RubyGems - tencentcloud-sdk-cwp - Versions diffs - 3.0.545 → 3.0.547 - Mend

tencentcloud-sdk-cwp 3.0.545 → 3.0.547

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

data/lib/v20180228/models.rb CHANGED Viewed

@@ -37,6 +37,26 @@ module TencentCloud
         end
       end
+      # 节点关联的告警信息
+      class AlarmInfo < TencentCloud::Common::AbstractModel
+        # @param AlarmId: 该节点关联的告警，告警的table_name+id（t1:id1,t2:id2,...)
+        # @type AlarmId: String
+        # @param Status: 告警事件表状态，当该节点为告警点时生效
+        # @type Status: Integer
+        attr_accessor :AlarmId, :Status
+        def initialize(alarmid=nil, status=nil)
+          @AlarmId = alarmid
+          @Status = status
+        end
+        def deserialize(params)
+          @AlarmId = params['AlarmId']
+          @Status = params['Status']
+        end
+      end
       # 资源管理进程基本信息
       class AssetAppBaseInfo < TencentCloud::Common::AbstractModel
         # @param MachineIp: 主机内网IP
@@ -4154,10 +4174,13 @@ module TencentCloud
         # @param MachineExtraInfo: 附加信息
         # 注意：此字段可能返回 null，表示取不到有效值。
         # @type MachineExtraInfo: :class:`Tencentcloud::Cwp.v20180228.models.MachineExtraInfo`
+        # @param Location: 地理位置中文名
+        # 注意：此字段可能返回 null，表示取不到有效值。
+        # @type Location: String
-        attr_accessor :Id, :Uuid, :MachineIp, :MachineName, :UserName, :SrcIp, :Status, :Country, :City, :Province, :CreateTime, :BanStatus, :EventType, :Count, :Quuid, :IsProVersion, :Protocol, :Port, :ModifyTime, :InstanceId, :DataStatus, :MachineExtraInfo
+        attr_accessor :Id, :Uuid, :MachineIp, :MachineName, :UserName, :SrcIp, :Status, :Country, :City, :Province, :CreateTime, :BanStatus, :EventType, :Count, :Quuid, :IsProVersion, :Protocol, :Port, :ModifyTime, :InstanceId, :DataStatus, :MachineExtraInfo, :Location
-        def initialize(id=nil, uuid=nil, machineip=nil, machinename=nil, username=nil, srcip=nil, status=nil, country=nil, city=nil, province=nil, createtime=nil, banstatus=nil, eventtype=nil, count=nil, quuid=nil, isproversion=nil, protocol=nil, port=nil, modifytime=nil, instanceid=nil, datastatus=nil, machineextrainfo=nil)
+        def initialize(id=nil, uuid=nil, machineip=nil, machinename=nil, username=nil, srcip=nil, status=nil, country=nil, city=nil, province=nil, createtime=nil, banstatus=nil, eventtype=nil, count=nil, quuid=nil, isproversion=nil, protocol=nil, port=nil, modifytime=nil, instanceid=nil, datastatus=nil, machineextrainfo=nil, location=nil)
           @Id = id
           @Uuid = uuid
           @MachineIp = machineip
@@ -4180,6 +4203,7 @@ module TencentCloud
           @InstanceId = instanceid
           @DataStatus = datastatus
           @MachineExtraInfo = machineextrainfo
+          @Location = location
         end
         def deserialize(params)
@@ -4208,6 +4232,7 @@ module TencentCloud
             @MachineExtraInfo = MachineExtraInfo.new
             @MachineExtraInfo.deserialize(params['MachineExtraInfo'])
           end
+          @Location = params['Location']
         end
       end
@@ -5789,6 +5814,103 @@ module TencentCloud
         end
       end
+      # DescribeAlarmIncidentNodes请求参数结构体
+      class DescribeAlarmIncidentNodesRequest < TencentCloud::Common::AbstractModel
+        # @param Uuid: 机器uuid
+        # @type Uuid: String
+        # @param AlarmVid: 告警vid
+        # @type AlarmVid: String
+        # @param AlarmTime: 告警时间
+        # @type AlarmTime: Integer
+        attr_accessor :Uuid, :AlarmVid, :AlarmTime
+        def initialize(uuid=nil, alarmvid=nil, alarmtime=nil)
+          @Uuid = uuid
+          @AlarmVid = alarmvid
+          @AlarmTime = alarmtime
+        end
+        def deserialize(params)
+          @Uuid = params['Uuid']
+          @AlarmVid = params['AlarmVid']
+          @AlarmTime = params['AlarmTime']
+        end
+      end
+      # DescribeAlarmIncidentNodes返回参数结构体
+      class DescribeAlarmIncidentNodesResponse < TencentCloud::Common::AbstractModel
+        # @param IncidentNodes: 告警点所在事件的所有节点信息,可能包含多事件
+        # 注意：此字段可能返回 null，表示取不到有效值。
+        # @type IncidentNodes: Array
+        # @param RequestId: 唯一请求 ID，每次请求都会返回。定位问题时需要提供该次请求的 RequestId。
+        # @type RequestId: String
+        attr_accessor :IncidentNodes, :RequestId
+        def initialize(incidentnodes=nil, requestid=nil)
+          @IncidentNodes = incidentnodes
+          @RequestId = requestid
+        end
+        def deserialize(params)
+          unless params['IncidentNodes'].nil?
