文档首页/ 设备接入 IoTDA/ API参考/ 应用侧API参考/ API/ 安全态势感知配置管理/ 创建安全态势感知配置
更新时间:2025-09-19 GMT+08:00
在线调试
CLI示例
查看PDF
分享

创建安全态势感知配置

功能介绍

接口说明

应用服务器调用该接口创建安全态势感知配置。

限制

目前支持的安全配置项有:

配置名 默认告警级别 默认安全级别 设备维度 平台检测/设备上报 配置结构体 说明
DEVICE_MEMORY_CHECK CRITICAL ADVANCE_SECURITY 设备上报 [{"key":"memory_threshold","value":80},{"key":"report_period","value":1}] 设备内存泄漏检测,report_period:上报周期单位(小时) 取值范围[1, 24];memory_threshold内存检测阈值百分比,取值范围:[1, 100]
DEVICE_PORT_CHECK CRITICAL ADVANCE_SECURITY 设备上报 [{"key":"safety_ports","value":[80,8080]},{"key":"report_period","value":1}] 设备异常端口检测,report_period:上报周期单位(小时) 取值范围[1, 24];safety_ports:安全端口白名单,数组,取值范围:[1, 65535]
DEVICE_CPU_USAGE_CHECK CRITICAL ADVANCE_SECURITY 设备上报 [{"key":"cpu_usage_threshold","value":80},{"key":"report_period","value":1}] 设备CPU使用率检测,report_period:上报周期单位(小时) 取值范围[1, 24];cpu_usage_threshold:CPU检测阈值百分比,取值范围:[1, 100]
DEVICE_DISK_SPACE_CHECK CRITICAL ADVANCE_SECURITY 设备上报 [{"key":"disk_space_threshold","value":80},{"key":"report_period","value":1}] 设备磁盘使用率检测,report_period:上报周期单位(小时) 取值范围[1, 24];disk_space_threshold:磁盘检测阈值百分比,取值范围:[1, 100]
DEVICE_BATTERY_PERCENTAGE_CHECK CRITICAL ADVANCE_SECURITY 设备上报 [{"key":"battery_percentage_threshold","value":20},{"key":"report_period","value":1}] 设备电池电量检测,report_period:上报周期单位(小时) 取值范围[1, 24];battery_percentage_threshold:电池检测阈值百分比,取值范围:[1, 100]
DEVICE_LOGIN_LOCAL_CHECK MINOR BASIC_SECURITY 设备上报 NA 设备本地登录检测
DEVICE_MALICIOUS_IP_CHECK MINOR BASIC_SECURITY 设备上报 {"key":"safety_ips","value":["192.168.0.0/16"]} 设备恶意ip检测
DEVICE_LOGIN_BRUTE_FORCE_CHECK MINOR BASIC_SECURITY 设备上报 NA 设备暴力破解登录检测
DEVICE_FILE_TAMPER_CHECK MINOR BASIC_SECURITY 设备上报 NA 设备本地文件篡改检测
INSECURE_TLS_PROTOCOL_CHECK MAJOR ULTIMATE_SECURITY 平台检测 NA 设备使用不安全的TLS协议接入检测
INSECURE_CIPHER_SUITE_CHECK MAJOR ULTIMATE_SECURITY 平台检测 NA 设备使用不安全TLS加密套件接入检测
CONNECT_MULTIPLE_TIMES_CHECK CRITICAL ULTIMATE_SECURITY 平台检测 NA 设备单位时间内多次建链检测
SECRET_COMPLEXITY_CHECK MAJOR ULTIMATE_SECURITY 平台检测 NA 设备弱密码检测
TLS_CONNECT_CHECK MINOR ULTIMATE_SECURITY 平台检测 NA 设备是否使用TLS加密通讯协议检测
DEVICE_AUTH_FAIL_CHECK CRITICAL ULTIMATE_SECURITY 平台检测 NA 设备鉴权失败检测
DEVICE_OFFLINE_CHECK CRITICAL ULTIMATE_SECURITY 平台检测 NA 设备异常离线检测

调用方法

请参见如何调用API

URI

POST /v5/iot/{project_id}/security-profiles

表1 路径参数

参数

是否必选

参数类型

描述

project_id

String

参数说明:项目ID。获取方法请参见 获取项目ID

请求参数

表2 请求Header参数

参数

是否必选

参数类型

描述

Instance-Id

String

参数说明:实例ID。物理多租下各实例的唯一标识,一般华为云租户无需携带该参数,仅在物理多租场景下从管理面访问API时需要携带该参数。您可以在IoTDA管理控制台界面,选择左侧导航栏“总览”页签查看当前实例的ID。
表3 请求Body参数

