Querying the List of Isolated Files
Function
This API is used to query the list of isolated files.
Calling Method
For details, see Calling APIs.
URI
GET /v5/{project_id}/event/isolated-file
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
project_id |
Yes |
String |
Project ID |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
enterprise_project_id |
No |
String |
Enterprise project ID. To query all enterprise projects, set this parameter to all_granted_eps. |
file_path |
No |
String |
File path |
host_name |
No |
String |
Server name |
private_ip |
No |
String |
Server private IP address |
public_ip |
No |
String |
Server public IP address |
file_hash |
No |
String |
The hash value calculated using the SHA256 algorithm. |
asset_value |
No |
String |
Asset importance. The options are as follows:
|
offset |
No |
Integer |
Offset, which specifies the start position of the record to be returned. |
limit |
No |
Integer |
Number of records displayed on each page. |
Request Parameters
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
X-Auth-Token |
Yes |
String |
User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. |
region |
Yes |
String |
Region ID |
Response Parameters
Status code: 200
Parameter |
Type |
Description |
---|---|---|
total_num |
Integer |
Total number |
data_list |
Array of IsolatedFileResponseInfo objects |
Isolated file details |
Parameter |
Type |
Description |
---|---|---|
os_type |
String |
OS type. Its value can be:
|
host_id |
String |
Host ID |
host_name |
String |
Server name |
file_hash |
String |
File hash |
file_path |
String |
File path |
file_attr |
String |
File attribute |
isolation_status |
String |
Isolation status. The options are as follows:
|
private_ip |
String |
Server private IP address |
public_ip |
String |
Elastic IP address |
asset_value |
String |
Asset importance |
update_time |
Integer |
Update time, in milliseconds |
agent_version |
String |
Agent version |
isolate_source |
String |
Isolation source. The options are as follows:
|
event_name |
String |
Event name |
agent_event_info |
IsolateEventResponseInfo object |
Isolation event details |
antivirus_result_info |
AntivirusResultDetailInfo object |
Results of virus scanning and removal |
Parameter |
Type |
Description |
---|---|---|
event_id |
String |
Event ID |
event_class_id |
String |
Event category. Its value can be:
|
event_type |
Integer |
Event type. Its value can be:
|
event_name |
String |
Event name |
severity |
String |
Threat level. Its value can be:
|
container_name |
String |
Container instance name. This parameter is available only for container alarms. |
image_name |
String |
Image name. This parameter is available only for container alarms. |
host_name |
String |
Server name |
host_id |
String |
Host ID |
private_ip |
String |
Server private IP address |
public_ip |
String |
Elastic IP address |
os_type |
String |
OS type. Its value can be:
|
host_status |
String |
Server status. The options are as follows:
|
agent_status |
String |
Agent status. Its value can be:
|
protect_status |
String |
Protection status. Its value can be:
|
asset_value |
String |
Asset importance. The options are as follows:
|
attack_phase |
String |
Attack phase. Its value can be:
|
attack_tag |
String |
Attack tag. Its value can be:
|
occur_time |
Integer |
Occurrence time, accurate to milliseconds. |
handle_time |
Integer |
Handling time, in milliseconds. This parameter is available only for handled alarms. |
handle_status |
String |
Processing status. Its value can be:
|
handle_method |
String |
Handling method. This parameter is available only for handled alarms. The options are as follows:
|
handler |
String |
Remarks. This parameter is available only for handled alarms. |
recommendation |
String |
Handling suggestion |
description |
String |
Alarm description |
event_abstract |
String |
Alarm summary |
event_count |
Integer |
Event occurrences |
Parameter |
Type |
Description |
---|---|---|
result_id |
String |
The result ID of virus scanning and removal |
malware_name |
String |
Virus name |
file_path |
String |
File path |
file_hash |
String |
File hash |
file_size |
Integer |
File size |
file_owner |
String |
File owner |
file_attr |
String |
File attribute |
file_ctime |
Integer |
File creation time |
file_mtime |
Integer |
File update time |
update_time |
Integer |
Update time, in milliseconds |
agent_id |
String |
Agent ID |
Example Requests
Query the first 10 isolated files.