+            @IncidentNodes = []
+            params['IncidentNodes'].each do |i|
+              incidentvertexinfo_tmp = IncidentVertexInfo.new
+              incidentvertexinfo_tmp.deserialize(i)
+              @IncidentNodes << incidentvertexinfo_tmp
+            end
+          end
+          @RequestId = params['RequestId']
+        end
+      end
+      # DescribeAlarmVertexId请求参数结构体
+      class DescribeAlarmVertexIdRequest < TencentCloud::Common::AbstractModel
+        # @param Uuid: 机器uuid
+        # @type Uuid: String
+        # @param StartTime: 开始时间戳
+        # @type StartTime: Integer
+        # @param EndTime: 结束时间戳
+        # @type EndTime: Integer
+        attr_accessor :Uuid, :StartTime, :EndTime
+        def initialize(uuid=nil, starttime=nil, endtime=nil)
+          @Uuid = uuid
+          @StartTime = starttime
+          @EndTime = endtime
+        end
+        def deserialize(params)
+          @Uuid = params['Uuid']
+          @StartTime = params['StartTime']
+          @EndTime = params['EndTime']
+        end
+      end
+      # DescribeAlarmVertexId返回参数结构体
+      class DescribeAlarmVertexIdResponse < TencentCloud::Common::AbstractModel
+        # @param AlarmVertexIds: 告警点id列表
+        # 注意：此字段可能返回 null，表示取不到有效值。
+        # @type AlarmVertexIds: Array
+        # @param RequestId: 唯一请求 ID，每次请求都会返回。定位问题时需要提供该次请求的 RequestId。
+        # @type RequestId: String
+        attr_accessor :AlarmVertexIds, :RequestId
+        def initialize(alarmvertexids=nil, requestid=nil)
+          @AlarmVertexIds = alarmvertexids
+          @RequestId = requestid
+        end
+        def deserialize(params)
+          @AlarmVertexIds = params['AlarmVertexIds']
+          @RequestId = params['RequestId']
+        end
+      end
       # DescribeAssetAppList请求参数结构体
       class DescribeAssetAppListRequest < TencentCloud::Common::AbstractModel
         # @param Quuid: 查询指定Quuid主机的信息
@@ -10919,6 +11041,50 @@ module TencentCloud
         end
       end
+      # DescribeEventByTable请求参数结构体
+      class DescribeEventByTableRequest < TencentCloud::Common::AbstractModel
+        # @param TableName: 事件表名
+        # @type TableName: String
+        # @param Ids: 事件表id号
+        # @type Ids: Array
+        attr_accessor :TableName, :Ids
+        def initialize(tablename=nil, ids=nil)
+          @TableName = tablename
+          @Ids = ids
+        end
+        def deserialize(params)
+          @TableName = params['TableName']
+          @Ids = params['Ids']
+        end
+      end
+      # DescribeEventByTable返回参数结构体
+      class DescribeEventByTableResponse < TencentCloud::Common::AbstractModel
+        # @param Type: 告警类型，爆破bruteattack，高危命令bash，恶意文件malware，恶意请求risk_dns，本地提权privilege_escalation，反弹shell reverse_shell，内存马java_shell
+        # @type Type: String
+        # @param Value: 事件内容的json编码字符串，字段结构对齐事件表
+        # @type Value: String
+        # @param RequestId: 唯一请求 ID，每次请求都会返回。定位问题时需要提供该次请求的 RequestId。
+        # @type RequestId: String
+        attr_accessor :Type, :Value, :RequestId
+        def initialize(type=nil, value=nil, requestid=nil)
+          @Type = type
+          @Value = value
+          @RequestId = requestid
+        end
+        def deserialize(params)
+          @Type = params['Type']
+          @Value = params['Value']
+          @RequestId = params['RequestId']
+        end
+      end
       # DescribeExpertServiceList请求参数结构体
       class DescribeExpertServiceListRequest < TencentCloud::Common::AbstractModel
         # @param Filters: 过滤条件。
@@ -11122,6 +11288,81 @@ module TencentCloud
         end
       end
+      # DescribeFileTamperEvents请求参数结构体
+      class DescribeFileTamperEventsRequest < TencentCloud::Common::AbstractModel
+        # @param Filters: 过滤条件。
+        # <li>Status - String - 是否必填：否 - 处理状态  0 -- 待处理 1 -- 已加白 2 -- 已删除 3 - 已忽略</li>
+        # <li>ModifyTime - String - 是否必填：否 - 最近发生时间</li>
+        # <li>Uuid- String - 是否必填：否 - 主机uuid查询</li>
+        # <li>RuleCategory- string - 是否必填：否 - 规则类别 0 系统规则 1 自定义规则</li>
+        # @type Filters: Array
+        # @param Offset: 偏移量，默认为0。
+        # @type Offset: Integer
+        # @param Limit: 需要返回的数量，默认为10，最大值为100
+        # @type Limit: Integer
+        # @param Order: 排序方式 ASC,DESC
+        # @type Order: String
+        # @param By: 排序字段 CreateTime、ModifyTime
+        # @type By: String
+        attr_accessor :Filters, :Offset, :Limit, :Order, :By
+        def initialize(filters=nil, offset=nil, limit=nil, order=nil, by=nil)
+          @Filters = filters
+          @Offset = offset
+          @Limit = limit
+          @Order = order
+          @By = by
+        end
+        def deserialize(params)
+          unless params['Filters'].nil?
+            @Filters = []
+            params['Filters'].each do |i|
+              filters_tmp = Filters.new
+              filters_tmp.deserialize(i)
+              @Filters << filters_tmp
+            end
+          end
+          @Offset = params['Offset']
+          @Limit = params['Limit']
+          @Order = params['Order']
+          @By = params['By']
+        end
+      end
+      # DescribeFileTamperEvents返回参数结构体
+      class DescribeFileTamperEventsResponse < TencentCloud::Common::AbstractModel
+        # @param List: 核心文件事件列表
+        # 注意：此字段可能返回 null，表示取不到有效值。
+        # @type List: Array
+        # @param TotalCount: 数据总条数
+        # @type TotalCount: Integer
+        # @param RequestId: 唯一请求 ID，每次请求都会返回。定位问题时需要提供该次请求的 RequestId。
+        # @type RequestId: String
+        attr_accessor :List, :TotalCount, :RequestId
+        def initialize(list=nil, totalcount=nil, requestid=nil)
+          @List = list
+          @TotalCount = totalcount
+          @RequestId = requestid
+        end
+        def deserialize(params)
+          unless params['List'].nil?
+            @List = []
+            params['List'].each do |i|
+              filetamperevent_tmp = FileTamperEvent.new
+              filetamperevent_tmp.deserialize(i)
+              @List << filetamperevent_tmp
+            end
+          end
+          @TotalCount = params['TotalCount']
+          @RequestId = params['RequestId']
+        end
+      end
       # DescribeGeneralStat请求参数结构体
       class DescribeGeneralStatRequest < TencentCloud::Common::AbstractModel
         # @param MachineType: 云主机类型。
@@ -13234,6 +13475,46 @@ module TencentCloud
         end
       end
+      # DescribePrivilegeEventInfo请求参数结构体
+      class DescribePrivilegeEventInfoRequest < TencentCloud::Common::AbstractModel
+        # @param Id: 事件id
+        # @type Id: Integer
+        attr_accessor :Id
+        def initialize(id=nil)
+          @Id = id
+        end
+        def deserialize(params)
+          @Id = params['Id']
+        end
+      end
+      # DescribePrivilegeEventInfo返回参数结构体
+      class DescribePrivilegeEventInfoResponse < TencentCloud::Common::AbstractModel
+        # @param PrivilegeEventInfo: 本地提权详情
+        # 注意：此字段可能返回 null，表示取不到有效值。
+        # @type PrivilegeEventInfo: :class:`Tencentcloud::Cwp.v20180228.models.PrivilegeEventInfo`
+        # @param RequestId: 唯一请求 ID，每次请求都会返回。定位问题时需要提供该次请求的 RequestId。
+        # @type RequestId: String
+        attr_accessor :PrivilegeEventInfo, :RequestId
+        def initialize(privilegeeventinfo=nil, requestid=nil)
+          @PrivilegeEventInfo = privilegeeventinfo
+          @RequestId = requestid
+        end
+        def deserialize(params)
+          unless params['PrivilegeEventInfo'].nil?
+            @PrivilegeEventInfo = PrivilegeEventInfo.new
+            @PrivilegeEventInfo.deserialize(params['PrivilegeEventInfo'])
+          end
+          @RequestId = params['RequestId']
+        end
+      end
       # DescribePrivilegeEvents请求参数结构体
       class DescribePrivilegeEventsRequest < TencentCloud::Common::AbstractModel
         # @param Limit: 返回数量，最大值为100。
@@ -13723,6 +14004,46 @@ module TencentCloud
         end
       end
+      # DescribeReverseShellEventInfo请求参数结构体
+      class DescribeReverseShellEventInfoRequest < TencentCloud::Common::AbstractModel
+        # @param Id: 事件id
+        # @type Id: Integer
+        attr_accessor :Id
+        def initialize(id=nil)
+          @Id = id
+        end
+        def deserialize(params)
+          @Id = params['Id']
+        end
+      end
+      # DescribeReverseShellEventInfo返回参数结构体
+      class DescribeReverseShellEventInfoResponse < TencentCloud::Common::AbstractModel
+        # @param ReverseShellEventInfo: 反弹shell详情信息
+        # 注意：此字段可能返回 null，表示取不到有效值。
+        # @type ReverseShellEventInfo: :class:`Tencentcloud::Cwp.v20180228.models.ReverseShellEventInfo`
+        # @param RequestId: 唯一请求 ID，每次请求都会返回。定位问题时需要提供该次请求的 RequestId。
+        # @type RequestId: String
+        attr_accessor :ReverseShellEventInfo, :RequestId
+        def initialize(reverseshelleventinfo=nil, requestid=nil)
+          @ReverseShellEventInfo = reverseshelleventinfo
+          @RequestId = requestid
+        end
+        def deserialize(params)
+          unless params['ReverseShellEventInfo'].nil?
