GetApiV1AlarmDetail - 获取告警详情--多云安全平台-火山引擎

文档中心

立即注册

导航

GetApiV1AlarmDetail - 获取告警详情

最近更新时间：2024.11.06 17:05:12首次发布时间：2024.11.06 17:05:12

获取告警详情信息，如告警标题、描述、严重程度、检测时间、处理状态、受影响资产等。

请求说明

请求方式: GET
请求地址: https://open.volcengineapi.com/?Action=GetApiV1AlarmDetail&Version=2023-05-01

请求参数

下表仅列出该接口特有的请求参数和部分公共参数。更多信息请见公共参数。

参数	类型	是否必填	示例值	描述
Action	String	是	GetApiV1AlarmDetail	要执行的操作，取值：GetApiV1AlarmDetail。
Version	String	是	2023-05-01	API的版本，取值：2023-05-01。
alarm_id	String	是	uniform_risk_xxxxxxxxxxxxxxxxxxxxxxxx	告警ID

返回参数

下表仅列出本接口特有的返回参数。更多信息请参见返回结构。

参数	类型	示例值	描述
detail	Object	--	接口请求结果

请求示例

GET /?Action=GetApiV1AlarmDetail&Version=2023-05-01&alarm_id=uniform_risk_xxxxxxxxxxxxxxxxxxxxxxxx HTTP/1.1
Host: open.volcengineapi.com
X-Date: 20241105T033530Z
Authorization: HMAC-SHA256 Credential=Adfks******wekfwe/20241105/cn-beijing/mcs/request, SignedHeaders=host;x-date, Signature=47a7d934ff7b37c03938******cd7b8278a40a1057690c401e92246a0e41085f

返回示例

{
  "ResponseMetadata": {
    "RequestId": "20241105113542235060137204A262E7",
    "Action": "GetApiV1AlarmDetail",
    "Version": "2023-05-01",
    "Service": "mcs",
    "Region": "cn-beijing"
  },
  "Result": {
    "detail": {
      "alarm_id": "uniform_risk_672881766568367723e20a39",
      "alarm_title": "外网下载文件并派生可疑进程",
      "alarm_desc": "【行为分析】外网拉取网络文件后有可疑子进程派生",
      "alarm_alert_type": "kill_chain",
      "affected_asset": {
        "resource_status": "exist",
        "resource_type": "ComputeVm",
        "resource_vendor": "volcengine",
        "resource_cloud_account_id": "900000000123",
        "resource_cloud_account_name": "a_cloud_account_name_here",
        "resource_id": "i-2ze2exxxxixypvxxxxxxx",
        "resource_name": "launch-advisor-20241031"
      },
      "cloud_account": {
        "resource_vendor": "volcengine",
        "resource_cloud_account_id": "900000000123",
        "resource_cloud_account_name": "a_cloud_account_name_here"
      },
      "alarm_risk_status": "unhandled",
      "alarm_risk_level": "700-critical",
      "alarm_source_product": {
        "resource_vendor": "volcengine",
        "alarm_source_product_id": "volc-seccenter",
        "alarm_source_product_name": "云安全中心"
      },
      "alarm_created_time_milli": 1730707812000,
      "alarm_updated_time_milli": 1730707812000,
      "alarm_raw_data": "raw_data_from_source_product",
      "alarm_vendor_alert_meta": {
        "vendor_alert_data_uuid": "a_vendor_alert_uuid_here",
        "vendor_alert_type": "杀伤链",
        "vendor_alert_threat_direction": "a_threat_direction_here"
      },
      "variation_info": {
        "alarm_feature_info_malware": {
          "malware_file": {
            "file_md5": "e7df7cd2ca07f4f1ab415d457a6e1c13",
            "file_path": "/tmp/a_temp_file"
          },
          "malware_family": "恶意软件族名称",
          "malware_labels": [
            "malware_label_1",
            "malware_label_2"
          ],
          "malware_hit_data": {
            "len": 1024,
            "offset": 1024
          },
          "malware_downloadable": true
        }
      },
      "additional_info_list": [
        {
          "key": "additional_info_key",
          "name": "additional_info_name",
          "value": "additional_info_value"
        }
      ],
      "llm_analysis_result": "根据xxx信息，分析得出xx结果。"
    }
  }
}

错误码

下表为您列举了该接口与业务逻辑相关的错误码。公共错误码请参见公共错误码文档。

状态码	错误码	错误信息	说明
400	InvalidParameter	The specified parameter %s is invalid.	无效参数
400	OperationDenied	Operation is denied because the specified resource is in use.	操作被拒绝
400	MissingParameter	The required parameter %s is missing.	缺失参数
500	InternalError	The request has failed due to an unknown error.	内部错误