Updating an Incident
Function
This API is used to modify an incident and update its attributes according to the changes made. The columns that are not changed remain unchanged.
Calling Method
For details, see Calling APIs.
URI
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/incidents/{incident_id}
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
project_id |
Yes |
String |
Project ID. Minimum: 32 Maximum: 36 |
|
workspace_id |
Yes |
String |
Workspace ID Minimum: 32 Maximum: 36 |
|
incident_id |
Yes |
String |
Incident ID. Minimum: 32 Maximum: 36 |
Request Parameters
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
X-Auth-Token |
Yes |
String |
User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. Minimum: 0 Maximum: 2097152 |
|
content-type |
Yes |
String |
Content type. Default: application/json;charset=UTF-8 Minimum: 0 Maximum: 64 |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
batch_ids |
No |
Array of strings |
IDs of updated alerts. Minimum: 0 Maximum: 100 Array Length: 0 - 999 |
|
data_object |
No |
Incident object |
Incident entity information. |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
version |
No |
String |
Version of the data source of an incident. The version must be one officially released by the Huawei Cloud SSA service. Minimum: 0 Maximum: 64 |
|
id |
No |
String |
Unique identifier of an incident. The value is in UUID format and can contain a maximum of 36 characters. Minimum: 0 Maximum: 36 |
|
domain_id |
No |
String |
ID of the account (domain_id) to whom the data is delivered and hosted. Minimum: 0 Maximum: 36 |
|
region_id |
No |
String |
ID of the region where the account to whom the data is delivered and hosted belongs to. Minimum: 0 Maximum: 36 |
|
workspace_id |
No |
String |
ID of the current workspace. Minimum: 0 Maximum: 36 |
|
labels |
No |
String |
Tag (display only) Minimum: 0 Maximum: 1024 |
|
environment |
No |
environment object |
Coordinates of the environment where the incident was generated. |
|
data_source |
No |
data_source object |
Source the data is first reported. |
|
first_observed_time |
No |
String |
First discovery time. The format is ISO 8601- YYYY-MM-DDTHH:mm:ss.ms+Time zone. Time zone where the incident occurred. If this parameter cannot be parsed, the default time zone GMT+8 is used. Minimum: 0 Maximum: 30 |
|
last_observed_time |
No |
String |
First discovery time. The format is ISO 8601- YYYY-MM-DDTHH:mm:ss.ms+Time zone. Time zone where the incident occurred. If this parameter cannot be parsed, the default time zone GMT+8 is used. Minimum: 0 Maximum: 30 |
|
create_time |
No |
String |
Recording time. The format is ISO 8601- YYYY-MM-DDTHH:mm:ss.ms+Timezone. Time zone where the incident occurred. If this parameter cannot be parsed, the default time zone GMT+8 is used. Minimum: 0 Maximum: 30 |
|
arrive_time |
No |
String |
Data receiving time. The format is ISO 8601- YYYY-MM-DDTHH:mm:ss.ms+Time zone. Time zone where the incident occurred. If this parameter cannot be parsed, the default time zone GMT+8 is used. Minimum: 0 Maximum: 30 |
|
title |
No |
String |
Incident title. Minimum: 0 Maximum: 255 |
|
description |
No |
String |
Event Description Minimum: 0 Maximum: 1024 |
|
source_url |
No |
String |
Incident URL, which points to the page of the current incident description in the data source product. Minimum: 0 Maximum: 1024 |
|
count |
No |
Integer |
Incident occurrences Minimum: 0 Maximum: 999 |
|
confidence |
No |
Integer |
Incident confidence. Confidence is used to illustrate the accuracy of an identified behavior or incident. Value range -- 0-100. 0 indicates that the confidence is 0%, and 100 indicates that the confidence is 100%. Minimum: 0 Maximum: 100 |
|
severity |
No |
String |
Severity level. Value range: Tips | Low | Medium | High | Fatal Description:
Minimum: 3 Maximum: 6 Enumeration values:
|
|
criticality |
No |
Integer |
Criticality, which specifies the importance level of the resources involved in an incident. Value range -- 0 to 100. The value 0 indicates that the resource is not critical, and 100 indicates that the resource is critical. Minimum: 0 Maximum: 100 |
|
incident_type |
No |
incident_type object |
Incident categories. For details, see the Alert Incident Type Definition. |
|
network_list |
No |
Array of network_list objects |
Network Information Array Length: 0 - 999 |
|
resource_list |
No |
Array of resource_list objects |
Affected resources. Array Length: 0 - 999 |
|
remediation |
No |
remediation object |
Remedy measure. |
|
verification_state |
No |
String |
Verification status, which identifies the accuracy of an incident. The options are as follows: – Unknown – True_Positive – False_Positive Enter Unknown by default. Minimum: 32 Maximum: 64 Enumeration values:
|
|
handle_status |
No |
String |
Incident handling status. The options are as follows:
Minimum: 4 Maximum: 5 Enumeration values:
|
|
sla |
No |
Integer |
Risk close time -- Set the acceptable risk duration. Unit -- Hour Minimum: 0 Maximum: 999 |
|
update_time |
No |
String |
Update time. The format is ISO 8601 -- YYYY-MM-DDTHH:mm:ss.ms+Timezone. Time zone where the alert occurred. If this parameter cannot be parsed, the default time zone GMT+8 is used. Minimum: 0 Maximum: 30 |
|
close_time |
No |
String |
Closing time. The format is ISO 8601 -- YYYY-MM-DDTHH:mm:ss.ms+Timezone. Time zone where the incident occurred. If this parameter cannot be parsed, the default time zone GMT+8 is used. Minimum: 0 Maximum: 30 |
|
ipdrr_phase |
No |
String |
Period/Handling phase No. Prepartion|Detection and Analysis|Containm, Eradication& Recovery|Post-Incident-Activity Minimum: 0 Maximum: 64 Enumeration values:
|
|
simulation |
No |
String |
Debugging field. Minimum: 0 Maximum: 64 |
|
actor |
No |
String |
Incident investigator. Minimum: 0 Maximum: 64 |
|
owner |
No |
String |
Owner and service owner. Minimum: 0 Maximum: 64 |
|
creator |
No |
String |
Creator Minimum: 0 Maximum: 64 |
|
close_reason |
No |
String |
Close reason.