GET https://{endpoint}/v5/{project_id}/event/isolated-file?limit=10&offset=0&enterprise_project_id=xxx
Example Responses
Status code: 200
Isolated files list
{ "data_list" : [ { "file_attr" : "0", "file_hash" : "58693382bc0c9f60ef86e5b37cf3c2f3a9c9ec46936901eaa9131f7ee4a09bde", "file_path" : "C:\\Users\\Public\\Public Docker\\system32.exe", "os_type" : "Linux", "host_id" : "5a41ca47-8ea7-4a65-a8fb-950d03d8638e", "host_name" : "ecs-wi-800211", "isolation_status" : "isolated", "private_ip" : "127.0.0.2", "public_ip" : "127.0.0.1", "asset_value" : "common", "update_time" : 1698304933717, "agent_version" : "3.2.10", "isolate_source" : "event", "event_name" : "Spyware", "antivirus_result_info" : { "result_id" : "5a41ca47-8ea7-4a65-a8fb-950d03d8638e", "malware_name" : "Win32.Virus.Hidrag", "file_attr" : "0", "file_hash" : "58693382bc0c9f60ef86e5b37cf3c2f3a9c9ec46936901eaa9131f7ee4a09bde", "file_path" : "C:\\Users\\Public\\Public Docker\\system32.exe", "file_size" : 58460, "file_owner" : "Administrators", "file_ctime" : 1700039800, "file_mtime" : 1700039800, "update_time" : 1698304933717, "agent_id" : "5a41ca47-8ea7-4a65-a8fb-950d03d8638e" }, "agent_event_info" : { "attack_phase" : "exploit", "attack_tag" : "abnormal_behavior", "event_class_id" : "lgin_1002", "event_id" : "d8a12cf7-6a43-4cd6-92b4-aabf1e917", "event_name" : "different locations", "event_type" : 4004, "handle_status" : "unhandled", "host_name" : "xxx", "occur_time" : 1661593036627, "private_ip" : "127.0.0.1", "severity" : "Medium", "os_type" : "Linux", "agent_status" : "online", "asset_value" : "common", "protect_status" : "opened", "host_status" : "ACTIVE", "description" : "", "event_abstract" : "", "image_name" : "image", "container_name" : "test", "host_id" : "5a41ca47-8ea7-4a65-a8fb-950d03d8638e", "public_ip" : "127.0.0.2", "handle_time" : 1698304933717, "handle_method" : "ignore", "recommendation" : "Handling suggestion", "event_count" : 1 } } ], "total_num" : 1 }
SDK Sample Code
The SDK sample code is as follows.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 |
package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.hss.v5.region.HssRegion; import com.huaweicloud.sdk.hss.v5.*; import com.huaweicloud.sdk.hss.v5.model.*; public class ListIsolatedFileSolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); String projectId = "{project_id}"; ICredential auth = new BasicCredentials() .withProjectId(projectId) .withAk(ak) .withSk(sk); HssClient client = HssClient.newBuilder() .withCredential(auth) .withRegion(HssRegion.valueOf("<YOUR REGION>")) .build(); ListIsolatedFileRequest request = new ListIsolatedFileRequest(); try { ListIsolatedFileResponse response = client.listIsolatedFile(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } } |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 |
# coding: utf-8 import os from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdkhss.v5.region.hss_region import HssRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdkhss.v5 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = os.environ["CLOUD_SDK_AK"] sk = os.environ["CLOUD_SDK_SK"] projectId = "{project_id}" credentials = BasicCredentials(ak, sk, projectId) client = HssClient.new_builder() \ .with_credentials(credentials) \ .with_region(HssRegion.value_of("<YOUR REGION>")) \ .build() try: request = ListIsolatedFileRequest() response = client.list_isolated_file(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg) |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 |
package main import ( "fmt" "github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic" hss "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5" "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5/model" region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5/region" ) func main() { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak := os.Getenv("CLOUD_SDK_AK") sk := os.Getenv("CLOUD_SDK_SK") projectId := "{project_id}" auth := basic.NewCredentialsBuilder(). WithAk(ak). WithSk(sk). WithProjectId(projectId). Build() client := hss.NewHssClient( hss.HssClientBuilder(). WithRegion(region.ValueOf("<YOUR REGION>")). WithCredential(auth). Build()) request := &model.ListIsolatedFileRequest{} response, err := client.ListIsolatedFile(request) if err == nil { fmt.Printf("%+v\n", response) } else { fmt.Println(err) } } |
For SDK sample code of more programming languages, see the Sample Code tab in API Explorer. SDK sample code can be automatically generated.
Status Codes
Status Code |
Description |
---|---|
200 |
Isolated files list |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot