Web Application Firewall (WAF) is integrated with ActionTrail. In the ActionTrail console, you can query the user-initiated events that are generated when you manage WAF resources. ActionTrail can deliver user-initiated events to Logstores in Log Service or Object Storage Service (OSS) buckets. This way, you can audit the events in real time and troubleshoot issues.
ActionTrail records the user-initiated events that are generated when you manage cloud resources by calling API operations or in the Alibaba Cloud Management Console. The following table describes the user-initiated events of WAF that you can query in the ActionTrail console.
Event | Description |
AddDependencies | A dependency is added. |
AddSasEcsRaspAgent | A Runtime Application Self Protection (RASP) agent is added for an Elastic Compute Service (ECS) instance that is connected to Security Center (SAS). |
BatchModifyIPPortRedirectionStatus | The traffic redirection status of multiple ports is modified at a time. |
CheckDomainCert | A domain name certificate is checked. |
ClearMajorProtectionBlackIp | An IP address blacklist for major event protection is cleared. |
CopyRuleGroup | A custom rule group is copied. |
Create | A resource is purchased on the buy page. |
CreateAclRule | A precise access control list (ACL) rule is created for a domain name. |
CreateAntiBotScene | An anti-bot scenario is created. |
CreateAntiBotTest | An anti-bot test is created. |
CreateApiExport | A task for exporting API security data is created. |
CreateAssetDomainExport | A task for exporting asset data is created. |
CreateAutoAccess | An automatic access is created. |
CreateAutoAccessDomain | A domain name that is automatically protected by WAF is added. |
CreateBotProtectionTest | A scenario-specific task is created. |
CreateBuildGroupApplication | A group build task is created. |
CreateCertAndKey | The certificate and private key for a domain name configuration record are uploaded. |
CreateCertificate | The certificate and private key for a domain name configuration record are uploaded. |
CreateCertificateByCertificateId | A certificate is created for a domain name based on the certificate ID. |
CreateCertUsingCertId | A certificate is created based on the certificate ID. |
CreateCloudNativeDomain | A cloud-native domain name that is protected by WAF in transparent proxy mode is added. |
CreateCloudNativeInstancePortRedirection | A port forwarding configuration is created for a cloud-native instance. |
CreateCopyRuleGroup | A rule group is created by copying an existing rule group. |
CreateCustomAssetDomain | A custom asset domain name is added. |
CreateDefenseResource | A protected object is created. |
CreateDefenseResourceGroup | A protected object group is created. |
CreateDefenseRule | A protection rule is created. |
CreateDefenseTemplate | A protection template is created. |
CreateDomain | A domain name is added. |
CreateDomainCertificates | A certificate is uploaded. |
CreateDomainConfig | A domain name is added. |
CreateDomainCustomRoutingRules | A hybrid cloud routing rule is created. |
CreateDomainDrainage | A domain name export task is created. |
CreateElasticityInstance | A pay-as-you-go instance is created. |
CreateEmptyLogstore | An empty Logstore is created. |
CreateGroupMember | A member is added to a group. |
CreateHybridCloudCluster | A hybrid cloud cluster is created. |
CreateHybridCloudGroup | A hybrid cloud group is created. |
CreateInstance | A WAF instance is created. |
CreateIPBlock | A custom IP address blacklist is created. |
CreateIPPortRedirection | Traffic redirection to WAF in transparent proxy mode is enabled for a port. |
CreateLogExportTask | A log export task is created. |
CreateMajorProtectionBlackIp | An IP address blacklist for major event protection is added. |
CreateOutputDomain | A domain name is added. |
CreatePostpaidInstance | A pay-as-you-go WAF instance connected to Content Delivery Network (CDN) is created. |
CreateProtectionModuleRule | A protection rule is created. |
CreateRuleGroup | A custom rule group is created. |
CreateSasApplication | A RASP-enabled SAS application is created. |
CreateSlsLogStore | A Logstore is created in Log Service. |
CreateSlsOpenOrder | Log Service is activated. |
CreateSlsResource | A Logstore is created. |
CreateTgw | An asset that is protected by WAF in transparent proxy mode is created. |
CreateVirtualClusterInstance | A virtual cluster instance is created. |
CreateWafCertificate | A certificate is uploaded. |
DeleteAclRule | A precise ACL rule of a domain name is deleted. |
DeleteAntiBotScene | An anti-bot scenario is deleted. |
DeleteAntiBotTest | An anti-bot test is deleted. |
DeleteBotProtectionTest | The results of a bot scenario test are deleted. |
DeleteCloudNativeDomain | A cloud-native domain name that is protected by WAF in transparent proxy mode is deleted. |
DeleteCloudNativeInstancePortRedirection | A port forwarding configuration of a cloud-native instance is deleted. |
DeleteDefenseResource | A protected object is deleted. |
DeleteDefenseResourceGroup | A protected object group is deleted. |
DeleteDefenseRule | A protection rule is deleted. |
DeleteDefenseTemplate | A protection template is deleted. |
DeleteDomain | A domain name is removed from WAF. |
DeleteDomainConfig | A domain name is removed from WAF. |
DeleteExpiredMajorProtectionBlackIp | An expired IP address blacklist for major event protection is deleted. |
DeleteHybridCloudGroup | A hybrid cloud group is deleted. |
DeleteInstance | A pay-as-you-go instance WAF instance or a subscription WAF instance that expires is released. |
DeleteIPPortRedirection | Traffic redirection to WAF in transparent proxy mode is disabled for a port. |