Minimum: 0 Maximum: 64 Enumeration values:
|
|
close_comment |
No |
String |
Whether to close comment. Minimum: 0 Maximum: 1024 |
|
malware |
No |
malware object |
Malware |
|
system_info |
No |
Object |
System information. |
|
process |
No |
Array of process objects |
Process information. Array Length: 0 - 999 |
|
user_info |
No |
Array of user_info objects |
User Details Array Length: 0 - 999 |
|
file_info |
No |
Array of file_info objects |
Document Information Array Length: 0 - 999 |
|
system_alert_table |
No |
Object |
Layout fields in the incident list. |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
vendor_type |
No |
String |
Environment provider. The value can be HWCP, HWC, AWS, Azure, or GCP. Minimum: 0 Maximum: 64 |
|
domain_id |
No |
String |
Tenant ID. Minimum: 0 Maximum: 64 |
|
region_id |
No |
String |
Region ID. global is returned for global services. Minimum: 0 Maximum: 64 |
|
cross_workspace_id |
No |
String |
ID of the source workspace for the data delivery. If the source workspace ID is null, then the destination workspace account ID is used. Minimum: 0 Maximum: 64 |
|
project_id |
No |
String |
Project ID. The default value is null for global services. Minimum: 0 Maximum: 64 |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
source_type |
No |
Integer |
Data source type. The options are as follows-- 1- Huawei Cloud product 2- Third-party product 3- Tenant product Minimum: 1 Maximum: 3 Enumeration values:
|
|
domain_id |
No |
String |
Account ID to which the data source product belongs. Minimum: 0 Maximum: 36 |
|
project_id |
No |
String |
ID of the project to which the data source product belongs. Minimum: 0 Maximum: 64 |
|
region_id |
No |
String |
Region where the data source is located. For details about the value range, see Regions and Endpoints. Minimum: 0 Maximum: 64 |
|
company_name |
No |
String |
Name of the company to which a data source belongs. Minimum: 0 Maximum: 16 |
|
product_name |
No |
String |
Name of the data source. Minimum: 0 Maximum: 24 |
|
product_feature |
No |
String |
Name of the feature of the product that detects the incident. Minimum: 0 Maximum: 24 |
|
product_module |
No |
String |
Threat detection module list. Minimum: 0 Maximum: 1024 |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
category |
No |
String |
Type Minimum: 0 Maximum: 1024 |
|
incident_type |
No |
String |
Incident type. Minimum: 0 Maximum: 1024 |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
direction |
No |
String |
Direction. The value can be IN or OUT. Minimum: 0 Maximum: 3 Enumeration values:
|
|
protocol |
No |
String |
Protocol, including Layer 7 and Layer 4 protocols. For details, see IANA registered name. https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml. Minimum: 0 Maximum: 64 |
|
src_ip |
No |
String |
Source IP address Minimum: 0 Maximum: 64 |
|
src_port |
No |
Integer |
Source port. The value ranges from 0 to 65535. Minimum: 0 Maximum: 65535 |
|
src_domain |
No |
String |
Source domain name. Minimum: 0 Maximum: 128 |
|
src_geo |
No |
src_geo object |
Geographical location of the source IP address. |
|
dest_ip |
No |
String |
Destination IP address Minimum: 32 Maximum: 64 |
|
dest_port |
No |
String |
Destination port. The value ranges from 0 to 65535. Minimum: 0 Maximum: 65535 |
|
dest_domain |
No |
String |
Destination domain name Minimum: 0 Maximum: 128 |
|
dest_geo |
No |
dest_geo object |
Geographical location of the destination IP address. |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
latitude |
No |
Number |
Latitude Minimum: 0 Maximum: 90 |
|
longitude |
No |
Number |
Longitude Minimum: 0 Maximum: 180 |
|
city_code |
No |
String |
City code. For example, Beijing or Shanghai. Minimum: 0 Maximum: 64 |
|
country_code |
No |
String |
Country code. For details, see ISO 3166-1 alpha-2. For example, CN | US | DE | IT | SG. Minimum: 0 Maximum: 64 |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
latitude |
No |
Number |
Latitude Minimum: 0 Maximum: 90 |
|
longitude |
No |
Number |
Longitude Minimum: 0 Maximum: 180 |
|
city_code |
No |
String |
City code. For example, Beijing or Shanghai. Minimum: 0 Maximum: 64 |
|
country_code |
No |
String |
Country code. For details, see ISO 3166-1 alpha-2. For example, CN | US | DE | IT | SG. Minimum: 0 Maximum: 64 |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
id |
No |
String |
Cloud service resource ID. Minimum: 0 Maximum: 36 |
|
name |
No |
String |
Resource name. Minimum: 0 Maximum: 255 |
|
type |
No |
String |
Resource type. This parameter references the value of RMS type on Huawei Cloud. Minimum: 0 Maximum: 64 |
|
provider |
No |
