'1.0', 'info' => [ 'style' => 'RPC', 'product' => 'SasRasp', 'version' => '2024-07-27', ], 'directories' => [ [ 'id' => 204496, 'title' => '攻击告警', 'type' => 'directory', 'children' => [ 'DescribeAttackProtectionCount', 'DescribeAttacks', 'DescribeAttacks', ], ], ], 'components' => [ 'schemas' => [], ], 'apis' => [ 'DescribeAttackProtectionCount' => [ 'summary' => '查看攻击防护计数。', 'methods' => [ 'get', 'post', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas30M8TS', ], 'autoTest' => true, 'tenantRelevance' => 'tenant', ], 'parameters' => [ [ 'name' => 'StartTimestamp', 'in' => 'query', 'schema' => [ 'description' => '开始时间（毫秒级时间戳）。', 'type' => 'integer', 'format' => 'int32', 'required' => true, 'example' => '1739289981765', ], ], [ 'name' => 'EndTimestamp', 'in' => 'query', 'schema' => [ 'description' => '结束时间（毫秒级时间戳）。', 'type' => 'integer', 'format' => 'int32', 'required' => true, 'example' => '1767456000000', ], ], [ 'name' => 'AgentType', 'in' => 'query', 'schema' => [ 'description' => '需要获取的 Agent 类型。', 'type' => 'string', 'required' => false, 'example' => 'sas', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => 'Schema of Response', 'type' => 'object', 'properties' => [ 'RequestId' => [ 'title' => 'Id of the request', 'description' => '唯一请求ID。', 'type' => 'string', 'example' => '400E8C8C-ADD3-5F25-9038-BDC057841D20', ], 'TotalRequestCount' => [ 'description' => '总请求数。', 'type' => 'integer', 'format' => 'int64', 'example' => '61134279', ], 'BlockHighCount' => [ 'description' => '阻断高危告警数。', 'type' => 'integer', 'format' => 'int64', 'example' => '0', ], 'BlockMediumCount' => [ 'description' => '阻断中危告警数。', 'type' => 'integer', 'format' => 'int64', 'example' => '0', ], 'BlockLowCount' => [ 'description' => '阻断低危告警数。', 'type' => 'integer', 'format' => 'int64', 'example' => '0', ], 'MonitorHighCount' => [ 'description' => '监控高危次数。', 'type' => 'integer', 'format' => 'int64', 'example' => '0', ], 'MonitorMediumCount' => [ 'description' => '监控中危次数。', 'type' => 'integer', 'format' => 'int64', 'example' => '0', ], 'MonitorLowCount' => [ 'description' => '监控低危次数。', 'type' => 'integer', 'format' => 'int64', 'example' => '0', ], ], ], ], ], 'staticInfo' => [ 'returnType' => 'synchronous', ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"400E8C8C-ADD3-5F25-9038-BDC057841D20\\",\\n \\"TotalRequestCount\\": 61134279,\\n \\"BlockHighCount\\": 0,\\n \\"BlockMediumCount\\": 0,\\n \\"BlockLowCount\\": 0,\\n \\"MonitorHighCount\\": 0,\\n \\"MonitorMediumCount\\": 0,\\n \\"MonitorLowCount\\": 0\\n}","type":"json"}]', 'title' => '查看攻击防护计数', ], 'DescribeAttacks' => [ 'summary' => '攻击告警页面下攻击信息详情', 'methods' => [ 'post', 'get', ], 'schemes' => [ 'https', ], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => [ 'FEATUREsas30M8TS', ], ], 'parameters' => [ [ 'name' => 'Lang', 'in' => 'formData', 'schema' => [ 'description' => '请求和接收消息的语言类型。取值：'."\n" .'- **zh**：中文。'."\n" .'