DescribeRules - Data Security Center - Alibaba Cloud Documentation Center

Queries a list of sensitive data detection rules.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

yundun-sddp:DescribeRules

get

*All Resource

*

acs:ResourceGroupId

None

Request parameters

Parameter	Type	Required	Description	Example
Lang	string	No	The language of the content within the request and response. Valid values: zh: Chinese. en: English.	zh
PageSize	integer	No	The number of entries to return on each page.	12
CurrentPage	integer	No	The page number of the paged query.	1
CustomType	integer	No	The type of the sensitive data detection rule. Valid values: 0: built-in 1: custom	1
Category	integer	No	The type of the content in the sensitive data detection rule. Valid values: 0: keyword 2: regular expression	2
Name	string	No	The name of the sensitive data detection rule. Fuzzy match is supported.	***规则
RiskLevelId	integer	No	The sensitivity level ID of the sensitive data detection rule. Valid values: 1: N/A. No sensitive data is detected. 2: S1. Level 1 sensitive data. 3: S2. Level 2 sensitive data. 4: S3. Level 3 sensitive data. 5: S4. Level 4 sensitive data.	2
RuleType	integer	No	The type of the sensitive data detection rule. Valid values: 1: data detection rule 2: audit policy 3: anomaly detection rule 99: custom rule	1
MatchType	integer	No	The match type. Valid values: 1: rule-based match 2: dictionary-based match	1
ProductCode	integer	No	The name of the service to which the data asset belongs. Valid values: MaxCompute OSS ADS OTS RDS SELF_DB	MaxCompute
ProductId	integer	No	The ID of the service to which the data asset belongs. Valid values: 1: MaxCompute 2: OSS 3: ADS 4: OTS 5: RDS 6: SELF_DB	1
WarnLevel	integer	No	The threat level. 1: Low 2: Medium 3: High	2
ContentCategory	integer	No	The content type. Valid values: 1: SQL injection exploits 2: SQL injection bypass attempts 3: stored procedure abuse 4: buffer overflows 5: error-based SQL injections	1
Status	integer	No	The status. Valid values: 1: Normal 0: Disabled	1
KeywordCompatible	boolean	No	Specifies whether the keyword is compatible with earlier versions. Valid values: true false Note The value of the Category parameter for the keyword type is 0 in earlier versions and 5 in the current version. Determine whether to enable this parameter based on your business needs.	true
GroupId	string	No	The parent group of the rule.	4_1
SupportForm	integer	No	The type of data asset that the rule supports. Valid values: 0: all assets 1: structured assets 2: unstructured assets Note When you query for rules that support structured or unstructured assets, the response also includes rules that support all asset types.	1
FeatureType	integer	No	This parameter is deprecated.	2
CooperationChannel	string	No	The source of the external cooperation request. Valid values: DAS YAOCHI	DAS
Simplify	boolean	No	Specifies whether to return a simplified version of the rule that contains only the rule name. Valid values: true false	false

