tencentcloud-sdk-cwp 3.0.545 → 3.0.547

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -37,6 +37,26 @@ module TencentCloud
37
37
  end
38
38
  end
39
39
 
40
+ # 节点关联的告警信息
41
+ class AlarmInfo < TencentCloud::Common::AbstractModel
42
+ # @param AlarmId: 该节点关联的告警,告警的table_name+id(t1:id1,t2:id2,...)
43
+ # @type AlarmId: String
44
+ # @param Status: 告警事件表状态,当该节点为告警点时生效
45
+ # @type Status: Integer
46
+
47
+ attr_accessor :AlarmId, :Status
48
+
49
+ def initialize(alarmid=nil, status=nil)
50
+ @AlarmId = alarmid
51
+ @Status = status
52
+ end
53
+
54
+ def deserialize(params)
55
+ @AlarmId = params['AlarmId']
56
+ @Status = params['Status']
57
+ end
58
+ end
59
+
40
60
  # 资源管理进程基本信息
41
61
  class AssetAppBaseInfo < TencentCloud::Common::AbstractModel
42
62
  # @param MachineIp: 主机内网IP
@@ -4154,10 +4174,13 @@ module TencentCloud
4154
4174
  # @param MachineExtraInfo: 附加信息
4155
4175
  # 注意:此字段可能返回 null,表示取不到有效值。
4156
4176
  # @type MachineExtraInfo: :class:`Tencentcloud::Cwp.v20180228.models.MachineExtraInfo`
4177
+ # @param Location: 地理位置中文名
4178
+ # 注意:此字段可能返回 null,表示取不到有效值。
4179
+ # @type Location: String
4157
4180
 
4158
- attr_accessor :Id, :Uuid, :MachineIp, :MachineName, :UserName, :SrcIp, :Status, :Country, :City, :Province, :CreateTime, :BanStatus, :EventType, :Count, :Quuid, :IsProVersion, :Protocol, :Port, :ModifyTime, :InstanceId, :DataStatus, :MachineExtraInfo
4181
+ attr_accessor :Id, :Uuid, :MachineIp, :MachineName, :UserName, :SrcIp, :Status, :Country, :City, :Province, :CreateTime, :BanStatus, :EventType, :Count, :Quuid, :IsProVersion, :Protocol, :Port, :ModifyTime, :InstanceId, :DataStatus, :MachineExtraInfo, :Location
4159
4182
 
4160
- def initialize(id=nil, uuid=nil, machineip=nil, machinename=nil, username=nil, srcip=nil, status=nil, country=nil, city=nil, province=nil, createtime=nil, banstatus=nil, eventtype=nil, count=nil, quuid=nil, isproversion=nil, protocol=nil, port=nil, modifytime=nil, instanceid=nil, datastatus=nil, machineextrainfo=nil)
4183
+ def initialize(id=nil, uuid=nil, machineip=nil, machinename=nil, username=nil, srcip=nil, status=nil, country=nil, city=nil, province=nil, createtime=nil, banstatus=nil, eventtype=nil, count=nil, quuid=nil, isproversion=nil, protocol=nil, port=nil, modifytime=nil, instanceid=nil, datastatus=nil, machineextrainfo=nil, location=nil)
4161
4184
  @Id = id
4162
4185
  @Uuid = uuid
4163
4186
  @MachineIp = machineip
@@ -4180,6 +4203,7 @@ module TencentCloud
4180
4203
  @InstanceId = instanceid
4181
4204
  @DataStatus = datastatus
4182
4205
  @MachineExtraInfo = machineextrainfo
4206
+ @Location = location
4183
4207
  end
4184
4208
 
4185
4209
  def deserialize(params)
@@ -4208,6 +4232,7 @@ module TencentCloud
4208
4232
  @MachineExtraInfo = MachineExtraInfo.new
4209
4233
  @MachineExtraInfo.deserialize(params['MachineExtraInfo'])
4210
4234
  end
4235
+ @Location = params['Location']
4211
4236
  end
4212
4237
  end
4213
4238
 
@@ -5789,6 +5814,103 @@ module TencentCloud
5789
5814
  end
5790
5815
  end
5791
5816
 
5817
+ # DescribeAlarmIncidentNodes请求参数结构体
5818
+ class DescribeAlarmIncidentNodesRequest < TencentCloud::Common::AbstractModel
5819
+ # @param Uuid: 机器uuid
5820
+ # @type Uuid: String
5821
+ # @param AlarmVid: 告警vid
5822
+ # @type AlarmVid: String
5823
+ # @param AlarmTime: 告警时间
5824
+ # @type AlarmTime: Integer
5825
+
5826
+ attr_accessor :Uuid, :AlarmVid, :AlarmTime
5827
+
5828
+ def initialize(uuid=nil, alarmvid=nil, alarmtime=nil)
5829
+ @Uuid = uuid
5830
+ @AlarmVid = alarmvid
5831
+ @AlarmTime = alarmtime
5832
+ end
5833
+
5834
+ def deserialize(params)
5835
+ @Uuid = params['Uuid']
5836
+ @AlarmVid = params['AlarmVid']
5837
+ @AlarmTime = params['AlarmTime']
5838
+ end
5839
+ end
5840
+
5841
+ # DescribeAlarmIncidentNodes返回参数结构体
5842
+ class DescribeAlarmIncidentNodesResponse < TencentCloud::Common::AbstractModel
5843
+ # @param IncidentNodes: 告警点所在事件的所有节点信息,可能包含多事件
5844
+ # 注意:此字段可能返回 null,表示取不到有效值。
5845
+ # @type IncidentNodes: Array
5846
+ # @param RequestId: 唯一请求 ID,每次请求都会返回。定位问题时需要提供该次请求的 RequestId。
5847
+ # @type RequestId: String
5848
+
5849
+ attr_accessor :IncidentNodes, :RequestId
5850
+
5851
+ def initialize(incidentnodes=nil, requestid=nil)
5852
+ @IncidentNodes = incidentnodes
5853
+ @RequestId = requestid
5854
+ end
5855
+
5856
+ def deserialize(params)
5857
+ unless params['IncidentNodes'].nil?
5858
+ @IncidentNodes = []
5859
+ params['IncidentNodes'].each do |i|
5860
+ incidentvertexinfo_tmp = IncidentVertexInfo.new
5861
+ incidentvertexinfo_tmp.deserialize(i)
5862
+ @IncidentNodes << incidentvertexinfo_tmp
5863
+ end
5864
+ end
5865
+ @RequestId = params['RequestId']
5866
+ end
5867
+ end
5868
+
5869
+ # DescribeAlarmVertexId请求参数结构体
5870
+ class DescribeAlarmVertexIdRequest < TencentCloud::Common::AbstractModel
5871
+ # @param Uuid: 机器uuid
5872
+ # @type Uuid: String
5873
+ # @param StartTime: 开始时间戳
5874
+ # @type StartTime: Integer
5875
+ # @param EndTime: 结束时间戳
5876
+ # @type EndTime: Integer
5877
+
5878
+ attr_accessor :Uuid, :StartTime, :EndTime
5879
+
5880
+ def initialize(uuid=nil, starttime=nil, endtime=nil)
5881
+ @Uuid = uuid
5882
+ @StartTime = starttime
5883
+ @EndTime = endtime
5884
+ end
5885
+
5886
+ def deserialize(params)
5887
+ @Uuid = params['Uuid']
5888
+ @StartTime = params['StartTime']
5889
+ @EndTime = params['EndTime']
5890
+ end
5891
+ end
5892
+
5893
+ # DescribeAlarmVertexId返回参数结构体
5894
+ class DescribeAlarmVertexIdResponse < TencentCloud::Common::AbstractModel
5895
+ # @param AlarmVertexIds: 告警点id列表
5896
+ # 注意:此字段可能返回 null,表示取不到有效值。
5897
+ # @type AlarmVertexIds: Array
5898
+ # @param RequestId: 唯一请求 ID,每次请求都会返回。定位问题时需要提供该次请求的 RequestId。
5899
+ # @type RequestId: String
5900
+
5901
+ attr_accessor :AlarmVertexIds, :RequestId
5902
+
5903
+ def initialize(alarmvertexids=nil, requestid=nil)
5904
+ @AlarmVertexIds = alarmvertexids
5905
+ @RequestId = requestid
5906
+ end
5907
+
5908
+ def deserialize(params)
5909
+ @AlarmVertexIds = params['AlarmVertexIds']
5910
+ @RequestId = params['RequestId']
5911
+ end
5912
+ end
5913
+
5792
5914
  # DescribeAssetAppList请求参数结构体
5793
5915
  class DescribeAssetAppListRequest < TencentCloud::Common::AbstractModel
5794
5916
  # @param Quuid: 查询指定Quuid主机的信息
@@ -10919,6 +11041,50 @@ module TencentCloud
10919
11041
  end
10920
11042
  end
10921
11043
 