- **en**：英文。', 'type' => 'string', 'required' => false, 'example' => 'zh', ], ], [ 'name' => 'Region', 'in' => 'query', 'schema' => [ 'description' => '区域（仅支持：cn-hangzhou）。', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', ], ], [ 'name' => 'AgentType', 'in' => 'query', 'schema' => [ 'description' => '需要获取的 Agent 类型（仅支持：sas）。', 'type' => 'string', 'required' => false, 'example' => 'sas', ], ], [ 'name' => 'ApplicationId', 'in' => 'query', 'schema' => [ 'description' => '应用ID。'."\n" .'> 您可以调用[DescribeSasApplications](~~DescribeSasApplications~~)获取该参数。', 'type' => 'string', 'required' => false, 'example' => '67e283ee866f097cf07d****', ], ], [ 'name' => 'StartTimestamp', 'in' => 'query', 'schema' => [ 'description' => '开始时间（时间戳，单位：毫秒）。', 'type' => 'integer', 'format' => 'int64', 'required' => true, 'example' => '1727281449756', ], ], [ 'name' => 'EndTimestamp', 'in' => 'query', 'schema' => [ 'description' => '结束时间（时间戳，单位：毫秒）。', 'type' => 'integer', 'format' => 'int64', 'required' => true, 'example' => '1737216000000', ], ], [ 'name' => 'PageNumber', 'in' => 'query', 'schema' => [ 'description' => '查询页码。默认值：1。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '4', ], ], [ 'name' => 'PageSize', 'in' => 'query', 'schema' => [ 'description' => '每页显示条例数。默认值：10。', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '10', ], ], [ 'name' => 'UnionId', 'in' => 'query', 'schema' => [ 'description' => '创建人的unionId(工号)。', 'type' => 'string', 'required' => false, 'example' => '2d14556b77cf1bf7c696e010aaa*****', ], ], [ 'name' => 'AttackUrl', 'in' => 'query', 'schema' => [ 'description' => '请求URL。', 'type' => 'string', 'required' => false, 'example' => 'http://aliyun.com', ], ], [ 'name' => 'AttackType', 'in' => 'query', 'schema' => [ 'description' => '攻击类型取值说明。取值：'."\n" .'- file_read：任意文件读取。'."\n" .'- sql：sql注入。'."\n" .'- xxe：XXE。'."\n" .'- ssrf：恶意外连。'."\n" .'- rce：命令执行。'."\n" .'- file：恶意文件读写。'."\n" .'- thread_inject：线程注入。'."\n" .'- file_upload：恶意文件上传。'."\n" .'- file_list：目录遍历。'."\n" .'- memory_shell：内存马注入。'."\n" .'- jni：JNI注入。'."\n" .'- dns：恶意DNS查询。'."\n" .'- reflect：恶意反射调用。'."\n" .'- file_delete：任意文件删除。'."\n" .'- jndi：JNDI注入。'."\n" .'- read_object：反序列化攻击。'."\n" .'- dangerous_protocol：危险协议使用。'."\n" .'- attach：恶意Attach。'."\n" .'- expression：表达式注入。'."\n" .'- engine：引擎注入。'."\n" .'- beans：恶意beans绑定。'."\n" .'- classloader：恶意类加载。'."\n" .'- jstl：JSTL任意文件包含。'."\n" .'- callable：回调函数执行。'."\n" .'- unserialize：反序列化。'."\n" .'- include：恶意文件包含。'."\n" .'- eval：任意代码执行。', 'type' => 'string', 'required' => false, 'example' => 'sql', ], ], [ 'name' => 'HandlerType', 'in' => 'query', 'schema' => [ 'description' => '处理方式取值说明。取值：'."\n" .'- monitor：监控。'."\n" .'- block：阻断。', 'type' => 'string', 'required' => false, 'example' => 'block', ], ], [ 'name' => 'Severity', 'in' => 'query', 'schema' => [ 'description' => '攻击危险等级取值说明。取值：'."\n" .'- low：低危。'."\n" .'- medium：中危。'."\n" .'