\n {\\n \\"HasRightValue\\": false,\\n \\"Operator\\": \\"<=\\",\\n \\"OperatorName\\": \\"<=\\",\\n \\"OperatorDescCn\\": \\"larger than or equal to\\",\\n \\"OperatorDescEn\\": \\"larger than or equal to\\",\\n \\"SupportDataType\\": \\"varchar\\",\\n \\"SupportTag\\": [\\n \\"[AGGREGATE]\\"\\n ],\\n \\"Index\\": 3\\n }\\n ],\\n \\"RightValueEnums\\": [\\n {\\n \\"Value\\": \\"serious\\",\\n \\"ValueMds\\": \\"aliyun.siem.automate.feature.alert_level.serious\\"\\n }\\n ]\\n }\\n ],\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', 'title' => '获取自动化规则策略可配置字段及操作符', ], 'ListAutomateResponseConfigs' => [ 'summary' => '获取自动化响应规则列表。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'http', 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'list', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas104PTS', ], ], 'parameters' => [ [ 'name' => 'Id', 'in' => 'formData', 'schema' => [ 'title' => '自动化响应配置规则ID。', 'description' => '自动化响应配置规则ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '123', ], ], [ 'name' => 'SubUserId', 'in' => 'formData', 'schema' => [ 'title' => '规则创建用户ID。', 'description' => '规则创建用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '17108579417****', ], ], [ 'name' => 'PlaybookUuid', 'in' => 'formData', 'schema' => [ 'title' => '剧本唯一标识。', 'description' => '剧本唯一标识。', 'type' => 'string', 'required' => false, 'example' => 'system_aliyun_aegis_kill_quara_book', ], ], [ 'name' => 'RuleName', 'in' => 'formData', 'schema' => [ 'title' => '自动化响应配置规则名称。', 'description' => '自动化响应配置规则名称。', 'type' => 'string', 'required' => false, 'example' => 'cfw kill quara book', ], ], [ 'name' => 'AutoResponseType', 'in' => 'formData', 'schema' => [ 'title' => '自动化响应类型。 取值：'."\n" .'- event：事件'."\n" .'- alert：告警', 'description' => '自动化响应类型。取值：'."\n" .'- **event**：事件'."\n" .'- **alert**：告警', 'type' => 'string', 'required' => false, 'example' => 'event', ], ], [ 'name' => 'ActionType', 'in' => 'formData', 'schema' => [ 'title' => '处置动作类型。 取值：'."\n" .'- doPlaybook：执行剧本'."\n" .'- changeEventStatus：更改事件状态'."\n" .'- changeThreatLevel：更改事件威胁等级', 'description' => '处置动作类型。取值：'."\n" .'- **doPlaybook**：执行剧本'."\n" .'- **changeEventStatus**：更改事件状态'."\n" .'- **changeThreatLevel**：更改事件威胁等级', 'type' => 'string', 'required' => false, 'example' => 'doPlaybook', ], ], [ 'name' => 'Status', 'in' => 'formData', 'schema' => [ 'title' => '规则状态。 取值：'."\n" .'- 0：未启用'."\n" .'- 100：启用', 'description' => '规则状态。取值：'."\n" .'- **0**：未启用'."\n" .'- **100**：启用', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '0', ], ], [ 'name' => 'CurrentPage', 'in' => 'formData', 'schema' => [ 'title' => '列表当前页号， 大于等于1。', 'description' => '列表当前页号，大于等于1。', 'type' => 'integer', 'format' => 'int32', 'required' => true, 'minimum' => '1', 'example' => '1', ], ], [ 'name' => 'PageSize', 'in' => 'formData', 'schema' => [ 'title' => '列表每页条数， 最大不超过100。', 'description' => '列表每页条数，最大不超过100。', 'type' => 'integer', 'format' => 'int32', 'required' => true, 'maximum' => '100', 'minimum' => '1', 'example' => '10', ], ], [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- **cn-hangzhou**：资产属于中国内地与中国香港'."\n" .'- **ap-southeast-1**：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'ResponseRuleType', 'in' => 'formData', 'schema' => [ 'description' => '响应规则类型。'."\n" ."\n" .'- preset：预定义'."\n" .'- custom：自定义', 'type' => 'string', 'required' => false, 'example' => 'custom', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'PageResponse>', 'description' => 'PageResponse>', 'type' => 'object', 'properties' => [ 'Success' => [ 'title' => '请求是否成功。取值：'."\n" .'- true:成功'."\n" .'- false：失败', 'description' => '请求是否成功。取值：'."\n" .'- **true**：成功'."\n" .'- **false**：失败', 'type' => 'boolean', 'example' => 'true', ], 'Code' => [ 'title' => '请求状态码。', 'description' => '请求状态码。', 'type' => 'integer', 'format' => 'int32', 'example' => '200', ], 'Message' => [ 'title' => '请求返回消息。', 'description' => '请求返回消息。', 'type' => 'string', 'example' => 'success', ], 'RequestId' => [ 'title' => '请求id。', 'description' => '请求ID。', 'type' => 'string', 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', ], 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'object', 'properties' => [ 'PageInfo' => [ 'title' => '分页记录。', 'description' => '分页记录。', 'type' => 'object', 'properties' => [ 'CurrentPage' => [ 'title' => '列表当前页号。', 'description' => '列表当前页号。', 'type' => 'integer', 'format' => 'int32', 'example' => '1', ], 'PageSize' => [ 'title' => '每页返回记录数。', 'description' => '每页返回记录数。', 'type' => 'integer', 'format' => 'int32', 'example' => '10', ], 'TotalCount' => [ 'title' => '记录总数。', 'description' => '记录总数。', 'type' => 'integer', 'format' => 'int64', 'example' => '100', ], ], ], 'ResponseData' => [ 'title' => '详细数据。', 'description' => '详细数据。', 'type' => 'array', 'items' => [ 'type' => 'object', 'properties' => [ 'Id' => [ 'title' => '自动化响应配置规则ID。', 'description' => '自动化响应配置规则ID。', 'type' => 'integer', 'format' => 'int64', 'example' => '123', ], 'GmtCreate' => [ 'title' => '创建时间。', 'description' => '创建时间。', 'type' => 'string', 'example' => '2021-01-06 16:37:29', ], 'GmtModified' => [ 'title' => '修改时间。', 'description' => '修改时间。', 'type' => 'string', 'example' => '2021-01-06 16:37:29', ], 'Aliuid' => [ 'title' => '规则关联siem主账号ID。', 'description' => '规则关联SIEM主账号ID。', 'type' => 'integer', 'format' => 'int64', 'example' => '127608589417****', ], 'SubUserId' => [ 'title' => '规则创建用户ID。', 'description' => '规则创建用户ID。', 'type' => 'integer', 'format' => 'int64', 'example' => '17108579417****', ], 'RuleName' => [ 'title' => '自动化响应配置规则名称。', 'description' => '自动化响应配置规则名称。', 'type' => 'string', 'example' => 'cfw kill quara book', ], 'AutoResponseType' => [ 'title' => '自动化响应类型。 取值：'."\n" .'- event：事件'."\n" .'- alert：告警', 'description' => '自动化响应类型。取值：'."\n" .'- **event**：事件'."\n" .'- **alert**：告警', 'type' => 'string', 'example' => 'event', ], 'ExecutionCondition' => [ 'title' => '自动化响应规则触发条件 json格式。', 'description' => '自动化响应规则触发条件，JSON格式。', 'type' => 'string', 'example' => '[{"left":{"value":"alert_name"},"operator":"containsString","right":{"value":"webshell_online"}}]', ], 'ActionType' => [ 'title' => '处置动作类型 多个值以逗号分隔。 取值：'."\n" .'- doPlaybook：执行剧本'."\n" .'- changeEventStatus：更改事件状态'."\n" .'- changeThreatLevel：更改事件威胁等级', 'description' => '处置动作类型，多个值以逗号分隔。取值：'."\n" .'- **doPlaybook**：执行剧本'."\n" .'- **changeEventStatus**：更改事件状态'."\n" .'- **changeThreatLevel**：更改事件威胁等级', 'type' => 'string', 'example' => 'doPlaybook,changeEventStatus', ], 'ActionConfig' => [ 'title' => '自动化响应规则动作配置 json数组格式。', 'description' => '自动化响应规则动作配置，JSON数组格式。', 'type' => 'string', 'example' => '['."\n" .' {'."\n" .' "actionType": "doPlaybook",'."\n" .' "playbookName": "WafBlockIP",'."\n" .' "playbookUuid": "bdad6220-6584-41b2-9704-fc6584568758"'."\n" .' }'."\n" .']', ], 'Status' => [ 'title' => '规则状态。 取值：'."\n" .'- 0：未启用'."\n" .'- 100：启用', 'description' => '规则状态。取值：'."\n" .'- **0**：未启用'."\n" .'- **100**：启用', 'type' => 'integer', 'format' => 'int32', 'example' => '0', ], 'DataType' => [ 'description' => '自动化响应规则条件字段数据类型。', 'type' => 'integer', 'format' => 'int32', 'example' => 'varchar', ], 'ResponseRuleType' => [ 'description' => '响应规则类型。'."\n" ."\n" .'- preset：预定义'."\n" .'- custom：自定义', 'type' => 'string', 'example' => 'custom', ], ], ], ], ], 'example' => '123456', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorMessage' => 'The request processing has failed due to some unknown error.', 'errorCode' => 'InternalError', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\",\\n \\"Data\\": {\\n \\"PageInfo\\": {\\n \\"CurrentPage\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 100\\n },\\n \\"ResponseData\\": [\\n {\\n \\"Id\\": 123,\\n \\"GmtCreate\\": \\"2021-01-06 16:37:29\\",\\n \\"GmtModified\\": \\"2021-01-06 16:37:29\\",\\n \\"Aliuid\\": 0,\\n \\"SubUserId\\": 0,\\n \\"RuleName\\": \\"cfw kill quara book\\",\\n \\"AutoResponseType\\": \\"event\\",\\n \\"ExecutionCondition\\": \\"[{\\\\\\"left\\\\\\":{\\\\\\"value\\\\\\":\\\\\\"alert_name\\\\\\"},\\\\\\"operator\\\\\\":\\\\\\"containsString\\\\\\",\\\\\\"right\\\\\\":{\\\\\\"value\\\\\\":\\\\\\"webshell_online\\\\\\"}}]\\",\\n \\"ActionType\\": \\"doPlaybook,changeEventStatus\\",\\n \\"ActionConfig\\": \\"[\\\\n {\\\\n \\\\\\"actionType\\\\\\": \\\\\\"doPlaybook\\\\\\",\\\\n \\\\\\"playbookName\\\\\\": \\\\\\"WafBlockIP\\\\\\",\\\\n \\\\\\"playbookUuid\\\\\\": \\\\\\"bdad6220-6584-41b2-9704-fc6584568758\\\\\\"\\\\n }\\\\n]\\",\\n \\"Status\\": 0,\\n \\"DataType\\": 0,\\n \\"ResponseRuleType\\": \\"custom\\"\\n }\\n ]\\n }\\n}","type":"json"}]', 'title' => '获取自动化响应规则列表', ], 'PostAutomateResponseConfig' => [ 'summary' => '添加或更新自动化响应规则。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'https', 'http', ], 'security' => [ [ 'AK' => [], ], ], 'deprecated' => false, 'systemTags' => [ 'operationType' => 'create', 'riskType' => 'none', 'chargeType' => 'free', ], 'parameters' => [ [ 'name' => 'Id', 'in' => 'formData', 'schema' => [ 'title' => '自动化响应配置规则ID。', 'description' => '自动化响应配置规则ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '123', ], ], [ 'name' => 'SubUserId', 'in' => 'formData', 'schema' => [ 'title' => '规则创建用户ID。', 'description' => '规则创建用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '17108579417****', ], ], [ 'name' => 'RuleName', 'in' => 'formData', 'schema' => [ 'title' => '自动化响应配置规则名称。', 'description' => '自动化响应配置规则名称。', 'type' => 'string', 'required' => false, 'example' => 'cfw kill quara book', ], ], [ 'name' => 'AutoResponseType', 'in' => 'formData', 'schema' => [ 'title' => '自动化响应类型。 