Updated on 2025-08-15 GMT+08:00

Handling Alarm Events

Function

This API is used to handle alarm events.

Calling Method

For details, see Calling APIs.

URI

POST /v5/{project_id}/event/operate

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

project_id

Yes

String

Project ID

Table 2 Query Parameters

Parameter

Mandatory

Type

Description

enterprise_project_id

No

String

ID of the enterprise project that a server belongs.

An enterprise project can be configured only after the enterprise project function is enabled.

Enterprise project ID. The value 0 indicates the default enterprise project. To query servers in all enterprise projects, set this parameter to all_granted_eps. If you have only the permission on an enterprise project, you need to transfer the enterprise project ID to query the server in the enterprise project. Otherwise, an error is reported due to insufficient permission.

container_name

No

String

Container instance name

container_id

No

String

Container ID

Request Parameters

Table 3 Request header parameters

Parameter

Mandatory

Type

Description

X-Auth-Token

Yes

String

User token.

It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token.

region

No

String

Region ID

Table 4 Request body parameters

Parameter

Mandatory

Type

Description

operate_type

Yes

String

Definition

Handling method.

Range

  • mark_as_handled: Mark as handled

  • ignore: Ignore

  • add_to_alarm_whitelist: Add to alarm whitelist

  • add_to_login_whitelist: Add to login whitelist

  • isolate_and_kill: Isolate and kill

  • unhandle: Cancel manual handling

  • do_not_ignore: Unignore

  • remove_from_alarm_whitelist: Remove from the alarm whitelist

  • remove_from_login_whitelist: Remove from the login whitelist

  • do_not_isolate_or_kill: Cancel isolation and killing

handler

No

String

Definition

Remarks. This parameter is available only for handled alarms.

Range

The value can contain 1 to 256 characters.

operate_event_list

Yes

Array of OperateEventRequestInfo objects

Operated event list

event_white_rule_list

No

Array of EventWhiteRuleListRequestInfo objects

User-defined alarm whitelist

Table 5 OperateEventRequestInfo

Parameter

Mandatory

Type

Description

event_class_id

Yes

String

Definition

Event type.