- high：高危。', 'type' => 'string', 'required' => false, 'example' => 'high', ], ], [ 'name' => 'Hostname', 'in' => 'query', 'schema' => [ 'description' => '主机名。', 'type' => 'string', 'required' => false, 'example' => 'lshm-sec-waf-new-38', ], ], [ 'name' => 'Ip', 'in' => 'query', 'schema' => [ 'description' => '告警事件中的 IP 地址。', 'type' => 'string', 'required' => false, 'example' => '127.0.0.1', ], ], [ 'name' => 'AttackHostId', 'in' => 'query', 'schema' => [ 'description' => '攻击主机Id。', 'type' => 'string', 'required' => false, 'example' => '127.0.0.1', ], ], [ 'name' => 'RaspType', 'in' => 'query', 'schema' => [ 'description' => '应用语言取值说明。取值：'."\n" .'- java：Java。'."\n" .'- php：PHP。', 'type' => 'string', 'required' => false, 'example' => 'java', ], ], [ 'name' => 'Pid', 'in' => 'query', 'schema' => [ 'description' => '进程ID。', 'type' => 'string', 'required' => false, 'example' => '10359', ], ], [ 'name' => 'Remote', 'in' => 'query', 'schema' => [ 'description' => '攻击者IP。', 'type' => 'string', 'required' => false, 'example' => '127.0.0.1', ], ], [ 'name' => 'HandleStatus', 'in' => 'query', 'schema' => [ 'title' => '处置状态，值为0/1', 'description' => '处置状态，取值：'."\n" ."\n" .'- 0：未处置。'."\n" .'- 1：已处置。', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '0', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'type' => 'object', 'properties' => [ 'TotalCount' => [ 'description' => '总数。', 'type' => 'integer', 'format' => 'int64', 'example' => '289', ], 'RequestId' => [ 'description' => '请求ID。', 'type' => 'string', 'example' => '4E7772EA-1AD0-5583-BA55-A4E7B65F****', ], 'Attacks' => [ 'description' => '攻击数据列表。', 'type' => 'array', 'items' => [ 'description' => '攻击数据。', 'type' => 'object', 'properties' => [ 'MinTimestamp' => [ 'description' => '整个 Topic 目前存储的最新的消息的时间。', 'type' => 'integer', 'format' => 'int64', 'example' => '1727281449756', ], 'PayloadLength' => [ 'description' => '包长度最小值。', 'type' => 'integer', 'format' => 'int64', 'example' => '100', ], 'Message' => [ 'description' => '攻击信息。', 'type' => 'string', 'example' => '通过危险堆栈读取敏感文件', ], 'Os' => [ 'description' => '服务器的操作系统类型。', 'type' => 'string', 'example' => 'linux', ], 'AppDir' => [ 'description' => '应用目录。', 'type' => 'string', 'example' => '/app', ], 'Headers' => [ 'description' => '表头名称。', 'type' => 'string', 'example' => '{\'X-Total-Count\': 1}', ], 'Stacktrace' => [ 'description' => '堆栈跟踪列表。', 'type' => 'array', 'items' => [ 'description' => '堆栈跟踪。', 'type' => 'string', 'example' => 'null', ], ], 'OsVersion' => [ 'description' => '机型名。', 'type' => 'string', 'example' => 'aliyun_V3_5.1', ], 'Ip' => [ 'description' => 'ip信息。', 'type' => 'string', 'example' => '47.92.92.85', ], 'RaspVersion' => [ 'description' => 'Rasp版本。', 'type' => 'string', 'example' => 'php', ], 'UnionId' => [ 'description' => 'unionId。', 'type' => 'string', 'example' => '23yaet4dg6ek3s7aj', ], 'Remote' => [ 'description' => '攻击者IP。', 'type' => 'string', 'example' => '192.168.1.1', ], 'MiddlewareInstanceId' => [ 'description' => '中间件实例ID。', 'type' => 'string', 'example' => 'null', ], 'Time' => [ 'description' => '最新发生时间，单位：秒。', 'type' => 'string', 