取值：'."\n" .'- event：事件'."\n" .'- alert：告警', 'description' => '自动化响应类型。取值：'."\n" .'- **event**：事件'."\n" .'- **alert**：告警', 'type' => 'string', 'required' => false, 'example' => 'event', ], ], [ 'name' => 'ExecutionCondition', 'in' => 'formData', 'schema' => [ 'title' => '自动化响应规则触发条件 json格式。', 'description' => '自动化响应规则触发条件，JSON格式。', 'type' => 'string', 'required' => false, 'example' => '[{"left":{"value":"alert_name"},"operator":"containsString","right":{"value":"webshell_online"}}]', ], ], [ 'name' => 'ActionType', 'in' => 'formData', 'schema' => [ 'title' => '处置动作类型 多个值以逗号分隔。 取值：'."\n" .'- doPlaybook：执行剧本'."\n" .'- changeEventStatus：更改事件状态'."\n" .'- changeThreatLevel：更改事件威胁等级', 'description' => '处置动作类型，多个值以逗号分隔。取值：'."\n" .'- **doPlaybook**：执行剧本'."\n" .'- **changeEventStatus**：更改事件状态'."\n" .'- **changeThreatLevel**：更改事件威胁等级', 'type' => 'string', 'required' => false, 'example' => 'doPlaybook,changeEventStatus', ], ], [ 'name' => 'ActionConfig', 'in' => 'formData', 'schema' => [ 'title' => '自动化响应规则动作配置 json数组格式。', 'description' => '自动化响应规则动作配置，JSON数组格式。', 'type' => 'string', 'required' => false, 'example' => '['."\n" .' {'."\n" .' "actionType": "doPlaybook",'."\n" .' "playbookName": "WafBlockIP",'."\n" .' "playbookUuid": "bdad6220-6584-41b2-9704-fc6584568758"'."\n" .' }'."\n" .']', ], ], [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- **cn-hangzhou**：资产属于中国内地与中国香港'."\n" .'- **ap-southeast-1**：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'BaseResponse', 'description' => 'BaseResponse', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'string', 'example' => '123456', ], 'Success' => [ 'title' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'description' => '请求是否成功。取值：'."\n" .'- **true**：成功'."\n" .'- **false**：失败', 'type' => 'boolean', 'example' => 'true', ], 'Code' => [ 'title' => '请求状态码。', 'description' => '请求状态码。', 'type' => 'integer', 'format' => 'int32', 'example' => '200', ], 'Message' => [ 'title' => '请求返回消息。', 'description' => '请求返回消息。', 'type' => 'string', 'example' => 'success', ], 'RequestId' => [ 'title' => '请求id。', 'description' => '请求ID。', 'type' => 'string', 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorMessage' => 'The request processing has failed due to some unknown error.', 'errorCode' => 'InternalError', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": \\"123456\\",\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', 'title' => '添加或更新自动化响应规则', ], 'UpdateAutomateResponseConfigStatus' => [ 'summary' => '更新自动化响应规则状态。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'https', 'http', ], 'security' => [ [ 'AK' => [], ], ], 'deprecated' => false, 'systemTags' => [ 'operationType' => 'update', 'riskType' => 'none', 'chargeType' => 'free', ], 'parameters' => [ [ 'name' => 'Ids', 'in' => 'formData', 'schema' => [ 'title' => '自动响应规则id列表，json数组。', 'description' => '自动响应规则ID列表，json数组。', 'type' => 'string', 'required' => false, 'example' => '[123,345]', ], ], [ 'name' => 'InUse', 'in' => 'formData', 'schema' => [ 'title' => '规则开启状态。 取值：'."\n" .'- true：开启'."\n" .'- false：关闭', 'description' => '规则开启状态。 取值：'."\n" .'- true：开启'."\n" .'- false：关闭', 'type' => 'boolean', 'required' => false, 'example' => 'true', ], ], [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'BaseResponse', 'description' => 'BaseResponse', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'string', 'example' => '123456', ], 'Success' => [ 'title' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'description' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'type' => 'boolean', 'example' => 'true', ], 'Code' => [ 'title' => '请求状态码。', 'description' => '请求状态码。', 'type' => 'integer', 'format' => 'int32', 'example' => '200', ], 'Message' => [ 'title' => '请求返回消息。', 'description' => '请求返回消息。', 'type' => 'string', 'example' => 'success', ], 'RequestId' => [ 'title' => '请求id。', 'description' => '请求ID。', 'type' => 'string', 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorMessage' => 'The request processing has failed due to some unknown error.', 'errorCode' => 'InternalError', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": \\"123456\\",\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', 'title' => '更新自动化响应规则状态', ], 'ListDisposeStrategy' => [ 'summary' => '获取系统推荐处置策略列表。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'http', 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'list', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsasAFG0OH', ], ], 'parameters' => [ [ 'name' => 'SophonTaskId', 'in' => 'formData', 'schema' => [ 'title' => '处置策略ID。', 'description' => '安全编排与自动化响应处置策略ID。', 'type' => 'string', 'required' => false, 'example' => 'a50a49b7-6044-4593-ab15-2b46567c****', ], ], [ 'name' => 'EntityIdentity', 'in' => 'formData', 'schema' => [ 'title' => '实体特征值，可以对处置实体进行模糊搜索。', 'description' => '实体特征值，可以对处置实体进行模糊搜索。', 'type' => 'string', 'required' => false, 'example' => 'test22.php', ], ], [ 'name' => 'EntityType', 'in' => 'formData', 'schema' => [ 'title' => '剧本支持的实体类型。取值：'."\n" .'- ip:ip'."\n" .'- process：进程'."\n" .'- file：文件', 'description' => '实体类型。取值：'."\n" .'- ip：ip'."\n" .'- process：进程'."\n" .'- file：文件', 'type' => 'string', 'required' => false, 'example' => 'ip', ], ], [ 'name' => 'PlaybookName', 'in' => 'formData', 'schema' => [ 'title' => '剧本唯一标识名称。', 'description' => '剧本唯一标识名称。', 'type' => 'string', 'required' => false, 'example' => 'WafBlockIP', ], ], [ 'name' => 'PlaybookUuid', 'in' => 'formData', 'schema' => [ 'title' => '剧本UUID。', 'description' => '剧本UUID。', 'type' => 'string', 'required' => false, 'example' => 'system_aliyun_clb_process_book', ], ], [ 'name' => 'PlaybookTypes', 'in' => 'formData', 'schema' => [ 'title' => '剧本类型。 取值：'."\n" .'- system:手动处置'."\n" .'- custom：事件触发剧本'."\n" .'- custom_alert：告警触发剧本'."\n" .'- soar-manual：手动运行剧本'."\n" .'- soar-mdr：MDR运行剧本', 'description' => '剧本类型。取值：'."\n" .'- system：手动处置'."\n" .'- custom：事件触发剧本'."\n" .'- custom_alert：告警触发剧本'."\n" .'- soar-manual：手动运行剧本'."\n" .'- soar-mdr：MDR运行剧本', 'type' => 'string', 'required' => false, 'example' => 'system', ], ], [ 'name' => 'EffectiveStatus', 'in' => 'formData', 'schema' => [ 'title' => '策略状态。 取值：'."\n" .'- 0：失效'."\n" .'- 1：有效', 'description' => '策略状态。取值：'."\n" .'- 0：失效'."\n" .'- 1：有效', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '0', ], ], [ 'name' => 'OrderField', 'in' => 'formData', 'schema' => [ 'title' => '排序字段。 取值：'."\n" .'- GmtModified：按更新时间排序'."\n" .'- GmtCreate：按创建时间排序'."\n" .'- FinishTime：按策略结束时间排序', 'description' => '排序字段。取值：'."\n" .'- GmtModified：按更新时间排序'."\n" .'- GmtCreate：按创建时间排序'."\n" .'- FinishTime：按策略结束时间排序', 'type' => 'string', 'required' => false, 'example' => 'GmtModified', ], ], [ 'name' => 'Order', 'in' => 'formData', 'schema' => [ 'title' => '排序方向。 取值：'."\n" .'- desc：降序排列'."\n" .'- asc：升序排列', 'description' => '排序方向。取值：'."\n" .'- desc：降序排列'."\n" .'- asc：升序排列', 'type' => 'string', 'required' => false, 'example' => 'desc', ], ], [ 'name' => 'StartTime', 'in' => 'formData', 'schema' => [ 'title' => '查询开始时间, 单位毫秒。', 'description' => '查询开始时间，单位毫秒。', 'type' => 'integer', 'format' => 'int64', 'required' => true, 'example' => '1577808000000', ], ], [ 'name' => 'EndTime', 'in' => 'formData', 'schema' => [ 'title' => '查询结束时间, 单位毫秒。', 'description' => '查询结束时间，单位毫秒。', 'type' => 'integer', 'format' => 'int64', 'required' => true, 'example' => '1577808000000', ], ], [ 'name' => 'Status', 'in' => 'formData', 'schema' => [ 'description' => '处置策略状态。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '200', ], ], [ 'name' => 'CurrentPage', 'in' => 'formData', 'schema' => [ 'title' => '列表当前页号， 大于等于1。', 'description' => '列表当前页号，大于等于1。', 'type' => 'integer', 'format' => 'int32', 'required' => true, 'minimum' => '1', 'example' => '1', ], ], [ 'name' => 'PageSize', 'in' => 'formData', 'schema' => [ 'title' => '列表每页条数， 最大不超过100。', 'description' => '列表每页条数，最大不超过100。', 'type' => 'integer', 'format' => 'int32', 'required' => true, 'maximum' => '100', 'minimum' => '1', 'example' => '10', ], ], [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'title' => '0，单账号登录；1，全局视图；2，切换视图；3，局部视图', 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的阿里云账号ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析与响应的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'IncidentUuid', 'in' => 'formData', 'schema' => [ 'description' => '事件ID。', 'type' => 'string', 'required' => false, 'example' => '49670d3bbf7aa9556a2fff3dbaa9****', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'PageResponse>', 'description' => 'PageResponse>', 'type' => 'object', 'properties' => [ 'Success' => [ 'title' => '请求是否成功。取值：'."\n" .'- true:成功'."\n" .'