Querying Process Whitelist Policies

Function

This API is used to query process whitelist policies.

Calling Method

For details, see Calling APIs.

URI

GET /v5/{project_id}/app/policy

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Definition Project ID, which is used to specify the project that an asset belongs to. After the project ID is configured, you can query assets in the project using the project ID. For details about how to obtain it, see Obtaining a Project ID. Constraints N/A Range The value can contain 1 to 256 characters. Default Value N/A

**Table 2** Query Parameters
Parameter	Mandatory	Type	Description
enterprise_project_id	No	String	Definition Enterprise project ID, which is used to filter assets in different enterprise projects. For details, see Obtaining an Enterprise Project ID. To query assets in all enterprise projects, set this parameter to all_granted_eps. Constraints You need to set this parameter only after the enterprise project function is enabled. Range The value can contain 1 to 256 characters. Default Value 0: default enterprise project.
offset	Yes	Integer	Definition Offset, which specifies the start position of the record to be returned. Constraints N/A Range The value range is 0 to 2,000,000. Default Value N/A
limit	Yes	Integer	Definition Number of records displayed on each page. Constraints N/A Range Value range: 10 to 200 Default Value 10
policy_name	No	String	Policy name
policy_type	No	String	Definition Process whitelist policy type. Constraints N/A Range allow: Allow specified/authorized processes to run. block: Block malware execution. Default Value N/A
learning_status	No	String	Definition Policy learning status. Constraints N/A Range effecting: The learning is complete, and the policy has been applied. learned: The learning is complete, and the results are to be confirmed. learning: The learning is in progress. pause: paused abnormal: The learning is abnormal. Default Value N/A
intercept	No	Boolean	Definition Whether to enable blocking. Constraints N/A Range true: Yes false: No Default Value N/A

Request Parameters

**Table 3** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	Definition User token, which contains user identity and permissions. The token can be used for identity authentication when an API is called. For details about how to obtain the token, see Obtaining a User Token. Constraints N/A Range The value can contain 1 to 32,768 characters. Default Value N/A

Response Parameters

Status code: 200

**Table 4** Response body parameters
Parameter	Type	Description
data_list	Array of AppWhitelistPolicyResponseInfo objects	data list
total_num	Integer	Definition Total number. Range The value range is 0 to 2,147,483,647.

**Table 5** AppWhitelistPolicyResponseInfo
Parameter	Type	Description
policy_id	String	Policy ID
policy_name	String	Policy name
policy_type	String	Definition Process whitelist policy type. Range allow: Allow specified/authorized processes to run. block: Block malware execution.
learning_status	String	Definition Server name. Constraints N/A Range effecting: The learning is complete, and the policy has been applied. learned: The learning is complete, and the results are to be confirmed. learning: The learning is in progress. pause: paused abnormal: The learning is abnormal. Default Value N/A
learning_days	Integer	Definition Policy learning period (days). Range Minimum value: 1; Maximum value: 1,000
specified_dir	Boolean	Definition Whether to specify a directory for learning. Constraints N/A Range true: Yes false: No Default Value N/A
dir_list	Array of strings	Monitoring directory list
file_extension_list	Array of strings	Monitored file name extension list.
intercept	Boolean	Definition Whether to enable blocking. Range true: Yes false: No
auto_detect	Boolean	Definition Whether to automatically enable detection. Range true: Yes false: No
not_effect_host_num	Integer	Definition Number of servers where the learning has completed but the policy has not been applied. Range The value range is 0 to 2,147,483,647.
effect_host_num	Integer	Definition Number of servers where the learning has completed and the policy has been applied. Range The value range is 0 to 2,147,483,647.
trust_num	Integer	Definition Number of identified trustworthy processes. Range The value range is 0 to 2,147,483,647.
suspicious_num	Integer	Definition Number of identified suspicious processes. Range The value range is 0 to 2,147,483,647.
malicious_num	Integer	Definition Number of identified malicious processes. Range The value range is 0 to 2,147,483,647.
unknown_num	Integer	Definition Number of identified unknown processes. Range The value range is 0 to 2,147,483,647.
abnormal_info_list	Array of AppWhitelistAbnormalInfo objects	List of learning abnormal causes.
auto_confirm	Boolean	Definition Whether to automatically confirm learning results. Range true: Yes false: No
default_policy	Boolean	Definition Default process whitelist policy. Range true: Yes false: No
host_id_list	Array of strings	Server ID set.

**Table 6** AppWhitelistAbnormalInfo
Parameter	Type	Description
abnormal_type	Integer	Exception type
abnormal_description	String	Exception description

Example Requests

None

Example Responses

Status code: 200

Request succeeded.

{
  "total_num" : 1,
  "data_list" : [ {
    "policy_id" : "e208b***-f2e8-48bf-a9fe-a8******d900",
    "policy_name" : "app_whitelist_20250117161121",
    "policy_type" : "block",
    "learning_status" : "learning",
    "learning_days" : 7,
    "specified_dir" : false,
    "intercept" : false,
    "trust_num" : 0,
    "suspicious_num" : 0,
    "malicious_num" : 0,
    "unknown_num" : 0,
    "effect_host_num" : 0,
    "not_effect_host_num" : 1,
    "auto_detect" : true,
    "host_id_list" : [ "a241d890-34cb-4747-bce8-2a5f35df67bd" ],
    "default_policy" : false,
    "auto_confirm" : true
  } ]
}

SDK Sample Code

The SDK sample code is as follows.

      
       
         
         
           package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.hss.v5.region.HssRegion;
import com.huaweicloud.sdk.hss.v5.*;
import com.huaweicloud.sdk.hss.v5.model.*;


public class ListAppWhitelistPolicySolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");
        String projectId = "{project_id}";

        ICredential auth = new BasicCredentials()
                .withProjectId(projectId)
                .withAk(ak)
                .withSk(sk);

        HssClient client = HssClient.newBuilder()
                .withCredential(auth)
                .withRegion(HssRegion.valueOf("<YOUR REGION>"))
                .build();
        ListAppWhitelistPolicyRequest request = new ListAppWhitelistPolicyRequest();
        try {
            ListAppWhitelistPolicyResponse response = client.listAppWhitelistPolicy(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}

          

        

      
     

      
       
         
         
           # coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkhss.v5.region.hss_region import HssRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkhss.v5 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]
    projectId = "{project_id}"

    credentials = BasicCredentials(ak, sk, projectId)

    client = HssClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(HssRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = ListAppWhitelistPolicyRequest()
        response = client.list_app_whitelist_policy(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)

          

        

      
     

      
       
         
         
           package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    hss "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")
    projectId := "{project_id}"

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        WithProjectId(projectId).
        Build()

    client := hss.NewHssClient(
        hss.HssClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.ListAppWhitelistPolicyRequest{}
	response, err := client.ListAppWhitelistPolicy(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

          

        

      
     