+            @ReverseShellEventInfo = ReverseShellEventInfo.new
+            @ReverseShellEventInfo.deserialize(params['ReverseShellEventInfo'])
+          end
+          @RequestId = params['RequestId']
+        end
+      end
       # DescribeReverseShellEvents请求参数结构体
       class DescribeReverseShellEventsRequest < TencentCloud::Common::AbstractModel
         # @param Limit: 返回数量，最大值为100。
@@ -13857,6 +14178,46 @@ module TencentCloud
         end
       end
+      # DescribeRiskDnsEventInfo请求参数结构体
+      class DescribeRiskDnsEventInfoRequest < TencentCloud::Common::AbstractModel
+        # @param Id: 恶意请求事件Id
+        # @type Id: Integer
+        attr_accessor :Id
+        def initialize(id=nil)
+          @Id = id
+        end
+        def deserialize(params)
+          @Id = params['Id']
+        end
+      end
+      # DescribeRiskDnsEventInfo返回参数结构体
+      class DescribeRiskDnsEventInfoResponse < TencentCloud::Common::AbstractModel
+        # @param Info: 恶意请求事件详情
+        # 注意：此字段可能返回 null，表示取不到有效值。
+        # @type Info: :class:`Tencentcloud::Cwp.v20180228.models.RiskDnsEvent`
+        # @param RequestId: 唯一请求 ID，每次请求都会返回。定位问题时需要提供该次请求的 RequestId。
+        # @type RequestId: String
+        attr_accessor :Info, :RequestId
+        def initialize(info=nil, requestid=nil)
+          @Info = info
+          @RequestId = requestid
+        end
+        def deserialize(params)
+          unless params['Info'].nil?
+            @Info = RiskDnsEvent.new
+            @Info.deserialize(params['Info'])
+          end
+          @RequestId = params['RequestId']
+        end
+      end
       # DescribeRiskDnsEventList请求参数结构体
       class DescribeRiskDnsEventListRequest < TencentCloud::Common::AbstractModel
         # @param Filters: <li>IpOrName - String - 是否必填：否 - 主机Ip或别名筛选</li>
@@ -15474,21 +15835,73 @@ module TencentCloud
         end
       end
-      # DescribeVulCountByDates请求参数结构体
-      class DescribeVulCountByDatesRequest < TencentCloud::Common::AbstractModel
-        # @param LastDays: 需要查询最近几天的数据，需要都 -1后传入
-        # @type LastDays: Array
-        # @param VulCategory: 漏洞的分类: 1: web-cms漏洞 2:应用漏洞  4: Linux软件漏洞 5: Windows系统漏洞
-        # @type VulCategory: Integer
-        # @param IfEmergency: 是否为应急漏洞筛选  是: yes
-        # @type IfEmergency: String
+      # DescribeVertexDetail请求参数结构体
+      class DescribeVertexDetailRequest < TencentCloud::Common::AbstractModel
+        # @param VertexIds: 点id列表
+        # @type VertexIds: Array
+        # @param IncidentId: 事件id
+        # @type IncidentId: String
+        # @param TableName: 事件所在表名
+        # @type TableName: String
-        attr_accessor :LastDays, :VulCategory, :IfEmergency
+        attr_accessor :VertexIds, :IncidentId, :TableName
-        def initialize(lastdays=nil, vulcategory=nil, ifemergency=nil)
-          @LastDays = lastdays
-          @VulCategory = vulcategory
-          @IfEmergency = ifemergency
+        def initialize(vertexids=nil, incidentid=nil, tablename=nil)
+          @VertexIds = vertexids
+          @IncidentId = incidentid
+          @TableName = tablename
+        end
+        def deserialize(params)
+          @VertexIds = params['VertexIds']
+          @IncidentId = params['IncidentId']
+          @TableName = params['TableName']
+        end
+      end
+      # DescribeVertexDetail返回参数结构体
+      class DescribeVertexDetailResponse < TencentCloud::Common::AbstractModel
+        # @param VertexDetails: 指定点列表的属性信息
+        # 注意：此字段可能返回 null，表示取不到有效值。
+        # @type VertexDetails: Array
+        # @param RequestId: 唯一请求 ID，每次请求都会返回。定位问题时需要提供该次请求的 RequestId。
+        # @type RequestId: String
+        attr_accessor :VertexDetails, :RequestId
+        def initialize(vertexdetails=nil, requestid=nil)
+          @VertexDetails = vertexdetails
+          @RequestId = requestid
+        end
+        def deserialize(params)
+          unless params['VertexDetails'].nil?
+            @VertexDetails = []
+            params['VertexDetails'].each do |i|
+              vertexdetail_tmp = VertexDetail.new
+              vertexdetail_tmp.deserialize(i)
+              @VertexDetails << vertexdetail_tmp
+            end
+          end
+          @RequestId = params['RequestId']
+        end
+      end
+      # DescribeVulCountByDates请求参数结构体
+      class DescribeVulCountByDatesRequest < TencentCloud::Common::AbstractModel
+        # @param LastDays: 需要查询最近几天的数据，需要都 -1后传入
+        # @type LastDays: Array
+        # @param VulCategory: 漏洞的分类: 1: web-cms漏洞 2:应用漏洞  4: Linux软件漏洞 5: Windows系统漏洞
+        # @type VulCategory: Integer
+        # @param IfEmergency: 是否为应急漏洞筛选  是: yes
+        # @type IfEmergency: String
+        attr_accessor :LastDays, :VulCategory, :IfEmergency
+        def initialize(lastdays=nil, vulcategory=nil, ifemergency=nil)
+          @LastDays = lastdays
+          @VulCategory = vulcategory
+          @IfEmergency = ifemergency
         end
         def deserialize(params)
@@ -18246,6 +18659,173 @@ module TencentCloud
         end
       end
+      # 核心文件监控事件
+      class FileTamperEvent < TencentCloud::Common::AbstractModel
+        # @param HostName: 机器名称
+        # @type HostName: String
+        # @param HostIp: 机器IP
+        # @type HostIp: String
+        # @param CreateTime: 发生时间
+        # @type CreateTime: String
+        # @param ModifyTime: 最近发生时间
+        # @type ModifyTime: String
+        # @param Id: 事件id
+        # @type Id: Integer
+        # @param Uuid: 主机uuid
+        # @type Uuid: String
+        # @param Quuid: cvm id
+        # @type Quuid: String
+        # @param Type: 事件类型/动作  0 -- 告警
+        # @type Type: Integer
+        # @param ProcessExe: 进程路径
+        # @type ProcessExe: String
+        # @param ProcessArgv: 进程参数
+        # @type ProcessArgv: String
+        # @param Target: 目标文件路径
+        # @type Target: String
+        # @param Status: 处理状态  0 -- 待处理 1 -- 已加白 2 -- 已删除 3 - 已忽略 4-已手动处理
+        # @type Status: Integer
+        # @param EventCount: 事件产生次数