DeleteLogExportTask | A log export task is deleted. |
DeleteMajorProtectionBlackIp | An IP address blacklist for major event protection is deleted. |
DeleteOutputDomain | A domain name is removed. |
DeleteProtectionModuleRule | A rule of the protection configuration module is deleted. |
DeleteRuleGroup | A custom rule group is deleted. |
DeleteSasApplication | A RASP-enabled SAS application is deleted. |
DeleteTgw | An asset that is protected by WAF in transparent proxy mode is deleted. |
DescribeAccessMode | An access mode is queried. |
DescribeAccessWafSourcePvStatistics | The number of page views (PVs) on the origin server that is protected by WAF is queried. |
DescribeAccountSecurityEvents | Account security events are queried. |
DescribeAclAttackPv | The number of ACL-based attacks is queried. |
DescribeAclBlockRuleStatisticsInfo | The events that are triggered based on ACL rules are queried. |
DescribeAclRules | The precise ACL rules of a domain name are queried. |
DescribeAclStatisticsInfo | The statistics of the protection results of a custom ACL rule are queried. |
DescribeActiveApis | Active APIs are queried. |
DescribeActiveApisStatistics | The statistics of active APIs are queried. |
DescribeAgentFileInfo | The information about an agent file is queried. |
DescribeAntiBotIntelligenceInfos | The information about a bot threat intelligence library is queried. |
DescribeAntiBotRuleInfo | The information about an anti-bot rule is queried. |
DescribeAntiBotRuleStatisticsInfos | The statistics of an anti-bot rule are queried. |
DescribeAntiBotScene | The information about an anti-bot scenario is queried. |
DescribeAntiBotSceneCount | The number of anti-bot scenarios is queried. |
DescribeAntiBotSceneInfos | The information about multiple anti-bot scenarios is queried at a time. |
DescribeAntiBotSceneStatisticsInfos | The statistics of the protection results of anti-bot scenarios are queried. |
DescribeAntiBotStatisticsInfos | The statistics of the anti-bot protection results are queried. |
DescribeAntiBotTestResult | The results of an anti-bot test are queried. |
DescribeAntiscanBlockTypeStatisticsInfo | The types of reasons why access traffic is blocked by scan protection are queried. |
DescribeAntiscanStatisticsInfo | A curve chart of the number of total requests, blocked requests, and requests that match rules in monitoring mode is queried. |
DescribeApiAbnormalDetail | The details of an API vulnerability are queried. |
DescribeApiAbnormalResolveCount | The number of fixed vulnerabilities is queried. |
DescribeApiAbnormals | API vulnerabilities are queried. |
DescribeApiBasicInfo | The basic information about an API is queried. |
DescribeApiDetail | The details of an API are queried. |
DescribeApiEventDetail | The details of an API event are queried. |
DescribeApiEvents | WAF events are queried. |
DescribeApiEventStatistics | The statistics of WAF events are queried. |
DescribeApiExceptionEventDetail | The details of an API anomalous activity are queried. |
DescribeApiExceptionEvents | API anomalous activities are queried. |
DescribeApiExports | The tasks for exporting API security data are queried. |
DescribeApiRequestStatistics | The statistics of access requests to an API in the last 30 days are queried. |
DescribeApiRequestTopClient | The top clients that initiate the most access requests to an API in the last 30 days are queried. |
DescribeApiRequestTopIp | The top IP addresses that initiate the most access requests to an API in the last 30 days are queried. |
DescribeApiRequestTopRefer | The top 5 IP addresses from which the most attacks are launched on an API in the last 30 days are queried. |
DescribeApiRequestTopRegion | The top 5 regions from which attacks are launched are queried from the overview of a security report. |
DescribeApiRisk | The information about an API risk is queried. |
DescribeApiRiskDetail | The details of an API risk are queried. |
DescribeApiRiskEvents | The risk events of an API are queried. |
DescribeApiRiskEventsDistributed | The distribution of the risk events of an API is queried. |
DescribeApisAbnormalInfo | The details of an API vulnerability are queried. |
DescribeApisEvents | API events are queried. |
DescribeApisEventStatistics | The statistics of API events are queried. |
DescribeApisRiskCount | The number of API risks is queried. |
DescribeApisRiskDistributed | The risk distribution of an API is queried. |
DescribeApisRiskStatistics | An API risk trend chart is queried. |
DescribeAppKey | A user-level AppKey is queried. |
DescribeApplications | Applications are queried. |
DescribeAppsStatusList | Application statuses are queried. |
DescribeAssetDomainAttacks | The details of an attack are queried. |
DescribeAssetDomainExports | Asset data export records are queried. |
DescribeAssetDomainStatisticsInfo | The total number of domain names is queried. |
DescribeAssetRootDomains | Primary domains are queried. |
DescribeAssetsAccessDomainInfos | The information about the access domain names of an asset is queried. |
DescribeAssetsAccessDomains | The details of domain names that are protected by WAF are queried. |
DescribeAssetsDomainCount | The number of domain names of an asset is queried. |
DescribeAssetsExactDomainInfos | The information about an exact-match domain name of an asset is queried. |
DescribeAssetsRootDomainInfos | The information about the root domain name of an asset is queried. |
DescribeAssetsRootDomains | The root domain names of assets are queried. |
DescribeAssetsSubDomainInfos | The information about subdomain names of an asset is queried. |
DescribeAssetsSubDomains | The subdomain names of assets are queried. |