11044
+ # DescribeEventByTable请求参数结构体
11045
+ class DescribeEventByTableRequest < TencentCloud::Common::AbstractModel
11046
+ # @param TableName: 事件表名
11047
+ # @type TableName: String
11048
+ # @param Ids: 事件表id号
11049
+ # @type Ids: Array
11050
+
11051
+ attr_accessor :TableName, :Ids
11052
+
11053
+ def initialize(tablename=nil, ids=nil)
11054
+ @TableName = tablename
11055
+ @Ids = ids
11056
+ end
11057
+
11058
+ def deserialize(params)
11059
+ @TableName = params['TableName']
11060
+ @Ids = params['Ids']
11061
+ end
11062
+ end
11063
+
11064
+ # DescribeEventByTable返回参数结构体
11065
+ class DescribeEventByTableResponse < TencentCloud::Common::AbstractModel
11066
+ # @param Type: 告警类型,爆破bruteattack,高危命令bash,恶意文件malware,恶意请求risk_dns,本地提权privilege_escalation,反弹shell reverse_shell,内存马java_shell
11067
+ # @type Type: String
11068
+ # @param Value: 事件内容的json编码字符串,字段结构对齐事件表
11069
+ # @type Value: String
11070
+ # @param RequestId: 唯一请求 ID,每次请求都会返回。定位问题时需要提供该次请求的 RequestId。
11071
+ # @type RequestId: String
11072
+
11073
+ attr_accessor :Type, :Value, :RequestId
11074
+
11075
+ def initialize(type=nil, value=nil, requestid=nil)
11076
+ @Type = type
11077
+ @Value = value
11078
+ @RequestId = requestid
11079
+ end
11080
+
11081
+ def deserialize(params)
11082
+ @Type = params['Type']
11083
+ @Value = params['Value']
11084
+ @RequestId = params['RequestId']
11085
+ end
11086
+ end
11087
+
10922
11088
  # DescribeExpertServiceList请求参数结构体
10923
11089
  class DescribeExpertServiceListRequest < TencentCloud::Common::AbstractModel
10924
11090
  # @param Filters: 过滤条件。
@@ -11122,6 +11288,81 @@ module TencentCloud
11122
11288
  end
11123
11289
  end
11124
11290
 
11291
+ # DescribeFileTamperEvents请求参数结构体
11292
+ class DescribeFileTamperEventsRequest < TencentCloud::Common::AbstractModel
11293
+ # @param Filters: 过滤条件。
11294
+ # <li>Status - String - 是否必填:否 - 处理状态 0 -- 待处理 1 -- 已加白 2 -- 已删除 3 - 已忽略</li>
11295
+ # <li>ModifyTime - String - 是否必填:否 - 最近发生时间</li>
11296
+ # <li>Uuid- String - 是否必填:否 - 主机uuid查询</li>
11297
+ # <li>RuleCategory- string - 是否必填:否 - 规则类别 0 系统规则 1 自定义规则</li>
11298
+ # @type Filters: Array
11299
+ # @param Offset: 偏移量,默认为0。
11300
+ # @type Offset: Integer
11301
+ # @param Limit: 需要返回的数量,默认为10,最大值为100
11302
+ # @type Limit: Integer
11303
+ # @param Order: 排序方式 ASC,DESC
11304
+ # @type Order: String
11305
+ # @param By: 排序字段 CreateTime、ModifyTime
11306
+ # @type By: String
11307
+
11308
+ attr_accessor :Filters, :Offset, :Limit, :Order, :By
11309
+
11310
+ def initialize(filters=nil, offset=nil, limit=nil, order=nil, by=nil)
11311
+ @Filters = filters
11312
+ @Offset = offset
11313
+ @Limit = limit
11314
+ @Order = order
11315
+ @By = by
11316
+ end
11317
+
11318
+ def deserialize(params)
11319
+ unless params['Filters'].nil?
11320
+ @Filters = []
11321
+ params['Filters'].each do |i|
11322
+ filters_tmp = Filters.new
11323
+ filters_tmp.deserialize(i)
11324
+ @Filters << filters_tmp
11325
+ end
11326
+ end
11327
+ @Offset = params['Offset']
11328
+ @Limit = params['Limit']
11329
+ @Order = params['Order']
11330
+ @By = params['By']
11331
+ end
11332
+ end
11333
+
11334
+ # DescribeFileTamperEvents返回参数结构体
11335
+ class DescribeFileTamperEventsResponse < TencentCloud::Common::AbstractModel
11336
+ # @param List: 核心文件事件列表
11337
+ # 注意:此字段可能返回 null,表示取不到有效值。
11338
+ # @type List: Array
11339
+ # @param TotalCount: 数据总条数
11340
+ # @type TotalCount: Integer
11341
+ # @param RequestId: 唯一请求 ID,每次请求都会返回。定位问题时需要提供该次请求的 RequestId。
11342
+ # @type RequestId: String
11343
+
11344
+ attr_accessor :List, :TotalCount, :RequestId
11345
+
11346
+ def initialize(list=nil, totalcount=nil, requestid=nil)
11347
+ @List = list
11348
+ @TotalCount = totalcount
11349
+ @RequestId = requestid
11350
+ end
11351
+
11352
+ def deserialize(params)
11353
+ unless params['List'].nil?
11354
+ @List = []
11355
+ params['List'].each do |i|
11356
+ filetamperevent_tmp = FileTamperEvent.new
11357
+ filetamperevent_tmp.deserialize(i)
11358
+ @List << filetamperevent_tmp
11359
+ end
11360
+ end
11361
+ @TotalCount = params['TotalCount']
11362
+ @RequestId = params['RequestId']
11363
+ end
11364
+ end
11365
+
11125
11366
  # DescribeGeneralStat请求参数结构体
11126
11367
  class DescribeGeneralStatRequest < TencentCloud::Common::AbstractModel
11127
11368
  # @param MachineType: 云主机类型。
@@ -13234,6 +13475,46 @@ module TencentCloud
13234
13475
  end
13235
13476
  end
13236
13477
 
13478
+ # DescribePrivilegeEventInfo请求参数结构体
13479
+ class DescribePrivilegeEventInfoRequest < TencentCloud::Common::AbstractModel
13480
+ # @param Id: 事件id
13481
+ # @type Id: Integer
13482
+
13483
+ attr_accessor :Id
13484
+
13485
+ def initialize(id=nil)
13486
+ @Id = id
13487
+ end
13488
+
13489
+ def deserialize(params)
13490
+ @Id = params['Id']
13491
+ end
13492
+ end
13493
+
13494
+ # DescribePrivilegeEventInfo返回参数结构体
13495
+ class DescribePrivilegeEventInfoResponse < TencentCloud::Common::AbstractModel
13496
+ # @param PrivilegeEventInfo: 本地提权详情
13497
+ # 注意:此字段可能返回 null,表示取不到有效值。
13498
+ # @type PrivilegeEventInfo: :class:`Tencentcloud::Cwp.v20180228.models.PrivilegeEventInfo`
13499
+ # @param RequestId: 唯一请求 ID,每次请求都会返回。定位问题时需要提供该次请求的 RequestId。
13500
+ # @type RequestId: String
13501
+
13502
+ attr_accessor :PrivilegeEventInfo, :RequestId
13503
+
13504
+ def initialize(privilegeeventinfo=nil, requestid=nil)
13505
+ @PrivilegeEventInfo = privilegeeventinfo
13506
+ @RequestId = requestid
13507
+ end
13508
+
13509
+ def deserialize(params)
13510
+ unless params['PrivilegeEventInfo'].nil?
13511
+ @PrivilegeEventInfo = PrivilegeEventInfo.new
13512
+ @PrivilegeEventInfo.deserialize(params['PrivilegeEventInfo'])
13513
+ end
13514
+ @RequestId = params['RequestId']
13515
+ end
13516
+ end
13517
+
13237
13518
  # DescribePrivilegeEvents请求参数结构体
13238
13519
  class DescribePrivilegeEventsRequest < TencentCloud::Common::AbstractModel
13239
13520
  # @param Limit: 返回数量,最大值为100。
@@ -13723,6 +14004,46 @@ module TencentCloud
13723
14004
  end
13724
14005
  end
13725
14006
 