Range

  • container_1001: container namespace

  • container_1002: container open port

  • container_1003: container security option

  • container_1004: container mount directory

  • containerescape_0001: high-risk system call

  • containerescape_0002: shocker attack

  • containerescape_0003: Dirty Cow attack

  • containerescape_0004: container file escape

  • dockerfile_001: modification of user-defined protected container file

  • dockerfile_002: modification of executable files in the container file system

  • dockerproc_001: abnormal container process

  • fileprotect_0001: file privilege escalation

  • fileprotect_0002: critical file change

  • fileprotect_0003: critical file path change

  • fileprotect_0004: file/directory change

  • av_1002: virus

  • av_1003: worm

  • av_1004: Trojan

  • av_1005: botnet

  • av_1006: backdoor

  • av_1007: spyware

  • av_1008: adware

  • av_1009: phishing

  • av_1010: rootkit

  • av_1011: ransomware

  • av_1012: hacker tool

  • av_1013: grayware

  • av_1015: web shell

  • av_1016: mining software

  • login_0001: brute-force attack attempt

  • login_0002: successful brute-force attack

  • login_1001: successful login

  • login_1002: remote login

  • login_1003: weak password

  • malware_0001: shell change event

  • malware_0002: reverse shell event

  • malware_1001: malicious program

  • procdet_0001: abnormal process behavior

  • procdet_0002: process privilege escalation

  • procreport_0001: risky command

  • user_1001: account change

  • user_1002: risky account

  • vmescape_0001: VM sensitive command execution

  • vmescape_0002: access from virtualization process to sensitive file

  • vmescape_0003: abnormal VM port access

  • webshell_0001: web shell

  • network_1001: mining

  • network_1002: servers exploited to launch DDoS attacks

  • network_1003: malicious scan

  • network_1004: attack in sensitive areas

  • ransomware_0001: ransomware attack

  • ransomware_0002: ransomware attack

  • ransomware_0003: ransomware attack

  • fileless_0001: process injection

  • fileless_0002: dynamic library injection

  • fileless_0003: critical configuration change

  • fileless_0004: environment variable change

  • fileless_0005: memory file process

  • fileless_0006: VDSO hijacking

  • crontab_1001: suspicious crontab task

  • vul_exploit_0001: Redis vulnerability exploit

  • vul_exploit_0002: Hadoop vulnerability exploit

  • vul_exploit_0003: MySQL vulnerability exploit

  • rootkit_0001: suspicious rootkit file

  • rootkit_0002: suspicious kernel module

  • RASP_0004: web shell upload

  • RASP_0018: fileless web shell

  • blockexec_001: known ransomware attack

  • hips_0001: Windows Defender disabled

  • hips_0002: suspicious hacker tool

  • hips_0003: suspicious ransomware encryption behavior

  • hips_0004: hidden account creation

  • hips_0005: user password and credential reading

  • hips_0006: suspicious SAM file export

  • hips_0007: suspicious shadow copy deletion

  • hips_0008: backup file deletion

  • hips_0009: registry operation probably performed by ransomware

  • hips_0010: suspicious abnormal process

  • hips_0011: suspicious scan

  • hips_0012: suspicious ransomware script execution

  • hips_0013: suspicious mining command execution

  • hips_0014: suspicious Windows security center disabling

  • hips_0015: suspicious firewall disabling

  • hips_0016: suspicious disabling of system automatic recovery

  • hips_0017: executable file creation in Office

  • hips_0018: abnormal file creation with macros in Office

  • hips_0019: suspicious registry operation

  • hips_0020: Confluence remote code execution

  • hips_0021: MSDT remote code execution

  • portscan_0001: common port scan

  • portscan_0002: secret port scan

  • k8s_1001: Kubernetes event deletion

  • k8s_1002: privileged pod creation

  • k8s_1003: interactive shell used in pod

  • k8s_1004: pod created with sensitive directory

  • k8s_1005: pod created with server network

  • k8s_1006: pod created with host PID space

  • k8s_1007: authentication failure when common pods access API server

  • k8s_1008: API server access from common pod using cURL

  • k8s_1009: exec in system management space

  • k8s_1010: pod created in management space

  • k8s_1011: static pod creation

  • k8s_1012: DaemonSet creation

  • k8s_1013: scheduled cluster task creation

  • k8s_1014: operation on secrets

  • k8s_1015: allowed operation enumeration

  • k8s_1016: high privilege RoleBinding or ClusterRoleBinding

  • k8s_1017: ServiceAccount creation

  • k8s_1018: Cronjob creation

  • k8s_1019: interactive shell used for exec in pods

  • k8s_1020: unauthorized access to API server

  • k8s_1021: access to API server with curl

  • k8s_1022: Ingress vulnerability

  • k8s_1023: man-in-the-middle (MITM) attack

  • k8s_1024: worm, mining, or Trojan

  • k8s_1025: K8s event deletion

  • k8s_1026: SelfSubjectRulesReview

  • imgblock_0001: image blocking based on whitelist

  • imgblock_0002: image blocking based on blacklist

  • imgblock_0003: image tag blocking based on whitelist

  • imgblock_0004: image tag blocking based on blacklist

  • imgblock_0005: container creation blocked based on whitelist

  • imgblock_0006: container creation blocked based on blacklist

  • imgblock_0007: container mount proc

  • imgblock_0008: container seccomp unconfined

  • imgblock_0009: container privilege blocking

  • imgblock_0010: container capabilities blocking

event_id

Yes

String

Definition

Event ID.

Range

The value can contain 1 to 64 characters.

event_type

Yes

Integer

Definition

Event type.

Range

  • 1001: common malware

  • 1002: virus

  • 1003: worm

  • 1004: Trojan

  • 1005: botnet

  • 1006: backdoor

  • 1010: rootkit

  • 1011: ransomware

  • 1012: hacker tool

  • 1015: web shell

  • 1016: mining

  • 1017: reverse shell

  • 2001: common vulnerability exploit

  • 2012: remote code execution

  • 2047: Redis vulnerability exploit

  • 2048: Hadoop vulnerability exploit

  • 2049: MySQL vulnerability exploit

  • 3002: file privilege escalation

  • 3003: process privilege escalation

  • 3004: critical file change

  • 3005: file/directory change

  • 3007: abnormal process behavior

  • 3015: high-risk command execution

  • 3018: abnormal shell

  • 3027: suspicious crontab task

  • 3029: system protection disabled

  • 3030: backup deletion

  • 3031: suspicious registry operations

  • 3036: container image blocking

  • 4002: brute-force attack

  • 4004: abnormal login

  • 4006: invalid accounts

  • 4014: account added

  • 4020: password theft

  • 6002: port scan

  • 6003: server scan

  • 13001: Kubernetes event deletion

  • 13002: abnormal pod behavior

  • 13003: user information enumeration

  • 13004: cluster role binding

occur_time

Yes

Integer

Definition

Occurrence time, accurate to milliseconds

Range

The value range is 0 to 9,223,372,036,854,775,807.

operate_detail_list

Yes

Array of EventDetailRequestInfo objects

Operation details. If operate_type is set to add_to_alarm_whitelist or remove_from_alarm_whitelist, keyword and hash are mandatory. If operate_type is set to add_to_login_whitelist or remove_from_login_whitelist, login_ip, private_ip, and login_user_name are mandatory. If operate_type is set to isolate_and_kill or do_not_isolate_or_kill, agent_id, file_hash, file_path, and process_pid are mandatory. In other cases, this parameter is optional.