'example' => '1724033134746', ], 'RuleResult' => [ 'description' => '防御状态。', 'type' => 'string', 'example' => '2', ], 'Count' => [ 'description' => '总条数。', 'type' => 'integer', 'format' => 'int64', 'example' => '1', ], 'MaxTimestamp' => [ 'description' => '整个 Topic 目前存储的最早的消息的时间。', 'type' => 'integer', 'format' => 'int64', 'example' => '1727281449756', ], 'Timestamp' => [ 'description' => '时间戳。', 'type' => 'integer', 'format' => 'int64', 'example' => '1712284140', ], 'Url' => [ 'description' => '请求URL。', 'type' => 'string', 'example' => 'https://other-general-huadong1.oss-cn-hangzhou.aliyuncs.com/uploadWidget/TaxiInvoice_01.jpeg', ], 'AppName' => [ 'description' => '应用名称。', 'type' => 'string', 'example' => 'zhxy', ], 'Result' => [ 'description' => '证书主题备用名。', 'type' => 'string', 'example' => '[{\'TagKey\': \'acs:rm:rgId\', \'TagValue\': \'rg-aek25bwhtt22cjq\'}]', ], 'Jdk' => [ 'description' => 'JDK版本。', 'type' => 'string', 'example' => '1.8.0_342', ], 'Language' => [ 'description' => '语言。', 'type' => 'string', 'example' => 'cn', ], 'Confidence' => [ 'description' => '置信度。', 'type' => 'string', 'example' => 'high', ], 'LanguageVersion' => [ 'description' => '应用描述语语言版本。', 'type' => 'string', 'example' => '1.0', ], 'Hostname' => [ 'description' => '主机名。', 'type' => 'string', 'example' => 'hostnames', ], 'Severity' => [ 'description' => 'Severity'."\n" .'攻击危险等级取值说明。取值：'."\n" .'- low：低危。'."\n" .'- medium：中危。'."\n" .'- high：高危。', 'type' => 'string', 'example' => 'low', ], 'Data' => [ 'description' => '返回数据。', 'type' => 'string', 'example' => '{\'All\': 12, \'Online\': 9}', ], 'Pid' => [ 'description' => '进程。', 'type' => 'string', 'example' => '29719', ], 'Method' => [ 'description' => '请求方法。', 'type' => 'string', 'example' => 'POST', ], 'HostId' => [ 'description' => '主机ID。', 'type' => 'string', 'example' => '100.116.60.78', ], 'Avd' => [ 'description' => '虚拟设备。', 'type' => 'string', 'example' => 'null', ], 'InputParamItemList' => [ 'description' => '输入参数项列表。', 'type' => 'array', 'items' => [ 'description' => '输入参数项。', 'type' => 'object', 'properties' => [ 'Value' => [ 'description' => '数值。', 'type' => 'string', 'example' => '10.101.9.189', ], 'ProcessedKey' => [ 'description' => '已处理密钥。', 'type' => 'string', 'example' => '4E7772EA-1AD0-5583-BA55-A4****', ], 'RawKey' => [ 'description' => '原密钥。', 'type' => 'string', 'example' => '4E7772EA-1AD0-5583-BA55-A4****', ], ], ], ], 'Type' => [ 'description' => '攻击类型。', 'type' => 'string', 'example' => 'exact', ], 'AppId' => [ 'description' => '应用ID。', 'type' => 'string', 'example' => '661dece60bb1', ], 'Content' => [ 'description' => '检测内容。', 'type' => 'string', 'example' => '{\'Exist\': \'false\'}', ], 'InstallType' => [ 'description' => '安装方式，取值：'."\n" ."\n" .'- 1：静态安装。'."\n" .'- 2：动态安装。'."\n" .'