14007
+ # DescribeReverseShellEventInfo请求参数结构体
14008
+ class DescribeReverseShellEventInfoRequest < TencentCloud::Common::AbstractModel
14009
+ # @param Id: 事件id
14010
+ # @type Id: Integer
14011
+
14012
+ attr_accessor :Id
14013
+
14014
+ def initialize(id=nil)
14015
+ @Id = id
14016
+ end
14017
+
14018
+ def deserialize(params)
14019
+ @Id = params['Id']
14020
+ end
14021
+ end
14022
+
14023
+ # DescribeReverseShellEventInfo返回参数结构体
14024
+ class DescribeReverseShellEventInfoResponse < TencentCloud::Common::AbstractModel
14025
+ # @param ReverseShellEventInfo: 反弹shell详情信息
14026
+ # 注意:此字段可能返回 null,表示取不到有效值。
14027
+ # @type ReverseShellEventInfo: :class:`Tencentcloud::Cwp.v20180228.models.ReverseShellEventInfo`
14028
+ # @param RequestId: 唯一请求 ID,每次请求都会返回。定位问题时需要提供该次请求的 RequestId。
14029
+ # @type RequestId: String
14030
+
14031
+ attr_accessor :ReverseShellEventInfo, :RequestId
14032
+
14033
+ def initialize(reverseshelleventinfo=nil, requestid=nil)
14034
+ @ReverseShellEventInfo = reverseshelleventinfo
14035
+ @RequestId = requestid
14036
+ end
14037
+
14038
+ def deserialize(params)
14039
+ unless params['ReverseShellEventInfo'].nil?
14040
+ @ReverseShellEventInfo = ReverseShellEventInfo.new
14041
+ @ReverseShellEventInfo.deserialize(params['ReverseShellEventInfo'])
14042
+ end
14043
+ @RequestId = params['RequestId']
14044
+ end
14045
+ end
14046
+
13726
14047
  # DescribeReverseShellEvents请求参数结构体
13727
14048
  class DescribeReverseShellEventsRequest < TencentCloud::Common::AbstractModel
13728
14049
  # @param Limit: 返回数量,最大值为100。
@@ -13857,6 +14178,46 @@ module TencentCloud
13857
14178
  end
13858
14179
  end
13859
14180
 
14181
+ # DescribeRiskDnsEventInfo请求参数结构体
14182
+ class DescribeRiskDnsEventInfoRequest < TencentCloud::Common::AbstractModel
14183
+ # @param Id: 恶意请求事件Id
14184
+ # @type Id: Integer
14185
+
14186
+ attr_accessor :Id
14187
+
14188
+ def initialize(id=nil)
14189
+ @Id = id
14190
+ end
14191
+
14192
+ def deserialize(params)
14193
+ @Id = params['Id']
14194
+ end
14195
+ end
14196
+
14197
+ # DescribeRiskDnsEventInfo返回参数结构体
14198
+ class DescribeRiskDnsEventInfoResponse < TencentCloud::Common::AbstractModel
14199
+ # @param Info: 恶意请求事件详情
14200
+ # 注意:此字段可能返回 null,表示取不到有效值。
14201
+ # @type Info: :class:`Tencentcloud::Cwp.v20180228.models.RiskDnsEvent`
14202
+ # @param RequestId: 唯一请求 ID,每次请求都会返回。定位问题时需要提供该次请求的 RequestId。
14203
+ # @type RequestId: String
14204
+
14205
+ attr_accessor :Info, :RequestId
14206
+
14207
+ def initialize(info=nil, requestid=nil)
14208
+ @Info = info
14209
+ @RequestId = requestid
14210
+ end
14211
+
14212
+ def deserialize(params)
14213
+ unless params['Info'].nil?
14214
+ @Info = RiskDnsEvent.new
14215
+ @Info.deserialize(params['Info'])
14216
+ end
14217
+ @RequestId = params['RequestId']
14218
+ end
14219
+ end
14220
+
13860
14221
  # DescribeRiskDnsEventList请求参数结构体
13861
14222
  class DescribeRiskDnsEventListRequest < TencentCloud::Common::AbstractModel
13862
14223
  # @param Filters: <li>IpOrName - String - 是否必填:否 - 主机Ip或别名筛选</li>
@@ -15474,21 +15835,73 @@ module TencentCloud
15474
15835
  end
15475
15836
  end
15476
15837
 
15477
- # DescribeVulCountByDates请求参数结构体
15478
- class DescribeVulCountByDatesRequest < TencentCloud::Common::AbstractModel
15479
- # @param LastDays: 需要查询最近几天的数据,需要都 -1后传入
15480
- # @type LastDays: Array
15481
- # @param VulCategory: 漏洞的分类: 1: web-cms漏洞 2:应用漏洞 4: Linux软件漏洞 5: Windows系统漏洞
15482
- # @type VulCategory: Integer
15483
- # @param IfEmergency: 是否为应急漏洞筛选 是: yes
15484
- # @type IfEmergency: String
15838
+ # DescribeVertexDetail请求参数结构体
15839
+ class DescribeVertexDetailRequest < TencentCloud::Common::AbstractModel
15840
+ # @param VertexIds: 点id列表
15841
+ # @type VertexIds: Array
15842
+ # @param IncidentId: 事件id
15843
+ # @type IncidentId: String
15844
+ # @param TableName: 事件所在表名
15845
+ # @type TableName: String
15485
15846
 
15486
- attr_accessor :LastDays, :VulCategory, :IfEmergency
15847
+ attr_accessor :VertexIds, :IncidentId, :TableName
15487
15848
 
15488
- def initialize(lastdays=nil, vulcategory=nil, ifemergency=nil)
15489
- @LastDays = lastdays
15490
- @VulCategory = vulcategory
15491
- @IfEmergency = ifemergency
15849
+ def initialize(vertexids=nil, incidentid=nil, tablename=nil)
15850
+ @VertexIds = vertexids
15851
+ @IncidentId = incidentid
15852
+ @TableName = tablename
15853
+ end
15854
+
15855
+ def deserialize(params)
15856
+ @VertexIds = params['VertexIds']
15857
+ @IncidentId = params['IncidentId']
15858
+ @TableName = params['TableName']
15859
+ end
15860
+ end
15861
+
15862
+ # DescribeVertexDetail返回参数结构体
15863
+ class DescribeVertexDetailResponse < TencentCloud::Common::AbstractModel
15864
+ # @param VertexDetails: 指定点列表的属性信息
15865
+ # 注意:此字段可能返回 null,表示取不到有效值。
15866
+ # @type VertexDetails: Array
15867
+ # @param RequestId: 唯一请求 ID,每次请求都会返回。定位问题时需要提供该次请求的 RequestId。
15868
+ # @type RequestId: String
15869
+
15870
+ attr_accessor :VertexDetails, :RequestId
15871
+
15872
+ def initialize(vertexdetails=nil, requestid=nil)
15873
+ @VertexDetails = vertexdetails
15874
+ @RequestId = requestid
15875
+ end
15876
+
15877
+ def deserialize(params)
15878
+ unless params['VertexDetails'].nil?
15879
+ @VertexDetails = []
15880
+ params['VertexDetails'].each do |i|
15881
+ vertexdetail_tmp = VertexDetail.new
15882
+ vertexdetail_tmp.deserialize(i)
15883
+ @VertexDetails << vertexdetail_tmp
15884
+ end
15885
+ end
15886
+ @RequestId = params['RequestId']
15887
+ end
15888
+ end
15889
+
15890
+ # DescribeVulCountByDates请求参数结构体
15891
+ class DescribeVulCountByDatesRequest < TencentCloud::Common::AbstractModel
15892
+ # @param LastDays: 需要查询最近几天的数据,需要都 -1后传入
15893
+ # @type LastDays: Array
15894
+ # @param VulCategory: 漏洞的分类: 1: web-cms漏洞 2:应用漏洞 4: Linux软件漏洞 5: Windows系统漏洞
15895
+ # @type VulCategory: Integer
15896
+ # @param IfEmergency: 是否为应急漏洞筛选 是: yes
15897
+ # @type IfEmergency: String
15898
+
15899
+ attr_accessor :LastDays, :VulCategory, :IfEmergency
15900
+
15901
+ def initialize(lastdays=nil, vulcategory=nil, ifemergency=nil)
15902
+ @LastDays = lastdays
15903
+ @VulCategory = vulcategory
15904
+ @IfEmergency = ifemergency
15492
15905
  end
15493
15906
 
15494
15907
  def deserialize(params)
@@ -18246,6 +18659,173 @@ module TencentCloud
18246
18659
  end
18247
18660
  end
18248
18661
 
