vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/hss/api-ref/ChangeEvent.html
Li, Qiao a5e72d5590 HSS API 20240206 version 
Reviewed-by: Belejkanic, Lukas <lukas.belejkanic@t-systems.com>
Reviewed-by: Drobnak, David <david.drobnak@t-systems.com>
Co-authored-by: Li, Qiao <qiaoli@huawei.com>
Co-committed-by: Li, Qiao <qiaoli@huawei.com>
2024-05-28 20:54:21 +00:00

437 lines
21 KiB
HTML
Raw Permalink Blame History

<a name="ChangeEvent"></a><a name="ChangeEvent"></a>
<h1 class="topictitle1">Handling Alarm Events</h1>
<div><div class="section"><h4 class="sectiontitle">Function</h4><p>This API is used to handle alarm events.</p>
</div>
<div class="section" id="ChangeEvent__atuogenerate_1"><h4 class="sectiontitle">URI</h4><p>POST /v5/{project_id}/event/operate</p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Path Parameters</caption><thead align="left"><tr><th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.2.3.2.5.1.1"><p>Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.2.3.2.5.1.2"><p>Mandatory</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.2.3.2.5.1.3"><p>Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="40%" id="mcps1.3.2.3.2.5.1.4"><p>Description</p>
</th>
</tr>
</thead>
<tbody><tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.2.3.2.5.1.1 "><p>project_id</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.2.3.2.5.1.2 "><p>Yes</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.2.3.2.5.1.3 "><p>String</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.2.3.2.5.1.4 "><p>Project ID</p>
<p>Minimum: <strong>20</strong></p>
<p>Maximum: <strong>64</strong></p>
</td>
</tr>
</tbody>
</table>
</div>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Query Parameters</caption><thead align="left"><tr><th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.2.4.2.5.1.1"><p>Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.2.4.2.5.1.2"><p>Mandatory</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.2.4.2.5.1.3"><p>Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="40%" id="mcps1.3.2.4.2.5.1.4"><p>Description</p>
</th>
</tr>
</thead>
<tbody><tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.2.4.2.5.1.1 "><p>enterprise_project_id</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.2.4.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.2.4.2.5.1.3 "><p>String</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.2.4.2.5.1.4 "><p>Enterprise project ID. The value <strong>0</strong> indicates the default enterprise project. To query all enterprise projects, set this parameter to <strong>all_granted_eps</strong>.</p>
<p>Minimum: <strong>0</strong></p>
<p>Maximum: <strong>64</strong></p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="section"><h4 class="sectiontitle">Request Parameters</h4>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="ChangeEvent__HeaderParameter" frame="border" border="1" rules="all"><caption><b>Table 3 </b>Request header parameters</caption><thead align="left"><tr><th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.3.2.2.5.1.1"><p>Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.3.2.2.5.1.2"><p>Mandatory</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.3.2.2.5.1.3"><p>Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="40%" id="mcps1.3.3.2.2.5.1.4"><p>Description</p>
</th>
</tr>
</thead>
<tbody><tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.2.2.5.1.1 "><p>X-Auth-Token</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.2.2.5.1.2 "><p>Yes</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.2.2.5.1.3 "><p>String</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.2.2.5.1.4 "><p>User token.</p>
<p>Minimum: <strong>1</strong></p>
<p>Maximum: <strong>32768</strong></p>
</td>
</tr>
</tbody>
</table>
</div>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="ChangeEvent__request_ChangeEventRequestInfo" frame="border" border="1" rules="all"><caption><b>Table 4 </b>Request body parameters</caption><thead align="left"><tr><th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.3.3.2.5.1.1"><p>Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.3.3.2.5.1.2"><p>Mandatory</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.3.3.2.5.1.3"><p>Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="40%" id="mcps1.3.3.3.2.5.1.4"><p>Description</p>
</th>
</tr>
</thead>
<tbody><tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.3.2.5.1.1 "><p>operate_type</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.3.2.5.1.2 "><p>Yes</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.3.2.5.1.3 "><p>String</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.3.2.5.1.4 "><p>Handling method. Its value can be:</p>