DescribeAssetSubDomains | The information about the asset to which a subdomain name belongs is queried. |
DescribeAssetsUrlChildNodes | The details of the child nodes of a URL are queried. |
DescribeAssetsUrlFirstPaths | The details of the first path in a URL are queried. |
DescribeAssetsUrlRootNodes | The details of the root path in a URL are queried. |
DescribeAssetsWebsites | Website assets are queried. |
DescribeAssociatedAntiBotSceneInfos | The information about an anti-bot scenario that is associated with a domain name is queried. |
DescribeAsyncTaskStatus | The execution status of a WAF task is queried. |
DescribeAttackApplicationCount | The number of applications from which attacks are launched is queried. |
DescribeAttackCount | The number of attacks is queried. |
DescribeAttackEvents | Attack events are queried. |
DescribeAttackEventTypes | Attack event types are queried. |
DescribeAttackLog | Attack logs are queried. |
DescribeAttacks | Attacks are queried. |
DescribeAttackStatisticsInfo | The statistics of attacks are queried. |
DescribeAttackTypeDomainSummary | The statistics of various types of attacks on a domain name are queried. |
DescribeAttackTypePeakStatistics | The trend of attack types is queried. |
DescribeAttackTypeSummary | The total number of various attacks is queried. |
DescribeAuthorization | The authentication information is queried. |
DescribeAutoAccessStatus | Whether a domain name is automatically protected by WAF is queried. |
DescribeBandwidthStatisticsInfo | The bandwidth statistics of a WAF instance are queried. |
DescribeBeaverWafAttackCount | The number of attacks that are blocked by WAF is queried by using Beaver. |
DescribeBills | The details of bills are queried. |
DescribeBotAppKey | Protection templates are queried by page. |
DescribeBotIntelligenceInfos | Protection templates are queried by page. |
DescribeBotProtectionTestResult | The results of a bot scenario test are queried. |
DescribeBotRuleInfos | The rules of a bot scenario are queried. |
DescribeBotRuleStatisticsInfos | The statistics of the bot management rules in the rules that are matched are queried. |
DescribeBotSceneStatisticsInfos | The statistics of scenario-specific protection are queried. |
DescribeBotStatisticsInfos | The statistics of the results of a bot scenario test are queried. |
DescribeBriefRuleGroups | Simple rule groups are queried. |
DescribeBuildGroupQualification | The details of audit log configurations are queried. |
DescribeCCBlockTypeStatisticsInfo | The statistics of blocked regions are queried. |
DescribeCCStatisticsInfo | A curve chart of HTTP flood protection is queried. |
DescribeCertDetail | The details of a certificate are queried. |
DescribeCertificates | The optional certificates of a domain name are queried. |
DescribeCertList | Certificates are queried. |
DescribeCertMatchStatus | Whether the certificate and private key that are uploaded for a domain name are matched is queried. |
DescribeCerts | Certificates are queried. |
DescribeCloudNativeDomain | A cloud-native domain name that is protected by WAF in transparent proxy mode is queried. |
DescribeCloudNativeDomainAdvanceConfigs | Cloud-native domain names are queried. |
DescribeCloudNativeEnabledPortsCount | The number of ports enabled for WAF in transparent proxy mode is queried. |
DescribeCloudNativeInstanceConfigs | The configurations of a WAF instance in transparent proxy mode are queried. |
DescribeCloudNativeInstanceFreePorts | The available ports of a WAF instance in transparent proxy mode are queried. |
DescribeCloudNativeInstancePortRedirection | A port forwarding configuration of a WAF instance in transparent proxy mode is queried. |
DescribeCloudNativeInstancePortRedirectionProfiles | The profiles of port forwarding configurations of a WAF instance in transparent proxy mode are queried. |
DescribeCloudNativeInstancePortRedirectionTotalCount | The number of port forwarding configurations of a WAF instance in transparent proxy mode is queried. |
DescribeCloudNativeInstanceRedirection | The forwarding configurations of a WAF instance in transparent proxy mode are queried. |
DescribeCloudNativeInstances | WAF instances in transparent proxy mode are queried. |
DescribeCloudNativeOpenInstanceNumber | The number of cloud-native instances that are added to WAF is queried. |
DescribeCloudResources | The information about resources is queried. |
DescribeCommonLogFields | All supported log fields are queried. |
DescribeCustomNodes | Custom nodes are queried. |
DescribeDDosCreditThreshold | The threshold of DDoS credits is queried. |
DescribeDefenseGroupValidResources | The protected objects that can be added to a protected object group are queried by page. |
DescribeDefenseResourceGroup | A protected object is queried. |
DescribeDefenseResourceGroupNames | The names of protected object groups are queried by page. |
DescribeDefenseResourceGroups | Protected object groups are queried by page. |
DescribeDefenseResourceNames | The names of protected objects are queried by page. |
DescribeDefenseResources | Protected objects are queried by page. |
DescribeDefenseResourceTemplates | The protection templates of protected objects or protected object groups are queried. |
DescribeDefenseRule | A protection rule is queried. |
DescribeDefenseRules | Protection rules are queried by page. |
DescribeDefenseScenes | Protection scenarios are queried. |
DescribeDefenseTemplates | Protection templates are queried by page. |
DescribeDefenseTemplateValidGroups | The names of protected object groups that can be bound to a custom template are queried by page. |
DescribeDefenseTemplateValidResources | The protected objects that can be bound to a custom template are queried by page. |