- false：失败', 'description' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'type' => 'boolean', 'example' => 'true', ], 'Code' => [ 'title' => '请求状态码。', 'description' => '请求状态码。', 'type' => 'integer', 'format' => 'int32', 'example' => '200', ], 'Message' => [ 'title' => '请求返回消息。', 'description' => '请求返回消息。', 'type' => 'string', 'example' => 'success', ], 'RequestId' => [ 'title' => '请求id。', 'description' => '请求ID。', 'type' => 'string', 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', ], 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'object', 'properties' => [ 'PageInfo' => [ 'title' => '分页记录。', 'description' => '分页记录。', 'type' => 'object', 'properties' => [ 'CurrentPage' => [ 'title' => '列表当前页号。', 'description' => '列表当前页号。', 'type' => 'integer', 'format' => 'int32', 'example' => '1', ], 'PageSize' => [ 'title' => '每页返回记录数。', 'description' => '每页返回记录数。', 'type' => 'integer', 'format' => 'int32', 'example' => '10', ], 'TotalCount' => [ 'title' => '记录总数。', 'description' => '记录总数。', 'type' => 'integer', 'format' => 'int64', 'example' => '100', ], ], ], 'ResponseData' => [ 'title' => '详细数据。', 'description' => '详细数据。', 'type' => 'array', 'items' => [ 'type' => 'object', 'properties' => [ 'Id' => [ 'title' => '策略ID。', 'description' => '策略ID。', 'type' => 'integer', 'format' => 'int64', 'example' => '123', ], 'GmtCreate' => [ 'title' => '创建时间。', 'description' => '创建时间。', 'type' => 'string', 'example' => '2021-01-06 16:37:29', ], 'GmtModified' => [ 'title' => '修改时间。', 'description' => '修改时间。', 'type' => 'string', 'example' => '2021-01-06 16:37:29', ], 'Aliuid' => [ 'title' => '策略关联siem主账号ID。', 'description' => '策略关联SIEM主账号ID。', 'type' => 'integer', 'format' => 'int64', 'example' => '127608589417****', ], 'SubAliuid' => [ 'title' => '配置策略阿里账号ID。', 'description' => '配置策略阿里账号ID。', 'type' => 'integer', 'format' => 'int64', 'example' => '176555323***', ], 'IncidentName' => [ 'title' => '事件名称。', 'description' => '事件名称。', 'type' => 'string', 'example' => 'Multiple type of alerts, including Miner Network, Command line download and run malicious files, Backdoor Process, etc', ], 'Scope' => [ 'title' => '处置作用域。', 'description' => '处置作用域。', 'type' => 'array', 'items' => [ 'description' => '处置作用域。', 'type' => 'any', 'example' => '[{ aliUid: 176618589410**** }]', ], 'example' => '[{ aliUid: 1766185894104675 }]', ], 'IncidentUuid' => [ 'title' => '事件全局唯一ID。', 'description' => '事件全局唯一UUID。', 'type' => 'string', 'example' => '85ea4241-798f-4684-a876-65d4f0c3****', ], 'AlertUuid' => [ 'title' => '告警ID。', 'description' => '告警UUID。', 'type' => 'string', 'example' => 'sas_71e24437d2797ce8fc59692905a4****', ], 'SophonTaskId' => [ 'title' => 'soar处置策略ID。', 'description' => '安全编排与自动化响应处置策略ID。', 'type' => 'string', 'example' => '577bbf90-a770-44a7-8154-586aa2d3****', ], 'PlaybookName' => [ 'title' => '剧本唯一标识名称。', 'description' => '剧本唯一标识名称。', 'type' => 'string', 'example' => 'WafBlockIP', ], 'PlaybookUuid' => [ 'title' => '剧本UUID。', 'description' => '剧本UUID。', 'type' => 'string', 'example' => 'system_aliyun_clb_process_book', ], 'PlaybookType' => [ 'title' => '剧本类型。 取值：'."\n" .'- system:手动处置'."\n" .'- custom：事件触发剧本'."\n" .'- custom_alert：告警触发剧本'."\n" .'- soar-manual：手动运行剧本'."\n" .'- soar-mdr：MDR运行剧本', 'description' => '剧本类型。取值：'."\n" .'- system：手动处置'."\n" .'- custom：事件触发剧本'."\n" .'- custom_alert：告警触发剧本'."\n" .'- soar-manual：手动运行剧本'."\n" .'- soar-mdr：MDR运行剧本', 'type' => 'string', 'example' => 'system', ], 'TaskUrl' => [ 'title' => '剧本url', 'description' => '剧本url。', 'type' => 'string', 'example' => '{"playbookUuid":"system_aliyun_aegis_stop_container_book","requestUuid":"e8924356-448b-4301-aee9-*******"}', ], 'EntityId' => [ 'title' => '实体ID。', 'description' => '实体ID。', 'type' => 'integer', 'format' => 'int64', 'example' => '123456789', ], 'Entity' => [ 'title' => '实体详情, json数组格式。', 'description' => '实体详情，json数组格式。', 'type' => 'array', 'items' => [ 'description' => '实体详情，json数组格式。', 'type' => 'any', 'example' => '[{"ip":"1.1.XX.XX"}]', ], 'example' => '[{"ip":"1.1.1.1"}]', ], 'EntityType' => [ 'title' => '实体类型。取值：'."\n" .'- ip:ip'."\n" .'- process：进程'."\n" .'- file：文件', 'description' => '实体类型。取值：'."\n" .'- ip：ip'."\n" .'- process：进程'."\n" .'- file：文件', 'type' => 'string', 'example' => 'ip', ], 'TaskParam' => [ 'title' => '触发剧本参数， json格式。', 'description' => '触发剧本参数，json格式。', 'type' => 'string', 'example' => '{'."\n" .' "file": {'."\n" .' "op_code": "2",'."\n" .' "file_path": "/root/alert0913/a886.jsp",'."\n" .' "entity_type": "file",'."\n" .' "entity_name": "a886.jsp",'."\n" .' "file_name": "a886.jsp",'."\n" .' "file_owner": "USER:,GROUP:",'."\n" .' "hash_value": "5def10c9a4287d0920d86b42420b20b0",'."\n" .' "op_level": "2",'."\n" .' "entity_id": "/root/alert0913/a886.jsp",'."\n" .' "host_uuid": {'."\n" .' "entity_type": "host",'."\n" .' "entity_name": "N/A",'."\n" .' "is_comprised": "1",'."\n" .' "os_type": "linux",'."\n" .' "entity_id": "5f58ef67-8803-4314-8d67-c87dc92b****",'."\n" .' "host_uuid": "5f58ef67-8803-4314-8d67-c87dc92b****",'."\n" .' "host_name": "N/A"'."\n" .' },'."\n" .' "malware_type": "${aliyun.siem.sas.alert_tag.webshell}"'."\n" .' },'."\n" .' "_sys_siem": {'."\n" .' "cloudCode": "aliyun",'."\n" .' "alertId": "89416745494****"'."\n" .' },'."\n" .' "scope": ['."\n" .' {'."\n" .' "aliUid": 1766185894104****'."\n" .' }'."\n" .' ]'."\n" .'}', ], 'ErrorMessage' => [ 'title' => '任务的失败摘要信息。', 'description' => '任务的失败摘要信息。', 'type' => 'string', 'example' => 'DisposalEntity failed which description is Aegis Quarantine File , return_info failed which description is Check Aegis Process Result , [ERROR DETAIL] *******.php:file not found', ], 'FinishTime' => [ 'title' => '任务的结束时间。', 'description' => '任务的结束时间。', 'type' => 'string', 'example' => '2021-08-10 21:34:07', ], 'EffectiveStatus' => [ 'title' => '策略状态。 取值：'."\n" .'- 0：失效'."\n" .'- 1：有效', 'description' => '策略状态。取值：'."\n" .'- 0：失效'."\n" .'- 1：有效', 'type' => 'integer', 'format' => 'int32', 'example' => '0', ], 'Status' => [ 'title' => '剧本调用状态。 取值：'."\n" .'- 200：成功'."\n" .'- 10：删除'."\n" .'- 5：失败'."\n" .'- 0：初始状态', 'description' => '剧本调用状态。取值：'."\n" .'- 200：成功'."\n" .'- 10：删除'."\n" .'- 5：失败'."\n" .'- 0：初始状态', 'type' => 'integer', 'format' => 'int32', 'example' => '10', ], ], ], ], ], 'example' => '123456', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorMessage' => 'The request processing has failed due to some unknown error.', 'errorCode' => 'InternalError', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\",\\n \\"Data\\": {\\n \\"PageInfo\\": {\\n \\"CurrentPage\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 100\\n },\\n \\"ResponseData\\": [\\n {\\n \\"Id\\": 123,\\n \\"GmtCreate\\": \\"2021-01-06 16:37:29\\",\\n \\"GmtModified\\": \\"2021-01-06 16:37:29\\",\\n \\"Aliuid\\": 0,\\n \\"SubAliuid\\": 0,\\n \\"IncidentName\\": \\"Multiple type of alerts, including Miner Network, Command line download and run malicious files, Backdoor Process, etc\\",\\n \\"Scope\\": [\\n \\"[{ aliUid: 176618589410**** }]\\"\\n ],\\n \\"IncidentUuid\\": \\"85ea4241-798f-4684-a876-65d4f0c3****\\",\\n \\"AlertUuid\\": \\"sas_71e24437d2797ce8fc59692905a4****\\",\\n \\"SophonTaskId\\": \\"577bbf90-a770-44a7-8154-586aa2d3****\\",\\n \\"PlaybookName\\": \\"WafBlockIP\\",\\n \\"PlaybookUuid\\": \\"system_aliyun_clb_process_book\\",\\n \\"PlaybookType\\": \\"system\\",\\n \\"TaskUrl\\": \\"{\\\\\\"playbookUuid\\\\\\":\\\\\\"system_aliyun_aegis_stop_container_book\\\\\\",\\\\\\"requestUuid\\\\\\":\\\\\\"e8924356-448b-4301-aee9-*******\\\\\\"}\\",\\n \\"EntityId\\": 123456789,\\n \\"Entity\\": [\\n \\"[{\\\\\\"ip\\\\\\":\\\\\\"1.1.XX.XX\\\\\\"}]\\"\\n ],\\n \\"EntityType\\": \\"ip\\",\\n \\"TaskParam\\": \\"{\\\\n \\\\\\"file\\\\\\": {\\\\n \\\\\\"op_code\\\\\\": \\\\\\"2\\\\\\",\\\\n \\\\\\"file_path\\\\\\": \\\\\\"/root/alert0913/a886.jsp\\\\\\",\\\\n \\\\\\"entity_type\\\\\\": \\\\\\"file\\\\\\",\\\\n \\\\\\"entity_name\\\\\\": \\\\\\"a886.jsp\\\\\\",\\\\n \\\\\\"file_name\\\\\\": \\\\\\"a886.jsp\\\\\\",\\\\n \\\\\\"file_owner\\\\\\": \\\\\\"USER:,GROUP:\\\\\\",\\\\n \\\\\\"hash_value\\\\\\": \\\\\\"5def10c9a4287d0920d86b42420b20b0\\\\\\",\\\\n \\\\\\"op_level\\\\\\": \\\\\\"2\\\\\\",\\\\n \\\\\\"entity_id\\\\\\": \\\\\\"/root/alert0913/a886.jsp\\\\\\",\\\\n \\\\\\"host_uuid\\\\\\": {\\\\n \\\\\\"entity_type\\\\\\": \\\\\\"host\\\\\\",\\\\n \\\\\\"entity_name\\\\\\": \\\\\\"N/A\\\\\\",\\\\n \\\\\\"is_comprised\\\\\\": \\\\\\"1\\\\\\",\\\\n \\\\\\"os_type\\\\\\": \\\\\\"linux\\\\\\",\\\\n \\\\\\"entity_id\\\\\\": \\\\\\"5f58ef67-8803-4314-8d67-c87dc92b****\\\\\\",\\\\n \\\\\\"host_uuid\\\\\\": \\\\\\"5f58ef67-8803-4314-8d67-c87dc92b****\\\\\\",\\\\n \\\\\\"host_name\\\\\\": \\\\\\"N/A\\\\\\"\\\\n },\\\\n \\\\\\"malware_type\\\\\\": \\\\\\"${aliyun.siem.sas.alert_tag.webshell}\\\\\\"\\\\n },\\\\n \\\\\\"_sys_siem\\\\\\": {\\\\n \\\\\\"cloudCode\\\\\\": \\\\\\"aliyun\\\\\\",\\\\n \\\\\\"alertId\\\\\\": \\\\\\"89416745494****\\\\\\"\\\\n },\\\\n \\\\\\"scope\\\\\\": [\\\\n {\\\\n \\\\\\"aliUid\\\\\\": 1766185894104****\\\\n }\\\\n ]\\\\n}\\",\\n \\"ErrorMessage\\": \\"DisposalEntity failed which description is Aegis Quarantine File , return_info failed which description is Check Aegis Process Result , [ERROR DETAIL] *******.php:file not found\\",\\n \\"FinishTime\\": \\"2021-08-10 21:34:07\\",\\n \\"EffectiveStatus\\": 0,\\n \\"Status\\": 10\\n }\\n ]\\n }\\n}","type":"json"}]', 'title' => '获取处置策略列表', ], 'DescribeDisposeStrategyPlaybook' => [ 'summary' => '获取处置策略使用的剧本列表。