+        # @type EventCount: Integer
+        # @param RuleId: 规则id
+        # @type RuleId: Integer
+        # @param RuleName: 规则名称
+        # @type RuleName: String
+        # @param Pstree: 事件详情: json格式
+        # @type Pstree: String
+        # @param RuleCategory: 规则类型 0系统规则 1自定义规则
+        # @type RuleCategory: Integer
+        # @param MachineStatus: 主机在线信息 ONLINE、OFFLINE
+        # @type MachineStatus: String
+        # @param Description: 危害描述
+        # @type Description: String
+        # @param Suggestion: 修护建议
+        # @type Suggestion: String
+        # @param PrivateIp: 内网ip
+        # @type PrivateIp: String
+        # @param ExePermission: 进程权限
+        # @type ExePermission: String
+        # @param UserName: 用户名
+        # @type UserName: String
+        # @param UserGroup: 用户组
+        # @type UserGroup: String
+        # @param ExeMd5: 进程名
+        # @type ExeMd5: String
+        # @param ExeSize: 进程文件大小
+        # @type ExeSize: Integer
+        # @param ExeTime: 进程执行时长
+        # @type ExeTime: Integer
+        # @param TargetSize: 目标文件大小
+        # @type TargetSize: Integer
+        # @param TargetPermission: 目标文件权限
+        # @type TargetPermission: String
+        # @param TargetModifyTime: 目标文件更新时间
+        # 注意：此字段可能返回 null，表示取不到有效值。
+        # @type TargetModifyTime: String
+        # @param TargetCreatTime: 目标文件创建时间
+        # 注意：此字段可能返回 null，表示取不到有效值。
+        # @type TargetCreatTime: String
+        # @param ExePid: 进程pid
+        # @type ExePid: Integer
+        # @param TargetName: 文件名称
+        # @type TargetName: String
+        # @param Reference: 参考链接
+        # @type Reference: String
+        # @param Level: 风险等级 0：无， 1: 高危， 2:中危， 3: 低危
+        # @type Level: Integer
+        # @param ExeName: 进程名称
+        # 注意：此字段可能返回 null，表示取不到有效值。
+        # @type ExeName: String
+        # @param MachineExtraInfo:  主机额外信息
+        # 注意：此字段可能返回 null，表示取不到有效值。
+        # @type MachineExtraInfo: :class:`Tencentcloud::Cwp.v20180228.models.MachineExtraInfo`
+        attr_accessor :HostName, :HostIp, :CreateTime, :ModifyTime, :Id, :Uuid, :Quuid, :Type, :ProcessExe, :ProcessArgv, :Target, :Status, :EventCount, :RuleId, :RuleName, :Pstree, :RuleCategory, :MachineStatus, :Description, :Suggestion, :PrivateIp, :ExePermission, :UserName, :UserGroup, :ExeMd5, :ExeSize, :ExeTime, :TargetSize, :TargetPermission, :TargetModifyTime, :TargetCreatTime, :ExePid, :TargetName, :Reference, :Level, :ExeName, :MachineExtraInfo
+        def initialize(hostname=nil, hostip=nil, createtime=nil, modifytime=nil, id=nil, uuid=nil, quuid=nil, type=nil, processexe=nil, processargv=nil, target=nil, status=nil, eventcount=nil, ruleid=nil, rulename=nil, pstree=nil, rulecategory=nil, machinestatus=nil, description=nil, suggestion=nil, privateip=nil, exepermission=nil, username=nil, usergroup=nil, exemd5=nil, exesize=nil, exetime=nil, targetsize=nil, targetpermission=nil, targetmodifytime=nil, targetcreattime=nil, exepid=nil, targetname=nil, reference=nil, level=nil, exename=nil, machineextrainfo=nil)
+          @HostName = hostname
+          @HostIp = hostip
+          @CreateTime = createtime
+          @ModifyTime = modifytime
+          @Id = id
+          @Uuid = uuid
+          @Quuid = quuid
+          @Type = type
+          @ProcessExe = processexe
+          @ProcessArgv = processargv
+          @Target = target
+          @Status = status
+          @EventCount = eventcount
+          @RuleId = ruleid
+          @RuleName = rulename
+          @Pstree = pstree
+          @RuleCategory = rulecategory
+          @MachineStatus = machinestatus
+          @Description = description
+          @Suggestion = suggestion
+          @PrivateIp = privateip
+          @ExePermission = exepermission
+          @UserName = username
+          @UserGroup = usergroup
+          @ExeMd5 = exemd5
+          @ExeSize = exesize
+          @ExeTime = exetime
+          @TargetSize = targetsize
+          @TargetPermission = targetpermission
+          @TargetModifyTime = targetmodifytime
+          @TargetCreatTime = targetcreattime
+          @ExePid = exepid
+          @TargetName = targetname
+          @Reference = reference
+          @Level = level
+          @ExeName = exename
+          @MachineExtraInfo = machineextrainfo
+        end
+        def deserialize(params)
+          @HostName = params['HostName']
+          @HostIp = params['HostIp']
+          @CreateTime = params['CreateTime']
+          @ModifyTime = params['ModifyTime']
+          @Id = params['Id']
+          @Uuid = params['Uuid']
+          @Quuid = params['Quuid']
+          @Type = params['Type']
+          @ProcessExe = params['ProcessExe']
+          @ProcessArgv = params['ProcessArgv']
+          @Target = params['Target']
+          @Status = params['Status']
+          @EventCount = params['EventCount']
+          @RuleId = params['RuleId']
+          @RuleName = params['RuleName']
+          @Pstree = params['Pstree']
+          @RuleCategory = params['RuleCategory']
+          @MachineStatus = params['MachineStatus']
+          @Description = params['Description']
+          @Suggestion = params['Suggestion']
+          @PrivateIp = params['PrivateIp']
+          @ExePermission = params['ExePermission']
+          @UserName = params['UserName']
+          @UserGroup = params['UserGroup']
+          @ExeMd5 = params['ExeMd5']
+          @ExeSize = params['ExeSize']
+          @ExeTime = params['ExeTime']
+          @TargetSize = params['TargetSize']
+          @TargetPermission = params['TargetPermission']
+          @TargetModifyTime = params['TargetModifyTime']
+          @TargetCreatTime = params['TargetCreatTime']
+          @ExePid = params['ExePid']
+          @TargetName = params['TargetName']
+          @Reference = params['Reference']
+          @Level = params['Level']
+          @ExeName = params['ExeName']
+          unless params['MachineExtraInfo'].nil?
