'1.0', 'info' => [ 'style' => 'RPC', 'product' => 'cloud-siem', 'version' => '2024-12-12', ], 'directories' => [ [ 'id' => 332850, 'title' => '账号管理', 'type' => 'directory', 'children' => [ 'GetUserConfig', ], ], [ 'id' => 332852, 'title' => '版本升级', 'type' => 'directory', 'children' => [ 'CheckUpgradeItem', 'ExecuteUpgrade', 'ListUpgradeItems', ], ], [ 'id' => 332856, 'title' => '日志管理', 'type' => 'directory', 'children' => [ 'UpdateDataStorage', 'UpdateDataStorageTtl', 'UpdateDataStorageDelivery', 'ResetDataStorage', 'GetDataStorage', ], ], [ 'id' => 332862, 'title' => '数据源', 'type' => 'directory', 'children' => [ 'CreateDataSource', 'UpdateDataSource', 'RefreshDataSource', 'DeleteDataSource', 'ListDataSources', 'UpdateDataSourceTemplate', 'ListDataSourceTemplates', 'CreateLogStore', 'DeleteLogStore', 'ValidateLogStore', 'ListLogRegions', 'ListLogProjects', 'ListLogStores', 'GetLogTicket', ], ], [ 'id' => 332881, 'title' => '数据接入', 'type' => 'directory', 'children' => [ 'CreateProduct', 'UpdateProduct', 'DeleteProduct', 'ListProducts', 'CreateVendor', 'UpdateVendor', 'DeleteVendor', 'ListVendors', 'CreateDataIngestion', 'EnableDataIngestion', 'DisableDataIngestion', 'UpdateDataIngestion', 'DeleteDataIngestion', 'GetDataBatchIngestion', 'UpdateDataBatchIngestion', 'ListDataIngestions', 'UpdateDataIngestionTemplate', 'ListDataIngestionTemplates', 'ListTrafficStatistics', 'ExecuteLogQuery', ], ], [ 'id' => 332906, 'title' => '数据标准化', 'type' => 'directory', 'children' => [ 'CreateNormalizationRule', 'UpdateNormalizationRule', 'DeleteNormalizationRule', 'ValidateNormalizationRule', 'GetNormalizationRule', 'GetNormalizationSchema', 'GetNormalizationRuleVersion', 'DeleteNormalizationRuleVersion', 'SetDefaultNormalizationRuleVersion', 'ListNormalizationRuleVersions', 'ListNormalizationRules', 'ListNormalizationFields', 'ListNormalizationCategories', 'ListNormalizationRuleCapacities', 'ListNormalizationSchemas', ], ], [ 'id' => 332922, 'title' => '数据集', 'type' => 'directory', 'children' => [ 'CreateDataSet', 'UpdateDataSet', 'DeleteDataSet', 'ListDataSets', 'UpdateDataSetRecord', 'DeleteDataSetRecord', 'ListDataSetRecords', ], ], [ 'id' => 332930, 'title' => '检测规则', 'type' => 'directory', 'children' => [ 'CreateDetectionRule', 'UpdateDetectionRule', 'DeleteDetectionRule', 'ListDetectionRules', 'GetDetectionStatistic', ], ], [ 'id' => 332936, 'title' => '事件处置', 'type' => 'directory', 'children' => [ 'GetIncident', 'ListIncidents', ], ], [ 'id' => 332939, 'title' => '导出任务', 'type' => 'directory', 'children' => [ 'CreateExportTask', 'GetExportTask', ], ], [ 'id' => 0, 'title' => '其它', 'type' => 'directory', 'children' => [ 'UpdateNormalizationSchema', 'CreateNormalizationSchema', ], ], ], 'components' => [ 'schemas' => [], ], 'apis' => [ 'GetUserConfig' => [ 'summary' => '获取用户信息。', 'methods' => [ 'post', 'get', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'en', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'string', 'required' => false, 'example' => '173326*******', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], 'User' => [ 'description' => '用户。', 'type' => 'object', 'properties' => [ 'CtdrVersion' => [ 'description' => '当前CTDR版本。', 'type' => 'string', 'example' => 'v2', ], 'DataStorageVersion' => [ 'description' => '升级状态。取值：'."\n" .'- pending：待升级。'."\n" .'- upgrading：升级中。'."\n" .'- success：升级成功。'."\n" .'- failed：升级失败。', 'type' => 'string', 'example' => 'pending', ], 'UpgradeStatus' => [ 'description' => '要升级的CTDR版本。', 'type' => 'string', 'example' => 'v2', ], 'UpgradeCtdrVersion' => [ 'description' => '日志管理版本。', 'type' => 'string', 'example' => 'v2', ], ], ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'IdempotentParameterMismatch', 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"User\\": {\\n \\"CtdrVersion\\": \\"v2\\",\\n \\"DataStorageVersion\\": \\"pending\\",\\n \\"UpgradeStatus\\": \\"v2\\",\\n \\"UpgradeCtdrVersion\\": \\"v2\\"\\n }\\n}","type":"json"}]', 'title' => '获取用户信息', 'description' => '入参JsonConfig是一个非常复杂的JSON配置，为此我们提供了辅助工具类帮助具体配置示例，请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。', ], 'CheckUpgradeItem' => [ 'summary' => '检查版本升级项。', 'path' => '', 'methods' => [ 'post', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'none', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'UpgradeItemId', 'in' => 'formData', 'schema' => [ 'description' => '升级项ID。', 'type' => 'string', 'required' => false, 'example' => 'dispose_task_upgrade', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-shanghai', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'string', 'required' => false, 'example' => '113091674488****', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'title' => 'Id of the request', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], 'UpgradeItem' => [ 'description' => '升级项。', 'type' => 'object', 'properties' => [ 'UpgradeItemId' => [ 'description' => '升级项ID。', 'type' => 'string', 'example' => 'incident_upgrade', ], 'CheckStatus' => [ 'description' => '卡点状态', 'type' => 'string', 'example' => 'success', ], 'CheckResult' => [ 'description' => '模块名文案', 'type' => 'string', 'example' => 'OK', ], ], ], ], ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"UpgradeItem\\": {\\n \\"UpgradeItemId\\": \\"incident_upgrade\\",\\n \\"CheckStatus\\": \\"success\\",\\n \\"CheckResult\\": \\"OK\\"\\n }\\n}","type":"json"}]', 'title' => '检查版本升级项', 'description' => '入参JsonConfig是一个非常复杂的JSON配置，为此我们提供了辅助工具类帮助具体配置示例，请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。', ], 'ExecuteUpgrade' => [ 'summary' => '执行版本升级。', 'path' => '', 'methods' => [ 'post', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'readAndWrite', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'update', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'string', 'required' => false, 'example' => '173326*******', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'title' => 'Id of the request', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], ], ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', 'title' => '执行版本升级', 'description' => '入参JsonConfig是一个非常复杂的JSON配置，为此我们提供了辅助工具类帮助具体配置示例，请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。', ], 'ListUpgradeItems' => [ 'summary' => '获取版本升级项列表。', 'path' => '', 'methods' => [ 'post', 'get', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'list', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'MaxResults', 'in' => 'formData', 'schema' => [ 'description' => '本次读取的最大数据量。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'minimum' => '0', 'example' => '50', ], ], [ 'name' => 'NextToken', 'in' => 'formData', 'schema' => [ 'description' => '是否拥有下一次查询的令牌（Token）。取值：第一次查询和没有下一次查询时，均无需填写。如果有下一次查询，取值为上一次API调用返回的NextToken值。', 'type' => 'string', 'required' => false, 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'string', 'required' => false, 'example' => '113091674488****', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'title' => 'Id of the request', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], 'UpgradeItems' => [ 'description' => '升级项列表。', 'type' => 'array', 'items' => [ 'description' => '升级项。', 'type' => 'object', 'properties' => [ 'UpgradeItemId' => [ 'description' => '升级项ID。', 'type' => 'string', 'example' => 'data_storage_2_upgrade', ], ], ], ], 'NextToken' => [ 'description' => '是否拥有下一次查询的令牌（Token）。取值：第一次查询和没有下一次查询时，均无需填写。如果有下一次查询，取值为上一次API调用返回的NextToken值。', 'type' => 'string', 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****', ], 'MaxResults' => [ 'description' => '本次读取的最大数据量。', 'type' => 'integer', 'format' => 'int32', 'example' => '50', ], 'TotalCount' => [ 'description' => '记录总数。', 'type' => 'integer', 'format' => 'int32', 'example' => '57', ], ], ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"UpgradeItems\\": [\\n {\\n \\"UpgradeItemId\\": \\"data_storage_2_upgrade\\"\\n }\\n ],\\n \\"NextToken\\": \\"AAAAAUqcj6VO4E3ECWIrFczs****\\",\\n \\"MaxResults\\": 50,\\n \\"TotalCount\\": 57\\n}","type":"json"}]', 'title' => '获取版本升级项列表', 'description' => '入参JsonConfig是一个非常复杂的JSON配置，为此我们提供了辅助工具类帮助具体配置示例，请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。', ], 'UpdateDataStorage' => [ 'summary' => '修改日志管理中的日志存储地域。', 'methods' => [ 'post', 'get', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'update', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsasRXJ9SY', ], 'tenantRelevance' => 'publicInformation', ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'DataStorageRegionId', 'in' => 'formData', 'schema' => [ 'description' => '日志存储的地域。', 'type' => 'string', 'required' => true, 'example' => 'cn-shanghai', ], ], [ 'name' => 'DeliveryStatus', 'in' => 'formData', 'schema' => [ 'description' => '日志管理全局投递开关，暂未放开设置。取值：'."\n" .'- enable：开通全部投递。'."\n" .'- disable：关闭全部投递。', 'type' => 'string', 'required' => false, 'example' => 'enable', 'maxLength' => 1000, ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'BaseResponse', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'description' => '请求消息ID。', 'type' => 'string', 'example' => 'EA7FC160-8D86-5ABE-A08A-7962FDC1****', ], ], ], ], ], 'errorCodes' => [], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"EA7FC160-8D86-5ABE-A08A-7962FDC1****\\"\\n}","type":"json"}]', 'title' => '修改日志管理中的日志存储地域', ], 'UpdateDataStorageTtl' => [ 'summary' => '修改日志的存储时长。', 'methods' => [ 'post', 'get', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'update', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsasRXJ9SY', ], 'autoTest' => true, 'tenantRelevance' => 'tenant', ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'LogStoreName', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析用户日志库名字。', 'type' => 'string', 'required' => false, 'example' => 'network-activity', 'maxLength' => 1000, ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'LogStoreTtl', 'in' => 'formData', 'schema' => [ 'description' => '日志库的存储时长。', 'type' => 'string', 'required' => false, 'example' => '180', ], ], [ 'name' => 'LogStoreHotTtl', 'in' => 'formData', 'schema' => [ 'description' => '使用阿里云日志服务热存方式的存储时长。', 'type' => 'string', 'required' => false, 'example' => '180', ], ], [ 'name' => 'LogStoreColdTtl', 'in' => 'formData', 'schema' => [ 'description' => '使用阿里云日志服务冷存方式的存储时长，暂未放开设置。', 'type' => 'string', 'required' => false, 'example' => '0', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'BaseResponse', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'description' => '请求消息ID。', 'type' => 'string', 'example' => 'D92E4FCF-4584-5E50-9C02-26B79A9C****', ], ], ], ], ], 'errorCodes' => [], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"D92E4FCF-4584-5E50-9C02-26B79A9C****\\"\\n}","type":"json"}]', 'title' => '修改日志的存储时长', ], 'UpdateDataStorageDelivery' => [ 'summary' => '修改日志投递状态。', 'methods' => [ 'post', 'get', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'update', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsasRXJ9SY', ], 'autoTest' => true, 'tenantRelevance' => 'tenant', ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'LogCode', 'in' => 'formData', 'schema' => [ 'description' => '日志code。', 'type' => 'string', 'required' => true, 'example' => 'aegis-log-login', ], ], [ 'name' => 'LogDeliveryStatus', 'in' => 'formData', 'schema' => [ 'description' => '日志投递状态。取值：'."\n" .'- enable：开通投递。'."\n" .'- disable：关闭投递。', 'type' => 'string', 'required' => false, 'example' => 'enable', 'maxLength' => 1000, ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'BaseResponse', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6D7FBF4A-5B95-5760-8B5A-BF8983D4****', ], ], ], ], ], 'errorCodes' => [], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6D7FBF4A-5B95-5760-8B5A-BF8983D4****\\"\\n}","type":"json"}]', 'title' => '修改日志投递状态', ], 'ResetDataStorage' => [ 'summary' => '重置用户的日志存储。', 'methods' => [ 'post', 'get', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'readAndWrite', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'update', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsasRXJ9SY', ], 'autoTest' => true, 'tenantRelevance' => 'tenant', ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'BaseResponse', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], ], ], ], ], 'errorCodes' => [], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', 'title' => '重置用户的日志存储', ], 'GetDataStorage' => [ 'summary' => '获取日志管理中用户日志详情。', 'methods' => [ 'post', 'get', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsasRXJ9SY', ], 'autoTest' => true, 'tenantRelevance' => 'tenant', ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'DataResponse', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'Data' => [ 'description' => '返回的详细内容。', 'type' => 'object', 'properties' => [ 'DataStorageRegionId' => [ 'description' => '用户侧日志的存储地域。', 'type' => 'string', 'example' => 'cn-shanghai', ], 'DataStorageTotalCapacity' => [ 'description' => '预付费场景下购买的存储用量。', 'type' => 'integer', 'format' => 'int64', 'example' => '100', ], 'DataStorageUsedCapacity' => [ 'description' => '用户日志管理中使用的存储量。', 'type' => 'number', 'format' => 'double', 'example' => '100.0', ], 'LogProject' => [ 'description' => '用户日志对应存储的 SLS Project 名称。', 'type' => 'string', 'example' => 'aliyun-cloudsiem-data-171835723111****-cn-shanghai', ], 'SasLogStores' => [ 'description' => '云安全中心原始日志存储详情。', 'type' => 'array', 'items' => [ 'description' => '云安全中心原始日志存储详情。', 'type' => 'object', 'properties' => [ 'LogName' => [ 'description' => '日志名称。', 'type' => 'string', 'example' => 'Process Snapshot', ], 'LogStoreName' => [ 'description' => '日志所在日志库的名字。', 'type' => 'string', 'example' => 'sas-security-log', ], 'LogDeliveryStatus' => [ 'description' => '日志投递情况。取值：'."\n" .'- enable：开通该日志的投递。'."\n" .'- disable：取消该日志的投递。', 'type' => 'string', 'example' => 'enable', ], 'LogStoreTtl' => [ 'description' => '该日志所在日志库的存储时长，至少存储30天。', 'type' => 'integer', 'format' => 'int32', 'example' => '180', ], 'LogDeliveryUpdateTime' => [ 'description' => '最近一次操作日志投递的时间。', 'type' => 'string', 'example' => '2025-07-16T15:10:29', ], 'LogDeliveryPermission' => [ 'description' => '是否允许操作日志投递开关，未购买的情况下无法进行投递。取值：'."\n" .'- allow：允许。'."\n" .'- deny：不允许。', 'type' => 'string', 'example' => 'deny', ], 'LogDeliveryGroup' => [ 'description' => '日志所在的分组。取值：'."\n" .'- host：主机日志。'."\n" .'- security：安全日志。', 'type' => 'string', 'example' => 'host', ], 'LogSearchConditions' => [ 'title' => 'JSON Array ["key":"product_code", "value":"ctdr"]', 'description' => '日志默认查询条件，多个日志存储在一个日志库的时候需要通过查询条件进行单日志查询。', 'type' => 'string', 'example' => '[{\\"__topic__\\":\\"sas-net-block\\"}]', ], 'LogCode' => [ 'description' => '日志编码。', 'type' => 'string', 'example' => 'sas-net-block', ], 'LogStoreExisted' => [ 'description' => '日志所在的日志库是否创存在。取值：'."\n" .'- true：存在。'."\n" .'- false：不存在。', 'type' => 'boolean', 'example' => 'true', ], ], ], ], 'NormalizationLogStores' => [ 'description' => '标准化数据的日志库详情。', 'type' => 'array', 'items' => [ 'description' => '标准化数据的日志库详情。', 'type' => 'object', 'properties' => [ 'LogStoreName' => [ 'description' => '存储标准化数据的日志库名字。', 'type' => 'string', 'example' => 'vulnerability-activity', ], 'LogStoreTtl' => [ 'description' => '存储标准化数据的存储时长。', 'type' => 'integer', 'format' => 'int32', 'example' => '180', ], ], ], ], 'NormalizationLogViews' => [ 'description' => '标准化数据集详情。', 'type' => 'array', 'items' => [ 'description' => '标准化数据集详情。', 'type' => 'object', 'properties' => [ 'CategoryName' => [ 'description' => '标准化日志分类。', 'type' => 'string', 'example' => 'Security Category', ], 'ActivityName' => [ 'description' => '标准化日志的日志类型。', 'type' => 'string', 'example' => 'API security risk log', ], 'LogViewName' => [ 'description' => '标准化数据集名字。', 'type' => 'string', 'example' => 'risk_activity', ], 'LogStoreName' => [ 'description' => '威胁分析存储标准化日志的日志库。', 'type' => 'string', 'example' => 'risk-activity', ], 'DetectionRuleReferenceCount' => [ 'description' => '该标准化数据集在威胁分析接入中心被引用的次数。', 'type' => 'integer', 'format' => 'int32', 'example' => '3', ], 'DetectionRuleReferenceProductIds' => [ 'description' => '该标准化数据集在威胁分析接入中心被引用的产品列表。', 'type' => 'array', 'items' => [ 'description' => '威胁分析接入中心的产品ID。', 'type' => 'string', 'example' => 'azure_active_directory', ], ], 'LogSearchConditions' => [ 'title' => 'JSON Array ["key":"product_code", "value":"ctdr"]', 'description' => '标准化数据集中查询日志类型的查询语句。', 'type' => 'string', 'example' => '[{\\"SCHEMA\\":\\"AZURE_ACTIVE_DIRECTORY_AUDIT_ACTIVITY\\"}]', ], 'LogViewExisted' => [ 'description' => '标准化数据集是否存在。取值：'."\n" .'- true：存在。'."\n" .'- false：不存在。', 'type' => 'boolean', 'example' => 'true', ], ], ], ], 'ColdStorageUsedCapacity' => [ 'description' => '用户日志使用冷存储的使用量。', 'type' => 'number', 'format' => 'double', 'example' => '100.0', ], 'DataStorageUsedCapacityDetail' => [ 'description' => '日志管理用户使用的存储详情。', 'type' => 'string', 'example' => '{\\"purchasedHotStorageCapacity\\":1000,\\"usedHotStorageCapacity\\":4.2,\\"usedHotStorageCapacityDetail\\":{\\"ap-southeast-1\\":4.2,\\"cn-shenzhen\\":0.0,\\"cn-shanghai\\":0.0}}', ], 'DataStorageRegionPermission' => [ 'description' => '是否可以修改存储地域。默认不可以，联系产品经理可以进行地域重置并且只能重置一次。取值：'."\n" .'- allow：可以修改。'."\n" .'- deny：不可以修改。', 'type' => 'string', 'example' => 'deny', ], ], ], 'RequestId' => [ 'description' => '请求消息ID。', 'type' => 'string', 'example' => '81FB0DEA-52C1-55A0-8631-8E1B9A9D****', ], ], ], ], ], 'errorCodes' => [], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Data\\": {\\n \\"DataStorageRegionId\\": \\"cn-shanghai\\",\\n \\"DataStorageTotalCapacity\\": 100,\\n \\"DataStorageUsedCapacity\\": 100,\\n \\"LogProject\\": \\"aliyun-cloudsiem-data-171835723111****-cn-shanghai\\",\\n \\"SasLogStores\\": [\\n {\\n \\"LogName\\": \\"Process Snapshot\\",\\n \\"LogStoreName\\": \\"sas-security-log\\",\\n \\"LogDeliveryStatus\\": \\"enable\\",\\n \\"LogStoreTtl\\": 180,\\n \\"LogDeliveryUpdateTime\\": \\"2025-07-16T15:10:29\\",\\n \\"LogDeliveryPermission\\": \\"deny\\",\\n \\"LogDeliveryGroup\\": \\"host\\",\\n \\"LogSearchConditions\\": \\"[{\\\\\\\\\\\\\\"__topic__\\\\\\\\\\\\\\":\\\\\\\\\\\\\\"sas-net-block\\\\\\\\\\\\\\"}]\\",\\n \\"LogCode\\": \\"sas-net-block\\",\\n \\"LogStoreExisted\\": true\\n }\\n ],\\n \\"NormalizationLogStores\\": [\\n {\\n \\"LogStoreName\\": \\"vulnerability-activity\\",\\n \\"LogStoreTtl\\": 180\\n }\\n ],\\n \\"NormalizationLogViews\\": [\\n {\\n \\"CategoryName\\": \\"Security Category\\",\\n \\"ActivityName\\": \\"API security risk log\\",\\n \\"LogViewName\\": \\"risk_activity\\",\\n \\"LogStoreName\\": \\"risk-activity\\",\\n \\"DetectionRuleReferenceCount\\": 3,\\n \\"DetectionRuleReferenceProductIds\\": [\\n \\"azure_active_directory\\"\\n ],\\n \\"LogSearchConditions\\": \\"[{\\\\\\\\\\\\\\"SCHEMA\\\\\\\\\\\\\\":\\\\\\\\\\\\\\"AZURE_ACTIVE_DIRECTORY_AUDIT_ACTIVITY\\\\\\\\\\\\\\"}]\\",\\n \\"LogViewExisted\\": true\\n }\\n ],\\n \\"ColdStorageUsedCapacity\\": 100,\\n \\"DataStorageUsedCapacityDetail\\": \\"{\\\\\\\\\\\\\\"purchasedHotStorageCapacity\\\\\\\\\\\\\\":1000,\\\\\\\\\\\\\\"usedHotStorageCapacity\\\\\\\\\\\\\\":4.2,\\\\\\\\\\\\\\"usedHotStorageCapacityDetail\\\\\\\\\\\\\\":{\\\\\\\\\\\\\\"ap-southeast-1\\\\\\\\\\\\\\":4.2,\\\\\\\\\\\\\\"cn-shenzhen\\\\\\\\\\\\\\":0.0,\\\\\\\\\\\\\\"cn-shanghai\\\\\\\\\\\\\\":0.0}}\\",\\n \\"DataStorageRegionPermission\\": \\"deny\\"\\n },\\n \\"RequestId\\": \\"81FB0DEA-52C1-55A0-8631-8E1B9A9D****\\"\\n}","type":"json"}]', 'title' => '获取日志管理中用户日志详情', ], 'CreateDataSource' => [ 'summary' => '创建数据源。', 'methods' => [ 'post', 'get', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'create', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '173326*******', ], ], [ 'name' => 'DataSourceName', 'in' => 'formData', 'schema' => [ 'description' => '数据源名称。', 'type' => 'string', 'required' => false, 'example' => 'AD_LOG', ], ], [ 'name' => 'DataSourceType', 'in' => 'formData', 'schema' => [ 'description' => '数据源类型。取值：'."\n" .' - preset'."\n" .' - custom', 'type' => 'string', 'required' => false, 'example' => 'preset', ], ], [ 'name' => 'DataSourceFrom', 'in' => 'formData', 'schema' => [ 'description' => '数据来源。取值：'."\n" .'- center'."\n" .'- custom', 'type' => 'string', 'required' => false, 'example' => 'center', ], ], [ 'name' => 'LogUserId', 'in' => 'formData', 'schema' => [ 'description' => '数据接入用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '173326*******', ], ], [ 'name' => 'LogRegionId', 'in' => 'formData', 'schema' => [ 'description' => '日志存储地域ID。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'LogProjectName', 'in' => 'formData', 'schema' => [ 'description' => '日志服务项目名称。', 'type' => 'string', 'required' => false, 'example' => 'aliyun-cloudsiem-data-173326*******-cn-hangzhou', ], ], [ 'name' => 'LogStoreName', 'in' => 'formData', 'schema' => [ 'description' => '日志服务LogStore名称。', 'type' => 'string', 'required' => false, 'example' => 'mde_raw', ], ], [ 'name' => 'DataSourceStores', 'in' => 'formData', 'style' => 'flat', 'schema' => [ 'description' => '日志服务项目列表。', 'type' => 'array', 'items' => [ 'description' => '日志服务项目列表。', 'type' => 'object', 'properties' => [ 'LogRegionId' => [ 'description' => '日志存储地域ID。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], 'LogProjectName' => [ 'description' => '日志服务项目名称。', 'type' => 'string', 'required' => false, 'example' => 'aliyun-cloudsiem-data-173326*******-cn-hangzhou', ], 'LogStoreName' => [ 'description' => '日志服务LogStore名称。', 'type' => 'string', 'required' => false, 'example' => 'actiontrail_management-events', ], 'DataSourceStoreStatus' => [ 'description' => '日志存储状态。取值：'."\n" .'- normal'."\n" .'- abnormal', 'type' => 'string', 'required' => false, 'example' => 'normal', ], 'DataSourceStoreId' => [ 'description' => '日志存储ID。', 'type' => 'string', 'required' => false, 'example' => '1', ], 'DataSourceStoreFrom' => [ 'description' => '数据来源。取值：'."\n" .'- center'."\n" .'- custom', 'type' => 'string', 'required' => false, 'example' => 'center', ], ], 'required' => false, ], 'required' => false, ], ], [ 'name' => 'DataSourceTemplateId', 'in' => 'formData', 'schema' => [ 'description' => '数据源模版ID。', 'type' => 'string', 'required' => false, 'example' => 'dst_alibaba_cloud_nas_audit_log_1358117679873357', ], ], [ 'name' => 'DataSourceIds', 'in' => 'formData', 'style' => 'json', 'schema' => [ 'description' => '数据源ID列表。', 'type' => 'array', 'items' => [ 'description' => '数据源ID列表。', 'type' => 'string', 'required' => false, 'example' => 'alibaba_cloud_waf_flow_log_1766185894104675', ], 'required' => false, ], ], [ 'name' => 'DataSourceRecognizer', 'in' => 'formData', 'schema' => [ 'description' => '数据源识别器。', 'type' => 'string', 'required' => false, 'example' => 'alibaba_cloud_waf_flow_log_1766185894104675', ], ], [ 'name' => 'DataSourceRecognizeEnabled', 'in' => 'formData', 'schema' => [ 'description' => '自动发现新数据源。', 'type' => 'boolean', 'required' => false, 'example' => 'true', ], ], [ 'name' => 'DataSourceReferences', 'in' => 'formData', 'style' => 'json', 'schema' => [ 'description' => '数据源关联数据接入ID。', 'type' => 'array', 'items' => [ 'description' => '数据源关联数据接入ID。', 'type' => 'string', 'required' => false, 'example' => 'ds-014frtpy28m5ct2eoyo1', ], 'required' => false, ], ], [ 'name' => 'Order', 'in' => 'formData', 'schema' => [ 'description' => '排序方向。取值：'."\n" .'- desc：降序排列。'."\n" .'- asc：升序排列。', 'type' => 'string', 'required' => false, 'example' => 'desc', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'title' => 'Id of the request', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], 'DataSourceId' => [ 'description' => '数据源ID。', 'type' => 'string', 'example' => 'ds-jl67vixpe1scwysgyu3x', ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'IdempotentParameterMismatch', 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"DataSourceId\\": \\"ds-jl67vixpe1scwysgyu3x\\"\\n}","type":"json"}]', 'title' => '创建数据源', 'description' => '入参JsonConfig是一个非常复杂的JSON配置，为此我们提供了辅助工具类帮助具体配置示例，请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。', ], 'UpdateDataSource' => [ 'summary' => '更新数据源。', 'methods' => [ 'post', 'get', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'update', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '173326*******', ], ], [ 'name' => 'DataSourceId', 'in' => 'formData', 'schema' => [ 'description' => '数据源ID。', 'type' => 'string', 'required' => false, 'example' => 'ds-014frtpy28m5ct2eoyo1', ], ], [ 'name' => 'DataSourceName', 'in' => 'formData', 'schema' => [ 'description' => '数据源名称。', 'type' => 'string', 'required' => false, 'example' => 'ActiontrailLog', ], ], [ 'name' => 'LogUserId', 'in' => 'formData', 'schema' => [ 'description' => '数据接入用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '173326*******', ], ], [ 'name' => 'DataSourceStores', 'in' => 'formData', 'style' => 'flat', 'schema' => [ 'description' => '日志服务LogStore列表。', 'type' => 'array', 'items' => [ 'description' => '日志服务LogStore。', 'type' => 'object', 'properties' => [ 'LogRegionId' => [ 'description' => '日志存储地域ID。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], 'LogProjectName' => [ 'description' => '日志服务项目名称。', 'type' => 'string', 'required' => false, 'example' => 'aliyun-cloudsiem-data-173326*******-cn-hangzhou', ], 'LogStoreName' => [ 'description' => '日志服务LogStore名称。', 'type' => 'string', 'required' => false, 'example' => 'cn-rds-sqlaudit', ], 'DataSourceStoreFrom' => [ 'description' => '数据来源。取值：'."\n" .'- center'."\n" .'- custom', 'type' => 'string', 'required' => false, 'example' => 'custom', ], 'DataSourceStoreId' => [ 'description' => '日志存储ID。', 'type' => 'string', 'required' => false, 'example' => '1', ], ], 'required' => false, ], 'required' => false, ], ], [ 'name' => 'DataSourceRecognizeEnabled', 'in' => 'formData', 'schema' => [ 'description' => '自动发现新日志库。', 'type' => 'boolean', 'required' => false, 'example' => 'true', ], ], [ 'name' => 'DataSourceFrom', 'in' => 'formData', 'schema' => [ 'description' => '数据来源。取值：'."\n" .'- center'."\n" .'- custom', 'type' => 'string', 'required' => false, 'example' => 'custom', ], ], [ 'name' => 'OrderField', 'in' => 'formData', 'schema' => [ 'description' => '规则列表排列字段。 取值：'."\n" .'- GmtModified：基于修改时间排序。'."\n" .'- Id：基于规则id排序（默认）。', 'type' => 'string', 'required' => false, 'example' => 'Id', ], ], [ 'name' => 'LogStoreName', 'in' => 'formData', 'schema' => [ 'description' => '日志服务LogStore名称。', 'type' => 'string', 'required' => false, 'example' => 'cn-rds-sqlaudit', ], ], [ 'name' => 'LogProjectName', 'in' => 'formData', 'schema' => [ 'description' => '日志服务项目名称。', 'type' => 'string', 'required' => false, 'example' => 'aliyun-cloudsiem-data-173326*******-cn-hangzhou', ], ], [ 'name' => 'LogRegionId', 'in' => 'formData', 'schema' => [ 'description' => '日志存储地域ID。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'title' => 'Id of the request', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'IdempotentParameterMismatch', 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', 'title' => '更新数据源', 'description' => '入参JsonConfig是一个非常复杂的JSON配置，为此我们提供了辅助工具类帮助具体配置示例，请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。', ], 'RefreshDataSource' => [ 'summary' => '刷新数据源。', 'methods' => [ 'post', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'update', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], 'autoTest' => true, 'tenantRelevance' => 'tenant', ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '接收消息的语言类型。取值：'."\n" ."\n" .'- **zh**（默认）：中文'."\n" .'- **en**：英文', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'DataSourceId', 'in' => 'formData', 'schema' => [ 'description' => '数据源ID。', 'type' => 'string', 'required' => false, 'example' => 'ds-jl67vixpe1scwysgyu3x', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => 'Schema of Response', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'title' => 'Id of the request', 'description' => 'Id of the request', 'type' => 'string', 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', ], ], ], ], ], 'errorCodes' => [], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', 'title' => '刷新数据源', 'description' => '发送通知有频率和时间的限定。'."\n" .'每天每个用户在08:00-20:00点最多收到两次通知，其余时间不会发送。', ], 'DeleteDataSource' => [ 'summary' => '删除数据源。', 'methods' => [ 'post', 'get', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'delete', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '173326*******', ], ], [ 'name' => 'DataSourceId', 'in' => 'formData', 'schema' => [ 'description' => '数据源ID。', 'type' => 'string', 'required' => false, 'example' => 'ds-txejfbrh94k5cx58a4qh', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'title' => 'Id of the request', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'IdempotentParameterMismatch', 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', 'title' => '删除数据源', 'description' => '入参JsonConfig是一个非常复杂的JSON配置，为此我们提供了辅助工具类帮助具体配置示例，请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。', ], 'ListDataSources' => [ 'summary' => '获取数据源列表。', 'methods' => [ 'post', 'get', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'list', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '173326*******', ], ], [ 'name' => 'DataSourceIds', 'in' => 'formData', 'style' => 'simple', 'schema' => [ 'description' => '数据源ID列表。', 'type' => 'array', 'items' => [ 'description' => '数据源ID列表。', 'type' => 'string', 'required' => false, 'example' => 'alibaba_cloud_waf_alert_log_173326*******,alibaba_cloud_waf_flow_log_173326*******', ], 'required' => false, ], ], [ 'name' => 'DataSourceName', 'in' => 'formData', 'schema' => [ 'description' => '数据源名称。', 'type' => 'string', 'required' => false, 'example' => 'alibaba_cloud_waf_alert_log', ], ], [ 'name' => 'DataSourceType', 'in' => 'formData', 'schema' => [ 'description' => '数据源类型。取值：'."\n" .' - preset'."