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'https', 'http', ], 'security' => [ [ 'AK' => [], ], ], 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', ], 'parameters' => [ [ 'name' => 'StartTime', 'in' => 'formData', 'schema' => [ 'title' => '查询开始时间, 单位毫秒。', 'description' => '查询开始时间, 单位毫秒。', 'type' => 'integer', 'format' => 'int64', 'required' => true, 'example' => '1577808000000', ], ], [ 'name' => 'EndTime', 'in' => 'formData', 'schema' => [ 'title' => '查询结束时间, 单位毫秒。', 'description' => '查询结束时间, 单位毫秒。', 'type' => 'integer', 'format' => 'int64', 'required' => true, 'example' => '1577808000000', ], ], [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'BaseResponse>', 'description' => 'BaseResponse>', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'array', 'items' => [ 'type' => 'object', 'properties' => [ 'PlaybookName' => [ 'title' => '剧本唯一标识名称。', 'description' => '剧本唯一标识名称。', 'type' => 'string', 'example' => 'WafBlockIP', ], 'PlaybookUuid' => [ 'title' => '剧本UUID。', 'description' => '剧本UUID。', 'type' => 'string', 'example' => 'system_aliyun_clb_process_book', ], ], ], 'example' => '123456', ], 'Success' => [ 'title' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'description' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'type' => 'boolean', 'example' => 'true', ], 'Code' => [ 'title' => '请求状态码。', 'description' => '请求状态码。', 'type' => 'integer', 'format' => 'int32', 'example' => '200', ], 'Message' => [ 'title' => '请求返回消息。', 'description' => '请求返回消息。', 'type' => 'string', 'example' => 'success', ], 'RequestId' => [ 'title' => '请求id。', 'description' => '请求ID。', 'type' => 'string', 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorMessage' => 'The request processing has failed due to some unknown error.', 'errorCode' => 'InternalError', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"PlaybookName\\": \\"WafBlockIP\\",\\n \\"PlaybookUuid\\": \\"system_aliyun_clb_process_book\\"\\n }\\n ],\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', 'title' => '获取处置策略使用的剧本列表', ], 'RestoreCapacity' => [ 'summary' => '释放存储空间，降低存储使用量，注意，该操作不可逆，存在数据丢失的风险，谨慎使用。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'http', 'https', ], 'security' => [ [ 'AK' => [], ], ], 'deprecated' => false, 'systemTags' => [ 'operationType' => 'update', 'abilityTreeCode' => '173446', 'abilityTreeNodes' => [ 'FEATUREsasRXJ9SY', ], ], 'parameters' => [ [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港，选择该项。'."\n" .'- ap-southeast-1：资产属于海外地域，选择该项。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'CloudSiemSuccessResponse', 'description' => 'CloudSiemResponse', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '是否已经发送清空指令。取值：'."\n" .'- true：已经发送清空命令，正在清理中'."\n" .'- false：发送失败', 'type' => 'boolean', 'example' => 'true', ], 'RequestId' => [ 'title' => '请求消息ID。', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-58D4-55B2-87B9-74D413F7****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorCode' => 'InternalError', 'errorMessage' => 'The request processing has failed due to some unknown error.', ], ], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": true,\\n \\"RequestId\\": \\"6276D891-58D4-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', 'title' => '置空已有的存储', ], 'GetCapacity' => [ 'summary' => '获取当前威胁分析存储的使用量以及预付费的购买量，单位为GB。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'http', 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeCode' => '155452', 'abilityTreeNodes' => [ 'FEATUREsasRXJ9SY', ], ], 'parameters' => [ [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港，选择该项。'."\n" .'- ap-southeast-1：资产属于海外地域，选择该项。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'CloudSiemSuccessResponse', 'description' => 'CloudSiemResponse', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '容量明细。', 'type' => 'object', 'properties' => [ 'UsedCapacity' => [ 'title' => '威胁分析当前计费容量。', 'description' => '威胁分析当前计费容量（GB）。', 'type' => 'number', 'format' => 'double', 'example' => '10', ], 'PreservedCapacity' => [ 'title' => '威胁分析用户购买容量。', 'description' => '威胁分析用户购买容量（GB）。', 'type' => 'integer', 'format' => 'int64', 'example' => '9000', ], 'ExistLogStore' => [ 'title' => '威胁分析用户侧LogStore是否存在，默认true。取值：'."\n" .'- true：当前日志正常，日志分析可用'."\n" .'- false：当前正在清理日志，日志分析不可用', 'description' => '威胁分析用户侧LogStore是否存在。取值：'."\n" .'- true：当前日志正常，日志分析可用'."\n" .'- false：当前正在清理日志，日志分析不可用', 'type' => 'boolean', 'example' => 'true', ], 'AgentManagedAssetQuota' => [ 'title' => 'Agent调用实例量已购额度', 'description' => 'Agent调用实例量已购额度', 'type' => 'integer', 'format' => 'int64', 'example' => '1', ], 'AgentManagedAssetUsed' => [ 'title' => 'Agent调用实例量已用量', 'description' => 'Agent调用实例量已用量', 'type' => 'integer', 'format' => 'int64', 'example' => '1', ], ], ], 'RequestId' => [ 'title' => '请求消息ID。', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '27D27DCB-D76B-5064-8B3B-0900DEF7****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorCode' => 'InternalError', 'errorMessage' => 'The request processing has failed due to some unknown error.', ], [ 'errorCode' => 'Siem.Storage.Exception', 'errorMessage' => 'The request timed out, try again.', ], ], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"UsedCapacity\\": 10,\\n \\"PreservedCapacity\\": 9000,\\n \\"ExistLogStore\\": true,\\n \\"AgentManagedAssetQuota\\": 1,\\n \\"AgentManagedAssetUsed\\": 1\\n },\\n \\"RequestId\\": \\"27D27DCB-D76B-5064-8B3B-0900DEF7****\\"\\n}","type":"json"}]', 'title' => '获取当前企业威胁分析存储的使用量及购买量', ], 'SetStorage' => [ 'summary' => '保存用户设置的存储天数，存储地域（region）等信息。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'http', 'https', ], 'security' => [ [ 'AK' => [], ], ], 'deprecated' => false, 'systemTags' => [ 'operationType' => 'update', 'abilityTreeCode' => '179221', 'abilityTreeNodes' => [ 'FEATUREsasRXJ9SY', ], ], 'parameters' => [ [ 'name' => 'Ttl', 'in' => 'formData', 'schema' => [ 'title' => '日志存储天数，默认180天。该值最小设置为30天，最大不能超过3000天。', 'description' => '日志存储天数，默认180天。该值最小设置为30天，最大不能超过3000天。', 'type' => 'integer', 'format' => 'int32', 'required' => true, 'example' => '180', ], ], [ 'name' => 'Region', 'in' => 'formData', 'schema' => [ 'title' => '日志存储地域。', 'description' => '日志存储地域。'."\n" ."\n" .'数据管理中心所在地为**cn-hangzhou**时，**Region**默认为上海（cn-shanghai）；数据管理中心所在地为**ap-southeast-1**时，**Region**默认为新加坡（ap-southeast-1）。'."\n" ."\n" .'不可以修改日志存储地域。如需修改，请联系威胁分析的运营人员。', 'type' => 'string', 'required' => false, 'example' => 'cn-shanghai', ], ], [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港，选择该项。'."\n" .'- ap-southeast-1：资产属于海外地域，选择该项。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'CloudSiemSuccessResponse', 'description' => 'CloudSiemResponse', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '是否保存成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'type' => 'boolean', 'example' => 'true', ], 'RequestId' => [ 'title' => '请求消息ID。', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-58D4-55B2-87B9-74D413F7****', ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'Siem.TTL.Limit', 'errorMessage' => 'TTL should be set 30 days at least', ], ], 500 => [ [ 'errorCode' => 'InternalError', 'errorMessage' => 'The request processing has failed due to some unknown error.', ], ], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": true,\\n \\"RequestId\\": \\"6276D891-58D4-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', 'title' => '保存用户设置的存储信息', ], 'DescribeStorage' => [ 'summary' => '判断威胁分析用户的存储（用户侧日志服务中LogStore）是否正常。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'http', 'https', ], 'security' => [ [ 'AK' => [], ], ], 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'abilityTreeCode' => '190429', 'abilityTreeNodes' => [ 'FEATUREsasRXJ9SY', ], ], 'parameters' => [ [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '137820528780****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港，选择该项。'."\n" .'- ap-southeast-1：资产属于海外地域，选择该项。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'CloudSiemSuccessResponse', 'description' => 'CloudSiemResponse', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '用户的日志服务中是否存在威胁分析服务创建的Project和LogStore。取值：'."\n" .'- true：存在'."\n" .'- false：不存在', 'type' => 'boolean', 'example' => 'true', ], 'RequestId' => [ 'title' => '请求消息ID。', 'description' => '请求消息ID。', 'type' => 'string', 'example' => 'CCEEE128-6607-503E-AAA6-C5E57D94****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorCode' => 'InternalError', 'errorMessage' => 'The request processing has failed due to some unknown error.', ], [ 'errorCode' => 'SLS.Operation.Error', 'errorMessage' => 'SLS service is unavailable!', ], ], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": true,\\n \\"RequestId\\": \\"CCEEE128-6607-503E-AAA6-C5E57D94****\\"\\n}","type":"json"}]', 'title' => '判断威胁分析用户的存储是否存在', ], 'GetStorage' => [ 'summary' => '获取威胁分析与响应产品在用户SLS中创建的存储设置，包含存储天数、存储地域等信息。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'http', 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'abilityTreeCode' => '179222', 'abilityTreeNodes' => [ 'FEATUREsasRXJ9SY', ], ], 'parameters' => [ [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '127XXXX', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港，选择该项。'."\n" .'- ap-southeast-1：资产属于海外地域，选择该项。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'CloudSiemSuccessResponse', 'description' => 'CloudSiemResponse', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '存储具体信息。', 'type' => 'object', 'properties' => [ 'Ttl' => [ 'title' => '存储天数。', 'description' => '设置的存储天数，默认是180天。该值最小设置为30天，最大设置为3000天。', 'type' => 'integer', 'format' => 'int32', 'example' => '180', ], 'Region' => [ 'title' => '存储地域（region）。', 'description' => '存储地域。'."\n" ."\n" .'数据管理中心所在地为**cn-hangzhou**时，**Region**默认为上海（cn-shanghai）；数据管理中心所在地为**ap-southeast-1**时，**Region**默认为新加坡（ap-southeast-1）。', 'type' => 'string', 'example' => 'cn-shanghai', ], 'DisplayRegion' => [ 'title' => '是否拥有修改存储地域的权限，默认值false。取值：'."\n" .'- true：拥有修改存储地域的权限'."\n" .'- false：不拥有修改存储地域的权限', 'description' => '是否拥有修改存储地域的权限，默认值false。取值：'."\n" .'- true：拥有修改存储地域的权限'."\n" .'- false：不拥有修改存储地域的权限', 'type' => 'boolean', 'example' => 'false', ], 'CanOperate' => [ 'title' => '当前是否可以操作存储地域（存储地域仅能操作一次），默认值false。取值：'."\n" .'- true：可以修改存储地域'."\n" .'