+            @MachineExtraInfo = MachineExtraInfo.new
+            @MachineExtraInfo.deserialize(params['MachineExtraInfo'])
+          end
+        end
+      end
       # 描述键值对过滤器，用于条件过滤查询。例如过滤ID、名称、状态等
       # 若存在多个Filter时，Filter间的关系为逻辑与（AND）关系。
@@ -18453,10 +19033,13 @@ module TencentCloud
         # @param MachineExtraInfo: 附加信息
         # 注意：此字段可能返回 null，表示取不到有效值。
         # @type MachineExtraInfo: :class:`Tencentcloud::Cwp.v20180228.models.MachineExtraInfo`
+        # @param Port: 请求目的端口
+        # 注意：此字段可能返回 null，表示取不到有效值。
+        # @type Port: Integer
-        attr_accessor :Id, :Uuid, :MachineIp, :MachineName, :UserName, :SrcIp, :Status, :Country, :City, :Province, :LoginTime, :ModifyTime, :IsRiskArea, :IsRiskUser, :IsRiskTime, :IsRiskSrcIp, :RiskLevel, :Location, :Quuid, :Desc, :MachineExtraInfo
+        attr_accessor :Id, :Uuid, :MachineIp, :MachineName, :UserName, :SrcIp, :Status, :Country, :City, :Province, :LoginTime, :ModifyTime, :IsRiskArea, :IsRiskUser, :IsRiskTime, :IsRiskSrcIp, :RiskLevel, :Location, :Quuid, :Desc, :MachineExtraInfo, :Port
-        def initialize(id=nil, uuid=nil, machineip=nil, machinename=nil, username=nil, srcip=nil, status=nil, country=nil, city=nil, province=nil, logintime=nil, modifytime=nil, isriskarea=nil, isriskuser=nil, isrisktime=nil, isrisksrcip=nil, risklevel=nil, location=nil, quuid=nil, desc=nil, machineextrainfo=nil)
+        def initialize(id=nil, uuid=nil, machineip=nil, machinename=nil, username=nil, srcip=nil, status=nil, country=nil, city=nil, province=nil, logintime=nil, modifytime=nil, isriskarea=nil, isriskuser=nil, isrisktime=nil, isrisksrcip=nil, risklevel=nil, location=nil, quuid=nil, desc=nil, machineextrainfo=nil, port=nil)
           @Id = id
           @Uuid = uuid
           @MachineIp = machineip
@@ -18478,6 +19061,7 @@ module TencentCloud
           @Quuid = quuid
           @Desc = desc
           @MachineExtraInfo = machineextrainfo
+          @Port = port
         end
         def deserialize(params)
@@ -18505,6 +19089,7 @@ module TencentCloud
             @MachineExtraInfo = MachineExtraInfo.new
             @MachineExtraInfo.deserialize(params['MachineExtraInfo'])
           end
+          @Port = params['Port']
         end
       end
@@ -18661,6 +19246,45 @@ module TencentCloud
         end
       end
+      # 事件点信息
+      class IncidentVertexInfo < TencentCloud::Common::AbstractModel
+        # @param IncidentId: 事件id
+        # 注意：此字段可能返回 null，表示取不到有效值。
+        # @type IncidentId: String
+        # @param TableName: 事件所在表名
+        # 注意：此字段可能返回 null，表示取不到有效值。
+        # @type TableName: String
+        # @param Vertex: 节点信息列表，数组项中包含节点详细信息
+        # 注意：此字段可能返回 null，表示取不到有效值。
+        # @type Vertex: Array
+        # @param VertexCount: 节点总个数
+        # 注意：此字段可能返回 null，表示取不到有效值。
+        # @type VertexCount: Integer
+        attr_accessor :IncidentId, :TableName, :Vertex, :VertexCount
+        def initialize(incidentid=nil, tablename=nil, vertex=nil, vertexcount=nil)
+          @IncidentId = incidentid
+          @TableName = tablename
+          @Vertex = vertex
+          @VertexCount = vertexcount
+        end
+        def deserialize(params)
+          @IncidentId = params['IncidentId']
+          @TableName = params['TableName']
+          unless params['Vertex'].nil?
+            @Vertex = []
+            params['Vertex'].each do |i|
+              vertexinfo_tmp = VertexInfo.new
+              vertexinfo_tmp.deserialize(i)
+              @Vertex << vertexinfo_tmp
+            end
+          end
+          @VertexCount = params['VertexCount']
+        end
+      end
       # 项
       class Item < TencentCloud::Common::AbstractModel
         # @param ItemId: Id
@@ -20631,10 +21255,13 @@ module TencentCloud
         # @param MachineExtraInfo: 附加信息
         # 注意：此字段可能返回 null，表示取不到有效值。
         # @type MachineExtraInfo: :class:`Tencentcloud::Cwp.v20180228.models.MachineExtraInfo`
+        # @param Pid: 进程id
+        # 注意：此字段可能返回 null，表示取不到有效值。
+        # @type Pid: Integer
-        attr_accessor :Id, :Uuid, :Quuid, :Hostip, :ProcessName, :FullPath, :CmdLine, :UserName, :UserGroup, :ProcFilePrivilege, :ParentProcName, :ParentProcUser, :ParentProcGroup, :ParentProcPath, :ProcTree, :Status, :CreateTime, :MachineName, :MachineExtraInfo
+        attr_accessor :Id, :Uuid, :Quuid, :Hostip, :ProcessName, :FullPath, :CmdLine, :UserName, :UserGroup, :ProcFilePrivilege, :ParentProcName, :ParentProcUser, :ParentProcGroup, :ParentProcPath, :ProcTree, :Status, :CreateTime, :MachineName, :MachineExtraInfo, :Pid
-        def initialize(id=nil, uuid=nil, quuid=nil, hostip=nil, processname=nil, fullpath=nil, cmdline=nil, username=nil, usergroup=nil, procfileprivilege=nil, parentprocname=nil, parentprocuser=nil, parentprocgroup=nil, parentprocpath=nil, proctree=nil, status=nil, createtime=nil, machinename=nil, machineextrainfo=nil)
+        def initialize(id=nil, uuid=nil, quuid=nil, hostip=nil, processname=nil, fullpath=nil, cmdline=nil, username=nil, usergroup=nil, procfileprivilege=nil, parentprocname=nil, parentprocuser=nil, parentprocgroup=nil, parentprocpath=nil, proctree=nil, status=nil, createtime=nil, machinename=nil, machineextrainfo=nil, pid=nil)
           @Id = id
           @Uuid = uuid
           @Quuid = quuid
@@ -20654,6 +21281,7 @@ module TencentCloud
           @CreateTime = createtime
           @MachineName = machinename
           @MachineExtraInfo = machineextrainfo
+          @Pid = pid
         end
         def deserialize(params)
@@ -20679,6 +21307,123 @@ module TencentCloud
             @MachineExtraInfo = MachineExtraInfo.new
             @MachineExtraInfo.deserialize(params['MachineExtraInfo'])
           end
+          @Pid = params['Pid']
+        end
+      end
+      # 本地提权数据
+      class PrivilegeEventInfo < TencentCloud::Common::AbstractModel
+        # @param Id: 数据ID
+        # @type Id: Integer
+        # @param Uuid: 云镜ID
+        # @type Uuid: String
+        # @param Quuid: 主机ID
+        # @type Quuid: String
+        # @param HostIp: 主机内网IP
+        # @type HostIp: String
+        # @param ProcessName: 进程名
+        # @type ProcessName: String
+        # @param FullPath: 进程路径
+        # @type FullPath: String
+        # @param CmdLine: 执行命令
+        # @type CmdLine: String
+        # @param UserName: 用户名
+        # @type UserName: String
+        # @param UserGroup: 用户组
+        # @type UserGroup: String