\n" .' - custom', 'type' => 'string', 'required' => false, 'example' => 'custom', ], ], [ 'name' => 'LogUserIds', 'in' => 'formData', 'style' => 'simple', 'schema' => [ 'description' => '数据接入用户ID列表。', 'type' => 'array', 'items' => [ 'description' => '数据接入用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '173326*******', ], 'required' => false, ], ], [ 'name' => 'LogRegionId', 'in' => 'formData', 'schema' => [ 'description' => '日志存储地域ID。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'LogProjectName', 'in' => 'formData', 'schema' => [ 'description' => '日志服务项目名称。', 'type' => 'string', 'required' => false, 'example' => 'aliyun-cloudsiem-data-173326*******-cn-hangzhou', ], ], [ 'name' => 'LogStoreName', 'in' => 'formData', 'schema' => [ 'description' => '日志服务LogStore名称。', 'type' => 'string', 'required' => false, 'example' => 'audit-activity', ], ], [ 'name' => 'DataSourceTemplateIds', 'in' => 'formData', 'style' => 'simple', 'schema' => [ 'description' => '数据源模版ID列表。', 'type' => 'array', 'items' => [ 'description' => '数据源模版ID列表。', 'type' => 'string', 'required' => false, 'example' => 'alibaba_cloud_sas_account_snapshot_log_173326*******', ], 'required' => false, ], ], [ 'name' => 'OrderField', 'in' => 'formData', 'schema' => [ 'description' => '排序字段。', 'type' => 'string', 'required' => false, 'example' => 'UpdateTime', ], ], [ 'name' => 'Order', 'in' => 'formData', 'schema' => [ 'description' => '排序。取值：'."\n" .'- desc'."\n" .'- asc', 'type' => 'string', 'required' => false, 'example' => 'desc', ], ], [ 'name' => 'PageNumber', 'in' => 'formData', 'schema' => [ 'description' => '分页参数：当前页码。', 'type' => 'string', 'required' => false, 'example' => '1', ], ], [ 'name' => 'PageSize', 'in' => 'formData', 'schema' => [ 'description' => '分页参数：每页显示条数。', 'type' => 'string', 'required' => false, 'example' => '5', ], ], [ 'name' => 'MaxResults', 'in' => 'formData', 'schema' => [ 'description' => '本次读取的最大数据量。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'minimum' => '0', 'example' => '50', ], ], [ 'name' => 'NextToken', 'in' => 'formData', 'schema' => [ 'description' => '是否拥有下一次查询的令牌（Token）。取值：第一次查询和没有下一次查询时，均无需填写。如果有下一次查询，取值为上一次API调用返回的NextToken值。', 'type' => 'string', 'required' => false, 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****', ], ], [ 'name' => 'DataSourceFrom', 'in' => 'formData', 'schema' => [ 'description' => '数据来源。取值：'."\n" .'- center'."\n" .'- custom', 'type' => 'string', 'required' => false, 'example' => 'center', ], ], [ 'name' => 'DataSourceStoreStatus', 'in' => 'formData', 'schema' => [ 'description' => 'LogStore状态。取值：'."\n" .'- normal'."\n" .'- abnormal', 'type' => 'string', 'required' => false, 'example' => 'normal', ], ], [ 'name' => 'DataSourceStatus', 'in' => 'formData', 'schema' => [ 'description' => '数据源状态。取值：'."\n" .'- unconfigured'."\n" .'- normal'."\n" .'- abnormal', 'type' => 'string', 'required' => false, 'example' => 'unconfigured', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], 'DataSources' => [ 'description' => '事件关联告警来源产品。', 'type' => 'array', 'items' => [ 'description' => '事件关联告警来源产品。', 'type' => 'object', 'properties' => [ 'CreateTime' => [ 'description' => '创建时间。', 'type' => 'integer', 'format' => 'int64', 'example' => '1733269771123', ], 'UpdateTime' => [ 'description' => '更新时间。', 'type' => 'integer', 'format' => 'int64', 'example' => '1733269771123', ], 'DataSourceId' => [ 'description' => '数据源ID。', 'type' => 'string', 'example' => 'ds-scpfegri73oyoknbc90c', ], 'DataSourceName' => [ 'description' => '数据源名称。', 'type' => 'string', 'example' => 'AD_LOG', ], 'DataSourceType' => [ 'description' => '数据源类型。取值：'."\n" .' - preset'."\n" .' - custom', 'type' => 'string', 'example' => 'custom', ], 'LogUserId' => [ 'description' => '数据接入用户ID。', 'type' => 'integer', 'format' => 'int64', 'example' => '173326*******', ], 'LogRegionId' => [ 'description' => '日志存储地域ID。', 'type' => 'string', 'example' => 'cn-hangzhou', ], 'LogProjectName' => [ 'description' => '日志服务项目名称。', 'type' => 'string', 'example' => 'aliyun-cloudsiem-data-173326*******-cn-hangzhou', ], 'DataSourceFrom' => [ 'description' => '数据来源。取值：'."\n" .'- center'."\n" .'- custom', 'type' => 'string', 'example' => 'center', ], 'LogStoreName' => [ 'description' => '日志服务LogStore名称。', 'type' => 'string', 'example' => 'audit-activity', ], 'DataSourceTemplateId' => [ 'description' => '数据源模版ID。', 'type' => 'string', 'example' => 'alibaba_cloud_sas_account_snapshot_log_173326*******', ], 'DataSourceStores' => [ 'description' => '日志服务列表。', 'type' => 'array', 'items' => [ 'description' => '日志服务。', 'type' => 'object', 'properties' => [ 'DataSourceStoreId' => [ 'description' => '日志存储ID。', 'type' => 'string', 'example' => 'di_xxxx_source_1', ], 'DataSourceStoreStatus' => [ 'title' => '日志存储状态码', 'description' => '日志存储状态。取值：'."\n" .'- normal'."\n" .'- abnormal', 'type' => 'string', 'example' => 'normal', ], 'DataSourceStoreFrom' => [ 'description' => '数据来源。取值：'."\n" .'- center'."\n" .'- custom', 'type' => 'string', 'example' => 'center', ], 'LogRegionId' => [ 'description' => '日志存储地域ID。', 'type' => 'string', 'example' => 'cn-hangzhou', ], 'LogProjectName' => [ 'description' => '日志服务项目名称。', 'type' => 'string', 'example' => 'aliyun-cloudsiem-data-173326*******-cn-hangzhou', ], 'LogStoreName' => [ 'description' => '日志服务LogStore名称。', 'type' => 'string', 'example' => 'audit-activity', ], 'CreateTime' => [ 'description' => '创建时间。', 'type' => 'integer', 'format' => 'int64', 'example' => '1733269771123', ], 'UpdateTime' => [ 'description' => '更新时间。', 'type' => 'integer', 'format' => 'int64', 'example' => '1733269771123', ], 'CheckTime' => [ 'description' => '检查时间。', 'type' => 'integer', 'format' => 'int64', 'example' => '1733269771123', ], 'DataSourceStoreStatusCode' => [ 'title' => '日志存储状态码', 'description' => '日志存储状态码', 'type' => 'string', 'example' => 'LogStoreNotExist', ], ], ], ], 'DataSourceRecognizer' => [ 'description' => '数据源识别器。', 'type' => 'string', 'example' => 'alibaba_cloud_sas_account_snapshot', ], 'DataSourceRecognizeEnabled' => [ 'description' => '自动发现新日志库。', 'type' => 'boolean', 'example' => 'true', ], 'DataSourceReferences' => [ 'description' => '数据源关联数据接入ID列表。', 'type' => 'array', 'items' => [ 'description' => '数据源关联数据接入ID。', 'type' => 'object', 'properties' => [ 'DataIngestionId' => [ 'description' => '数据接入ID。', 'type' => 'string', 'example' => 'alibaba_cloud_sas_account_snapshot_log_173326*******', ], ], ], ], 'DataSourceStatus' => [ 'description' => '数据源状态。取值：'."\n" .'- unconfigured'."\n" .'- normal'."\n" .'- abnormal', 'type' => 'string', 'example' => 'unconfigured', ], ], ], ], 'PageNumber' => [ 'description' => '分页参数：当前页码。', 'type' => 'integer', 'format' => 'int32', 'example' => '1', ], 'PageSize' => [ 'description' => '分页参数：每页显示条数。', 'type' => 'integer', 'format' => 'int32', 'example' => '1', ], 'TotalCount' => [ 'description' => '记录总数。', 'type' => 'integer', 'format' => 'int32', 'example' => '2', ], 'TotalPage' => [ 'description' => '总页数。', 'type' => 'integer', 'format' => 'int32', 'example' => '1', ], 'MaxResults' => [ 'description' => '本次读取的最大数据量。', 'type' => 'integer', 'format' => 'int32', 'example' => '50', ], 'NextToken' => [ 'description' => '是否拥有下一次查询的令牌（Token）。取值：第一次查询和没有下一次查询时，均无需填写。如果有下一次查询，取值为上一次API调用返回的NextToken值。', 'type' => 'string', 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****', ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'IdempotentParameterMismatch', 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"DataSources\\": [\\n {\\n \\"CreateTime\\": 1733269771123,\\n \\"UpdateTime\\": 1733269771123,\\n \\"DataSourceId\\": \\"ds-scpfegri73oyoknbc90c\\",\\n \\"DataSourceName\\": \\"AD_LOG\\",\\n \\"DataSourceType\\": \\"custom\\",\\n \\"LogUserId\\": 0,\\n \\"LogRegionId\\": \\"cn-hangzhou\\",\\n \\"LogProjectName\\": \\"aliyun-cloudsiem-data-173326*******-cn-hangzhou\\",\\n \\"DataSourceFrom\\": \\"center\\",\\n \\"LogStoreName\\": \\"audit-activity\\",\\n \\"DataSourceTemplateId\\": \\"alibaba_cloud_sas_account_snapshot_log_173326*******\\",\\n \\"DataSourceStores\\": [\\n {\\n \\"DataSourceStoreId\\": \\"di_xxxx_source_1\\",\\n \\"DataSourceStoreStatus\\": \\"normal\\",\\n \\"DataSourceStoreFrom\\": \\"center\\",\\n \\"LogRegionId\\": \\"cn-hangzhou\\",\\n \\"LogProjectName\\": \\"aliyun-cloudsiem-data-173326*******-cn-hangzhou\\",\\n \\"LogStoreName\\": \\"audit-activity\\",\\n \\"CreateTime\\": 1733269771123,\\n \\"UpdateTime\\": 1733269771123,\\n \\"CheckTime\\": 1733269771123,\\n \\"DataSourceStoreStatusCode\\": \\"LogStoreNotExist\\"\\n }\\n ],\\n \\"DataSourceRecognizer\\": \\"alibaba_cloud_sas_account_snapshot\\",\\n \\"DataSourceRecognizeEnabled\\": true,\\n \\"DataSourceReferences\\": [\\n {\\n \\"DataIngestionId\\": \\"alibaba_cloud_sas_account_snapshot_log_173326*******\\"\\n }\\n ],\\n \\"DataSourceStatus\\": \\"unconfigured\\"\\n }\\n ],\\n \\"PageNumber\\": 1,\\n \\"PageSize\\": 1,\\n \\"TotalCount\\": 2,\\n \\"TotalPage\\": 1,\\n \\"MaxResults\\": 50,\\n \\"NextToken\\": \\"AAAAAUqcj6VO4E3ECWIrFczs****\\"\\n}","type":"json"}]', 'title' => '获取数据源列表', 'description' => '发送通知有频率和时间的限定。'."\n" .'每天每个用户在08:00-20:00点最多收到两次通知，其余时间不会发送。', ], 'UpdateDataSourceTemplate' => [ 'summary' => '修改数据源模板。', 'path' => '', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'update', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], 'tenantRelevance' => 'tenant', ], 'parameters' => [ [ 'name' => 'DataSourceTemplateId', 'in' => 'formData', 'schema' => [ 'description' => '数据源模版ID。', 'type' => 'string', 'required' => false, 'example' => 'alibaba_cloud_actiontrail_event_ingestion'."\n", ], ], [ 'name' => 'DataSourceTemplateName', 'in' => 'formData', 'schema' => [ 'description' => '数据源模版名称。', 'type' => 'string', 'required' => false, 'example' => 'alibaba_cloud_actiontrail_event_ingestion'."\n", ], ], [ 'name' => 'LogUserIds', 'in' => 'formData', 'style' => 'simple', 'schema' => [ 'description' => '数据批量接入用户ID列表。', 'type' => 'array', 'items' => [ 'description' => '数据批量接入用户ID。', 'type' => 'string', 'required' => false, 'example' => '173326*******', ], 'required' => false, ], ], [ 'name' => 'LogRegionIds', 'in' => 'formData', 'schema' => [ 'description' => '日志存储地域ID列表。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'LogProjectPattern', 'in' => 'formData', 'schema' => [ 'description' => '日志服务项目名称匹配规则。', 'type' => 'string', 'required' => false, 'example' => 'aliyun-cloudsiem-data-173326*******', ], ], [ 'name' => 'LogStorePattern', 'in' => 'formData', 'schema' => [ 'description' => '日志服务LogStore名称匹配规则。', 'type' => 'string', 'required' => false, 'example' => 'audit-activity', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '173326*******', ], ], [ 'name' => 'AutoScanNew', 'in' => 'formData', 'schema' => [ 'description' => '是否自动发现新用户'."\n" .'- enabled：启用。'."\n" .'- disabled：禁用。', 'type' => 'string', 'required' => false, 'example' => 'enabled', ], ], [ 'name' => 'DataSourceRecognizeEnabled', 'in' => 'query', 'schema' => [ 'description' => '自动发现新数据源。', 'type' => 'boolean', 'required' => false, 'example' => 'true', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'title' => 'Id of the request', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], ], ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', 'title' => '更新数据源模版', 'description' => '入参JsonConfig是一个非常复杂的JSON配置，为此我们提供了辅助工具类帮助具体配置示例，请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。', ], 'ListDataSourceTemplates' => [ 'summary' => '查询数据源模板。', 'path' => '', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'list', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'DataSourceTemplateIds', 'in' => 'formData', 'style' => 'simple', 'schema' => [ 'description' => '数据源模版ID列表。', 'type' => 'array', 'items' => [ 'description' => '数据源模版ID列表。', 'type' => 'string', 'required' => false, 'example' => 'alibaba_cloud_actiontrail_event_ingestion', ], 'required' => false, 'minItems' => 0, ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '173326*******', ], ], [ 'name' => 'PageNumber', 'in' => 'formData', 'schema' => [ 'description' => '分页参数：当前页码。', 'type' => 'string', 'required' => false, 'example' => '1', ], ], [ 'name' => 'PageSize', 'in' => 'formData', 'schema' => [ 'description' => '分页参数：每页显示条数。', 'type' => 'string', 'required' => false, 'example' => '10', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], 'DataSourceTemplates' => [ 'description' => '数据源模版列表。', 'type' => 'array', 'items' => [ 'description' => '数据源模版。', 'type' => 'object', 'properties' => [ 'CreateTime' => [ 'description' => '创建时间。', 'type' => 'integer', 'format' => 'int64', 'example' => '1733269771123', ], 'DataSourceTemplateId' => [ 'description' => '数据源模版ID。', 'type' => 'string', 'example' => 'alibaba_cloud_actiontrail_event_ingestion', ], 'DataSourceTemplateName' => [ 'description' => '数据源模版名称。', 'type' => 'string', 'example' => 'alibaba_cloud_actiontrail_event_ingestion', ], 'LogProjectPattern' => [ 'description' => '日志服务项目名称匹配规则。', 'type' => 'string', 'example' => 'aliyun-cloudsiem-data-173326*******', ], 'LogRegionIds' => [ 'description' => '日志存储地域ID列表。', 'type' => 'array', 'items' => [ 'description' => '日志存储地域ID。', 'type' => 'string', 'example' => 'cn-hangzhou', ], ], 'LogStorePattern' => [ 'description' => '日志服务LogStore名称匹配规则。', 'type' => 'string', 'example' => 'audit-activity', ], 'LogUserIds' => [ 'description' => '数据批量接入用户ID列表。', 'type' => 'array', 'items' => [ 'description' => '数据批量接入用户ID。', 'type' => 'string', 'example' => '173326*******', ], ], 'UpdateTime' => [ 'description' => '更新时间。', 'type' => 'integer', 'format' => 'int64', 'example' => '1733269771123', ], 'DataSourceFrom' => [ 'description' => '数据来源。取值：'."\n" .'- center'."\n" .'- custom', 'type' => 'string', 'example' => 'custom', ], 'AutoScanNew' => [ 'description' => '是否自动发现新用户，取值：'."\n" .'- enabled：启用。'."\n" .'- disabled：禁用。', 'type' => 'string', 'example' => 'enabled', ], 'DataSourceRecognizer' => [ 'description' => '数据源识别器。', 'type' => 'string', 'example' => 'alibaba_cloud_actiontrail_event_ingestion', ], 'DataSourceRecognizeEnabled' => [ 'description' => '自动发现新数据源。', 'type' => 'boolean', 'example' => 'true', ], ], ], ], 'PageNumber' => [ 'description' => '分页参数：当前页码。', 'type' => 'string', 'example' => '1', ], 'PageSize' => [ 'description' => '分页参数：每页显示条数。', 'type' => 'string', 'example' => '10', ], ], ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"DataSourceTemplates\\": [\\n {\\n \\"CreateTime\\": 1733269771123,\\n \\"DataSourceTemplateId\\": \\"alibaba_cloud_actiontrail_event_ingestion\\",\\n \\"DataSourceTemplateName\\": \\"alibaba_cloud_actiontrail_event_ingestion\\",\\n \\"LogProjectPattern\\": \\"aliyun-cloudsiem-data-173326*******\\",\\n \\"LogRegionIds\\": [\\n \\"cn-hangzhou\\"\\n ],\\n \\"LogStorePattern\\": \\"audit-activity\\",\\n \\"LogUserIds\\": [\\n \\"173326*******\\"\\n ],\\n \\"UpdateTime\\": 1733269771123,\\n \\"DataSourceFrom\\": \\"custom\\",\\n \\"AutoScanNew\\": \\"enabled\\",\\n \\"DataSourceRecognizer\\": \\"alibaba_cloud_actiontrail_event_ingestion\\",\\n \\"DataSourceRecognizeEnabled\\": true\\n }\\n ],\\n \\"PageNumber\\": \\"1\\",\\n \\"PageSize\\": \\"10\\"\\n}","type":"json"}]', 'title' => '获取数据源模版列表', 'description' => '发送通知有频率和时间的限定。'."\n" .'每天每个用户在08:00-20:00点最多收到两次通知，其余时间不会发送。', ], 'CreateLogStore' => [ 'summary' => '创建限制性的用户侧存储。', 'methods' => [ 'post', 'get', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'create', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '173326*******', ], ], [ 'name' => 'LogUserId', 'in' => 'formData', 'schema' => [ 'description' => '数据接入用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '173326*******', ], ], [ 'name' => 'LogRegionId', 'in' => 'formData', 'schema' => [ 'description' => '日志存储地域ID。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'LogProjectName', 'in' => 'formData', 'schema' => [ 'description' => '日志服务项目名称。', 'type' => 'string', 'required' => false, 'example' => 'aliyun-cloudsiem-channel-173326*******-cn-hangzhou', ], ], [ 'name' => 'LogStoreName', 'in' => 'formData', 'schema' => [ 'description' => '日志服务LogStore名称。', 'type' => 'string', 'required' => false, 'example' => 'logstoreqykug', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'title' => 'Id of the request', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'IdempotentParameterMismatch', 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', 'title' => '创建日志库', 'description' => '入参JsonConfig是一个非常复杂的JSON配置，为此我们提供了辅助工具类帮助具体配置示例，请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。', ], 'DeleteLogStore' => [ 'summary' => '删除LogStore。', 'methods' => [ 'post', 'get', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'create', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '173326*******', ], ], [ 'name' => 'LogUserId', 'in' => 'formData', 'schema' => [ 'description' => '数据接入用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '173326*******', ], ], [ 'name' => 'LogRegionId', 'in' => 'formData', 'schema' => [ 'description' => '日志存储地域ID。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'LogProjectName', 'in' => 'formData', 'schema' => [ 'description' => '日志服务项目名称。', 'type' => 'string', 'required' => false, 'example' => 'aliyun-cloudsiem-data-173326*******-cn-hangzhou', ], ], [ 'name' => 'LogStoreName', 'in' => 'formData', 'schema' => [ 'description' => '日志服务LogStore名称。', 'type' => 'string', 'required' => false, 'example' => 'rds-logstore', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'title' => 'Id of the request', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'IdempotentParameterMismatch', 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', 'title' => '删除日志库', 'description' => '入参JsonConfig是一个非常复杂的JSON配置，为此我们提供了辅助工具类帮助具体配置示例，请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。', ], 'ValidateLogStore' => [ 'summary' => '校验日志存储。', 'methods' => [ 'post', 'get', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'readAndWrite', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'none', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], 'tenantRelevance' => 'tenant', ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '173326*******', ], ], [ 'name' => 'LogUserId', 'in' => 'formData', 'schema' => [ 'description' => '数据接入用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '173326*******', ], ], [ 'name' => 'LogRegionId', 'in' => 'formData', 'schema' => [ 'description' => '日志存储地域ID。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'LogProjectName', 'in' => 'formData', 'schema' => [ 'description' => '日志服务项目名称。', 'type' => 'string', 'required' => false, 'example' => 'aliyun-cloudsiem-data-173326*******-cn-hangzhou', ], ], [ 'name' => 'LogStoreName', 'in' => 'formData', 'schema' => [ 'description' => '日志服务LogStore名称。', 'type' => 'string', 'required' => false, 'example' => 'ssglauncher-log', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'title' => 'Id of the request', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'IdempotentParameterMismatch', 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', 'title' => '校验日志存储', 'description' => '入参JsonConfig是一个非常复杂的JSON配置，为此我们提供了辅助工具类帮助具体配置示例，请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。', ], 'ListLogRegions' => [ 'summary' => '获取所有的区域。', 'path' => '', 'methods' => [ 'post', 'get', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], 'tenantRelevance' => 'publicInformation', ], 'parameters' => [ [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '173326*******', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'title' => 'Id of the request', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], 'LogRegions' => [ 'description' => '日志存储地域ID列表。', 'type' => 'array', 'items' => [ 'description' => '日志存储地域ID。', 'type' => 'string', 'example' => 'cn-hangzhou', ], ], ], ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"LogRegions\\": [\\n \\"cn-hangzhou\\"\\n ]\\n}","type":"json"}]', 'title' => '获取日志服务Region列表', 'description' => '入参JsonConfig是一个非常复杂的JSON配置，为此我们提供了辅助工具类帮助具体配置示例，请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。', ], 'ListLogProjects' => [ 'summary' => '获取日志项目列表。', 'methods' => [ 'post', 'get', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'readAndWrite', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'list', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '资源目录成员账号ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '173326*******', ], ], [ 'name' => 'LogUserId', 'in' => 'formData', 'schema' => [ 'description' => '数据接入用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '173326*******', ], ], [ 'name' => 'LogRegionId', 'in' => 'formData', 'schema' => [ 'description' => '日志存储地域ID。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'MaxResults', 'in' => 'formData', 'schema' => [ 'description' => '本次读取的最大数据量。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'minimum' => '0', 'example' => '50', ], ], [ 'name' => 'NextToken', 'in' => 'formData', 'schema' => [ 'description' => '是否拥有下一次查询的令牌（Token）。取值：第一次查询和没有下一次查询时，均无需填写。如果有下一次查询，取值为上一次API调用返回的NextToken值。', 'type' => 'string', 'required' => false, 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'title' => 'Id of the request', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], 'LogProjects' => [ 'description' => '日志服务项目列表。', 'type' => 'array', 'items' => [ 'description' => '日志服务项目。', 'type' => 'string', 'example' => 'aliyun-cloudsiem-channel-173326*******-cn-beijing', ], ], 'MaxResults' => [ 'description' => '本次读取的最大数据量。', 'type' => 'integer', 'format' => 'int32', 'example' => '50', ], 'NextToken' => [ 'description' => '是否拥有下一次查询的令牌（Token）。取值：第一次查询和没有下一次查询时，均无需填写。如果有下一次查询，取值为上一次API调用返回的NextToken值。', 'type' => 'string', 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****', ], 'TotalCount' => [ 'description' => '记录总数。', 'type' => 'integer', 'format' => 'int32', 'example' => '57', ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'IdempotentParameterMismatch', 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"LogProjects\\": [\\n \\"aliyun-cloudsiem-channel-173326*******-cn-beijing\\"\\n ],\\n \\"MaxResults\\": 50,\\n \\"NextToken\\": \\"AAAAAUqcj6VO4E3ECWIrFczs****\\",\\n \\"TotalCount\\": 57\\n}","type":"json"}]', 'title' => '获取日志库列表', 'description' => '入参JsonConfig是一个非常复杂的JSON配置，为此我们提供了辅助工具类帮助具体配置示例，请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。', ], 'ListLogStores' => [ 'summary' => '获取日志存储列表。', 'methods' => [ 'post', 'get', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'readAndWrite', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'list', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '173326*******', ], ], [ 'name' => 'LogUserId', 'in' => 'formData', 'schema' => [ 'description' => '数据接入用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '173326*******', ], ], [ 'name' => 'LogRegionId', 'in' => 'formData', 'schema' => [ 'description' => '日志存储地域ID。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'LogProjectName', 'in' => 'formData', 'schema' => [ 'description' => '日志服务项目名称。', 'type' => 'string', 'required' => false, 'example' => 'aliyun-cloudsiem-data-173326*******-cn-hangzhou', ], ], [ 'name' => 'MaxResults', 'in' => 'formData', 'schema' => [ 'description' => '本次读取的最大数据量。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'minimum' => '0', 'example' => '50', ], ], [ 'name' => 'NextToken', 'in' => 'formData', 'schema' => [ 'description' => '是否拥有下一次查询的令牌（Token）。取值：第一次查询和没有下一次查询时，均无需填写。如果有下一次查询，取值为上一次API调用返回的NextToken值。', 'type' => 'string', 'required' => false, 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'title' => 'Id of the request', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], 'LogStores' => [ 'description' => '日志服务日志库LogStore列表。', 'type' => 'array', 'items' => [ 'description' => '日志服务日志库LogStore。', 'type' => 'string', 'example' => 'wadaaaa', ], ], 'MaxResults' => [ 'description' => '本次读取的最大数据量。', 'type' => 'integer', 'format' => 'int32', 'example' => '50', ], 'NextToken' => [ 'description' => '是否拥有下一次查询的令牌（Token）。取值：第一次查询和没有下一次查询时，均无需填写。如果有下一次查询，取值为上一次API调用返回的NextToken值。', 'type' => 'string', 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****', ], 'TotalCount' => [ 'description' => '记录总数。', 'type' => 'integer', 'format' => 'int32', 'example' => '57', ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'IdempotentParameterMismatch', 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"LogStores\\": [\\n \\"wadaaaa\\"\\n ],\\n \\"MaxResults\\": 50,\\n \\"NextToken\\": \\"AAAAAUqcj6VO4E3ECWIrFczs****\\",\\n \\"TotalCount\\": 57\\n}","type":"json"}]', 'title' => '获取日志存储列表', 'description' => '发送通知有频率和时间的限定。'."\n" .'每天每个用户在08:00-20:00点最多收到两次通知，其余时间不会发送。', ], 'GetLogTicket' => [ 'summary' => '获取日志凭证。', 'methods' => [ 'post', 'get', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '173326*******', ], ], [ 'name' => 'LogUserId', 'in' => 'formData', 'schema' => [ 'description' => '数据接入用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '173326*******', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'description' => '请求消息ID。', 'type' => 'string', 'example' => '173326*******', ], 'LogTicket' => [ 'description' => '日志服务Ticket。', 'type' => 'string', 'example' => '*******', ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'IdempotentParameterMismatch', 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"173326*******\\",\\n \\"LogTicket\\": \\"*******\\"\\n}","type":"json"}]', 'title' => '获取日志服务凭证', 'description' => '入参JsonConfig是一个非常复杂的JSON配置，为此我们提供了辅助工具类帮助具体配置示例，请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。', ], 'CreateProduct' => [ 'summary' => '创建产品。', 'methods' => [ 'post', 'get', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'create', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '173326*******', ], ], [ 'name' => 'VendorName', 'in' => 'formData', 'schema' => [ 'description' => '厂商名称。', 'type' => 'string', 'required' => false, 'example' => '111', ], ], [ 'name' => 'ProductName', 'in' => 'formData', 'schema' => [ 'description' => '产品名称。', 'type' => 'string', 'required' => false, 'example' => 'alibaba_cloud_sas', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'title' => 'Id of the request', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], 'ProductId' => [ 'description' => '产品ID。', 'type' => 'string', 'example' => 'alibaba_cloud_sas', ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'IdempotentParameterMismatch', 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"ProductId\\": \\"alibaba_cloud_sas\\"\\n}","type":"json"}]', 'title' => '创建产品', 'description' => '入参JsonConfig是一个非常复杂的JSON配置，为此我们提供了辅助工具类帮助具体配置示例，请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。', ], 'UpdateProduct' => [ 'summary' => '更新产品。', 'methods' => [ 'post', 'get', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'update', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'en', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '1733269771123', ], ], [ 'name' => 'ProductId', 'in' => 'formData', 'schema' => [ 'description' => '产品ID。', 'type' => 'string', 'required' => false, 'example' => 'alibaba_cloud_sas', ], ], [ 'name' => 'ProductName', 'in' => 'formData', 'schema' => [ 'description' => '产品名称。', 'type' => 'string', 'required' => false, 'example' => 'alibaba_cloud_sas', ], ], [ 'name' => 'VendorName', 'in' => 'formData', 'schema' => [ 'description' => '厂商名称。', 'type' => 'string', 'required' => false, 'example' => '111', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'title' => 'Id of the request', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'IdempotentParameterMismatch', 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', 'title' => '更新产品', 'description' => '入参JsonConfig是一个非常复杂的JSON配置，为此我们提供了辅助工具类帮助具体配置示例，请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。', ], 'DeleteProduct' => [ 'summary' => '删除产品。', 'methods' => [ 'post', 'get', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'delete', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '173326*******', ], ], [ 'name' => 'ProductId', 'in' => 'formData', 'schema' => [ 'description' => '产品ID。', 'type' => 'string', 'required' => false, 'example' => 'alibaba_cloud_sas', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'title' => 'Id of the request', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'IdempotentParameterMismatch', 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', 'title' => '删除产品', 'description' => '入参JsonConfig是一个非常复杂的JSON配置，为此我们提供了辅助工具类帮助具体配置示例，请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。', ], 'ListProducts' => [ 'summary' => '获取产品列表。', 'methods' => [ 'post', 'get', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'list', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '173326*******', ], ], [ 'name' => 'ProductIds', 'in' => 'formData', 'style' => 'simple', 'schema' => [ 'description' => '产品ID列表。', 'type' => 'array', 'items' => [ 'description' => '产品ID。', 'type' => 'string', 'required' => false, 'example' => 'alibaba_cloud_sas', ], 'required' => false, ], ], [ 'name' => 'ProductName', 'in' => 'formData', 'schema' => [ 'description' => '产品名称。', 'type' => 'string', 'required' => false, 'example' => 'sas', ], ], [ 'name' => 'ProductType', 'in' => 'formData', 'schema' => [ 'description' => '产品类型。取值：'."\n" .'- preset'."\n" .'- custom', 'type' => 'string', 'required' => false, 'example' => 'preset', ], ], [ 'name' => 'VendorId', 'in' => 'formData', 'schema' => [ 'description' => '厂商ID。', 'type' => 'string', 'required' => false, 'example' => 'vd-qlsw5eocx94w9', ], ], [ 'name' => 'MaxResults', 'in' => 'formData', 'schema' => [ 'description' => '本次读取的最大数据量。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'minimum' => '0', 'example' => '50', ], ], [ 'name' => 'NextToken', 'in' => 'formData', 'schema' => [ 'description' => '是否拥有下一次查询的令牌（Token）。取值：第一次查询和没有下一次查询时，均无需填写。