All Products
Search
Document Center

Security Center:QueryIncidentVertexExtendInfo

Last Updated:Nov 25, 2024

Queries the extended information about an event node.

Debugging

You can run this interface directly in OpenAPI Explorer, saving you the trouble of calculating signatures. After running successfully, OpenAPI Explorer can automatically generate SDK code samples.

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

  • Operation: the value that you can use in the Action element to specify the operation on a resource.
  • Access level: the access level of each operation. The levels are read, write, and list.
  • Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
    • The required resource types are displayed in bold characters.
    • If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
  • Condition Key: the condition key that is defined by the cloud service.
  • Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
OperationAccess levelResource typeCondition keyAssociated operation
yundun-sas:QueryIncidentVertexExtendInfoget
*All Resources
*
    none
none

Request parameters

ParameterTypeRequiredDescriptionExample
VertexIdstringYes

The ID of the node that you want to query.

Note You can call the QueryIncidentTracingDetail operation to query the node ID.
29872354f741b1b044b8a9b4e2ab0535
VertexLabelstringYes

The node label. Valid values include but are not limited to:

  • process
  • file
  • alert
  • ip
  • domain
process
RelationTypestringYes

The type of the edge that you want to query. Valid values include but are not limited to:

  • process_exec_file: A process executes a file.
  • process_connect_ip: A process connects to an IP address.
  • domain_trgger_alert: A domain name triggers an alert.
process_connect_ip
OffsetlongNo

The page number. Valid values start from 1.

0
SizeintegerNo

The number of entries per page. Valid values start from 1.

10

Response parameters

ParameterTypeDescriptionExample
object

The response parameters.

VertexExtendInfoarray<object>

The returned extended information about the node.

Dataobject
Idstring

The node ID.

1377
Namestring

The node name.

oval:com.redhat.rhsa:def:20193878
Typestring

The node type. Valid values include but are not limited to:

  • process
  • file
  • alert
  • ip
  • domain
cve
Timestring

The time when the node was created.

2021-11-06 11:00:00
Timestamplong

The UNIX timestamp when the node was created. Unit: milliseconds.

1645168444
Uuidstring

The node UUID.

678e29f4-d78f-4a7c-a2bc-38434a138538
RuleIdstring

The ID of the rule for which the node was created.

400035
Propertiesstring

The node properties. The value is in the text format.

DIRECTORY
Propertyobject

The node property.

AlertDescstring

The alert description.

exploit
LogUuidstring

The log ID.

abc4990f2e1948eb960a2bb7ac0f****
GmtModifiedstring

The modification time.

2023-05-08 20:06:07
AlertUuidstring

The alert ID.

alert-abc4990f2e1948eb960a2bb7ac0****
AlertTypestring

The alert type.

attack_alert
AlertSrcProdModulestring

The module of the service that generates the alert.

aegis
AttCkstring

ATT&CK

Keychain
AlertNameCodestring

The code of the alert name.

6367
AlertDetailstring

The details of the alert.

{}
OccurTimestring

The time when the alert was generated.

2022-11-24T10:13Z
AlertTypeCodestring

The code of the alert type.

112
AlertLevelstring

The alert level. Valid values:

  • serious
  • suspicious
  • remind
serious
AssetListstring

The assets.

[]
GmtCreatestring

The creation time.

2022-11-24T10:13Z
AlertTypeEnstring

The alert type. The value is in English.

attack_alert
LogTimestring

The time when the log was generated.

2022-11-24T10:13Z
AlertTitlestring

The alert title.

login_common_account
AlertNameEnstring

The alert name. The value is in English.

attack_alert
AlertSrcProdstring

The service that generates the alert.

sas
MainUserIdstring

The ID of the master account.

168370268****
CloudCodestring

The code of the cloud service provider.

alibaba_cloud
AlertNamestring

The alert name.

pt_device_in_bps_down_alert
EntityListstring

The instance.

[ "003d544744249351****" ]
SubUserIdstring

The ID of the sub-account.

11689082709****
Aliuidstring

The ID of the Alibaba Cloud account.

1168908270980461
NeighborListarray<object>

The neighboring nodes.

NeighborListobject
Typestring

The node type. Valid values include but are not limited to:

  • process
  • file
  • alert
  • ip
  • domain
alidetect
Countinteger

The number of nodes.

2
HasMoreboolean

Indicates whether more neighboring nodes exist. Valid values:

  • true
  • false
True
DisplayInfoarray<object>

The display information.

DisplayInfoobject
Namestring

The display name of the property.

IDA
Valuestring

The display value of the property.

app:nxueo
Langstring

The language of the content within the response. Valid values:

  • zh: Chinese
  • en: English
zh
Successboolean

Indicates whether the request was successful. Valid values:

  • true
  • false
True
RequestIdstring

The request ID.

0BCDBBF1-0048-535A-8529-67EA0CD1A807
Countstring

The total number of entries returned.

2

Examples

Sample success responses

JSONformat

{
  "VertexExtendInfo": [
    {
      "Id": "1377",
      "Name": "oval:com.redhat.rhsa:def:20193878",
      "Type": "cve",
      "Time": "2021-11-06 11:00:00",
      "Timestamp": 1645168444,
      "Uuid": "678e29f4-d78f-4a7c-a2bc-38434a138538",
      "RuleId": "400035",
      "Properties": "DIRECTORY",
      "Property": {
        "AlertDesc": "exploit",
        "LogUuid": "abc4990f2e1948eb960a2bb7ac0f****",
        "GmtModified": "2023-05-08 20:06:07",
        "AlertUuid": "alert-abc4990f2e1948eb960a2bb7ac0****",
        "AlertType": "attack_alert",
        "AlertSrcProdModule": "aegis",
        "AttCk": "Keychain",
        "AlertNameCode": "6367",
        "AlertDetail": "{}",
        "OccurTime": "2022-11-24T10:13Z",
        "AlertTypeCode": "112",
        "AlertLevel": "serious",
        "AssetList": "[]",
        "GmtCreate": "2022-11-24T10:13Z",
        "AlertTypeEn": "attack_alert",
        "LogTime": "2022-11-24T10:13Z\n",
        "AlertTitle": "login_common_account",
        "AlertNameEn": "attack_alert",
        "AlertSrcProd": "sas",
        "MainUserId": "168370268****",
        "CloudCode": "alibaba_cloud",
        "AlertName": "pt_device_in_bps_down_alert",
        "EntityList": "[\n      \"003d544744249351****\"\n]",
        "SubUserId": "11689082709****"
      },
      "Aliuid": "1168908270980461",
      "NeighborList": [
        {
          "Type": "alidetect",
          "Count": 2,
          "HasMore": true
        }
      ],
      "DisplayInfo": [
        {
          "Name": "IDA",
          "Value": "app:nxueo"
        }
      ],
      "Lang": "zh"
    }
  ],
  "Success": true,
  "RequestId": "0BCDBBF1-0048-535A-8529-67EA0CD1A807",
  "Count": "2"
}

Error codes

HTTP status codeError codeError messageDescription
400VertexExtendInfoErrorGet Vertex extend information error, please try again-
403NoPermissioncaller has no permissionYou are not authorized to do this operation.
500ServerErrorServerError-

For a list of error codes, visit the Service error codes.

Change history

Change timeSummary of changesOperation
No change history