18662
+ # 核心文件监控事件
18663
+ class FileTamperEvent < TencentCloud::Common::AbstractModel
18664
+ # @param HostName: 机器名称
18665
+ # @type HostName: String
18666
+ # @param HostIp: 机器IP
18667
+ # @type HostIp: String
18668
+ # @param CreateTime: 发生时间
18669
+ # @type CreateTime: String
18670
+ # @param ModifyTime: 最近发生时间
18671
+ # @type ModifyTime: String
18672
+ # @param Id: 事件id
18673
+ # @type Id: Integer
18674
+ # @param Uuid: 主机uuid
18675
+ # @type Uuid: String
18676
+ # @param Quuid: cvm id
18677
+ # @type Quuid: String
18678
+ # @param Type: 事件类型/动作 0 -- 告警
18679
+ # @type Type: Integer
18680
+ # @param ProcessExe: 进程路径
18681
+ # @type ProcessExe: String
18682
+ # @param ProcessArgv: 进程参数
18683
+ # @type ProcessArgv: String
18684
+ # @param Target: 目标文件路径
18685
+ # @type Target: String
18686
+ # @param Status: 处理状态 0 -- 待处理 1 -- 已加白 2 -- 已删除 3 - 已忽略 4-已手动处理
18687
+ # @type Status: Integer
18688
+ # @param EventCount: 事件产生次数
18689
+ # @type EventCount: Integer
18690
+ # @param RuleId: 规则id
18691
+ # @type RuleId: Integer
18692
+ # @param RuleName: 规则名称
18693
+ # @type RuleName: String
18694
+ # @param Pstree: 事件详情: json格式
18695
+ # @type Pstree: String
18696
+ # @param RuleCategory: 规则类型 0系统规则 1自定义规则
18697
+ # @type RuleCategory: Integer
18698
+ # @param MachineStatus: 主机在线信息 ONLINE、OFFLINE
18699
+ # @type MachineStatus: String
18700
+ # @param Description: 危害描述
18701
+ # @type Description: String
18702
+ # @param Suggestion: 修护建议
18703
+ # @type Suggestion: String
18704
+ # @param PrivateIp: 内网ip
18705
+ # @type PrivateIp: String
18706
+ # @param ExePermission: 进程权限
18707
+ # @type ExePermission: String
18708
+ # @param UserName: 用户名
18709
+ # @type UserName: String
18710
+ # @param UserGroup: 用户组
18711
+ # @type UserGroup: String
18712
+ # @param ExeMd5: 进程名
18713
+ # @type ExeMd5: String
18714
+ # @param ExeSize: 进程文件大小
18715
+ # @type ExeSize: Integer
18716
+ # @param ExeTime: 进程执行时长
18717
+ # @type ExeTime: Integer
18718
+ # @param TargetSize: 目标文件大小
18719
+ # @type TargetSize: Integer
18720
+ # @param TargetPermission: 目标文件权限
18721
+ # @type TargetPermission: String
18722
+ # @param TargetModifyTime: 目标文件更新时间
18723
+ # 注意:此字段可能返回 null,表示取不到有效值。
18724
+ # @type TargetModifyTime: String
18725
+ # @param TargetCreatTime: 目标文件创建时间
18726
+ # 注意:此字段可能返回 null,表示取不到有效值。
18727
+ # @type TargetCreatTime: String
18728
+ # @param ExePid: 进程pid
18729
+ # @type ExePid: Integer
18730
+ # @param TargetName: 文件名称
18731
+ # @type TargetName: String
18732
+ # @param Reference: 参考链接
18733
+ # @type Reference: String
18734
+ # @param Level: 风险等级 0:无, 1: 高危, 2:中危, 3: 低危
18735
+ # @type Level: Integer
18736
+ # @param ExeName: 进程名称
18737
+ # 注意:此字段可能返回 null,表示取不到有效值。
18738
+ # @type ExeName: String
18739
+ # @param MachineExtraInfo: 主机额外信息
18740
+ # 注意:此字段可能返回 null,表示取不到有效值。
18741
+ # @type MachineExtraInfo: :class:`Tencentcloud::Cwp.v20180228.models.MachineExtraInfo`
18742
+
18743
+ attr_accessor :HostName, :HostIp, :CreateTime, :ModifyTime, :Id, :Uuid, :Quuid, :Type, :ProcessExe, :ProcessArgv, :Target, :Status, :EventCount, :RuleId, :RuleName, :Pstree, :RuleCategory, :MachineStatus, :Description, :Suggestion, :PrivateIp, :ExePermission, :UserName, :UserGroup, :ExeMd5, :ExeSize, :ExeTime, :TargetSize, :TargetPermission, :TargetModifyTime, :TargetCreatTime, :ExePid, :TargetName, :Reference, :Level, :ExeName, :MachineExtraInfo
18744
+
18745
+ def initialize(hostname=nil, hostip=nil, createtime=nil, modifytime=nil, id=nil, uuid=nil, quuid=nil, type=nil, processexe=nil, processargv=nil, target=nil, status=nil, eventcount=nil, ruleid=nil, rulename=nil, pstree=nil, rulecategory=nil, machinestatus=nil, description=nil, suggestion=nil, privateip=nil, exepermission=nil, username=nil, usergroup=nil, exemd5=nil, exesize=nil, exetime=nil, targetsize=nil, targetpermission=nil, targetmodifytime=nil, targetcreattime=nil, exepid=nil, targetname=nil, reference=nil, level=nil, exename=nil, machineextrainfo=nil)
18746
+ @HostName = hostname
18747
+ @HostIp = hostip
18748
+ @CreateTime = createtime
18749
+ @ModifyTime = modifytime
18750
+ @Id = id
18751
+ @Uuid = uuid
18752
+ @Quuid = quuid
18753
+ @Type = type
18754
+ @ProcessExe = processexe
18755
+ @ProcessArgv = processargv
18756
+ @Target = target
18757
+ @Status = status
18758
+ @EventCount = eventcount
18759
+ @RuleId = ruleid
18760
+ @RuleName = rulename
18761
+ @Pstree = pstree
18762
+ @RuleCategory = rulecategory
18763
+ @MachineStatus = machinestatus
18764
+ @Description = description
18765
+ @Suggestion = suggestion
18766
+ @PrivateIp = privateip
18767
+ @ExePermission = exepermission
18768
+ @UserName = username
18769
+ @UserGroup = usergroup
18770
+ @ExeMd5 = exemd5
18771
+ @ExeSize = exesize
18772
+ @ExeTime = exetime
18773
+ @TargetSize = targetsize
18774
+ @TargetPermission = targetpermission
18775
+ @TargetModifyTime = targetmodifytime
18776
+ @TargetCreatTime = targetcreattime
18777
+ @ExePid = exepid
18778
+ @TargetName = targetname
18779
+ @Reference = reference
18780
+ @Level = level
18781
+ @ExeName = exename
18782
+ @MachineExtraInfo = machineextrainfo
18783
+ end
18784
+
18785
+ def deserialize(params)
18786
+ @HostName = params['HostName']
18787
+ @HostIp = params['HostIp']
18788
+ @CreateTime = params['CreateTime']
18789
+ @ModifyTime = params['ModifyTime']
18790
+ @Id = params['Id']
18791
+ @Uuid = params['Uuid']
18792
+ @Quuid = params['Quuid']
18793
+ @Type = params['Type']
18794
+ @ProcessExe = params['ProcessExe']
18795
+ @ProcessArgv = params['ProcessArgv']
18796
+ @Target = params['Target']
18797
+ @Status = params['Status']
18798
+ @EventCount = params['EventCount']
18799
+ @RuleId = params['RuleId']
18800
+ @RuleName = params['RuleName']
18801
+ @Pstree = params['Pstree']
18802
+ @RuleCategory = params['RuleCategory']
18803
+ @MachineStatus = params['MachineStatus']
18804
+ @Description = params['Description']
18805
+ @Suggestion = params['Suggestion']
18806
+ @PrivateIp = params['PrivateIp']
18807
+ @ExePermission = params['ExePermission']
18808
+ @UserName = params['UserName']
18809
+ @UserGroup = params['UserGroup']
18810
+ @ExeMd5 = params['ExeMd5']
18811
+ @ExeSize = params['ExeSize']
18812
+ @ExeTime = params['ExeTime']
18813
+ @TargetSize = params['TargetSize']
18814
+ @TargetPermission = params['TargetPermission']
18815
+ @TargetModifyTime = params['TargetModifyTime']
18816
+ @TargetCreatTime = params['TargetCreatTime']
18817
+ @ExePid = params['ExePid']
18818
+ @TargetName = params['TargetName']
18819
+ @Reference = params['Reference']
18820
+ @Level = params['Level']
18821
+ @ExeName = params['ExeName']
18822
+ unless params['MachineExtraInfo'].nil?
18823
+ @MachineExtraInfo = MachineExtraInfo.new
18824
+ @MachineExtraInfo.deserialize(params['MachineExtraInfo'])
18825
+ end
18826
+ end
18827
+ end
18828
+
18249
18829
  # 描述键值对过滤器,用于条件过滤查询。例如过滤ID、名称、状态等
18250
18830
 