String |
Cloud service name, which is the same as the provider field in the RMS service. Minimum: 0 Maximum: 64 |
|
region_id |
No |
String |
Region ID in Huawei Cloud. Minimum: 0 Maximum: 36 |
|
domain_id |
No |
String |
ID of the account to which the resource belongs, in UUID format. Minimum: 0 Maximum: 36 |
|
project_id |
No |
String |
ID of the account to which the resource belongs, in UUID format. Minimum: 0 Maximum: 36 |
|
ep_id |
No |
String |
Specifies the enterprise project ID. Minimum: 0 Maximum: 128 |
|
ep_name |
No |
String |
Enterprise Project Name Minimum: 0 Maximum: 128 |
|
tags |
No |
String |
Resource tag.
Minimum: 0 Maximum: 2048 |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
recommendation |
No |
String |
Recommended solution. Minimum: 0 Maximum: 128 |
|
url |
No |
String |
Link to the general fix information for the incident. The URL must be accessible from the public network with no credentials required. Minimum: 0 Maximum: 2048 |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
malware_family |
No |
String |
Malicious family. Minimum: 0 Maximum: 64 |
|
malware_class |
No |
String |
Malware category. Minimum: 0 Maximum: 64 |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
process_name |
No |
String |
Process name. Minimum: 0 Maximum: 64 |
|
process_path |
No |
String |
Process execution file path. Minimum: 0 Maximum: 512 |
|
process_pid |
No |
Integer |
Process ID. Minimum: 0 Maximum: 65535 |
|
process_uid |
No |
Integer |
Process user ID. Minimum: 0 Maximum: 655350 |
|
process_cmdline |
No |
String |
Process command line. Minimum: 0 Maximum: 128 |
|
process_parent_name |
No |
String |
Parent process name. Minimum: 0 Maximum: 64 |
|
process_parent_path |
No |
String |
Parent process execution file path. Minimum: 0 Maximum: 512 |
|
process_parent_pid |
No |
Integer |
Parent process ID. Minimum: 0 Maximum: 65535 |
|
process_parent_uid |
No |
Integer |
Parent process user ID. Minimum: 0 Maximum: 655350 |
|
process_parent_cmdline |
No |
String |
Parent process command line. Minimum: 0 Maximum: 128 |
|
process_child_name |
No |
String |
Subprocess name. Minimum: 0 Maximum: 64 |
|
process_child_path |
No |
String |
Subprocess execution file path. Minimum: 0 Maximum: 512 |
|
process_child_pid |
No |
Integer |
Subprocess ID. Minimum: 0 Maximum: 65535 |
|
process_child_uid |
No |
Integer |
Subprocess user ID. Minimum: 0 Maximum: 655350 |
|
process_child_cmdline |
No |
String |
Subprocess command line Minimum: 0 Maximum: 128 |
|
process_launche_time |
No |
String |
Incident start time. The format is ISO 8601 -- YYYY-MM-DDTHH:mm:ss.ms+Time zone. Time zone where the incident occurred. If this parameter cannot be parsed, the default time zone GMT+8 is used. Minimum: 0 Maximum: 30 |
|
process_terminate_time |
No |
String |
Process end time. The format is ISO 8601 -- YYYY-MM-DDTHH:mm:ss.ms+Time zone. Time zone where the incident occurred. If this parameter cannot be parsed, the default time zone GMT+8 is used. Minimum: 0 Maximum: 30 |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
user_id |
No |
String |
User UID Minimum: 0 Maximum: 36 |
|
user_name |
No |
String |
Username Minimum: 32 Maximum: 64 |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
file_path |
No |
String |
File path/name. Minimum: 0 Maximum: 128 |
|
file_content |
No |
String |
File path/name. Minimum: 0 Maximum: 1024 |
|
file_new_path |
No |
String |
New file path/name. Minimum: 32 Maximum: 64 |
|
file_hash |
No |
String |
File Hash Minimum: 0 Maximum: 128 |
|
file_md5 |
No |
String |
File MD5 Minimum: 0 Maximum: 128 |
|
file_sha256 |
No |
String |
File SHA256 Minimum: 0 Maximum: 128 |
|
file_attr |
No |
String |
File attribute. Minimum: 0 Maximum: 1024 |
Response Parameters
Status code: 200
|
Parameter |
Type |
Description |
|---|---|---|
|
X-request-id |
String |
Request ID, in the format request_uuid-timestamp-hostname. |
|
Parameter |
Type |
Description |
|---|---|---|
|
code |
String |
Error code Minimum: 0 Maximum: 64 |
|
message |
String |
Error Message Minimum: 0 Maximum: 1024 |
|
data |
IncidentDetail object |
|
Parameter |
Type |
Description |
|---|---|---|
|
create_time |
String |
Recording time. The format is ISO 8601- YYYY-MM-DDTHH:mm:ss.ms+Timezone. Time zone where the incident occurred. If this parameter cannot be parsed, the default time zone GMT+8 is used. Minimum: 0 Maximum: 30 |
|
data_object |
Incident object |
Incident entity information. |
|
dataclass_ref |
dataclass_ref object |
Data class object. |
|
format_version |
Integer |
Format version. Minimum: 0 Maximum: 999 |
|
id |
String |