DescribeDependencies | Dependencies are queried. |
DescribeDependencyInstances | Dependent instances are queried. |
DescribeDisabledIPPortRedirectionProfiles | The ports on which traffic redirection is disabled for an IP address are queried. |
DescribeDnsValidateConfig | The parsing configurations of TXT records are queried. |
DescribeDomain | The domain names that are added to WAF are queried. |
DescribeDomainAccessStatus | The access status of a domain name is queried. |
DescribeDomainAdvanceConfigs | The details of domain names that are added to WAF are queried. |
DescribeDomainApiAttackLog | The details of API protection logs are queried. |
DescribeDomainApiInfo | APIs are queried. |
DescribeDomainApiInfos | Domain name APIs are queried. |
DescribeDomainAttackEvents | The attack events of a domain name are queried. |
DescribeDomainBasicConfigList | The basic configurations of a domain name are queried. |
DescribeDomainBasicConfigs | The basic configurations of domain names that are protected by WAF are queried. |
DescribeDomainCertificates | Domain name certificates are queried. |
DescribeDomainCnameStatus | The status of the CNAME record of a domain name is queried. |
DescribeDomainConfig | A forwarding configuration of a domain name is queried. |
DescribeDomainConfigList | The configurations of a domain name are queried. |
DescribeDomainConfigStatus | Whether a forwarding configuration of a domain name takes effect is queried. |
DescribeDomainCustomRoutingRules | The static routing policies of a domain name are queried. |
DescribeDomainDetail | The details of a domain name are queried. |
DescribeDomainList | Domain assets are queried. |
DescribeDomainLogEnableds | Whether the logging feature is enabled for domain names is queried. |
DescribeDomainNames | The domain names that are added to a WAF instance are queried. |
DescribeDomainProtocolType | The protocol type of a domain name is queried. |
DescribeDomainRuleGroup | The ID of the protection rule group that is provided by the protection rules engine for a domain name is queried. |
DescribeDomains | Domain names are queried. |
DescribeDomainScores | Domain scores are queried. |
DescribeDomainsPv | The access traffic of servers is queried based on domain names. |
DescribeDomainsRedirectedByCloudNativeInstancePort | The forwarding domain names are queried based on the ports of cloud-native instances. |
DescribeDomainSupportedCiphers | A collection of supported Transport Layer Security (TLS) cipher suites is queried. |
DescribeDomainTlsCipherSuite | The TLS cipher suite of a domain name is queried. |
DescribeDomainTlsConfig | The TLS configurations of a domain name are queried. |
DescribeDomainTotalCount | The total number of domain names is queried. |
DescribeDomainTransferConfig | The transfer configurations of a domain name are queried. |
DescribeDomainValidateConfig | The TXT records of users are queried. |
DescribeDomainWebAttackTypePv | The statistics of web attack types are queried. |
DescribeDrainageIps | The IP addresses of the domain names that are added to a WAF instance are queried. |
DescribeElasticBills | The bills generated in the last month are queried. |
DescribeEnabledCloudNativeInstances | The instances that are protected by WAF in transparent proxy mode are queried. |
DescribeFlowChart | Traffic statistics are queried. |
DescribeFlowStatisticsInfo | Traffic statistics are queried. |
DescribeFlowTopResource | The top 10 protected objects with the most access traffic are queried. |
DescribeFlowTopUrl | The top 10 URLs with the most access traffic are queried. |
DescribeHighRiskApis | High-risk APIs are queried. |
DescribeHttpsCertInUse | The HTTPS certificate in use is queried. |
DescribeHybridCloudBasicMonitor | The basic monitoring information about the hybrid cloud is queried. |
DescribeHybridCloudCluster | A hybrid cloud cluster is queried. |
DescribeHybridCloudClusterServers | The servers of a hybrid cloud cluster are queried. |
DescribeHybridCloudGroups | The information about hybrid cloud groups is queried. |
DescribeHybridCloudLogDockingConfig | The log configurations of the hybrid cloud are queried. |
DescribeHybridCloudProcessMonitor | The information about process monitoring of the hybrid cloud is queried. |
DescribeHybridCloudProtectableCount | The number of protected objects that can be created for the hybrid cloud is queried. |
DescribeHybridCloudPullClusterSdkRule | The information about the cluster rules of SDKs is queried. |
DescribeHybridCloudPullLuaSdk | The information about SDK for Lua is queried. |
DescribeHybridCloudPullPostXagentRule | The PostXagentRule configurations of the hybrid cloud are queried. |
DescribeHybridCloudPullXagentRule | The configurations of Xagent rules are queried. |
DescribeHybridCloudSdkServers | The SDK information is queried. |
DescribeHybridCloudServerRegions | The regions in which hybrid cloud servers are deployed are queried. |
DescribeHybridCloudSupportRegions | The regions in which WAF is available are queried. |
DescribeHybridCloudUnassignedMachines | The unassigned machines are queried. |
DescribeHybridCloudUser | The ports of the hybrid cloud are queried. |
DescribeInstance | The information about a WAF instance is queried. |
DescribeInstanceCompatible | The information about a WAF instance is queried. |
DescribeInstanceExtend | The extended information about a WAF instance is queried. |
DescribeInstanceInfo | The information about a WAF instance is queried. |
DescribeInstanceInfos | The details of a WAF instance are queried. |
DescribeInstanceSpecInfo | The specifications of a WAF instance are queried. |
DescribeIPBlock | A custom IP address blacklist is queried. |