+        # @param ProcFilePrivilege: 进程文件权限
+        # @type ProcFilePrivilege: String
+        # @param ParentProcName: 父进程名
+        # @type ParentProcName: String
+        # @param ParentProcUser: 父进程用户名
+        # @type ParentProcUser: String
+        # @param ParentProcGroup: 父进程用户组
+        # @type ParentProcGroup: String
+        # @param ParentProcPath: 父进程路径
+        # @type ParentProcPath: String
+        # @param PsTree: 进程树 json  pid:进程id，exe:文件路径 ，account:进程所属用组和用户 ,cmdline:执行命令，ssh_service: SSH服务ip, ssh_soure:登录源
+        # @type PsTree: String
+        # @param Status: 处理状态：0-待处理 2-白名单 3-已处理 4-已忽略
+        # @type Status: Integer
+        # @param CreateTime: 发生时间
+        # @type CreateTime: String
+        # @param MachineName: 机器名
+        # @type MachineName: String
+        # @param SuggestScheme: 建议方案
+        # @type SuggestScheme: String
+        # @param HarmDescribe: 危害描述信息
+        # @type HarmDescribe: String
+        # @param Tags: 标签
+        # @type Tags: Array
+        # @param References: 参考链接
+        # @type References: Array
+        # @param MachineWanIp: 主机外网ip
+        # @type MachineWanIp: String
+        # @param NewCaps: 权限列表|隔开
+        # @type NewCaps: String
+        # @param MachineStatus: 主机在线状态 OFFLINE  ONLINE
+        # @type MachineStatus: String
+        # @param ModifyTime: 处理时间
+        # @type ModifyTime: String
+        attr_accessor :Id, :Uuid, :Quuid, :HostIp, :ProcessName, :FullPath, :CmdLine, :UserName, :UserGroup, :ProcFilePrivilege, :ParentProcName, :ParentProcUser, :ParentProcGroup, :ParentProcPath, :PsTree, :Status, :CreateTime, :MachineName, :SuggestScheme, :HarmDescribe, :Tags, :References, :MachineWanIp, :NewCaps, :MachineStatus, :ModifyTime
+        def initialize(id=nil, uuid=nil, quuid=nil, hostip=nil, processname=nil, fullpath=nil, cmdline=nil, username=nil, usergroup=nil, procfileprivilege=nil, parentprocname=nil, parentprocuser=nil, parentprocgroup=nil, parentprocpath=nil, pstree=nil, status=nil, createtime=nil, machinename=nil, suggestscheme=nil, harmdescribe=nil, tags=nil, references=nil, machinewanip=nil, newcaps=nil, machinestatus=nil, modifytime=nil)
+          @Id = id
+          @Uuid = uuid
+          @Quuid = quuid
+          @HostIp = hostip
+          @ProcessName = processname
+          @FullPath = fullpath
+          @CmdLine = cmdline
+          @UserName = username
+          @UserGroup = usergroup
+          @ProcFilePrivilege = procfileprivilege
+          @ParentProcName = parentprocname
+          @ParentProcUser = parentprocuser
+          @ParentProcGroup = parentprocgroup
+          @ParentProcPath = parentprocpath
+          @PsTree = pstree
+          @Status = status
+          @CreateTime = createtime
+          @MachineName = machinename
+          @SuggestScheme = suggestscheme
+          @HarmDescribe = harmdescribe
+          @Tags = tags
+          @References = references
+          @MachineWanIp = machinewanip
+          @NewCaps = newcaps
+          @MachineStatus = machinestatus
+          @ModifyTime = modifytime
+        end
+        def deserialize(params)
+          @Id = params['Id']
+          @Uuid = params['Uuid']
+          @Quuid = params['Quuid']
+          @HostIp = params['HostIp']
+          @ProcessName = params['ProcessName']
+          @FullPath = params['FullPath']
+          @CmdLine = params['CmdLine']
+          @UserName = params['UserName']
+          @UserGroup = params['UserGroup']
+          @ProcFilePrivilege = params['ProcFilePrivilege']
+          @ParentProcName = params['ParentProcName']
+          @ParentProcUser = params['ParentProcUser']
+          @ParentProcGroup = params['ParentProcGroup']
+          @ParentProcPath = params['ParentProcPath']
+          @PsTree = params['PsTree']
+          @Status = params['Status']
+          @CreateTime = params['CreateTime']
+          @MachineName = params['MachineName']
+          @SuggestScheme = params['SuggestScheme']
+          @HarmDescribe = params['HarmDescribe']
+          @Tags = params['Tags']
+          @References = params['References']
+          @MachineWanIp = params['MachineWanIp']
+          @NewCaps = params['NewCaps']
+          @MachineStatus = params['MachineStatus']
+          @ModifyTime = params['ModifyTime']
         end
       end
@@ -21242,10 +21987,13 @@ module TencentCloud
         # @param MachineExtraInfo:  主机额外信息
         # 注意：此字段可能返回 null，表示取不到有效值。
         # @type MachineExtraInfo: :class:`Tencentcloud::Cwp.v20180228.models.MachineExtraInfo`
+        # @param Pid: 进程id
+        # 注意：此字段可能返回 null，表示取不到有效值。
+        # @type Pid: Integer
-        attr_accessor :Id, :Uuid, :Quuid, :Hostip, :DstIp, :DstPort, :ProcessName, :FullPath, :CmdLine, :UserName, :UserGroup, :ParentProcName, :ParentProcUser, :ParentProcGroup, :ParentProcPath, :Status, :CreateTime, :MachineName, :ProcTree, :DetectBy, :MachineExtraInfo
+        attr_accessor :Id, :Uuid, :Quuid, :Hostip, :DstIp, :DstPort, :ProcessName, :FullPath, :CmdLine, :UserName, :UserGroup, :ParentProcName, :ParentProcUser, :ParentProcGroup, :ParentProcPath, :Status, :CreateTime, :MachineName, :ProcTree, :DetectBy, :MachineExtraInfo, :Pid
-        def initialize(id=nil, uuid=nil, quuid=nil, hostip=nil, dstip=nil, dstport=nil, processname=nil, fullpath=nil, cmdline=nil, username=nil, usergroup=nil, parentprocname=nil, parentprocuser=nil, parentprocgroup=nil, parentprocpath=nil, status=nil, createtime=nil, machinename=nil, proctree=nil, detectby=nil, machineextrainfo=nil)
+        def initialize(id=nil, uuid=nil, quuid=nil, hostip=nil, dstip=nil, dstport=nil, processname=nil, fullpath=nil, cmdline=nil, username=nil, usergroup=nil, parentprocname=nil, parentprocuser=nil, parentprocgroup=nil, parentprocpath=nil, status=nil, createtime=nil, machinename=nil, proctree=nil, detectby=nil, machineextrainfo=nil, pid=nil)
           @Id = id
           @Uuid = uuid
           @Quuid = quuid
@@ -21267,6 +22015,7 @@ module TencentCloud
           @ProcTree = proctree
           @DetectBy = detectby
           @MachineExtraInfo = machineextrainfo
+          @Pid = pid
         end
         def deserialize(params)
@@ -21294,6 +22043,128 @@ module TencentCloud
             @MachineExtraInfo = MachineExtraInfo.new
             @MachineExtraInfo.deserialize(params['MachineExtraInfo'])
           end
+          @Pid = params['Pid']
+        end
+      end