如果有下一次查询，取值为上一次API调用返回的NextToken值。', 'type' => 'string', 'required' => false, 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], 'Products' => [ 'description' => '产品列表。', 'type' => 'array', 'items' => [ 'description' => '产品。', 'type' => 'object', 'properties' => [ 'CreateTime' => [ 'description' => '创建时间。', 'type' => 'integer', 'format' => 'int64', 'example' => '1733269771123', ], 'UpdateTime' => [ 'description' => '更新时间。', 'type' => 'integer', 'format' => 'int64', 'example' => '1733269771123', ], 'ProductId' => [ 'description' => '产品ID。', 'type' => 'string', 'example' => 'alibaba_cloud_sas', ], 'ProductAlias' => [ 'description' => '产品别名。', 'type' => 'string', 'example' => 'alibaba_cloud_sas', ], 'ProductName' => [ 'description' => '该参数已废弃，无需关注。', 'type' => 'string', 'example' => 'sas', ], 'ProductType' => [ 'description' => '产品类型。取值：'."\n" .'- preset'."\n" .'- custom', 'type' => 'string', 'example' => 'preset', ], 'VendorId' => [ 'description' => '厂商ID。', 'type' => 'string', 'example' => 'vd-qlsw5eocx94w9', ], 'VendorName' => [ 'description' => '厂商名称。', 'type' => 'string', 'example' => '111', ], 'DataIngestionStatus' => [ 'description' => '数据接入状态。取值：'."\n" .'- enabled：启用。'."\n" .'- disabled：禁用。', 'type' => 'boolean', 'example' => 'enabled', ], 'TotalDataIngestionCount' => [ 'description' => '总数据接入数。', 'type' => 'integer', 'format' => 'int32', 'example' => '10', ], 'EnabledDataIngestionCount' => [ 'description' => '已启用数据接入数。', 'type' => 'integer', 'format' => 'int32', 'example' => '1', ], 'AllowAddDataIngestion' => [ 'description' => '是否允许添加数据采集。', 'type' => 'boolean', 'example' => 'true', ], 'AbnormalDataIngestionCount' => [ 'description' => '异常数据接入数。', 'type' => 'integer', 'format' => 'int32', 'example' => '2', ], 'ActiveTime' => [ 'description' => '激活时间。', 'type' => 'integer', 'format' => 'int64', 'example' => '1733269771123', ], ], ], ], 'MaxResults' => [ 'description' => '本次读取的最大数据量。', 'type' => 'integer', 'format' => 'int32', 'example' => '50', ], 'NextToken' => [ 'description' => '是否拥有下一次查询的令牌（Token）。取值：第一次查询和没有下一次查询时，均无需填写。如果有下一次查询，取值为上一次API调用返回的NextToken值。', 'type' => 'string', 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****', ], 'TotalCount' => [ 'description' => '记录总数。', 'type' => 'integer', 'format' => 'int32', 'example' => '57', ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'IdempotentParameterMismatch', 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"Products\\": [\\n {\\n \\"CreateTime\\": 1733269771123,\\n \\"UpdateTime\\": 1733269771123,\\n \\"ProductId\\": \\"alibaba_cloud_sas\\",\\n \\"ProductAlias\\": \\"alibaba_cloud_sas\\",\\n \\"ProductName\\": \\"sas\\",\\n \\"ProductType\\": \\"preset\\",\\n \\"VendorId\\": \\"vd-qlsw5eocx94w9\\",\\n \\"VendorName\\": \\"111\\",\\n \\"DataIngestionStatus\\": true,\\n \\"TotalDataIngestionCount\\": 10,\\n \\"EnabledDataIngestionCount\\": 1,\\n \\"AllowAddDataIngestion\\": true,\\n \\"AbnormalDataIngestionCount\\": 2,\\n \\"ActiveTime\\": 1733269771123\\n }\\n ],\\n \\"MaxResults\\": 50,\\n \\"NextToken\\": \\"AAAAAUqcj6VO4E3ECWIrFczs****\\",\\n \\"TotalCount\\": 57\\n}","type":"json"}]', 'title' => '获取产品列表', 'description' => '入参JsonConfig是一个非常复杂的JSON配置，为此我们提供了辅助工具类帮助具体配置示例，请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。', ], 'CreateVendor' => [ 'summary' => '创建厂商。', 'path' => '', 'methods' => [ 'post', 'get', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'create', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'en', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '173326*******', ], ], [ 'name' => 'VendorName', 'in' => 'formData', 'schema' => [ 'description' => '厂商名称。', 'type' => 'string', 'required' => false, 'example' => '111', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'title' => 'Id of the request', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], 'VendorId' => [ 'description' => '厂商ID。', 'type' => 'string', 'example' => 'vd-qlsw5eocx94w9', ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'IdempotentParameterMismatch', 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"VendorId\\": \\"vd-qlsw5eocx94w9\\"\\n}","type":"json"}]', 'title' => '创建厂商', 'description' => '发送通知有频率和时间的限定。'."\n" .'每天每个用户在08:00-20:00点最多收到两次通知，其余时间不会发送。', ], 'UpdateVendor' => [ 'summary' => '更新厂商。', 'methods' => [ 'post', 'get', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'update', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '173326*******'."\n", ], ], [ 'name' => 'VendorId', 'in' => 'formData', 'schema' => [ 'description' => '厂商ID。', 'type' => 'string', 'required' => false, 'example' => 'vd-qlsw5eocx94w9', ], ], [ 'name' => 'VendorName', 'in' => 'formData', 'schema' => [ 'description' => '厂商名称。', 'type' => 'string', 'required' => false, 'example' => '111', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'title' => 'Id of the request', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'IdempotentParameterMismatch', 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', 'title' => '更新厂商', 'description' => '发送通知有频率和时间的限定。'."\n" .'每天每个用户在08:00-20:00点最多收到两次通知，其余时间不会发送。', ], 'DeleteVendor' => [ 'summary' => '删除厂商。', 'methods' => [ 'post', 'get', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'delete', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '173326*******', ], ], [ 'name' => 'VendorId', 'in' => 'formData', 'schema' => [ 'description' => '厂商ID。', 'type' => 'string', 'required' => false, 'example' => 'vd-qlsw5eocx94w9', ], ], [ 'name' => 'VendorName', 'in' => 'formData', 'schema' => [ 'description' => '厂商名称。', 'type' => 'string', 'required' => false, 'example' => '111', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'title' => 'Id of the request', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'IdempotentParameterMismatch', 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', 'title' => '删除厂商', 'description' => '发送通知有频率和时间的限定。'."\n" .'每天每个用户在08:00-20:00点最多收到两次通知，其余时间不会发送。', ], 'ListVendors' => [ 'summary' => '获取厂商列表。', 'path' => '', 'methods' => [ 'post', 'get', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'list', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'en'."\n", ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '173326*******'."\n", ], ], [ 'name' => 'VendorIds', 'in' => 'formData', 'style' => 'simple', 'schema' => [ 'description' => '厂商列表。', 'type' => 'array', 'items' => [ 'description' => '厂商ID。', 'type' => 'string', 'required' => false, 'example' => 'vd-qlsw5eocx94w9', ], 'required' => false, ], ], [ 'name' => 'VendorName', 'in' => 'formData', 'schema' => [ 'description' => '厂商名称。', 'type' => 'string', 'required' => false, 'example' => '111', ], ], [ 'name' => 'VendorType', 'in' => 'formData', 'schema' => [ 'description' => '厂商类型。取值：'."\n" .'- preset'."\n" .'- custom', 'type' => 'string', 'required' => false, 'example' => 'preset', ], ], [ 'name' => 'MaxResults', 'in' => 'formData', 'schema' => [ 'description' => '本次读取的最大数据量。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'minimum' => '0', 'example' => '50', ], ], [ 'name' => 'NextToken', 'in' => 'formData', 'schema' => [ 'description' => '是否拥有下一次查询的令牌（Token）。取值：第一次查询和没有下一次查询时，均无需填写。如果有下一次查询，取值为上一次API调用返回的NextToken值。', 'type' => 'string', 'required' => false, 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], 'Vendors' => [ 'description' => '厂商。', 'type' => 'array', 'items' => [ 'description' => '厂商。', 'type' => 'object', 'properties' => [ 'CreateTime' => [ 'description' => '创建时间。', 'type' => 'integer', 'format' => 'int64', 'example' => '1733269771123', ], 'UpdateTime' => [ 'description' => '更新时间。', 'type' => 'integer', 'format' => 'int64', 'example' => '1733269771123', ], 'VendorId' => [ 'description' => '厂商ID。', 'type' => 'string', 'example' => 'vd-qlsw5eocx94w9', ], 'VendorName' => [ 'description' => '厂商名称。', 'type' => 'string', 'example' => '111', ], 'VendorType' => [ 'description' => '厂商类型。取值：'."\n" .'- preset'."\n" .'- custom', 'type' => 'string', 'example' => 'preset', ], ], ], ], 'MaxResults' => [ 'description' => '本次读取的最大数据量。', 'type' => 'integer', 'format' => 'int32', 'minimum' => '0', 'example' => '50', ], 'NextToken' => [ 'description' => '是否拥有下一次查询的令牌（Token）。取值：第一次查询和没有下一次查询时，均无需填写。如果有下一次查询，取值为上一次API调用返回的NextToken值。', 'type' => 'string', 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****', ], 'TotalCount' => [ 'description' => '记录总数。', 'type' => 'integer', 'format' => 'int32', 'example' => '57', ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'IdempotentParameterMismatch', 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"Vendors\\": [\\n {\\n \\"CreateTime\\": 1733269771123,\\n \\"UpdateTime\\": 1733269771123,\\n \\"VendorId\\": \\"vd-qlsw5eocx94w9\\",\\n \\"VendorName\\": \\"111\\",\\n \\"VendorType\\": \\"preset\\"\\n }\\n ],\\n \\"MaxResults\\": 50,\\n \\"NextToken\\": \\"AAAAAUqcj6VO4E3ECWIrFczs****\\",\\n \\"TotalCount\\": 57\\n}","type":"json"}]', 'title' => '获取厂商列表', 'description' => '发送通知有频率和时间的限定。'."\n" .'每天每个用户在08:00-20:00点最多收到两次通知，其余时间不会发送。', ], 'CreateDataIngestion' => [ 'summary' => '创建接入策略。', 'methods' => [ 'post', 'get', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'create', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '173326*******', ], ], [ 'name' => 'DataIngestionMode', 'in' => 'formData', 'schema' => [ 'description' => '数据接入模式。取值：'."\n" .'- realtime'."\n" .'- scan', 'type' => 'string', 'required' => false, 'example' => 'realtime', ], ], [ 'name' => 'DataSourceId', 'in' => 'formData', 'schema' => [ 'description' => '数据源ID。', 'type' => 'string', 'required' => false, 'example' => 'ds-3g6lyf4eonngyohaq7tr', ], ], [ 'name' => 'NormalizationRuleId', 'in' => 'formData', 'schema' => [ 'description' => '标准化规则ID。', 'type' => 'string', 'required' => false, 'example' => 'nr-hdmady54piigkjfv17yp', ], ], [ 'name' => 'DataSourceEditable', 'in' => 'formData', 'schema' => [ 'description' => '数据源是否可以编辑。', 'type' => 'boolean', 'required' => false, 'example' => 'true', ], ], [ 'name' => 'DataIngestionStateCode', 'in' => 'formData', 'schema' => [ 'description' => '数据接入异常状态Code。', 'type' => 'string', 'required' => false, 'example' => 'UserUnauthorized', ], ], [ 'name' => 'CapacityCount', 'in' => 'formData', 'schema' => [ 'description' => '关联安全能力数量。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '10', ], ], [ 'name' => 'StreamJobId', 'in' => 'formData', 'schema' => [ 'description' => '任务流JobId。', 'type' => 'string', 'required' => false, 'example' => '802c0129b6cfd50861d4b25deea29afb', ], ], [ 'name' => 'DataIngestionType', 'in' => 'formData', 'schema' => [ 'description' => '数据接入类型。取值：'."\n" .'- preset'."\n" .'- custom', 'type' => 'string', 'required' => false, 'example' => 'custom', ], ], [ 'name' => 'ScanDataSourceId', 'in' => 'formData', 'schema' => [ 'description' => '扫描模式数据源Id。', 'type' => 'string', 'required' => false, 'example' => 'ds-014frtpy28m5ct2eoyo1', ], ], [ 'name' => 'UpdateTime', 'in' => 'formData', 'schema' => [ 'description' => '更新时间。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '1733269771123', ], ], [ 'name' => 'NormalizationRuleEditable', 'in' => 'formData', 'schema' => [ 'description' => '标准化规则是否可以编辑。', 'type' => 'boolean', 'required' => false, 'example' => 'true', ], ], [ 'name' => 'ProductId', 'in' => 'formData', 'schema' => [ 'description' => '产品ID。', 'type' => 'string', 'required' => false, 'example' => 'alibaba_cloud_sas', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'title' => 'Id of the request', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], 'DataIngestionId' => [ 'description' => '数据接入ID。', 'type' => 'string', 'example' => 'di-yxtm3l2rwa7fr5uvxtc7', ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'IdempotentParameterMismatch', 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"DataIngestionId\\": \\"di-yxtm3l2rwa7fr5uvxtc7\\"\\n}","type":"json"}]', 'title' => '创建接入策略', 'description' => '发送通知有频率和时间的限定。'."\n" .'每天每个用户在08:00-20:00点最多收到两次通知，其余时间不会发送。', ], 'EnableDataIngestion' => [ 'summary' => '启动接入策略。', 'methods' => [ 'post', 'get', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'readAndWrite', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'update', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '173326*******', ], ], [ 'name' => 'DataIngestionId', 'in' => 'formData', 'schema' => [ 'description' => '数据接入ID。', 'type' => 'string', 'required' => false, 'example' => 'alibaba_cloud_sas_netstat_ingestion_173326*******', ], ], [ 'name' => 'ProductId', 'in' => 'formData', 'schema' => [ 'description' => '产品ID。', 'type' => 'string', 'required' => false, 'example' => 'alibaba_cloud_sas', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'title' => 'Id of the request', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'IdempotentParameterMismatch', 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', 'title' => '启动接入策略', 'description' => '发送通知有频率和时间的限定。'."\n" .'每天每个用户在08:00-20:00点最多收到两次通知，其余时间不会发送。', ], 'DisableDataIngestion' => [ 'summary' => '停止接入策略。', 'methods' => [ 'post', 'get', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'readAndWrite', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'update', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '173326*******', ], ], [ 'name' => 'DataIngestionId', 'in' => 'formData', 'schema' => [ 'description' => '数据接入ID。', 'type' => 'string', 'required' => false, 'example' => 'alibaba_cloud_sas_netstat_ingestion_173326*******', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'title' => 'Id of the request', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'IdempotentParameterMismatch', 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', 'title' => '停止接入策略', 'description' => '发送通知有频率和时间的限定。'."\n" .'每天每个用户在08:00-20:00点最多收到两次通知，其余时间不会发送。', ], 'UpdateDataIngestion' => [ 'summary' => '更新接入策略。', 'methods' => [ 'post', 'get', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'update', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '173326*******', ], ], [ 'name' => 'DataIngestionId', 'in' => 'formData', 'schema' => [ 'description' => '数据接入ID。', 'type' => 'string', 'required' => false, 'example' => 'alibaba_cloud_actiontrail_event_ingestion_173326*******', ], ], [ 'name' => 'DataIngestionMode', 'in' => 'formData', 'schema' => [ 'description' => '数据接入模式。取值：'."\n" .'- realtime'."\n" .'- scan', 'type' => 'string', 'required' => false, 'example' => 'realtime', ], ], [ 'name' => 'DataSourceId', 'in' => 'formData', 'schema' => [ 'description' => '数据源ID。', 'type' => 'string', 'required' => false, 'example' => 'alibaba_cloud_actiontrail_event_log_173326*******', ], ], [ 'name' => 'NormalizationRuleId', 'in' => 'formData', 'schema' => [ 'description' => '标准化规则ID。', 'type' => 'string', 'required' => false, 'example' => 'alibaba_cloud_actiontrail_event_rule', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'title' => 'Id of the request', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'IdempotentParameterMismatch', 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', 'title' => '更新接入策略', 'description' => '发送通知有频率和时间的限定。'."\n" .'每天每个用户在08:00-20:00点最多收到两次通知，其余时间不会发送。', ], 'DeleteDataIngestion' => [ 'summary' => '删除接入策略。', 'methods' => [ 'post', 'get', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '173326*******', ], ], [ 'name' => 'DataIngestionId', 'in' => 'formData', 'schema' => [ 'description' => '数据接入ID。', 'type' => 'string', 'required' => false, 'example' => 'alibaba_cloud_sas_netstat_ingestion_173326*******', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'title' => 'Id of the request', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'IdempotentParameterMismatch', 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', 'title' => '删除接入策略', 'description' => '发送通知有频率和时间的限定。'."\n" .'每天每个用户在08:00-20:00点最多收到两次通知，其余时间不会发送。', ], 'GetDataBatchIngestion' => [ 'summary' => '获取数据批量接入。', 'methods' => [ 'post', 'get', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '173326*******'."\n", ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], 'DataBatchIngestion' => [ 'description' => '数据批量接入。', 'type' => 'object', 'properties' => [ 'DataBatchIngestionStatus' => [ 'description' => '数据批量接入状态。取值：'."\n" .'- pending：待生效。'."\n" .'- running：生效中。'."\n" .'- success：生效成功。'."\n" .'- failed：生效失败。', 'type' => 'string', 'example' => 'pending', ], 'DataBatchIngestionSetTime' => [ 'description' => '数据批量接入设置时间。', 'type' => 'string', 'example' => '1733269771123', ], 'DataBatchIngestionEffectTime' => [ 'description' => '数据批量接入生效时间。', 'type' => 'string', 'example' => '1733269771123', ], 'LogUserIds' => [ 'description' => '数据批量接入用户ID列表。', 'type' => 'array', 'items' => [ 'description' => '数据批量接入用户ID。', 'type' => 'string', 'example' => '173326*******', ], ], 'AutoScanNew' => [ 'description' => '是否自动发现新用户。取值：'."\n" .'- enabled：启用。'."\n" .'- disabled：禁用。', 'type' => 'string', 'example' => 'enabled', ], 'DataIngestions' => [ 'description' => '数据接入列表。', 'type' => 'array', 'items' => [ 'description' => '数据接入对象。', 'type' => 'object', 'properties' => [ 'DataIngestionId' => [ 'description' => '数据接入ID。', 'type' => 'string', 'example' => 'alibaba_cloud_sas_process_ingestion_173326*******', ], 'DataIngestionStatus' => [ 'description' => '数据接入状态。取值：'."\n" .'- enabled：启用。'."\n" .'- disabled：禁用。', 'type' => 'string', 'example' => 'enabled', ], 'DataSourceId' => [ 'description' => '数据源ID。', 'type' => 'string', 'example' => 'alibaba_cloud_sas_process_log_173326*******', ], 'ProductId' => [ 'description' => '产品ID。', 'type' => 'string', 'example' => 'alibaba_cloud_sas', ], 'VendorId' => [ 'description' => '厂商ID。', 'type' => 'string', 'example' => 'alibaba_cloud', ], ], ], ], 'RecommendDataIngestionIds' => [ 'description' => '推荐接入ID列表。', 'type' => 'array', 'items' => [ 'description' => '推荐接入ID。', 'type' => 'string', 'example' => 'alibaba_cloud_sas_process_log_173326*******', ], ], 'ApsaraDataIngestionIds' => [ 'description' => '阿里云产品接入ID列表。', 'type' => 'array', 'items' => [ 'description' => '阿里云产品接入ID。', 'type' => 'string', 'example' => 'alibaba_cloud_sas_process_log_173326*******', ], ], 'DataSourceRecognizeEnabled' => [ 'description' => '自动发现新日志库。', 'type' => 'boolean', 'example' => 'true', ], 'DataBatchIngestionMode' => [ 'description' => '批量数据接入模式。', 'type' => 'string', 'example' => 'full', ], ], ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'IdempotentParameterMismatch', 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"DataBatchIngestion\\": {\\n \\"DataBatchIngestionStatus\\": \\"pending\\",\\n \\"DataBatchIngestionSetTime\\": \\"1733269771123\\",\\n \\"DataBatchIngestionEffectTime\\": \\"1733269771123\\",\\n \\"LogUserIds\\": [\\n \\"173326*******\\"\\n ],\\n \\"AutoScanNew\\": \\"enabled\\",\\n \\"DataIngestions\\": [\\n {\\n \\"DataIngestionId\\": \\"alibaba_cloud_sas_process_ingestion_173326*******\\",\\n \\"DataIngestionStatus\\": \\"enabled\\",\\n \\"DataSourceId\\": \\"alibaba_cloud_sas_process_log_173326*******\\",\\n \\"ProductId\\": \\"alibaba_cloud_sas\\",\\n \\"VendorId\\": \\"alibaba_cloud\\"\\n }\\n ],\\n \\"RecommendDataIngestionIds\\": [\\n \\"alibaba_cloud_sas_process_log_173326*******\\"\\n ],\\n \\"ApsaraDataIngestionIds\\": [\\n \\"alibaba_cloud_sas_process_log_173326*******\\"\\n ],\\n \\"DataSourceRecognizeEnabled\\": true,\\n \\"DataBatchIngestionMode\\": \\"full\\"\\n }\\n}","type":"json"}]', 'title' => '获取数据批量接入', 'description' => '入参JsonConfig是一个非常复杂的JSON配置，为此我们提供了辅助工具类帮助具体配置示例，请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。', ], 'UpdateDataBatchIngestion' => [ 'summary' => '更新数据批量接入。', 'methods' => [ 'post', 'get', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '173326*******', ], ], [ 'name' => 'LogUserIds', 'in' => 'formData', 'style' => 'simple', 'schema' => [ 'description' => '数据批量接入用户ID列表。', 'type' => 'array', 'items' => [ 'description' => '数据批量接入用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '173326*******', ], 'required' => false, ], ], [ 'name' => 'AutoScanNew', 'in' => 'formData', 'schema' => [ 'description' => '是否自动发现新用户'."\n" .'- enabled：启用。'."\n" .'- disabled：禁用。', 'type' => 'string', 'required' => false, 'example' => 'enabled', ], ], [ 'name' => 'DataIngestionIds', 'in' => 'formData', 'style' => 'simple', 'schema' => [ 'description' => '接入策略ID列表。', 'type' => 'array', 'items' => [ 'description' => '接入策略ID列表。', 'type' => 'string', 'required' => false, 'example' => 'alibaba_cloud_actiontrail_event_ingestion_173326*******', ], 'required' => false, ], ], [ 'name' => 'DataSourceRecognizeEnabled', 'in' => 'formData', 'schema' => [ 'description' => '自动发现新日志库。', 'type' => 'boolean', 'required' => false, 'example' => 'true', ], ], [ 'name' => 'DataBatchIngestionMode', 'in' => 'formData', 'schema' => [ 'description' => '批量数据接入模式。取值：'."\n" .'- full'."\n" .'- increment', 'type' => 'string', 'required' => false, 'example' => 'full', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'IdempotentParameterMismatch', 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', 'title' => '更新数据批量接入策略', 'description' => '入参JsonConfig是一个非常复杂的JSON配置，为此我们提供了辅助工具类帮助具体配置示例，请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。', ], 'ListDataIngestions' => [ 'summary' => '获取数据接入策略列表。', 'methods' => [ 'post', 'get', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'readAndWrite', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '173326*******', ], ], [ 'name' => 'DataIngestionIds', 'in' => 'formData', 'style' => 'simple', 'schema' => [ 'description' => '接入策略ID列表。', 'type' => 'array', 'items' => [ 'description' => '接入策略ID。', 'type' => 'string', 'required' => false, 'example' => 'alibaba_cloud_sas_netstat_ingestion_173326*******', ], 'required' => false, ], ], [ 'name' => 'DataIngestionStatus', 'in' => 'formData', 'schema' => [ 'description' => '数据接入状态。取值：'."\n" .'- enabled：启用。'."\n" .'- disabled：禁用。', 'type' => 'string', 'required' => false, 'example' => 'enabled', ], ], [ 'name' => 'ProductId', 'in' => 'formData', 'schema' => [ 'description' => '产品ID。', 'type' => 'string', 'required' => false, 'example' => 'alibaba_cloud_sas', ], ], [ 'name' => 'DataIngestionTemplateIds', 'in' => 'formData', 'style' => 'simple', 'schema' => [ 'description' => '数据接入模版ID列表。', 'type' => 'array', 'items' => [ 'description' => '数据接入模版ID。', 'type' => 'string', 'required' => false, 'example' => 'alibaba_cloud_sas_netstat_ingestion', ], 'required' => false, ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'title' => 'Id of the request', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], 'DataIngestions' => [ 'description' => '数据接入列表。', 'type' => 'array', 'items' => [ 'description' => '数据接入。', 'type' => 'object', 'properties' => [ 'CreateTime' => [ 'description' => '创建时间。', 'type' => 'integer', 'format' => 'int64', 'example' => '1733269771123', ], 'UpdateTime' => [ 'description' => '更新时间。', 'type' => 'integer', 'format' => 'int64', 'example' => '1733269771123', ], 'DataIngestionId' => [ 'description' => '数据接入ID。', 'type' => 'string', 'example' => 'alibaba_cloud_sas_netstat_ingestion_173326*******', ], 'DataIngestionType' => [ 'description' => '数据接入类型。取值：'."\n" .'- preset'."\n" .'- custom', 'type' => 'string', 'example' => 'preset', ], 'DataIngestionMode' => [ 'description' => '数据接入模式。取值：'."\n" .'- realtime'."\n" .'- scan', 'type' => 'string', 'example' => 'realtime', ], 'DataIngestionStatus' => [ 'description' => '数据接入状态。取值：'."\n" .'- enabled：启用。'."\n" .'- disabled：禁用。', 'type' => 'string', 'example' => 'enabled', ], 'DataIngestionState' => [ 'description' => '数据接入形态。取值：'."\n" .'- ingested'."\n" .'- uningested'."\n" .'- abnorma', 'type' => 'string', 'example' => 'ingested', ], 'DataSourceId' => [ 'description' => '数据源ID。', 'type' => 'string', 'example' => 'ds-scpfegri73oyoknbc90c', ], 'NormalizationRuleId' => [ 'description' => '标准化规则ID。', 'type' => 'string', 'example' => 'nr-0aywiqdtaqdvwac7xkbjsf3a', ], 'StreamJobId' => [ 'description' => '任务流JobId。', 'type' => 'string', 'example' => '73a78aa245e3b1299d6ceed093de7bd8', ], 'CapacityCount' => [ 'description' => '关联安全能力数量。', 'type' => 'integer', 'format' => 'int32', 'example' => '3', ], 'DataSourceEditable' => [ 'description' => '数据源是否可以编辑。', 'type' => 'boolean', 'example' => 'true', ], 'NormalizationRuleEditable' => [ 'description' => '标准化规则是否可以编辑。', 'type' => 'boolean', 'example' => 'true', ], 'DataIngestionModeEditable' => [ 'description' => '数据接入模式是否可以编辑。', 'type' => 'boolean', 'example' => 'true', ], 'DataIngestionTemplateId' => [ 'description' => '数据接入模版ID。', 'type' => 'string', 'example' => 'alibaba_cloud_sas_netstat_ingestion', ], 'RealtimeDataSourceId' => [ 'description' => '实时模式数据源Id。', 'type' => 'string', 'example' => 'ds-scpfegri73oyoknbc90c', ], 'ScanDataSourceId' => [ 'description' => '扫描模式数据源Id。', 'type' => 'string', 'example' => 'ds-scpfegri73oyoknbc90c', ], 'DataIngestionStateCode' => [ 'description' => '数据接入异常状态Code。', 'type' => 'string', 'example' => 'UserUnauthorized', ], 'ActiveTime' => [ 'description' => '激活时间。', 'type' => 'integer', 'format' => 'int64', 'example' => '1733269771123', ], ], ], ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'IdempotentParameterMismatch', 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"DataIngestions\\": [\\n {\\n \\"CreateTime\\": 1733269771123,\\n \\"UpdateTime\\": 1733269771123,\\n \\"DataIngestionId\\": \\"alibaba_cloud_sas_netstat_ingestion_173326*******\\",\\n \\"DataIngestionType\\": \\"preset\\",\\n \\"DataIngestionMode\\": \\"realtime\\",\\n \\"DataIngestionStatus\\": \\"enabled\\",\\n \\"DataIngestionState\\": \\"ingested\\",\\n \\"DataSourceId\\": \\"ds-scpfegri73oyoknbc90c\\",\\n \\"NormalizationRuleId\\": \\"nr-0aywiqdtaqdvwac7xkbjsf3a\\",\\n \\"StreamJobId\\": \\"73a78aa245e3b1299d6ceed093de7bd8\\",\\n \\"CapacityCount\\": 3,\\n \\"DataSourceEditable\\": true,\\n \\"NormalizationRuleEditable\\": true,\\n \\"DataIngestionModeEditable\\": true,\\n \\"DataIngestionTemplateId\\": \\"alibaba_cloud_sas_netstat_ingestion\\",\\n \\"RealtimeDataSourceId\\": \\"ds-scpfegri73oyoknbc90c\\",\\n \\"ScanDataSourceId\\": \\"ds-scpfegri73oyoknbc90c\\",\\n \\"DataIngestionStateCode\\": \\"UserUnauthorized\\",\\n \\"ActiveTime\\": 1733269771123\\n }\\n ]\\n}","type":"json"}]', 'title' => '获取数据接入策略列表', 'description' => '发送通知有频率和时间的限定。'."\n" .'每天每个用户在08:00-20:00点最多收到两次通知，其余时间不会发送。', ], 'UpdateDataIngestionTemplate' => [ 'summary' => '更新接入模板。', 'path' => '', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'update', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], 'tenantRelevance' => 'tenant', ], 'parameters' => [ [ 'name' => 'DataIngestionTemplateId', 'in' => 'formData', 'schema' => [ 'description' => '数据接入模版ID。', 'type' => 'string', 'required' => false, 'example' => 'alibaba_cloud_actiontrail_event_ingestion_173326*******', ], ], [ 'name' => 'DataIngestionTemplateName', 'in' => 'formData', 'schema' => [ 'description' => '数据源模版名称。', 'type' => 'string', 'required' => false, 'example' => 'alibaba_cloud_actiontrail_event_ingestion_173326*******', ], ], [ 'name' => 'NormalizationRuleId', 'in' => 'formData', 'schema' => [ 'description' => '标准化规则ID。', 'type' => 'string', 'required' => false, 'example' => 'alibaba_cloud_actiontrail_event_rule', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '173326*******', ], ], [ 'name' => 'DataIngestionStatus', 'in' => 'formData', 'schema' => [ 'description' => '数据接入状态。取值：'."\n" .'- enabled：启用。'."\n" .'- disabled：禁用。', 'type' => 'string', 'required' => false, 'example' => 'enabled', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'title' => 'Id of the request', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], ], ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', 'title' => '更新数据接入模版', 'description' => '发送通知有频率和时间的限定。'."\n" .'每天每个用户在08:00-20:00点最多收到两次通知，其余时间不会发送。', ], 'ListDataIngestionTemplates' => [ 'summary' => '查询接入模板。', 'path' => '', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'list', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'DataSourceTemplateIds', 'in' => 'formData', 'schema' => [ 'description' => '数据源模版ID列表。', 'type' => 'string', 'required' => false, 'example' => 'alibaba_cloud_sas_account_snapshot_log_173326*******', ], ], [ 'name' => 'DataIngestionTemplateStatus', 'in' => 'formData', 'schema' => [ 'description' => '数据接入模版状态。取值：'."\n" .'- pending'."\n" .'- running'."\n" .'- success'."\n" .'- failed', 'type' => 'string', 'required' => false, 'example' => 'running', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '173326*******', ], ], [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'ProductId', 'in' => 'formData', 'schema' => [ 'description' => '产品ID。', 'type' => 'string', 'required' => false, 'example' => 'alibaba_cloud_sas', ], ], [ 'name' => 'PageNumber', 'in' => 'formData', 'schema' => [ 'description' => '分页参数：当前页码。', 'type' => 'string', 'required' => false, 'example' => '1', ], ], [ 'name' => 'PageSize', 'in' => 'formData', 'schema' => [ 'description' => '分页参数：每页显示条数。', 'type' => 'string', 'required' => false, 'example' => '10', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], 'DataIngestionTemplates' => [ 'description' => '数据接入模版列表。', 'type' => 'array', 'items' => [ 'description' => '数据接入模版。', 'type' => 'object', 'properties' => [ 'CreateTime' => [ 'description' => '创建时间。', 'type' => 'integer', 'format' => 'int64', 'example' => '1733269771123', ], 'DataIngestionStatus' => [ 'description' => '数据接入状态。取值：'."\n" .'- enabled：启用。'."\n" .'