Unique identifier of an incident. The value is in UUID format and can contain a maximum of 36 characters. Minimum: 0 Maximum: 36 |
|
project_id |
String |
ID of the current project. Minimum: 0 Maximum: 64 |
|
update_time |
String |
Update time. The format is ISO 8601 -- YYYY-MM-DDTHH:mm:ss.ms+Timezone. Time zone where the alert occurred. If this parameter cannot be parsed, the default time zone GMT+8 is used. Minimum: 0 Maximum: 30 |
|
version |
Integer |
Version. Minimum: 0 Maximum: 999 |
|
workspace_id |
String |
ID of the current workspace. Minimum: 0 Maximum: 36 |
|
Parameter |
Type |
Description |
|---|---|---|
|
version |
String |
Version of the data source of an incident. The version must be one officially released by the Huawei Cloud SSA service. Minimum: 0 Maximum: 64 |
|
id |
String |
Unique identifier of an incident. The value is in UUID format and can contain a maximum of 36 characters. Minimum: 0 Maximum: 36 |
|
domain_id |
String |
ID of the account (domain_id) to whom the data is delivered and hosted. Minimum: 0 Maximum: 36 |
|
region_id |
String |
ID of the region where the account to whom the data is delivered and hosted belongs to. Minimum: 0 Maximum: 36 |
|
workspace_id |
String |
ID of the current workspace. Minimum: 0 Maximum: 36 |
|
labels |
String |
Tag (display only) Minimum: 0 Maximum: 1024 |
|
environment |
environment object |
Coordinates of the environment where the incident was generated. |
|
data_source |
data_source object |
Source the data is first reported. |
|
first_observed_time |
String |
First discovery time. The format is ISO 8601- YYYY-MM-DDTHH:mm:ss.ms+Time zone. Time zone where the incident occurred. If this parameter cannot be parsed, the default time zone GMT+8 is used. Minimum: 0 Maximum: 30 |
|
last_observed_time |
String |
First discovery time. The format is ISO 8601- YYYY-MM-DDTHH:mm:ss.ms+Time zone. Time zone where the incident occurred. If this parameter cannot be parsed, the default time zone GMT+8 is used. Minimum: 0 Maximum: 30 |
|
create_time |
String |
Recording time. The format is ISO 8601- YYYY-MM-DDTHH:mm:ss.ms+Timezone. Time zone where the incident occurred. If this parameter cannot be parsed, the default time zone GMT+8 is used. Minimum: 0 Maximum: 30 |
|
arrive_time |
String |
Data receiving time. The format is ISO 8601- YYYY-MM-DDTHH:mm:ss.ms+Time zone. Time zone where the incident occurred. If this parameter cannot be parsed, the default time zone GMT+8 is used. Minimum: 0 Maximum: 30 |
|
title |
String |
Incident title. Minimum: 0 Maximum: 255 |
|
description |
String |
Event Description Minimum: 0 Maximum: 1024 |
|
source_url |
String |
Incident URL, which points to the page of the current incident description in the data source product. Minimum: 0 Maximum: 1024 |
|
count |
Integer |
Incident occurrences Minimum: 0 Maximum: 999 |
|
confidence |
Integer |
Incident confidence. Confidence is used to illustrate the accuracy of an identified behavior or incident. Value range -- 0-100. 0 indicates that the confidence is 0%, and 100 indicates that the confidence is 100%. Minimum: 0 Maximum: 100 |
|
severity |
String |
Severity level. Value range: Tips | Low | Medium | High | Fatal Description:
Minimum: 3 Maximum: 6 Enumeration values:
|
|
criticality |
Integer |
Criticality, which specifies the importance level of the resources involved in an incident. Value range -- 0 to 100. The value 0 indicates that the resource is not critical, and 100 indicates that the resource is critical. Minimum: 0 Maximum: 100 |
|
incident_type |
incident_type object |
Incident categories. For details, see the Alert Incident Type Definition. |
|
network_list |
Array of network_list objects |
Network Information Array Length: 0 - 999 |
|
resource_list |
Array of resource_list objects |
Affected resources. Array Length: 0 - 999 |
|
remediation |
remediation object |
Remedy measure. |
|
verification_state |
String |
Verification status, which identifies the accuracy of an incident. The options are as follows: – Unknown – True_Positive – False_Positive Enter Unknown by default. Minimum: 32 Maximum: 64 Enumeration values:
|
|
handle_status |
String |
Incident handling status. The options are as follows:
Minimum: 4 Maximum: 5 Enumeration values:
|
|
sla |
Integer |
Risk close time -- Set the acceptable risk duration. Unit -- Hour Minimum: 0 Maximum: 999 |
|
update_time |
String |
Update time. The format is ISO 8601 -- YYYY-MM-DDTHH:mm:ss.ms+Timezone. Time zone where the alert occurred. If this parameter cannot be parsed, the default time zone GMT+8 is used. Minimum: 0 Maximum: 30 |
|
close_time |
String |