参数

是否必选

参数类型

描述

security_type

String

安全态势感知配置类型

alarm_level

String

参数解释:安全态势感知告警级别。

约束限制:无。

取值范围

  • CRITICAL: 严重告警。

  • MAJOR:重要告警。

  • MINOR:一般告警。

默认取值:不涉及

security_level

String

参数解释:安全态势感知项所属安全风险级别。

约束限制:无。

取值范围

  • BASIC_SECURITY: 基础安全。

  • ADVANCE_SECURITY:高级安全。

  • ULTIMATE_SECURITY:极致安全。

默认取值:不涉及

enable

Boolean

安全态势感知项是否开启

profile

Array of SecurityProfile objects

安全态势感知项配置结构体,用于设备侧检测项下发给设备

profile_targets

SecurityTarget object

安全态势感知配置绑定对象结构体
表4 SecurityProfile

参数

是否必选

参数类型

描述

key

String

安全态势感知项配置值名称

value

Object

安全态势感知项配置值,数据格式参考创建安全态势感知接口说明
表5 SecurityTarget

参数

是否必选

参数类型

描述

target_type

String

安全态势感知配置绑定的对象,目前仅支持PRODUCT产品级别,仅对设备级别的安全态势感知项生效。

target_ids

Array of strings

绑定对象的id列表,当target_type为PRODUCT时,由于产品ID在不同资源空间下可以重复,target_id格式为:资源空间ID:产品ID;资源空间ID与产品ID使用冒号拼接而成。

响应参数

状态码:201

表6 响应Body参数

参数

参数类型

描述

profile_id

String

安全态势感知配置id

security_type

String

安全态势感知配置类型

alarm_level

String

参数解释:安全态势感知告警级别。

约束限制:无。

取值范围

  • CRITICAL: 严重告警。

  • MAJOR:重要告警。

  • MINOR:一般告警。

默认取值:不涉及

security_level

String

参数解释:安全态势感知项所属安全风险级别。

约束限制:无。

取值范围

  • BASIC_SECURITY: 基础安全。

  • ADVANCE_SECURITY:高级安全。

  • ULTIMATE_SECURITY:极致安全。

默认取值:不涉及

enable

Boolean

安全态势感知项是否开启

profile

Array of SecurityProfile objects

安全态势感知项配置结构体,用于设备侧检测项下发给设备

profile_targets

SecurityTarget object

安全态势感知配置绑定对象结构体
表7 SecurityProfile

参数

参数类型

描述

key

String

安全态势感知项配置值名称

value

Object

安全态势感知项配置值,数据格式参考创建安全态势感知接口说明
表8 SecurityTarget

参数

参数类型

描述

target_type

String

安全态势感知配置绑定的对象,目前仅支持PRODUCT产品级别,仅对设备级别的安全态势感知项生效。

target_ids

Array of strings

绑定对象的id列表,当target_type为PRODUCT时,由于产品ID在不同资源空间下可以重复,target_id格式为:资源空间ID:产品ID;资源空间ID与产品ID使用冒号拼接而成。

请求示例

POST https://{endpoint}/v5/iot/{project_id}/security-profiles

{
  "security_type" : "DEVICE_MEMORY_CHECK",
  "alarm_level" : "CRITICAL",
  "security_level" : "BASIC_SECURITY",
  "enable" : true,
  "profile" : [ {
    "key" : "memory_threshold",
    "value" : 80
  } ],
  "profile_targets" : {
    "target_type" : "PRODUCT",
    "target_ids" : [ "1d7616926636486cb05120018018cafc:67443bd4ad7db3647deb4f7a" ]
  }
}

响应示例

状态码:201

Create

{
  "profile_id" : "04ed32dc1b0025b52fe3c01a27c2babc",
  "security_type" : "DEVICE_MEMORY_CHECK",
  "alarm_level" : "CRITICAL",
  "security_level" : "BASIC_SECURITY",
  "enable" : true,
  "profile" : [ {
    "key" : "memory_threshold",
    "value" : 80
  } ],
  "profile_targets" : {
    "target_type" : "PRODUCT",
    "target_ids" : [ "1d7616926636486cb05120018018cafc:67443bd4ad7db3647deb4f7a" ]
  }
}

SDK代码示例

SDK代码示例如下。

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
 
package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.AbstractCredentials;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.core.region.Region;
import com.huaweicloud.sdk.iotda.v5.*;
import com.huaweicloud.sdk.iotda.v5.model.*;

import java.util.List;
import java.util.ArrayList;

public class CreateSecurityProfileSolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");
        // ENDPOINT:请在控制台的"总览"界面的"平台接入地址"中查看“应用侧”的https接入地址。
        String iotdaEndpoint = "<YOUR ENDPOINT>";
        String projectId = "{project_id}";

        ICredential auth = new BasicCredentials()
                .withProjectId(projectId)
                // 标准版/企业版需要使用衍生算法,基础版请删除配置"withDerivedPredicate";
                .withDerivedPredicate(AbstractCredentials.DEFAULT_DERIVED_PREDICATE) // Used in derivative ak/sk authentication scenarios
                .withAk(ak)
                .withSk(sk);