DescribeIPPortRedirectionProfiles | The details of a cloud service are queried. |
DescribeIPPortRedirectionTotalCount | The number of ports on which traffic redirection is enabled is queried. |
DescribeIPResources | Cloud servers are queried. |
DescribeLogDispatchStatus | The log collection status is queried. |
DescribeLogExportFiles | The exported log package files are queried. |
DescribeLogExportTasks | Log export tasks are queried. |
DescribeLogHistograms | The collected logs are queried. |
DescribeLogQuato | The configurations of a Logstore are queried. |
DescribeLogServiceStatus | The status of Log Service is queried. |
DescribeMajorProtectionBlackIps | The IP addresses in an IP address blacklist for major event protection are queried by page. |
DescribeMajorProtectionIntelligenceCount | The number of threat intelligence rules is queried. |
DescribeMajorProtectionIntelligenceDetail | The details of threat intelligence rules are queried from the overview of a security report. |
DescribeMajorProtectionIntelligenceInfos | The threat intelligence information is queried in real time. |
DescribeMajorProtectionOverview | The protection data is queried. |
DescribeMiddlewareInstances | Middleware instances are queried. |
DescribeMultiCloudDefaultRule | The information about a regular expression rule is queried. |
DescribeMultiCloudDomainRules | The domain name rules of a multicloud service are queried. |
DescribeMultiCloudForwardConfig | The forwarding rules of a multicloud service are queried. |
DescribeMultiCloudProtectionRules | The protection rules of a multicloud service are queried. |
DescribeMultiCloudPullClusterDomains | Multicloud service clusters are queried. |
DescribeMultiCloudPullDomainRules | The rules for pulling domain names for a multicloud service are queried. |
DescribeMultiCloudPullDomainRulesNew | The rules for pulling domain names for a multicloud service are queried. |
DescribeMultiCloudPullLogDockingConfig | The log configurations of a multicloud service are queried. |
DescribeMultiCloudPullProtectionConfigRules | The rules for pulling local protection configurations for a multicloud service are queried. |
DescribeMultiCloudPullRules | The rules for pulling rules for a multicloud service are queried. |
DescribeNeedUpgradeDomainLimit |
|
DescribeNewDiscoverApis | The APIs that are published in the last 30 days are queried. |
DescribeNews | The information about a WAF instance is queried. |
DescribeNormalizedLog | Formatted logs are queried. |
DescribeNotice | The details of a vulnerability are queried. |
DescribeNotices | Urgent vulnerabilities are queried. |
DescribeNoTraffficCloudNativeDomainProfiles | Domain names without traffic are queried. |
DescribeNoUseApis | Unused APIs are queried. |
DescribeOssSignature | A signature for uploading files is queried. |
DescribeOutputDomains | Domain names are queried. |
DescribePackage | The information about a package is queried. |
DescribePayInfo | The information about a WAF instance in a region is queried. |
DescribePeakTrend | The maximum queries per second (QPS) data is queried. |
DescribePeakValueStatisticsInfo | Peak data statistics are queried. |
DescribePortsBindToTgw | The ports of an instance are queried. |
DescribePreDomains | Predefined domain names are queried. |
DescribeProductInstances | Assets are queried by page. |
DescribeProtectBlockSummary | The statistics of the blocked access traffic are queried. |
DescribeProtectionConfig | The configurations of WAF protection are queried. |
DescribeProtectionModuleCodeConfig | The codes of regions that can be configured in the WAF region blacklist are queried. |
DescribeProtectionModuleMode | The mode of each WAF protection module configured for a domain name is queried. The protection modules include protection rules engine, big data deep learning engine, HTTP flood protection, data risk control, and proactive defense. |
DescribeProtectionModulePolicy | A policy of a protection module is queried. |
DescribeProtectionModuleRuleInfo | The information about a rule of a protection module is queried. |
DescribeProtectionModuleRules | The rules of a protection module are queried. |
DescribeProtectionModuleRulesByIdList | The rules of protection modules are queried. |
DescribeProtectionModuleStatus | Whether a protection module is enabled is queried. |
DescribeProtectionStatisticsInfo | The protection statistics are queried. |
DescribePunishedDomains | The domain names that are punished are queried at a time. |
DescribeQps | The QPS data is queried. |
DescribeQpsHourFlowChart | The details of QPS data are queried. |
DescribeQrCode | A QR code is queried. |
DescribeRcPunishEvents | Punishment events are queried. |
DescribeRealProtectSummary | The actual protection statistics are queried. |
DescribeRegions | The regions in which WAF is available are queried. |
DescribeRegionStatus | The Alibaba Cloud regions in which WAF is available are queried. |
DescribeRegionThreshold | The heat map that shows the distribution of sources that initiated access requests in a region is queried. |
DescribeRegularRules | Regular expression rules are queried by page. |
DescribeResourceIdInfo | The information about resource IDs is queried. |
DescribeResourceLogStatus | The log status of a protected object is queried. |
DescribeResourcePackageExistStatus | The status of a resource package is queried. |
DescribeResourceRegionId | The IDs of all regions in which a product is available are queried. |
DescribeResourceSupportRegions | The IDs of supported regions are queried. |
DescribeResponseCodeStatisticsInfo | The statistics of response codes are queried. |
DescribeResponseCodeTrendGraph | A trend chart of response codes is queried. |