- 3: ACK安装。', 'type' => 'integer', 'format' => 'int64', 'example' => '1', ], 'Param' => [ 'description' => '数据库信息。', 'type' => 'string', 'example' => 'PUBLIC_CLOUD', ], 'OsArch' => [ 'description' => '系统架构。', 'type' => 'string', 'example' => 'linux', ], 'Region' => [ 'description' => '地理信息。', 'type' => 'string', 'example' => 'cn-shanghai', ], 'Payload' => [ 'description' => '响应体。', 'type' => 'string', 'example' => '245256', ], 'ContentLength' => [ 'description' => '内容长度。', 'type' => 'integer', 'format' => 'int64', 'example' => '1024', ], 'Cmdline' => [ 'description' => '进程命令行。', 'type' => 'string', 'example' => 'jar', ], 'HandleStatus' => [ 'title' => '告警处置状态', 'description' => '告警处置状态。', 'type' => 'integer', 'format' => 'int32', 'example' => '0', ], 'HandleTimestamp' => [ 'title' => '告警处置时间', 'description' => '告警处置时间。', 'type' => 'integer', 'format' => 'int64', 'example' => '1758607200', ], ], ], ], ], ], ], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"TotalCount\\": 289,\\n \\"RequestId\\": \\"4E7772EA-1AD0-5583-BA55-A4E7B65F****\\",\\n \\"Attacks\\": [\\n {\\n \\"MinTimestamp\\": 1727281449756,\\n \\"PayloadLength\\": 100,\\n \\"Message\\": \\"通过危险堆栈读取敏感文件\\",\\n \\"Os\\": \\"linux\\",\\n \\"AppDir\\": \\"/app\\",\\n \\"Headers\\": \\"{\'X-Total-Count\': 1}\\",\\n \\"Stacktrace\\": [\\n \\"null\\"\\n ],\\n \\"OsVersion\\": \\"aliyun_V3_5.1\\",\\n \\"Ip\\": \\"47.92.92.85\\",\\n \\"RaspVersion\\": \\"php\\",\\n \\"UnionId\\": \\"23yaet4dg6ek3s7aj\\",\\n \\"Remote\\": \\"192.168.1.1\\",\\n \\"MiddlewareInstanceId\\": \\"null\\",\\n \\"Time\\": \\"1724033134746\\",\\n \\"RuleResult\\": \\"2\\",\\n \\"Count\\": 1,\\n \\"MaxTimestamp\\": 1727281449756,\\n \\"Timestamp\\": 1712284140,\\n \\"Url\\": \\"https://other-general-huadong1.oss-cn-hangzhou.aliyuncs.com/uploadWidget/TaxiInvoice_01.jpeg\\",\\n \\"AppName\\": \\"zhxy\\",\\n \\"Result\\": \\"[{\'TagKey\': \'acs:rm:rgId\', \'TagValue\': \'rg-aek25bwhtt22cjq\'}]\\",\\n \\"Jdk\\": \\"1.8.0_342\\",\\n \\"Language\\": \\"cn\\",\\n \\"Confidence\\": \\"high\\",\\n \\"LanguageVersion\\": \\"1.0\\",\\n \\"Hostname\\": \\"hostnames\\",\\n \\"Severity\\": \\"low\\",\\n \\"Data\\": \\"{\'All\': 12, \'Online\': 9}\\",\\n \\"Pid\\": \\"29719\\",\\n \\"Method\\": \\"POST\\",\\n \\"HostId\\": \\"100.116.60.78\\",\\n \\"Avd\\": \\"null\\",\\n \\"InputParamItemList\\": [\\n {\\n \\"Value\\": \\"10.101.9.189\\",\\n \\"ProcessedKey\\": \\"4E7772EA-1AD0-5583-BA55-A4****\\",\\n \\"RawKey\\": \\"4E7772EA-1AD0-5583-BA55-A4****\\"\\n }\\n ],\\n \\"Type\\": \\"exact\\",\\n \\"AppId\\": \\"661dece60bb1\\",\\n \\"Content\\": \\"{\'Exist\': \'false\'}\\",\\n \\"InstallType\\": 1,\\n \\"Param\\": \\"PUBLIC_CLOUD\\",\\n \\"OsArch\\": \\"linux\\",\\n \\"Region\\": \\"cn-shanghai\\",\\n \\"Payload\\": \\"245256\\",\\n \\"ContentLength\\": 1024,\\n \\"Cmdline\\": \\"jar\\",\\n \\"HandleStatus\\": 0,\\n \\"HandleTimestamp\\": 1758607200\\n }\\n ]\\n}","type":"json"}]', 'title' => '查看攻击信息', ], ], 'endpoints' => [ [ 'regionId' => 'ap-southeast-1', 'endpoint' => 'sasrasp.ap-southeast-1.aliyuncs.com', ], [ 'regionId' => 'cn-hangzhou', 'endpoint' => 'sasrasp.cn-hangzhou.aliyuncs.com', ], ], ];