18251
18831
  # 若存在多个Filter时,Filter间的关系为逻辑与(AND)关系。
@@ -18453,10 +19033,13 @@ module TencentCloud
18453
19033
  # @param MachineExtraInfo: 附加信息
18454
19034
  # 注意:此字段可能返回 null,表示取不到有效值。
18455
19035
  # @type MachineExtraInfo: :class:`Tencentcloud::Cwp.v20180228.models.MachineExtraInfo`
19036
+ # @param Port: 请求目的端口
19037
+ # 注意:此字段可能返回 null,表示取不到有效值。
19038
+ # @type Port: Integer
18456
19039
 
18457
- attr_accessor :Id, :Uuid, :MachineIp, :MachineName, :UserName, :SrcIp, :Status, :Country, :City, :Province, :LoginTime, :ModifyTime, :IsRiskArea, :IsRiskUser, :IsRiskTime, :IsRiskSrcIp, :RiskLevel, :Location, :Quuid, :Desc, :MachineExtraInfo
19040
+ attr_accessor :Id, :Uuid, :MachineIp, :MachineName, :UserName, :SrcIp, :Status, :Country, :City, :Province, :LoginTime, :ModifyTime, :IsRiskArea, :IsRiskUser, :IsRiskTime, :IsRiskSrcIp, :RiskLevel, :Location, :Quuid, :Desc, :MachineExtraInfo, :Port
18458
19041
 
18459
- def initialize(id=nil, uuid=nil, machineip=nil, machinename=nil, username=nil, srcip=nil, status=nil, country=nil, city=nil, province=nil, logintime=nil, modifytime=nil, isriskarea=nil, isriskuser=nil, isrisktime=nil, isrisksrcip=nil, risklevel=nil, location=nil, quuid=nil, desc=nil, machineextrainfo=nil)
19042
+ def initialize(id=nil, uuid=nil, machineip=nil, machinename=nil, username=nil, srcip=nil, status=nil, country=nil, city=nil, province=nil, logintime=nil, modifytime=nil, isriskarea=nil, isriskuser=nil, isrisktime=nil, isrisksrcip=nil, risklevel=nil, location=nil, quuid=nil, desc=nil, machineextrainfo=nil, port=nil)
18460
19043
  @Id = id
18461
19044
  @Uuid = uuid
18462
19045
  @MachineIp = machineip
@@ -18478,6 +19061,7 @@ module TencentCloud
18478
19061
  @Quuid = quuid
18479
19062
  @Desc = desc
18480
19063
  @MachineExtraInfo = machineextrainfo
19064
+ @Port = port
18481
19065
  end
18482
19066
 
18483
19067
  def deserialize(params)
@@ -18505,6 +19089,7 @@ module TencentCloud
18505
19089
  @MachineExtraInfo = MachineExtraInfo.new
18506
19090
  @MachineExtraInfo.deserialize(params['MachineExtraInfo'])
18507
19091
  end
19092
+ @Port = params['Port']
18508
19093
  end
18509
19094
  end
18510
19095
 
@@ -18661,6 +19246,45 @@ module TencentCloud
18661
19246
  end
18662
19247
  end
18663
19248
 
19249
+ # 事件点信息
19250
+ class IncidentVertexInfo < TencentCloud::Common::AbstractModel
19251
+ # @param IncidentId: 事件id
19252
+ # 注意:此字段可能返回 null,表示取不到有效值。
19253
+ # @type IncidentId: String
19254
+ # @param TableName: 事件所在表名
19255
+ # 注意:此字段可能返回 null,表示取不到有效值。
19256
+ # @type TableName: String
19257
+ # @param Vertex: 节点信息列表,数组项中包含节点详细信息
19258
+ # 注意:此字段可能返回 null,表示取不到有效值。
19259
+ # @type Vertex: Array
19260
+ # @param VertexCount: 节点总个数
19261
+ # 注意:此字段可能返回 null,表示取不到有效值。
19262
+ # @type VertexCount: Integer
19263
+
19264
+ attr_accessor :IncidentId, :TableName, :Vertex, :VertexCount
19265
+
19266
+ def initialize(incidentid=nil, tablename=nil, vertex=nil, vertexcount=nil)
19267
+ @IncidentId = incidentid
19268
+ @TableName = tablename
19269
+ @Vertex = vertex
19270
+ @VertexCount = vertexcount
19271
+ end
19272
+
19273
+ def deserialize(params)
19274
+ @IncidentId = params['IncidentId']
19275
+ @TableName = params['TableName']
19276
+ unless params['Vertex'].nil?
19277
+ @Vertex = []
19278
+ params['Vertex'].each do |i|
19279
+ vertexinfo_tmp = VertexInfo.new
19280
+ vertexinfo_tmp.deserialize(i)
19281
+ @Vertex << vertexinfo_tmp
19282
+ end
19283
+ end
19284
+ @VertexCount = params['VertexCount']
19285
+ end
19286
+ end
19287
+
18664
19288
  # 项
18665
19289
  class Item < TencentCloud::Common::AbstractModel
18666
19290
  # @param ItemId: Id
@@ -20631,10 +21255,13 @@ module TencentCloud
20631
21255
  # @param MachineExtraInfo: 附加信息
20632
21256
  # 注意:此字段可能返回 null,表示取不到有效值。
20633
21257
  # @type MachineExtraInfo: :class:`Tencentcloud::Cwp.v20180228.models.MachineExtraInfo`
21258
+ # @param Pid: 进程id
21259
+ # 注意:此字段可能返回 null,表示取不到有效值。
21260
+ # @type Pid: Integer
20634
21261
 
20635
- attr_accessor :Id, :Uuid, :Quuid, :Hostip, :ProcessName, :FullPath, :CmdLine, :UserName, :UserGroup, :ProcFilePrivilege, :ParentProcName, :ParentProcUser, :ParentProcGroup, :ParentProcPath, :ProcTree, :Status, :CreateTime, :MachineName, :MachineExtraInfo
21262
+ attr_accessor :Id, :Uuid, :Quuid, :Hostip, :ProcessName, :FullPath, :CmdLine, :UserName, :UserGroup, :ProcFilePrivilege, :ParentProcName, :ParentProcUser, :ParentProcGroup, :ParentProcPath, :ProcTree, :Status, :CreateTime, :MachineName, :MachineExtraInfo, :Pid
20636
21263
 
20637
- def initialize(id=nil, uuid=nil, quuid=nil, hostip=nil, processname=nil, fullpath=nil, cmdline=nil, username=nil, usergroup=nil, procfileprivilege=nil, parentprocname=nil, parentprocuser=nil, parentprocgroup=nil, parentprocpath=nil, proctree=nil, status=nil, createtime=nil, machinename=nil, machineextrainfo=nil)
21264
+ def initialize(id=nil, uuid=nil, quuid=nil, hostip=nil, processname=nil, fullpath=nil, cmdline=nil, username=nil, usergroup=nil, procfileprivilege=nil, parentprocname=nil, parentprocuser=nil, parentprocgroup=nil, parentprocpath=nil, proctree=nil, status=nil, createtime=nil, machinename=nil, machineextrainfo=nil, pid=nil)
20638
21265
  @Id = id
20639
21266
  @Uuid = uuid
20640
21267
  @Quuid = quuid
@@ -20654,6 +21281,7 @@ module TencentCloud
20654
21281
  @CreateTime = createtime
20655
21282
  @MachineName = machinename
20656
21283
  @MachineExtraInfo = machineextrainfo
21284
+ @Pid = pid
20657
21285
  end
20658
21286
 