DescribeRiskApisStatistics | The statistics of high-risk APIs are queried. |
DescribeRiskCount | The number of risks is queried. |
DescribeRiskCountInner | The statistics of risks are queried. |
DescribeRiskDependencies | Risk dependencies are queried. |
DescribeRiskDependencyStatisticsInfo | The statistics of risk dependencies are queried. |
DescribeRoleAuthStatus | The authorization status is queried. |
DescribeRule | The information about a regular expression rule is queried. |
DescribeRuleGroupAssociatedTemplates | The templates that are associated with a custom rule group are queried. |
DescribeRuleGroupRule | The rules of a rule group are queried. |
DescribeRuleGroups | Regular expression rule groups are queried by page. |
DescribeRuleGroupTemplates | The templates for rule groups are queried. |
DescribeRuleHitsTopClientIp | The top 10 IP addresses that launch the most attacks are queried. |
DescribeRuleHitsTopResource | The top 10 protected objects with the most rule hits are queried. |
DescribeRuleHitsTopRuleId | The top 10 rules with the most hits are queried. |
DescribeRuleHitsTopTuleType | The top 10 protection types with the most rule hits are queried. |
DescribeRuleHitsTopUa | The top 10 user agents (UAs) that launch the most attacks are queried. |
DescribeRuleHitsTopUrl | The top 10 URLs with the most rule hits are queried. |
DescribeRuleInfo | The information about a protection rule is queried. |
DescribeRuleMonitor | The monitoring details of a protection rule are queried. |
DescribeRules | Protection rules are queried. |
DescribeRuleSummary | The statistics of protection rules are queried. |
DescribeSasApplicationKey | The key of a RASP-enabled SAS application is queried. |
DescribeSasApplications | The RASP-enabled SAS applications are queried. |
DescribeSasApplicationsCount | The number of RASP-enabled SAS applications is queried. |
DescribeSasEcsAccessList | The information for accessing ECS is queried. |
DescribeSasInstances | SAS instances are queried. |
DescribeSasInstancesCount | The number of SAS instances is queried. |
DescribeSceneAttackLogs | Attack details are queried for the overview of a security report. |
DescribeSceneAttackTypePv | Security attack types are queried for the overview of a security report. |
DescribeSceneDefenseRules | Scenario-specific protection rules are queried by page. |
DescribeSceneHitsTopClientIp | The top 5 IP addresses from which attacks are launched are queried from the overview of a security report. |
DescribeSceneHitsTopResource | The top 5 protected objects are queried from the overview of a security report. |
DescribeSceneHitsTopUrl | The top 5 attacked URLs are queried from the overview of a security report. |
DescribeScreenAbnormalMonitor | The vulnerability monitoring information is queried for a dashboard. |
DescribeScreenAccessAreaPv | The number of PVs in an access region is queried for a dashboard. |
DescribeScreenAccessIpTop | The top access IP addresses are queried for a dashboard. |
DescribeScreenAccessUrlTop | The top access URLs are queried for a dashboard. |
DescribeScreenAttackTopAcl | The top ACL rules that the attacks hit are queried for a dashboard. |
DescribeScreenAttackTopArea | The top regions from which attacks are launched are queried for a dashboard. |
DescribeScreenAttackTopIp | The top IP addresses from which attacks are launched are queried for a dashboard. |
DescribeScreenAttackTypeChart | A chart of attack types is queried for a dashboard. |
DescribeScreenAttackTypes | The information about attack types is queried for a dashboard. |
DescribeScreenBandwidthGraph | A bandwidth chart is queried for a dashboard. |
DescribeScreenIpRiskLabel | The information about IP risk tags is queried for a dashboard. |
DescribeScreenMobileOsPv | The information about the access traffic of a mobile operating system is queried for a dashboard. |
DescribeScreenPackage | The package information is queried for a dashboard. |
DescribeScreenPayInfo | The purchase information is queried for a dashboard. |
DescribeScreenPcBrowserPv | The number of PVs from PC clients is queried for a dashboard. |
DescribeScreenQpsAttackTypeChart | A chart of QPS attack types is queried for a dashboard. |
DescribeScreenQpsAttackTypeStatistics | The statistics of QPS attack types are queried for a dashboard. |
DescribeScreenRegions | The regions in which a dashboard is available are queried. |
DescribeServiceStatus | The service status of WAF is queried. |
DescribeSlbAttackCount | The number of attacks on a Server Load Balancer (SLB) domain name in the last 30 days is queried. |
DescribeSlbAttackUrl | The URLs from which attacks are launched on an SLB domain name in the last 30 days are queried. |
DescribeSlsAuthStatus | The authorization status is queried. |
DescribeSlsCommonLogField | The log monitoring information about a domain name is queried. |
DescribeSlsLogFieldConfig | The configurations of Log Service are queried. |
DescribeSlsLogStore | The details of a Logstore are queried. |
DescribeSlsLogStoreStatus | The status of a Logstore in Log service is queried. |
DescribeSlsOpenStatus | Whether Log Service is activated is queried. |
DescribeSlsResourceStatus | Whether Log Service is activated is queried. |
DescribeStandardRegions | Standard regions are queried. |
DescribeTemplateDiff | The differences among templates are queried. |
DescribeTemplateResourceCount | The statistics of resources that are bound to a protection template are queried. |
DescribeTemplateResources | The resources that are bound to a protection template are queried. |
DescribeTgwAccessedPorts | Accessed ports are queried. |
DescribeTgws | Accessed instances are queried. |