- false：不可以修改存储地域', 'description' => '当前是否可以操作存储地域（存储地域仅能操作一次），默认值false。取值：'."\n" .'- true：可以修改存储地域'."\n" .'- false：不可以修改存储地域', 'type' => 'boolean', 'example' => 'false', ], ], ], 'RequestId' => [ 'title' => '请求消息ID。', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '97A31C3A-3F9F-5866-8979-5159E3DC****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorCode' => 'InternalError', 'errorMessage' => 'The request processing has failed due to some unknown error.', ], ], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"Ttl\\": 180,\\n \\"Region\\": \\"cn-shanghai\\",\\n \\"DisplayRegion\\": false,\\n \\"CanOperate\\": false\\n },\\n \\"RequestId\\": \\"97A31C3A-3F9F-5866-8979-5159E3DC****\\"\\n}","type":"json"}]', 'title' => '获取设置的存储信息', ], 'ListDelivery' => [ 'summary' => '查看整个企业或者普通成员接入威胁分析的产品、日志列表，以及这些日志的数据投递情况。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'http', 'https', ], 'security' => [ [ 'AK' => [], ], ], 'deprecated' => false, 'systemTags' => [ 'operationType' => 'list', 'abilityTreeCode' => '155305', 'abilityTreeNodes' => [ 'FEATUREsasRXJ9SY', ], ], 'parameters' => [ [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港，选择该项。'."\n" .'- ap-southeast-1：资产属于海外地域，选择该项。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'CloudSiemSuccessResponse', 'description' => 'BaseResponse', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '返回的详细内容。', 'type' => 'object', 'properties' => [ 'ProjectName' => [ 'title' => '威胁分析用户侧日志服务Project名字，格式：aliyun-cloudsiem-data-${aliUid}-${region}。', 'description' => '威胁分析用户侧日志服务Project名字，格式：aliyun-cloudsiem-data-${aliUid}-${region}。', 'type' => 'string', 'example' => 'aliyun-cloudsiem-data-127608589417****-cn-shanghai', ], 'LogStoreName' => [ 'title' => '威胁分析用户侧LogStore的名字，格式：cloud_siem。', 'description' => '威胁分析用户侧LogStore的名字，格式：cloud_siem。', 'type' => 'string', 'example' => 'cloud-siem', ], 'SearchUrl' => [ 'title' => '日志分析页面中查询分析的URL。', 'description' => '日志分析页面中查询分析的URL。', 'type' => 'string', 'example' => 'https://sls4service.console.aliyun.com/lognext/project/aliyun-cloudsiem-data-127608589417****-cn-shanghai'."\n" .'/logsearch/cloud-siem?isShare=true&hideTopbar=true&hideSidebar=true&ignoreTabLocalStorage=true', ], 'DashboardUrl' => [ 'title' => '日志分析页面中报表展示的URL。', 'description' => '日志分析页面中报表展示的URL。', 'type' => 'string', 'example' => 'https://sls4service.console.aliyun.com/lognext/project/aliyun-cloudsiem-data-127608589417****-cn-shanghai'."\n" .'/dashboard/cloud-siem?isShare=true&hideTopbar=true&hideSidebar=true&ignoreTabLocalStorage=true', ], 'DisplaySwitchOrNot' => [ 'title' => '是否展示投递开关，默认true，取值：'."\n" .'- true：显示投递开关'."\n" .'- false：隐藏投递开关', 'description' => '是否展示投递开关，默认true，取值：'."\n" .'- true：显示投递开关'."\n" .'- false：隐藏投递开关', 'type' => 'boolean', 'example' => 'true', ], 'ProductList' => [ 'title' => '接入的产品列表。', 'description' => '产品列表。', 'type' => 'array', 'items' => [ 'description' => '接入的产品列表。', 'type' => 'object', 'properties' => [ 'ProductCode' => [ 'title' => '云产品编码。取值：'."\n" .'- qcloud_waf'."\n" .'- qlcoud_cfw'."\n" .'- hcloud_waf'."\n" .'- hcloud_cfw'."\n" .'- ddos'."\n" .'- sas'."\n" .'- cfw'."\n" .'- config'."\n" .'- csk'."\n" .'- fc'."\n" .'- rds'."\n" .'- nas'."\n" .'- apigateway'."\n" .'- cdn'."\n" .'- mongodb'."\n" .'- eip'."\n" .'- slb'."\n" .'- vpc'."\n" .'- actiontrail'."\n" .'- waf'."\n" .'- bastionhost'."\n" .'- oss'."\n" .'- polardb', 'description' => '云产品编码。取值：'."\n" .'- qcloud_waf'."\n" .'- qlcoud_cfw'."\n" .'- hcloud_waf'."\n" .'- hcloud_cfw'."\n" .'- ddos'."\n" .'- sas'."\n" .'- cfw'."\n" .'- config'."\n" .'- csk'."\n" .'- fc'."\n" .'- rds'."\n" .'- nas'."\n" .'- apigateway'."\n" .'- cdn'."\n" .'- mongodb'."\n" .'- eip'."\n" .'- slb'."\n" .'- vpc'."\n" .'- actiontrail'."\n" .'- waf'."\n" .'- bastionhost'."\n" .'- oss'."\n" .'- polardb', 'type' => 'string', 'example' => 'sas', ], 'ProductName' => [ 'title' => '所属厂商名称', 'description' => '该参数已废弃，无需关注。', 'type' => 'string', 'example' => 'Security Center', ], 'LogMap' => [ 'title' => '存在日志分类的日志列表', 'description' => '存在日志分类的日志列表，比如云安全中心，存在主机、网络等分组，分组信息为key，分组所包含的日志为value。', 'type' => 'object', 'additionalProperties' => [ 'type' => 'array', 'items' => [ 'type' => 'object', 'properties' => [ 'LogCode' => [ 'title' => '日志编码。', 'type' => 'string', 'example' => 'cloud_siem_config_log', 'description' => '日志编码。', ], 'LogName' => [ 'title' => '日志中文名字。', 'type' => 'string', 'description' => '该参数已废弃，无需关注。', 'example' => 'audit log', ], 'LogNameEn' => [ 'title' => '日志英文名字。', 'type' => 'string', 'example' => 'audit log', 'description' => '该参数已废弃，无需关注。', ], 'LogNameKey' => [ 'title' => '日志语言编码，用于进行多语言名字的展示。', 'type' => 'string', 'example' => '${sas.cloudsiem.prod.cloud_siem_aegis_crack_from_beaver}', 'description' => '日志语言编码，用于进行多语言名字的展示。', ], 'Status' => [ 'title' => '日志投递状态。', 'type' => 'boolean', 'description' => '日志投递状态。取值：'."\n" .'- true：正在投递 '."\n" .'- false：投递被关闭', 'example' => 'true', ], 'CanOperateOrNot' => [ 'title' => '是否可以操作投递开关。', 'type' => 'boolean', 'example' => 'true', 'description' => '是否可以操作日志投递开关，日志投递开关只限于威胁分析委派管理员进行操作。取值：'."\n" .'- true：可以操作 '."\n" .'- false：不可以操作', ], 'Topic' => [ 'title' => '日志在用户侧存储的Topic。', 'type' => 'string', 'description' => '日志在LogStore中的Topic，是LogStore的索引字段，通过该字段，能够区分不同的日志。', 'example' => 'sas_login_event', ], 'ExtraParameters' => [ 'title' => '扩展参数。', 'type' => 'array', 'items' => [ 'type' => 'object', 'properties' => [ 'Key' => [ 'type' => 'string', 'example' => 'flag', 'description' => '扩展参数标识。', ], 'Value' => [ 'type' => 'string', 'example' => 'value', 'description' => '扩展参数值。', ], ], 'description' => '日志描述的附加参数。', ], 'description' => '扩展参数。', ], ], 'description' => '日志详情。', ], 'description' => '分组包含的日志列表。', ], ], 'LogList' => [ 'title' => '不存在日志分类的日志列表', 'description' => '没有更细分类的云产品。', 'type' => 'array', 'items' => [ 'description' => '日志详情。', 'type' => 'object', 'properties' => [ 'LogCode' => [ 'title' => '日志编码。', 'description' => '日志编码。', 'type' => 'string', 'example' => 'cloud_siem_config_log', ], 'LogName' => [ 'title' => '日志中文名字。', 'description' => '该参数已废弃，无需关注。', 'type' => 'string', 'example' => 'audit log', ], 'LogNameEn' => [ 'title' => '日志英文名字。', 'description' => '该参数已废弃，无需关注。', 'type' => 'string', 'example' => 'audit log'."\n", ], 'LogNameKey' => [ 'title' => '日志语言编码，用于进行多语言名字的展示。', 'description' => '日志语言编码，用于进行多语言名字的展示。', 'type' => 'string', 'example' => '${sas.cloudsiem.prod.cloud_siem_aegis_crack_from_beaver}', ], 'Status' => [ 'title' => '日志投递状态。', 'description' => '日志投递状态。取值：'."\n" .'- true：正在投递 '."\n" .'- false：投递被关闭', 'type' => 'boolean', 'example' => 'true', ], 'CanOperateOrNot' => [ 'title' => '是否可以操作投递开关。', 'description' => '是否可以操作日志投递开关，日志投递开关只限于威胁分析委派管理员进行操作。取值：'."\n" .'- true：可以操作'."\n" .'- false：不可以操作', 'type' => 'boolean', 'example' => 'true', ], 'Topic' => [ 'title' => '日志在用户侧存储的Topic。', 'description' => '日志在LogStore中的Topic，是LogStore的索引字段，通过该字段，能够区分不同的日志。', 'type' => 'string', 'example' => 'sas_login_event', ], 'ExtraParameters' => [ 'title' => '扩展参数。', 'description' => '扩展参数。', 'type' => 'array', 'items' => [ 'description' => '日志描述的附加参数。', 'type' => 'object', 'properties' => [ 'Key' => [ 'description' => '扩展参数标识。', 'type' => 'string', 'example' => 'flag', ], 'Value' => [ 'description' => '扩展参数值。', 'type' => 'string', 'example' => 'value', ], ], ], ], ], ], ], ], ], ], ], ], 'RequestId' => [ 'title' => '请求消息ID。', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-58D4-55B2-87B9-74D413F7****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorCode' => 'InternalError', 'errorMessage' => 'The request processing has failed due to some unknown error.', ], [ 'errorCode' => 'SLS.Sls4Service.Error', 'errorMessage' => 'The Simple Log Service about embedding console pages is unavailable.', ], ], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"ProjectName\\": \\"aliyun-cloudsiem-data-127608589417****-cn-shanghai\\",\\n \\"LogStoreName\\": \\"cloud-siem\\",\\n \\"SearchUrl\\": \\"https://sls4service.console.aliyun.com/lognext/project/aliyun-cloudsiem-data-127608589417****-cn-shanghai\\\\n/logsearch/cloud-siem?isShare=true&hideTopbar=true&hideSidebar=true&ignoreTabLocalStorage=true\\",\\n \\"DashboardUrl\\": \\"https://sls4service.console.aliyun.com/lognext/project/aliyun-cloudsiem-data-127608589417****-cn-shanghai\\\\n/dashboard/cloud-siem?isShare=true&hideTopbar=true&hideSidebar=true&ignoreTabLocalStorage=true\\",\\n \\"DisplaySwitchOrNot\\": true,\\n \\"ProductList\\": [\\n {\\n \\"ProductCode\\": \\"sas\\",\\n \\"ProductName\\": \\"Security Center\\",\\n \\"LogMap\\": {\\n \\"key\\": [\\n {\\n \\"LogCode\\": \\"cloud_siem_config_log\\",\\n \\"LogName\\": \\"audit log\\",\\n \\"LogNameEn\\": \\"audit log\\",\\n \\"LogNameKey\\": \\"${sas.cloudsiem.prod.cloud_siem_aegis_crack_from_beaver}\\",\\n \\"Status\\": true,\\n \\"CanOperateOrNot\\": true,\\n \\"Topic\\": \\"sas_login_event\\",\\n \\"ExtraParameters\\": [\\n {\\n \\"Key\\": \\"flag\\",\\n \\"Value\\": \\"value\\"\\n }\\n ]\\n }\\n ]\\n },\\n \\"LogList\\": [\\n {\\n \\"LogCode\\": \\"cloud_siem_config_log\\",\\n \\"LogName\\": \\"audit log\\",\\n \\"LogNameEn\\": \\"audit log\\\\n\\",\\n \\"LogNameKey\\": \\"${sas.cloudsiem.prod.cloud_siem_aegis_crack_from_beaver}\\",\\n \\"Status\\": true,\\n \\"CanOperateOrNot\\": true,\\n \\"Topic\\": \\"sas_login_event\\",\\n \\"ExtraParameters\\": [\\n {\\n \\"Key\\": \\"flag\\",\\n \\"Value\\": \\"value\\"\\n }\\n ]\\n }\\n ]\\n }\\n ]\\n },\\n \\"RequestId\\": \\"6276D891-58D4-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', 'title' => '展示接入威胁分析的日志投递状态', ], 'OpenDelivery' => [ 'summary' => '开通已经接入产品日志的投递。