Closing time. The format is ISO 8601 -- YYYY-MM-DDTHH:mm:ss.ms+Timezone. Time zone where the incident occurred. If this parameter cannot be parsed, the default time zone GMT+8 is used. Minimum: 0 Maximum: 30 |
|
ipdrr_phase |
String |
Period/Handling phase No. Prepartion|Detection and Analysis|Containm, Eradication& Recovery|Post-Incident-Activity Minimum: 0 Maximum: 64 Enumeration values:
|
|
simulation |
String |
Debugging field. Minimum: 0 Maximum: 64 |
|
actor |
String |
Incident investigator. Minimum: 0 Maximum: 64 |
|
owner |
String |
Owner and service owner. Minimum: 0 Maximum: 64 |
|
creator |
String |
Creator Minimum: 0 Maximum: 64 |
|
close_reason |
String |
Close reason.
Minimum: 0 Maximum: 64 Enumeration values:
|
|
close_comment |
String |
Whether to close comment. Minimum: 0 Maximum: 1024 |
|
malware |
malware object |
Malware |
|
system_info |
Object |
System information. |
|
process |
Array of process objects |
Process information. Array Length: 0 - 999 |
|
user_info |
Array of user_info objects |
User Details Array Length: 0 - 999 |
|
file_info |
Array of file_info objects |
Document Information Array Length: 0 - 999 |
|
system_alert_table |
Object |
Layout fields in the incident list. |
|
Parameter |
Type |
Description |
|---|---|---|
|
vendor_type |
String |
Environment provider. The value can be HWCP, HWC, AWS, Azure, or GCP. Minimum: 0 Maximum: 64 |
|
domain_id |
String |
Tenant ID. Minimum: 0 Maximum: 64 |
|
region_id |
String |
Region ID. global is returned for global services. Minimum: 0 Maximum: 64 |
|
cross_workspace_id |
String |
ID of the source workspace for the data delivery. If the source workspace ID is null, then the destination workspace account ID is used. Minimum: 0 Maximum: 64 |
|
project_id |
String |
Project ID. The default value is null for global services. Minimum: 0 Maximum: 64 |
|
Parameter |
Type |
Description |
|---|---|---|
|
source_type |
Integer |
Data source type. The options are as follows-- 1- Huawei Cloud product 2- Third-party product 3- Tenant product Minimum: 1 Maximum: 3 Enumeration values:
|
|
domain_id |
String |
Account ID to which the data source product belongs. Minimum: 0 Maximum: 36 |
|
project_id |
String |
ID of the project to which the data source product belongs. Minimum: 0 Maximum: 64 |
|
region_id |
String |
Region where the data source is located. For details about the value range, see Regions and Endpoints. Minimum: 0 Maximum: 64 |
|
company_name |
String |
Name of the company to which a data source belongs. Minimum: 0 Maximum: 16 |
|
product_name |
String |
Name of the data source. Minimum: 0 Maximum: 24 |
|
product_feature |
String |
Name of the feature of the product that detects the incident. Minimum: 0 Maximum: 24 |
|
product_module |
String |
Threat detection module list. Minimum: 0 Maximum: 1024 |
|
Parameter |
Type |
Description |
|---|---|---|
|
category |
String |
Type Minimum: 0 Maximum: 1024 |
|
incident_type |
String |
Incident type. Minimum: 0 Maximum: 1024 |
|
Parameter |
Type |
Description |
|---|---|---|
|
direction |
String |
Direction. The value can be IN or OUT. Minimum: 0 Maximum: 3 Enumeration values:
|
|
protocol |
String |
Protocol, including Layer 7 and Layer 4 protocols. For details, see IANA registered name. https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml. Minimum: 0 Maximum: 64 |
|
src_ip |
String |
Source IP address Minimum: 0 Maximum: 64 |
|
src_port |
Integer |
Source port. The value ranges from 0 to 65535. Minimum: 0 Maximum: 65535 |
|
src_domain |
String |
Source domain name. Minimum: 0 Maximum: 128 |
|
src_geo |
src_geo object |
Geographical location of the source IP address. |
|
dest_ip |
String |
Destination IP address Minimum: 32 Maximum: 64 |
|
dest_port |
String |
Destination port. The value ranges from 0 to 65535. Minimum: 0 Maximum: 65535 |
|
dest_domain |
String |
Destination domain name Minimum: 0 Maximum: 128 |
|
dest_geo |
dest_geo object |
Geographical location of the destination IP address. |
|
Parameter |
Type |
Description |
|---|---|---|
|
latitude |
Number |
Latitude Minimum: 0 Maximum: 90 |
|
longitude |
Number |
Longitude Minimum: 0 Maximum: 180 |
|
city_code |
String |
City code. For example, Beijing or Shanghai. Minimum: 0 Maximum: 64 |
|
country_code |
String |
Country code. For details, see ISO 3166-1 alpha-2. For example, CN | US | DE | IT | SG. Minimum: 0 Maximum: 64 |
|
Parameter |
Type |
Description |
|---|---|---|
|
latitude |
Number |
Latitude Minimum: 0 Maximum: 90 |
|
longitude |
Number |
Longitude Minimum: 0 Maximum: 180 |
|
city_code |
String |
City code. For example, Beijing or Shanghai. Minimum: 0 Maximum: 64 |
|
country_code |
String |