DescribeThreatEvent | Attack events are queried. |
DescribeThreatEventAttackTimeDistribute | The distribution of the top 5 attack dates is queried. |
DescribeThreatEventAttackToolDistribute | The distribution of the top 5 attack tools is queried. |
DescribeThreatEventAttackTypeDistribute | The distribution of the top 5 attack types is queried. |
DescribeThreatEventDetail | The details of a threat event are queried. |
DescribeThreatEventSourceIpDistribute | The distribution of the top 5 attack IP addresses is queried. |
DescribeThreatEventTargetDistribute | The distribution of the top 5 attacked objects is queried. |
DescribeTransferConfigInWork | The configurations of domain transfer are queried. |
DescribeUnprotectAssetSubDomainStatisticsInfo | The statistics of subdomain names are queried by type. |
DescribeUntractedIps | The IP addresses that are not processed are queried. |
DescribeUploadBlackIpFormInfo | The information about the uploaded form of the IP address blacklist for major event protection is queried. |
DescribeUserAbnormal | The resource usage of a user is queried. |
DescribeUserAbnormalTrend | The trend of vulnerabilities related to a user is queried. |
DescribeUserApiInfos | The information about the APIs for accessing WAF is queried. |
DescribeUserApiRequest | The API requests of a user are queried. |
DescribeUserAsset | An asset of a user is queried. |
DescribeUserAssets | The assets of a user are queried. |
DescribeUserDomainAsset | The information about a domain name that belongs to a user is queried. |
DescribeUserEvent | The information about a user event is queried. |
DescribeUserEvents | User events are queried. |
DescribeUserEventTrend | The trend of user events is queried. |
DescribeUserHourlyBill | The information about a user bill is queried. |
DescribeUserLogFieldConfig | The log configurations of a user are queried. |
DescribeUserMigrationStatus | The migration status of a user is queried. |
DescribeUserScore | The user scores are queried. |
DescribeUserSpecInfo | The specifications of a user are queried. |
DescribeUserTagInfos | The tags of a user are queried. |
DescribeUserTraffic | The real-time traffic of a user is queried by type. |
DescribeVagentNodeJob | The tasks of a proxy node are queried. |
DescribeVagentSystemParam | The parameters of a proxy system are queried. |
DescribeVipCount | The number of virtual IP addresses (VIPs) is queried. |
DescribeVipStatus | The VIP status of a WAF instance is queried. |
DescribeVirtualClusterProperty | The attributes of a virtual cluster are queried. |
DescribeVisitClientTypes | The access traffic ranking of each type of client is queried. |
DescribeVisitTopClients | The top 10 clients that have the most page views and their page views are queried. |
DescribeVisitTopIp | The top 10 IP addresses and regions that have the most page views are queried. |
DescribeVisitUAs | The top 10 UAs that have the most page views are queried. |
DescribeVisitUaScaleChart | A ratio chart of the access traffic based on the regions is queried. |
DescribeVisitUrls | The top 5 URLs and specific page views on a day are queried. |
DescribeWafSourceIpSegment | The back-to-origin CIDR blocks of a WAF instance are queried. |
DescribeWafSourceIpV6Segment | The back-to-origin IPv6 CIDR blocks of a WAF instance are queried. |
DescribeWarnConfig | Alert configurations are queried. |
DescribeWarnMode | Alert modes are queried. |
DescribeWebAttackCount | The number of web attacks is queried. |
DescribeWebAttackLog | The logs of web attacks are queried. |
DescribeWebAttackLogs | The protection logs of a basic protection rule are queried. |
DescribeWebAttackTypePv | The PVs of each attack type are queried. |
DescribeWebFingerScanStatus | The status of a fingerprint scan is queried. |
DescribeWebRegionPv | The top 5 regions from which attacks are launched are queried from the web protection module. |
DescribeWebSourceIpPv | The top 5 IP addresses from which attacks are launched are queried from the web protection module. |
DisableCloudNativeInstancePortRedirection | A port forwarding configuration of a WAF instance in transparent proxy mode is disabled. |
DisableCloudNativeInstanceRedirections | The forwarding feature is disabled for a WAF instance in transparent proxy mode. |
EnableCloudNativeInstancePortRedirection | A port forwarding configuration of a WAF instance in transparent proxy mode is enabled. |
EnableCloudNativeInstanceRedirections | The forwarding feature is enabled for a WAF instance in transparent proxy mode. |
GetQps | The QPS data is queried. |
GetRaspCommercialStatus | The transaction information is queried. |
GetRegionList | Regions are queried. |
InitializeWafOperationRole | A user is authorized. |
ModifiyCloudNativeDomain | The domain name of a WAF instance in transparent proxy mode is modified. |
Modify | The specifications of a resource are modified on the buy page. |
ModifyAccessMode | The access mode is modified. |
ModifyAclRule | A precise ACL rule is modified. |
ModifyAclRulesOrder | ACL rules are sorted. |
ModifyAntiBotScene | An anti-bot scenario is modified. |
ModifyAntiBotSceneStatus | The status of an anti-bot scenario is modified. |
ModifyApiAbnormal | The ignore status of an API vulnerability is modified. |
ModifyApiProtectionModuleMode | The mode of an API protection module is modified. |
ModifyApiProtectionModuleStatus | The status of an API protection module is modified. |
ModifyApplicationsRaspState | The RASP status of an application is modified. |
ModifyCloudNativeInstancePortRedirection | A port forwarding configuration of a WAF instance in transparent proxy mode is modified. |
ModifyDefenseResourceGroup | A protected object group is modified. |