<ul><li><p>mark_as_handled</p>
</li><li><p>ignore</p>
</li><li><p>add_to_alarm_whitelist</p>
</li><li><p>add_to_login_whitelist</p>
</li><li><p>isolate_and_kill</p>
</li><li><p>unhandle</p>
</li><li><p>do_not_ignore</p>
</li><li><p>remove_from_alarm_whitelist</p>
</li><li><p>remove_from_login_whitelist</p>
</li><li><p>do_not_isolate_or_kill</p>
</li></ul>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.3.2.5.1.1 "><p>handler</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.3.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.3.2.5.1.3 "><p>String</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.3.2.5.1.4 "><p>Remarks. This API is available only for handled alarms.</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.3.2.5.1.1 "><p>operate_event_list</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.3.2.5.1.2 "><p>Yes</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.3.2.5.1.3 "><p>Array of <a href="#ChangeEvent__request_OperateEventRequestInfo">OperateEventRequestInfo</a> objects</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.3.2.5.1.4 "><p>Operated event list</p>
<p>Array Length: <strong>0 - 100</strong></p>
</td>
</tr>
</tbody>
</table>
</div>
<div class="tablenoborder"><a name="ChangeEvent__request_OperateEventRequestInfo"></a><a name="request_OperateEventRequestInfo"></a><table cellpadding="4" cellspacing="0" summary="" id="ChangeEvent__request_OperateEventRequestInfo" frame="border" border="1" rules="all"><caption><b>Table 5 </b>OperateEventRequestInfo</caption><thead align="left"><tr><th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.3.4.2.5.1.1"><p>Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.3.4.2.5.1.2"><p>Mandatory</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.3.4.2.5.1.3"><p>Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="40%" id="mcps1.3.3.4.2.5.1.4"><p>Description</p>
</th>
</tr>
</thead>
<tbody><tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.1 "><p>event_class_id</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.2 "><p>Yes</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.3 "><p>String</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.4.2.5.1.4 "><p>Event category. Its value can be:</p>
<ul><li><p>container_1001: Container namespace</p>
</li><li><p>container_1002: Container open port</p>
</li><li><p>container_1003: Container security option</p>
</li><li><p>container_1004: Container mount directory</p>
</li><li><p>containerescape_0001: High-risk system call</p>
</li><li><p>containerescape_0002: Shocker attack</p>
</li><li><p>containerescape_0003: Dirty Cow attack</p>
</li><li><p>containerescape_0004: Container file escape</p>
</li><li><p>dockerfile_001: Modification of user-defined protected container file</p>
</li><li><p>dockerfile_002: Modification of executable files in the container file system</p>
</li><li><p>dockerproc_001: Abnormal container process</p>
</li><li><p>fileprotect_0001: File privilege escalation</p>
</li><li><p>fileprotect_0002: Key file change</p>
</li><li><p>fileprotect_0003: AuthorizedKeysFile path change</p>
</li><li><p>fileprotect_0004: File directory change</p>
</li><li><p>login_0001: Brute-force attack attempt</p>
</li><li><p>login_0002: Brute-force attack succeeded</p>
</li><li><p>login_1001: Succeeded login</p>
</li><li><p>login_1002: Remote login</p>
</li><li><p>login_1003: Weak password</p>
</li><li><p>malware_0001: Shell change</p>
</li><li><p>malware_0002: Reverse shell</p>
</li><li><p>malware_1001: Malicious program</p>
</li><li><p>procdet_0001: Abnormal process behavior</p>
</li><li><p>procdet_0002: Process privilege escalation</p>
</li><li><p>procreport_0001: High-risk command</p>
</li><li><p>user_1001: Account change</p>
</li><li><p>user_1002: Unsafe account</p>
</li><li><p>vmescape_0001: Sensitive command executed on VM</p>
</li><li><p>vmescape_0002: Sensitive file accessed by virtualization process</p>
</li><li><p>vmescape_0003: Abnormal VM port access</p>
</li><li><p>webshell_0001: Web shell</p>
</li><li><p>network_1001: Mining</p>
</li><li><p>network_1002: DDoS attacks</p>
</li><li><p>network_1003: Malicious scanning</p>
</li><li><p>network_1004: Attack in sensitive areas</p>
</li><li><p>crontab_1001: Suspicious crontab task</p>
</li></ul>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.1 "><p>event_id</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.2 "><p>Yes</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.3 "><p>String</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.4.2.5.1.4 "><p>Event ID</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.1 "><p>event_type</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.2 "><p>Yes</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.3 "><p>Integer</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.4.2.5.1.4 "><p>Intrusion type. Its value can be:</p>