Response elements

Element	Type	Description	Example
	object
CurrentPage	integer	The page number of the returned page.	1
RequestId	string	The ID of the request.	769FB3C1-F4C9-42DF-9B72-7077A8989C13
PageSize	integer	The number of entries returned per page.	12
TotalCount	integer	The total number of entries returned.	23
Items	array<object>	A list of sensitive data detection rules.
	object	The details of the sensitive data detection rule.
DisplayName	string	The display name of the user who created the sensitive data detection rule.	****test
Status	integer	The detection status of the sensitive data detection rule. Valid values: 0: disabled 1: enabled	1
SupportForm	integer	The type of data asset that the rule supports. Valid values: 0: all assets 1: structured assets 2: unstructured assets	2
WarnLevel	integer	The threat level. 1: Low 2: Medium 3: High	2
UserId	integer	The ID of the user who created the sensitive data detection rule.	0
StatExpress	string	The statistical expression.	1
GmtModified	integer	The time when the sensitive data detection rule was last modified. This value is a UNIX timestamp. Unit: milliseconds.	1545277010000
RiskLevelId	integer	The sensitivity level ID of the sensitive data detection rule. Valid values: 1: N/A. No sensitive data is detected. 2: S1. Level 1 sensitive data. 3: S2. Level 2 sensitive data. 4: S3. Level 3 sensitive data. 5: S4. Level 4 sensitive data.	2
Description	string	The description of the sensitive data detection rule.	用于识别IP地址
ProductId	integer	The ID of the service to which the data asset belongs. Valid values: 1: MaxCompute 2: OSS 3: ADS 4: OTS 5: RDS 6: SELF_DB	2
Name	string	The name of the sensitive data detection rule.	IP地址
Content	string	The content of the sensitive data detection rule. Note The content of a built-in rule, for which CustomType is 0, is not returned.	(?:\\D\|^)((?:(?:25[0-4]\|2[0-4]\\d\|1\\d{2}\|[1-9]\\d{1})\\.)(?:(?:25[0-5]\|2[0-4]\\d\|[01]?\\d?\\d)\\.){2}(?:25[0-5]\|2[0-4]\\d\|1[0-9]\\d\|[1-9]\\d\|[1-9]))(?:\\D\|$)
Target	string	The name of the service to which the data asset belongs. Valid values: MaxCompute OSS ADS OTS RDS SELF_DB	MaxCompute
LoginName	string	The logon name of the user who created the sensitive data detection rule.	det1111
CategoryName	string	The name of the content type for the sensitive data detection rule.	正则表达式
ContentCategory	string	The content type. Valid values: 1: SQL injection exploits 2: SQL injection bypass attempts 3: stored procedure abuse 4: buffer overflows 5: error-based SQL injections	1
HitTotalCount	integer	The number of times the rule was hit.	3
GroupId	string	The parent group of the rule.	4_1
CustomType	integer	The type of the sensitive data detection rule. 0: built-in 1: custom	1
RiskLevelName	string	The name of the sensitivity level for the sensitive data detection rule. Valid values: N/A: No sensitive data is detected. S1: Level 1 sensitive data. S2: Level 2 sensitive data. S3: Level 3 sensitive data. S4: Level 4 sensitive data.	S2
GmtCreate	integer	The time when the sensitive data detection rule was created. This value is a UNIX timestamp. Unit: milliseconds.	1545277010000
Category	integer	The type of the content in the sensitive data detection rule. Valid values: 0: keyword 2: regular expression	2
MajorKey	string	The primary dimension key.	key
Id	integer	The unique ID of the sensitive data detection rule.	20000
ProductCode	string	The name of the service to which the data asset belongs. Valid values: MaxCompute OSS ADS OTS RDS SELF_DB	MaxCompute
MatchType	integer	The match type. Valid values: 1: rule-based match 2: dictionary-based match	1
TemplateRuleIds	string	A collection of template IDs for sensitive data auditing.	1
ModelRuleIds	string	A collection of model IDs for sensitive data auditing.	1452
ThreatAnalysisStatus	integer		0
AuditMode	integer		0

Examples

Success response

JSON format

{
  "CurrentPage": 1,
  "RequestId": "769FB3C1-F4C9-42DF-9B72-7077A8989C13",
  "PageSize": 12,
  "TotalCount": 23,
  "Items": [
    {
      "DisplayName": "****test",
      "Status": 1,
      "SupportForm": 2,
      "WarnLevel": 2,
      "UserId": 0,
      "StatExpress": "1",
      "GmtModified": 1545277010000,
      "RiskLevelId": 2,
      "Description": "用于识别IP地址",
      "ProductId": 2,
      "Name": "IP地址",
      "Content": "(?:\\\\D|^)((?:(?:25[0-4]|2[0-4]\\\\d|1\\\\d{2}|[1-9]\\\\d{1})\\\\.)(?:(?:25[0-5]|2[0-4]\\\\d|[01]?\\\\d?\\\\d)\\\\.){2}(?:25[0-5]|2[0-4]\\\\d|1[0-9]\\\\d|[1-9]\\\\d|[1-9]))(?:\\\\D|$)",
      "Target": "MaxCompute",
      "LoginName": "det1111",
      "CategoryName": "正则表达式",
      "ContentCategory": "1",
      "HitTotalCount": 3,
      "GroupId": "4_1",
      "CustomType": 1,
      "RiskLevelName": "S2",
      "GmtCreate": 1545277010000,
      "Category": 2,
      "MajorKey": "key",
      "Id": 20000,
      "ProductCode": "MaxCompute",
      "MatchType": 1,
      "TemplateRuleIds": "1",
      "ModelRuleIds": "1452",
      "ThreatAnalysisStatus": 0,
      "AuditMode": 0
    }
  ]
}

Error codes

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.