Table 6 EventDetailRequestInfo

Parameter

Mandatory

Type

Description

agent_id

No

String

Definition

Agent ID

Constraints

N/A

Range

The value can contain 1 to 64 characters.

Default Value

N/A

process_pid

No

Integer

Definition

Process ID.

Range

The value range is 0 to 2,147,483,647.

file_hash

No

String

Definition

File hash.

Range

The value can contain 1 to 256 characters.

file_path

No

String

Definition

File path.

Range

The value can contain 1 to 256 characters.

file_attr

No

String

Definition

File attribute.

Range

The value can contain 1 to 256 characters.

keyword

No

String

Definition

Alarm event keyword, which is used only for the alarm whitelist.

Range

The value can contain 1 to 256 characters.

hash

No

String

Definition

Alarm event hash, which is used only for the alarm whitelist.

Range

The value can contain 1 to 256 characters.

private_ip

No

String

Definition

Server private IP address.

Range

The value can contain 1 to 128 characters.

login_ip

No

String

Definition

Login source IP address.

Range

The value can contain 1 to 256 characters.

login_user_name

No

String

Definition

Login username.

Range

The value can contain 1 to 256 characters.

container_id

No

String

Container ID

container_name

No

String

Container name

Table 7 EventWhiteRuleListRequestInfo

Parameter

Mandatory

Type

Description

event_type

Yes

Integer

Definition

Event type.

Range

  • 1001: common malware

  • 1002: virus

  • 1003: worm

  • 1004: Trojan

  • 1005: botnet

  • 1006: backdoor

  • 1010: rootkit

  • 1011: ransomware

  • 1012: hacker tool

  • 1015: web shell

  • 1016: mining

  • 1017: reverse shell

  • 2001: common vulnerability exploit

  • 2012: remote code execution

  • 2047: Redis vulnerability exploit

  • 2048: Hadoop vulnerability exploit

  • 2049: MySQL vulnerability exploit

  • 3002: file privilege escalation

  • 3003: process privilege escalation

  • 3004: critical file change

  • 3005: file/directory change

  • 3007: abnormal process behavior

  • 3015: high-risk command execution

  • 3018: abnormal shell

  • 3027: suspicious crontab task

  • 3029: system protection disabled

  • 3030: backup deletion

  • 3031: suspicious registry operations

  • 3036: container image blocking

  • 4002: brute-force attack

  • 4004: abnormal login

  • 4006: invalid accounts

  • 4014: account added

  • 4020: password theft

  • 6002: port scan

  • 6003: server scan

  • 13001: Kubernetes event deletion

  • 13002: abnormal pod behavior

  • 13003: user information enumeration

  • 13004: cluster role binding

field_key

Yes

String

Whitelist fields. The options are as follows:

  • "file/process hash" # process/file hash

  • "file_path"

  • "process_path"

  • "login_ip": login IP address

  • "reg_key": registry key

  • "process_cmdline": process command line

  • "username"

field_value

Yes

String

Whitelist field value

judge_type

Yes

String

Wildcard. The options are as follows:

  • "equal"

  • "contain"

Response Parameters

Status code: 200

Request succeeded.

None

Example Requests

Manually handle the intrusion alarms whose alarm event type is Rootkit and alarm event ID is 2a71e1e2-60f4-4d56-b314-2038fdc39de6.

POST https://{endpoint}/v5/{project_id}/event/operate?enterprise_project_id=xxx

{
  "operate_type" : "mark_as_handled",
  "handler" : "test",
  "operate_event_list" : [ {
    "event_class_id" : "rootkit_0001",
    "event_id" : "2a71e1e2-60f4-4d56-b314-2038fdc39de6",
    "occur_time" : 1672046760353,
    "event_type" : 1010,
    "operate_detail_list" : [ {
      "agent_id" : "c9bed5397db449ebdfba15e85fcfc36accee125c68954daf5cab0528bab59bd8",
      "file_hash" : "e8b50f0b91e3dce0885ccc5902846b139d28108a0a7976c9b8d43154c5dbc44d",
      "file_path" : "/usr/test",
      "process_pid" : 3123,
      "file_attr" : 33261,
      "keyword" : "file_path=/usr/test",
      "hash" : "e8b50f0b91e3dce0885ccc5902846b139d28108a0a7976c9b8d43154c5dbc44d",
      "login_ip" : "127.0.0.1",
      "private_ip" : "127.0.0.2",
      "login_user_name" : "root",
      "container_id" : "containerid",
      "container_name" : "/test"
    } ]
  } ]
}

Example Responses

None

SDK Sample Code

The SDK sample code is as follows.