- disabled：禁用。', 'type' => 'string', 'example' => 'enabled', ], 'DataIngestionTemplateId' => [ 'description' => '数据接入模版ID。', 'type' => 'string', 'example' => 'alibaba_cloud_sas_account_snapshot_log', ], 'DataIngestionTemplateName' => [ 'description' => '数据源模版名称。', 'type' => 'string', 'example' => 'alibaba_cloud_sas_account_snapshot_log', ], 'DataSourceTemplateId' => [ 'description' => '数据源模版ID。', 'type' => 'string', 'example' => 'alibaba_cloud_sas_account_snapshot_log_173326*******', ], 'NormalizationRuleId' => [ 'description' => '标准化规则ID。', 'type' => 'string', 'example' => 'alibaba_cloud_actiontrail_event_rule', ], 'NormalizationRuleName' => [ 'description' => '标准化规则名称。', 'type' => 'string', 'example' => 'normalization_rule_ke1RN', ], 'UpdateTime' => [ 'description' => '更新时间。', 'type' => 'integer', 'format' => 'int64', 'example' => '173326*******', ], 'CapacityCount' => [ 'description' => '关联安全能力数量。', 'type' => 'string', 'example' => '3', ], 'DataIngestionMode' => [ 'description' => '数据接入模式。取值：'."\n" .'- realtime'."\n" .'- scan', 'type' => 'string', 'example' => 'realtime', ], 'DataIngestionTemplateStatus' => [ 'description' => '数据接入模版状态。取值：'."\n" .'- pending'."\n" .'- running'."\n" .'- success'."\n" .'- failed', 'type' => 'string', 'example' => 'running', ], ], ], ], 'PageNumber' => [ 'description' => '分页参数：当前页码。', 'type' => 'string', 'example' => '1', ], 'PageSize' => [ 'description' => '分页参数：每页显示条数。', 'type' => 'string', 'example' => '10', ], ], ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"DataIngestionTemplates\\": [\\n {\\n \\"CreateTime\\": 1733269771123,\\n \\"DataIngestionStatus\\": \\"enabled\\",\\n \\"DataIngestionTemplateId\\": \\"alibaba_cloud_sas_account_snapshot_log\\",\\n \\"DataIngestionTemplateName\\": \\"alibaba_cloud_sas_account_snapshot_log\\",\\n \\"DataSourceTemplateId\\": \\"alibaba_cloud_sas_account_snapshot_log_173326*******\\",\\n \\"NormalizationRuleId\\": \\"alibaba_cloud_actiontrail_event_rule\\",\\n \\"NormalizationRuleName\\": \\"normalization_rule_ke1RN\\",\\n \\"UpdateTime\\": 0,\\n \\"CapacityCount\\": \\"3\\",\\n \\"DataIngestionMode\\": \\"realtime\\",\\n \\"DataIngestionTemplateStatus\\": \\"running\\"\\n }\\n ],\\n \\"PageNumber\\": \\"1\\",\\n \\"PageSize\\": \\"10\\"\\n}","type":"json"}]', 'title' => '获取数据接入模版列表', 'description' => '发送通知有频率和时间的限定。'."\n" .'每天每个用户在08:00-20:00点最多收到两次通知，其余时间不会发送。', ], 'ListTrafficStatistics' => [ 'summary' => '获取流量统计列表。', 'methods' => [ 'post', 'get', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'readAndWrite', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '173326*******', ], ], [ 'name' => 'TrafficStatisticPeriod', 'in' => 'formData', 'schema' => [ 'description' => '统计周期。', 'type' => 'string', 'required' => false, 'example' => '30', ], ], [ 'name' => 'TrafficStatisticPeriodType', 'in' => 'formData', 'schema' => [ 'description' => '统计粒度。取值：'."\n" .'- day：天，默认。'."\n" .'- hour：小时。', 'type' => 'string', 'required' => false, 'example' => 'day', ], ], [ 'name' => 'TrafficStatisticType', 'in' => 'formData', 'schema' => [ 'description' => '统计维度。取值：'."\n" .'- Region'."\n" .'- Product'."\n" .'- DataIngetion'."\n" .'- logUserId', 'type' => 'string', 'required' => false, 'example' => 'Region', ], ], [ 'name' => 'ProductId', 'in' => 'formData', 'schema' => [ 'description' => '产品ID。', 'type' => 'string', 'required' => false, 'example' => 'alibaba_cloud_sas', ], ], [ 'name' => 'TrafficType', 'in' => 'formData', 'schema' => [ 'title' => '日志流量类型:'."\n" .'- "commonLogTraffic"：通用日志流量 (默认)'."\n" .'- "agentAnalysisLogTraffic"：AI智能分析日志流量', 'description' => '日志流量类型:'."\n" .'- "commonLogTraffic"：通用日志流量 (默认)'."\n" .'- "agentAnalysisLogTraffic"：AI智能分析日志流量', 'type' => 'string', 'required' => false, 'example' => 'agentAnalysisLogTraffic', 'default' => 'commonLogTraffic', ], ], [ 'name' => 'RegionTag', 'in' => 'formData', 'schema' => [ 'description' => '地域。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'LogUserIds', 'in' => 'formData', 'style' => 'simple', 'schema' => [ 'description' => '数据批量接入用户ID列表。', 'type' => 'array', 'items' => [ 'description' => '数据批量接入用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '173326*******', ], 'required' => false, ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'title' => 'Id of the request', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], 'TrafficStatistics' => [ 'description' => '流量统计列表。', 'type' => 'array', 'items' => [ 'description' => '流量统计。', 'type' => 'object', 'properties' => [ 'TrafficStatisticTarget' => [ 'description' => '统计目标。', 'type' => 'string', 'example' => 'all', ], 'TrafficStatisticData' => [ 'description' => '统计信息。', 'type' => 'array', 'items' => [ 'description' => '流量信息。', 'type' => 'object', 'properties' => [ 'TrafficStatisticTime' => [ 'description' => '统计时间。', 'type' => 'integer', 'format' => 'int64', 'example' => '20250815', ], 'TrafficStatisticValue' => [ 'description' => '统计值。', 'type' => 'number', 'format' => 'double', 'example' => '1.699814', ], ], ], ], ], ], ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'IdempotentParameterMismatch', 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"TrafficStatistics\\": [\\n {\\n \\"TrafficStatisticTarget\\": \\"all\\",\\n \\"TrafficStatisticData\\": [\\n {\\n \\"TrafficStatisticTime\\": 20250815,\\n \\"TrafficStatisticValue\\": 1.699814\\n }\\n ]\\n }\\n ]\\n}","type":"json"}]', 'title' => '获取流量统计列表', 'description' => '入参JsonConfig是一个非常复杂的JSON配置，为此我们提供了辅助工具类帮助具体配置示例，请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。', ], 'ExecuteLogQuery' => [ 'summary' => '执行数据查询。', 'methods' => [ 'post', 'get', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '173326*******', ], ], [ 'name' => 'LogUserId', 'in' => 'formData', 'schema' => [ 'description' => '数据接入用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '173326*******', ], ], [ 'name' => 'LogRegionId', 'in' => 'formData', 'schema' => [ 'description' => '日志存储地域ID。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'LogProjectName', 'in' => 'formData', 'schema' => [ 'description' => '日志服务项目名称。', 'type' => 'string', 'required' => false, 'example' => 'slsaudit-center-173326*******-cn-hangzhou', ], ], [ 'name' => 'LogStoreName', 'in' => 'formData', 'schema' => [ 'description' => '日志服务项目名称。', 'type' => 'string', 'required' => false, 'example' => 'huawei-cn-cfw', ], ], [ 'name' => 'LogQuery', 'in' => 'formData', 'schema' => [ 'description' => '日志服务查询语句。', 'type' => 'string', 'required' => false, 'example' => '*', ], ], [ 'name' => 'ExtendContentPacked', 'in' => 'formData', 'schema' => [ 'title' => '用于标识否将非标准字段打包到扩展字段extend_content,取值：'."\n" .'- "enabled" ：启用打包'."\n" .'- "disabled" ：不启用打包'."\n" .'默认："disabled"', 'description' => '用于标识否将非标准字段打包到扩展字段extend_content。取值：'."\n" .'- enabled：开启。'."\n" .'- disabled：禁用。', 'type' => 'string', 'required' => false, 'example' => 'enabled', ], ], [ 'name' => 'NormalizationSchemaId', 'in' => 'formData', 'schema' => [ 'title' => '如果启用打包，则需要指定NormalizationSchemaId', 'description' => '如果启用打包，则需要指定NormalizationSchemaId', 'type' => 'string', 'required' => false, 'example' => 'WAF_ALERT_ACTIVITY', ], ], [ 'name' => 'StartTime', 'in' => 'formData', 'schema' => [ 'description' => '开始时间。', 'type' => 'string', 'required' => false, 'example' => '1733269771123', ], ], [ 'name' => 'EndTime', 'in' => 'formData', 'schema' => [ 'description' => '结束时间。', 'type' => 'string', 'required' => false, 'example' => '1733269771123', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], 'QueryResult' => [ 'description' => '请求结果。', 'type' => 'array', 'items' => [ 'description' => '请求结果。', 'type' => 'any', 'example' => '[]', ], 'example' => '[]。', ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'IdempotentParameterMismatch', 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"QueryResult\\": [\\n \\"[]\\"\\n ]\\n}","type":"json"}]', 'title' => '执行日志服务查询', 'description' => '入参JsonConfig是一个非常复杂的JSON配置，为此我们提供了辅助工具类帮助具体配置示例，请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。', ], 'CreateNormalizationRule' => [ 'summary' => '创建标准化规则。', 'methods' => [ 'post', 'get', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'create', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '资源目录成员账号ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '173326*******', ], ], [ 'name' => 'NormalizationRuleName', 'in' => 'formData', 'schema' => [ 'description' => '标准化规则名称。', 'type' => 'string', 'required' => false, 'example' => 'normalization_rule_Z57np', ], ], [ 'name' => 'NormalizationRuleDescription', 'in' => 'formData', 'schema' => [ 'description' => '标准化规则描述。', 'type' => 'string', 'required' => false, 'example' => 'normalization_rule_Z57np', ], ], [ 'name' => 'NormalizationRuleFormat', 'in' => 'formData', 'schema' => [ 'description' => '标准化规则格式。', 'type' => 'string', 'required' => false, 'example' => 'SPL', ], ], [ 'name' => 'NormalizationRuleExpression', 'in' => 'formData', 'schema' => [ 'description' => '标准化规则表达式。', 'type' => 'string', 'required' => false, 'example' => '* | pack-fields -include=\'[\\s\\S]+\' as extend_content', ], ], [ 'name' => 'NormalizationCategoryId', 'in' => 'formData', 'schema' => [ 'description' => '标准化规则分类ID。', 'type' => 'string', 'required' => false, 'example' => 'NETWORK_CATEGORY', ], ], [ 'name' => 'NormalizationSchemaId', 'in' => 'formData', 'schema' => [ 'description' => '标准化结构ID。', 'type' => 'string', 'required' => false, 'example' => 'HTTP_ACTIVITY', ], ], [ 'name' => 'VendorId', 'in' => 'formData', 'schema' => [ 'description' => '标准化规则对应的厂商ID。', 'type' => 'string', 'required' => false, 'example' => 'alibaba_cloud', ], ], [ 'name' => 'ProductId', 'in' => 'formData', 'schema' => [ 'description' => '产品ID。', 'type' => 'string', 'required' => false, 'example' => 'alibaba_cloud_sas', ], ], [ 'name' => 'NormalizationRuleMode', 'in' => 'formData', 'schema' => [ 'description' => '标准化规则模式。取值：'."\n" .'- both'."\n" .'- scan'."\n" .'- realtime', 'type' => 'string', 'required' => false, 'example' => 'both', ], ], [ 'name' => 'ExtendContentPacked', 'in' => 'formData', 'schema' => [ 'title' => '用于标识否将非标准字段打包到扩展字段extend_content,取值：'."\n" .' - "enabled" ：启用打包'."\n" .' - "disabled" ：不启用打包'."\n" .' 默认："disabled"', 'description' => '用于标识否将非标准字段打包到扩展字段extend_content。取值：'."\n" .'- enabled：启用。'."\n" .'- disabled：禁用。', 'type' => 'string', 'required' => false, 'example' => 'enabled', ], ], [ 'name' => 'NormalizationRuleType', 'in' => 'formData', 'schema' => [ 'description' => '标准化规则类型。取值：'."\n" .'- predefined：预定义标准化规则。'."\n" .'- custom：自定义标准化规则。', 'type' => 'string', 'required' => false, 'example' => 'custom', ], ], [ 'name' => 'OrderField', 'in' => 'formData', 'schema' => [ 'description' => '规则列表排列字段。 取值：'."\n" .'- GmtModified：基于修改时间排序。'."\n" .'- Id：基于规则id排序（默认）。', 'type' => 'string', 'required' => false, 'example' => 'Id', ], ], [ 'name' => 'NormalizationRuleVersion', 'in' => 'formData', 'schema' => [ 'description' => '标准化规则版本。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'NormalizationRuleIds', 'in' => 'formData', 'style' => 'json', 'schema' => [ 'description' => '标准化规则ID列表。', 'type' => 'array', 'items' => [ 'description' => '标准化规则ID列表。', 'type' => 'string', 'required' => false, 'example' => 'alibaba_cloud_cfw_alert_extract_rule,alibaba_cloud_cfw_flow_rule,alibaba_cloud_ndr_http_rule,alibaba_cloud_ndr_dns_rule,alibaba_cloud_ndr_attack_alert_rule', ], 'required' => false, ], ], [ 'name' => 'ExtendFieldStoreMode', 'in' => 'formData', 'schema' => [ 'title' => '扩展字段存储模式，可选项：flat、pack、reject。', 'description' => '扩展字段存储模式，可选项：flat、pack、reject。', 'type' => 'string', 'required' => false, 'example' => 'flat', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'title' => 'Id of the request', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], 'NormalizationRuleId' => [ 'description' => '标准化规则ID。', 'type' => 'string', 'example' => 'nr-z0b2ssjteut85uoh9nzp', ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'IdempotentParameterMismatch', 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"NormalizationRuleId\\": \\"nr-z0b2ssjteut85uoh9nzp\\"\\n}","type":"json"}]', 'title' => '创建标准化规则', 'description' => '入参JsonConfig是一个非常复杂的JSON配置，为此我们提供了辅助工具类帮助具体配置示例，请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。', ], 'UpdateNormalizationRule' => [ 'summary' => '更新标准化规则。', 'methods' => [ 'post', 'get', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'update', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '173326*******', ], ], [ 'name' => 'NormalizationRuleId', 'in' => 'formData', 'schema' => [ 'description' => '标准化规则ID。', 'type' => 'string', 'required' => false, 'example' => 'nr-z0b2ssjteut85uoh9nzp', ], ], [ 'name' => 'NormalizationRuleName', 'in' => 'formData', 'schema' => [ 'description' => '标准化规则名称。', 'type' => 'string', 'required' => false, 'example' => 'normalization_rule_Z57np', ], ], [ 'name' => 'NormalizationRuleDescription', 'in' => 'formData', 'schema' => [ 'description' => '标准化规则描述。', 'type' => 'string', 'required' => false, 'example' => 'normalization_rule_Z57np', ], ], [ 'name' => 'NormalizationRuleFormat', 'in' => 'formData', 'schema' => [ 'description' => '标准化规则格式。', 'type' => 'string', 'required' => false, 'example' => 'SPL', ], ], [ 'name' => 'NormalizationRuleExpression', 'in' => 'formData', 'schema' => [ 'description' => '标准化规则表达式。', 'type' => 'string', 'required' => false, 'example' => '* | pack-fields -include=\'[\\s\\S]+\' as extend_content', ], ], [ 'name' => 'NormalizationSchemaId', 'in' => 'formData', 'schema' => [ 'description' => '标准化结构ID。', 'type' => 'string', 'required' => false, 'example' => 'HTTP_ACTIVITY', ], ], [ 'name' => 'VendorId', 'in' => 'formData', 'schema' => [ 'description' => '标准化规则对应的厂商ID。', 'type' => 'string', 'required' => false, 'example' => 'alibaba_cloud', ], ], [ 'name' => 'ProductId', 'in' => 'formData', 'schema' => [ 'description' => '产品ID。', 'type' => 'string', 'required' => false, 'example' => 'alibaba_cloud_sas', ], ], [ 'name' => 'NormalizationRuleMode', 'in' => 'formData', 'schema' => [ 'description' => '标准化规则模式。取值：'."\n" .'- both'."\n" .'- scan'."\n" .'- realtime', 'type' => 'string', 'required' => false, 'example' => 'both', ], ], [ 'name' => 'ExtendContentPacked', 'in' => 'formData', 'schema' => [ 'title' => '用于标识否将非标准字段打包到扩展字段extend_content,取值：'."\n" .'- "enabled" ：启用打包'."\n" .'- "disabled" ：不启用打包'."\n" .'默认："disabled"', 'description' => '用于标识否将非标准字段打包到扩展字段extend_content。取值：'."\n" .'- enabled：启用。'."\n" .'- disabled：禁用。', 'type' => 'string', 'required' => false, 'example' => 'enabled', ], ], [ 'name' => 'OrderField', 'in' => 'formData', 'schema' => [ 'description' => '规则列表排列字段。 取值：'."\n" .'- GmtModified：基于修改时间排序。'."\n" .'- Id：基于规则id排序（默认）。', 'type' => 'string', 'required' => false, 'example' => 'Id', ], ], [ 'name' => 'NormalizationRuleType', 'in' => 'formData', 'schema' => [ 'description' => '标准化规则类型。取值：'."\n" .'- predefined：预定义标准化规则。'."\n" .'- custom：自定义标准化规则。'."\n", 'type' => 'string', 'required' => false, 'example' => 'custom', ], ], [ 'name' => 'NormalizationRuleIds', 'in' => 'formData', 'style' => 'json', 'schema' => [ 'description' => '标准化规则ID列表。', 'type' => 'array', 'items' => [ 'description' => '标准化规则ID列表。', 'type' => 'string', 'required' => false, 'example' => 'nr-68unzx95g5avl0n7aife,nr-lc2gzp4ysxksl0ke7l2q', ], 'required' => false, ], ], [ 'name' => 'ExtendFieldStoreMode', 'in' => 'formData', 'schema' => [ 'title' => '扩展字段存储模式，可选项：flat、pack、reject。', 'description' => '扩展字段存储模式，可选项：flat、pack、reject。', 'type' => 'string', 'required' => false, 'example' => 'flat', ], ], [ 'name' => 'NormalizationCategoryId', 'in' => 'formData', 'schema' => [ 'title' => '所属标准化类目', 'description' => '所属标准化类目', 'type' => 'string', 'required' => false, 'example' => 'HOST_CATEGORY', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'title' => 'Id of the request', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'IdempotentParameterMismatch', 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', 'title' => '更新标准化规则', 'description' => '入参JsonConfig是一个非常复杂的JSON配置，为此我们提供了辅助工具类帮助具体配置示例，请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。', ], 'DeleteNormalizationRule' => [ 'summary' => '删除标准化规则。', 'methods' => [ 'post', 'get', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'delete', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '173326*******', ], ], [ 'name' => 'NormalizationRuleId', 'in' => 'formData', 'schema' => [ 'description' => '标准化规则ID。', 'type' => 'string', 'required' => false, 'example' => 'nr-z0b2ssjteut85uoh9nzp', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'IdempotentParameterMismatch', 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', 'title' => '删除标准化规则', 'description' => '入参JsonConfig是一个非常复杂的JSON配置，为此我们提供了辅助工具类帮助具体配置示例，请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。', ], 'ValidateNormalizationRule' => [ 'summary' => '校验标准化规则。', 'methods' => [ 'post', 'get', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'readAndWrite', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'none', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '173326*******', ], ], [ 'name' => 'Data', 'in' => 'formData', 'schema' => [ 'description' => '规则ID。', 'type' => 'string', 'required' => false, 'example' => '123456', ], ], [ 'name' => 'NormalizationCategoryId', 'in' => 'formData', 'schema' => [ 'description' => '规则所属标准化类目。', 'type' => 'string', 'required' => false, 'example' => 'NETWORK_CATEGORY', ], ], [ 'name' => 'NormalizationSchemaId', 'in' => 'formData', 'schema' => [ 'description' => '规则所属标准化模式ID。', 'type' => 'string', 'required' => false, 'example' => 'HTTP_ACTIVITY', ], ], [ 'name' => 'VendorId', 'in' => 'formData', 'schema' => [ 'title' => '厂商ID。', 'description' => '厂商ID。', 'type' => 'string', 'required' => false, 'example' => 'alibaba_cloud', ], ], [ 'name' => 'ProductId', 'in' => 'formData', 'schema' => [ 'title' => '产品ID。', 'description' => '产品ID。', 'type' => 'string', 'required' => false, 'example' => 'alibaba_cloud_sas', ], ], [ 'name' => 'ExtendFieldStoreMode', 'in' => 'formData', 'schema' => [ 'title' => '扩展字段存储模式，取值：flat、pack、reject。', 'description' => '扩展字段存储模式，取值：flat、pack、reject。', 'type' => 'string', 'required' => false, 'example' => 'flat', ], ], [ 'name' => 'NormalizationRuleMode', 'in' => 'formData', 'schema' => [ 'title' => '标准化规则模式。取值：both、realtime', 'description' => '标准化规则模式。取值：both、realtime', 'type' => 'string', 'required' => false, 'example' => 'realtime', ], ], [ 'name' => 'LogSample', 'in' => 'formData', 'schema' => [ 'title' => '日志样例，JSON格式。', 'description' => '日志样例，JSON格式。', 'type' => 'string', 'required' => false, 'example' => '{"aaa":"bbb","xxx":"yyy"}', ], ], [ 'name' => 'NormalizationRuleExpression', 'in' => 'formData', 'schema' => [ 'title' => '标准化规则表达式。', 'description' => '标准化规则表达式。', 'type' => 'string', 'required' => false, 'example' => '*', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'title' => 'Id of the request', 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], 'ValidateResult' => [ 'description' => '校验结果列表。', 'type' => 'array', 'items' => [ 'description' => '校验结果。', 'type' => 'object', 'properties' => [ 'FieldName' => [ 'description' => '字段名称。', 'type' => 'string', 'example' => 'host', ], 'FieldValue' => [ 'description' => '字段信息。', 'type' => 'string', 'example' => 'ze', ], 'NormalizationFieldName' => [ 'description' => '标准化字段名称。', 'type' => 'string', 'example' => 'host', ], 'NormalizationFieldRequired' => [ 'description' => '标准化字段是否必填。', 'type' => 'boolean', 'example' => 'true', ], 'Result' => [ 'description' => '校验结果，取值：'."\n" .'- 1：校验通过。'."\n" .'- 0：警告。'."\n" .'- 1：校验不通过。', 'type' => 'integer', 'format' => 'int32', 'example' => '1', ], 'Message' => [ 'description' => '校验原因，取值：'."\n" .'- OperationDenied.TheValueIsRequired： 必填参数为空。'."\n" .'- OperationDenied.TheValueIsNull: 参数值为空。'."\n" .'- OperationDenied.TheEnumValueNotSupport： 字段值不在枚举值范围内。'."\n" .'- OperationDenied.TheValueLessThanMin： 字段值小于设定的最小值。'."\n" .'- OperationDenied.TheValueMoreThanMax： 字段值大于设定的最大值。'."\n" .'- OperationDenied.TheValueNotMatchRegularExpression： 字段值正则匹配不通过。'."\n" .'- success： 验证通过。', 'type' => 'string', 'example' => 'success', ], 'NormalizationFieldType' => [ 'title' => '标准字段类型，支持text、long、double、json四种类型。', 'description' => '标准字段类型，支持text、long、double、json四种类型。', 'type' => 'string', 'example' => 'text', ], 'NormalizationFieldFrom' => [ 'title' => '标准字段来源，preset-内置，custom-自定义。', 'description' => '标准字段来源，preset-内置，custom-自定义。', 'type' => 'string', 'example' => 'preset', ], 'NormalizationFieldReserved' => [ 'title' => '是否是系统内置的标准字段名。', 'description' => '是否是系统内置的标准字段名。', 'type' => 'boolean', ], 'NormalizationFieldValidationStatus' => [ 'title' => '标准字段校验状态，取值：pass、fail。', 'description' => '标准字段校验状态，取值：pass、fail。', 'type' => 'string', 'example' => 'pass', ], 'NormalizationFieldValidationReason' => [ 'title' => '标准字段校验失败原因。', 'description' => '标准字段校验失败原因。', 'type' => 'string', 'example' => 'OperationDenied.TheValueIsRequired', ], 'LogFieldName' => [ 'title' => '日志字段名。', 'description' => '日志字段名。', 'type' => 'string', 'example' => 'aaa', ], 'LogFieldValue' => [ 'title' => '日志字段值。', 'description' => '日志字段值。', 'type' => 'string', 'example' => 'bbb', ], ], ], ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'IdempotentParameterMismatch', 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"ValidateResult\\": [\\n {\\n \\"FieldName\\": \\"host\\",\\n \\"FieldValue\\": \\"ze\\",\\n \\"NormalizationFieldName\\": \\"host\\",\\n \\"NormalizationFieldRequired\\": true,\\n \\"Result\\": 1,\\n \\"Message\\": \\"success\\",\\n \\"NormalizationFieldType\\": \\"text\\",\\n \\"NormalizationFieldFrom\\": \\"preset\\",\\n \\"NormalizationFieldReserved\\": true,\\n \\"NormalizationFieldValidationStatus\\": \\"pass\\",\\n \\"NormalizationFieldValidationReason\\": \\"OperationDenied.TheValueIsRequired\\",\\n \\"LogFieldName\\": \\"aaa\\",\\n \\"LogFieldValue\\": \\"bbb\\"\\n }\\n ]\\n}","type":"json"}]', 'title' => '校验标准化规则', 'description' => '入参JsonConfig是一个非常复杂的JSON配置，为此我们提供了辅助工具类帮助具体配置示例，请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。', ], 'GetNormalizationRule' => [ 'summary' => '获取标准化规则信息。', 'methods' => [ 'post', 'get', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '173326*******', ], ], [ 'name' => 'NormalizationRuleId', 'in' => 'formData', 'schema' => [ 'description' => '标准化规则ID。', 'type' => 'string', 'required' => false, 'example' => 'nr-z0b2ssjteut85uoh9nzp', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], 'NormalizationRule' => [ 'description' => '标准化规则。', 'type' => 'object', 'properties' => [ 'CreateTime' => [ 'description' => '创建时间。', 'type' => 'integer', 'format' => 'int64', 'example' => '1733269771123', ], 'UpdateTime' => [ 'description' => '更新时间。', 'type' => 'integer', 'format' => 'int64', 'example' => '1733269771123', ], 'NormalizationRuleId' => [ 'description' => '标准化规则ID。', 'type' => 'string', 'example' => 'nr-z0b2ssjteut85uoh9nzp', ], 'NormalizationRuleName' => [ 'description' => '标准化规则名称。', 'type' => 'string', 'example' => 'normalization_rule_Z57np', ], 'NormalizationRuleType' => [ 'description' => '标准化规则类型。取值：'."\n" .'- predefined：预定义标准化规则。'."\n" .'- custom：自定义标准化规则。'."\n", 'type' => 'string', 'example' => 'predefined', ], 'NormalizationRuleFormat' => [ 'description' => '标准化规则格式。', 'type' => 'string', 'example' => 'SPL', ], 'NormalizationRuleDescription' => [ 'description' => '标准化规则描述。', 'type' => 'string', 'example' => 'normalization_rule_Z57np', ], 'NormalizationRuleVersion' => [ 'description' => '标准化规则版本。', 'type' => 'integer', 'format' => 'int32', 'example' => 'V1', ], 'NormalizationRuleExpression' => [ 'description' => '标准化规则表达式。', 'type' => 'string', 'example' => '* | pack-fields -include=\'[\\s\\S]+\' as extend_content', ], 'NormalizationRuleStatus' => [ 'description' => '标准化规则状态。', 'type' => 'string', 'example' => 'started', ], 'NormalizationCategoryId' => [ 'description' => '标准化规则分类ID。', 'type' => 'string', 'example' => 'NETWORK_CATEGORY', ], 'NormalizationSchemaId' => [ 'description' => '标准化结构ID。', 'type' => 'string', 'example' => 'HTTP_ACTIVITY', ], 'VendorId' => [ 'description' => '标准化规则对应的厂商ID。', 'type' => 'string', 'example' => 'alibaba_cloud', ], 'ProductId' => [ 'description' => '产品ID。', 'type' => 'string', 'example' => 'alibaba_cloud_sas', ], 'NormalizationRuleMode' => [ 'description' => '标准化规则模式。取值：'."\n" .'- both'."\n" .'- scan'."\n" .'- realtime', 'type' => 'string', 'example' => 'both', ], 'ExtendContentPacked' => [ 'description' => '用于标识否将非标准字段打包到扩展字段extend_content。取值：'."\n" .'- enabled：启用。'."\n" .'- disabled：禁用。', 'type' => 'string', 'example' => 'enabled', ], 'OrderField' => [ 'description' => '规则列表排列字段。 取值：'."\n" .'- GmtModified：基于修改时间排序'."\n" .'- Id：基于规则id排序（默认）', 'type' => 'string', 'example' => 'GmtModified', ], 'NormalizationRuleIds' => [ 'description' => '标准化规则ID列表。', 'type' => 'array', 'items' => [ 'description' => '标准化规则ID列表。', 'type' => 'string', 'example' => 'nr-z0b2ssjteut85uoh9nzp', ], ], 'ExtendFieldStoreMode' => [ 'title' => '扩展字段存储模式，flat-原样接入，reject-不接入，pack-打包到extend_content字段。', 'description' => '扩展字段存储模式，flat-原样接入，reject-不接入，pack-打包到extend_content字段。', 'type' => 'string', 'example' => 'flat', ], ], ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'IdempotentParameterMismatch', 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"NormalizationRule\\": {\\n \\"CreateTime\\": 1733269771123,\\n \\"UpdateTime\\": 1733269771123,\\n \\"NormalizationRuleId\\": \\"nr-z0b2ssjteut85uoh9nzp\\",\\n \\"NormalizationRuleName\\": \\"normalization_rule_Z57np\\",\\n \\"NormalizationRuleType\\": \\"predefined\\",\\n \\"NormalizationRuleFormat\\": \\"SPL\\",\\n \\"NormalizationRuleDescription\\": \\"normalization_rule_Z57np\\",\\n \\"NormalizationRuleVersion\\": 0,\\n \\"NormalizationRuleExpression\\": \\"* | pack-fields -include=\'[\\\\\\\\s\\\\\\\\S]+\' as extend_content\\",\\n \\"NormalizationRuleStatus\\": \\"started\\",\\n \\"NormalizationCategoryId\\": \\"NETWORK_CATEGORY\\",\\n \\"NormalizationSchemaId\\": \\"HTTP_ACTIVITY\\",\\n \\"VendorId\\": \\"alibaba_cloud\\",\\n \\"ProductId\\": \\"alibaba_cloud_sas\\",\\n \\"NormalizationRuleMode\\": \\"both\\",\\n \\"ExtendContentPacked\\": \\"enabled\\",\\n \\"OrderField\\": \\"GmtModified\\",\\n \\"NormalizationRuleIds\\": [\\n \\"nr-z0b2ssjteut85uoh9nzp\\"\\n ],\\n \\"ExtendFieldStoreMode\\": \\"flat\\"\\n }\\n}","type":"json"}]', 'title' => '获取标准化规则信息', 'description' => '入参JsonConfig是一个非常复杂的JSON配置，为此我们提供了辅助工具类帮助具体配置示例，请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。', ], 'GetNormalizationSchema' => [ 'summary' => '获取标准化Schema。', 'methods' => [ 'post', 'get', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '173326*******', ], ], [ 'name' => 'NormalizationSchemaType', 'in' => 'formData', 'schema' => [ 'description' => '标准化结构类型。取值：'."\n" .'- log：日志。'."\n" .'- entity：实体。', 'type' => 'string', 'required' => false, 'example' => 'log', ], ], [ 'name' => 'NormalizationSchemaId', 'in' => 'formData', 'schema' => [ 'description' => '标准化规则分类ID。', 'type' => 'string', 'required' => false, 'example' => 'HTTP_ACTIVITY', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], 'NormalizationSchema' => [ 'description' => '标准化结构。', 'type' => 'object', 'properties' => [ 'NormalizationSchemaId' => [ 'description' => '标准化结构ID。', 'type' => 'string', 'example' => 'HTTP_ACTIVITY', ], 'NormalizationSchemaName' => [ 'description' => '标准化结构名称。', 'type' => 'string', 'example' => 'normalization_rule_Z57np', ], 'NormalizationCategoryId' => [ 'description' => '标准化规则分类ID。', 'type' => 'string', 'example' => 'NETWORK_CATEGORY', ], 'NormalizationFields' => [ 'description' => '标准化字段列表。', 'type' => 'array', 'items' => [ 'description' => '标准化字段。', 'type' => 'object', 'properties' => [ 'NormalizationFieldName' => [ 'title' => '标准字段名。', 'description' => '标准化字段名称。', 'type' => 'string', 'example' => 'cloud_user', ], 'NormalizationFieldType' => [ 'title' => '标准字段类型，支持text、long、double、json四种类型。', 'description' => '标准化字段类型。取值：'."\n" .'- varchar'."\n" .'- bigint'."\n" .'- double', 'type' => 'string', 'example' => 'varchar', ], 'NormalizationFieldRequired' => [ 'title' => '是否为必填字段', 'description' => '是否为必填字段', 'type' => 'boolean', ], 'NormalizationFieldDescription' => [ 'title' => '标准字段描述。', 'description' => '标准化字段描述。', 'type' => 'string', 'example' => 'cloud_user', ], 'NormalizationFieldExample' => [ 'title' => '标准字段示例。', 'description' => '标准化字段样例。', 'type' => 'string', 'example' => '173326*******', ], 'NormalizationFieldReserved' => [ 'title' => '是否是系统内置的标准字段名。', 'description' => '标准化字段是否保留。', 'type' => 'boolean', 'example' => 'true', ], 'NormalizationFieldFrom' => [ 'title' => '标准字段来源，preset-内置，custom-自定义。', 'description' => '标准字段来源，preset-内置，custom-自定义。', 'type' => 'string', 'example' => 'preset', ], 'NormalizationFieldTokenize' => [ 'title' => '标准字段是否分词。', 'description' => '标准字段是否分词。', 'type' => 'boolean', ], 'NormalizationFieldJsonIndexAll' => [ 'title' => 'json类型的标准字段是否针对所有key建立索引。', 'description' => 'json类型的标准字段是否针对所有key建立索引。', 'type' => 'boolean', ], 'NormalizationFieldJsonKeys' => [ 'title' => 'json类型的标准字段key列表。', 'description' => 'json类型的标准字段key列表。', 'type' => 'array', 'items' => [ 'title' => 'json类型的标准字段key。', 'description' => 'json类型的标准字段key。', 'type' => 'object', 'properties' => [ 'NormalizationFieldName' => [ 'title' => 'json类型的标准字段key名称。', 'description' => 'json类型的标准字段key名称。', 'type' => 'string', 'example' => 'cloud_code', ], 'NormalizationFieldType' => [ 'title' => 'json类型的标准字段key类型。', 'description' => 'json类型的标准字段key类型。', 'type' => 'string', 'example' => 'varchar', ], 'NormalizationFieldRequired' => [ 'title' => 'json类型的标准字段key是否必填。', 'description' => 'json类型的标准字段key是否必填。', 'type' => 'boolean', ], 'NormalizationFieldDescription' => [ 'title' => 'json类型的标准字段key描述。', 'description' => 'json类型的标准字段key描述。', 'type' => 'string', 'example' => '云code，枚举值：\\n
● alibaba_cloud\\n
● huawei_cloud\\n