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'http', 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'create', 'riskType' => 'none', 'chargeType' => 'paid', 'abilityTreeCode' => '154876', 'abilityTreeNodes' => [ 'FEATUREsasRXJ9SY', ], ], 'parameters' => [ [ 'name' => 'ProductCode', 'in' => 'formData', 'schema' => [ 'title' => '云产品的编码。取值：'."\n" .'- qcloud_waf'."\n" .'- qlcoud_cfw'."\n" .'- hcloud_waf'."\n" .'- hcloud_cfw'."\n" .'- ddos'."\n" .'- sas'."\n" .'- cfw'."\n" .'- config'."\n" .'- csk'."\n" .'- fc'."\n" .'- rds'."\n" .'- nas'."\n" .'- apigateway'."\n" .'- cdn'."\n" .'- mongodb'."\n" .'- eip'."\n" .'- slb'."\n" .'- vpc'."\n" .'- actiontrail'."\n" .'- waf'."\n" .'- bastionhost'."\n" .'- oss'."\n" .'- polardb', 'description' => '云产品的编码。取值：'."\n" .'- qcloud_waf'."\n" .'- qlcoud_cfw'."\n" .'- hcloud_waf'."\n" .'- hcloud_cfw'."\n" .'- ddos'."\n" .'- sas'."\n" .'- cfw'."\n" .'- config'."\n" .'- csk'."\n" .'- fc'."\n" .'- rds'."\n" .'- nas'."\n" .'- apigateway'."\n" .'- cdn'."\n" .'- mongodb'."\n" .'- eip'."\n" .'- slb'."\n" .'- vpc'."\n" .'- actiontrail'."\n" .'- waf'."\n" .'- bastionhost'."\n" .'- oss'."\n" .'- polardb', 'type' => 'string', 'required' => true, 'example' => 'cfw', ], ], [ 'name' => 'LogCode', 'in' => 'formData', 'schema' => [ 'title' => '云产品下的日志code，比如云安全中心的进程日志，取值参考ListDelivery的返回值。', 'description' => '云产品下的日志code，比如云安全中心的进程日志，非必填，缺失时表示云产品下的所有日志的操作。', 'type' => 'string', 'required' => false, 'example' => 'cloud_siem_cfw_flow', ], ], [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港，选择该项。'."\n" .'- ap-southeast-1：资产属于海外地域，选择该项。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'CloudSiemSuccessResponse', 'description' => 'CloudSiemResponse', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '开通日志投递是否成功，取值：'."\n" .'- true：开通成功'."\n" .'- false：开通失败', 'type' => 'boolean', 'example' => 'true', ], 'RequestId' => [ 'title' => '请求消息ID。', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '15FD134E-D69B-51E8-B052-73F97BD8****', ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'Siem.Delivery.MissingProductCode', 'errorMessage' => 'ProductCode is mandatory for this action.', ], ], 500 => [ [ 'errorCode' => 'InternalError', 'errorMessage' => 'The request processing has failed due to some unknown error.', ], [ 'errorCode' => 'Siem.Delivery.ErrorMapping', 'errorMessage' => 'The Mapping between productCode and logCode is error.', ], [ 'errorCode' => 'Siem.Delivery.ErrorProductCode', 'errorMessage' => 'ProductCode is error for this action.', ], [ 'errorCode' => 'SLS.Ship.Error', 'errorMessage' => 'The Simple Log Service about data shipping is unavailable.', ], ], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": true,\\n \\"RequestId\\": \\"15FD134E-D69B-51E8-B052-73F97BD8****\\"\\n}","type":"json"}]', 'title' => '开通日志的投递', ], 'CloseDelivery' => [ 'summary' => '关闭某个已经接入的云产品日志的投递，关闭后用户侧的LogStore里不再有对应日志的新内容。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'http', 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'readAndWrite', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'update', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeCode' => '154877', 'abilityTreeNodes' => [ 'FEATUREsasRXJ9SY', ], ], 'parameters' => [ [ 'name' => 'ProductCode', 'in' => 'formData', 'schema' => [ 'title' => '云产品的编码。取值：'."\n" .'- qcloud_waf'."\n" .'- qlcoud_cfw'."\n" .'- hcloud_waf'."\n" .'- hcloud_cfw'."\n" .'- ddos'."\n" .'- sas'."\n" .'- cfw'."\n" .'- config'."\n" .'- csk'."\n" .'- fc'."\n" .'- rds'."\n" .'- nas'."\n" .'- apigateway'."\n" .'- cdn'."\n" .'- mongodb'."\n" .'- eip'."\n" .'- slb'."\n" .'- vpc'."\n" .'- actiontrail'."\n" .'- waf'."\n" .'- bastionhost'."\n" .'- oss'."\n" .'- polardb', 'description' => '云产品的编码。取值：'."\n" .'- qcloud_waf'."\n" .'- qlcoud_cfw'."\n" .'- hcloud_waf'."\n" .'- hcloud_cfw'."\n" .'- ddos'."\n" .'- sas'."\n" .'- cfw'."\n" .'- config'."\n" .'- csk'."\n" .'- fc'."\n" .'- rds'."\n" .'- nas'."\n" .'- apigateway'."\n" .'- cdn'."\n" .'- mongodb'."\n" .'- eip'."\n" .'- slb'."\n" .'- vpc'."\n" .'- actiontrail'."\n" .'- waf'."\n" .'- bastionhost'."\n" .'- oss'."\n" .'- polardb', 'type' => 'string', 'required' => true, 'example' => 'sas', ], ], [ 'name' => 'LogCode', 'in' => 'formData', 'schema' => [ 'title' => '云产品下的日志code，比如云安全中心的进程日志，取值参考ListDelivery的返回值。', 'description' => '云产品下的日志code，比如云安全中心的进程日志，取值参考ListDelivery的返回值。', 'type' => 'string', 'required' => false, 'example' => 'cloud_siem_aegis_proc', ], ], [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港，选择该项。'."\n" .'- ap-southeast-1：资产属于海外地域，选择该项。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'CloudSiemSuccessResponse', 'description' => 'CloudSiemResponse', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '威胁分析关闭服务的返回。取值：'."\n" .'- true：关闭成功'."\n" .'- false：关闭失败', 'type' => 'boolean', 'example' => 'true', ], 'RequestId' => [ 'title' => '请求消息ID。', 'description' => '请求消息ID。', 'type' => 'string', 'example' => 'F375A043-4F5B-55F2-A564-CC47FFC6****', ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'Siem.Delivery.MissingProductCode', 'errorMessage' => 'ProductCode is mandatory for this action.', ], ], 500 => [ [ 'errorCode' => 'InternalError', 'errorMessage' => 'The request processing has failed due to some unknown error.', ], [ 'errorCode' => 'Siem.Delivery.ErrorMapping', 'errorMessage' => 'The Mapping between productCode and logCode is error.', ], [ 'errorCode' => 'Siem.Delivery.ErrorProductCode', 'errorMessage' => 'ProductCode is error for this action.', ], [ 'errorCode' => 'SLS.Ship.Error', 'errorMessage' => 'The Simple Log Service about data shipping is unavailable.', ], ], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": true,\\n \\"RequestId\\": \\"F375A043-4F5B-55F2-A564-CC47FFC6****\\"\\n}","type":"json"}]', 'title' => '关闭威胁分析已接入的云产品日志的投递', ], 'UpdateWhiteRuleList' => [ 'summary' => '添加或更新告警加白规则。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'https', 'http', ], 'security' => [ [ 'AK' => [], ], ], 'deprecated' => false, 'systemTags' => [ 'operationType' => 'update', 'riskType' => 'none', 'chargeType' => 'free', ], 'parameters' => [ [ 'name' => 'WhiteRuleId', 'in' => 'formData', 'schema' => [ 'title' => '加白规则唯一ID。', 'description' => '加白规则唯一ID。', 'type' => 'integer', 'format' => 'int64', 'required' => true, 'example' => '123456789', ], ], [ 'name' => 'IncidentUuid', 'in' => 'formData', 'schema' => [ 'title' => '事件全局唯一ID。', 'description' => '事件全局唯一ID。', 'type' => 'string', 'required' => false, 'example' => '85ea4241-798f-4684-a876-65d4f0c3****', ], ], [ 'name' => 'Expression', 'in' => 'formData', 'schema' => [ 'title' => '告警加白规则 json对象。', 'description' => '告警加白规则，json对象。', 'type' => 'string', 'required' => true, 'example' => '['."\n" .' {'."\n" .' "alertName": "webshell",'."\n" .' "alertNameId": "webshell",'."\n" .' "alertType": "command",'."\n" .' "alertTypeId": "command",'."\n" .' "expression": {'."\n" .' "status": 1,'."\n" .' "conditions": ['."\n" .' {'."\n" .' "isNot": false,'."\n" .' "left": {'."\n" .' "value": "file_path"'."\n" .' },'."\n" .' "operator": "gt",'."\n" .' "right": {'."\n" .' "value": "cp"'."\n" .' }'."\n" .' }'."\n" .' ]'."\n" .' }'."\n" .' }'."\n" .']', ], ], [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'BaseResponse', 'description' => 'BaseResponse', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'any', 'example' => '123456', ], 'Success' => [ 'title' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'description' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'type' => 'boolean', 'example' => 'true', ], 'Code' => [ 'title' => '请求状态码。', 'description' => '请求状态码。', 'type' => 'integer', 'format' => 'int32', 'example' => '200', ], 'Message' => [ 'title' => '请求返回消息。', 'description' => '请求返回消息。', 'type' => 'string', 'example' => 'success', ], 'RequestId' => [ 'title' => '请求id。', 'description' => '请求ID。', 'type' => 'string', 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorMessage' => 'The request processing has failed due to some unknown error.', 'errorCode' => 'InternalError', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": \\"123456\\",\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', 'title' => '添加或更新告警加白规则', ], 'PostEventWhiteruleList' => [ 'summary' => '提交告警加白规则。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'https', 'http', ], 'security' => [ [ 'AK' => [], ], ], 'deprecated' => false, 'systemTags' => [ 'operationType' => 'create', 'riskType' => 'none', 'chargeType' => 'free', ], 'parameters' => [ [ 'name' => 'IncidentUuid', 'in' => 'formData', 'schema' => [ 'title' => '事件全局唯一ID。', 'description' => '事件全局唯一ID。', 'type' => 'string', 'required' => false, 'example' => '85ea4241-798f-4684-a876-65d4f0c3****', ], ], [ 'name' => 'WhiteruleList', 'in' => 'formData', 'schema' => [ 'title' => '告警加白规则 json对象。', 'description' => '告警加白规则，json对象。', 'type' => 'string', 'required' => true, 'example' => '['."\n" .' {'."\n" .' "alertName": "webshell",'."\n" .' "alertNameId": "webshell",'."\n" .' "alertType": "command",'."\n" .' "alertTypeId": "command",'."\n" .' "expression": {'."\n" .' "status": 1,'."\n" .' "conditions": ['."\n" .' {'."\n" .' "isNot": false,'."\n" .' "left": {'."\n" .' "value": "file_path"'."\n" .' },'."\n" .' "operator": "gt",'."\n" .' "right": {'."\n" .' "value": "cp"'."\n" .' }'."\n" .' }'."\n" .' ]'."\n" .' }'."\n" .' }'."