20659
21287
  def deserialize(params)
@@ -20679,6 +21307,123 @@ module TencentCloud
20679
21307
  @MachineExtraInfo = MachineExtraInfo.new
20680
21308
  @MachineExtraInfo.deserialize(params['MachineExtraInfo'])
20681
21309
  end
21310
+ @Pid = params['Pid']
21311
+ end
21312
+ end
21313
+
21314
+ # 本地提权数据
21315
+ class PrivilegeEventInfo < TencentCloud::Common::AbstractModel
21316
+ # @param Id: 数据ID
21317
+ # @type Id: Integer
21318
+ # @param Uuid: 云镜ID
21319
+ # @type Uuid: String
21320
+ # @param Quuid: 主机ID
21321
+ # @type Quuid: String
21322
+ # @param HostIp: 主机内网IP
21323
+ # @type HostIp: String
21324
+ # @param ProcessName: 进程名
21325
+ # @type ProcessName: String
21326
+ # @param FullPath: 进程路径
21327
+ # @type FullPath: String
21328
+ # @param CmdLine: 执行命令
21329
+ # @type CmdLine: String
21330
+ # @param UserName: 用户名
21331
+ # @type UserName: String
21332
+ # @param UserGroup: 用户组
21333
+ # @type UserGroup: String
21334
+ # @param ProcFilePrivilege: 进程文件权限
21335
+ # @type ProcFilePrivilege: String
21336
+ # @param ParentProcName: 父进程名
21337
+ # @type ParentProcName: String
21338
+ # @param ParentProcUser: 父进程用户名
21339
+ # @type ParentProcUser: String
21340
+ # @param ParentProcGroup: 父进程用户组
21341
+ # @type ParentProcGroup: String
21342
+ # @param ParentProcPath: 父进程路径
21343
+ # @type ParentProcPath: String
21344
+ # @param PsTree: 进程树 json pid:进程id,exe:文件路径 ,account:进程所属用组和用户 ,cmdline:执行命令,ssh_service: SSH服务ip, ssh_soure:登录源
21345
+ # @type PsTree: String
21346
+ # @param Status: 处理状态:0-待处理 2-白名单 3-已处理 4-已忽略
21347
+ # @type Status: Integer
21348
+ # @param CreateTime: 发生时间
21349
+ # @type CreateTime: String
21350
+ # @param MachineName: 机器名
21351
+ # @type MachineName: String
21352
+ # @param SuggestScheme: 建议方案
21353
+ # @type SuggestScheme: String
21354
+ # @param HarmDescribe: 危害描述信息
21355
+ # @type HarmDescribe: String
21356
+ # @param Tags: 标签
21357
+ # @type Tags: Array
21358
+ # @param References: 参考链接
21359
+ # @type References: Array
21360
+ # @param MachineWanIp: 主机外网ip
21361
+ # @type MachineWanIp: String
21362
+ # @param NewCaps: 权限列表|隔开
21363
+ # @type NewCaps: String
21364
+ # @param MachineStatus: 主机在线状态 OFFLINE ONLINE
21365
+ # @type MachineStatus: String
21366
+ # @param ModifyTime: 处理时间
21367
+ # @type ModifyTime: String
21368
+
21369
+ attr_accessor :Id, :Uuid, :Quuid, :HostIp, :ProcessName, :FullPath, :CmdLine, :UserName, :UserGroup, :ProcFilePrivilege, :ParentProcName, :ParentProcUser, :ParentProcGroup, :ParentProcPath, :PsTree, :Status, :CreateTime, :MachineName, :SuggestScheme, :HarmDescribe, :Tags, :References, :MachineWanIp, :NewCaps, :MachineStatus, :ModifyTime
21370
+
21371
+ def initialize(id=nil, uuid=nil, quuid=nil, hostip=nil, processname=nil, fullpath=nil, cmdline=nil, username=nil, usergroup=nil, procfileprivilege=nil, parentprocname=nil, parentprocuser=nil, parentprocgroup=nil, parentprocpath=nil, pstree=nil, status=nil, createtime=nil, machinename=nil, suggestscheme=nil, harmdescribe=nil, tags=nil, references=nil, machinewanip=nil, newcaps=nil, machinestatus=nil, modifytime=nil)
21372
+ @Id = id
21373
+ @Uuid = uuid
21374
+ @Quuid = quuid
21375
+ @HostIp = hostip
21376
+ @ProcessName = processname
21377
+ @FullPath = fullpath
21378
+ @CmdLine = cmdline
21379
+ @UserName = username
21380
+ @UserGroup = usergroup
21381
+ @ProcFilePrivilege = procfileprivilege
21382
+ @ParentProcName = parentprocname
21383
+ @ParentProcUser = parentprocuser
21384
+ @ParentProcGroup = parentprocgroup
21385
+ @ParentProcPath = parentprocpath
21386
+ @PsTree = pstree
21387
+ @Status = status
21388
+ @CreateTime = createtime
21389
+ @MachineName = machinename
21390
+ @SuggestScheme = suggestscheme
21391
+ @HarmDescribe = harmdescribe
21392
+ @Tags = tags
21393
+ @References = references
21394
+ @MachineWanIp = machinewanip
21395
+ @NewCaps = newcaps
21396
+ @MachineStatus = machinestatus
21397
+ @ModifyTime = modifytime
21398
+ end
21399
+
21400
+ def deserialize(params)
21401
+ @Id = params['Id']
21402
+ @Uuid = params['Uuid']
21403
+ @Quuid = params['Quuid']
21404
+ @HostIp = params['HostIp']
21405
+ @ProcessName = params['ProcessName']
21406
+ @FullPath = params['FullPath']
21407
+ @CmdLine = params['CmdLine']
21408
+ @UserName = params['UserName']
21409
+ @UserGroup = params['UserGroup']
21410
+ @ProcFilePrivilege = params['ProcFilePrivilege']
21411
+ @ParentProcName = params['ParentProcName']
21412
+ @ParentProcUser = params['ParentProcUser']
21413
+ @ParentProcGroup = params['ParentProcGroup']
21414
+ @ParentProcPath = params['ParentProcPath']
21415
+ @PsTree = params['PsTree']
21416
+ @Status = params['Status']
21417
+ @CreateTime = params['CreateTime']
21418
+ @MachineName = params['MachineName']
21419
+ @SuggestScheme = params['SuggestScheme']
21420
+ @HarmDescribe = params['HarmDescribe']
21421
+ @Tags = params['Tags']
21422
+ @References = params['References']
21423
+ @MachineWanIp = params['MachineWanIp']
21424
+ @NewCaps = params['NewCaps']
21425
+ @MachineStatus = params['MachineStatus']
21426
+ @ModifyTime = params['ModifyTime']
20682
21427
  end
20683
21428
  end
20684
21429
 
@@ -21242,10 +21987,13 @@ module TencentCloud
21242
21987
  # @param MachineExtraInfo: 主机额外信息
21243
21988
  # 注意:此字段可能返回 null,表示取不到有效值。
21244
21989
  # @type MachineExtraInfo: :class:`Tencentcloud::Cwp.v20180228.models.MachineExtraInfo`
21990
+ # @param Pid: 进程id
21991
+ # 注意:此字段可能返回 null,表示取不到有效值。
21992
+ # @type Pid: Integer
21245
21993
 
21246
- attr_accessor :Id, :Uuid, :Quuid, :Hostip, :DstIp, :DstPort, :ProcessName, :FullPath, :CmdLine, :UserName, :UserGroup, :ParentProcName, :ParentProcUser, :ParentProcGroup, :ParentProcPath, :Status, :CreateTime, :MachineName, :ProcTree, :DetectBy, :MachineExtraInfo
21994
+ attr_accessor :Id, :Uuid, :Quuid, :Hostip, :DstIp, :DstPort, :ProcessName, :FullPath, :CmdLine, :UserName, :UserGroup, :ParentProcName, :ParentProcUser, :ParentProcGroup, :ParentProcPath, :Status, :CreateTime, :MachineName, :ProcTree, :DetectBy, :MachineExtraInfo, :Pid
21247
21995
 
21248
- def initialize(id=nil, uuid=nil, quuid=nil, hostip=nil, dstip=nil, dstport=nil, processname=nil, fullpath=nil, cmdline=nil, username=nil, usergroup=nil, parentprocname=nil, parentprocuser=nil, parentprocgroup=nil, parentprocpath=nil, status=nil, createtime=nil, machinename=nil, proctree=nil, detectby=nil, machineextrainfo=nil)
21996
+ def initialize(id=nil, uuid=nil, quuid=nil, hostip=nil, dstip=nil, dstport=nil, processname=nil, fullpath=nil, cmdline=nil, username=nil, usergroup=nil, parentprocname=nil, parentprocuser=nil, parentprocgroup=nil, parentprocpath=nil, status=nil, createtime=nil, machinename=nil, proctree=nil, detectby=nil, machineextrainfo=nil, pid=nil)
21249
21997
  @Id = id
21250
21998
  @Uuid = uuid
21251
21999
  @Quuid = quuid
@@ -21267,6 +22015,7 @@ module TencentCloud
21267
22015
  @ProcTree = proctree
21268
22016
  @DetectBy = detectby
21269
22017
  @MachineExtraInfo = machineextrainfo
22018
+ @Pid = pid
21270
22019
  end
21271
22020
 