        IoTDAClient client = IoTDAClient.newBuilder()
                .withCredential(auth)
                // 标准版/企业版:需自行创建Region对象,基础版:请使用IoTDARegion的region对象,如"withRegion(IoTDARegion.CN_NORTH_4)"
                .withRegion(new Region("cn-north-4", iotdaEndpoint))
                .build();
        CreateSecurityProfileRequest request = new CreateSecurityProfileRequest();
        AddSecurityProfileDTO body = new AddSecurityProfileDTO();
        List<String> listProfileTargetsTargetIds = new ArrayList<>();
        listProfileTargetsTargetIds.add("1d7616926636486cb05120018018cafc:67443bd4ad7db3647deb4f7a");
        SecurityTarget profileTargetsbody = new SecurityTarget();
        profileTargetsbody.withTargetType("PRODUCT")
            .withTargetIds(listProfileTargetsTargetIds);
        List<SecurityProfile> listbodyProfile = new ArrayList<>();
        listbodyProfile.add(
            new SecurityProfile()
                .withKey("memory_threshold")
                .withValue("80")
        );
        body.withProfileTargets(profileTargetsbody);
        body.withProfile(listbodyProfile);
        body.withEnable(true);
        body.withSecurityLevel("BASIC_SECURITY");
        body.withAlarmLevel("CRITICAL");
        body.withSecurityType("DEVICE_MEMORY_CHECK");
        request.withBody(body);
        try {
            CreateSecurityProfileResponse response = client.createSecurityProfile(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
 
# coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkcore.auth.credentials import DerivedCredentials
from huaweicloudsdkcore.region.region import Region as coreRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkiotda.v5 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]
    # ENDPOINT:请在控制台的"总览"界面的"平台接入地址"中查看“应用侧”的https接入地址,下面创建Client时需要使用自行创建的Region对象,基础版:请选择IoTDAClient中的Region对象 如: IoTDAClient.new_builder().with_region(IoTDARegion.CN_NORTH_4)
    endpoint = "<YOUR ENDPOINT>";
    projectId = "{project_id}"

    credentials = BasicCredentials(ak, sk, projectId).with_derived_predicate(DerivedCredentials.get_default_derived_predicate())

    client = IoTDAClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(coreRegion(id="cn-north-4", endpoint=endpoint)) \
        .build()

    try:
        request = CreateSecurityProfileRequest()
        listTargetIdsProfileTargets = [
            "1d7616926636486cb05120018018cafc:67443bd4ad7db3647deb4f7a"
        ]
        profileTargetsbody = SecurityTarget(
            target_type="PRODUCT",
            target_ids=listTargetIdsProfileTargets
        )
        listProfilebody = [
            SecurityProfile(
                key="memory_threshold",
                value="80"
            )
        ]
        request.body = AddSecurityProfileDTO(
            profile_targets=profileTargetsbody,
            profile=listProfilebody,
            enable=True,
            security_level="BASIC_SECURITY",
            alarm_level="CRITICAL",
            security_type="DEVICE_MEMORY_CHECK"
        )
        response = client.create_security_profile(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
 
package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    iotda "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/iotda/v5"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/iotda/v5/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/core/region"
    core_auth "github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")
    // endpoint:请在控制台的"总览"界面的"平台接入地址"中查看"应用侧"的https接入地址
    endpoint := "<YOUR ENDPOINT>"
    projectId := "{project_id}"

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        WithProjectId(projectId).
        // 企业版/标准版需要使用衍生算法,基础版请删除该配置"WithDerivedPredicate"
        WithDerivedPredicate(core_auth.GetDefaultDerivedPredicate()). // Used in derivative ak/sk authentication scenarios
        Build()

    client := iotda.NewIoTDAClient(
        iotda.IoTDAClientBuilder().
            // 标准版/企业版需要自行创建region,基础版使用IoTDARegion中的region对象
            WithRegion(region.NewRegion("cn-north-4", endpoint)).
            WithCredential(auth).
            Build())

    request := &model.CreateSecurityProfileRequest{}
	var listTargetIdsProfileTargets = []string{
        "1d7616926636486cb05120018018cafc:67443bd4ad7db3647deb4f7a",
    }
	targetTypeProfileTargets:= "PRODUCT"
	profileTargetsbody := &model.SecurityTarget{
		TargetType: &targetTypeProfileTargets,
		TargetIds: &listTargetIdsProfileTargets,
	}
	keyProfile:= "memory_threshold"
	valueProfile:= "80"
	var valueProfileInterface interface{} = valueProfile
	var listProfilebody = []model.SecurityProfile{
        {
            Key: &keyProfile,
            Value: &valueProfileInterface,
        },
    }
	enableAddSecurityProfileDto:= true
	securityLevelAddSecurityProfileDto:= "BASIC_SECURITY"
	alarmLevelAddSecurityProfileDto:= "CRITICAL"
	request.Body = &model.AddSecurityProfileDto{
		ProfileTargets: profileTargetsbody,
		Profile: &listProfilebody,
		Enable: &enableAddSecurityProfileDto,
		SecurityLevel: &securityLevelAddSecurityProfileDto,
		AlarmLevel: &alarmLevelAddSecurityProfileDto,
		SecurityType: "DEVICE_MEMORY_CHECK",
	}
	response, err := client.CreateSecurityProfile(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

更多编程语言的SDK代码示例,请参见API Explorer的代码示例页签,可生成自动对应的SDK代码示例。

状态码

状态码

描述

201

Create

400

Bad Request

403

Forbidden

错误码

请参见错误码

父主题: 安全态势感知配置管理

相关文档