\n" .']', ], ], [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'BaseResponse', 'description' => 'BaseResponse', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'string', 'example' => '123456', ], 'Success' => [ 'title' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'description' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'type' => 'boolean', 'example' => 'true', ], 'Code' => [ 'title' => '请求状态码。', 'description' => '请求状态码。', 'type' => 'integer', 'format' => 'int32', 'example' => '200', ], 'Message' => [ 'title' => '请求返回消息。', 'description' => '请求返回消息。', 'type' => 'string', 'example' => 'success', ], 'RequestId' => [ 'title' => '请求id。', 'description' => '请求ID。', 'type' => 'string', 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorMessage' => 'The request processing has failed due to some unknown error.', 'errorCode' => 'InternalError', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": \\"123456\\",\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', 'title' => '提交告警加白规则', ], 'DescribeWhiteRuleList' => [ 'summary' => '获取告警加白规则列表。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'https', 'http', ], 'security' => [ [ 'AK' => [], ], ], 'deprecated' => false, 'systemTags' => [ 'operationType' => 'list', 'riskType' => 'none', 'chargeType' => 'free', ], 'parameters' => [ [ 'name' => 'AlertType', 'in' => 'formData', 'schema' => [ 'title' => '告警类型。', 'description' => '告警类型。', 'type' => 'string', 'required' => false, 'example' => 'scan', ], ], [ 'name' => 'AlertName', 'in' => 'formData', 'schema' => [ 'title' => '告警名称。', 'description' => '告警名称。', 'type' => 'string', 'required' => false, 'example' => 'Try SNMP weak password', ], ], [ 'name' => 'IncidentUuid', 'in' => 'formData', 'schema' => [ 'title' => '事件ID。', 'description' => '事件全局唯一UUID。', 'type' => 'string', 'required' => false, 'example' => '85ea4241-798f-4684-a876-65d4f0c3****', ], ], [ 'name' => 'CurrentPage', 'in' => 'formData', 'schema' => [ 'title' => '列表当前页号， 大于等于1。', 'description' => '列表当前页号， 大于等于1。', 'type' => 'integer', 'format' => 'int32', 'required' => true, 'minimum' => '1', 'example' => '1', ], ], [ 'name' => 'PageSize', 'in' => 'formData', 'schema' => [ 'title' => '列表每页条数， 最大不超过100。', 'description' => '列表每页条数， 最大不超过100。', 'type' => 'integer', 'format' => 'int32', 'required' => true, 'maximum' => '100', 'minimum' => '1', 'example' => '10', ], ], [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'PageResponse>', 'description' => 'PageResponse>', 'type' => 'object', 'properties' => [ 'Success' => [ 'title' => '请求是否成功。取值：'."\n" .'- true:成功'."\n" .'- false：失败', 'description' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'type' => 'boolean', 'example' => 'true', ], 'Code' => [ 'title' => '请求状态码。', 'description' => '请求状态码。', 'type' => 'integer', 'format' => 'int32', 'example' => '200', ], 'Message' => [ 'title' => '请求返回消息。', 'description' => '请求返回消息。', 'type' => 'string', 'example' => 'success', ], 'RequestId' => [ 'title' => '请求id。', 'description' => '请求ID。', 'type' => 'string', 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', ], 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'object', 'properties' => [ 'PageInfo' => [ 'title' => '分页记录。', 'description' => '分页记录。', 'type' => 'object', 'properties' => [ 'CurrentPage' => [ 'title' => '列表当前页号。', 'description' => '列表当前页号。', 'type' => 'integer', 'format' => 'int32', 'example' => '1', ], 'PageSize' => [ 'title' => '每页返回记录数。', 'description' => '每页返回记录数。', 'type' => 'integer', 'format' => 'int32', 'example' => '10', ], 'TotalCount' => [ 'title' => '记录总数。', 'description' => '记录总数。', 'type' => 'integer', 'format' => 'int64', 'example' => '100', ], ], ], 'ResponseData' => [ 'title' => '详细数据。', 'description' => '详细数据。', 'type' => 'array', 'items' => [ 'type' => 'object', 'properties' => [ 'Id' => [ 'title' => '加白规则唯一ID。', 'description' => '加白规则唯一ID。', 'type' => 'integer', 'format' => 'int64', 'example' => '123456789', ], 'GmtCreate' => [ 'title' => '创建时间。', 'description' => '创建时间。', 'type' => 'string', 'example' => '2021-01-06 16:37:29', ], 'GmtModified' => [ 'title' => '修改时间。', 'description' => '修改时间。', 'type' => 'string', 'example' => '2021-01-06 16:37:29', ], 'Aliuid' => [ 'title' => '规则关联siem主账号ID。', 'description' => '开通威胁分析的阿里云账号ID。', 'type' => 'integer', 'format' => 'int64', 'example' => '127608589417****', ], 'SubAliuid' => [ 'title' => '规则创建阿里账号ID。', 'description' => '创建规则的阿里云账号ID。', 'type' => 'integer', 'format' => 'int64', 'example' => '176555323***', ], 'AlertType' => [ 'title' => '告警类型。', 'description' => '告警类型。', 'type' => 'string', 'example' => 'scan', ], 'AlertTypeId' => [ 'title' => '告警类型标识。', 'description' => '告警类型标识。', 'type' => 'string', 'example' => 'scan', ], 'AlertName' => [ 'title' => '告警名称。', 'description' => '告警名称。', 'type' => 'string', 'example' => 'Try SNMP weak password', ], 'AlertNameId' => [ 'title' => '告警名称标识。', 'description' => '告警名称标识。', 'type' => 'string', 'example' => 'Try SNMP weak password', ], 'Status' => [ 'title' => '规则启用状态。 取值：'."\n" .'- 1：开启'."\n" .'- 0：关闭', 'description' => '规则启用状态。 取值：'."\n" .'- 1：开启'."\n" .'- 0：关闭', 'type' => 'integer', 'format' => 'int32', 'example' => '1', ], 'IncidentUuid' => [ 'title' => '事件全局唯一ID。', 'description' => '事件全局唯一UUID。', 'type' => 'string', 'example' => '85ea4241-798f-4684-a876-65d4f0c3****', ], 'AlertUuid' => [ 'title' => '告警ID。', 'description' => '告警UUID。', 'type' => 'string', 'example' => 'sas_71e24437d2797ce8fc59692905a4****', ], 'Expression' => [ 'title' => '规则集 json数组格式。', 'description' => '规则集 json数组格式。', 'type' => 'object', 'properties' => [ 'Logic' => [ 'description' => '条件逻辑关系。', 'type' => 'string', 'example' => '(1&2)|(3&4)', ], 'Conditions' => [ 'description' => '规则表达式数组。', 'type' => 'array', 'items' => [ 'description' => '规则表达式数组。', 'type' => 'object', 'properties' => [ 'ItemId' => [ 'description' => '条件ID。', 'type' => 'integer', 'format' => 'int32', 'example' => '1', ], 'Operator' => [ 'description' => '分派规则条件聚合方式。'."\n" ."\n" .'- `=`：等于'."\n" .'- `<>`：不等于'."\n" .'- `in`：包含'."\n" .'- `not in`：不包含'."\n" .'- `REGEXP`：匹配正则'."\n" .'- `NOT REGEXP`：正则不匹配', 'type' => 'string', 'example' => 'REGEXP', ], 'IsNot' => [ 'description' => '对结果是否取反。 取值：'."\n" ."\n" .'- true：取反'."\n" .'- false：不取反', 'type' => 'boolean', 'example' => 'false', ], 'Left' => [ 'description' => '条件左值。', 'type' => 'object', 'properties' => [ 'Value' => [ 'description' => '左值变量名称。', 'type' => 'string', 'example' => 'ip', ], 'IsVar' => [ 'description' => '是否是变量。'."\n" ."\n" .'- true：变量'."\n" .'- false：常量', 'type' => 'boolean', 'example' => 'true', ], 'Type' => [ 'description' => '是否是常量。取值：'."\n" ."\n" .'- true：是'."\n" .'- false：否', 'type' => 'string', 'example' => 'false', ], 'Modifier' => [ 'description' => '备注信息。', 'type' => 'string', 'example' => 'length', ], 'ModifierParam' => [ 'description' => '备注信息键值对。', 'type' => 'object', 'additionalProperties' => [ 'type' => 'any', 'example' => '{"tage":"description"}', 'description' => '备注信息键值对。', ], ], ], ], 'Right' => [ 'description' => '右值对象。', 'type' => 'object', 'properties' => [ 'Value' => [ 'description' => '右值。', 'type' => 'string', 'example' => '12345', ], 'IsVar' => [ 'description' => '指定右变量值是常量，还是运行时变量（从运行时上下文中获取具体值）。'."\n" ."\n" .'- true：运行时变量'."\n" .'- false：常量', 'type' => 'boolean', 'example' => 'false', ], 'Type' => [ 'description' => '数据类型。', 'type' => 'string', 'example' => 'String', ], 'Modifier' => [ 'description' => '备注信息。', 'type' => 'string', 'example' => 'length', ], 'ModifierParam' => [ 'description' => '备注信息键值对。', 'type' => 'object', 'additionalProperties' => [ 'type' => 'any', 'example' => '{"tage":"description"}', 'description' => '备注信息键值对。', ], ], ], ], ], ], ], ], 'example' => '[{"conditions":[{"isNot":false,"itemId":0,"left":{"value":"host_uuid.host_name"},"operator":"containsString","right":{"value":"Cloud-MCH"}}]}]', ], ], ], ], ], 'example' => '123456', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorMessage' => 'The request processing has failed due to some unknown error.', 'errorCode' => 'InternalError', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\",\\n \\"Data\\": {\\n \\"PageInfo\\": {\\n \\"CurrentPage\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 100\\n },\\n \\"ResponseData\\": [\\n {\\n \\"Id\\": 123456789,\\n \\"GmtCreate\\": \\"2021-01-06 16:37:29\\",\\n \\"GmtModified\\": \\"2021-01-06 16:37:29\\",\\n \\"Aliuid\\": 0,\\n \\"SubAliuid\\": 0,\\n \\"AlertType\\": \\"scan\\",\\n \\"AlertTypeId\\": \\"scan\\",\\n \\"AlertName\\": \\"Try SNMP weak password\\",\\n \\"AlertNameId\\": \\"Try SNMP weak password\\",\\n \\"Status\\": 1,\\n \\"IncidentUuid\\": \\"85ea4241-798f-4684-a876-65d4f0c3****\\",\\n \\"AlertUuid\\": \\"sas_71e24437d2797ce8fc59692905a4****\\",\\n \\"Expression\\": {\\n \\"Logic\\": \\"(1&2)|(3&4)\\",\\n \\"Conditions\\": [\\n {\\n \\"ItemId\\": 1,\\n \\"Operator\\": \\"REGEXP\\",\\n \\"IsNot\\": false,\\n \\"Left\\": {\\n \\"Value\\": \\"ip\\",\\n \\"IsVar\\": true,\\n \\"Type\\": \\"false\\",\\n \\"Modifier\\": \\"length\\",\\n \\"ModifierParam\\": {\\n \\"key\\": \\"{\\\\\\"tage\\\\\\":\\\\\\"description\\\\\\"}\\"\\n }\\n },\\n \\"Right\\": {\\n \\"Value\\": \\"12345\\",\\n \\"IsVar\\": false,\\n \\"Type\\": \\"String\\",\\n \\"Modifier\\": \\"length\\",\\n \\"ModifierParam\\": {\\n \\"key\\": \\"{\\\\\\"tage\\\\\\":\\\\\\"description\\\\\\"}\\"\\n }\\n }\\n }\\n ]\\n }\\n }\\n ]\\n }\\n}","type":"json"}]', 'title' => '获取告警加白规则列表', ], 'DescribeAlertScene' => [ 'summary' => '获取告警加白场景。