All Products
Search

This Product

    :DescribeApisecAbnormals

    Document Center

    :DescribeApisecAbnormals

    Last Updated:Nov 15, 2024

    Queries the list of API security risks.

    Debugging

    You can run this interface directly in OpenAPI Explorer, saving you the trouble of calculating signatures. After running successfully, OpenAPI Explorer can automatically generate SDK code samples.

    Authorization information

    The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

    • Operation: the value that you can use in the Action element to specify the operation on a resource.
    • Access level: the access level of each operation. The levels are read, write, and list.
    • Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
      • The required resource types are displayed in bold characters.
      • If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
    • Condition Key: the condition key that is defined by the cloud service.
    • Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
    OperationAccess levelResource typeCondition keyAssociated operation
    yundun-waf:DescribeApisecAbnormalsget
    *All Resources
    *
      none
    		none

    Request parameters

    ParameterTypeRequiredDescriptionExample
    InstanceIdstringYes

    The ID of the Web Application Firewall (WAF) instance.

    Note You can call the DescribeInstance operation to query the ID of the WAF instance.
    		waf_v2_public_cn-z***9g301
    ApiIdstringNo

    The ID of the risk-related API.

    		bd9efb8ad******d9ca6
    ApiFormatstringNo

    The risk-related API.

    		/api/users/login
    MatchedHoststringNo

    The domain name or IP address of the API.

    		a.aliyun.com
    StartTimestringNo

    The beginning of the time range to query. The value is a UNIX timestamp displayed in UTC. Unit: seconds.

    		1684252800
    EndTimestringNo

    The end of the time range to query. The value is a UNIX timestamp displayed in UTC. Unit: seconds.

    		1684382100
    OrderKeystringNo

    The name of the sorting field. Valid values:

    • firstTime (default): first detection time
    • abnormalLevel: risk level
    		allCnt
    OrderWaystringNo

    The sorting method. Valid values:

    • desc (default): in descending order
    • asc: in ascending order
    		desc
    AbnormalLevelstringNo

    The level of the risk. Valid values:

    • high
    • medium
    • low
    		medium
    AbnormalTagstringNo

    The type of the risk.

    Note You can call the DescribeApisecRules operation to query the supported types of risks.
    		LackOfSpeedLimit
    AbnormalIdstringNo

    The ID of the risk.

    		29c6401****99a2bad3943e26d8
    UserStatusstringNo

    The status of the risk. Valid values:

    • toBeConfirmed
    • confirmed
    • toBeFixed
    • fixed
    • ignored
    		Confirmed
    PageNumberlongNo

    The page number. Default value: 1.

    		2
    PageSizelongNo

    The number of entries per page. Default value: 10.

    		10
    OriginstringNo

    The source of the risk type. Valid values:

    • custom
    • default
    		custom
    ApiTagstringNo

    The business purpose of the API.

    Note You can call the DescribeApisecRules operation to query the business purposes of APIs.
    		RegisterAPI
    ClusterIdstringNo

    The ID of the hybrid cloud cluster.

    Note For hybrid cloud scenarios only, you can call the DescribeHybridCloudClusters operation to query the hybrid cloud clusters.
    		546
    RegionIdstringNo

    The region in which the Web Application Firewall (WAF) instance is deployed. Valid values:

    • cn-hangzhou: Chinese mainland

    • ap-southeast-1: outside the Chinese mainland

    		cn-qingdao
    ResourceManagerResourceGroupIdstringNo

    The ID of the Alibaba Cloud resource group.

    		rg-acfm***q

    Response parameters

    ParameterTypeDescriptionExample
    object

    The response parameters.

    TotalCountlong

    The total number of entries returned.

    		35
    RequestIdstring

    The request ID.

    		9469646C-F2CC-5F0F-8401-C53***4F46
    Dataarray<object>

    The risks.

    abnormalobject

    The risk.

    AbnormalIdstring

    The ID of the risk.

    		7c1431f27ae7e9c8cc64095***68e
    Originstring

    The source of the risk type. Valid values:

    • custom
    • default
    		custom
    LastestTimelong

    The time at which the risk was last active. The value is a UNIX timestamp displayed in UTC. Unit: seconds.

    		1684252800
    FirstTimelong

    The time at which the risk was first detected. The value is a UNIX timestamp displayed in UTC. Unit: seconds.

    		1701138088
    AbnromalStatusstring

    The status of the risk.

    		unresolved
    ApiFormatstring

    The risk-related API.

    		/api/login
    ApiTagstring

    The business purpose of the API.

    Note You can call the DescribeApisecRules operation to query the business purposes of APIs.
    		SendMail
    DiscoverTimelong

    The time at which the risk was detected. The value is a UNIX timestamp displayed in UTC. Unit: seconds.