● tencent_cloud', ], 'NormalizationFieldExample' => [ 'title' => 'json类型的标准字段key示例。', 'description' => 'json类型的标准字段key示例。', 'type' => 'string', 'example' => 'alibaba_cloud', ], 'NormalizationFieldFrom' => [ 'title' => 'json类型的标准字段key来源。', 'description' => 'json类型的标准字段key来源。', 'type' => 'string', 'example' => 'preset', ], 'NormalizationFieldTokenize' => [ 'title' => 'json类型的标准字段key是否分词。', 'description' => 'json类型的标准字段key是否分词。', 'type' => 'boolean', ], 'NormalizationFieldReserved' => [ 'title' => '是否是系统内置的标准字段名。', 'description' => '是否是系统内置的标准字段名。', 'type' => 'boolean', ], 'CreateTime' => [ 'title' => '创建时间。', 'description' => '创建时间。', 'type' => 'integer', 'format' => 'int64', 'example' => '1736386610000', ], 'UpdateTime' => [ 'title' => '更新时间。', 'description' => '更新时间。', 'type' => 'integer', 'format' => 'int64', 'example' => '1736386610000', ], ], ], ], 'CreateTime' => [ 'title' => '创建时间。', 'description' => '创建时间。', 'type' => 'integer', 'format' => 'int64', 'example' => '1736386610000', ], 'UpdateTime' => [ 'title' => '更新时间。', 'description' => '更新时间。', 'type' => 'integer', 'format' => 'int64', 'example' => '1736386610000', ], 'NormalizationFieldRequirement' => [ 'description' => '标准化字段是否必填。', 'type' => 'boolean', 'example' => 'true', ], ], ], ], 'TargetLogStore' => [ 'title' => '日志服务 LogStore。', 'description' => '日志服务LogStore。', 'type' => 'string', 'example' => 'network-activity', ], 'TargetStoreView' => [ 'title' => '日志服务 StoreView。', 'description' => '日志服务StoreView。', 'type' => 'string', 'example' => 'network_activity', ], 'NormalizationSchemaType' => [ 'title' => '标准结构类型，preset-预定义，custom-自定义', 'description' => '标准化结构类型。取值：'."\n" .'- log'."\n" .'- entity'."\n" .'- incident', 'type' => 'string', 'example' => 'log', ], 'UpdateTime' => [ 'title' => '更新时间。', 'description' => '更新时间。', 'type' => 'integer', 'format' => 'int64', 'example' => '1733269771123', ], 'CreateTime' => [ 'title' => '创建时间。', 'description' => '创建时间。', 'type' => 'integer', 'format' => 'int64', 'example' => '1733269771123', ], 'NormalizationSchemaReferences' => [ 'title' => '标准化结构引用列表。', 'description' => '标准化结构引用列表。', 'type' => 'array', 'items' => [ 'title' => '标准化结构引用。', 'description' => '标准化结构引用。', 'type' => 'object', 'properties' => [ 'NormalizationRuleId' => [ 'title' => '标准化规则ID。', 'description' => '标准化规则ID。', 'type' => 'string', 'example' => 'alibaba_cloud_cfw_flow_rule', ], ], ], ], 'NormalizationSchemaFrom' => [ 'title' => '标准化结构来源：preset-预定义，custom-自定义。', 'description' => '标准化结构来源：preset-预定义，custom-自定义。', 'type' => 'string', 'example' => 'preset', ], 'NormalizationSchemaDescription' => [ 'title' => '标准化结构描述。', 'description' => '标准化结构描述。', 'type' => 'string', 'example' => '网络五元组日志', ], ], ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'IdempotentParameterMismatch', 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"NormalizationSchema\\": {\\n \\"NormalizationSchemaId\\": \\"HTTP_ACTIVITY\\",\\n \\"NormalizationSchemaName\\": \\"normalization_rule_Z57np\\",\\n \\"NormalizationCategoryId\\": \\"NETWORK_CATEGORY\\",\\n \\"NormalizationFields\\": [\\n {\\n \\"NormalizationFieldName\\": \\"cloud_user\\",\\n \\"NormalizationFieldType\\": \\"varchar\\",\\n \\"NormalizationFieldRequired\\": true,\\n \\"NormalizationFieldDescription\\": \\"cloud_user\\",\\n \\"NormalizationFieldExample\\": \\"173326*******\\",\\n \\"NormalizationFieldReserved\\": true,\\n \\"NormalizationFieldFrom\\": \\"preset\\",\\n \\"NormalizationFieldTokenize\\": true,\\n \\"NormalizationFieldJsonIndexAll\\": true,\\n \\"NormalizationFieldJsonKeys\\": [\\n {\\n \\"NormalizationFieldName\\": \\"cloud_code\\",\\n \\"NormalizationFieldType\\": \\"varchar\\",\\n \\"NormalizationFieldRequired\\": true,\\n \\"NormalizationFieldDescription\\": \\"云code，枚举值：\\\\\\\\n
● alibaba_cloud\\\\\\\\n
● huawei_cloud\\\\\\\\n
● tencent_cloud\\",\\n \\"NormalizationFieldExample\\": \\"alibaba_cloud\\",\\n \\"NormalizationFieldFrom\\": \\"preset\\",\\n \\"NormalizationFieldTokenize\\": true,\\n \\"NormalizationFieldReserved\\": true,\\n \\"CreateTime\\": 1736386610000,\\n \\"UpdateTime\\": 1736386610000\\n }\\n ],\\n \\"CreateTime\\": 1736386610000,\\n \\"UpdateTime\\": 1736386610000,\\n \\"NormalizationFieldRequirement\\": true\\n }\\n ],\\n \\"TargetLogStore\\": \\"network-activity\\",\\n \\"TargetStoreView\\": \\"network_activity\\",\\n \\"NormalizationSchemaType\\": \\"log\\",\\n \\"UpdateTime\\": 1733269771123,\\n \\"CreateTime\\": 1733269771123,\\n \\"NormalizationSchemaReferences\\": [\\n {\\n \\"NormalizationRuleId\\": \\"alibaba_cloud_cfw_flow_rule\\"\\n }\\n ],\\n \\"NormalizationSchemaFrom\\": \\"preset\\",\\n \\"NormalizationSchemaDescription\\": \\"网络五元组日志\\"\\n }\\n}","type":"json"}]', 'title' => '获取标准化Schema', 'description' => '入参JsonConfig是一个非常复杂的JSON配置，为此我们提供了辅助工具类帮助具体配置示例，请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。', ], 'GetNormalizationRuleVersion' => [ 'summary' => '获取标准化规则版本信息。', 'methods' => [ 'post', 'get', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '173326*******', ], ], [ 'name' => 'NormalizationRuleId', 'in' => 'formData', 'schema' => [ 'description' => '标准化规则ID。', 'type' => 'string', 'required' => false, 'example' => 'nr-z0b2ssjteut85uoh9nzp', ], ], [ 'name' => 'NormalizationRuleVersion', 'in' => 'formData', 'schema' => [ 'description' => '标准化规则版本。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], 'NormalizationRuleVersion' => [ 'description' => '标准化规则版本。', 'type' => 'object', 'properties' => [ 'CreateTime' => [ 'description' => '创建时间。', 'type' => 'integer', 'format' => 'int64', 'example' => '1733269771123', ], 'UpdateTime' => [ 'description' => '更新时间。', 'type' => 'integer', 'format' => 'int64', 'example' => '1733269771123', ], 'NormalizationRuleId' => [ 'description' => '标准化规则ID。', 'type' => 'string', 'example' => 'nr-z0b2ssjteut85uoh9nzp', ], 'NormalizationRuleName' => [ 'description' => '标准化规则名称。', 'type' => 'string', 'example' => 'normalization_rule_Z57np', ], 'NormalizationRuleType' => [ 'description' => '标准化规则类型。取值：'."\n" .'- predefined：预定义标准化规则。'."\n" .'- custom：自定义标准化规则。', 'type' => 'string', 'example' => 'predefined', ], 'NormalizationRuleFormat' => [ 'description' => '标准化规则格式。', 'type' => 'string', 'example' => 'SPL', ], 'NormalizationRuleDescription' => [ 'description' => '标准化规则描述。', 'type' => 'string', 'example' => 'normalization_rule_Z57np', ], 'NormalizationRuleVersion' => [ 'description' => '标准化规则版本。', 'type' => 'integer', 'format' => 'int32', 'example' => 'V1', ], 'NormalizationRuleExpression' => [ 'description' => '标准化规则表达式。', 'type' => 'string', 'example' => '* | pack-fields -include=\'[\\s\\S]+\' as extend_content', ], 'NormalizationRuleStatus' => [ 'description' => '标准化规则状态。', 'type' => 'string', 'example' => 'started', ], 'NormalizationCategoryId' => [ 'description' => '标准化规则分类ID。', 'type' => 'string', 'example' => 'NETWORK_CATEGORY', ], 'NormalizationSchemaId' => [ 'description' => '标准化结构ID。', 'type' => 'string', 'example' => 'HTTP_ACTIVITY', ], 'VendorId' => [ 'description' => '标准化规则对应的厂商ID。', 'type' => 'string', 'example' => 'alibaba_cloud', ], 'ProductId' => [ 'description' => '产品ID。', 'type' => 'string', 'example' => 'alibaba_cloud_sas', ], 'NormalizationRuleVersionName' => [ 'description' => '标准化规则版本名称。', 'type' => 'string', 'example' => 'v1', ], 'RegionId' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'example' => 'cn-hangzhou', ], ], ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'IdempotentParameterMismatch', 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"NormalizationRuleVersion\\": {\\n \\"CreateTime\\": 1733269771123,\\n \\"UpdateTime\\": 1733269771123,\\n \\"NormalizationRuleId\\": \\"nr-z0b2ssjteut85uoh9nzp\\",\\n \\"NormalizationRuleName\\": \\"normalization_rule_Z57np\\",\\n \\"NormalizationRuleType\\": \\"predefined\\",\\n \\"NormalizationRuleFormat\\": \\"SPL\\",\\n \\"NormalizationRuleDescription\\": \\"normalization_rule_Z57np\\",\\n \\"NormalizationRuleVersion\\": 0,\\n \\"NormalizationRuleExpression\\": \\"* | pack-fields -include=\'[\\\\\\\\s\\\\\\\\S]+\' as extend_content\\",\\n \\"NormalizationRuleStatus\\": \\"started\\",\\n \\"NormalizationCategoryId\\": \\"NETWORK_CATEGORY\\",\\n \\"NormalizationSchemaId\\": \\"HTTP_ACTIVITY\\",\\n \\"VendorId\\": \\"alibaba_cloud\\",\\n \\"ProductId\\": \\"alibaba_cloud_sas\\",\\n \\"NormalizationRuleVersionName\\": \\"v1\\",\\n \\"RegionId\\": \\"cn-hangzhou\\"\\n }\\n}","type":"json"}]', 'title' => '获取标准化规则版本信息', 'description' => '入参JsonConfig是一个非常复杂的JSON配置，为此我们提供了辅助工具类帮助具体配置示例，请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。', ], 'DeleteNormalizationRuleVersion' => [ 'summary' => '删除标准化规则版本。', 'methods' => [ 'post', 'get', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'delete', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '173326*******', ], ], [ 'name' => 'NormalizationRuleId', 'in' => 'formData', 'schema' => [ 'description' => '标准化规则ID。', 'type' => 'string', 'required' => false, 'example' => 'nr-z0b2ssjteut85uoh9nzp', ], ], [ 'name' => 'NormalizationRuleVersion', 'in' => 'formData', 'schema' => [ 'description' => '标准化规则版本。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'IdempotentParameterMismatch', 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', 'title' => '删除标准化规则版本', 'description' => '入参JsonConfig是一个非常复杂的JSON配置，为此我们提供了辅助工具类帮助具体配置示例，请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。', ], 'SetDefaultNormalizationRuleVersion' => [ 'summary' => '设置标准化规则默认版本。', 'methods' => [ 'post', 'get', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'none', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '173326*******', ], ], [ 'name' => 'NormalizationRuleVersion', 'in' => 'formData', 'schema' => [ 'description' => '标准化规则版本。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => 'V1', ], ], [ 'name' => 'NormalizationRuleId', 'in' => 'formData', 'schema' => [ 'description' => '标准化规则ID。', 'type' => 'string', 'required' => false, 'example' => 'nr-z0b2ssjteut85uoh9nzp', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], 'NormalizationRuleVersion' => [ 'description' => '标准化规则版本。', 'type' => 'object', 'properties' => [ 'CreateTime' => [ 'description' => '创建时间。', 'type' => 'integer', 'format' => 'int64', 'example' => '1733269771123', ], 'UpdateTime' => [ 'description' => '更新时间。', 'type' => 'integer', 'format' => 'int64', 'example' => '1733269771123', ], 'NormalizationRuleId' => [ 'description' => '标准化规则ID。', 'type' => 'string', 'example' => 'nr-z0b2ssjteut85uoh9nzp', ], 'NormalizationRuleName' => [ 'description' => '标准化规则名称。', 'type' => 'string', 'example' => 'normalization_rule_Z57np', ], 'NormalizationRuleType' => [ 'description' => '标准化规则类型。取值：'."\n" .'- predefined：预定义标准化规则。'."\n" .'- custom：自定义标准化规则。', 'type' => 'string', 'example' => 'predefined', ], 'NormalizationRuleFormat' => [ 'description' => '标准化规则格式。', 'type' => 'string', 'example' => 'SPL', ], 'NormalizationRuleDescription' => [ 'description' => '标准化规则描述。', 'type' => 'string', 'example' => 'normalization_rule_Z57np', ], 'NormalizationRuleVersion' => [ 'description' => '标准化规则当前版本。', 'type' => 'integer', 'format' => 'int32', 'example' => 'V1', ], 'NormalizationRuleExpression' => [ 'description' => '标准化规则表达式。', 'type' => 'string', 'example' => '* | pack-fields -include=\'[\\s\\S]+\' as extend_content', ], 'NormalizationRuleStatus' => [ 'description' => '标准化规则状态。', 'type' => 'string', 'example' => 'started', ], 'NormalizationCategoryId' => [ 'description' => '标准化规则分类ID。', 'type' => 'string', 'example' => 'NETWORK_CATEGORY', ], 'NormalizationSchemaId' => [ 'description' => '标准化结构ID。', 'type' => 'string', 'example' => 'HTTP_ACTIVITY', ], 'VendorId' => [ 'description' => '标准化规则对应的厂商ID。', 'type' => 'string', 'example' => 'alibaba_cloud', ], 'ProductId' => [ 'description' => '产品ID。', 'type' => 'string', 'example' => 'alibaba_cloud_sas', ], ], ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'IdempotentParameterMismatch', 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"NormalizationRuleVersion\\": {\\n \\"CreateTime\\": 1733269771123,\\n \\"UpdateTime\\": 1733269771123,\\n \\"NormalizationRuleId\\": \\"nr-z0b2ssjteut85uoh9nzp\\",\\n \\"NormalizationRuleName\\": \\"normalization_rule_Z57np\\",\\n \\"NormalizationRuleType\\": \\"predefined\\",\\n \\"NormalizationRuleFormat\\": \\"SPL\\",\\n \\"NormalizationRuleDescription\\": \\"normalization_rule_Z57np\\",\\n \\"NormalizationRuleVersion\\": 0,\\n \\"NormalizationRuleExpression\\": \\"* | pack-fields -include=\'[\\\\\\\\s\\\\\\\\S]+\' as extend_content\\",\\n \\"NormalizationRuleStatus\\": \\"started\\",\\n \\"NormalizationCategoryId\\": \\"NETWORK_CATEGORY\\",\\n \\"NormalizationSchemaId\\": \\"HTTP_ACTIVITY\\",\\n \\"VendorId\\": \\"alibaba_cloud\\",\\n \\"ProductId\\": \\"alibaba_cloud_sas\\"\\n }\\n}","type":"json"}]', 'title' => '设置标准化规则默认版本', 'description' => '发送通知有频率和时间的限定。'."\n" .'每天每个用户在08:00-20:00点最多收到两次通知，其余时间不会发送。', ], 'ListNormalizationRuleVersions' => [ 'summary' => '获取标准化规则版本列表。', 'methods' => [ 'post', 'get', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'list', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '173326*******', ], ], [ 'name' => 'NormalizationRuleId', 'in' => 'formData', 'schema' => [ 'description' => '标准化规则ID。', 'type' => 'string', 'required' => false, 'example' => 'nr-z0b2ssjteut85uoh9nzp', ], ], [ 'name' => 'MaxResults', 'in' => 'formData', 'schema' => [ 'description' => '本次读取的最大数据量。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'minimum' => '0', 'example' => '50', ], ], [ 'name' => 'NextToken', 'in' => 'formData', 'schema' => [ 'description' => '是否拥有下一次查询的令牌（Token）。取值：第一次查询和没有下一次查询时，均无需填写。如果有下一次查询，取值为上一次API调用返回的NextToken值。', 'type' => 'string', 'required' => false, 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], 'NormalizationRuleVersions' => [ 'description' => '标准化规则版本列表。', 'type' => 'array', 'items' => [ 'description' => '标准化规则版本。', 'type' => 'object', 'properties' => [ 'CreateTime' => [ 'description' => '创建时间。', 'type' => 'integer', 'format' => 'int64', 'example' => '1733269771123', ], 'UpdateTime' => [ 'description' => '更新时间。', 'type' => 'integer', 'format' => 'int64', 'example' => '1733269771123', ], 'NormalizationRuleId' => [ 'description' => '标准化规则ID。', 'type' => 'string', 'example' => 'nr-z0b2ssjteut85uoh9nzp', ], 'NormalizationRuleVersion' => [ 'description' => '标准化规则版本。', 'type' => 'integer', 'format' => 'int32', 'example' => 'V1', ], 'NormalizationRuleExpression' => [ 'description' => '标准化规则表达式。', 'type' => 'string', 'example' => '* | pack-fields -include=\'[\\s\\S]+\' as extend_content', ], ], ], ], 'MaxResults' => [ 'description' => '本次读取的最大数据量。', 'type' => 'integer', 'format' => 'int32', 'example' => '50', ], 'NextToken' => [ 'description' => '是否拥有下一次查询的令牌（Token）。取值：第一次查询和没有下一次查询时，均无需填写。如果有下一次查询，取值为上一次API调用返回的NextToken值。', 'type' => 'string', 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****', ], 'TotalCount' => [ 'description' => '记录总数。', 'type' => 'integer', 'format' => 'int32', 'example' => '57', ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'IdempotentParameterMismatch', 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"NormalizationRuleVersions\\": [\\n {\\n \\"CreateTime\\": 1733269771123,\\n \\"UpdateTime\\": 1733269771123,\\n \\"NormalizationRuleId\\": \\"nr-z0b2ssjteut85uoh9nzp\\",\\n \\"NormalizationRuleVersion\\": 0,\\n \\"NormalizationRuleExpression\\": \\"* | pack-fields -include=\'[\\\\\\\\s\\\\\\\\S]+\' as extend_content\\"\\n }\\n ],\\n \\"MaxResults\\": 50,\\n \\"NextToken\\": \\"AAAAAUqcj6VO4E3ECWIrFczs****\\",\\n \\"TotalCount\\": 57\\n}","type":"json"}]', 'title' => '获取标准化规则版本列表', 'description' => '入参JsonConfig是一个非常复杂的JSON配置，为此我们提供了辅助工具类帮助具体配置示例，请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。', ], 'ListNormalizationRules' => [ 'summary' => '获取标准化规则列表。', 'methods' => [ 'post', 'get', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'list', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '173326*******', ], ], [ 'name' => 'NormalizationRuleIds', 'in' => 'formData', 'style' => 'simple', 'schema' => [ 'description' => '标准化规则ID列表。', 'type' => 'array', 'items' => [ 'description' => '标准化规则ID。', 'type' => 'string', 'required' => false, 'example' => 'nr-z0b2ssjteut85uoh9nzp', ], 'required' => false, ], ], [ 'name' => 'NormalizationRuleName', 'in' => 'formData', 'schema' => [ 'description' => '标准化规则名称。', 'type' => 'string', 'required' => false, 'example' => 'normalization_rule_Z57np', ], ], [ 'name' => 'NormalizationRuleType', 'in' => 'formData', 'schema' => [ 'description' => '标准化规则类型。取值：'."\n" .'- predefined：预定义标准化规则。'."\n" .'- custom：自定义标准化规则。', 'type' => 'string', 'required' => false, 'example' => 'predefined', ], ], [ 'name' => 'NormalizationCategoryId', 'in' => 'formData', 'schema' => [ 'description' => '标准化规则分类ID。', 'type' => 'string', 'required' => false, 'example' => 'NETWORK_CATEGORY', ], ], [ 'name' => 'NormalizationSchemaId', 'in' => 'formData', 'schema' => [ 'description' => '标准化结构ID。', 'type' => 'string', 'required' => false, 'example' => 'HTTP_ACTIVITY', ], ], [ 'name' => 'VendorId', 'in' => 'formData', 'schema' => [ 'description' => '标准化规则对应的厂商ID。', 'type' => 'string', 'required' => false, 'example' => 'alibaba_cloud', ], ], [ 'name' => 'ProductId', 'in' => 'formData', 'schema' => [ 'description' => '产品ID。', 'type' => 'string', 'required' => false, 'example' => 'alibaba_cloud_sas', ], ], [ 'name' => 'PageNumber', 'in' => 'formData', 'schema' => [ 'description' => '分页参数：当前页码。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '3', ], ], [ 'name' => 'PageSize', 'in' => 'formData', 'schema' => [ 'description' => '分页参数：每页显示条数。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '10', ], ], [ 'name' => 'OrderField', 'in' => 'formData', 'schema' => [ 'description' => '排序字段。', 'type' => 'string', 'required' => false, 'example' => 'UpdateTime', ], ], [ 'name' => 'OrderType', 'in' => 'formData', 'schema' => [ 'description' => '排序类型。取值：'."\n" .'- desc'."\n" .'- asc', 'type' => 'string', 'required' => false, 'example' => 'desc', ], ], [ 'name' => 'MaxResults', 'in' => 'formData', 'schema' => [ 'description' => '本次读取的最大数据量。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'minimum' => '0', 'example' => '50', ], ], [ 'name' => 'NextToken', 'in' => 'formData', 'schema' => [ 'description' => '是否拥有下一次查询的令牌（Token）。取值：第一次查询和没有下一次查询时，均无需填写。如果有下一次查询，取值为上一次API调用返回的NextToken值。', 'type' => 'string', 'required' => false, 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], 'NormalizationRules' => [ 'description' => '标准化规则列表。', 'type' => 'array', 'items' => [ 'description' => '标准化规则。', 'type' => 'object', 'properties' => [ 'CreateTime' => [ 'description' => '创建时间。', 'type' => 'integer', 'format' => 'int64', 'example' => '1733269771123', ], 'UpdateTime' => [ 'description' => '更新时间。', 'type' => 'integer', 'format' => 'int64', 'example' => '1733269771123', ], 'NormalizationRuleId' => [ 'description' => '标准化规则ID。', 'type' => 'string', 'example' => 'nr-z0b2ssjteut85uoh9nzp', ], 'NormalizationRuleName' => [ 'description' => '标准化规则名称。', 'type' => 'string', 'example' => 'normalization_rule_Z57np', ], 'NormalizationRuleType' => [ 'description' => '标准化规则类型。取值：'."\n" .'- predefined：预定义标准化规则。'."\n" .'- custom：自定义标准化规则。'."\n", 'type' => 'string', 'example' => 'predefined', ], 'NormalizationRuleFormat' => [ 'description' => '标准化规则格式。', 'type' => 'string', 'example' => 'SPL', ], 'NormalizationRuleDescription' => [ 'description' => '标准化规则描述。', 'type' => 'string', 'example' => 'normalization_rule_Z57np', ], 'NormalizationRuleVersion' => [ 'description' => '标准化规则当前版本。', 'type' => 'string', 'example' => 'V1', ], 'NormalizationRuleExpression' => [ 'description' => '标准化规则表达式。', 'type' => 'string', 'example' => '* | pack-fields -include=\'[\\s\\S]+\' as extend_content', ], 'NormalizationRuleStatus' => [ 'description' => '标准化规则状态。', 'type' => 'string', 'example' => 'started', ], 'NormalizationCategoryId' => [ 'description' => '标准化规则分类ID。', 'type' => 'string', 'example' => 'NETWORK_CATEGORY', ], 'NormalizationSchemaId' => [ 'description' => '标准化结构ID。', 'type' => 'string', 'example' => 'HTTP_ACTIVITY', ], 'VendorId' => [ 'description' => '标准化规则对应的厂商ID。', 'type' => 'string', 'example' => 'alibaba_cloud', ], 'ProductId' => [ 'description' => '产品ID。'."\n" ."\n", 'type' => 'string', 'example' => 'alibaba_cloud_sas', ], 'NormalizationRuleReferences' => [ 'description' => '关联的接入策略列表。', 'type' => 'array', 'items' => [ 'description' => '关联的接入策略。', 'type' => 'object', 'properties' => [ 'DataIngestionId' => [ 'description' => '数据接入ID。', 'type' => 'string', 'example' => 'alibaba_cloud_bot_flow_ingestion_173326*******', ], ], ], ], 'NormalizationRuleMode' => [ 'description' => '标准化规则模式。取值：'."\n" .'- both'."\n" .'- scan'."\n" .'- realtime', 'type' => 'string', 'example' => 'both', ], 'ExtendContentPacked' => [ 'description' => '用于标识否将非标准字段打包到扩展字段extend_content。取值：'."\n" .'- enabled：启用。'."\n" .'- disabled：禁用。', 'type' => 'string', 'example' => 'enabled', ], 'ExtendFieldStoreMode' => [ 'title' => '扩展字段存储模式，flat-原样接入，reject-不接入，pack-打包到extend_content字段。', 'description' => '扩展字段存储模式，flat-原样接入，reject-不接入，pack-打包到extend_content字段。', 'type' => 'string', 'example' => 'flat', ], ], ], ], 'PageNumber' => [ 'description' => '分页参数：当前页码。', 'type' => 'integer', 'format' => 'int32', 'example' => '1', ], 'PageSize' => [ 'description' => '分页参数：每页显示条数。', 'type' => 'integer', 'format' => 'int32', 'example' => '2', ], 'TotalCount' => [ 'description' => '记录总数。', 'type' => 'integer', 'format' => 'int32', 'example' => '5', ], 'TotalPage' => [ 'description' => '总页数。', 'type' => 'integer', 'format' => 'int32', 'example' => '1', ], 'MaxResults' => [ 'description' => '本次读取的最大数据量。', 'type' => 'integer', 'format' => 'int32', 'example' => '50', ], 'NextToken' => [ 'description' => '是否拥有下一次查询的令牌（Token）。取值：第一次查询和没有下一次查询时，均无需填写。如果有下一次查询，取值为上一次API调用返回的NextToken值。', 'type' => 'string', 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****', ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'IdempotentParameterMismatch', 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"NormalizationRules\\": [\\n {\\n \\"CreateTime\\": 1733269771123,\\n \\"UpdateTime\\": 1733269771123,\\n \\"NormalizationRuleId\\": \\"nr-z0b2ssjteut85uoh9nzp\\",\\n \\"NormalizationRuleName\\": \\"normalization_rule_Z57np\\",\\n \\"NormalizationRuleType\\": \\"predefined\\",\\n \\"NormalizationRuleFormat\\": \\"SPL\\",\\n \\"NormalizationRuleDescription\\": \\"normalization_rule_Z57np\\",\\n \\"NormalizationRuleVersion\\": \\"V1\\",\\n \\"NormalizationRuleExpression\\": \\"* | pack-fields -include=\'[\\\\\\\\s\\\\\\\\S]+\' as extend_content\\",\\n \\"NormalizationRuleStatus\\": \\"started\\",\\n \\"NormalizationCategoryId\\": \\"NETWORK_CATEGORY\\",\\n \\"NormalizationSchemaId\\": \\"HTTP_ACTIVITY\\",\\n \\"VendorId\\": \\"alibaba_cloud\\",\\n \\"ProductId\\": \\"alibaba_cloud_sas\\",\\n \\"NormalizationRuleReferences\\": [\\n {\\n \\"DataIngestionId\\": \\"alibaba_cloud_bot_flow_ingestion_173326*******\\"\\n }\\n ],\\n \\"NormalizationRuleMode\\": \\"both\\",\\n \\"ExtendContentPacked\\": \\"enabled\\",\\n \\"ExtendFieldStoreMode\\": \\"flat\\"\\n }\\n ],\\n \\"PageNumber\\": 1,\\n \\"PageSize\\": 2,\\n \\"TotalCount\\": 5,\\n \\"TotalPage\\": 1,\\n \\"MaxResults\\": 50,\\n \\"NextToken\\": \\"AAAAAUqcj6VO4E3ECWIrFczs****\\"\\n}","type":"json"}]', 'title' => '获取标准化规则列表', 'description' => '发送通知有频率和时间的限定。'."\n" .'每天每个用户在08:00-20:00点最多收到两次通知，其余时间不会发送。', ], 'ListNormalizationFields' => [ 'summary' => '获取标准化字段列表。', 'methods' => [ 'post', 'get', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'list', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '173326*******', ], ], [ 'name' => 'Name', 'in' => 'formData', 'schema' => [ 'description' => '字段名称。', 'type' => 'string', 'required' => false, 'example' => 'category', ], ], [ 'name' => 'MaxResults', 'in' => 'formData', 'schema' => [ 'description' => '本次读取的最大数据量。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'minimum' => '0', 'example' => '50', ], ], [ 'name' => 'NextToken', 'in' => 'formData', 'schema' => [ 'description' => '是否拥有下一次查询的令牌（Token）。取值：第一次查询和没有下一次查询时，均无需填写。如果有下一次查询，取值为上一次API调用返回的NextToken值。', 'type' => 'string', 'required' => false, 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], 'NormalizationFields' => [ 'description' => '标准化字段列表。', 'type' => 'array', 'items' => [ 'description' => '标准化字段。', 'type' => 'object', 'properties' => [ 'NormalizationFieldName' => [ 'description' => '标准化字段名称。', 'type' => 'string', 'example' => 'cloud_user', ], 'NormalizationFieldType' => [ 'description' => '标准化字段类型。取值：'."\n" .'- varchar'."\n" .'- bigint'."\n" .'- double', 'type' => 'string', 'example' => 'varchar', ], 'NormalizationFieldRequired' => [ 'title' => '标准字段key是否必填。', 'description' => '标准字段key是否必填。', 'type' => 'boolean', ], 'NormalizationFieldDescription' => [ 'description' => '标准化字段描述。', 'type' => 'string', 'example' => 'cloud_user', ], 'NormalizationFieldExample' => [ 'description' => '标准化字段样例。', 'type' => 'string', 'example' => '173326*******', ], 'NormalizationCategoryId' => [ 'description' => '标准化类目ID。', 'type' => 'string', 'example' => 'NETWORK_CATEGORY', ], 'NormalizationSchemaId' => [ 'description' => '标准化结构ID。', 'type' => 'string', 'example' => 'NETWORK_SESSION_ACTIVITY', ], 'NormalizationFieldReserved' => [ 'description' => '标准化字段是否保留。', 'type' => 'boolean', 'example' => 'true', ], 'NormalizationFieldFrom' => [ 'title' => 'json类型的标准字段key来源。', 'description' => 'json类型的标准字段key来源。', 'type' => 'string', 'example' => 'preset', ], 'NormalizationFieldTokenize' => [ 'title' => '标准字段是否分词。', 'description' => '标准字段是否分词。', 'type' => 'boolean', ], 'NormalizationFieldJsonIndexAll' => [ 'title' => 'json类型的标准字段是否针对所有key建立索引。', 'description' => 'json类型的标准字段是否针对所有key建立索引。', 'type' => 'boolean', ], 'NormalizationFieldJsonKeys' => [ 'title' => 'json类型的标准字段key列表。', 'description' => 'json类型的标准字段key列表。', 'type' => 'array', 'items' => [ 'title' => 'json类型的标准字段key。', 'description' => 'json类型的标准字段key。', 'type' => 'object', 'properties' => [ 'NormalizationFieldName' => [ 'title' => 'json类型的标准字段key名称。', 'description' => 'json类型的标准字段key名称。', 'type' => 'string', 'example' => 'alert_level', ], 'NormalizationFieldType' => [ 'title' => 'json类型的标准字段key类型。', 'description' => 'json类型的标准字段key类型。', 'type' => 'string', 'example' => 'text', ], 'NormalizationFieldRequired' => [ 'title' => 'json类型的标准字段key是否必填。', 'description' => 'json类型的标准字段key是否必填。', 'type' => 'boolean', ], 'NormalizationFieldDescription' => [ 'title' => 'json类型的标准字段key描述。', 'description' => 'json类型的标准字段key描述。', 'type' => 'string', 'example' => 'alert_level', ], 'NormalizationFieldExample' => [ 'title' => 'json类型的标准字段key示例。', 'description' => 'json类型的标准字段key示例。', 'type' => 'string', 'example' => '1', ], 'NormalizationFieldFrom' => [ 'title' => 'json类型的标准字段key来源。', 'description' => 'json类型的标准字段key来源。', 'type' => 'string', 'example' => 'preset', ], 'NormalizationFieldTokenize' => [ 'title' => 'json类型的标准字段key是否分词。', 'description' => 'json类型的标准字段key是否分词。', 'type' => 'boolean', ], 'NormalizationFieldReserved' => [ 'title' => '是否是系统内置的标准字段key。', 'description' => '是否是系统内置的标准字段key。', 'type' => 'boolean', ], 'CreateTime' => [ 'title' => '创建时间。', 'description' => '创建时间。', 'type' => 'integer', 'format' => 'int64', 'example' => '1736386610000', ], 'UpdateTime' => [ 'title' => '更新时间。', 'description' => '更新时间。', 'type' => 'integer', 'format' => 'int64', 'example' => '1736386610000', ], ], ], ], 'CreateTime' => [ 'title' => '创建时间。', 'description' => '创建时间。', 'type' => 'integer', 'format' => 'int64', 'example' => '1736386610000', ], 'UpdateTime' => [ 'title' => '更新时间。', 'description' => '更新时间。', 'type' => 'integer', 'format' => 'int64', 'example' => '1736386610000', ], 'NormalizationFieldRequirement' => [ 'description' => '标准化字段是否必填。', 'type' => 'boolean', 'example' => 'true', ], ], ], ], 'MaxResults' => [ 'description' => '本次读取的最大数据量。', 'type' => 'integer', 'format' => 'int32', 'example' => '50', ], 'NextToken' => [ 'description' => '是否拥有下一次查询的令牌（Token）。取值：第一次查询和没有下一次查询时，均无需填写。如果有下一次查询，取值为上一次API调用返回的NextToken值。', 'type' => 'string', 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****', ], 'TotalCount' => [ 'description' => '记录总数。', 'type' => 'integer', 'format' => 'int32', 'example' => '57', ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'IdempotentParameterMismatch', 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"NormalizationFields\\": [\\n {\\n \\"NormalizationFieldName\\": \\"cloud_user\\",\\n \\"NormalizationFieldType\\": \\"varchar\\",\\n \\"NormalizationFieldRequired\\": true,\\n \\"NormalizationFieldDescription\\": \\"cloud_user\\",\\n \\"NormalizationFieldExample\\": \\"173326*******\\",\\n \\"NormalizationCategoryId\\": \\"NETWORK_CATEGORY\\",\\n \\"NormalizationSchemaId\\": \\"NETWORK_SESSION_ACTIVITY\\",\\n \\"NormalizationFieldReserved\\": true,\\n \\"NormalizationFieldFrom\\": \\"preset\\",\\n \\"NormalizationFieldTokenize\\": true,\\n \\"NormalizationFieldJsonIndexAll\\": true,\\n \\"NormalizationFieldJsonKeys\\": [\\n {\\n \\"NormalizationFieldName\\": \\"alert_level\\",\\n \\"NormalizationFieldType\\": \\"text\\",\\n \\"NormalizationFieldRequired\\": true,\\n \\"NormalizationFieldDescription\\": \\"alert_level\\",\\n \\"NormalizationFieldExample\\": \\"1\\",\\n \\"NormalizationFieldFrom\\": \\"preset\\",\\n \\"NormalizationFieldTokenize\\": true,\\n \\"NormalizationFieldReserved\\": true,\\n \\"CreateTime\\": 1736386610000,\\n \\"UpdateTime\\": 1736386610000\\n }\\n ],\\n \\"CreateTime\\": 1736386610000,\\n \\"UpdateTime\\": 1736386610000,\\n \\"NormalizationFieldRequirement\\": true\\n }\\n ],\\n \\"MaxResults\\": 50,\\n \\"NextToken\\": \\"AAAAAUqcj6VO4E3ECWIrFczs****\\",\\n \\"TotalCount\\": 57\\n}","type":"json"}]', 'title' => '获取标准化字段列表', 'description' => '入参JsonConfig是一个非常复杂的JSON配置，为此我们提供了辅助工具类帮助具体配置示例，请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。', ], 'ListNormalizationCategories' => [ 'summary' => '获取标准化Category列表', 'methods' => [ 'post', 'get', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'list', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '173326*******', ], ], [ 'name' => 'NormalizationCategoryType', 'in' => 'formData', 'schema' => [ 'description' => '标准化规则类目类型。