Querying Suspicious Processes in the Process Whitelist

Function

This API is used to query suspicious processes in the process whitelist.

Calling Method

For details, see Calling APIs.

URI

GET /v5/{project_id}/app/event

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Definition Project ID, which is used to specify the project that an asset belongs to. After the project ID is configured, you can query assets in the project using the project ID. For details about how to obtain it, see Obtaining a Project ID. Constraints N/A Range The value can contain 1 to 256 characters. Default Value N/A

**Table 2** Query Parameters
Parameter	Mandatory	Type	Description
enterprise_project_id	No	String	Definition Enterprise project ID, which is used to filter assets in different enterprise projects. For details, see Obtaining an Enterprise Project ID. To query assets in all enterprise projects, set this parameter to all_granted_eps. Constraints You need to set this parameter only after the enterprise project function is enabled. Range The value can contain 1 to 256 characters. Default Value 0: default enterprise project.
last_days	No	Integer	Definition Number of days to be queried. This parameter is manually exclusive with begin_time and end_time. Constraints N/A Range The value range is 1 to 30. Default Value N/A
begin_time	Yes	Long	Customized start time of a segment. The timestamp is accurate to seconds. The begin_time should be no more than two days earlier than the end_time. This parameter is mutually exclusive with the queried duration.
end_time	Yes	Long	Customized end time of a segment. The timestamp is accurate to seconds. The begin_time should be no more than two days earlier than the end_time. This parameter is mutually exclusive with the queried duration.
host_name	No	String	Definition Server name. Constraints N/A Range The value contains 1 to 256 characters. Default Value N/A
host_ip	No	String	Definition Server IP address. Constraints N/A Range The value contains 1 to 256 characters. Default Value N/A
private_ip	No	String	Definition Server private IP address. Constraints N/A Range The value can contain 1 to 128 characters. Default Value N/A
handle_status	No	String	Definition Handled or not. Constraints N/A Range true: Yes false: No Default Value N/A
offset	Yes	Integer	Definition Offset, which specifies the start position of the record to be returned. Constraints N/A Range The value range is 0 to 2,000,000. Default Value N/A
limit	Yes	Integer	Definition Number of records displayed on each page. Constraints N/A Range Value range: 10 to 200 Default Value 10

Request Parameters

**Table 3** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	Definition User token, which contains user identity and permissions. The token can be used for identity authentication when an API is called. For details about how to obtain the token, see Obtaining a User Token. Constraints N/A Range The value can contain 1 to 32,768 characters. Default Value N/A

Response Parameters

Status code: 200

**Table 4** Response body parameters
Parameter	Type	Description
data_list	Array of AppWhitelistEventResponseInfo objects	data list
total_num	Integer	Definition Total number. Range The value range is 0 to 2,147,483,647.

**Table 5** AppWhitelistEventResponseInfo
Parameter	Type	Description
event_id	String	Definition Event ID. Range The value can contain 1 to 64 characters.
event_class_id	String	Definition Event type. Range container_1001: container namespace container_1002: container open port container_1003: container security option container_1004: container mount directory containerescape_0001: high-risk system call containerescape_0002: shocker attack containerescape_0003: Dirty Cow attack containerescape_0004: container file escape dockerfile_001: modification of user-defined protected container file dockerfile_002: modification of executable files in the container file system dockerproc_001: abnormal container process fileprotect_0001: file privilege escalation fileprotect_0002: critical file change fileprotect_0003: critical file path change fileprotect_0004: file/directory change av_1002: virus av_1003: worm av_1004: Trojan av_1005: botnet av_1006: backdoor av_1007: spyware av_1008: adware av_1009: phishing av_1010: rootkit av_1011: ransomware av_1012: hacker tool av_1013: grayware av_1015: web shell av_1016: mining software login_0001: brute-force attack attempt login_0002: successful brute-force attack login_1001: successful login login_1002: remote login login_1003: weak password malware_0001: shell change event malware_0002: reverse shell event malware_1001: malicious program procdet_0001: abnormal process behavior procdet_0002: process privilege escalation procreport_0001: risky command user_1001: account change user_1002: risky account vmescape_0001: VM sensitive command execution vmescape_0002: access from virtualization process to sensitive file vmescape_0003: abnormal VM port access webshell_0001: web shell network_1001: mining network_1002: servers exploited to launch DDoS attacks network_1003: malicious scan network_1004: attack in sensitive areas ransomware_0001: ransomware attack ransomware_0002: ransomware attack ransomware_0003: ransomware attack fileless_0001: process injection fileless_0002: dynamic library injection fileless_0003: critical configuration change fileless_0004: environment variable change fileless_0005: memory file process fileless_0006: VDSO hijacking crontab_1001: suspicious crontab task vul_exploit_0001: Redis vulnerability exploit vul_exploit_0002: Hadoop vulnerability exploit vul_exploit_0003: MySQL vulnerability exploit rootkit_0001: suspicious rootkit file rootkit_0002: suspicious kernel module RASP_0004: web shell upload RASP_0018: fileless web shell blockexec_001: known ransomware attack hips_0001: Windows Defender disabled hips_0002: suspicious hacker tool hips_0003: suspicious ransomware encryption behavior hips_0004: hidden account creation hips_0005: user password and credential reading hips_0006: suspicious SAM file export hips_0007: suspicious shadow copy deletion hips_0008: backup file deletion hips_0009: registry operation probably performed by ransomware hips_0010: suspicious abnormal process hips_0011: suspicious scan hips_0012: suspicious ransomware script execution hips_0013: suspicious mining command execution hips_0014: suspicious Windows security center disabling hips_0015: suspicious firewall disabling hips_0016: suspicious disabling of system automatic recovery hips_0017: executable file creation in Office hips_0018: abnormal file creation with macros in Office hips_0019: suspicious registry operation hips_0020: Confluence remote code execution hips_0021: MSDT remote code execution portscan_0001: common port scan portscan_0002: secret port scan k8s_1001: Kubernetes event deletion k8s_1002: privileged pod creation k8s_1003: interactive shell used in pod k8s_1004: pod created with sensitive directory k8s_1005: pod created with server network k8s_1006: pod created with host PID space k8s_1007: authentication failure when common pods access API server k8s_1008: API server access from common pod using cURL k8s_1009: exec in system management space k8s_1010: pod created in management space k8s_1011: static pod creation k8s_1012: DaemonSet creation k8s_1013: scheduled cluster task creation k8s_1014: operation on secrets k8s_1015: allowed operation enumeration k8s_1016: high privilege RoleBinding or ClusterRoleBinding k8s_1017: ServiceAccount creation k8s_1018: Cronjob creation k8s_1019: interactive shell used for exec in pods k8s_1020: unauthorized access to API server k8s_1021: access to API server with curl k8s_1022: Ingress vulnerability k8s_1023: man-in-the-middle (MITM) attack k8s_1024: worm, mining, or Trojan k8s_1025: K8s event deletion k8s_1026: SelfSubjectRulesReview imgblock_0001: image blocking based on whitelist imgblock_0002: image blocking based on blacklist imgblock_0003: image tag blocking based on whitelist imgblock_0004: image tag blocking based on blacklist imgblock_0005: container creation blocked based on whitelist imgblock_0006: container creation blocked based on blacklist imgblock_0007: container mount proc imgblock_0008: container seccomp unconfined imgblock_0009: container privilege blocking imgblock_0010: container capabilities blocking
event_type	Integer	Event type. Its value can be: 1001: common malware 1002: virus 1003: worm 1004: Trojan 1005: botnet 1006: backdoor 1010: rootkit 1011: ransomware 1012: hacker tool 1015: web shell 1016: mining 1017: reverse shell 2001: common vulnerability exploit 2012: remote code execution 2047: Redis vulnerability exploit 2048: Hadoop vulnerability exploit 2049: MySQL vulnerability exploit 3002: file privilege escalation 3003: process privilege escalation 3004: critical file change 3005: file/directory change 3007: abnormal process behavior 3015: high-risk command execution 3018: abnormal shell 3027: suspicious crontab task 3029: system protection disabled 3030: backup deletion 3031: suspicious registry operations 3036: container image blocking 4002: brute-force attack 4004: abnormal login 4006: invalid accounts 4014: account added 4020: password theft 6002: port scan 6003: server scan 13001: Kubernetes event deletion 13002: abnormal pod behavior 13003: user information enumeration 13004: cluster role binding
event_name	String	Event name. "white list alert malicious process" "white list alert suspicious process"
severity	String	Definition Risk level. Range Security Low Medium High Critical
host_name	String	Definition Server name. Range The value can contain 1 to 256 characters.
host_id	String	Definition Server ID. Range The value can contain 1 to 64 characters.
private_ip	String	Definition Server private IP address. Range The value can contain 1 to 128 characters.
public_ip	String	Definition EIP. Range The value can contain 1 to 256 characters.
attack_phase	String	Definition Attack phase. Range reconnaissance weaponization delivery exploit installation command_and_control actions
attack_tag	String	Definition Attack tag. Range attack_success: successful attack attack_attempt: attack attempt attack_blocked: attack blocked abnormal_behavior: abnormal behavior collapsible_host: server compromised system_vulnerability: system vulnerability
occur_time	Integer	Definition Occurrence time, accurate to milliseconds Range The value range is 0 to 9,223,372,036,854,775,807.
handle_time	Integer	Definition Handling time, in milliseconds. This parameter is available only for handled alarms. Range The value range is 0 to 9,223,372,036,854,775,807.
handle_status	String	Definition Handling status. Range unhandled handled
handle_method	String	Definition Handling status. Constraints N/A Range mark_as_trust mark_as_suspicious isolate_and_kill Default Value N/A
operate_accept_list	Array of strings	Definition Supported processing operation. Constraints N/A
operate_detail_list	Array of AppWhitelistEventDetailResInfo objects	Operation details list (Not displayed on the page)
resource_info	ProcessEventResourceResponseInfo object	Resource information (not displayed currently)
recommendation	String	Definition Suggestion. Constraints N/A Range N/A Default Value N/A
process_info	Array of EventProcessResInfo objects	Definition Offset: Process information list. Constraints N/A
policy_id	String	Policy ID
policy_name	String	Policy name
os_type	String	Definition OS type. Range Linux Windows
asset_value	String	Asset importance. Its value can be: important common test
host_status	String	Server status
agent_status	String	Agent status. It can be: installed not_installed online offline install_failed installing not_online: All status except online. This value is used only as a query condition.
protect_status	String	Protection status. It can be: closed opened