<ul><li><p>1001: Malware</p>
</li><li><p>1010: Rootkit</p>
</li><li><p>1011: Ransomware</p>
</li><li><p>1015: Web shell</p>
</li><li><p>1017: Reverse shell</p>
</li><li><p>2001: Common vulnerability exploit</p>
</li><li><p>3002: File privilege escalation</p>
</li><li><p>3003: Process privilege escalation</p>
</li><li><p>3004: Important file change</p>
</li><li><p>3005: File/Directory change</p>
</li><li><p>3007: Abnormal process behavior</p>
</li><li><p>3015: High-risk command execution</p>
</li><li><p>3018: Abnormal shell</p>
</li><li><p>3027: Suspicious crontab tasks</p>
</li><li><p>4002: Brute-force attack</p>
</li><li><p>4004: Abnormal login</p>
</li><li><p>4006: Invalid system account</p>
</li></ul>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.1 "><p>occur_time</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.2 "><p>Yes</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.3 "><p>Integer</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.4.2.5.1.4 "><p>Occurrence time, accurate to milliseconds.</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.1 "><p>operate_detail_list</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.2 "><p>Yes</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.3 "><p>Array of <a href="#ChangeEvent__request_EventDetailRequestInfo">EventDetailRequestInfo</a> objects</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.4.2.5.1.4 "><p>Operation details list. If operate_type is set to add_to_alarm_whitelist or remove_from_alarm_whitelist, keyword and hash are mandatory. If operate_type is set to add_to_login_whitelist or remove_from_login_whitelist, the login_ip, private_ip, and login_user_name parameters are mandatory. If operate_type is set to isolate_and_kill or do_not_isolate_or_kill, the agent_id, file_hash, file_path, and process_pid parameters are mandatory. In other cases, the parameters are optional.</p>
<p>Array Length: <strong>0 - 100</strong></p>
</td>
</tr>
</tbody>
</table>
</div>
<div class="tablenoborder"><a name="ChangeEvent__request_EventDetailRequestInfo"></a><a name="request_EventDetailRequestInfo"></a><table cellpadding="4" cellspacing="0" summary="" id="ChangeEvent__request_EventDetailRequestInfo" frame="border" border="1" rules="all"><caption><b>Table 6 </b>EventDetailRequestInfo</caption><thead align="left"><tr><th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.3.5.2.5.1.1"><p>Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.3.5.2.5.1.2"><p>Mandatory</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.3.5.2.5.1.3"><p>Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="40%" id="mcps1.3.3.5.2.5.1.4"><p>Description</p>
</th>
</tr>
</thead>
<tbody><tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.5.2.5.1.1 "><p>agent_id</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.5.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.5.2.5.1.3 "><p>String</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.5.2.5.1.4 "><p>Agent ID</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.5.2.5.1.1 "><p>process_pid</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.5.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.5.2.5.1.3 "><p>Integer</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.5.2.5.1.4 "><p>Process ID</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.5.2.5.1.1 "><p>file_hash</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.5.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.5.2.5.1.3 "><p>String</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.5.2.5.1.4 "><p>File hash</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.5.2.5.1.1 "><p>file_path</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.5.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.5.2.5.1.3 "><p>String</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.5.2.5.1.4 "><p>File path</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.5.2.5.1.1 "><p>file_attr</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.5.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.5.2.5.1.3 "><p>String</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.5.2.5.1.4 "><p>File attribute</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.5.2.5.1.1 "><p>keyword</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.5.