QueryIncidentVertexExtendInfo - Security Center - Alibaba Cloud Documentation Center

Queries the extended information about an event node.

Debugging

You can run this interface directly in OpenAPI Explorer, saving you the trouble of calculating signatures. After running successfully, OpenAPI Explorer can automatically generate SDK code samples.

Debug

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

Operation: the value that you can use in the Action element to specify the operation on a resource.
Access level: the access level of each operation. The levels are read, write, and list.
Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
- The required resource types are displayed in bold characters.
- If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
Condition Key: the condition key that is defined by the cloud service.
Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.

Operation	Access level	Resource type	Condition key	Associated operation
yundun-sas:QueryIncidentVertexExtendInfo	get	All Resources *	none	none

Request parameters

Parameter	Type	Required	Description	Example
VertexId	string	Yes	The ID of the node that you want to query. Note You can call the QueryIncidentTracingDetail operation to query the node ID.	29872354f741b1b044b8a9b4e2ab0535
VertexLabel	string	Yes	The node label. Valid values include but are not limited to: process file alert ip domain	process
RelationType	string	Yes	The type of the edge that you want to query. Valid values include but are not limited to: process_exec_file: A process executes a file. process_connect_ip: A process connects to an IP address. domain_trgger_alert: A domain name triggers an alert.	process_connect_ip
Offset	long	No	The page number. Valid values start from 1.	0
Size	integer	No	The number of entries per page. Valid values start from 1.	10

Response parameters

Parameter	Type	Description	Example
	object	The response parameters.
VertexExtendInfo	array<object>	The returned extended information about the node.
Data	object
Id	string	The node ID.	1377
Name	string	The node name.	oval:com.redhat.rhsa:def:20193878
Type	string	The node type. Valid values include but are not limited to: process file alert ip domain	cve
Time	string	The time when the node was created.	2021-11-06 11:00:00
Timestamp	long	The UNIX timestamp when the node was created. Unit: milliseconds.	1645168444
Uuid	string	The node UUID.	678e29f4-d78f-4a7c-a2bc-38434a138538
RuleId	string	The ID of the rule for which the node was created.	400035
Properties	string	The node properties. The value is in the text format.	DIRECTORY
Property	object	The node property.
AlertDesc	string	The alert description.	exploit
LogUuid	string	The log ID.	abc4990f2e1948eb960a2bb7ac0f****
GmtModified	string	The modification time.	2023-05-08 20:06:07
AlertUuid	string	The alert ID.	alert-abc4990f2e1948eb960a2bb7ac0****
AlertType	string	The alert type.	attack_alert
AlertSrcProdModule	string	The module of the service that generates the alert.	aegis
AttCk	string	ATT&CK	Keychain
AlertNameCode	string	The code of the alert name.	6367
AlertDetail	string	The details of the alert.	{}
OccurTime	string	The time when the alert was generated.	2022-11-24T10:13Z
AlertTypeCode	string	The code of the alert type.	112
AlertLevel	string	The alert level. Valid values: serious suspicious remind	serious
AssetList	string	The assets.	[]
GmtCreate	string	The creation time.	2022-11-24T10:13Z
AlertTypeEn	string	The alert type. The value is in English.	attack_alert
LogTime	string	The time when the log was generated.	2022-11-24T10:13Z
AlertTitle	string	The alert title.	login_common_account
AlertNameEn	string	The alert name. The value is in English.	attack_alert
AlertSrcProd	string	The service that generates the alert.	sas
MainUserId	string	The ID of the master account.	168370268****
CloudCode	string	The code of the cloud service provider.	alibaba_cloud
AlertName	string	The alert name.	pt_device_in_bps_down_alert
EntityList	string	The instance.	[ "003d544744249351****" ]
SubUserId	string	The ID of the sub-account.	11689082709****
Aliuid	string	The ID of the Alibaba Cloud account.	1168908270980461
NeighborList	array<object>	The neighboring nodes.
NeighborList	object
Type	string	The node type. Valid values include but are not limited to: process file alert ip domain	alidetect
Count	integer	The number of nodes.	2
HasMore	boolean	Indicates whether more neighboring nodes exist. Valid values: true false	True
DisplayInfo	array<object>	The display information.
DisplayInfo	object
Name	string	The display name of the property.	IDA
Value	string	The display value of the property.	app:nxueo
Lang	string	The language of the content within the response. Valid values: zh: Chinese en: English	zh
Success	boolean	Indicates whether the request was successful. Valid values: true false	True
RequestId	string	The request ID.	0BCDBBF1-0048-535A-8529-67EA0CD1A807
Count	string	The total number of entries returned.	2

Examples

Sample success responses

JSONformat

{
  "VertexExtendInfo": [
    {
      "Id": "1377",
      "Name": "oval:com.redhat.rhsa:def:20193878",
      "Type": "cve",
      "Time": "2021-11-06 11:00:00",
      "Timestamp": 1645168444,
      "Uuid": "678e29f4-d78f-4a7c-a2bc-38434a138538",
      "RuleId": "400035",
      "Properties": "DIRECTORY",
      "Property": {
        "AlertDesc": "exploit",
        "LogUuid": "abc4990f2e1948eb960a2bb7ac0f****",
        "GmtModified": "2023-05-08 20:06:07",
        "AlertUuid": "alert-abc4990f2e1948eb960a2bb7ac0****",
        "AlertType": "attack_alert",
        "AlertSrcProdModule": "aegis",
        "AttCk": "Keychain",
        "AlertNameCode": "6367",
        "AlertDetail": "{}",
        "OccurTime": "2022-11-24T10:13Z",
        "AlertTypeCode": "112",
        "AlertLevel": "serious",
        "AssetList": "[]",
        "GmtCreate": "2022-11-24T10:13Z",
        "AlertTypeEn": "attack_alert",
        "LogTime": "2022-11-24T10:13Z\n",
        "AlertTitle": "login_common_account",
        "AlertNameEn": "attack_alert",
        "AlertSrcProd": "sas",
        "MainUserId": "168370268****",
        "CloudCode": "alibaba_cloud",
        "AlertName": "pt_device_in_bps_down_alert",
        "EntityList": "[\n      \"003d544744249351****\"\n]",
        "SubUserId": "11689082709****"
      },
      "Aliuid": "1168908270980461",
      "NeighborList": [
        {
          "Type": "alidetect",
          "Count": 2,
          "HasMore": true
        }
      ],
      "DisplayInfo": [
        {
          "Name": "IDA",
          "Value": "app:nxueo"
        }
      ],
      "Lang": "zh"
    }
  ],
  "Success": true,
  "RequestId": "0BCDBBF1-0048-535A-8529-67EA0CD1A807",
  "Count": "2"
}

Error codes

HTTP status code	Error code	Error message	Description
400	VertexExtendInfoError	Get Vertex extend information error, please try again	-
403	NoPermission	caller has no permission	You are not authorized to do this operation.
500	ServerError	ServerError	-

For a list of error codes, visit the Service error codes.

Change history

Change time	Summary of changes	Operation

No change history