    		1684252800
    UserStatusstring

    The status of the risk. Valid values:

    • toBeConfirmed
    • confirmed
    • toBeFixed
    • fixed
    • ignored
    		Confirmed
    IgnoreTimelong

    The time at which the risk was marked as ignored. The value is a UNIX timestamp displayed in UTC. Unit: seconds.

    		1684252800
    Followlong

    Indicates whether the API is followed. Valid values:

    • 1: yes
    • 0(default): no
    		0
    MatchedHoststring

    The domain name or IP address of the API.

    		a.aliyun.com
    Notestring

    The remarks.

    		Business side notified
    AbnormalEventNumberlong

    The number of risk-related security events.

    		2
    AbnormalTagstring

    The type of the risk.

    Note You can call the DescribeApisecRules operation to query the supported types of risks.
    		LackOfSpeedLimit
    AbnormalInfostring

    The details of the risk. The value is a string that consists of multiple parameters in the JSON format. Valid values:

    • rule: risk-related rule
    • data_type: sensitive data type
    • custom_rule_name: custom rule name
    • rule_name: built-in rule name
    		{ "data_type": ["1005","1004"], "rule": { "parent": "RiskType_Permission", "code": "Risk_UnauthSensitive", "level": "high", "origin": "default", "name": "Risk_UnauthSensitive" } }
    ApiIdstring

    The ID of the risk-related API.

    		09559c0d71ca2ffc996b81***836d8
    AbnormalLevelstring

    The level of the risk. Valid values:

    • high
    • medium
    • low
    		high
    Examplesarray

    The risk-related samples.

    examplesstring

    The risk-related sample. The value is a string that consists of multiple parameters in the JSON format. Valid values:

    • param_num: number of API parameters
    • request_method: request method
    • protocol: request protocol
    • api_url: request URL
    • poc_payload: request
    • request: sample request
    • response: sample response
    • param: the request parameters
    		{ "request": {"referer": "-","content_type": "-","cookie": "-","method": "GET","param": [],"host": "test.cn"}, "protocol": "https", "api_url": "https://test.cn:443/index.php", "param": [], "response": {"param": [], "sensitive_type": {}, "header": {},"body": "", "status": 405 }, "request_method": "GET", "poc_payload": "curl -X GET -H 'Accept: */*' -H 'Connection: keep-alive' -H 'User-agent: python-requests/2.32.3' -H 'X-forwarded-for: {{IPv6 Address}}' -H 'Host: test.cn' -H 'Accept-encoding: gzip, deflate' 'https://test.cn:443/index.php'", "param_num": 0 }

    Examples

    Sample success responses

    JSONformat

    {
  "TotalCount": 35,
  "RequestId": "9469646C-F2CC-5F0F-8401-C53***4F46",
  "Data": [
    {
      "AbnormalId": "7c1431f27ae7e9c8cc64095***68e",
      "Origin": "custom",
      "LastestTime": 1684252800,
      "FirstTime": 1701138088,
      "AbnromalStatus": "unresolved",
      "ApiFormat": "/api/login",
      "ApiTag": "SendMail",
      "DiscoverTime": 1684252800,
      "UserStatus": "Confirmed",
      "IgnoreTime": 1684252800,
      "Follow": 0,
      "MatchedHost": "a.aliyun.com",
      "Note": "Business side notified",
      "AbnormalEventNumber": 2,
      "AbnormalTag": "LackOfSpeedLimit",
      "AbnormalInfo": "{ \"data_type\": [\"1005\",\"1004\"], \"rule\": { \"parent\": \"RiskType_Permission\", \"code\": \"Risk_UnauthSensitive\", \"level\": \"high\", \"origin\": \"default\", \"name\": \"Risk_UnauthSensitive\" } }",
      "ApiId": "09559c0d71ca2ffc996b81***836d8",
      "AbnormalLevel": "high",
      "Examples": [
        "{ \"request\": {\"referer\": \"-\",\"content_type\": \"-\",\"cookie\": \"-\",\"method\": \"GET\",\"param\": [],\"host\": \"test.cn\"}, \"protocol\": \"https\", \"api_url\": \"https://test.cn:443/index.php\", \"param\": [], \"response\": {\"param\": [], \"sensitive_type\": {}, \"header\": {},\"body\": \"\", \"status\": 405 }, \"request_method\": \"GET\", \"poc_payload\": \"curl -X GET -H 'Accept: */*' -H 'Connection: keep-alive' -H 'User-agent: python-requests/2.32.3' -H 'X-forwarded-for: {{IPv6 Address}}' -H 'Host: test.cn' -H 'Accept-encoding: gzip, deflate' 'https://test.cn:443/index.php'\", \"param_num\": 0 }"
      ]
    }
  ]
}

    Error codes

    For a list of error codes, visit the Service error codes.