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'https', 'http', ], 'security' => [ [ 'AK' => [], ], ], 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', ], 'parameters' => [ [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'BaseResponse>', 'description' => 'BaseResponse>', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'array', 'items' => [ 'type' => 'object', 'properties' => [ 'AlertType' => [ 'title' => '告警类型展示值，随中英文环境变化。', 'description' => '告警类型展示值，随中英文环境变化。', 'type' => 'string', 'example' => 'unusual login', ], 'AlertTypeId' => [ 'title' => '告警类型标识。', 'description' => '告警类型标识。', 'type' => 'string', 'example' => 'unusual login', ], 'AlertName' => [ 'title' => '告警名称展示值，随中英文环境变化。', 'description' => '告警名称展示值，随中英文环境变化。', 'type' => 'string', 'example' => 'login_common_ip', ], 'AlertNameId' => [ 'title' => '告警名称标识。', 'description' => '告警名称标识。', 'type' => 'string', 'example' => 'login_common_ip', ], 'AlertTile' => [ 'title' => '告警title展示值，随中英文环境变化。', 'description' => '告警标题展示值，随中英文环境变化。', 'type' => 'string', 'example' => 'unusual login-login_common_ip', ], 'AlertTileId' => [ 'title' => '告警title 标识。', 'description' => '告警标题标识。', 'type' => 'string', 'example' => 'unusual login-login_common_ip', ], 'Targets' => [ 'title' => '加白对象。', 'description' => '加白对象。', 'type' => 'array', 'items' => [ 'type' => 'object', 'properties' => [ 'Type' => [ 'title' => '可以加白的实体属性字段。', 'description' => '可以加白的实体属性字段。', 'type' => 'string', 'example' => 'host_uuid', ], 'Name' => [ 'title' => '可以加白的实体属性字段展示名。', 'description' => '可以加白的实体属性字段展示名。', 'type' => 'string', 'example' => 'HOST UUID', ], 'Value' => [ 'title' => '加白规则默认展示的右值。', 'description' => '加白规则默认展示的右值。', 'type' => 'string', 'example' => '441862da-a539-4cc0-a00d-47395582****', ], 'Values' => [ 'title' => '加白规则可选的右值。', 'description' => '加白规则可选的右值。', 'type' => 'array', 'items' => [ 'description' => '右值。', 'type' => 'string', 'example' => '[441862da-a539-4cc0-a00d-47395582****]', ], 'example' => '["441862da-a539-4cc0-a00d-473955826881"]', ], ], ], 'example' => '[{"Type": "host_uuid","Value": "441862da-a539-4cc0-a00d-473955826881","Values": ["441862da-a539-4cc0-a00d-473955826881"],"Name": "${aliyun.siem.entity.host_uuid}"}]', ], ], ], 'example' => '123456', ], 'Success' => [ 'title' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'description' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'type' => 'boolean', 'example' => 'true', ], 'Code' => [ 'title' => '请求状态码。', 'description' => '请求状态码。', 'type' => 'integer', 'format' => 'int32', 'example' => '200', ], 'Message' => [ 'title' => '请求返回消息。', 'description' => '请求返回消息。', 'type' => 'string', 'example' => 'success', ], 'RequestId' => [ 'title' => '请求id。', 'description' => '请求ID。', 'type' => 'string', 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorMessage' => 'The request processing has failed due to some unknown error.', 'errorCode' => 'InternalError', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"AlertType\\": \\"unusual login\\",\\n \\"AlertTypeId\\": \\"unusual login\\",\\n \\"AlertName\\": \\"login_common_ip\\",\\n \\"AlertNameId\\": \\"login_common_ip\\",\\n \\"AlertTile\\": \\"unusual login-login_common_ip\\",\\n \\"AlertTileId\\": \\"unusual login-login_common_ip\\",\\n \\"Targets\\": [\\n {\\n \\"Type\\": \\"host_uuid\\",\\n \\"Name\\": \\"HOST UUID\\",\\n \\"Value\\": \\"441862da-a539-4cc0-a00d-47395582****\\",\\n \\"Values\\": [\\n \\"[441862da-a539-4cc0-a00d-47395582****]\\"\\n ]\\n }\\n ]\\n }\\n ],\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', 'title' => '获取告警加白规则场景列表', ], 'DescribeAlertSceneByEvent' => [ 'summary' => '获取告警加白场景与加白对象列表。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'https', 'http', ], 'security' => [ [ 'AK' => [], ], ], 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', ], 'parameters' => [ [ 'name' => 'IncidentUuid', 'in' => 'formData', 'schema' => [ 'title' => '事件ID。', 'description' => '事件ID。', 'type' => 'string', 'required' => true, 'example' => '85ea4241-798f-4684-a876-65d4f0c3****', ], ], [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'BaseResponse>', 'description' => 'BaseResponse>', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'array', 'items' => [ 'type' => 'object', 'properties' => [ 'AlertType' => [ 'title' => '告警类型展示值，随中英文环境变化。', 'description' => '告警类型展示值，随中英文环境变化。', 'type' => 'string', 'example' => 'Unusual Logon', ], 'AlertTypeId' => [ 'title' => '告警类型标识。', 'description' => '告警类型标识。', 'type' => 'string', 'example' => 'Unusual Logon', ], 'AlertName' => [ 'title' => '告警名称展示值，随中英文环境变化。', 'description' => '告警名称展示值，随中英文环境变化。', 'type' => 'string', 'example' => 'login_common_ip', ], 'AlertNameId' => [ 'title' => '告警名称标识。', 'description' => '告警名称标识。', 'type' => 'string', 'example' => 'login_common_ip', ], 'AlertTile' => [ 'title' => '告警title展示值，随中英文环境变化。', 'description' => '告警标题展示值，随中英文环境变化。', 'type' => 'string', 'example' => 'Unusual Logon-login_common_ip', ], 'AlertTileId' => [ 'title' => '告警title 标识。', 'description' => '告警标题标识。', 'type' => 'string', 'example' => 'Unusual Logon-login_common_ip', ], 'Targets' => [ 'title' => '加白对象。', 'description' => '加白对象。', 'type' => 'array', 'items' => [ 'type' => 'object', 'properties' => [ 'Type' => [ 'title' => '可以加白的实体属性字段。', 'description' => '可以加白的实体属性字段。', 'type' => 'string', 'example' => 'host_uuid', ], 'Name' => [ 'title' => '可以加白的实体属性字段展示名。', 'description' => '可以加白的实体属性字段展示名。', 'type' => 'string', 'example' => 'host uuid', ], 'Value' => [ 'title' => '加白规则默认展示的右值。', 'description' => '加白规则默认展示的右值。', 'type' => 'string', 'example' => '441862da-a539-4cc0-a00d-47395582****', ], 'Values' => [ 'title' => '加白规则可选的右值。', 'description' => '加白规则可选的右值。', 'type' => 'array', 'items' => [ 'description' => '右值。', 'type' => 'string', 'example' => '[441862da-a539-4cc0-a00d-47395582****]', ], 'example' => '["441862da-a539-4cc0-a00d-473955826881"]', ], ], ], 'example' => '[{"Type": "host_uuid","Value": "441862da-a539-4cc0-a00d-473955826881","Values": ["441862da-a539-4cc0-a00d-473955826881"],"Name": "${aliyun.siem.entity.host_uuid}"}]', ], ], ], 'example' => '123456', ], 'Success' => [ 'title' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'description' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'type' => 'boolean', 'example' => 'true', ], 'Code' => [ 'title' => '请求状态码。', 'description' => '请求状态码。', 'type' => 'integer', 'format' => 'int32', 'example' => '200', ], 'Message' => [ 'title' => '请求返回消息。', 'description' => '请求返回消息。', 'type' => 'string', 'example' => 'success', ], 'RequestId' => [ 'title' => '请求id。', 'description' => '请求ID。', 'type' => 'string', 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorMessage' => 'The request processing has failed due to some unknown error.', 'errorCode' => 'InternalError', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": [\\n {\\n \\"AlertType\\": \\"Unusual Logon\\",\\n \\"AlertTypeId\\": \\"Unusual Logon\\",\\n \\"AlertName\\": \\"login_common_ip\\",\\n \\"AlertNameId\\": \\"login_common_ip\\",\\n \\"AlertTile\\": \\"Unusual Logon-login_common_ip\\",\\n \\"AlertTileId\\": \\"Unusual Logon-login_common_ip\\",\\n \\"Targets\\": [\\n {\\n \\"Type\\": \\"host_uuid\\",\\n \\"Name\\": \\"host uuid\\",\\n \\"Value\\": \\"441862da-a539-4cc0-a00d-47395582****\\",\\n \\"Values\\": [\\n \\"[441862da-a539-4cc0-a00d-47395582****]\\"\\n ]\\n }\\n ]\\n }\\n ],\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', 'title' => '获取告警加白场景与加白对象列表', ], 'DeleteWhiteRuleList' => [ 'summary' => '删除指定ID的告警加白规则。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'https', 'http', ], 'security' => [ [ 'AK' => [], ], ], 'deprecated' => false, 'systemTags' => [ 'operationType' => 'delete', 'riskType' => 'none', 'chargeType' => 'free', ], 'parameters' => [ [ 'name' => 'Id', 'in' => 'formData', 'schema' => [ 'title' => '加白规则唯一ID。', 'description' => '加白规则唯一ID。', 'type' => 'integer', 'format' => 'int64', 'required' => true, 'example' => '123456789', ], ], [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'description' => '视图类型。'."\n" ."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'title' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'BaseResponse', 'description' => 'BaseResponse', 'type' => 'object', 'properties' => [ 'Data' => [ 'title' => '请求返回值。', 'description' => '请求返回值。', 'type' => 'any', 'example' => '123456', ], 'Success' => [ 'title' => '请求是否成功。取值：'."\n" .'- true：成功'."\n" .'- false：失败', 'description' => '请求是否成功。取值：'."\n" .'- true:成功'."\n" .'- false：失败', 'type' => 'boolean', 'example' => 'true', ], 'Code' => [ 'title' => '请求状态码。', 'description' => '请求状态码。', 'type' => 'integer', 'format' => 'int32', 'example' => '200', ], 'Message' => [ 'title' => '请求返回消息。', 'description' => '请求返回消息。', 'type' => 'string', 'example' => 'success', ], 'RequestId' => [ 'title' => '请求id。', 'description' => '请求ID。', 'type' => 'string', 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', ], ], ], ], ], 'errorCodes' => [ 500 => [ [ 'errorMessage' => 'The request processing has failed due to some unknown error.', 'errorCode' => 'InternalError', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": \\"123456\\",\\n \\"Success\\": true,\\n \\"Code\\": 200,\\n \\"Message\\": \\"success\\",\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', 'title' => '删除告警加白规则', ], ], 'endpoints' => [ [ 'regionId' => 'cn-shanghai', 'endpoint' => 'cloud-siem.cn-shanghai.aliyuncs.com', ], [ 'regionId' => 'ap-southeast-1', 'endpoint' => 'cloud-siem.ap-southeast-1.aliyuncs.com', ], ], ];