Country code. For details, see ISO 3166-1 alpha-2. For example, CN | US | DE | IT | SG. Minimum: 0 Maximum: 64 |
|
Parameter |
Type |
Description |
|---|---|---|
|
id |
String |
Cloud service resource ID. Minimum: 0 Maximum: 36 |
|
name |
String |
Resource name. Minimum: 0 Maximum: 255 |
|
type |
String |
Resource type. This parameter references the value of RMS type on Huawei Cloud. Minimum: 0 Maximum: 64 |
|
provider |
String |
Cloud service name, which is the same as the provider field in the RMS service. Minimum: 0 Maximum: 64 |
|
region_id |
String |
Region ID in Huawei Cloud. Minimum: 0 Maximum: 36 |
|
domain_id |
String |
ID of the account to which the resource belongs, in UUID format. Minimum: 0 Maximum: 36 |
|
project_id |
String |
ID of the account to which the resource belongs, in UUID format. Minimum: 0 Maximum: 36 |
|
ep_id |
String |
Specifies the enterprise project ID. Minimum: 0 Maximum: 128 |
|
ep_name |
String |
Enterprise Project Name Minimum: 0 Maximum: 128 |
|
tags |
String |
Resource tag.
Minimum: 0 Maximum: 2048 |
|
Parameter |
Type |
Description |
|---|---|---|
|
recommendation |
String |
Recommended solution. Minimum: 0 Maximum: 128 |
|
url |
String |
Link to the general fix information for the incident. The URL must be accessible from the public network with no credentials required. Minimum: 0 Maximum: 2048 |
|
Parameter |
Type |
Description |
|---|---|---|
|
malware_family |
String |
Malicious family. Minimum: 0 Maximum: 64 |
|
malware_class |
String |
Malware category. Minimum: 0 Maximum: 64 |
|
Parameter |
Type |
Description |
|---|---|---|
|
process_name |
String |
Process name. Minimum: 0 Maximum: 64 |
|
process_path |
String |
Process execution file path. Minimum: 0 Maximum: 512 |
|
process_pid |
Integer |
Process ID. Minimum: 0 Maximum: 65535 |
|
process_uid |
Integer |
Process user ID. Minimum: 0 Maximum: 655350 |
|
process_cmdline |
String |
Process command line. Minimum: 0 Maximum: 128 |
|
process_parent_name |
String |
Parent process name. Minimum: 0 Maximum: 64 |
|
process_parent_path |
String |
Parent process execution file path. Minimum: 0 Maximum: 512 |
|
process_parent_pid |
Integer |
Parent process ID. Minimum: 0 Maximum: 65535 |
|
process_parent_uid |
Integer |
Parent process user ID. Minimum: 0 Maximum: 655350 |
|
process_parent_cmdline |
String |
Parent process command line. Minimum: 0 Maximum: 128 |
|
process_child_name |
String |
Subprocess name. Minimum: 0 Maximum: 64 |
|
process_child_path |
String |
Subprocess execution file path. Minimum: 0 Maximum: 512 |
|
process_child_pid |
Integer |
Subprocess ID. Minimum: 0 Maximum: 65535 |
|
process_child_uid |
Integer |
Subprocess user ID. Minimum: 0 Maximum: 655350 |
|
process_child_cmdline |
String |
Subprocess command line Minimum: 0 Maximum: 128 |
|
process_launche_time |
String |
Incident start time. The format is ISO 8601 -- YYYY-MM-DDTHH:mm:ss.ms+Time zone. Time zone where the incident occurred. If this parameter cannot be parsed, the default time zone GMT+8 is used. Minimum: 0 Maximum: 30 |
|
process_terminate_time |
String |
Process end time. The format is ISO 8601 -- YYYY-MM-DDTHH:mm:ss.ms+Time zone. Time zone where the incident occurred. If this parameter cannot be parsed, the default time zone GMT+8 is used. Minimum: 0 Maximum: 30 |
|
Parameter |
Type |
Description |
|---|---|---|
|
user_id |
String |
User UID Minimum: 0 Maximum: 36 |
|
user_name |
String |
Username Minimum: 32 Maximum: 64 |
|
Parameter |
Type |
Description |
|---|---|---|
|
file_path |
String |
File path/name. Minimum: 0 Maximum: 128 |
|
file_content |
String |
File path/name. Minimum: 0 Maximum: 1024 |
|
file_new_path |
String |
New file path/name. Minimum: 32 Maximum: 64 |
|
file_hash |
String |
File Hash Minimum: 0 Maximum: 128 |
|
file_md5 |
String |
File MD5 Minimum: 0 Maximum: 128 |
|
file_sha256 |
String |
File SHA256 Minimum: 0 Maximum: 128 |
|
file_attr |
String |
File attribute. Minimum: 0 Maximum: 1024 |
|
Parameter |
Type |
Description |
|---|---|---|
|
id |
String |
Unique identifier of a data class. The value is in UUID format and can contain a maximum of 36 characters. Minimum: 0 Maximum: 36 |
|
name |
String |
Data class name. Minimum: 0 Maximum: 36 |
Status code: 400
|
Parameter |
Type |
Description |
|---|---|---|
|
X-request-id |
String |
Request ID, in the format request_uuid-timestamp-hostname. |
|
Parameter |
Type |
Description |
|---|---|---|
|
code |
String |
Error Code Minimum: 0 Maximum: 64 |
|
message |
String |
Error Description Minimum: 0 Maximum: 1024 |
Example Requests
Update an incident. Set the incident title to MyXXX, URL to http://xxx, occurrence times to 4, and confidence to 4.