21272
22021
  def deserialize(params)
@@ -21294,6 +22043,128 @@ module TencentCloud
21294
22043
  @MachineExtraInfo = MachineExtraInfo.new
21295
22044
  @MachineExtraInfo.deserialize(params['MachineExtraInfo'])
21296
22045
  end
22046
+ @Pid = params['Pid']
22047
+ end
22048
+ end
22049
+
22050
+ # 反弹Shell数据详情
22051
+ class ReverseShellEventInfo < TencentCloud::Common::AbstractModel
22052
+ # @param Id: ID 主键
22053
+ # @type Id: Integer
22054
+ # @param Uuid: 云镜UUID
22055
+ # @type Uuid: String
22056
+ # @param Quuid: 主机ID
22057
+ # @type Quuid: String
22058
+ # @param HostIp: 主机内网IP
22059
+ # @type HostIp: String
22060
+ # @param DstIp: 目标IP
22061
+ # @type DstIp: String
22062
+ # @param DstPort: 目标端口
22063
+ # @type DstPort: Integer
22064
+ # @param ProcessName: 进程名
22065
+ # @type ProcessName: String
22066
+ # @param FullPath: 进程路径
22067
+ # @type FullPath: String
22068
+ # @param CmdLine: 命令详情
22069
+ # @type CmdLine: String
22070
+ # @param UserName: 执行用户
22071
+ # @type UserName: String
22072
+ # @param UserGroup: 执行用户组
22073
+ # @type UserGroup: String
22074
+ # @param ParentProcName: 父进程名
22075
+ # @type ParentProcName: String
22076
+ # @param ParentProcUser: 父进程用户
22077
+ # @type ParentProcUser: String
22078
+ # @param ParentProcGroup: 父进程用户组
22079
+ # @type ParentProcGroup: String
22080
+ # @param ParentProcPath: 父进程路径
22081
+ # @type ParentProcPath: String
22082
+ # @param Status: 处理状态:0-待处理 2-白名单 3-已处理 4-已忽略
22083
+ # @type Status: Integer
22084
+ # @param CreateTime: 产生时间
22085
+ # @type CreateTime: String
22086
+ # @param MachineName: 主机名
22087
+ # @type MachineName: String
22088
+ # @param DetectBy: 检测方法
22089
+ # @type DetectBy: Integer
22090
+ # @param PsTree: 进程树 json pid:进程id,exe:文件路径 ,account:进程所属用组和用户 ,cmdline:执行命令,ssh_service: SSH服务ip, ssh_soure:登录源
22091
+ # 注意:此字段可能返回 null,表示取不到有效值。
22092
+ # @type PsTree: String
22093
+ # @param SuggestScheme: 建议方案
22094
+ # @type SuggestScheme: String
22095
+ # @param HarmDescribe: 描述
22096
+ # @type HarmDescribe: String
22097
+ # @param Tags: 标签
22098
+ # @type Tags: Array
22099
+ # @param References: 参考链接
22100
+ # @type References: Array
22101
+ # @param MachineWanIp: 主机外网ip
22102
+ # @type MachineWanIp: String
22103
+ # @param MachineStatus: 主机在线状态 OFFLINE ONLINE
22104
+ # @type MachineStatus: String
22105
+ # @param ModifyTime: 处理时间
22106
+ # @type ModifyTime: String
22107
+
22108
+ attr_accessor :Id, :Uuid, :Quuid, :HostIp, :DstIp, :DstPort, :ProcessName, :FullPath, :CmdLine, :UserName, :UserGroup, :ParentProcName, :ParentProcUser, :ParentProcGroup, :ParentProcPath, :Status, :CreateTime, :MachineName, :DetectBy, :PsTree, :SuggestScheme, :HarmDescribe, :Tags, :References, :MachineWanIp, :MachineStatus, :ModifyTime
22109
+
22110
+ def initialize(id=nil, uuid=nil, quuid=nil, hostip=nil, dstip=nil, dstport=nil, processname=nil, fullpath=nil, cmdline=nil, username=nil, usergroup=nil, parentprocname=nil, parentprocuser=nil, parentprocgroup=nil, parentprocpath=nil, status=nil, createtime=nil, machinename=nil, detectby=nil, pstree=nil, suggestscheme=nil, harmdescribe=nil, tags=nil, references=nil, machinewanip=nil, machinestatus=nil, modifytime=nil)
22111
+ @Id = id
22112
+ @Uuid = uuid
22113
+ @Quuid = quuid
22114
+ @HostIp = hostip
22115
+ @DstIp = dstip
22116
+ @DstPort = dstport
22117
+ @ProcessName = processname
22118
+ @FullPath = fullpath
22119
+ @CmdLine = cmdline
22120
+ @UserName = username
22121
+ @UserGroup = usergroup
22122
+ @ParentProcName = parentprocname
22123
+ @ParentProcUser = parentprocuser
22124
+ @ParentProcGroup = parentprocgroup
22125
+ @ParentProcPath = parentprocpath
22126
+ @Status = status
22127
+ @CreateTime = createtime
22128
+ @MachineName = machinename
22129
+ @DetectBy = detectby
22130
+ @PsTree = pstree
22131
+ @SuggestScheme = suggestscheme
22132
+ @HarmDescribe = harmdescribe
22133
+ @Tags = tags
22134
+ @References = references
22135
+ @MachineWanIp = machinewanip
22136
+ @MachineStatus = machinestatus
22137
+ @ModifyTime = modifytime
22138
+ end
22139
+
22140
+ def deserialize(params)
22141
+ @Id = params['Id']
22142
+ @Uuid = params['Uuid']
22143
+ @Quuid = params['Quuid']
22144
+ @HostIp = params['HostIp']
22145
+ @DstIp = params['DstIp']
22146
+ @DstPort = params['DstPort']
22147
+ @ProcessName = params['ProcessName']
22148
+ @FullPath = params['FullPath']
22149
+ @CmdLine = params['CmdLine']
22150
+ @UserName = params['UserName']
22151
+ @UserGroup = params['UserGroup']
22152
+ @ParentProcName = params['ParentProcName']
22153
+ @ParentProcUser = params['ParentProcUser']
22154
+ @ParentProcGroup = params['ParentProcGroup']
22155
+ @ParentProcPath = params['ParentProcPath']
22156
+ @Status = params['Status']
22157
+ @CreateTime = params['CreateTime']
22158
+ @MachineName = params['MachineName']
22159
+ @DetectBy = params['DetectBy']
22160
+ @PsTree = params['PsTree']
22161
+ @SuggestScheme = params['SuggestScheme']
22162
+ @HarmDescribe = params['HarmDescribe']
22163
+ @Tags = params['Tags']
22164
+ @References = params['References']
22165
+ @MachineWanIp = params['MachineWanIp']
22166
+ @MachineStatus = params['MachineStatus']
22167
+ @ModifyTime = params['ModifyTime']
21297
22168
  end
21298
22169
  end
21299
22170
 
@@ -22745,6 +23616,196 @@ module TencentCloud
22745
23616
  end
22746
23617
  end
22747
23618
 
