Updated on 2024-11-19 GMT+08:00

Enabling Ransomware Prevention

Function

To enable ransomware protection, ensure CBR is available in the region. Ransomware prevention works with CBR.

Calling Method

For details, see Calling APIs.

URI

POST /v5/{project_id}/ransomware/protection/open

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

project_id

Yes

String

Project ID

Table 2 Query Parameters

Parameter

Mandatory

Type

Description

enterprise_project_id

No

String

Enterprise project ID. To query all enterprise projects, set this parameter to all_granted_eps.

Request Parameters

Table 3 Request header parameters

Parameter

Mandatory

Type

Description

X-Auth-Token

Yes

String

User token.

It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token.

region

Yes

String

Region ID

Table 4 Request body parameters

Parameter

Mandatory

Type

Description

operating_system

Yes

String

OSs of the server to be protected. The options are as follows:

  • Windows

  • Linux

ransom_protection_status

Yes

String

Whether ransomware protection is enabled. Its value can be:

  • closed

  • opened

    If this parameter is enabled, either protection_policy_id or create_protection_policy must be specified.

protection_policy_id

No

String

Ransomware protection policy ID. If you select an existing policy, this parameter is mandatory.

create_protection_policy

No

ProtectionProxyInfoRequestInfo object

Create a protection policy. For a new protection policy, leave protection_policy_id blank and specify create_protection_policy.

backup_protection_status

Yes

String

Whether to back up data on the server. Its value can be:

  • closed

  • opened

    If server backup is enabled, backup_cycle is mandatory.

backup_resources

No

BackupResources object

This parameter is mandatory when the backup function is enabled. If this parameter is empty, the vault bound to HSS_projectid is compatible.

backup_policy_id

No

String

Backup policy ID

backup_cycle

No

UpdateBackupPolicyRequestInfo1 object

Backup policy.

agent_id_list

Yes

Array of strings

IDs of agents where protection is enabled

host_id_list

Yes

Array of strings

IDs of servers where protection is enabled

Table 5 ProtectionProxyInfoRequestInfo

Parameter

Mandatory

Type

Description

policy_id

No

String

Policy ID. This parameter is optional for a new policy.

policy_name

No

String

Policy name. This parameter is mandatory when you create a protection policy.

protection_mode

No

String

Protection action. This parameter is mandatory when you create a protection policy. The options are as follows:

  • alarm_and_isolation: Report an alarm and isolate.

  • alarm_only: Only report alarms.

bait_protection_status

No

String

Whether to enable honeypot protection. This parameter is mandatory when you create a protection policy. The options are as follows. By default, honeypot protection is enabled.

  • opened

  • closed

protection_directory

No

String

Protected directory. This parameter is mandatory when you create a protection policy.

protection_type

No

String

Protection type. This parameter is mandatory when you create a protection policy.

exclude_directory

No

String

(Optional) Excluded directory

runtime_detection_status

No

String

(Optional) Whether to perform runtime checks. The options are as follows. Currently, it can only be disabled. This field is reserved.

  • opened

  • closed

operating_system

No

String

OS. This parameter is mandatory when you create a protection policy. Its value can be:

  • Windows

  • Linux

process_whitelist

No

Array of TrustProcessInfo objects

Process whitelist

Table 6 TrustProcessInfo

Parameter

Mandatory

Type

Description

path

No

String

Indicates the process path.

hash

No

String

Process hash

Table 7 BackupResources

Parameter

Mandatory

Type

Description

vault_id

No

String

Select the ID of the vault to be bound. The value cannot be empty.

resource_list

No

Array of ResourceInfo objects

List of servers for which the backup function needs to be enabled

Table 8 ResourceInfo

Parameter

Mandatory

Type

Description

host_id

No

String

Server ID

history_backup_status

No

String

Whether to enable backup status depends on error_message or status of available servers. If error_message is empty, backup is not enabled and the value of this field is closed. If error_message is not empty, the value of this field is opened.

Table 9 UpdateBackupPolicyRequestInfo1

Parameter

Mandatory

Type

Description

enabled

No

Boolean

Whether the policy is enabled. The default value is true.

policy_id

No

String

Policy ID. This parameter is mandatory if backup protection is enabled.

operation_definition

No

OperationDefinitionRequestInfo object

Scheduling parameter.

trigger

No

BackupTriggerRequestInfo1 object

Time scheduling rule for the policy.