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.5.2.5.1.3 "><p>String</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.5.2.5.1.4 "><p>Alarm event keyword, which is used only for the alarm whitelist.</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.5.2.5.1.1 "><p>hash</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.5.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.5.2.5.1.3 "><p>String</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.5.2.5.1.4 "><p>Alarm event hash, which is used only for the alarm whitelist.</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.5.2.5.1.1 "><p>private_ip</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.5.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.5.2.5.1.3 "><p>String</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.5.2.5.1.4 "><p>Server private IP address</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.5.2.5.1.1 "><p>login_ip</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.5.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.5.2.5.1.3 "><p>String</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.5.2.5.1.4 "><p>Login source IP address</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.5.2.5.1.1 "><p>login_user_name</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.5.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.5.2.5.1.3 "><p>String</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.5.2.5.1.4 "><p>Login username</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="section"><h4 class="sectiontitle">Response Parameters</h4><p>None</p>
</div>
<div class="section"><h4 class="sectiontitle">Example Requests</h4><pre class="screen">POST https://{endpoint}/v5/{project_id}/event/operate?enterprise_project_id=xxx
{
"operate_type" : "mark_as_handled",
"handler" : "test",
"operate_event_list" : [ {
"event_class_id" : "rootkit_0001",
"event_id" : "2a71e1e2-60f4-4d56-b314-2038fdc39de6",
"occur_time" : 1672046760353,
"event_type" : 1010,
"operate_detail_list" : [ {
"agent_id" : "c9bed5397db449ebdfba15e85fcfc36accee125c68954daf5cab0528bab59bd8",
"file_hash" : "e8b50f0b91e3dce0885ccc5902846b139d28108a0a7976c9b8d43154c5dbc44d",
"file_path" : "/usr/test",
"process_pid" : 3123,
"file_attr" : 33261,
"keyword" : "file_path=/usr/test",
"hash" : "e8b50f0b91e3dce0885ccc5902846b139d28108a0a7976c9b8d43154c5dbc44d",
"login_ip" : "127.0.0.1",
"private_ip" : "127.0.0.2",
"login_user_name" : "root"
} ]
} ],
"x-request-examples-description-1" : "Manually handle the intrusion alarms whose alarm event type is Rootkit and alarm event ID is 2a71e1e2-60f4-4d56-b314-2038fdc39de6."
}</pre>
</div>
<div class="section"><h4 class="sectiontitle">Example Responses</h4><p>None</p>
</div>
<div class="section"><h4 class="sectiontitle">Status Codes</h4>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="ChangeEvent__status_code" frame="border" border="1" rules="all"><thead align="left"><tr><th align="left" class="cellrowborder" valign="top" width="15%" id="mcps1.3.7.2.1.3.1.1"><p>Status Code</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="85%" id="mcps1.3.7.2.1.3.1.2"><p>Description</p>
</th>
</tr>
</thead>
<tbody><tr><td class="cellrowborder" valign="top" width="15%" headers="mcps1.3.7.2.1.3.1.1 "><p>200</p>
</td>
<td class="cellrowborder" valign="top" width="85%" headers="mcps1.3.7.2.1.3.1.2 "><p>success</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="15%" headers="mcps1.3.7.2.1.3.1.1 "><p>400</p>
</td>
<td class="cellrowborder" valign="top" width="85%" headers="mcps1.3.7.2.1.3.1.2 "><p>Invalid parameter.</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="15%" headers="mcps1.3.7.2.1.3.1.1 "><p>401</p>
</td>
<td class="cellrowborder" valign="top" width="85%" headers="mcps1.3.7.2.1.3.1.2 "><p>Authentication failed.</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="15%" headers="mcps1.3.7.2.1.3.1.1 "><p>403</p>
</td>
<td class="cellrowborder" valign="top" width="85%" headers="mcps1.3.7.2.1.3.1.2 "><p>Insufficient permission.</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="15%" headers="mcps1.3.7.2.1.3.1.1 "><p>404</p>
</td>
<td class="cellrowborder" valign="top" width="85%" headers="mcps1.3.7.2.1.3.1.2 "><p>Resource not found.</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="15%" headers="mcps1.3.7.2.1.3.1.1 "><p>500</p>
</td>
<td class="cellrowborder" valign="top" width="85%" headers="mcps1.3.7.2.1.3.1.2 "><p>System error.</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="section"><h4 class="sectiontitle">Error Codes</h4><p>See <a href="ErrorCode.html">Error Codes</a>.</p>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="topic_300000004.html">Intrusion Detection</a></div>
</div>
</div>
View Git Blame Copy Permalink