取值：'."\n" .'- log'."\n" .'- entity', 'type' => 'string', 'required' => false, 'example' => 'entity', ], ], [ 'name' => 'MaxResults', 'in' => 'formData', 'schema' => [ 'description' => '本次读取的最大数据量。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'minimum' => '0', 'example' => '50', ], ], [ 'name' => 'NextToken', 'in' => 'formData', 'schema' => [ 'description' => '是否拥有下一次查询的令牌（Token）。取值：第一次查询和没有下一次查询时，均无需填写。如果有下一次查询，取值为上一次API调用返回的NextToken值。', 'type' => 'string', 'required' => false, 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], 'NormalizationCategories' => [ 'description' => '标准化类目列表。', 'type' => 'array', 'items' => [ 'description' => '标准化类目。', 'type' => 'object', 'properties' => [ 'NormalizationCategoryId' => [ 'description' => '标准化类目ID。', 'type' => 'string', 'example' => 'COMMON_CATEGORY', ], 'NormalizationCategoryName' => [ 'description' => '标准化类目名称。', 'type' => 'string', 'example' => 'COMMON_CATEGORY', ], ], ], ], 'MaxResults' => [ 'description' => '本次读取的最大数据量。', 'type' => 'integer', 'format' => 'int32', 'example' => '50', ], 'NextToken' => [ 'description' => '是否拥有下一次查询的令牌（Token）。取值：第一次查询和没有下一次查询时，均无需填写。如果有下一次查询，取值为上一次API调用返回的NextToken值。', 'type' => 'string', 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****', ], 'TotalCount' => [ 'description' => '记录总数。', 'type' => 'integer', 'format' => 'int32', 'example' => '57', ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'IdempotentParameterMismatch', 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"NormalizationCategories\\": [\\n {\\n \\"NormalizationCategoryId\\": \\"COMMON_CATEGORY\\",\\n \\"NormalizationCategoryName\\": \\"COMMON_CATEGORY\\"\\n }\\n ],\\n \\"MaxResults\\": 50,\\n \\"NextToken\\": \\"AAAAAUqcj6VO4E3ECWIrFczs****\\",\\n \\"TotalCount\\": 57\\n}","type":"json"}]', 'title' => '获取标准化Category列表', 'description' => '发送通知有频率和时间的限定。'."\n" .'每天每个用户在08:00-20:00点最多收到两次通知，其余时间不会发送。', ], 'ListNormalizationRuleCapacities' => [ 'summary' => '获取标准化规则安全能力列表。', 'methods' => [ 'post', 'get', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'list', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '173326*******', ], ], [ 'name' => 'NormalizationRuleId', 'in' => 'formData', 'schema' => [ 'description' => '标准化规则ID。', 'type' => 'string', 'required' => false, 'example' => 'nr-z0b2ssjteut85uoh9nzp', ], ], [ 'name' => 'MaxResults', 'in' => 'formData', 'schema' => [ 'description' => '本次读取的最大数据量。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'minimum' => '0', 'example' => '50', ], ], [ 'name' => 'NextToken', 'in' => 'formData', 'schema' => [ 'description' => '是否拥有下一次查询的令牌（Token）。取值：第一次查询和没有下一次查询时，均无需填写。如果有下一次查询，取值为上一次API调用返回的NextToken值。', 'type' => 'string', 'required' => false, 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****', ], ], [ 'name' => 'NormalizationRuleIds', 'in' => 'formData', 'style' => 'simple', 'schema' => [ 'description' => '标准化规则ID列表。', 'type' => 'array', 'items' => [ 'description' => '标准化规则ID。', 'type' => 'string', 'required' => false, 'example' => 'nr-z0b2ssjteut85uoh9nzp', ], 'required' => false, ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], 'NormalizationRuleCapacities' => [ 'description' => '标准化规则关联的安全能力列表。', 'type' => 'array', 'items' => [ 'description' => '标准化规则关联的安全能力。', 'type' => 'object', 'properties' => [ 'CapacityType' => [ 'description' => '安全能力类型。取值：'."\n" .'- detection_preset_rule：预定义分析规则。'."\n" .'- detection_custom_rule：自定义分析规则。'."\n" .'- incident_investigation：安全事件处理。'."\n" .'- soar_playbooks：预定义剧本。', 'type' => 'string', 'example' => 'detection_preset_rule', ], 'Capacities' => [ 'description' => '安全能力列表。', 'type' => 'array', 'items' => [ 'description' => '安全能力。', 'type' => 'string', 'example' => 'NETWORK_SESSION_ACTIVITY', ], ], 'NormalizationRuleId' => [ 'description' => '标准化规则ID。', 'type' => 'string', 'example' => 'nr-z0b2ssjteut85uoh9nzp', ], ], ], ], 'PageNumber' => [ 'description' => '分页参数：当前页码。', 'type' => 'integer', 'format' => 'int32', 'example' => '1', ], 'PageSize' => [ 'description' => '分页参数：每页显示条数。', 'type' => 'integer', 'format' => 'int32', 'example' => '10', ], 'TotalCount' => [ 'description' => '记录总数。', 'type' => 'integer', 'format' => 'int32', 'example' => '57', ], 'TotalPage' => [ 'description' => '总页数。', 'type' => 'integer', 'format' => 'int32', 'example' => '3', ], 'MaxResults' => [ 'description' => '本次读取的最大数据量。', 'type' => 'integer', 'format' => 'int32', 'example' => '50', ], 'NextToken' => [ 'description' => '是否拥有下一次查询的令牌（Token）。取值：第一次查询和没有下一次查询时，均无需填写。如果有下一次查询，取值为上一次API调用返回的NextToken值。', 'type' => 'string', 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****', ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'IdempotentParameterMismatch', 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"NormalizationRuleCapacities\\": [\\n {\\n \\"CapacityType\\": \\"detection_preset_rule\\",\\n \\"Capacities\\": [\\n \\"NETWORK_SESSION_ACTIVITY\\"\\n ],\\n \\"NormalizationRuleId\\": \\"nr-z0b2ssjteut85uoh9nzp\\"\\n }\\n ],\\n \\"PageNumber\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 57,\\n \\"TotalPage\\": 3,\\n \\"MaxResults\\": 50,\\n \\"NextToken\\": \\"AAAAAUqcj6VO4E3ECWIrFczs****\\"\\n}","type":"json"}]', 'title' => '获取标准化规则安全能力列表', 'description' => '入参JsonConfig是一个非常复杂的JSON配置，为此我们提供了辅助工具类帮助具体配置示例，请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。', ], 'ListNormalizationSchemas' => [ 'summary' => '获取标准化Schema列表。', 'methods' => [ 'post', 'get', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'list', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '请求和接收消息的语言类型。取值：'."\n" ."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '173326*******', ], ], [ 'name' => 'NormalizationSchemaType', 'in' => 'formData', 'schema' => [ 'description' => '标准化结构类型。取值：'."\n" .'- log：日志。'."\n" .'- entity：实体。', 'type' => 'string', 'required' => false, 'example' => 'entity', ], ], [ 'name' => 'NormalizationCategoryId', 'in' => 'formData', 'schema' => [ 'description' => '标准化规则分类ID。', 'type' => 'string', 'required' => false, 'example' => 'NETWORK_CATEGORY', ], ], [ 'name' => 'MaxResults', 'in' => 'formData', 'schema' => [ 'description' => '本次读取的最大数据量。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'minimum' => '0', 'example' => '50', ], ], [ 'name' => 'NextToken', 'in' => 'formData', 'schema' => [ 'description' => '是否拥有下一次查询的令牌（Token）。取值：第一次查询和没有下一次查询时，均无需填写。如果有下一次查询，取值为上一次API调用返回的NextToken值。', 'type' => 'string', 'required' => false, 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], 'NormalizationSchemas' => [ 'description' => '标准化结构列表。', 'type' => 'array', 'items' => [ 'description' => '标准化结构。', 'type' => 'object', 'properties' => [ 'NormalizationSchemaId' => [ 'description' => '标准化结构ID。', 'type' => 'string', 'example' => 'HTTP_ACTIVITY', ], 'NormalizationSchemaName' => [ 'description' => '标准化结构名称。', 'type' => 'string', 'example' => 'normalization_rule_Z57np', ], 'NormalizationCategoryId' => [ 'description' => '标准化规则分类ID。', 'type' => 'string', 'example' => 'NETWORK_CATEGORY', ], 'NormalizationSchemaTargetLogStore' => [ 'description' => '标准化输出的LogStore。', 'type' => 'string', 'example' => 'network-activity', ], 'CreateTime' => [ 'title' => '创建时间。', 'description' => '创建时间。', 'type' => 'integer', 'format' => 'int64', 'example' => '1736386610000', ], 'UpdateTime' => [ 'title' => '更新时间。', 'description' => '更新时间。', 'type' => 'integer', 'format' => 'int64', 'example' => '1736386610000', ], 'NormalizationSchemaDescription' => [ 'title' => '标准结构描述。', 'description' => '标准结构描述。', 'type' => 'string', 'example' => 'Network flow log', ], 'NormalizationSchemaFrom' => [ 'title' => '标准化结构来源：preset-预定义，custom-自定义。', 'description' => '标准化结构来源：preset-预定义，custom-自定义。', 'type' => 'string', 'example' => 'preset', ], 'TargetLogStore' => [ 'title' => '日志服务 LogStore。', 'description' => '日志服务 LogStore。', 'type' => 'string', 'example' => 'network-activity', ], 'TargetStoreView' => [ 'title' => '日志服务 StoreView。', 'description' => '日志服务 StoreView。', 'type' => 'string', 'example' => 'network-activity', ], ], ], ], 'MaxResults' => [ 'description' => '本次读取的最大数据量。', 'type' => 'integer', 'format' => 'int32', 'example' => '50', ], 'NextToken' => [ 'description' => '是否拥有下一次查询的令牌（Token）。取值：第一次查询和没有下一次查询时，均无需填写。如果有下一次查询，取值为上一次API调用返回的NextToken值。', 'type' => 'string', 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****', ], 'TotalCount' => [ 'description' => '记录总数。', 'type' => 'integer', 'format' => 'int32', 'example' => '57', ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'IdempotentParameterMismatch', 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"NormalizationSchemas\\": [\\n {\\n \\"NormalizationSchemaId\\": \\"HTTP_ACTIVITY\\",\\n \\"NormalizationSchemaName\\": \\"normalization_rule_Z57np\\",\\n \\"NormalizationCategoryId\\": \\"NETWORK_CATEGORY\\",\\n \\"NormalizationSchemaTargetLogStore\\": \\"network-activity\\",\\n \\"CreateTime\\": 1736386610000,\\n \\"UpdateTime\\": 1736386610000,\\n \\"NormalizationSchemaDescription\\": \\"Network flow log\\",\\n \\"NormalizationSchemaFrom\\": \\"preset\\",\\n \\"TargetLogStore\\": \\"network-activity\\",\\n \\"TargetStoreView\\": \\"network-activity\\"\\n }\\n ],\\n \\"MaxResults\\": 50,\\n \\"NextToken\\": \\"AAAAAUqcj6VO4E3ECWIrFczs****\\",\\n \\"TotalCount\\": 57\\n}","type":"json"}]', 'title' => '获取标准化Schema列表', 'description' => '入参JsonConfig是一个非常复杂的JSON配置，为此我们提供了辅助工具类帮助具体配置示例，请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。', ], 'CreateDataSet' => [ 'summary' => '创建数据集。', 'methods' => [ 'post', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'create', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsasASHGE7', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'DataSetName', 'in' => 'formData', 'schema' => [ 'description' => '数据集名称', 'type' => 'string', 'required' => true, 'example' => 'lmftest', 'maxLength' => 100, ], ], [ 'name' => 'DataSetDescription', 'in' => 'formData', 'schema' => [ 'description' => '数据集描述。', 'type' => 'string', 'required' => false, 'example' => 'lmftest contains ip list', 'maxLength' => 1000, ], ], [ 'name' => 'DataSetFieldKeyName', 'in' => 'formData', 'schema' => [ 'description' => '数据集唯一键名称。', 'type' => 'string', 'required' => true, 'example' => 'ip', ], ], [ 'name' => 'DataSetFileName', 'in' => 'formData', 'schema' => [ 'description' => '上传的数据集文件名称。', 'type' => 'string', 'required' => true, 'example' => 'cloudsiem-dataset/1358117679873357_17433*****.csv', ], ], [ 'name' => 'IpWhitelistRecognizers', 'in' => 'formData', 'style' => 'flat', 'schema' => [ 'description' => '识别器列表。', 'type' => 'array', 'items' => [ 'description' => '识别器。', 'type' => 'object', 'properties' => [ 'IpWhitelistRecognizerType' => [ 'description' => '识别器识别的IP类型。取值：'."\n" .'- sas_vulnerability_scanner_ip：云安全中心漏洞Web扫描器IP地址。'."\n" .'- waf_back_source_ip：Web应用防火墙回源IP地址。'."\n" .'- ddos_back_source_ip：DDoS防护回源IP地址。'."\n" .'- esa_back_source_ip：边缘安全加速ESA回源节点IP地址。'."\n" .'- ecs_public_ip：云服务器ECS公网IP地址。'."\n" .'- slb_public_ip：负载均衡SLB公网IP地址。'."\n" .'- vpc_eip：弹性公网IP(EIP)地址。'."\n" .'- cdn_back_source_ip：内容分发网络CDN回源IP地址。'."\n" .'- ga_back_source_ip：全球加速GA回源IP地址。', 'type' => 'string', 'required' => false, 'example' => 'waf_back_source_ip', ], 'AutoRecognizeStatus' => [ 'description' => '自动识别状态。取值：'."\n" .'- enabled：已启用。'."\n" .'- disabled：未启用。', 'type' => 'string', 'required' => false, 'example' => 'enabled', ], 'RecognizeScope' => [ 'description' => '识别范围。取值：'."\n" .'- current_account：仅当前账户。'."\n" .'- rd_accounts：开启多账号。', 'type' => 'string', 'required' => false, 'example' => 'current_account', ], ], 'required' => false, ], 'required' => false, ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'DataSetStatus', 'in' => 'formData', 'schema' => [ 'description' => '数据集状态。取值：'."\n" .'- 0：删除。'."\n" .'- 1：启用。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'DataSetType', 'in' => 'formData', 'schema' => [ 'description' => '数据集类型。取值：'."\n" .'- custom：自定义。'."\n" .'- preset：预定义。', 'type' => 'string', 'required' => false, 'example' => 'custom', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'description' => '请求消息ID。', 'type' => 'string', 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', ], 'DataSetRecordStatistic' => [ 'description' => '数据集创建返回结果。', 'type' => 'object', 'properties' => [ 'NewDataSetRecordCount' => [ 'description' => '新增数据集记录数。', 'type' => 'integer', 'format' => 'int32', 'example' => '6', ], 'DataSetId' => [ 'description' => '数据集ID。', 'type' => 'string', 'example' => 'dataset-qt0n8246gs9nackg****', ], ], ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'IdempotentParameterMismatch', 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\",\\n \\"DataSetRecordStatistic\\": {\\n \\"NewDataSetRecordCount\\": 6,\\n \\"DataSetId\\": \\"dataset-qt0n8246gs9nackg****\\"\\n }\\n}","type":"json"}]', 'title' => '创建数据集', ], 'UpdateDataSet' => [ 'summary' => '更新数据集。', 'methods' => [ 'post', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'update', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsasASHGE7', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'DataSetId', 'in' => 'formData', 'schema' => [ 'description' => '数据集ID。', 'type' => 'string', 'required' => true, 'example' => 'dataset-10iy8mbifnb4gniv****', ], ], [ 'name' => 'DataSetDescription', 'in' => 'formData', 'schema' => [ 'description' => '数据集描述。', 'type' => 'string', 'required' => false, 'example' => 'lmftest desc', 'maxLength' => 1000, ], ], [ 'name' => 'IpWhitelistRecognizers', 'in' => 'formData', 'style' => 'flat', 'schema' => [ 'description' => '识别器识别的IP类型。', 'type' => 'array', 'items' => [ 'description' => '识别器识别的IP类型。', 'type' => 'object', 'properties' => [ 'IpWhitelistRecognizerType' => [ 'description' => '识别器识别的IP类型。取值：'."\n" .'- sas_vulnerability_scanner_ip：云安全中心漏洞Web扫描器IP地址。'."\n" .'- waf_back_source_ip：Web应用防火墙回源IP地址。'."\n" .'- ddos_back_source_ip：DDoS防护回源IP地址。'."\n" .'- esa_back_source_ip：边缘安全加速ESA回源节点IP地址。'."\n" .'- ecs_public_ip：云服务器ECS公网IP地址。'."\n" .'- slb_public_ip：负载均衡SLB公网IP地址。'."\n" .'- vpc_eip：弹性公网IP(EIP)地址。'."\n" .'- cdn_back_source_ip：内容分发网络CDN回源IP地址。'."\n" .'- ga_back_source_ip：全球加速GA回源IP地址。', 'type' => 'string', 'required' => false, 'example' => 'cdn_back_source_ip', ], 'AutoRecognizeStatus' => [ 'description' => '自动识别状态。取值：'."\n" .'- enabled：启用。'."\n" .'- disabled：禁用。', 'type' => 'string', 'required' => false, 'example' => 'enabled', ], 'RecognizeScope' => [ 'description' => '识别范围。取值：'."\n" .'- current_account：仅当前账户。'."\n" .'- rd_accounts：开启多账号。', 'type' => 'string', 'required' => false, 'example' => 'current_account', ], ], 'required' => false, ], 'required' => false, ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'DataSetName', 'in' => 'formData', 'schema' => [ 'description' => '数据集名称。', 'type' => 'string', 'required' => false, 'example' => 'lmftest', ], ], [ 'name' => 'DataSetFileName', 'in' => 'formData', 'schema' => [ 'description' => '上传的数据集文件名称。', 'type' => 'string', 'required' => false, 'example' => 'cloudsiem-dataset/1358117679873357_1743387731614.csv', ], ], [ 'name' => 'DataSetStatus', 'in' => 'formData', 'schema' => [ 'description' => '数据集状态。取值：'."\n" .'- 0：删除。'."\n" .'- 1：启用。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'description' => '请求消息ID。', 'type' => 'string', 'example' => 'DE7E77A9-BFAD-5EAA-9B48-A96760E9DF0B', ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'IdempotentParameterMismatch', 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"DE7E77A9-BFAD-5EAA-9B48-A96760E9DF0B\\"\\n}","type":"json"}]', 'title' => '更新数据集', 'description' => '发送通知有频率和时间的限定。'."\n" .'每天每个用户在08:00-20:00点最多收到两次通知，其余时间不会发送。', ], 'DeleteDataSet' => [ 'summary' => '删除数据集。', 'methods' => [ 'post', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'delete', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsasASHGE7', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'DataSetId', 'in' => 'formData', 'schema' => [ 'description' => '数据集ID。', 'type' => 'string', 'required' => true, 'example' => 'dataset-10iy8mbifnb4gniv****', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'description' => '请求消息ID。', 'type' => 'string', 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'IdempotentParameterMismatch', 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', 'title' => '删除数据集', ], 'ListDataSets' => [ 'summary' => '获取数据集列表。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'list', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsasASHGE7', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'DataSetId', 'in' => 'formData', 'schema' => [ 'description' => '数据集ID。', 'type' => 'string', 'required' => false, 'example' => 'dataset-qt0n8246gs9nackg****', ], ], [ 'name' => 'DataSetName', 'in' => 'formData', 'schema' => [ 'description' => '数据集名称。', 'type' => 'string', 'required' => false, 'example' => 'lmftest', ], ], [ 'name' => 'DataSetStatus', 'in' => 'formData', 'schema' => [ 'description' => '数据集状态。取值：'."\n" .'- 0：删除 。'."\n" .'- 1：启用。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '0', ], ], [ 'name' => 'OrderFieldName', 'in' => 'formData', 'schema' => [ 'description' => '排序字段。取值：'."\n" .'- GmtCreate：创建时间 。'."\n" .'- GmtModified：更新时间。', 'type' => 'string', 'required' => false, 'example' => 'GmtCreate', ], ], [ 'name' => 'OrderDirection', 'in' => 'formData', 'schema' => [ 'description' => '排序方向，取值为：'."\n" .'- **asc**（默认值）：正序。'."\n" .'- **desc**：倒序。', 'type' => 'string', 'required' => false, 'example' => 'asc', ], ], [ 'name' => 'PageNumber', 'in' => 'formData', 'schema' => [ 'description' => '分页参数：当前页码。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'PageSize', 'in' => 'formData', 'schema' => [ 'description' => '分页参数：每页显示条数。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'maximum' => '100', 'minimum' => '1', 'example' => '10', ], ], [ 'name' => 'DataSetIds', 'in' => 'formData', 'style' => 'simple', 'schema' => [ 'description' => '数据集ID列表。', 'type' => 'array', 'items' => [ 'description' => '数据集ID列表。', 'type' => 'string', 'required' => false, 'example' => '["dataset-1lz4nf2x08mklchy****"]', ], 'required' => false, 'maxItems' => 50, ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'MaxResults', 'in' => 'formData', 'schema' => [ 'description' => '使用NextToken方式查询时，每次最多返回的结果数。取值范围：1~100。默认值：50。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '50', ], ], [ 'name' => 'NextToken', 'in' => 'formData', 'schema' => [ 'description' => '下一个查询开始Token。', 'type' => 'string', 'required' => false, 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****', ], ], [ 'name' => 'DataSetType', 'in' => 'formData', 'schema' => [ 'description' => '数据集类型。取值：'."\n" .'- custom：自定义。'."\n" .'- preset：预定义。', 'type' => 'string', 'required' => false, 'example' => 'custom', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'description' => '请求消息ID。', 'type' => 'string', 'example' => '157CFBB5-B56F-566F-8991-B3C51799****', ], 'DataSets' => [ 'description' => '数据集列表。', 'type' => 'array', 'items' => [ 'description' => '数据集。', 'type' => 'object', 'properties' => [ 'CreateTime' => [ 'description' => '创建时间。', 'type' => 'integer', 'format' => 'int64', 'example' => '1713787368000', ], 'UpdateTime' => [ 'description' => '更新时间。', 'type' => 'integer', 'format' => 'int64', 'example' => '1713787368000', ], 'DataSetId' => [ 'description' => '数据集ID。', 'type' => 'string', 'example' => 'dataset-t8ha6p7k61rmniqw****', ], 'DataSetName' => [ 'description' => '数据集名称。', 'type' => 'string', 'example' => 'lmftest', ], 'DataSetDescription' => [ 'description' => '数据集描述。', 'type' => 'string', 'example' => 'lmftest desc', ], 'DataSetFieldNames' => [ 'description' => '数据集字段名称。', 'type' => 'string', 'example' => '["ip","region"]', ], 'DataSetFieldKeyName' => [ 'description' => '数据集唯一键名称。', 'type' => 'string', 'example' => 'ip', ], 'DataSetFileName' => [ 'description' => '上传的数据集文件名称。', 'type' => 'string', 'example' => 'cloudsiem-dataset/1358117679873357_174338773****.csv', ], 'DataSetStatus' => [ 'description' => '数据集状态。取值：'."\n" .'- 0：删除。'."\n" .'- 1：启用。', 'type' => 'integer', 'format' => 'int32', 'example' => '1', ], 'DataSetReferences' => [ 'description' => '数据集引用数据。', 'type' => 'array', 'items' => [ 'description' => '数据集引用数据。', 'type' => 'object', 'properties' => [ 'DataSetId' => [ 'description' => '数据集ID。', 'type' => 'string', 'example' => 'dataset-nhcrmjpx1zsorlaq****', ], 'DataSetReferenceType' => [ 'description' => '与数据集关联的服务类型。取值：'."\n" .'- custom_rule：自定义规则 。'."\n" .'- playbook：剧本。', 'type' => 'string', 'example' => 'playbook', ], 'DataSetReferenceId' => [ 'description' => '与数据集关联的规则或剧本id。', 'type' => 'string', 'example' => '456232', ], 'DataSetReferenceName' => [ 'description' => '与数据集关联的规则或剧本名称。', 'type' => 'string', 'example' => 'playbook_name', ], ], ], ], 'DataSetType' => [ 'description' => '数据集类型。取值：'."\n" .'- custom：自定义。'."\n" .'- preset：预定义。', 'type' => 'string', 'example' => 'preset', ], 'IpWhitelistRecognizers' => [ 'description' => '识别器列表。', 'type' => 'array', 'items' => [ 'description' => '识别器。', 'type' => 'object', 'properties' => [ 'IpWhitelistRecognizerType' => [ 'description' => '识别器识别的IP类型。取值：'."\n" .'- sas_vulnerability_scanner_ip：云安全中心漏洞Web扫描器IP地址。'."\n" .'- waf_back_source_ip：Web应用防火墙回源IP地址。'."\n" .'- ddos_back_source_ip：DDoS防护回源IP地址。'."\n" .'- esa_back_source_ip：边缘安全加速ESA回源节点IP地址。'."\n" .'- ecs_public_ip：云服务器ECS公网IP地址。'."\n" .'- slb_public_ip：负载均衡SLB公网IP地址。'."\n" .'- vpc_eip：弹性公网IP(EIP)地址。'."\n" .'- cdn_back_source_ip：内容分发网络CDN回源IP地址。'."\n" .'- ga_back_source_ip：全球加速GA回源IP地址。', 'type' => 'string', 'example' => 'waf_back_source_ip', ], 'AutoRecognizeStatus' => [ 'description' => '自动识别状态。取值：'."\n" .'- enabled：已启用。'."\n" .'- disabled：未启用。', 'type' => 'string', 'example' => 'enabled', ], 'RecognizeScope' => [ 'description' => '识别范围。取值：'."\n" .'- current_account：仅当前账户。'."\n" .'- rd_accounts：开启多账号。', 'type' => 'string', 'example' => 'current_account', ], 'UpdateTime' => [ 'description' => '更新时间。', 'type' => 'integer', 'format' => 'int64', 'example' => '1713787368000', ], ], ], ], ], ], ], 'PageNumber' => [ 'description' => '分页参数：当前页码。', 'type' => 'integer', 'format' => 'int32', 'example' => '1', ], 'PageSize' => [ 'description' => '分页参数：每页显示条数。', 'type' => 'integer', 'format' => 'int32', 'example' => '10', ], 'TotalCount' => [ 'description' => '记录总数。', 'type' => 'integer', 'format' => 'int32', 'example' => '57', ], 'MaxResults' => [ 'description' => '使用NextToken方式查询时，每次最多返回的结果数。取值范围：1~100。默认值：50。', 'type' => 'integer', 'format' => 'int32', 'example' => '50', ], 'NextToken' => [ 'description' => '下一个查询开始Token。', 'type' => 'string', 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****', ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'IdempotentParameterMismatch', 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"157CFBB5-B56F-566F-8991-B3C51799****\\",\\n \\"DataSets\\": [\\n {\\n \\"CreateTime\\": 1713787368000,\\n \\"UpdateTime\\": 1713787368000,\\n \\"DataSetId\\": \\"dataset-t8ha6p7k61rmniqw****\\",\\n \\"DataSetName\\": \\"lmftest\\",\\n \\"DataSetDescription\\": \\"lmftest desc\\",\\n \\"DataSetFieldNames\\": \\"[\\\\\\"ip\\\\\\",\\\\\\"region\\\\\\"]\\",\\n \\"DataSetFieldKeyName\\": \\"ip\\",\\n \\"DataSetFileName\\": \\"cloudsiem-dataset/1358117679873357_174338773****.csv\\",\\n \\"DataSetStatus\\": 1,\\n \\"DataSetReferences\\": [\\n {\\n \\"DataSetId\\": \\"dataset-nhcrmjpx1zsorlaq****\\",\\n \\"DataSetReferenceType\\": \\"playbook\\",\\n \\"DataSetReferenceId\\": \\"456232\\",\\n \\"DataSetReferenceName\\": \\"playbook_name\\"\\n }\\n ],\\n \\"DataSetType\\": \\"preset\\",\\n \\"IpWhitelistRecognizers\\": [\\n {\\n \\"IpWhitelistRecognizerType\\": \\"waf_back_source_ip\\",\\n \\"AutoRecognizeStatus\\": \\"enabled\\",\\n \\"RecognizeScope\\": \\"current_account\\",\\n \\"UpdateTime\\": 1713787368000\\n }\\n ]\\n }\\n ],\\n \\"PageNumber\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 57,\\n \\"MaxResults\\": 50,\\n \\"NextToken\\": \\"AAAAAUqcj6VO4E3ECWIrFczs****\\"\\n}","type":"json"}]', 'title' => '获取数据集列表', ], 'UpdateDataSetRecord' => [ 'summary' => '更新数据集记录。', 'methods' => [ 'post', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'update', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsasASHGE7', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'DataSetId', 'in' => 'formData', 'schema' => [ 'description' => '数据集ID。', 'type' => 'string', 'required' => true, 'example' => 'dataset-10iy8mbifnb4gniv****', ], ], [ 'name' => 'DataSetRecords', 'in' => 'formData', 'schema' => [ 'description' => '数据集记录内容，json数组格式。', 'type' => 'string', 'required' => false, 'example' => '[{\\"ip\\":\\"1.1.1.1\\",\\"userid\\":\\"1234\\",\\"name\\":\\"a12401\\"},'."\n" .' {\\"ip\\":\\"2.2.2.2\\",\\"userid\\":\\"33333\\",\\"name\\":\\"a12401\\"}]', ], ], [ 'name' => 'DataSetFileName', 'in' => 'formData', 'schema' => [ 'description' => '上传的数据集文件名称。', 'type' => 'string', 'required' => false, 'example' => 'cloudsiem-dataset/1358117679873357_174338773****.csv', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'description' => '请求消息ID。', 'type' => 'string', 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', ], 'DataSetRecordStatistic' => [ 'description' => '数据集更新结果。', 'type' => 'object', 'properties' => [ 'NewDataSetRecordCount' => [ 'description' => '新增数据集记录数。', 'type' => 'integer', 'format' => 'int32', 'example' => '12', ], 'UpdateDataSetRecordCount' => [ 'description' => '更新数据集记录数。', 'type' => 'integer', 'format' => 'int32', 'example' => '4', ], ], ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'IdempotentParameterMismatch', 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\",\\n \\"DataSetRecordStatistic\\": {\\n \\"NewDataSetRecordCount\\": 12,\\n \\"UpdateDataSetRecordCount\\": 4\\n }\\n}","type":"json"}]', 'title' => '更新数据集记录', 'description' => '发送通知有频率和时间的限定。'."\n" .'每天每个用户在08:00-20:00点最多收到两次通知，其余时间不会发送。', ], 'DeleteDataSetRecord' => [ 'summary' => '删除数据集记录。', 'methods' => [ 'post', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'delete', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsasASHGE7', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'DataSetId', 'in' => 'formData', 'schema' => [ 'description' => '数据集ID。', 'type' => 'string', 'required' => true, 'example' => 'dataset-10iy8mbifnb4gniv****', ], ], [ 'name' => 'DataSetRecordIds', 'in' => 'formData', 'schema' => [ 'description' => '数据集记录ID列表， json数组格式。', 'type' => 'string', 'required' => true, 'example' => '[1,2,3,4]', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'IdempotentParameterMismatch', 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', 'title' => '删除数据集记录', ], 'ListDataSetRecords' => [ 'summary' => '获取数据集记录列表。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'list', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsasASHGE7', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'DataSetId', 'in' => 'formData', 'schema' => [ 'description' => '数据集ID。', 'type' => 'string', 'required' => true, 'example' => 'dataset-nhcrmjpx1zsorlaq****', ], ], [ 'name' => 'PageNumber', 'in' => 'formData', 'schema' => [ 'description' => '分页参数：当前页码。', 'type' => 'integer', 'format' => 'int32', 'required' => true, 'minimum' => '1', 'example' => '1', ], ], [ 'name' => 'PageSize', 'in' => 'formData', 'schema' => [ 'description' => '分页参数：每页显示条数。', 'type' => 'integer', 'format' => 'int32', 'required' => true, 'maximum' => '100', 'minimum' => '1', 'example' => '10', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'MaxResults', 'in' => 'formData', 'schema' => [ 'description' => '使用NextToken方式查询时，每次最多返回的结果数。取值范围：1~100。默认值：50。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '50', ], ], [ 'name' => 'NextToken', 'in' => 'formData', 'schema' => [ 'description' => '下一个查询开始Token。', 'type' => 'string', 'required' => false, 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'description' => '请求消息ID。', 'type' => 'string', 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', ], 'DataSetRecords' => [ 'description' => '数据集记录列表。', 'type' => 'array', 'items' => [ 'description' => '数据集记录。', 'type' => 'object', 'properties' => [ 'CreateTime' => [ 'description' => '创建时间。', 'type' => 'integer', 'format' => 'int64', 'example' => '1658974643000', ], 'UpdateTime' => [ 'description' => '更新时间。', 'type' => 'integer', 'format' => 'int64', 'example' => '1658974643000', ], 'DataSetId' => [ 'description' => '数据集ID。', 'type' => 'string', 'example' => 'dataset-t8ha6p7k61rmniqw****', ], 'DataSetName' => [ 'description' => '数据集名称。', 'type' => 'string', 'example' => 'lmftest', ], 'DataSetRecordId' => [ 'description' => '数据集记录ID。', 'type' => 'string', 'example' => '124566', ], 'DataSetRecordValues' => [ 'description' => '数据集记录值。', 'type' => 'string', 'example' => '{"ip":"10.0.*.*/8","region":"shanghai"}', ], ], ], ], 'PageNumber' => [ 'description' => '分页参数：当前页码。', 'type' => 'integer', 'format' => 'int32', 'example' => '1', ], 'PageSize' => [ 'description' => '分页参数：每页显示条数。', 'type' => 'integer', 'format' => 'int32', 'example' => '10', ], 'TotalCount' => [ 'description' => '记录总数。', 'type' => 'integer', 'format' => 'int32', 'example' => '57', ], 'MaxResults' => [ 'description' => '使用NextToken方式查询时，每次最多返回的结果数。取值范围：1~100。默认值：50。', 'type' => 'integer', 'format' => 'int32', 'example' => '50', ], 'NextToken' => [ 'description' => '下一个查询开始Token。', 'type' => 'string', 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****', ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'IdempotentParameterMismatch', 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\",\\n \\"DataSetRecords\\": [\\n {\\n \\"CreateTime\\": 1658974643000,\\n \\"UpdateTime\\": 1658974643000,\\n \\"DataSetId\\": \\"dataset-t8ha6p7k61rmniqw****\\",\\n \\"DataSetName\\": \\"lmftest\\",\\n \\"DataSetRecordId\\": \\"124566\\",\\n \\"DataSetRecordValues\\": \\"{\\\\\\"ip\\\\\\":\\\\\\"10.0.