23619
+ # 点详细信息
23620
+ class VertexDetail < TencentCloud::Common::AbstractModel
23621
+ # @param Type: 该节点类型,进程:1;网络:2;文件:3;ssh:4
23622
+ # 注意:此字段可能返回 null,表示取不到有效值。
23623
+ # @type Type: Integer
23624
+ # @param Time: 各节点类型用到的时间,2022-11-29 00:00:00 格式
23625
+ # 注意:此字段可能返回 null,表示取不到有效值。
23626
+ # @type Time: String
23627
+ # @param AlarmInfo: 告警信息
23628
+ # 注意:此字段可能返回 null,表示取不到有效值。
23629
+ # @type AlarmInfo: Array
23630
+ # @param ProcName: 进程名,当该节点为进程时生效
23631
+ # 注意:此字段可能返回 null,表示取不到有效值。
23632
+ # @type ProcName: String
23633
+ # @param CmdLine: 命令行,当该节点为进程时生效
23634
+ # 注意:此字段可能返回 null,表示取不到有效值。
23635
+ # @type CmdLine: String
23636
+ # @param Pid: 进程id,当该节点为进程时生效
23637
+ # 注意:此字段可能返回 null,表示取不到有效值。
23638
+ # @type Pid: String
23639
+ # @param FileMd5: 文件md5,当该节点为文件时生效
23640
+ # 注意:此字段可能返回 null,表示取不到有效值。
23641
+ # @type FileMd5: String
23642
+ # @param FileContent: 文件写入内容,当该节点为文件时生效
23643
+ # 注意:此字段可能返回 null,表示取不到有效值。
23644
+ # @type FileContent: String
23645
+ # @param FilePath: 文件路径,当该节点为文件时生效
23646
+ # 注意:此字段可能返回 null,表示取不到有效值。
23647
+ # @type FilePath: String
23648
+ # @param FileCreateTime: 文件创建时间,当该节点为文件时生效
23649
+ # 注意:此字段可能返回 null,表示取不到有效值。
23650
+ # @type FileCreateTime: String
23651
+ # @param Address: 请求目的地址,当该节点为网络时生效
23652
+ # 注意:此字段可能返回 null,表示取不到有效值。
23653
+ # @type Address: String
23654
+ # @param DstPort: 目标端口,当该节点为网络时生效
23655
+ # 注意:此字段可能返回 null,表示取不到有效值。
23656
+ # @type DstPort: Integer
23657
+ # @param SrcIP: 登录源ip,当该节点为ssh时生效
23658
+ # 注意:此字段可能返回 null,表示取不到有效值。
23659
+ # @type SrcIP: String
23660
+ # @param User: 登录用户名用户组,当该节点为ssh时生效
23661
+ # 注意:此字段可能返回 null,表示取不到有效值。
23662
+ # @type User: String
23663
+ # @param VulName: 漏洞名称,当该节点为漏洞时生效
23664
+ # 注意:此字段可能返回 null,表示取不到有效值。
23665
+ # @type VulName: String
23666
+ # @param VulTime: 漏洞利用时间,当该节点为漏洞时生效
23667
+ # 注意:此字段可能返回 null,表示取不到有效值。
23668
+ # @type VulTime: String
23669
+ # @param HttpContent: http请求内容,当该节点为漏洞时生效
23670
+ # 注意:此字段可能返回 null,表示取不到有效值。
23671
+ # @type HttpContent: String
23672
+ # @param VulSrcIP: 漏洞利用者来源ip,当该节点为漏洞时生效
23673
+ # 注意:此字段可能返回 null,表示取不到有效值。
23674
+ # @type VulSrcIP: String
23675
+ # @param VertexId: 点id
23676
+ # 注意:此字段可能返回 null,表示取不到有效值。
23677
+ # @type VertexId: String
23678
+
23679
+ attr_accessor :Type, :Time, :AlarmInfo, :ProcName, :CmdLine, :Pid, :FileMd5, :FileContent, :FilePath, :FileCreateTime, :Address, :DstPort, :SrcIP, :User, :VulName, :VulTime, :HttpContent, :VulSrcIP, :VertexId
23680
+
23681
+ def initialize(type=nil, time=nil, alarminfo=nil, procname=nil, cmdline=nil, pid=nil, filemd5=nil, filecontent=nil, filepath=nil, filecreatetime=nil, address=nil, dstport=nil, srcip=nil, user=nil, vulname=nil, vultime=nil, httpcontent=nil, vulsrcip=nil, vertexid=nil)
23682
+ @Type = type
23683
+ @Time = time
23684
+ @AlarmInfo = alarminfo
23685
+ @ProcName = procname
23686
+ @CmdLine = cmdline
23687
+ @Pid = pid
23688
+ @FileMd5 = filemd5
23689
+ @FileContent = filecontent
23690
+ @FilePath = filepath
23691
+ @FileCreateTime = filecreatetime
23692
+ @Address = address
23693
+ @DstPort = dstport
23694
+ @SrcIP = srcip
23695
+ @User = user
23696
+ @VulName = vulname
23697
+ @VulTime = vultime
23698
+ @HttpContent = httpcontent
23699
+ @VulSrcIP = vulsrcip
23700
+ @VertexId = vertexid
23701
+ end
23702
+
23703
+ def deserialize(params)
23704
+ @Type = params['Type']
23705
+ @Time = params['Time']
23706
+ unless params['AlarmInfo'].nil?
23707
+ @AlarmInfo = []
23708
+ params['AlarmInfo'].each do |i|
23709
+ alarminfo_tmp = AlarmInfo.new
23710
+ alarminfo_tmp.deserialize(i)
23711
+ @AlarmInfo << alarminfo_tmp
23712
+ end
23713
+ end
23714
+ @ProcName = params['ProcName']
23715
+ @CmdLine = params['CmdLine']
23716
+ @Pid = params['Pid']
23717
+ @FileMd5 = params['FileMd5']
23718
+ @FileContent = params['FileContent']
23719
+ @FilePath = params['FilePath']
23720
+ @FileCreateTime = params['FileCreateTime']
23721
+ @Address = params['Address']
23722
+ @DstPort = params['DstPort']
23723
+ @SrcIP = params['SrcIP']
23724
+ @User = params['User']
23725
+ @VulName = params['VulName']
23726
+ @VulTime = params['VulTime']
23727
+ @HttpContent = params['HttpContent']
23728
+ @VulSrcIP = params['VulSrcIP']
23729
+ @VertexId = params['VertexId']
23730
+ end
23731
+ end
23732
+
23733
+ # 攻击溯源节点信息
23734
+ class VertexInfo < TencentCloud::Common::AbstractModel
23735
+ # @param Type: 该结点类型,进程:1;网络:2;文件:3;ssh:4;
23736
+ # @type Type: Integer
23737
+ # @param Vid: 该节点包含的vid
23738
+ # @type Vid: String
23739
+ # @param ParentVid: 该节点的父节点vid
23740
+ # @type ParentVid: String
23741
+ # @param IsLeaf: 是否叶子
23742
+ # @type IsLeaf: Boolean
23743
+ # @param ProcNamePrefix: 进程名,当Type=1时使用
23744
+ # 注意:此字段可能返回 null,表示取不到有效值。
23745
+ # @type ProcNamePrefix: String
23746
+ # @param ProcNameMd5: 进程名md5,当Type=1时使用
23747
+ # 注意:此字段可能返回 null,表示取不到有效值。
23748
+ # @type ProcNameMd5: String
23749
+ # @param CmdLinePrefix: 命令行,当Type=1时使用
23750
+ # 注意:此字段可能返回 null,表示取不到有效值。
23751
+ # @type CmdLinePrefix: String
23752
+ # @param CmdLineMd5: 命令行md5,当Type=1时使用
23753
+ # 注意:此字段可能返回 null,表示取不到有效值。
23754
+ # @type CmdLineMd5: String
23755
+ # @param FilePathPrefix: 文件路径,当Type=3时使用
23756
+ # 注意:此字段可能返回 null,表示取不到有效值。
23757
+ # @type FilePathPrefix: String
23758
+ # @param AddressPrefix: 请求目的地址,当Type=2时使用
23759
+ # 注意:此字段可能返回 null,表示取不到有效值。
23760
+ # @type AddressPrefix: String
23761
+ # @param IsWeDetect: 是否漏洞节点
23762
+ # @type IsWeDetect: Boolean
23763
+ # @param IsAlarm: 是否告警节点
23764
+ # @type IsAlarm: Boolean
23765
+ # @param FilePathMd5: 文件路径md5,当Type=3时使用
23766
+ # 注意:此字段可能返回 null,表示取不到有效值。
23767
+ # @type FilePathMd5: String
23768
+ # @param AddressMd5: 请求目的地址md5,当Type=2时使用
23769
+ # 注意:此字段可能返回 null,表示取不到有效值。
23770
+ # @type AddressMd5: String
23771
+
23772
+ attr_accessor :Type, :Vid, :ParentVid, :IsLeaf, :ProcNamePrefix, :ProcNameMd5, :CmdLinePrefix, :CmdLineMd5, :FilePathPrefix, :AddressPrefix, :IsWeDetect, :IsAlarm, :FilePathMd5, :AddressMd5
23773
+
23774
+ def initialize(type=nil, vid=nil, parentvid=nil, isleaf=nil, procnameprefix=nil, procnamemd5=nil, cmdlineprefix=nil, cmdlinemd5=nil, filepathprefix=nil, addressprefix=nil, iswedetect=nil, isalarm=nil, filepathmd5=nil, addressmd5=nil)
23775
+ @Type = type
23776
+ @Vid = vid
23777
+ @ParentVid = parentvid
23778
+ @IsLeaf = isleaf
23779
+ @ProcNamePrefix = procnameprefix
23780
+ @ProcNameMd5 = procnamemd5
23781
+ @CmdLinePrefix = cmdlineprefix
23782
+ @CmdLineMd5 = cmdlinemd5
23783
+ @FilePathPrefix = filepathprefix
23784
+ @AddressPrefix = addressprefix
23785
+ @IsWeDetect = iswedetect
23786
+ @IsAlarm = isalarm
23787
+ @FilePathMd5 = filepathmd5
23788
+ @AddressMd5 = addressmd5
23789
+ end
23790
+
23791
+ def deserialize(params)
23792
+ @Type = params['Type']
23793
+ @Vid = params['Vid']
23794
+ @ParentVid = params['ParentVid']
23795
+ @IsLeaf = params['IsLeaf']
23796
+ @ProcNamePrefix = params['ProcNamePrefix']
23797
+ @ProcNameMd5 = params['ProcNameMd5']
23798
+ @CmdLinePrefix = params['CmdLinePrefix']
23799
+ @CmdLineMd5 = params['CmdLineMd5']
23800
+ @FilePathPrefix = params['FilePathPrefix']
23801
+ @AddressPrefix = params['AddressPrefix']
23802
+ @IsWeDetect = params['IsWeDetect']
23803
+ @IsAlarm = params['IsAlarm']
23804
+ @FilePathMd5 = params['FilePathMd5']
23805
+ @AddressMd5 = params['AddressMd5']
23806
+ end
23807
+ end
23808
+
22748
23809
  # 漏洞详细信息
22749
23810
  class VulDetailInfo < TencentCloud::Common::AbstractModel
22750
23811
  # @param VulId: 漏洞ID