**Table 6** AppWhitelistEventDetailResInfo
Parameter	Type	Description
agent_id	String	Definition Agent ID Constraints N/A Range The value can contain 1 to 64 characters. Default Value N/A
process_pid	Integer	Definition Process ID. Range The value range is 0 to 2,147,483,647.
file_hash	String	Definition File hash. Range The value can contain 1 to 256 characters.
file_path	String	Definition File path. Range The value can contain 1 to 256 characters.
file_attr	String	Definition File attribute. Range The value can contain 1 to 256 characters.
private_ip	String	Definition Server private IP address. Range The value can contain 1 to 128 characters.
login_ip	String	Definition Login source IP address. Range The value can contain 1 to 256 characters.
login_user_name	String	Definition Login username. Range The value can contain 1 to 256 characters.

**Table 7** ProcessEventResourceResponseInfo
Parameter	Type	Description
domain_id	String	Definition Tenant account ID. Range The value can contain 1 to 64 characters.
project_id	String	Project ID
enterprise_project_id	String	Specifies the ID of the enterprise project that the server belongs to. An enterprise project can be configured only after the enterprise project function is enabled. Enterprise project ID. The value 0 indicates the default enterprise project. To query servers in all enterprise projects, set this parameter to all_granted_eps. If you have only the permission on an enterprise project, you need to transfer the enterprise project ID to query the server in the enterprise project. Otherwise, an error is reported due to insufficient permission.
region_name	String	Region ID
vpc_id	String	Definition VPC ID Range The value can contain 1 to 64 characters.
cloud_id	String	Definition Server ID. Range The value can contain 1 to 64 characters.
vm_name	String	Definition VM name. Range The value can contain 1 to 64 characters.
vm_uuid	String	Definition VM UUID. Range The value can contain 1 to 64 characters.
container_id	String	Definition Container ID. Range The value can contain 1 to 128 characters.
image_id	String	Definition Image ID. Range The value can contain 1 to 64 characters.
image_name	String	Definition Image name. This parameter is available only for container alarms. Range The value can contain 1 to 256 characters.
host_attr	String	Definition Server attribute. Range The value can contain 1 to 64 characters.
service	String	Definition Business service. Range The value can contain 1 to 64 characters.
micro_service	String	Definition Microservice. Range The value can contain 1 to 64 characters.
sys_arch	String	Definition System CPU architecture. Range The value can contain 1 to 64 characters.
os_bit	String	Definition OS bit version. Range The value can contain 1 to 64 characters.
os_type	String	Definition OS type. Range Linux Windows
os_name	String	OS name
host_name	String	Definition Server name. Range The value can contain 1 to 256 characters.
host_ip	String	Definition Server IP address. Range The value can contain 1 to 128 characters.
public_ip	String	Definition EIP. Range The value can contain 1 to 256 characters.
host_id	String	Definition Server ID. Range The value can contain 1 to 64 characters.
pod_uid	String	Definition pod uid Range The value can contain 1 to 64 characters.
pod_name	String	Definition pod name Range The value can contain 1 to 64 characters.
namespace	String	Definition Namespace. Range The value can contain 1 to 64 characters.
cluster_id	String	Cluster ID.
cluster_name	String	Cluster name.
asset_value	String	Asset importance. Its value can be: important common test
container_status	String	Container status.
os_version	String	OS version.
agent_version	String	Agent version