*.*/8\\\\\\",\\\\\\"region\\\\\\":\\\\\\"shanghai\\\\\\"}\\"\\n }\\n ],\\n \\"PageNumber\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 57,\\n \\"MaxResults\\": 50,\\n \\"NextToken\\": \\"AAAAAUqcj6VO4E3ECWIrFczs****\\"\\n}","type":"json"}]', 'title' => '获取数据集记录列表', ], 'CreateDetectionRule' => [ 'summary' => '创建检测规则。', 'methods' => [ 'post', 'get', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'create', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsasASHGE7', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'DetectionRuleName', 'in' => 'formData', 'schema' => [ 'description' => '检测规则名称。', 'type' => 'string', 'required' => true, 'example' => 'dr-ha1i09ob3zmqrs85****', 'maxLength' => 100, ], ], [ 'name' => 'DetectionRuleDescription', 'in' => 'formData', 'schema' => [ 'description' => '检测规则描述。', 'type' => 'string', 'required' => false, 'example' => 'dr-123', 'maxLength' => 2000, ], ], [ 'name' => 'DetectionRuleType', 'in' => 'formData', 'schema' => [ 'description' => '检测规则类型。取值：'."\n" .'- preset：预置检测规则。'."\n" .'- custom：自定义检测规则。'."\n" .'- custom_template：规则模版。', 'type' => 'string', 'required' => true, 'example' => 'custom', 'enum' => [ 'custom', ], ], ], [ 'name' => 'DetectionRuleStatus', 'in' => 'formData', 'schema' => [ 'description' => '检测规则状态。', 'type' => 'string', 'required' => false, 'example' => '0', ], ], [ 'name' => 'AlertType', 'in' => 'formData', 'schema' => [ 'description' => '告警类型。', 'type' => 'string', 'required' => true, 'example' => 'WebShell', ], ], [ 'name' => 'AlertLevel', 'in' => 'formData', 'schema' => [ 'description' => '告警威胁等级。 取值：'."\n" .'- 5：严重。'."\n" .'- 4：高危。'."\n" .'- 3：中危。'."\n" .'- 2：低危。'."\n" .'- 1：信息。', 'type' => 'string', 'required' => true, 'example' => '1', 'enum' => [ '1', '2', '3', '4', '5', ], ], ], [ 'name' => 'AlertTacticId', 'in' => 'formData', 'schema' => [ 'description' => '告警战术阶段。', 'type' => 'string', 'required' => false, 'example' => 'TA0042', ], ], [ 'name' => 'AlertAttCk', 'in' => 'formData', 'schema' => [ 'description' => '告警Att&Ck。', 'type' => 'string', 'required' => false, 'example' => 'Discovery', ], ], [ 'name' => 'DetectionExpressionType', 'in' => 'formData', 'schema' => [ 'description' => '检测规则表达式类型。取值：'."\n" .'- sql：SQL。'."\n" .'- playbook：剧本。', 'type' => 'string', 'required' => false, 'enumValueTitles' => [ 'sql' => 'sql', 'playbook' => 'playbook', ], 'example' => 'sql', 'enum' => [ 'sql', 'graphical', 'playbook', ], ], ], [ 'name' => 'DetectionExpressionContent', 'in' => 'formData', 'schema' => [ 'description' => '检测规则表达式内容。', 'type' => 'string', 'required' => false, 'example' => '*|set session mode=scan;SELECT * FROM log'."\n" .'WHERE schema = \'PROCESS_START_ACTIVITY\''."\n" .'AND ('."\n" .' proc_path LIKE \'%/groups\''."\n" .' OR ('."\n" .' ('."\n" .' proc_path LIKE \'%/cat\''."\n" .' OR proc_path LIKE \'%/head\''."\n" .' OR proc_path LIKE \'%/tail\''."\n" .' OR proc_path LIKE \'%/more\''."\n" .' )'."\n" .' AND cmdline LIKE \'%/etc/group%\''."\n" .' )'."\n" .')'."\n", ], ], [ 'name' => 'LogCategoryId', 'in' => 'formData', 'schema' => [ 'description' => '日志规范化类别ID。', 'type' => 'string', 'required' => false, 'example' => 'NETWORK_CATEGORY', ], ], [ 'name' => 'LogSchemaId', 'in' => 'formData', 'schema' => [ 'description' => '日志规范化方案ID。', 'type' => 'string', 'required' => true, 'example' => 'API_RISK_ACTIVITY', ], ], [ 'name' => 'AlertSchemaId', 'in' => 'formData', 'schema' => [ 'description' => '检测规则告警模版ID。取值：'."\n" .'- ALERT_ACTIVITY：其他告警。'."\n" .'- EDR_ALERT_ACTIVITY：端点检测响应与告警。'."\n" .'- FIREWALL_ALERT_ACTIVITY：防火墙告警。'."\n" .'- WAF_ALERT_ACTIVITY：web应用防火墙告警。', 'type' => 'string', 'required' => true, 'example' => 'ALERT_ACTIVITY', ], ], [ 'name' => 'ScheduleType', 'in' => 'formData', 'schema' => [ 'description' => '调度类型。取值：'."\n" .'- fixed_rate：固定间隔。'."\n" .'- cron：cron表达式。', 'type' => 'string', 'required' => false, 'example' => 'fixed_rate', 'enum' => [ 'fixed_rate', 'cron', ], ], ], [ 'name' => 'ScheduleExpression', 'in' => 'formData', 'schema' => [ 'description' => '调度Cron表达式，ScheduleType取值为cron时需填写。', 'type' => 'string', 'required' => false, 'example' => '0/5 * * * *', ], ], [ 'name' => 'ScheduleMaxRetries', 'in' => 'formData', 'schema' => [ 'description' => '超时最大重试次数，取值1~100', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'ScheduleBeginTime', 'in' => 'formData', 'schema' => [ 'description' => '调度开始时间（13位时间戳）。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '1733269771123', ], ], [ 'name' => 'ScheduleWindow', 'in' => 'formData', 'schema' => [ 'description' => '调度窗口长度。', 'type' => 'string', 'required' => false, 'example' => '5m', ], ], [ 'name' => 'ScheduleMaxTimeout', 'in' => 'formData', 'schema' => [ 'description' => '超时最长时间，单位秒，取值60~1800。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '60', ], ], [ 'name' => 'AlertThresholdPeriod', 'in' => 'formData', 'schema' => [ 'description' => '告警阈值周期长度。', 'type' => 'string', 'required' => false, 'example' => '5m', ], ], [ 'name' => 'AlertThresholdCount', 'in' => 'formData', 'schema' => [ 'description' => '告警阈值次数。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '10', ], ], [ 'name' => 'AlertThresholdGroup', 'in' => 'formData', 'schema' => [ 'description' => '告警阈值字段列表，以英文逗号分隔。', 'type' => 'string', 'required' => false, 'example' => 'alert_type,ip', ], ], [ 'name' => 'IncidentAggregationType', 'in' => 'formData', 'schema' => [ 'description' => '事件聚合类型。取值：'."\n" .'- none：不生成事件。'."\n" .'- graph_compute：图计算（预定义规则支持）。'."\n" .'- expert：专家规则。'."\n" .'- passthrough：告警透出（1对1）。'."\n" .'- window：同类聚合（窗口）。', 'type' => 'string', 'required' => false, 'example' => 'window', ], ], [ 'name' => 'IncidentAggregationExpression', 'in' => 'formData', 'schema' => [ 'description' => '事件聚合周期配置。', 'type' => 'string', 'required' => false, 'example' => '5m', ], ], [ 'name' => 'PlaybookUuid', 'in' => 'formData', 'schema' => [ 'description' => '剧本的UUID。', 'type' => 'string', 'required' => false, 'example' => 'system_aliyun_clb_process_book', ], ], [ 'name' => 'PlaybookParameters', 'in' => 'formData', 'schema' => [ 'description' => '剧本用户自定义参数。', 'type' => 'string', 'required' => false, 'example' => '{'."\n" .' "ip": {'."\n" .' "ip": "124.23.*.*"'."\n" .' }'."\n" .'}', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'EntityMappings', 'in' => 'formData', 'schema' => [ 'description' => '实体映射配置。', 'type' => 'string', 'required' => false, 'example' => '[{\\"NormalizationSchemaId\\":\\"host\\",\\"NormalizationFieldMappings\\":[{\\"NormalizationFieldName\\":\\"uuid\\",\\"MappingFieldName\\":\\"host\\",\\"NormalizationFieldType\\":\\"varchar\\"}]}]', ], ], [ 'name' => 'DetectionRuleTemplateId', 'in' => 'formData', 'schema' => [ 'title' => '检测规则模板ID。', 'description' => '检测规则模板ID。', 'type' => 'string', 'required' => false, 'example' => 'cfw-out-ip_aegis-netstat', ], ], [ 'name' => 'DetectionRuleTemplateVersion', 'in' => 'formData', 'schema' => [ 'title' => '检测规则模板版本。', 'description' => '检测规则模板版本。', 'type' => 'string', 'required' => false, 'example' => 'v1.0.0', ], ], [ 'name' => 'AlertName', 'in' => 'formData', 'schema' => [ 'title' => '告警名称，支持使用$$引用查询输出字段', 'description' => '告警名称，支持使用$$引用查询输出字段', 'type' => 'string', 'required' => false, 'example' => 'Detected high-frequency multi-type network attacks from $src_ip$', ], ], [ 'name' => 'AlertDescription', 'in' => 'formData', 'schema' => [ 'title' => '告警描述，支持使用$$引用查询输出字段', 'description' => '告警描述，支持使用$$引用查询输出字段', 'type' => 'string', 'required' => false, 'example' => 'Alert from: $product_code$, detected network attack from $src_ip$, affected assets include: $dst_ip$', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'description' => '请求消息ID。', 'type' => 'string', 'example' => '5CC09D0C-1CD7-54BD-A853-DCB2D945****', ], 'DetectionRuleId' => [ 'description' => '检测规则ID。', 'type' => 'string', 'example' => 'dr-ha1i09ob3zmqrs85****', ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'IdempotentParameterMismatch', 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"5CC09D0C-1CD7-54BD-A853-DCB2D945****\\",\\n \\"DetectionRuleId\\": \\"dr-ha1i09ob3zmqrs85****\\"\\n}","type":"json"}]', 'title' => '创建检测规则', ], 'UpdateDetectionRule' => [ 'summary' => '更新检测规则。', 'methods' => [ 'post', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'update', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsasASHGE7', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'DetectionRuleId', 'in' => 'formData', 'schema' => [ 'description' => '检测规则ID。', 'type' => 'string', 'required' => true, 'example' => 'jndi-attack-success_http_dns', ], ], [ 'name' => 'DetectionRuleName', 'in' => 'formData', 'schema' => [ 'description' => '检测规则名称。', 'type' => 'string', 'required' => false, 'example' => 'CTDR Port Scan Behavior', 'maxLength' => 100, ], ], [ 'name' => 'DetectionRuleDescription', 'in' => 'formData', 'schema' => [ 'description' => '检测规则描述。', 'type' => 'string', 'required' => false, 'example' => 'Check the enumeration behavior of local system groups. An attacker may attempt to find the Local Systems group and its permission settings.', 'maxLength' => 2000, ], ], [ 'name' => 'DetectionRuleType', 'in' => 'formData', 'schema' => [ 'description' => '检测规则类型。取值：'."\n" .'- preset：预置检测规则。'."\n" .'- custom：自定义检测规则。'."\n" .'- custom_template：规则模版。', 'type' => 'string', 'required' => true, 'example' => 'custom', 'enum' => [ 'custom', 'preset', 'custom_template', ], ], ], [ 'name' => 'DetectionRuleStatus', 'in' => 'formData', 'schema' => [ 'description' => '检测规则状态。', 'type' => 'string', 'required' => false, 'example' => 'enabled', 'enum' => [ 'disabled', 'enabled', 'testing', ], ], ], [ 'name' => 'AlertType', 'in' => 'formData', 'schema' => [ 'description' => '告警类型。', 'type' => 'string', 'required' => false, 'example' => 'siem_rule_type_alert_storm', ], ], [ 'name' => 'AlertLevel', 'in' => 'formData', 'schema' => [ 'description' => '告警威胁等级。 取值：'."\n" .'- 5：严重。'."\n" .'- 4：高危。'."\n" .'- 3：中危。'."\n" .'- 2：低危。'."\n" .'- 1：信息。', 'type' => 'string', 'required' => false, 'example' => '1', ], ], [ 'name' => 'AlertTacticId', 'in' => 'formData', 'schema' => [ 'description' => '告警战术阶段。', 'type' => 'string', 'required' => false, 'example' => 'TA0042', ], ], [ 'name' => 'AlertAttCk', 'in' => 'formData', 'schema' => [ 'description' => '告警Att&Ck。', 'type' => 'string', 'required' => false, 'example' => 'Discovery', ], ], [ 'name' => 'DetectionExpressionType', 'in' => 'formData', 'schema' => [ 'description' => '检测规则表达式内容。', 'type' => 'string', 'required' => false, 'example' => 'sql', ], ], [ 'name' => 'DetectionExpressionContent', 'in' => 'formData', 'schema' => [ 'description' => '检测规则表达式内容。', 'type' => 'string', 'required' => false, 'example' => '*|set session mode=scan;SELECT * FROM log'."\n" .'WHERE schema = \'PROCESS_START_ACTIVITY\''."\n" .'AND ('."\n" .' proc_path LIKE \'%/groups\''."\n" .' OR ('."\n" .' ('."\n" .' proc_path LIKE \'%/cat\''."\n" .' OR proc_path LIKE \'%/head\''."\n" .' OR proc_path LIKE \'%/tail\''."\n" .' OR proc_path LIKE \'%/more\''."\n" .' )'."\n" .' AND cmdline LIKE \'%/etc/group%\''."\n" .' )'."\n" .')', ], ], [ 'name' => 'LogCategoryId', 'in' => 'formData', 'schema' => [ 'description' => '日志规范化类别ID。', 'type' => 'string', 'required' => false, 'example' => 'NETWORK_CATEGORY', ], ], [ 'name' => 'LogSchemaId', 'in' => 'formData', 'schema' => [ 'description' => '日志规范化方案ID。', 'type' => 'string', 'required' => false, 'example' => 'API_RISK_ACTIVITY', ], ], [ 'name' => 'AlertSchemaId', 'in' => 'formData', 'schema' => [ 'description' => '检测规则告警模版ID。', 'type' => 'string', 'required' => false, 'example' => 'ALERT_ACTIVITY', ], ], [ 'name' => 'ScheduleType', 'in' => 'formData', 'schema' => [ 'description' => '调度类型。取值：'."\n" .'- fixed_rate：固定间隔。'."\n" .'- cron：cron表达式。', 'type' => 'string', 'required' => false, 'example' => 'fixed_rate', ], ], [ 'name' => 'ScheduleExpression', 'in' => 'formData', 'schema' => [ 'description' => '调度Cron表达式，ScheduleType取值为cron时需填写。', 'type' => 'string', 'required' => false, 'example' => '1h', ], ], [ 'name' => 'ScheduleMaxRetries', 'in' => 'formData', 'schema' => [ 'description' => '超时最大重试次数，取值1~100。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'ScheduleBeginTime', 'in' => 'formData', 'schema' => [ 'description' => '调度开始时间（13位时间戳）。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '1733269771123', ], ], [ 'name' => 'ScheduleWindow', 'in' => 'formData', 'schema' => [ 'description' => '调度窗口长度。', 'type' => 'string', 'required' => false, 'example' => '5m', ], ], [ 'name' => 'ScheduleMaxTimeout', 'in' => 'formData', 'schema' => [ 'description' => '超时最长时间，单位秒，取值60~1800。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '60', ], ], [ 'name' => 'AlertThresholdPeriod', 'in' => 'formData', 'schema' => [ 'description' => '告警阈值周期长度。', 'type' => 'string', 'required' => false, 'example' => '5m', ], ], [ 'name' => 'AlertThresholdCount', 'in' => 'formData', 'schema' => [ 'description' => '告警阈值次数。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '10', ], ], [ 'name' => 'AlertThresholdGroup', 'in' => 'formData', 'schema' => [ 'description' => '告警阈值字段列表，以英文逗号分隔。', 'type' => 'string', 'required' => false, 'example' => 'alert_type,ip', ], ], [ 'name' => 'IncidentAggregationType', 'in' => 'formData', 'schema' => [ 'description' => '事件聚合类型。取值：'."\n" .'- none：不生成事件。'."\n" .'- graph_compute：图计算（预定义规则支持）。'."\n" .'- expert：专家规则。'."\n" .'- passthrough：告警透出（1对1）。'."\n" .'- window：同类聚合（窗口）。', 'type' => 'string', 'required' => false, 'example' => 'window', ], ], [ 'name' => 'IncidentAggregationExpression', 'in' => 'formData', 'schema' => [ 'description' => '事件聚合周期配置。', 'type' => 'string', 'required' => false, 'example' => '60m', ], ], [ 'name' => 'PlaybookParameters', 'in' => 'formData', 'schema' => [ 'description' => '剧本用户自定义参数。', 'type' => 'string', 'required' => false, 'example' => '{'."\n" .' "ip": {'."\n" .' "ip": "124.23.*.*"'."\n" .' }'."\n" .'}', ], ], [ 'name' => 'PlaybookUuid', 'in' => 'formData', 'schema' => [ 'description' => '剧本唯一标识。', 'type' => 'string', 'required' => false, 'example' => '31568394-7a86-487c-b8ec-b3f42b59****', ], ], [ 'name' => 'EntityMappings', 'in' => 'formData', 'schema' => [ 'description' => '实体映射配置。', 'type' => 'string', 'required' => false, 'example' => '[{\\"NormalizationSchemaId\\":\\"host\\",\\"NormalizationFieldMappings\\":[{\\"NormalizationFieldName\\":\\"uuid\\",\\"MappingFieldName\\":\\"host\\",\\"NormalizationFieldType\\":\\"varchar\\"}]}]', ], ], [ 'name' => 'AlertName', 'in' => 'formData', 'schema' => [ 'title' => '告警名称，支持使用$$引用查询输出字段', 'description' => '告警名称，支持使用$$引用查询输出字段', 'type' => 'string', 'required' => false, 'example' => 'Detected high-frequency multi-type network attacks from $src_ip$', ], ], [ 'name' => 'AlertDescription', 'in' => 'formData', 'schema' => [ 'title' => '告警描述，支持使用$$引用查询输出字段', 'description' => '告警描述，支持使用$$引用查询输出字段', 'type' => 'string', 'required' => false, 'example' => 'Alert from: $product_code$, detected network attack from $src_ip$, affected assets include: $dst_ip$', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'description' => '请求消息ID。', 'type' => 'string', 'example' => 'B88A2D41-87B8-537E-A7D3-3416A39F****', ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'IdempotentParameterMismatch', 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"B88A2D41-87B8-537E-A7D3-3416A39F****\\"\\n}","type":"json"}]', 'title' => '更新检测规则', 'description' => '入参JsonConfig是一个非常复杂的JSON配置，为此我们提供了辅助工具类帮助具体配置示例，请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。', ], 'DeleteDetectionRule' => [ 'summary' => '删除检测规则。', 'methods' => [ 'post', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'delete', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsasASHGE7', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'DetectionRuleId', 'in' => 'formData', 'schema' => [ 'description' => '检测规则ID。', 'type' => 'string', 'required' => true, 'example' => 'dr-53np4nguf5jmh1vc****', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'description' => '请求消息ID。', 'type' => 'string', 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'IdempotentParameterMismatch', 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\"\\n}","type":"json"}]', 'title' => '删除检测规则', ], 'ListDetectionRules' => [ 'summary' => '获取检测规则列表。', 'methods' => [ 'post', 'get', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'list', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsasASHGE7', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'DetectionRuleName', 'in' => 'formData', 'schema' => [ 'description' => '检测规则名称。', 'type' => 'string', 'required' => false, 'example' => 'Detect Discovery Behavior for Local Systems Groups', ], ], [ 'name' => 'DetectionRuleId', 'in' => 'formData', 'schema' => [ 'description' => '检测规则ID。', 'type' => 'string', 'required' => false, 'example' => 'dr-ppa85gfw69tgwkys****', ], ], [ 'name' => 'DetectionRuleIds', 'in' => 'formData', 'style' => 'simple', 'schema' => [ 'description' => '检测规则ID列表。', 'type' => 'array', 'items' => [ 'description' => '检测规则ID。', 'type' => 'string', 'required' => false, 'example' => 'dr-ppa85gfw69tgwkys****'."\n", ], 'required' => false, ], ], [ 'name' => 'DetectionRuleType', 'in' => 'formData', 'schema' => [ 'description' => '检测规则类型。'."\n" ."\n" .'- preset：预置检测规则。'."\n" .'- custom：自定义检测规则。'."\n" .'- custom_template：规则模版。', 'type' => 'string', 'required' => false, 'example' => 'preset', ], ], [ 'name' => 'DetectionRuleStatus', 'in' => 'formData', 'schema' => [ 'description' => '检测规则状态。', 'type' => 'string', 'required' => false, 'example' => 'enabled', ], ], [ 'name' => 'AlertType', 'in' => 'formData', 'schema' => [ 'description' => '告警类型。', 'type' => 'string', 'required' => false, 'example' => 'siem_rule_type_alert_storm', ], ], [ 'name' => 'AlertLevel', 'in' => 'formData', 'schema' => [ 'description' => '告警威胁等级。 取值：'."\n" .'- 5：严重。'."\n" .'- 4：高危。'."\n" .'- 3：中危。'."\n" .'- 2：低危。'."\n" .'- 1：信息。', 'type' => 'string', 'required' => false, 'example' => '1', ], ], [ 'name' => 'AlertTacticId', 'in' => 'formData', 'schema' => [ 'description' => '告警战术阶段。', 'type' => 'string', 'required' => false, 'example' => 'TA0042', ], ], [ 'name' => 'AlertAttCk', 'in' => 'formData', 'schema' => [ 'description' => '告警Att&Ck。', 'type' => 'string', 'required' => false, 'example' => 'Discovery', ], ], [ 'name' => 'IncidentAggregationType', 'in' => 'formData', 'schema' => [ 'description' => '事件聚合类型。取值：'."\n" .'- none：不生成事件。'."\n" .'- graph_compute：图计算（预定义规则支持）。'."\n" .'- expert：专家规则。'."\n" .'- passthrough：告警透出（1对1）。'."\n" .'- window：同类聚合（窗口）。', 'type' => 'string', 'required' => false, 'example' => 'graph_compute', ], ], [ 'name' => 'LogCategoryId', 'in' => 'formData', 'schema' => [ 'description' => '日志规范化类别ID。', 'type' => 'string', 'required' => false, 'example' => 'NETWORK_CATEGORY', ], ], [ 'name' => 'LogSchemaId', 'in' => 'formData', 'schema' => [ 'description' => '日志规范化方案ID。', 'type' => 'string', 'required' => false, 'example' => 'API_RISK_ACTIVITY', ], ], [ 'name' => 'DetectionExpressionType', 'in' => 'formData', 'schema' => [ 'description' => '检测规则表达式内容。', 'type' => 'string', 'required' => false, 'example' => 'playbook', ], ], [ 'name' => 'OrderFieldName', 'in' => 'formData', 'schema' => [ 'description' => '排序字段。取值：'."\n" .'- GmtCreate：创建时间 。'."\n" .'- GmtModified：更新时间。', 'type' => 'string', 'required' => false, 'example' => 'GmtModified', ], ], [ 'name' => 'OrderDirection', 'in' => 'formData', 'schema' => [ 'description' => '排序方向，取值为：'."\n" ."\n" .'- **asc**：正序，为默认值。'."\n" .'- **desc**：倒序。', 'type' => 'string', 'required' => false, 'example' => 'asc', ], ], [ 'name' => 'PageNumber', 'in' => 'formData', 'schema' => [ 'description' => '分页参数：当前页码。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'minimum' => '1', 'example' => '1', ], ], [ 'name' => 'PageSize', 'in' => 'formData', 'schema' => [ 'description' => '分页参数：每页显示条数。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'maximum' => '100', 'minimum' => '1', 'example' => '100', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'MaxResults', 'in' => 'formData', 'schema' => [ 'description' => '本次读取的最大数据量。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '50', ], ], [ 'name' => 'NextToken', 'in' => 'formData', 'schema' => [ 'description' => '下一个查询开始Token。', 'type' => 'string', 'required' => false, 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'description' => '请求消息ID。', 'type' => 'string', 'example' => '508DCFFD-4508-54BF-A8A0-E97A0FA6****', ], 'DetectionRules' => [ 'description' => '检测规则列表。', 'type' => 'array', 'items' => [ 'description' => '检测规则。', 'type' => 'object', 'properties' => [ 'CreateTime' => [ 'description' => '创建时间。', 'type' => 'integer', 'format' => 'int64', 'example' => '2023-03-21 13:47:01', ], 'UpdateTime' => [ 'description' => '更新时间。', 'type' => 'integer', 'format' => 'int64', 'example' => '2023-04-16 10:51:00', ], 'DetectionRuleId' => [ 'description' => '检测规则ID。', 'type' => 'string', 'example' => 'jndi-attack-success_http_netstat', ], 'DetectionRuleName' => [ 'description' => '检测规则名称。', 'type' => 'string', 'example' => 'Detect Discovery Behavior for Local Systems Groups'."\n", ], 'DetectionRuleDescription' => [ 'description' => '检测规则描述。', 'type' => 'string', 'example' => 'Check the enumeration behavior of local system groups. An attacker may attempt to find the Local Systems group and its permission settings.', ], 'DetectionRuleType' => [ 'description' => '检测规则类型。取值：'."\n" .'- preset：预置检测规则。'."\n" .'- custom：自定义检测规则。'."\n" .'- custom_template：规则模版。', 'type' => 'string', 'example' => 'custom', ], 'DetectionRuleStatus' => [ 'description' => '检测规则状态。取值：'."\n" .'- enabled：启用。'."\n" .'- disabled：禁用。'."\n" .'- testing：测试。', 'type' => 'string', 'example' => 'enabled', ], 'DetectionExpressionType' => [ 'description' => '检测规则表达式内容。', 'type' => 'string', 'example' => 'playbook', ], 'DetectionExpressionContent' => [ 'description' => '检测规则表达式内容。', 'type' => 'string', 'example' => '*|set session mode=scan;SELECT * FROM log'."\n" .'WHERE schema = \'PROCESS_START_ACTIVITY\''."\n" .'AND ('."\n" .' proc_path LIKE \'%/groups\''."\n" .' OR ('."\n" .' ('."\n" .' proc_path LIKE \'%/cat\''."\n" .' OR proc_path LIKE \'%/head\''."\n" .' OR proc_path LIKE \'%/tail\''."\n" .' OR proc_path LIKE \'%/more\''."\n" .' )'."\n" .' AND cmdline LIKE \'%/etc/group%\''."\n" .' )'."\n" .')', ], 'LogCategoryId' => [ 'description' => '日志规范化类别ID。', 'type' => 'string', 'example' => 'NETWORK_CATEGORY', ], 'LogSchemaId' => [ 'description' => '日志规范化方案ID。', 'type' => 'string', 'example' => 'API_RISK_ACTIVITY', ], 'AlertSchemaId' => [ 'description' => '检测规则告警模版ID。取值：'."\n" .'- ALERT_ACTIVITY：其他告警。'."\n" .'- EDR_ALERT_ACTIVITY：端点检测响应与告警。'."\n" .'- FIREWALL_ALERT_ACTIVITY：防火墙告警。'."\n" .'- WAF_ALERT_ACTIVITY：web应用防火墙告警。', 'type' => 'string', 'example' => 'ALERT_ACTIVITY', ], 'ScheduleType' => [ 'description' => '调度类型。取值：'."\n" ."\n" .'- fixed_rate：固定间隔'."\n" .'- cron：cron表达式', 'type' => 'string', 'example' => 'fixed_rate', ], 'ScheduleExpression' => [ 'description' => '调度Cron表达式，ScheduleType取值为cron时需填写。', 'type' => 'string', 'example' => '5m', ], 'ScheduleMaxRetries' => [ 'description' => '超时最大重试次数，取值1~100。', 'type' => 'integer', 'format' => 'int32', 'example' => '1', ], 'ScheduleBeginTime' => [ 'description' => '调度开始时间（13位时间戳）。', 'type' => 'integer', 'format' => 'int64', 'example' => '1733269771123', ], 'ScheduleWindow' => [ 'description' => '调度窗口长度。', 'type' => 'string', 'example' => '5m', ], 'ScheduleMaxTimeout' => [ 'description' => '超时最长时间，单位秒，取值60~1800。', 'type' => 'integer', 'format' => 'int32', 'example' => '60', ], 'AlertType' => [ 'description' => '告警类型。', 'type' => 'string', 'example' => 'WebShell', ], 'AlertLevel' => [ 'description' => '告警威胁等级。 取值：'."\n" .'- 5：严重。'."\n" .'- 4：高危。'."\n" .'- 3：中危。'."\n" .'- 2：低危。'."\n" .'- 1：信息。', 'type' => 'string', 'example' => '1', ], 'AlertTacticId' => [ 'description' => '告警战术阶段。', 'type' => 'string', 'example' => 'TA0042', ], 'AlertAttCk' => [ 'description' => '告警Att&Ck。', 'type' => 'string', 'example' => 'Discovery', ], 'AlertThresholdPeriod' => [ 'description' => '告警阈值周期长度。', 'type' => 'string', 'example' => '5m', ], 'AlertThresholdCount' => [ 'description' => '告警阈值次数。', 'type' => 'integer', 'format' => 'int32', 'example' => '10', ], 'AlertThresholdGroup' => [ 'description' => '告警阈值字段列表，以英文逗号分隔。', 'type' => 'string', 'example' => 'alert_type,ip', ], 'IncidentAggregationType' => [ 'description' => '事件聚合类型。取值：'."\n" .'- none：不生成事件。'."\n" .'- graph_compute：图计算（预定义规则支持）。'."\n" .'- expert：专家规则。'."\n" .'- passthrough：告警透出（1对1）。'."\n" .'- window：同类聚合（窗口）。', 'type' => 'string', 'example' => 'passthrough', ], 'IncidentAggregationExpression' => [ 'description' => '事件聚合周期配置。', 'type' => 'string', 'example' => '5m', ], 'PlaybookUuid' => [ 'description' => '剧本UUID。', 'type' => 'string', 'example' => 'dde983ed-eb56-45ea-ac2e-3b12b2a9****', ], 'PlaybookParameters' => [ 'description' => '剧本用户自定义参数。', 'type' => 'string', 'example' => '{'."\n" .' "ip": {'."\n" .' "ip": "124.23.*.*"'."\n" .' }'."\n" .'}', ], 'Playbook' => [ 'description' => '剧本的XML配置。', 'type' => 'object', 'properties' => [ 'Flow' => [ 'description' => '剧本流程配置。', 'type' => 'string', 'example' => '['."\n" .' {'."\n" .' "id": "EndEvent_1fqpq4h",'."\n" .' "zIndex": 1,'."\n" .' "data": {'."\n" .' "nodeType": "endEvent",'."\n" .' "appType": "basic",'."\n" .' "valueData": {'."\n" ."\n" .' },'."\n" .' "icon": "icon-radio-off-full"'."\n" .' },'."\n" .' "position": {'."\n" .' "x": 1369,'."\n" .' "y": 174'."\n" .' }'."\n" .' }'."\n" .']', ], 'Config' => [ 'description' => '调用剧本入参配置。', 'type' => 'string', 'example' => '['."\n" .' {'."\n" .' "name": "expireDay",'."\n" .' "dataType": "Integer",'."\n" .' "required": true,'."\n" .' "isArray": false,'."\n" .' "example": "7",'."\n" .' "description": "desc",'."\n" .' "typeName": "Integer",'."\n" .' "dataClass": "normal",'."\n" .' "stanchDefaultValue": "7"'."\n" .' }'."\n" .']', ], ], ], 'EntityMappings' => [ 'description' => '实体映射配置。', 'type' => 'array', 'items' => [ 'description' => '实体映射配置。', 'type' => 'object', 'properties' => [ 'NormalizationSchemaId' => [ 'description' => '实体类型ID。', 'type' => 'string', 'example' => 'ip', ], 'NormalizationFieldMappings' => [ 'description' => '实体映射配置。', 'type' => 'array', 'items' => [ 'description' => '实体映射配置。', 'type' => 'object', 'properties' => [ 'NormalizationFieldName' => [ 'description' => '实体标准字段。', 'type' => 'string', 'example' => 'src_ip', ], 'MappingFieldName' => [ 'description' => '映射字段。', 'type' => 'string', 'example' => 'ip', ], 'NormalizationFieldType' => [ 'description' => '实体标准字段数据类型。', 'type' => 'string', 'example' => 'vachar', ], ], ], ], ], ], ], 'AlertName' => [ 'description' => '告警名称，支持使用$$引用查询输出字段', 'type' => 'string', 'example' => 'Detected high-frequency multi-type network attacks from $src_ip$', ], 'AlertDescription' => [ 'description' => '告警描述，支持使用$$引用查询输出字段', 'type' => 'string', 'example' => 'Alert from: $product_code$, detected network attack from $src_ip$, affected assets include: $dst_ip$', ], ], ], ], 'PageNumber' => [ 'description' => '分页参数：当前页码。', 'type' => 'integer', 'format' => 'int32', 'example' => '2', ], 'PageSize' => [ 'description' => '分页参数：每页显示条数。', 'type' => 'integer', 'format' => 'int32', 'example' => '10', ], 'TotalCount' => [ 'description' => '记录总数。', 'type' => 'integer', 'format' => 'int32', 'example' => '6', ], 'MaxResults' => [ 'description' => '本次读取的最大数据量。', 'type' => 'integer', 'format' => 'int32', 'example' => '50', ], 'NextToken' => [ 'description' => '下一个查询开始Token。', 'type' => 'string', 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****', ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'IdempotentParameterMismatch', 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"508DCFFD-4508-54BF-A8A0-E97A0FA6****\\",\\n \\"DetectionRules\\": [\\n {\\n \\"CreateTime\\": 0,\\n \\"UpdateTime\\": 0,\\n \\"DetectionRuleId\\": \\"jndi-attack-success_http_netstat\\",\\n \\"DetectionRuleName\\": \\"Detect Discovery Behavior for Local Systems Groups\\\\n\\",\\n \\"DetectionRuleDescription\\": \\"Check the enumeration behavior of local system groups. An attacker may attempt to find the Local Systems group and its permission settings.\\",\\n \\"DetectionRuleType\\": \\"custom\\",\\n \\"DetectionRuleStatus\\": \\"enabled\\",\\n \\"DetectionExpressionType\\": \\"playbook\\",\\n \\"DetectionExpressionContent\\": \\"*|set session mode=scan;SELECT * FROM log\\\\nWHERE schema = \'PROCESS_START_ACTIVITY\'\\\\nAND (\\\\n proc_path LIKE \'%/groups\'\\\\n OR (\\\\n (\\\\n proc_path LIKE \'%/cat\'\\\\n OR proc_path LIKE \'%/head\'\\\\n OR proc_path LIKE \'%/tail\'\\\\n OR proc_path LIKE \'%/more\'\\\\n )\\\\n AND cmdline LIKE \'%/etc/group%\'\\\\n )\\\\n)\\",\\n \\"LogCategoryId\\": \\"NETWORK_CATEGORY\\",\\n \\"LogSchemaId\\": \\"API_RISK_ACTIVITY\\",\\n \\"AlertSchemaId\\": \\"ALERT_ACTIVITY\\",\\n \\"ScheduleType\\": \\"fixed_rate\\",\\n \\"ScheduleExpression\\": \\"5m\\",\\n \\"ScheduleMaxRetries\\": 1,\\n \\"ScheduleBeginTime\\": 1733269771123,\\n \\"ScheduleWindow\\": \\"5m\\",\\n \\"ScheduleMaxTimeout\\": 60,\\n \\"AlertType\\": \\"WebShell\\",\\n \\"AlertLevel\\": \\"1\\",\\n \\"AlertTacticId\\": \\"TA0042\\",\\n \\"AlertAttCk\\": \\"Discovery\\",\\n \\"AlertThresholdPeriod\\": \\"5m\\",\\n \\"AlertThresholdCount\\": 10,\\n \\"AlertThresholdGroup\\": \\"alert_type,ip\\",\\n \\"IncidentAggregationType\\": \\"passthrough\\",\\n \\"IncidentAggregationExpression\\": \\"5m\\",\\n \\"PlaybookUuid\\": \\"dde983ed-eb56-45ea-ac2e-3b12b2a9****\\",\\n \\"PlaybookParameters\\": \\"{\\\\n \\\\\\"ip\\\\\\": {\\\\n \\\\\\"ip\\\\\\": \\\\\\"124.23.