Handling All Alarms

Function

This API is used to handle all alarms.

Authorization Information

Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions.

If you are using role/policy-based authorization, see Permissions Policies and Supported Actions for details on the required permissions.
If you are using identity policy-based authorization, no identity policy-based permission required for calling this API.

URI

POST /v5/{project_id}/event/batch-operate

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Definition Project ID, which is used to specify the project that an asset belongs to. After the project ID is configured, you can query assets in the project using the project ID. For details about how to obtain it, see Obtaining a Project ID. Constraints N/A Range The value can contain 1 to 256 characters. Default Value N/A

**Table 2** Query Parameters
Parameter	Mandatory	Type	Description
enterprise_project_id	No	String	Definition Enterprise project ID, which is used to filter assets in different enterprise projects. For details, see Obtaining an Enterprise Project ID. To query assets in all enterprise projects, set this parameter to all_granted_eps. Constraints You need to set this parameter only after the enterprise project function is enabled. Range The value can contain 1 to 256 characters. Default Value 0: default enterprise project.

Request Parameters

**Table 3** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	Definition User token, which contains user identity and permissions. The token can be used for identity authentication when an API is called. For details about how to obtain the token, see Obtaining a User Token. Constraints N/A Range The value can contain 1 to 32,768 characters. Default Value N/A
region	No	String	Definition Region ID, which is used to query assets in the required region. For details about how to obtain a region ID, see Obtaining a Region ID. Constraints N/A Range The value can contain 1 to 128 characters. Default Value N/A

**Table 4** Request body parameters
Parameter	Mandatory	Type	Description
operate_type	Yes	String	Definition Handling method. Range mark_as_handled: Mark as handled ignore: Ignore add_to_alarm_whitelist: Add to alarm whitelist add_to_login_whitelist: Add to login whitelist isolate_and_kill: Isolate and kill unhandle: Cancel manual handling do_not_ignore: Unignore remove_from_alarm_whitelist: Remove from the alarm whitelist remove_from_login_whitelist: Remove from the login whitelist do_not_isolate_or_kill: Cancel isolation and killing
handler	Yes	String	Definition Remarks. This parameter is available only for handled alarms. Range The value can contain 1 to 256 characters.
event_type	Yes	Integer	Definition Event type. Range 1001: common malware 1002: virus 1003: worm 1004: Trojan 1005: botnet 1006: backdoor 1010: rootkit 1011: ransomware 1012: hacker tool 1015: web shell 1016: mining 1017: reverse shell 2001: common vulnerability exploit 2012: remote code execution 2047: Redis vulnerability exploit 2048: Hadoop vulnerability exploit 2049: MySQL vulnerability exploit 3002: file privilege escalation 3003: process privilege escalation 3004: critical file change 3005: file/directory change 3007: abnormal process behavior 3015: high-risk command execution 3018: abnormal shell 3027: suspicious crontab task 3029: system protection disabled 3030: backup deletion 3031: suspicious registry operations 3036: container image blocking 4002: brute-force attack 4004: abnormal login 4006: invalid accounts 4014: account added 4020: password theft 6002: port scan 6003: server scan 13001: Kubernetes event deletion 13002: abnormal pod behavior 13003: user information enumeration 13004: cluster role binding
category	No	String	Alarm category. The options are as follows: container host

Response Parameters

Status code: 200

Request succeeded.

None

Example Requests

Alarms are handled in batches. Accounts are added in batches.

{
  "operate_type" : "ignore",
  "handler" : "xxx",
  "event_type" : 1001,
  "category" : "host"
}

Example Responses

None

Status Codes

Status Code	Description
200	Request succeeded.

Error Codes

See Error Codes.

Parent Topic: Event management

Previous topic: Querying Supported Event Processing Types

Next topic: Querying the List of Duplicate Alarms for Alarm Events

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot