All Products
Search
Document Center

Security Center:CreateOrUpdateDingTalk

Last Updated:Nov 25, 2024

Creates or modifies a DingTalk chatbot that sends notifications.

Debugging

You can run this interface directly in OpenAPI Explorer, saving you the trouble of calculating signatures. After running successfully, OpenAPI Explorer can automatically generate SDK code samples.

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

  • Operation: the value that you can use in the Action element to specify the operation on a resource.
  • Access level: the access level of each operation. The levels are read, write, and list.
  • Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
    • The required resource types are displayed in bold characters.
    • If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
  • Condition Key: the condition key that is defined by the cloud service.
  • Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
OperationAccess levelResource typeCondition keyAssociated operation
yundun-sas:CreateOrUpdateDingTalkcreate
*All Resources
*
    none
none

Request parameters

ParameterTypeRequiredDescriptionExample
IdlongNo

The ID of the chatbot.

Note You can call the DescribeDingTalk operation to query the IDs of chatbots.
1589
RuleActionNamestringYes

The name of the chatbot.

Note The name of a chatbot must be 2 to 64 characters in length.
testNotify
SendUrlstringYes

The webhook URL.

https://oapi.dingtalk.com/robot/send?access_token=XXX
IntervalTimelongNo

The time interval at which the chatbot sends notifications.

Note The value 0 indicates unlimited.
0
ConfigListstringNo

The alerts for which you want the chatbot to send notifications. The value is a JSON array that contains the following fields:

  • type: the types of alerts. The valid values are listed in the "Additional description of parameters" section in this topic.

  • configItemList: the list of check items. The value is a JSON array that contains the following fields:

    • key: the key of the check item.
    • valueList: the values of the check item. The value of valueList is a JSON array.
Note For more information about the value of this parameter, see the "Addition description of parameters" section in this topic.
[{"type":"sas_analysis_online-sas-operation-log-sas-event-suspicious","configItemList":[{"key":"item_level","valueList":["all"]},{"key":"event_type","valueList":["all"]}]}]
GroupIdListstringNo

The IDs of asset groups for which you want the chatbot to send notifications. The value is a JSON array.

Note You can call the DescribeGroupStruct operation to query the IDs of asset groups.
["10417151"]
DingTalkLangstringNo

The language of the notifications. Valid values:

  • zh: Chinese
  • en: English
zh

Additional description of parameters

typeDescriptionkeyDescriptionvalueListDescription
sas_analysis_online-sas-operation-log-sas-event-vulVulnerabilitiestypeVulnerability typeallAll
cmsWeb-CMS vulnerability
ovalLinux software vulnerability
sysWindows system vulnerability
emgUrgent vulnerability
necessityRisk levelallAll
asapHigh
laterMedium
nntfLow
sas_analysis_online-sas-operation-log-sas-event-hcBaseline risksitem_levelRisk levelallAll
highHigh
mediumMedium
lowLow
sas_analysis_online-sas-operation-log-sas-event-suspiciousAlertsitem_levelSeverityallAll
seriousCritical
suspiciousSuspicious
remindRemind
event_typeAlert type
allAll
Suspicious processSuspicious process
WebshellWebshell
Unusual logonUnusual logon
ExceptionException
Sensitive file tamperingSensitive file tampering
Malicious process (cloud threat detection)Malicious process (cloud threat detection)
Unusual network connectionUnusual network connection
OthersOthers
Abnormal accountAbnormal account
Application intrusion eventApplication intrusion event
Cloud threat detectionCloud threat detection
Precision defensePrecision defense
Application whitelistApplication whitelist
Persistent webshellPersistent webshell
sas_analysis_online-sas-operation-log-sas-event-ak-leakageAccessKey pair leakstypeLeak typeallAll
sas_analysis_online-sas-operation-log-sas-event-honeypotAlerts generated by cloud honeypotitem_levelRisk levelallAll
highHigh
mediumMedium
lowLow
sas_analysis_online-sas-operation-log-sas-event-raspAlerts generated by application protectionitem_levelRisk levelallAll
highHigh
mediumMedium
lowLow

Response parameters

ParameterTypeDescriptionExample
object

The response parameters.

RequestIdstring

The request ID.

76975B7A-34DC-5CB6-9538-91700D4F112E

Examples

Sample success responses

JSONformat

{
  "RequestId": "76975B7A-34DC-5CB6-9538-91700D4F112E"
}

Error codes

HTTP status codeError codeError messageDescription
403NoPermissioncaller has no permissionYou are not authorized to do this operation.
500ServerErrorServerError-

For a list of error codes, visit the Service error codes.

Change history

Change timeSummary of changesOperation
No change history