*.*\\\\\\"\\\\n }\\\\n}\\",\\n \\"Playbook\\": {\\n \\"Flow\\": \\"[\\\\n {\\\\n \\\\\\"id\\\\\\": \\\\\\"EndEvent_1fqpq4h\\\\\\",\\\\n \\\\\\"zIndex\\\\\\": 1,\\\\n \\\\\\"data\\\\\\": {\\\\n \\\\\\"nodeType\\\\\\": \\\\\\"endEvent\\\\\\",\\\\n \\\\\\"appType\\\\\\": \\\\\\"basic\\\\\\",\\\\n \\\\\\"valueData\\\\\\": {\\\\n\\\\n },\\\\n \\\\\\"icon\\\\\\": \\\\\\"icon-radio-off-full\\\\\\"\\\\n },\\\\n \\\\\\"position\\\\\\": {\\\\n \\\\\\"x\\\\\\": 1369,\\\\n \\\\\\"y\\\\\\": 174\\\\n }\\\\n }\\\\n]\\",\\n \\"Config\\": \\"[\\\\n {\\\\n \\\\\\"name\\\\\\": \\\\\\"expireDay\\\\\\",\\\\n \\\\\\"dataType\\\\\\": \\\\\\"Integer\\\\\\",\\\\n \\\\\\"required\\\\\\": true,\\\\n \\\\\\"isArray\\\\\\": false,\\\\n \\\\\\"example\\\\\\": \\\\\\"7\\\\\\",\\\\n \\\\\\"description\\\\\\": \\\\\\"desc\\\\\\",\\\\n \\\\\\"typeName\\\\\\": \\\\\\"Integer\\\\\\",\\\\n \\\\\\"dataClass\\\\\\": \\\\\\"normal\\\\\\",\\\\n \\\\\\"stanchDefaultValue\\\\\\": \\\\\\"7\\\\\\"\\\\n }\\\\n]\\"\\n },\\n \\"EntityMappings\\": [\\n {\\n \\"NormalizationSchemaId\\": \\"ip\\",\\n \\"NormalizationFieldMappings\\": [\\n {\\n \\"NormalizationFieldName\\": \\"src_ip\\",\\n \\"MappingFieldName\\": \\"ip\\",\\n \\"NormalizationFieldType\\": \\"vachar\\"\\n }\\n ]\\n }\\n ],\\n \\"AlertName\\": \\"Detected high-frequency multi-type network attacks from $src_ip$\\",\\n \\"AlertDescription\\": \\"Alert from: $product_code$, detected network attack from $src_ip$, affected assets include: $dst_ip$\\"\\n }\\n ],\\n \\"PageNumber\\": 2,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 6,\\n \\"MaxResults\\": 50,\\n \\"NextToken\\": \\"AAAAAUqcj6VO4E3ECWIrFczs****\\"\\n}","type":"json"}]', 'title' => '获取自定义规则列表', 'description' => '发送通知有频率和时间的限定。'."\n" .'每天每个用户在08:00-20:00点最多收到两次通知，其余时间不会发送。', ], 'GetDetectionStatistic' => [ 'summary' => '获取检测规则计数。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsasASHGE7', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6FB890AC-90B2-5EEA-845B-F7C86FB2****', ], 'DetectionStatistic' => [ 'description' => '检测规则计数结果。', 'type' => 'object', 'properties' => [ 'DetectionRuleOnlineCount' => [ 'description' => '在线规则数。', 'type' => 'integer', 'format' => 'int32', 'example' => '10', ], 'DetectionRuleTestCount' => [ 'description' => '测试规则数。', 'type' => 'integer', 'format' => 'int32', 'example' => '5', ], 'DetectionRuleTemplateCount' => [ 'description' => '规则模版数。', 'type' => 'integer', 'format' => 'int32', 'example' => '20', ], 'GraphComputeRuleCount' => [ 'description' => '图计算规则数。', 'type' => 'integer', 'format' => 'int32', 'example' => '12', ], 'WindowRuleCount' => [ 'description' => '同类聚合规则数。', 'type' => 'integer', 'format' => 'int32', 'example' => '6', ], 'PassthroughRuleCount' => [ 'description' => '告警透传规则数。', 'type' => 'integer', 'format' => 'int32', 'example' => '2', ], ], ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'IdempotentParameterMismatch', 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6FB890AC-90B2-5EEA-845B-F7C86FB2****\\",\\n \\"DetectionStatistic\\": {\\n \\"DetectionRuleOnlineCount\\": 10,\\n \\"DetectionRuleTestCount\\": 5,\\n \\"DetectionRuleTemplateCount\\": 20,\\n \\"GraphComputeRuleCount\\": 12,\\n \\"WindowRuleCount\\": 6,\\n \\"PassthroughRuleCount\\": 2\\n }\\n}","type":"json"}]', 'title' => '获取检测规则计数', ], 'GetIncident' => [ 'summary' => '获取事件详情。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsasASHGE7', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'IncidentUuid', 'in' => 'formData', 'schema' => [ 'description' => '事件UUID。', 'type' => 'string', 'required' => false, 'example' => '85ea4241-798f-4684-a876-65d4f0c3****', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'description' => '请求消息ID。', 'type' => 'string', 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', ], 'Incident' => [ 'description' => '事件信息。', 'type' => 'object', 'properties' => [ 'CreateTime' => [ 'description' => '创建时间。', 'type' => 'integer', 'format' => 'int64', 'example' => '1757386075000', ], 'UpdateTime' => [ 'description' => '更新时间。', 'type' => 'integer', 'format' => 'int64', 'example' => '1757386075000', ], 'IncidentUuid' => [ 'description' => '事件UUID。', 'type' => 'string', 'example' => '85ea4241-798f-4684-a876-65d4f0c3****', ], 'Owner' => [ 'title' => '事件责任人', 'description' => '事件责任人', 'type' => 'string', 'example' => '1234567890xxxxxx', ], 'IncidentDescription' => [ 'description' => '事件描述。', 'type' => 'string', 'example' => 'Forti incident desc', ], 'IncidentName' => [ 'description' => '事件名称。', 'type' => 'string', 'example' => 'Forti', ], 'ThreatLevel' => [ 'description' => '威胁等级。取值：'."\n" .'- 5：严重。'."\n" .'- 4：高危。'."\n" .'- 3：中危。'."\n" .'- 2：低危。'."\n" .'- 1：信息。', 'type' => 'string', 'example' => '2', ], 'IncidentAggregationType' => [ 'description' => '事件聚合类型。取值：'."\n" ."\n" .'- none：不生成事件'."\n" .'- graph_compute：图计算（预定义规则支持）'."\n" .'- expert：专家规则'."\n" .'- passthrough：告警透出（1对1）'."\n" .'- window：同类聚合（窗口）', 'type' => 'string', 'example' => 'window', ], 'ThreatScore' => [ 'description' => '事件的威胁分值, 范围 0~100, 分值越高风险等级越高。', 'type' => 'string', 'example' => '90', ], 'DetectionRuleId' => [ 'description' => '检测规则ID。', 'type' => 'string', 'example' => 'dr-fy2zvgiykjifbiim****', ], 'RelateAlertCount' => [ 'description' => '事件关联告警数。', 'type' => 'integer', 'format' => 'int32', 'example' => '23', ], 'RelateAssetCount' => [ 'description' => '事件关联资产数。', 'type' => 'integer', 'format' => 'int32', 'example' => '2', ], 'IncidentRemark' => [ 'description' => '事件备注。', 'type' => 'string', 'example' => 'Remark', ], 'AttckTactics' => [ 'description' => '事件关联告警攻击阶段计数。', 'type' => 'any', 'example' => '{'."\n" .' "AttckTactics": ['."\n" .' {'."\n" .' "tacticName": "Reconnaissance",'."\n" .' "alertNum": 0,'."\n" .' "tacticId": "TA0040"'."\n" .' }'."\n" .' ]'."\n" .'}', ], 'IncidentTags' => [ 'description' => '事件标签。', 'type' => 'string', 'example' => '["sys:data_source:waf"]', ], 'RelateDataSourceIds' => [ 'description' => '关联的数据源列表。', 'type' => 'any', 'example' => '["siem"]', ], 'RelateUserIds' => [ 'description' => '事件关联用户ID列表。', 'type' => 'any', 'example' => '["176618589410****","1130916744888****"]', ], 'IncidentStatus' => [ 'description' => '事件状态。取值：'."\n" .'- 0：未处理。'."\n" .'- 1：处理中。'."\n" .'- 5：处理失败。'."\n" .'- 10：已处理。', 'type' => 'integer', 'format' => 'int32', 'example' => '0', ], ], ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'IdempotentParameterMismatch', 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\",\\n \\"Incident\\": {\\n \\"CreateTime\\": 1757386075000,\\n \\"UpdateTime\\": 1757386075000,\\n \\"IncidentUuid\\": \\"85ea4241-798f-4684-a876-65d4f0c3****\\",\\n \\"Owner\\": \\"1234567890xxxxxx\\",\\n \\"IncidentDescription\\": \\"Forti incident desc\\",\\n \\"IncidentName\\": \\"Forti\\",\\n \\"ThreatLevel\\": \\"2\\",\\n \\"IncidentAggregationType\\": \\"window\\",\\n \\"ThreatScore\\": \\"90\\",\\n \\"DetectionRuleId\\": \\"dr-fy2zvgiykjifbiim****\\",\\n \\"RelateAlertCount\\": 23,\\n \\"RelateAssetCount\\": 2,\\n \\"IncidentRemark\\": \\"Remark\\",\\n \\"AttckTactics\\": \\"{\\\\n\\\\t\\\\\\"AttckTactics\\\\\\": [\\\\n\\\\t\\\\t{\\\\n\\\\t\\\\t\\\\t\\\\\\"tacticName\\\\\\": \\\\\\"Reconnaissance\\\\\\",\\\\n\\\\t\\\\t\\\\t\\\\\\"alertNum\\\\\\": 0,\\\\n\\\\t\\\\t\\\\t\\\\\\"tacticId\\\\\\": \\\\\\"TA0040\\\\\\"\\\\n\\\\t\\\\t}\\\\n\\\\t]\\\\n}\\",\\n \\"IncidentTags\\": \\"[\\\\\\"sys:data_source:waf\\\\\\"]\\",\\n \\"RelateDataSourceIds\\": \\"[\\\\\\"siem\\\\\\"]\\",\\n \\"RelateUserIds\\": \\"[\\\\\\"176618589410****\\\\\\",\\\\\\"1130916744888****\\\\\\"]\\",\\n \\"IncidentStatus\\": 0\\n }\\n}","type":"json"}]', 'title' => '获取事件详情', ], 'ListIncidents' => [ 'summary' => '获取事件列表。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'list', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsasASHGE7', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'IncidentName', 'in' => 'query', 'schema' => [ 'description' => '事件名称。', 'type' => 'string', 'required' => false, 'example' => 'ECS unusual log in', ], ], [ 'name' => 'IncidentUuids', 'in' => 'query', 'style' => 'simple', 'schema' => [ 'description' => '事件UUID列表，多个UUID以半角逗号分隔。', 'type' => 'array', 'items' => [ 'description' => '事件UUID列表，多个UUID以半角逗号分隔。', 'type' => 'string', 'required' => false, 'example' => '85ea4241-798f-4684-a876-65d4f0c3****,90ea4241-798f-4684-a876-65d4f0c3****'."\n" ."\n", ], 'required' => false, ], ], [ 'name' => 'IncidentStatus', 'in' => 'formData', 'schema' => [ 'description' => '事件状态。取值：'."\n" .'- 0：未处理。'."\n" .'- 1：处理中。'."\n" .'- 5：处理失败。'."\n" .'- 10：已处理。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '0', ], ], [ 'name' => 'ThreatLevel', 'in' => 'formData', 'style' => 'repeatList', 'schema' => [ 'description' => '威胁等级。取值：'."\n" .'- 5：严重。'."\n" .'- 4：高危。'."\n" .'- 3：中危。'."\n" .'- 2：低危。'."\n" .'- 1：信息。', 'type' => 'array', 'items' => [ 'description' => '威胁等级。取值：'."\n" .'- 5：严重。'."\n" .'- 4：高危。'."\n" .'- 3：中危。'."\n" .'- 2：低危。'."\n" .'- 1：信息。', 'type' => 'string', 'required' => false, 'example' => '2', ], 'required' => false, 'maxItems' => 100, ], ], [ 'name' => 'RelateAssetId', 'in' => 'formData', 'schema' => [ 'description' => '事件关联的资产ID。', 'type' => 'string', 'required' => false, 'example' => '6c740667-80b2-476d-8924-2e706feb****'."\n", ], ], [ 'name' => 'RelateEntityId', 'in' => 'formData', 'schema' => [ 'description' => '事件关联的实体ID。', 'type' => 'string', 'required' => false, 'example' => 'b920ed22259f5412099e97dfda96****', ], ], [ 'name' => 'IncidentTags', 'in' => 'formData', 'schema' => [ 'title' => '', 'description' => '事件标签。', 'type' => 'string', 'required' => false, 'example' => '[{\\"data_source\\":[\\"sas\\"]}]', ], ], [ 'name' => 'AlertUuid', 'in' => 'formData', 'schema' => [ 'description' => '告警ID。', 'type' => 'string', 'required' => false, 'example' => 'sas_71e24437d2797ce8fc59692905a4****', ], ], [ 'name' => 'StartTime', 'in' => 'formData', 'schema' => [ 'description' => '开始时间的时间戳，精确到毫秒（ms）。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '1690102943000', ], ], [ 'name' => 'EndTime', 'in' => 'formData', 'schema' => [ 'description' => '结束时间的时间戳，精确到毫秒（ms）。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '1749090526055', ], ], [ 'name' => 'OrderFieldName', 'in' => 'formData', 'schema' => [ 'description' => '列表排序字段名称。'."\n" .'- GmtModified：事件更新时间（默认）。'."\n" .'- ThreatScore：威胁评分。', 'type' => 'string', 'required' => false, 'example' => 'GmtModified', ], ], [ 'name' => 'OrderDirection', 'in' => 'formData', 'schema' => [ 'description' => '排序方向。取值：'."\n" .'- **desc**（默认值）：倒序。'."\n" .'- **asc**：正序。', 'type' => 'string', 'required' => false, 'example' => 'desc', ], ], [ 'name' => 'PageNumber', 'in' => 'formData', 'schema' => [ 'description' => '分页参数：当前页码。', 'type' => 'integer', 'format' => 'int32', 'required' => true, 'minimum' => '1', 'example' => '1', ], ], [ 'name' => 'PageSize', 'in' => 'formData', 'schema' => [ 'description' => '分页参数：每页显示条数。', 'type' => 'integer', 'format' => 'int32', 'required' => true, 'maximum' => '100', 'minimum' => '1', 'example' => '10', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'RoleType', 'in' => 'formData', 'schema' => [ 'description' => '视图类型。取值：'."\n" .'- 0：当前阿里云账号视图。'."\n" .'- 1：企业下所有账号的视图。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', ], ], [ 'name' => 'MaxResults', 'in' => 'formData', 'schema' => [ 'description' => '本次读取的最大数据量。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '10', ], ], [ 'name' => 'NextToken', 'in' => 'formData', 'schema' => [ 'description' => '是否拥有下一次查询的令牌（Token）。取值：第一次查询和没有下一次查询时，均无需填写。如果有下一次查询，取值为上一次API调用返回的NextToken值。', 'type' => 'string', 'required' => false, 'example' => 'AAAAASLVeIxed4466E0LVmGkzwS6hJKd9DGVGMDRM6Lu****', ], ], [ 'name' => 'Owners', 'in' => 'formData', 'style' => 'repeatList', 'schema' => [ 'title' => '事件责任人账号uid', 'description' => '事件责任人账号uid', 'type' => 'array', 'items' => [ 'title' => '事件责任人账号uid', 'description' => '事件责任人账号uid', 'type' => 'string', 'required' => false, 'example' => '1234567890xxxxxx', ], 'required' => false, 'maxItems' => 100, ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], 'Incidents' => [ 'description' => '事件列表。', 'type' => 'array', 'items' => [ 'description' => '事件。', 'type' => 'object', 'properties' => [ 'IncidentName' => [ 'description' => '事件名称。', 'type' => 'string', 'example' => 'ECS unusual log in', ], 'ThreatLevel' => [ 'description' => '威胁等级。取值：'."\n" .'- 5：严重。'."\n" .'- 4：高危。'."\n" .'- 3：中危。'."\n" .'- 2：低危。'."\n" .'- 1：信息。', 'type' => 'string', 'example' => '2', ], 'IncidentStatus' => [ 'description' => '事件状态。取值：'."\n" .'- 0：未处理。'."\n" .'- 1：处理中。'."\n" .'- 5：处理失败。'."\n" .'- 10：已处理。', 'type' => 'integer', 'format' => 'int32', 'example' => '0', ], 'Owner' => [ 'title' => '事件责任人账号uid'."\n", 'description' => '事件责任人账号uid'."\n", 'type' => 'string', 'example' => '1234567890xxxxxx', ], 'CreateTime' => [ 'description' => '创建时间。', 'type' => 'integer', 'format' => 'int64', 'example' => '1603248483000', ], 'UpdateTime' => [ 'description' => '更新时间。', 'type' => 'integer', 'format' => 'int64', 'example' => '1603248483000', ], 'RelateAssetCount' => [ 'description' => '事件关联资产数。', 'type' => 'integer', 'format' => 'int32', 'example' => '4', ], 'IncidentUuid' => [ 'description' => '事件UUID。', 'type' => 'string', 'example' => 'dbb1d7211c9285c862aa89385098****', ], 'IncidentRemark' => [ 'description' => '事件备注。', 'type' => 'string', 'example' => 'remark', ], 'RelateAlertCount' => [ 'description' => '事件关联告警数。', 'type' => 'integer', 'format' => 'int32', 'example' => '3', ], 'IncidentTags' => [ 'title' => '事件标签。', 'description' => '事件标签。', 'type' => 'string', 'example' => '["sys:data_source:siem","sys:trigger_type:auto"]', ], 'DetectionRuleId' => [ 'description' => '检测规则ID。', 'type' => 'string', 'example' => 'dr-qo5ww6ux0uc28*****', ], ], ], ], 'PageNumber' => [ 'description' => '分页参数：当前页码。', 'type' => 'integer', 'format' => 'int32', 'example' => '1', ], 'PageSize' => [ 'description' => '分页参数：每页显示条数。', 'type' => 'integer', 'format' => 'int32', 'example' => '10', ], 'TotalCount' => [ 'description' => '记录总数。', 'type' => 'integer', 'format' => 'int32', 'example' => '57', ], 'MaxResults' => [ 'description' => '本次读取的最大数据量。', 'type' => 'integer', 'format' => 'int32', 'example' => '50', ], 'NextToken' => [ 'description' => '是否拥有下一次查询的令牌（Token）。取值：第一次查询和没有下一次查询时，均无需填写。如果有下一次查询，取值为上一次API调用返回的NextToken值。', 'type' => 'string', 'example' => 'AAAAAUqcj6VO4E3ECWIrFczs****', ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'IdempotentParameterMismatch', 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"Incidents\\": [\\n {\\n \\"IncidentName\\": \\"ECS unusual log in\\",\\n \\"ThreatLevel\\": \\"2\\",\\n \\"IncidentStatus\\": 0,\\n \\"Owner\\": \\"1234567890xxxxxx\\",\\n \\"CreateTime\\": 1603248483000,\\n \\"UpdateTime\\": 1603248483000,\\n \\"RelateAssetCount\\": 4,\\n \\"IncidentUuid\\": \\"dbb1d7211c9285c862aa89385098****\\",\\n \\"IncidentRemark\\": \\"remark\\",\\n \\"RelateAlertCount\\": 3,\\n \\"IncidentTags\\": \\"[\\\\\\"sys:data_source:siem\\\\\\",\\\\\\"sys:trigger_type:auto\\\\\\"]\\",\\n \\"DetectionRuleId\\": \\"dr-qo5ww6ux0uc28*****\\"\\n }\\n ],\\n \\"PageNumber\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 57,\\n \\"MaxResults\\": 50,\\n \\"NextToken\\": \\"AAAAAUqcj6VO4E3ECWIrFczs****\\"\\n}","type":"json"}]', 'title' => '获取事件列表', ], 'CreateExportTask' => [ 'summary' => '创建导出任务。', 'methods' => [ 'post', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'create', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsasASHGE7', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'ExportTaskParameter', 'in' => 'formData', 'schema' => [ 'description' => '导出任务参数，基于查询条件拼接为，格式为json。', 'type' => 'string', 'required' => false, 'example' => '{'."\n" .' "IncidentName": "name",'."\n" .' "IncidentStatus": "1",'."\n" .' "ThreatLevel":["1","2"],'."\n" .' "IncidentUuids":"315EE627-39DC-560A-8DFD-CBF66AD9****"'."\n" .'}', ], ], [ 'name' => 'ExportTaskType', 'in' => 'formData', 'schema' => [ 'description' => '导出类型。取值：'."\n" .'- incident_list：事件列表。', 'type' => 'string', 'required' => false, 'example' => 'incident_list', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'description' => '请求消息ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], 'FileName' => [ 'description' => '导出文件的名称。', 'type' => 'string', 'example' => 'event_1193842352994186_17344888****.xlsx', ], 'Id' => [ 'description' => '导出任务ID。', 'type' => 'integer', 'format' => 'int64', 'example' => '400151', ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'IdempotentParameterMismatch', 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\",\\n \\"FileName\\": \\"event_1193842352994186_17344888****.xlsx\\",\\n \\"Id\\": 400151\\n}","type":"json"}]', 'title' => '创建导出任务', ], 'GetExportTask' => [ 'summary' => '获取导出任务进度。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsasASHGE7', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'ExportId', 'in' => 'formData', 'schema' => [ 'description' => '导出任务的ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '200013', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => '返回体。', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'description' => '请求消息ID。', 'type' => 'string', 'example' => '9AAA9ED9-78F4-5021-86DC-D51C7511****', ], 'FileName' => [ 'description' => '文件名称。', 'type' => 'string', 'example' => 'event_1193842352994186_17344888****.xlsx', ], 'Id' => [ 'description' => '导出任务ID。', 'type' => 'integer', 'format' => 'int64', 'example' => '400185', ], 'ExportType' => [ 'description' => '导出类型。取值：'."\n" .'- incident_list：事件列表。', 'type' => 'string', 'example' => 'incident_list', ], 'ExportStatus' => [ 'description' => '任务状态。取值：'."\n" .'- success：导出成功。'."\n" .'- exporting：导出中。', 'type' => 'string', 'example' => 'success', ], 'Progress' => [ 'description' => '导出进度。', 'type' => 'integer', 'format' => 'int32', 'example' => '66', ], 'GmtCreate' => [ 'description' => '创建时间。', 'type' => 'string', 'example' => '1605076118000', ], 'Link' => [ 'description' => '导出后Excel的下载链接。', 'type' => 'string', 'example' => 'https://cloud-siem-user-dataset.oss-cn-shanghai.aliyuncs.com/export_file/17661858******5/event_17661858******5_175748****.xlsx', ], ], ], ], ], 'errorCodes' => [ 400 => [ [ 'errorCode' => 'IdempotentParameterMismatch', 'errorMessage' => 'The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.', ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"9AAA9ED9-78F4-5021-86DC-D51C7511****\\",\\n \\"FileName\\": \\"event_1193842352994186_17344888****.xlsx\\",\\n \\"Id\\": 400185,\\n \\"ExportType\\": \\"incident_list\\",\\n \\"ExportStatus\\": \\"success\\",\\n \\"Progress\\": 66,\\n \\"GmtCreate\\": \\"1605076118000\\",\\n \\"Link\\": \\"https://cloud-siem-user-dataset.oss-cn-shanghai.aliyuncs.com/export_file/17661858******5/event_17661858******5_175748****.xlsx\\"\\n}","type":"json"}]', 'title' => '获取导出任务进度', ], 'UpdateNormalizationSchema' => [ 'summary' => '更新标准化结构。', 'methods' => [ 'post', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'update', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地。'."\n" .'- ap-southeast-1：资产属于海外地域。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'NormalizationSchemaType', 'in' => 'formData', 'schema' => [ 'title' => '标准化结构类型，当前仅支持log。', 'description' => '标准化结构类型：'."\n" .'- log - 日志。'."\n" .'- entity - 实体。', 'type' => 'string', 'required' => true, 'example' => 'log', ], ], [ 'name' => 'NormalizationSchemaId', 'in' => 'formData', 'schema' => [ 'title' => '标准化结构ID。', 'description' => '标准化结构ID。', 'type' => 'string', 'required' => true, 'example' => 'WAF_ALERT_ACTIVITY', ], ], [ 'name' => 'NormalizationSchemaName', 'in' => 'formData', 'schema' => [ 'title' => '标准化结构名称。', 'description' => '标准化结构名称。', 'type' => 'string', 'required' => true, 'example' => 'ProcessQuery', ], ], [ 'name' => 'NormalizationSchemaDescription', 'in' => 'formData', 'schema' => [ 'title' => '标准化结构描述', 'description' => '标准化结构描述', 'type' => 'string', 'required' => false, 'example' => 'ProcessQuery', ], ], [ 'name' => 'NormalizationFields', 'in' => 'formData', 'style' => 'repeatList', 'schema' => [ 'description' => '标准化字段。', 'type' => 'array', 'items' => [ 'title' => '', 'description' => '标准化字段。', 'type' => 'object', 'properties' => [ 'NormalizationFieldName' => [ 'title' => '标准化字段名。', 'description' => '标准化字段名。', 'type' => 'string', 'required' => true, 'example' => 'cloud_user', ], 'NormalizationFieldType' => [ 'title' => '标准字段类型，支持text、long、double、json四种类型。', 'description' => '标准字段类型，支持text、long、double、json四种类型。', 'type' => 'string', 'required' => true, 'example' => 'varchar', ], 'NormalizationFieldRequired' => [ 'title' => '标准字段是否必填。', 'description' => '标准字段是否必填。', 'type' => 'boolean', 'required' => false, ], 'NormalizationFieldDescription' => [ 'title' => '标准字段描述。', 'description' => '标准字段描述。', 'type' => 'string', 'required' => false, 'example' => 'cloud_user', ], 'NormalizationFieldExample' => [ 'title' => '标准字段示例', 'description' => '标准字段示例', 'type' => 'string', 'required' => false, 'example' => '173326*******', ], 'NormalizationFieldFrom' => [ 'description' => 'json类型的标准字段key来源。', 'type' => 'string', 'required' => false, 'example' => 'preset', ], 'NormalizationFieldTokenize' => [ 'title' => '标准字段是否分词。', 'description' => '标准字段是否分词。', 'type' => 'boolean', 'required' => false, ], 'NormalizationFieldJsonIndexAll' => [ 'title' => 'json类型的标准字段是否针对所有key建立索引。', 'description' => 'json类型的标准字段是否针对所有key建立索引。', 'type' => 'boolean', 'required' => false, ], 'NormalizationFieldJsonKeys' => [ 'title' => 'json类型的标准字段key列表。', 'description' => 'json类型的标准字段key列表。', 'type' => 'array', 'items' => [ 'description' => 'json类型的标准字段key。', 'type' => 'object', 'properties' => [ 'NormalizationFieldName' => [ 'title' => 'json类型的标准字段key名称。', 'description' => 'json类型的标准字段key名称。', 'type' => 'string', 'required' => true, 'example' => 'alert_name', ], 'NormalizationFieldType' => [ 'title' => 'json类型的标准字段key类型，支持text、long、double、json四种类型', 'description' => 'json类型的标准字段key类型，支持text、long、double、json四种类型', 'type' => 'string', 'required' => true, 'example' => 'text', ], 'NormalizationFieldRequired' => [ 'title' => 'json类型的标准字段key是否必填。', 'description' => 'json类型的标准字段key是否必填。', 'type' => 'boolean', 'required' => false, ], 'NormalizationFieldDescription' => [ 'title' => 'json类型的标准字段key描述。', 'description' => 'json类型的标准字段key描述。', 'type' => 'string', 'required' => false, 'example' => '告警等级', ], 'NormalizationFieldExample' => [ 'title' => 'json类型的标准字段key示例。', 'description' => 'json类型的标准字段key示例。', 'type' => 'string', 'required' => false, 'example' => '枚举值：1、2、3、4、5', ], 'NormalizationFieldFrom' => [ 'description' => 'json类型的标准字段key来源。', 'type' => 'string', 'required' => false, 'example' => 'preset', ], 'NormalizationFieldTokenize' => [ 'title' => 'json类型的标准字段key是否分词。', 'description' => 'json类型的标准字段key是否分词。', 'type' => 'boolean', 'required' => false, 'example' => 'true', ], ], 'required' => false, ], 'required' => false, 'maxItems' => 100, ], ], 'required' => false, ], 'required' => false, 'maxItems' => 100, ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => 'Schema of Response', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'title' => '请求消息 ID。', 'description' => '请求消息 ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], ], ], ], ], 'errorCodes' => [], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', 'title' => '更新标准化结构', 'description' => '入参JsonConfig是一个非常复杂的JSON配置，为此我们提供了辅助工具类帮助具体配置示例，请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。', ], 'CreateNormalizationSchema' => [ 'summary' => '创建数据源。', 'methods' => [ 'post', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'create', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas5NAHBX', ], ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'formData', 'schema' => [ 'description' => '威胁分析的数据管理中心所在地。您需要根据资产所在地域，选择管理中心所在地。取值：'."\n" .'- cn-hangzhou：资产属于中国内地与中国香港'."\n" .'- ap-southeast-1：资产属于海外地域', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '返回消息的语言类型。取值：'."\n" .'- **zh**（默认）：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'RoleFor', 'in' => 'formData', 'schema' => [ 'description' => '管理员切换成其他成员视角的用户ID。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '113091674488****', ], ], [ 'name' => 'NormalizationSchemaType', 'in' => 'formData', 'schema' => [ 'title' => '标准化结构类型，当前仅支持log。', 'description' => '标准化结构类型：'."\n" .'- log - 日志。'."\n" .'- entity - 实体。', 'type' => 'string', 'required' => true, 'example' => 'log', ], ], [ 'name' => 'NormalizationSchemaId', 'in' => 'formData', 'schema' => [ 'title' => '标准化结构ID。', 'description' => '标准化结构ID。', 'type' => 'string', 'required' => true, 'example' => 'PROCESS_QUERY_DNS_ACTIVITY', ], ], [ 'name' => 'NormalizationSchemaName', 'in' => 'formData', 'schema' => [ 'title' => '标准化结构名称。', 'description' => '标准化结构名称。', 'type' => 'string', 'required' => true, 'example' => 'ProcessQuery', ], ], [ 'name' => 'NormalizationSchemaDescription', 'in' => 'formData', 'schema' => [ 'title' => '标准化结构描述', 'description' => '标准化结构描述', 'type' => 'string', 'required' => false, 'example' => 'ProcessQuery', ], ], [ 'name' => 'NormalizationCategoryId', 'in' => 'formData', 'schema' => [ 'title' => '标准化分类ID。', 'description' => '标准化分类ID。', 'type' => 'string', 'required' => true, 'example' => 'NETWORK_CATEGORY', ], ], [ 'name' => 'TargetLogStore', 'in' => 'formData', 'schema' => [ 'title' => '日志服务 LogStore。', 'description' => '日志服务 LogStore。', 'type' => 'string', 'required' => true, 'example' => 'xxx-activity', ], ], [ 'name' => 'NormalizationFields', 'in' => 'formData', 'style' => 'repeatList', 'schema' => [ 'description' => '标准化字段。', 'type' => 'array', 'items' => [ 'title' => '', 'description' => '标准化字段。', 'type' => 'object', 'properties' => [ 'NormalizationFieldName' => [ 'title' => '标准化字段名。', 'description' => '标准化字段名。', 'type' => 'string', 'required' => true, 'example' => 'cloud_user', ], 'NormalizationFieldType' => [ 'title' => '标准字段类型，支持text、long、double、json四种类型。', 'description' => '标准字段类型，支持text、long、double、json四种类型。', 'type' => 'string', 'required' => true, 'example' => 'varchar', ], 'NormalizationFieldRequired' => [ 'title' => '标准字段是否必填。', 'description' => '标准字段是否必填。', 'type' => 'boolean', 'required' => false, 'example' => 'true', ], 'NormalizationFieldDescription' => [ 'title' => '标准字段描述。', 'description' => '标准字段描述。', 'type' => 'string', 'required' => false, 'example' => 'cloud_user', ], 'NormalizationFieldFrom' => [ 'description' => 'json类型的标准字段key来源。', 'type' => 'string', 'required' => false, 'example' => 'preset', ], 'NormalizationFieldExample' => [ 'title' => '标准字段示例', 'description' => '标准字段示例', 'type' => 'string', 'required' => false, 'example' => '173326*******', ], 'NormalizationFieldTokenize' => [ 'title' => '标准字段是否分词。', 'description' => '标准字段是否分词。', 'type' => 'boolean', 'required' => false, 'example' => 'true', ], 'NormalizationFieldJsonIndexAll' => [ 'title' => 'json类型的标准字段是否针对所有key建立索引。', 'description' => 'json类型的标准字段是否针对所有key建立索引。', 'type' => 'boolean', 'required' => false, 'example' => 'true', ], 'NormalizationFieldJsonKeys' => [ 'title' => 'json类型的标准字段key列表。', 'description' => 'json类型的标准字段key列表。', 'type' => 'array', 'items' => [ 'description' => 'json类型的标准字段key。', 'type' => 'object', 'properties' => [ 'NormalizationFieldName' => [ 'title' => 'json类型的标准字段key名称。', 'description' => 'json类型的标准字段key名称。', 'type' => 'string', 'required' => true, 'example' => 'alert_level', ], 'NormalizationFieldType' => [ 'title' => 'json类型的标准字段key类型，支持text、long、double、json四种类型', 'description' => 'json类型的标准字段key类型，支持text、long、double、json四种类型', 'type' => 'string', 'required' => true, 'example' => 'text', ], 'NormalizationFieldRequired' => [ 'title' => 'json类型的标准字段key是否必填。', 'description' => 'json类型的标准字段key是否必填。', 'type' => 'boolean', 'required' => false, 'example' => 'true', ], 'NormalizationFieldDescription' => [ 'title' => 'json类型的标准字段key描述。', 'description' => 'json类型的标准字段key描述。', 'type' => 'string', 'required' => false, 'example' => 'The alert severity levels are represented by the values 1, 2, 3, and 4.', ], 'NormalizationFieldFrom' => [ 'description' => 'json类型的标准字段key来源。', 'type' => 'string', 'required' => false, 'example' => 'preset', ], 'NormalizationFieldExample' => [ 'title' => 'json类型的标准字段key示例。', 'description' => 'json类型的标准字段key示例。', 'type' => 'string', 'required' => false, 'example' => '1, 2, 3, 4', ], 'NormalizationFieldTokenize' => [ 'title' => 'json类型的标准字段key是否分词。', 'description' => 'json类型的标准字段key是否分词。', 'type' => 'boolean', 'required' => false, 'example' => 'true', ], ], 'required' => false, ], 'required' => false, 'maxItems' => 100, ], 'NormalizationFieldRequirement' => [ 'description' => '标准化字段是否必填。', 'type' => 'boolean', 'required' => false, 'example' => 'true', ], 'NormalizationFieldReserved' => [ 'description' => '标准化字段是否保留。', 'type' => 'boolean', 'required' => false, 'example' => 'true', ], ], 'required' => false, ], 'required' => false, 'maxItems' => 100, ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => 'Schema of Response', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'title' => '请求消息 ID。', 'description' => '请求消息 ID。', 'type' => 'string', 'example' => '6276D891-*****-55B2-87B9-74D413F7****', ], ], ], ], ], 'errorCodes' => [], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"6276D891-*****-55B2-87B9-74D413F7****\\"\\n}","type":"json"}]', 'title' => '创建标准化结构', 'description' => '入参JsonConfig是一个非常复杂的JSON配置，为此我们提供了辅助工具类帮助具体配置示例，请参考[Demo](https://github.com/aliyun/cloud-siem-client/blob/master/src/main/java/com/aliyun/security/cloudsiem/client/sample/JobBuilderSample.java)。', ], ], 'endpoints' => [ [ 'regionId' => 'cn-shanghai', 'endpoint' => 'cloud-siem.cn-shanghai.aliyuncs.com', ], [ 'regionId' => 'ap-southeast-1', 'endpoint' => 'cloud-siem.ap-southeast-1.aliyuncs.com', ], ], ];