Table 10 OperationDefinitionRequestInfo

Parameter

Mandatory

Type

Description

day_backups

No

Integer

Maximum number of retained daily backups. The latest backup of each day is saved in the long term. This parameter is not affected by the maximum number of retained backup. The value ranges from 0 to 100. If this parameter is specified, timezone must be configured. Minimum value: 0. Maximum value: 100

max_backups

No

Integer

Maximum number of automated backups that can be retained for an object. The value can be -1 or ranges from 0 to 99999. If the value is set to -1, the backups will not be cleared even though the configured retained backup quantity limit is exceeded. If this parameter and retention_duration_days are left blank at the same time, the backups will be retained permanently. Minimum value: 1. Maximum value: 99999. Default value: -1

month_backups

No

Integer

Maximum number of retained monthly backups. The latest backup of each month is saved in the long term. This parameter is not affected by the maximum number of retained backup. The value ranges from 0 to 100. If this parameter is specified, timezone must be configured. Minimum value: 0. Maximum value: 100

retention_duration_days

No

Integer

Duration of retaining a backup, in days. The maximum value is 99999. If the value is set to -1, backups will not be cleared even though the configured retention duration is exceeded. If this parameter and max_backups are left blank at the same time, the backups will be retained permanently. Minimum value: 1. Maximum value: 99999. Default value: -1

timezone

No

String

Time zone where the user is located, for example, UTC+08:00. Set this parameter only after you have configured any of the parameters day_backups, week_backups, month_backups, and year_backups.

week_backups

No

Integer

Maximum number of retained weekly backups. The latest backup of each week is saved in the long term. This parameter can be effective together with the maximum number of retained backups specified by max_backups. The value ranges from 0 to 100. If this parameter is specified, timezone must be configured.

year_backups

No

Integer

Maximum number of retained yearly backups. The latest backup of each year is saved in the long term. This parameter can be effective together with the maximum number of retained backups specified by max_backups. The value ranges from 0 to 100. If this parameter is specified, timezone must be configured. Minimum value: 0. Maximum value: 100

Table 11 BackupTriggerRequestInfo1

Parameter

Mandatory

Type

Description

properties

No

BackupTriggerPropertiesRequestInfo1 object

Time rule for policy execution. This parameter is mandatory if the backup function is enabled with ransomware protection.

Table 12 BackupTriggerPropertiesRequestInfo1

Parameter

Mandatory

Type

Description

pattern

No

Array of strings

Scheduling rule. This parameter is mandatory if the backup function is enabled with ransomware protection. A maximum of 24 rules can be configured. The scheduling rule complies with iCalendar RFC 2445, but it supports only parameters FREQ, BYDAY, BYHOUR, BYMINUTE, and INTERVAL. FREQ can be set only to WEEKLY or DAILY. BYDAY can be set to MO, TU, WE, TH, FR, SA, or SU (seven days of a week). BYHOUR ranges from 0 to 23 hours. BYMINUTE ranges from 0 minutes to 59 minutes. The scheduling interval must not be less than 1 hour. A maximum of 24 time points are allowed in a day. For example, if the scheduling time is 14:00 from Monday to Sunday, set the scheduling rule as follows: FREQ=WEEKLY;BYDAY=MO,TU,WE,TH,FR,SA,SU;BYHOUR=14;BYMINUTE=00. To start scheduling at 14:00 every day, the rule is as follows: FREQ=DAILY;INTERVAL=1;BYHOUR=14;BYMINUTE=00'.

Response Parameters

None

Example Requests

Enable ransomware protection for the server. The OS type is Linux, the target server ID is 71a15ecc-049f-4cca-bd28-5e90aca1817f, and the agent ID of the target server is c9bed5397db449ebdfba15e85fcfc36accee125c68954daf5cab0528bab59bd8. Server backup is disabled.

POST https://{endpoint}/v5/{project_id}/ransomware/protection/open

{
  "ransom_protection_status" : "opened",
  "backup_protection_status" : "closed",
  "operating_system" : "Linux",
  "protection_policy_id" : "",
  "agent_id_list" : [ "c9bed5397db449ebdfba15e85fcfc36accee125c68954daf5cab0528bab59bd8" ],
  "host_id_list" : [ "71a15ecc-049f-4cca-bd28-5e90aca1817f" ],
  "create_protection_policy" : {
    "bait_protection_status" : "opened",
    "exclude_directory" : "",
    "protection_mode" : "alarm_only",
    "policy_name" : "test111",
    "protection_directory" : "/etc/test",
    "protection_type" : "docx"
  }
}

Example Responses

None

SDK Sample Code

The SDK sample code is as follows.

Enable ransomware protection for the server. The OS type is Linux, the target server ID is 71a15ecc-049f-4cca-bd28-5e90aca1817f, and the agent ID of the target server is c9bed5397db449ebdfba15e85fcfc36accee125c68954daf5cab0528bab59bd8. Server backup is disabled.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.hss.v5.region.HssRegion;
import com.huaweicloud.sdk.hss.v5.*;
import com.huaweicloud.sdk.hss.v5.model.*;

import java.util.List;
import java.util.ArrayList;

public class StartProtectionSolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");
        String projectId = "{project_id}";

        ICredential auth = new BasicCredentials()
                .withProjectId(projectId)
                .withAk(ak)
                .withSk(sk);