**Table 8** EventProcessResInfo
Parameter	Type	Description
process_name	String	Definition Process name. Range The value can contain 1 to 128 characters.
process_path	String	Definition Process path. Range The value can contain 1 to 256 characters.
process_pid	Integer	Definition Process ID. Range The value range is 0 to 2,147,483,647.
process_uid	Integer	Definition Process name. Range The value range is 0 to 2,147,483,647.
process_username	String	Definition Process username. Range The value can contain 1 to 128 characters.
process_cmdline	String	Definition Process command line. Constraints N/A
process_filename	String	Definition Process file name. Range The value can contain 1 to 64 characters.
process_start_time	Integer	Definition Process start time. Range The value range is 0 to 9,223,372,036,854,775,807.
process_gid	Integer	Definition Process group ID. Range The value range is 0 to 2,147,483,647.
process_egid	Integer	Definition Effective process group ID. Range The value range is 0 to 2,147,483,647.
process_euid	Integer	Definition Effective process user ID Range The value range is 0 to 9,223,372,036,854,775,807.
parent_process_name	String	Definition Parent process name. Range The value can contain 1 to 64 characters.
parent_process_path	String	Definition Parent process file path. Range The value can contain 1 to 64 characters.
parent_process_pid	Integer	Definition Parent process ID. Range The value range is 0 to 2,147,483,647.
parent_process_uid	Integer	Definition User ID associated with the parent process. Range The value range is 0 to 2,147,483,647.
parent_process_cmdline	String	Definition Parent process file command line. Range The value can contain 1 to 64 characters.
parent_process_filename	String	Definition Parent process file name. Range The value can contain 1 to 64 characters.
parent_process_start_time	Integer	Definition Parent process start time. Range The value range is 0 to 9,223,372,036,854,775,807.
parent_process_gid	Integer	Definition Parent process group ID. Range The value range is 0 to 2,147,483,647.
parent_process_egid	Integer	Definition Effective parent process group ID. Range The value range is 0 to 2,147,483,647.
parent_process_euid	Integer	Definition Effective parent process user ID. Range The value range is 0 to 2,147,483,647.
child_process_name	String	Definition Subprocess name. Range The value can contain 1 to 64 characters.
child_process_path	String	Definition Subprocess file path. Range The value can contain 1 to 64 characters.
child_process_pid	Integer	Definition Subprocess ID. Range The value range is 0 to 2,147,483,647.
child_process_uid	Integer	Definition User ID associated with the subprocess. Range The value range is 0 to 2,147,483,647.
child_process_cmdline	String	Definition Subprocess file command line. Range The value can contain 1 to 64 characters.
child_process_filename	String	Definition Subprocess file name. Range The value can contain 1 to 64 characters.
child_process_start_time	Long	Definition Subprocess start time. Range The value range is 0 to 9,223,372,036,854,775,807.
child_process_gid	Integer	Definition Subprocess group ID. Range The value range is 0 to 2,147,483,647.
child_process_egid	Integer	Definition Effective subprocess group ID. Range The value range is 0 to 2,147,483,647.
child_process_euid	Integer	Definition Effective subprocess user ID. Range The value range is 0 to 2,147,483,647.
virt_cmd	String	Definition Virtualization command. Range The value can contain 1 to 64 characters.
virt_process_name	String	Definition Virtualization process name. Range The value can contain 1 to 64 characters.
escape_mode	String	Definition Escape method. Range The value can contain 1 to 64 characters.
escape_cmd	String	Definition Command executed after the escape. Range The value can contain 1 to 128 characters.
process_hash	String	Definition Process startup file hash. Range The value can contain 1 to 64 characters.
mode	String	Definition File attribute. Range The value can contain 1 to 64 characters.
rule	Integer	Definition Rule. Range The value can contain 1 to 64 characters.
score	Integer	Definition Score. Range The value can contain 1 to 64 characters.
process_file_hash	String	Definition Process file hash. Range The value can contain 1 to 64 characters.
parent_process_file_hash	String	Definition Hash of the parent process file. Range The value can contain 1 to 64 characters.
ancestor_process_pid	Integer	Definition Grandparent process ID. Range Value range: 1 to 2,147,483,647
ancestor_process_cmdline	String	Definition Grandparent process command line. Range The value can contain 1 to 64 characters.
ancestor_process_path	String	Definition Grandparent process path. Range The value can contain 1 to 64 characters.
operate_type	Integer	Definition Operation type. Range Value range: 1 to 2,147,483,647
session_id	Integer	Definition Session ID. Range Value range: 1 to 2,147,483,647

Example Requests

None

Example Responses

Status code: 200

Request succeeded.

{
  "total_num" : 4715,
  "data_list" : [ {
    "severity" : "High",
    "event_id" : "4517fc****-a0ad-11ef-9ac9-********",
    "event_class_id" : "appwl_1001",
    "event_type" : 3040,
    "event_name" : "Untrusted process running",
    "host_id" : "4517fc**-be4f-4cbe-9467-******",
    "attack_phase" : "installation",
    "attack_tag" : "abnormal_behavior",
    "occur_time" : 1731385152000,
    "handle_status" : "unhandled",
    "operate_accept_list" : [ "add_to_app_whitelist" ],
    "operate_detail_list" : [ {
      "agent_id" : "3ed2e2aa24b******1231324********8c28f59cae2780e7bf6adf4e",
      "process_pid" : 1549,
      "file_path" : "/usr/bin/login"
    } ],
    "resource_info" : {
      "project_id" : "84b52****e489fa6549888832dc62",
      "enterprise_project_id" : "0",
      "region_name" : "cn-north-7",
      "host_name" : "ecs-hce",
      "host_ip" : "192.168.0.178",
      "public_ip" : "100.93.9.43",
      "host_id" : "2c9****09-be4f-4cbe-9467-73b****8e48f",
      "asset_value" : "common",
      "cloud_id" : "",
      "vm_name" : "ecs-hce",
      "vm_uuid" : "2c****e09-be4f-4cbe-9467-73b80****e48f",
      "os_type" : "Linux",
      "os_name" : "HCE",
      "os_version" : "2.0"
    },
    "process_info_list" : [ {
      "process_name" : "login",
      "process_path" : "/usr/bin/login",
      "process_pid" : 1549,
      "process_uid" : 0,
      "process_cmdline" : "login -- root",
      "process_filename" : "login",
      "process_start_time" : 1719820957,
      "parent_process_name" : "systemd",
      "parent_process_path" : "/usr/lib/systemd/systemd",
      "parent_process_pid" : 1,
      "parent_process_cmdline" : "/usr/lib/systemd/systemd --switched-root --system --deserialize 16",
      "process_file_hash" : "d0364db3f6****d969c4475705d57154df518d0560****21abd34ca"
    } ]
  } ]
}

SDK Sample Code

The SDK sample code is as follows.

      
       
         
         
           package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.hss.v5.region.HssRegion;
import com.huaweicloud.sdk.hss.v5.*;
import com.huaweicloud.sdk.hss.v5.model.*;


public class ListAppWhitelistEventSolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");
        String projectId = "{project_id}";

        ICredential auth = new BasicCredentials()
                .withProjectId(projectId)
                .withAk(ak)
                .withSk(sk);

        HssClient client = HssClient.newBuilder()
                .withCredential(auth)
                .withRegion(HssRegion.valueOf("<YOUR REGION>"))
                .build();
        ListAppWhitelistEventRequest request = new ListAppWhitelistEventRequest();
        try {
            ListAppWhitelistEventResponse response = client.listAppWhitelistEvent(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}

          

        

      
     

      
       
         
         
           # coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkhss.v5.region.hss_region import HssRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkhss.v5 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]
    projectId = "{project_id}"

    credentials = BasicCredentials(ak, sk, projectId)

    client = HssClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(HssRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = ListAppWhitelistEventRequest()
        response = client.list_app_whitelist_event(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)

          

        

      
     

      
       
         
         
           package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    hss "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")
    projectId := "{project_id}"

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        WithProjectId(projectId).
        Build()

    client := hss.NewHssClient(
        hss.HssClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.ListAppWhitelistEventRequest{}
	response, err := client.ListAppWhitelistEvent(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

          

        

      
     