ModifyDefenseResourceXff | The X-Forwarded-For (XFF) configurations of a protected object are modified. |
ModifyDefenseRule | A protection rule is modified. |
ModifyDefenseRuleCache | The cache of a protection rule is updated. |
ModifyDefenseRuleStatus | The status of a protection rule is modified. |
ModifyDefenseTemplate | A protection template is modified. |
ModifyDefenseTemplateStatus | The status of a protection template is modified. |
ModifyDomain | A domain name is modified. |
ModifyDomainClusterType | The cluster type of a domain name is modified. |
ModifyDomainConfig | A domain name is modified. |
ModifyDomainIpv6Status | IPv6 protection is enabled or disabled for a domain name. |
ModifyDomainPunishStatus | A punished domain name is unpunished. |
ModifyDomainTlsCipherSuite | A TLS cipher suite of a domain name is modified. |
ModifyDomainTlsConfig | A TLS security policy of a domain name is modified. |
ModifyElasticBillConfig | The bill configurations are modified for the pay-as-you-go billing method. |
ModifyElasticBillSpec | The bill specifications are modified for the pay-as-you-go billing method. |
ModifyExclusiveVipStatus | The status of an exclusive IP address is modified. |
ModifyGSLBStatus | The global server load balancing (GSLB) feature is enabled or disabled for a domain name. |
ModifyHybridCloudCluster | The information about a hybrid cloud cluster is modified. |
ModifyHybridCloudGroup | The information about a hybrid cloud group is modified. |
ModifyHybridCloudGroupExpansionServer | A server is added to a hybrid cloud group. |
ModifyHybridCloudGroupShrinkServer | A server is removed from a hybrid cloud group. |
ModifyHybridCloudLogDockingConfig | The log configurations are modified. |
ModifyHybridCloudPushSdkInfo | The information about an SDK is registered and modified. |
ModifyHybridCloudServer | The information about a hybrid cloud server is modified. |
ModifyIPPortRedirection | Traffic redirection on a port of an IP address is modified. |
ModifyIPPortRedirectionBypassStatus | The bypass status is modified for traffic redirection on a port of an IP address. |
ModifyJsRuleInner | A JavaScript rule is modified. |
ModifyLogRetrievalStatus | The log retrieval feature is enabled or disabled for a domain name. |
ModifyLogServiceOpenStatus | The log collection feature is enabled or disabled for a domain name. |
ModifyLogServiceStatus | The log collection feature is enabled or disabled for a domain name. |
ModifyLogServiceStorageTime | The log retention period of Log Service is modified. |
ModifyLogStatus | The log collection feature is enabled or disabled for a domain name. |
ModifyMajorProtectionBlackIp | An IP address blacklist for major event protection is modified. |
ModifyProtectionConfig | The configurations of the protected websites are modified. |
ModifyProtectionModuleMode | The protection modes of features are modified. The features include the protection rules engine, big data deep learning engine, HTTP flood protection, data risk control, and proactive defense. |
ModifyProtectionModuleRule | A protection rule is modified. |
ModifyProtectionModuleStatus | A specific WAF protection module is enabled or disabled. The protection modules include web intrusion prevention, data security, advanced protection, bot management, and access control or throttling. |
ModifyProtectionRuleCacheStatus | The cached pages that are protected based on a rule of the website tamper-proofing module are updated. |
ModifyProtectionRuleStatus | The website tamper-proofing rules for a website are enabled or disabled. |
ModifyResourceLogStatus | The log collection feature is enabled or disabled for a domain name. |
ModifyRuleGroup | A custom rule group is modified. |
ModifyRulesInGroup | A rule that is associated with a custom rule group is modified. |
ModifySasApplicationInfo | The information about a RASP-enabled SAS application is modified. |
ModifySasProtectionConfig | The SAS protection configurations are modified. |
ModifySasProtectionMode | The SAS protection mode is modified. |
ModifySlsLogFieldConfig | The log configurations of a user are modified. |
ModifySlsOpenStatus | Log Service is activated or deactivated. |
ModifyTemplateResources | A protection template is associated with or disassociated from a resource. |
ModifyUnblockingIp | An unblocked IP address is modified. |
ModifyUserLogFieldConfig | A field in a user log is modified. |
ModifyUserMobile | The mobile information about a user is modified. |
ModifyUserUsedScreen | The dashboard that is used by a user is modified. |
ModifyVagentNodeJobStatus | The task status of a proxy node is modified. |
ModifyVirtualClusterProperty | The attributes of a virtual cluster are modified. |
ModifyWafInstanceSwitch | The switch of a WAF instance is modified. |
ModifyWafSwitch | The protection against web attacks is enabled or disabled. |
ModifyWebFingerScanStatus | The status of a fingerprint scan is modified. |
MoveResourceGroup | A resource is moved to a new resource group. |
OpenService | WAF is activated. |
ParseSwaggerFile | A Swagger file is parsed. The callback is invoked when a file is uploaded. |
Release | A resource such as a WAF instance is released. |
ReleaseInstance | A WAF instance is released. |
Renew | An instance or a resource plan is renewed. |
SetDomainRuleGroup | A protection rule group is configured for a domain name. |
SetWarnConfig | Alert configurations are added. |
SetWarnMode | An alert mode is configured. |
SynchronizeIPResources | A synchronization task is triggered for a cloud service. |
SyncProductInstance | Assets are synchronized. |
UploadMajorProtectionBlackIp | An IP address blacklist for major event protection is uploaded. |