{
"data_object" : {
"version" : "1.0",
"environment" : {
"vendor_type" : "MyXXX",
"domain_id" : "909494e3-558e-46b6-a9eb-07a8e18ca62f",
"region_id" : "909494e3-558e-46b6-a9eb-07a8e18ca62f",
"project_id" : "909494e3-558e-46b6-a9eb-07a8e18ca62f"
},
"data_source" : {
"source_type" : 3,
"domain_id" : "909494e3-558e-46b6-a9eb-07a8e18ca62f",
"project_id" : "909494e3-558e-46b6-a9eb-07a8e18ca62f",
"region_id" : "909494e3-558e-46b6-a9eb-07a8e18ca62f"
},
"first_observed_time" : "2021-01-30T23:00:00Z+0800",
"last_observed_time" : "2021-01-30T23:00:00Z+0800",
"create_time" : "2021-01-30T23:00:00Z+0800",
"arrive_time" : "2021-01-30T23:00:00Z+0800",
"title" : "MyXXX",
"description" : "This my XXXX",
"source_url" : "http://xxx",
"count" : 4,
"confidence" : 4,
"severity" : "TIPS",
"criticality" : 4,
"incident_type" : { },
"network_list" : [ {
"direction" : {
"IN" : null
},
"protocol" : "TCP",
"src_ip" : "192.168.0.1",
"src_port" : "1",
"src_domain" : "xxx",
"dest_ip" : "192.168.0.1",
"dest_port" : "1",
"dest_domain" : "xxx",
"src_geo" : {
"latitude" : 90,
"longitude" : 180
},
"dest_geo" : {
"latitude" : 90,
"longitude" : 180
}
} ],
"resource_list" : [ {
"id" : "909494e3-558e-46b6-a9eb-07a8e18ca62f",
"name" : "MyXXX",
"type" : "MyXXX",
"domain_id" : "909494e3-558e-46b6-a9eb-07a8e18ca62f",
"project_id" : "909494e3-558e-46b6-a9eb-07a8e18ca62f",
"region_id" : "909494e3-558e-46b6-a9eb-07a8e18ca62f",
"ep_id" : "909494e3-558e-46b6-a9eb-07a8e18ca62f",
"ep_name" : "MyXXX",
"tags" : "909494e3-558e-46b6-a9eb-07a8e18ca62f"
} ],
"remediation" : {
"recommendation" : "MyXXX",
"url" : "MyXXX"
},
"verification_state" : "Unknown,True_Positive,False_Positive The default value is Unknown.",
"handle_status" : "Open – enabled.Block – blocked.Closed – closed.The default value is Open.",
"sla" : 60000,
"update_time" : "2021-01-30T23:00:00Z+0800",
"close_time" : "2021-01-30T23:00:00Z+0800",
"ipdrr_phase" : "Prepartion|Detection and Analysis|Containm, Eradication& Recovery| Post-Incident-Activity",
"simulation" : "false",
"actor" : "Tom",
"owner" : "MyXXX",
"creator" : "MyXXX",
"close_reason" : "False positive; Resolved; Duplicate; Others",
"close_comment" : "False positive; Resolved; Duplicate; Others",
"malware" : {
"malware_family" : "family",
"malware_class" : "Malicious memory occupation."
},
"system_info" : { },
"process" : [ {
"process_name" : "MyXXX",
"process_path" : "MyXXX",
"process_pid" : 123,
"process_uid" : 123,
"process_cmdline" : "MyXXX"
} ],
"user_info" : [ {
"user_id" : "909494e3-558e-46b6-a9eb-07a8e18ca62f",
"user_name" : "MyXXX"
} ],
"file_info" : [ {
"file_path" : "MyXXX",
"file_content" : "MyXXX",
"file_new_path" : "MyXXX",
"file_hash" : "MyXXX",
"file_md5" : "MyXXX",
"file_sha256" : "MyXXX",
"file_attr" : "MyXXX"
} ],
"id" : "909494e3-558e-46b6-a9eb-07a8e18ca62f",
"workspace_id" : "909494e3-558e-46b6-a9eb-07a8e18ca620"
}
}
Example Responses
Status code: 200
Response body of the request for updating incidents.