        HssClient client = HssClient.newBuilder()
                .withCredential(auth)
                .withRegion(HssRegion.valueOf("<YOUR REGION>"))
                .build();
        StartProtectionRequest request = new StartProtectionRequest();
        ProtectionInfoRequestInfo body = new ProtectionInfoRequestInfo();
        List<String> listbodyHostIdList = new ArrayList<>();
        listbodyHostIdList.add("71a15ecc-049f-4cca-bd28-5e90aca1817f");
        List<String> listbodyAgentIdList = new ArrayList<>();
        listbodyAgentIdList.add("c9bed5397db449ebdfba15e85fcfc36accee125c68954daf5cab0528bab59bd8");
        ProtectionProxyInfoRequestInfo createProtectionPolicybody = new ProtectionProxyInfoRequestInfo();
        createProtectionPolicybody.withPolicyName("test111")
            .withProtectionMode("alarm_only")
            .withBaitProtectionStatus("opened")
            .withProtectionDirectory("/etc/test")
            .withProtectionType("docx")
            .withExcludeDirectory("");
        body.withHostIdList(listbodyHostIdList);
        body.withAgentIdList(listbodyAgentIdList);
        body.withBackupProtectionStatus("closed");
        body.withCreateProtectionPolicy(createProtectionPolicybody);
        body.withProtectionPolicyId("");
        body.withRansomProtectionStatus("opened");
        body.withOperatingSystem("Linux");
        request.withBody(body);
        try {
            StartProtectionResponse response = client.startProtection(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}

Enable ransomware protection for the server. The OS type is Linux, the target server ID is 71a15ecc-049f-4cca-bd28-5e90aca1817f, and the agent ID of the target server is c9bed5397db449ebdfba15e85fcfc36accee125c68954daf5cab0528bab59bd8. Server backup is disabled.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
# coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkhss.v5.region.hss_region import HssRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkhss.v5 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]
    projectId = "{project_id}"

    credentials = BasicCredentials(ak, sk, projectId)

    client = HssClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(HssRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = StartProtectionRequest()
        listHostIdListbody = [
            "71a15ecc-049f-4cca-bd28-5e90aca1817f"
        ]
        listAgentIdListbody = [
            "c9bed5397db449ebdfba15e85fcfc36accee125c68954daf5cab0528bab59bd8"
        ]
        createProtectionPolicybody = ProtectionProxyInfoRequestInfo(
            policy_name="test111",
            protection_mode="alarm_only",
            bait_protection_status="opened",
            protection_directory="/etc/test",
            protection_type="docx",
            exclude_directory=""
        )
        request.body = ProtectionInfoRequestInfo(
            host_id_list=listHostIdListbody,
            agent_id_list=listAgentIdListbody,
            backup_protection_status="closed",
            create_protection_policy=createProtectionPolicybody,
            protection_policy_id="",
            ransom_protection_status="opened",
            operating_system="Linux"
        )
        response = client.start_protection(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)

Enable ransomware protection for the server. The OS type is Linux, the target server ID is 71a15ecc-049f-4cca-bd28-5e90aca1817f, and the agent ID of the target server is c9bed5397db449ebdfba15e85fcfc36accee125c68954daf5cab0528bab59bd8. Server backup is disabled.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    hss "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")
    projectId := "{project_id}"

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        WithProjectId(projectId).
        Build()

    client := hss.NewHssClient(
        hss.HssClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.StartProtectionRequest{}
	var listHostIdListbody = []string{
        "71a15ecc-049f-4cca-bd28-5e90aca1817f",
    }
	var listAgentIdListbody = []string{
        "c9bed5397db449ebdfba15e85fcfc36accee125c68954daf5cab0528bab59bd8",
    }
	policyNameCreateProtectionPolicy:= "test111"
	protectionModeCreateProtectionPolicy:= "alarm_only"
	baitProtectionStatusCreateProtectionPolicy:= "opened"
	protectionDirectoryCreateProtectionPolicy:= "/etc/test"
	protectionTypeCreateProtectionPolicy:= "docx"
	excludeDirectoryCreateProtectionPolicy:= ""
	createProtectionPolicybody := &model.ProtectionProxyInfoRequestInfo{
		PolicyName: &policyNameCreateProtectionPolicy,
		ProtectionMode: &protectionModeCreateProtectionPolicy,
		BaitProtectionStatus: &baitProtectionStatusCreateProtectionPolicy,
		ProtectionDirectory: &protectionDirectoryCreateProtectionPolicy,
		ProtectionType: &protectionTypeCreateProtectionPolicy,
		ExcludeDirectory: &excludeDirectoryCreateProtectionPolicy,
	}
	protectionPolicyIdProtectionInfoRequestInfo:= ""
	request.Body = &model.ProtectionInfoRequestInfo{
		HostIdList: listHostIdListbody,
		AgentIdList: listAgentIdListbody,
		BackupProtectionStatus: "closed",
		CreateProtectionPolicy: createProtectionPolicybody,
		ProtectionPolicyId: &protectionPolicyIdProtectionInfoRequestInfo,
		RansomProtectionStatus: "opened",
		OperatingSystem: "Linux",
	}
	response, err := client.StartProtection(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

For SDK sample code of more programming languages, see the Sample Code tab in API Explorer. SDK sample code can be automatically generated.

Status Codes

Status Code

Description

200

Ransomware protection enabled.

Error Codes

See Error Codes.