+      # 反弹Shell数据详情
+      class ReverseShellEventInfo < TencentCloud::Common::AbstractModel
+        # @param Id: ID 主键
+        # @type Id: Integer
+        # @param Uuid: 云镜UUID
+        # @type Uuid: String
+        # @param Quuid: 主机ID
+        # @type Quuid: String
+        # @param HostIp: 主机内网IP
+        # @type HostIp: String
+        # @param DstIp: 目标IP
+        # @type DstIp: String
+        # @param DstPort: 目标端口
+        # @type DstPort: Integer
+        # @param ProcessName: 进程名
+        # @type ProcessName: String
+        # @param FullPath: 进程路径
+        # @type FullPath: String
+        # @param CmdLine: 命令详情
+        # @type CmdLine: String
+        # @param UserName: 执行用户
+        # @type UserName: String
+        # @param UserGroup: 执行用户组
+        # @type UserGroup: String
+        # @param ParentProcName: 父进程名
+        # @type ParentProcName: String
+        # @param ParentProcUser: 父进程用户
+        # @type ParentProcUser: String
+        # @param ParentProcGroup: 父进程用户组
+        # @type ParentProcGroup: String
+        # @param ParentProcPath: 父进程路径
+        # @type ParentProcPath: String
+        # @param Status: 处理状态：0-待处理 2-白名单 3-已处理 4-已忽略
+        # @type Status: Integer
+        # @param CreateTime: 产生时间
+        # @type CreateTime: String
+        # @param MachineName: 主机名
+        # @type MachineName: String
+        # @param DetectBy: 检测方法
+        # @type DetectBy: Integer
+        # @param PsTree: 进程树 json  pid:进程id，exe:文件路径 ，account:进程所属用组和用户 ,cmdline:执行命令，ssh_service: SSH服务ip, ssh_soure:登录源
+        # 注意：此字段可能返回 null，表示取不到有效值。
+        # @type PsTree: String
+        # @param SuggestScheme: 建议方案
+        # @type SuggestScheme: String
+        # @param HarmDescribe: 描述
+        # @type HarmDescribe: String
+        # @param Tags: 标签
+        # @type Tags: Array
+        # @param References: 参考链接
+        # @type References: Array
+        # @param MachineWanIp: 主机外网ip
+        # @type MachineWanIp: String
+        # @param MachineStatus: 主机在线状态 OFFLINE  ONLINE
+        # @type MachineStatus: String
+        # @param ModifyTime: 处理时间
+        # @type ModifyTime: String
+        attr_accessor :Id, :Uuid, :Quuid, :HostIp, :DstIp, :DstPort, :ProcessName, :FullPath, :CmdLine, :UserName, :UserGroup, :ParentProcName, :ParentProcUser, :ParentProcGroup, :ParentProcPath, :Status, :CreateTime, :MachineName, :DetectBy, :PsTree, :SuggestScheme, :HarmDescribe, :Tags, :References, :MachineWanIp, :MachineStatus, :ModifyTime
+        def initialize(id=nil, uuid=nil, quuid=nil, hostip=nil, dstip=nil, dstport=nil, processname=nil, fullpath=nil, cmdline=nil, username=nil, usergroup=nil, parentprocname=nil, parentprocuser=nil, parentprocgroup=nil, parentprocpath=nil, status=nil, createtime=nil, machinename=nil, detectby=nil, pstree=nil, suggestscheme=nil, harmdescribe=nil, tags=nil, references=nil, machinewanip=nil, machinestatus=nil, modifytime=nil)
+          @Id = id
+          @Uuid = uuid
+          @Quuid = quuid
+          @HostIp = hostip
+          @DstIp = dstip
+          @DstPort = dstport
+          @ProcessName = processname
+          @FullPath = fullpath
+          @CmdLine = cmdline
+          @UserName = username
+          @UserGroup = usergroup
+          @ParentProcName = parentprocname
+          @ParentProcUser = parentprocuser
+          @ParentProcGroup = parentprocgroup
+          @ParentProcPath = parentprocpath
+          @Status = status
+          @CreateTime = createtime
+          @MachineName = machinename
+          @DetectBy = detectby
+          @PsTree = pstree
+          @SuggestScheme = suggestscheme
+          @HarmDescribe = harmdescribe
+          @Tags = tags
+          @References = references
+          @MachineWanIp = machinewanip
+          @MachineStatus = machinestatus
+          @ModifyTime = modifytime
+        end
+        def deserialize(params)
+          @Id = params['Id']
+          @Uuid = params['Uuid']
+          @Quuid = params['Quuid']
+          @HostIp = params['HostIp']
+          @DstIp = params['DstIp']
+          @DstPort = params['DstPort']
+          @ProcessName = params['ProcessName']
+          @FullPath = params['FullPath']
+          @CmdLine = params['CmdLine']
+          @UserName = params['UserName']
+          @UserGroup = params['UserGroup']
+          @ParentProcName = params['ParentProcName']
+          @ParentProcUser = params['ParentProcUser']
+          @ParentProcGroup = params['ParentProcGroup']
+          @ParentProcPath = params['ParentProcPath']
+          @Status = params['Status']
+          @CreateTime = params['CreateTime']
+          @MachineName = params['MachineName']
+          @DetectBy = params['DetectBy']
+          @PsTree = params['PsTree']
+          @SuggestScheme = params['SuggestScheme']
+          @HarmDescribe = params['HarmDescribe']
+          @Tags = params['Tags']
+          @References = params['References']
+          @MachineWanIp = params['MachineWanIp']
+          @MachineStatus = params['MachineStatus']
+          @ModifyTime = params['ModifyTime']
         end
       end
@@ -22745,6 +23616,196 @@ module TencentCloud
         end
       end
+      # 点详细信息
+      class VertexDetail < TencentCloud::Common::AbstractModel
+        # @param Type: 该节点类型，进程:1；网络:2；文件:3；ssh:4
+        # 注意：此字段可能返回 null，表示取不到有效值。
+        # @type Type: Integer
+        # @param Time: 各节点类型用到的时间，2022-11-29 00:00:00 格式
+        # 注意：此字段可能返回 null，表示取不到有效值。
+        # @type Time: String
+        # @param AlarmInfo: 告警信息
+        # 注意：此字段可能返回 null，表示取不到有效值。
+        # @type AlarmInfo: Array
+        # @param ProcName: 进程名，当该节点为进程时生效
+        # 注意：此字段可能返回 null，表示取不到有效值。
+        # @type ProcName: String
+        # @param CmdLine: 命令行，当该节点为进程时生效
+        # 注意：此字段可能返回 null，表示取不到有效值。
+        # @type CmdLine: String
+        # @param Pid: 进程id，当该节点为进程时生效
+        # 注意：此字段可能返回 null，表示取不到有效值。
+        # @type Pid: String
+        # @param FileMd5: 文件md5，当该节点为文件时生效
+        # 注意：此字段可能返回 null，表示取不到有效值。
+        # @type FileMd5: String
+        # @param FileContent: 文件写入内容，当该节点为文件时生效
+        # 注意：此字段可能返回 null，表示取不到有效值。
+        # @type FileContent: String
+        # @param FilePath: 文件路径，当该节点为文件时生效
+        # 注意：此字段可能返回 null，表示取不到有效值。
+        # @type FilePath: String
+        # @param FileCreateTime: 文件创建时间，当该节点为文件时生效
+        # 注意：此字段可能返回 null，表示取不到有效值。
+        # @type FileCreateTime: String
