All Products
Search
Document Center

Security Center:DescribeWebLockFileEvents

Last Updated:Nov 13, 2024

Queries events on web tamper proofing.

Debugging

You can run this interface directly in OpenAPI Explorer, saving you the trouble of calculating signatures. After running successfully, OpenAPI Explorer can automatically generate SDK code samples.

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

  • Operation: the value that you can use in the Action element to specify the operation on a resource.
  • Access level: the access level of each operation. The levels are read, write, and list.
  • Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
    • The required resource types are displayed in bold characters.
    • If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
  • Condition Key: the condition key that is defined by the cloud service.
  • Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
OperationAccess levelResource typeCondition keyAssociated operation
yundun-sas:DescribeWebLockFileEventsget
  • All Resources
    *
    none
none

Request parameters

ParameterTypeRequiredDescriptionExample
RemarkstringNo

The name of the asset.

Note You can call the DescribeCloudCenterInstances operation to query the names of assets.
test-ecs
CurrentPageintegerNo

The number of the page to return. Default value: 1.

1
PageSizeintegerNo

The number of entries to return on each page. Default value: 10.

20
ProcessNamestringNo

The name of the process.

sys_create
TsBeginlongNo

The beginning of the time range to query. The value is a UNIX timestamp.

1660649981419
TsEndlongNo

The end of the time range to query. The value is a UNIX timestamp.

1660649981419
DealedstringNo

Specifies whether the event on web tamper proofing is handled. Valid values:

  • n: The event on web tamper proofing is handled.
  • y: The event on web tamper proofing is not handled.
n

Response parameters

ParameterTypeDescriptionExample
object
CurrentPageinteger

The page number of the returned page.

2
RequestIdstring

The ID of the request, which is used to locate and troubleshoot issues.

79CFF74D-E967-5407-8A78-EE03B925FDAA
PageSizeinteger

The number of entries returned per page.

20
TotalCountinteger

The total number of events on web tamper proofing returned.

100
Listarray<object>

An array that consists of events on web tamper proofing returned.

Infoobject

Information about the event on web tamper proofing.

Statusstring

The status of the event on web tamper proofing. Valid values:

  • 1: unhandled
  • 2: ignored
  • 4: deprecated
  • 8: marked as false positive
  • 10: added to the whitelist
  • 16: handling
  • 32: defended
  • 64: invalid
  • 128: deleted
  • 512: automatically handled
1
EventNamestring

The name of the event on web tamper proofing.

modify
Dslong

The timestamp at which the event on web tamper proofing was first detected.

1657178400000
InternetIpstring

The public IP address of the affected asset.

8.210.XX.XX
ProcessPathstring

The path to the process.

C:\Windows\explorer.exe
Ipstring

The IP address of the asset.

8.210.XX.XX
GmtEventlong

The timestamp at which the event on web tamper proofing was last detected.

1657178400000
Countlong

The number of attempts.

10
IntranetIpstring

The private IP address of the asset.

172.25.XX.XX
ProcessNamestring

The name of the process.

python3.7
Uuidstring

The UUID of the asset.

49e25e0f-bb51-4a5a-a1b3-13a4ddaa****
EventTypestring

The prevention mode. Valid values:

  • audit: Interception Mode
  • web_lock: Alert Mode
audit
InstanceNamestring

The name of the asset.

sql-test-001
EventStatusstring

The status of the event on web tamper proofing. Valid values:

  • 1: unhandled
  • 2: ignored
  • 4: deprecated
  • 8: marked as false positive
  • 10: added to the whitelist
  • 16: handling
  • 32: defended
  • 64: invalid
  • 128: deleted
  • 512: automatically handled
1
Pathstring

The file path.

D:\test-tamper-proofing\123.html
Levelstring

The severity of the event on web tamper proofing. Valid values: medium

medium
Idlong

The ID of the event on web tamper proofing.

3555953980

Examples

Sample success responses

JSONformat

{
  "CurrentPage": 2,
  "RequestId": "79CFF74D-E967-5407-8A78-EE03B925FDAA",
  "PageSize": 20,
  "TotalCount": 100,
  "List": [
    {
      "Status": "1",
      "EventName": "modify",
      "Ds": 1657178400000,
      "InternetIp": "8.210.XX.XX",
      "ProcessPath": "C:\\Windows\\explorer.exe",
      "Ip": "8.210.XX.XX",
      "GmtEvent": 1657178400000,
      "Count": 10,
      "IntranetIp": "172.25.XX.XX",
      "ProcessName": "python3.7",
      "Uuid": "49e25e0f-bb51-4a5a-a1b3-13a4ddaa****",
      "EventType": "audit",
      "InstanceName": "sql-test-001",
      "EventStatus": "1",
      "Path": "\t\nD:\\test-tamper-proofing\\123.html",
      "Level": "medium",
      "Id": 3555953980
    }
  ]
}

Error codes

HTTP status codeError codeError messageDescription
403NoPermissioncaller has no permissionYou are not authorized to do this operation.
500ServerErrorServerError-

For a list of error codes, visit the Service error codes.

Change history

Change timeSummary of changesOperation
No change history