{
"code" : "909494e3-558e-46b6-a9eb-07a8e18ca62f",
"message" : "Error message",
"data" : {
"data_object" : {
"version" : "1.0",
"environment" : {
"vendor_type" : "MyXXX",
"domain_id" : "909494e3-558e-46b6-a9eb-07a8e18ca62f",
"region_id" : "909494e3-558e-46b6-a9eb-07a8e18ca62f",
"project_id" : "909494e3-558e-46b6-a9eb-07a8e18ca62f"
},
"data_source" : {
"source_type" : 3,
"domain_id" : "909494e3-558e-46b6-a9eb-07a8e18ca62f",
"project_id" : "909494e3-558e-46b6-a9eb-07a8e18ca62f",
"region_id" : "909494e3-558e-46b6-a9eb-07a8e18ca62f"
},
"first_observed_time" : "2021-01-30T23:00:00Z+0800",
"last_observed_time" : "2021-01-30T23:00:00Z+0800",
"create_time" : "2021-01-30T23:00:00Z+0800",
"arrive_time" : "2021-01-30T23:00:00Z+0800",
"title" : "MyXXX",
"description" : "This my XXXX",
"source_url" : "http://xxx",
"count" : 4,
"confidence" : 4,
"severity" : "TIPS",
"criticality" : 4,
"incident_type" : { },
"network_list" : [ {
"direction" : {
"IN" : null
},
"protocol" : "TCP",
"src_ip" : "192.168.0.1",
"src_port" : "1",
"src_domain" : "xxx",
"dest_ip" : "192.168.0.1",
"dest_port" : "1",
"dest_domain" : "xxx",
"src_geo" : {
"latitude" : 90,
"longitude" : 180
},
"dest_geo" : {
"latitude" : 90,
"longitude" : 180
}
} ],
"resource_list" : [ {
"id" : "909494e3-558e-46b6-a9eb-07a8e18ca62f",
"name" : "MyXXX",
"type" : "MyXXX",
"domain_id" : "909494e3-558e-46b6-a9eb-07a8e18ca62f",
"project_id" : "909494e3-558e-46b6-a9eb-07a8e18ca62f",
"region_id" : "909494e3-558e-46b6-a9eb-07a8e18ca62f",
"ep_id" : "909494e3-558e-46b6-a9eb-07a8e18ca62f",
"ep_name" : "MyXXX",
"tags" : "909494e3-558e-46b6-a9eb-07a8e18ca62f"
} ],
"remediation" : {
"recommendation" : "MyXXX",
"url" : "MyXXX"
},
"verification_state" : "Unknown,True_Positive,False_Positive The default value is Unknown.",
"handle_status" : "Open – enabled.Block – blocked.Closed – closed.The default value is Open.",
"sla" : 60000,
"update_time" : "2021-01-30T23:00:00Z+0800",
"close_time" : "2021-01-30T23:00:00Z+0800",
"ipdrr_phase" : "Prepartion|Detection and Analysis|Containm, Eradication& Recovery| Post-Incident-Activity",
"simulation" : "false",
"actor" : "Tom",
"owner" : "MyXXX",
"creator" : "MyXXX",
"close_reason" : "False positive; Resolved; Duplicate; Others",
"close_comment" : "False positive; Resolved; Duplicate; Others",
"malware" : {
"malware_family" : "family",
"malware_class" : "Malicious memory occupation."
},
"system_info" : { },
"process" : [ {
"process_name" : "MyXXX",
"process_path" : "MyXXX",
"process_pid" : 123,
"process_uid" : 123,
"process_cmdline" : "MyXXX"
} ],
"user_info" : [ {
"user_id" : "909494e3-558e-46b6-a9eb-07a8e18ca62f",
"user_name" : "MyXXX"
} ],
"file_info" : [ {
"file_path" : "MyXXX",
"file_content" : "MyXXX",
"file_new_path" : "MyXXX",
"file_hash" : "MyXXX",
"file_md5" : "MyXXX",
"file_sha256" : "MyXXX",
"file_attr" : "MyXXX"
} ],
"id" : "909494e3-558e-46b6-a9eb-07a8e18ca62f",
"workspace_id" : "909494e3-558e-46b6-a9eb-07a8e18ca620"
},
"create_time" : "2021-01-30T23:00:00Z+0800",
"update_time" : "2021-01-30T23:00:00Z+0800",
"project_id" : "909494e3-558e-46b6-a9eb-07a8e18ca62f",
"workspace_id" : "909494e3-558e-46b6-a9eb-07a8e18ca62f"
}
}
Status Codes
|
Status Code |
Description |
|---|---|
|
200 |
Response body of the request for updating incidents. |
|
400 |
Response body of the failed request for updating incidents. |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