+        # @param Address: 请求目的地址，当该节点为网络时生效
+        # 注意：此字段可能返回 null，表示取不到有效值。
+        # @type Address: String
+        # @param DstPort: 目标端口，当该节点为网络时生效
+        # 注意：此字段可能返回 null，表示取不到有效值。
+        # @type DstPort: Integer
+        # @param SrcIP: 登录源ip，当该节点为ssh时生效
+        # 注意：此字段可能返回 null，表示取不到有效值。
+        # @type SrcIP: String
+        # @param User: 登录用户名用户组，当该节点为ssh时生效
+        # 注意：此字段可能返回 null，表示取不到有效值。
+        # @type User: String
+        # @param VulName: 漏洞名称，当该节点为漏洞时生效
+        # 注意：此字段可能返回 null，表示取不到有效值。
+        # @type VulName: String
+        # @param VulTime: 漏洞利用时间，当该节点为漏洞时生效
+        # 注意：此字段可能返回 null，表示取不到有效值。
+        # @type VulTime: String
+        # @param HttpContent: http请求内容，当该节点为漏洞时生效
+        # 注意：此字段可能返回 null，表示取不到有效值。
+        # @type HttpContent: String
+        # @param VulSrcIP: 漏洞利用者来源ip，当该节点为漏洞时生效
+        # 注意：此字段可能返回 null，表示取不到有效值。
+        # @type VulSrcIP: String
+        # @param VertexId: 点id
+        # 注意：此字段可能返回 null，表示取不到有效值。
+        # @type VertexId: String
+        attr_accessor :Type, :Time, :AlarmInfo, :ProcName, :CmdLine, :Pid, :FileMd5, :FileContent, :FilePath, :FileCreateTime, :Address, :DstPort, :SrcIP, :User, :VulName, :VulTime, :HttpContent, :VulSrcIP, :VertexId
+        def initialize(type=nil, time=nil, alarminfo=nil, procname=nil, cmdline=nil, pid=nil, filemd5=nil, filecontent=nil, filepath=nil, filecreatetime=nil, address=nil, dstport=nil, srcip=nil, user=nil, vulname=nil, vultime=nil, httpcontent=nil, vulsrcip=nil, vertexid=nil)
+          @Type = type
+          @Time = time
+          @AlarmInfo = alarminfo
+          @ProcName = procname
+          @CmdLine = cmdline
+          @Pid = pid
+          @FileMd5 = filemd5
+          @FileContent = filecontent
+          @FilePath = filepath
+          @FileCreateTime = filecreatetime
+          @Address = address
+          @DstPort = dstport
+          @SrcIP = srcip
+          @User = user
+          @VulName = vulname
+          @VulTime = vultime
+          @HttpContent = httpcontent
+          @VulSrcIP = vulsrcip
+          @VertexId = vertexid
+        end
+        def deserialize(params)
+          @Type = params['Type']
+          @Time = params['Time']
+          unless params['AlarmInfo'].nil?
+            @AlarmInfo = []
+            params['AlarmInfo'].each do |i|
+              alarminfo_tmp = AlarmInfo.new
+              alarminfo_tmp.deserialize(i)
+              @AlarmInfo << alarminfo_tmp
+            end
+          end
+          @ProcName = params['ProcName']
+          @CmdLine = params['CmdLine']
+          @Pid = params['Pid']
+          @FileMd5 = params['FileMd5']
+          @FileContent = params['FileContent']
+          @FilePath = params['FilePath']
+          @FileCreateTime = params['FileCreateTime']
+          @Address = params['Address']
+          @DstPort = params['DstPort']
+          @SrcIP = params['SrcIP']
+          @User = params['User']
+          @VulName = params['VulName']
+          @VulTime = params['VulTime']
+          @HttpContent = params['HttpContent']
+          @VulSrcIP = params['VulSrcIP']
+          @VertexId = params['VertexId']
+        end
+      end
+      # 攻击溯源节点信息
+      class VertexInfo < TencentCloud::Common::AbstractModel
+        # @param Type: 该结点类型，进程:1；网络:2；文件:3；ssh:4；
+        # @type Type: Integer
+        # @param Vid: 该节点包含的vid
+        # @type Vid: String
+        # @param ParentVid: 该节点的父节点vid
+        # @type ParentVid: String
+        # @param IsLeaf: 是否叶子
+        # @type IsLeaf: Boolean
+        # @param ProcNamePrefix: 进程名，当Type=1时使用
+        # 注意：此字段可能返回 null，表示取不到有效值。
+        # @type ProcNamePrefix: String
+        # @param ProcNameMd5: 进程名md5，当Type=1时使用
+        # 注意：此字段可能返回 null，表示取不到有效值。
+        # @type ProcNameMd5: String
+        # @param CmdLinePrefix: 命令行，当Type=1时使用
+        # 注意：此字段可能返回 null，表示取不到有效值。
+        # @type CmdLinePrefix: String
+        # @param CmdLineMd5: 命令行md5，当Type=1时使用
+        # 注意：此字段可能返回 null，表示取不到有效值。
+        # @type CmdLineMd5: String
+        # @param FilePathPrefix: 文件路径，当Type=3时使用
+        # 注意：此字段可能返回 null，表示取不到有效值。
+        # @type FilePathPrefix: String
+        # @param AddressPrefix: 请求目的地址，当Type=2时使用
+        # 注意：此字段可能返回 null，表示取不到有效值。
+        # @type AddressPrefix: String
+        # @param IsWeDetect: 是否漏洞节点
+        # @type IsWeDetect: Boolean
+        # @param IsAlarm: 是否告警节点
+        # @type IsAlarm: Boolean
+        # @param FilePathMd5: 文件路径md5，当Type=3时使用
+        # 注意：此字段可能返回 null，表示取不到有效值。
+        # @type FilePathMd5: String
+        # @param AddressMd5: 请求目的地址md5，当Type=2时使用
+        # 注意：此字段可能返回 null，表示取不到有效值。
+        # @type AddressMd5: String
+        attr_accessor :Type, :Vid, :ParentVid, :IsLeaf, :ProcNamePrefix, :ProcNameMd5, :CmdLinePrefix, :CmdLineMd5, :FilePathPrefix, :AddressPrefix, :IsWeDetect, :IsAlarm, :FilePathMd5, :AddressMd5
+        def initialize(type=nil, vid=nil, parentvid=nil, isleaf=nil, procnameprefix=nil, procnamemd5=nil, cmdlineprefix=nil, cmdlinemd5=nil, filepathprefix=nil, addressprefix=nil, iswedetect=nil, isalarm=nil, filepathmd5=nil, addressmd5=nil)
+          @Type = type
+          @Vid = vid
+          @ParentVid = parentvid
+          @IsLeaf = isleaf
+          @ProcNamePrefix = procnameprefix
+          @ProcNameMd5 = procnamemd5
+          @CmdLinePrefix = cmdlineprefix
+          @CmdLineMd5 = cmdlinemd5
+          @FilePathPrefix = filepathprefix
+          @AddressPrefix = addressprefix
+          @IsWeDetect = iswedetect
+          @IsAlarm = isalarm
+          @FilePathMd5 = filepathmd5
+          @AddressMd5 = addressmd5
+        end
+        def deserialize(params)
+          @Type = params['Type']
+          @Vid = params['Vid']
+          @ParentVid = params['ParentVid']
+          @IsLeaf = params['IsLeaf']
+          @ProcNamePrefix = params['ProcNamePrefix']
+          @ProcNameMd5 = params['ProcNameMd5']
+          @CmdLinePrefix = params['CmdLinePrefix']
+          @CmdLineMd5 = params['CmdLineMd5']
+          @FilePathPrefix = params['FilePathPrefix']
+          @AddressPrefix = params['AddressPrefix']
+          @IsWeDetect = params['IsWeDetect']
+          @IsAlarm = params['IsAlarm']
+          @FilePathMd5 = params['FilePathMd5']
+          @AddressMd5 = params['AddressMd5']
+        end
+      end
       # 漏洞详细信息
       class VulDetailInfo < TencentCloud::Common::AbstractModel
         # @param VulId: 漏洞ID