Manually handle the intrusion alarms whose alarm event type is Rootkit and alarm event ID is 2a71e1e2-60f4-4d56-b314-2038fdc39de6.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.hss.v5.region.HssRegion;
import com.huaweicloud.sdk.hss.v5.*;
import com.huaweicloud.sdk.hss.v5.model.*;

import java.util.List;
import java.util.ArrayList;

public class ChangeEventSolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");
        String projectId = "{project_id}";

        ICredential auth = new BasicCredentials()
                .withProjectId(projectId)
                .withAk(ak)
                .withSk(sk);

        HssClient client = HssClient.newBuilder()
                .withCredential(auth)
                .withRegion(HssRegion.valueOf("<YOUR REGION>"))
                .build();
        ChangeEventRequest request = new ChangeEventRequest();
        ChangeEventRequestInfo body = new ChangeEventRequestInfo();
        List<EventDetailRequestInfo> listOperateEventListOperateDetailList = new ArrayList<>();
        listOperateEventListOperateDetailList.add(
            new EventDetailRequestInfo()
                .withAgentId("c9bed5397db449ebdfba15e85fcfc36accee125c68954daf5cab0528bab59bd8")
                .withProcessPid(3123)
                .withFileHash("e8b50f0b91e3dce0885ccc5902846b139d28108a0a7976c9b8d43154c5dbc44d")
                .withFilePath("/usr/test")
                .withFileAttr("33261")
                .withKeyword("file_path=/usr/test")
                .withHash("e8b50f0b91e3dce0885ccc5902846b139d28108a0a7976c9b8d43154c5dbc44d")
                .withPrivateIp("127.0.0.2")
                .withLoginIp("127.0.0.1")
                .withLoginUserName("root")
                .withContainerId("containerid")
                .withContainerName("/test")
        );
        List<OperateEventRequestInfo> listbodyOperateEventList = new ArrayList<>();
        listbodyOperateEventList.add(
            new OperateEventRequestInfo()
                .withEventClassId("rootkit_0001")
                .withEventId("2a71e1e2-60f4-4d56-b314-2038fdc39de6")
                .withEventType(1010)
                .withOccurTime(1672046760353L)
                .withOperateDetailList(listOperateEventListOperateDetailList)
        );
        body.withOperateEventList(listbodyOperateEventList);
        body.withHandler("test");
        body.withOperateType("mark_as_handled");
        request.withBody(body);
        try {
            ChangeEventResponse response = client.changeEvent(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}

Manually handle the intrusion alarms whose alarm event type is Rootkit and alarm event ID is 2a71e1e2-60f4-4d56-b314-2038fdc39de6.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
# coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkhss.v5.region.hss_region import HssRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkhss.v5 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]
    projectId = "{project_id}"

    credentials = BasicCredentials(ak, sk, projectId)

    client = HssClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(HssRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = ChangeEventRequest()
        listOperateDetailListOperateEventList = [
            EventDetailRequestInfo(
                agent_id="c9bed5397db449ebdfba15e85fcfc36accee125c68954daf5cab0528bab59bd8",
                process_pid=3123,
                file_hash="e8b50f0b91e3dce0885ccc5902846b139d28108a0a7976c9b8d43154c5dbc44d",
                file_path="/usr/test",
                file_attr="33261",
                keyword="file_path=/usr/test",
                hash="e8b50f0b91e3dce0885ccc5902846b139d28108a0a7976c9b8d43154c5dbc44d",
                private_ip="127.0.0.2",
                login_ip="127.0.0.1",
                login_user_name="root",
                container_id="containerid",
                container_name="/test"
            )
        ]
        listOperateEventListbody = [
            OperateEventRequestInfo(
                event_class_id="rootkit_0001",
                event_id="2a71e1e2-60f4-4d56-b314-2038fdc39de6",
                event_type=1010,
                occur_time=1672046760353,
                operate_detail_list=listOperateDetailListOperateEventList
            )
        ]
        request.body = ChangeEventRequestInfo(
            operate_event_list=listOperateEventListbody,
            handler="test",
            operate_type="mark_as_handled"
        )
        response = client.change_event(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)

Manually handle the intrusion alarms whose alarm event type is Rootkit and alarm event ID is 2a71e1e2-60f4-4d56-b314-2038fdc39de6.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    hss "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")
    projectId := "{project_id}"

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        WithProjectId(projectId).
        Build()

    client := hss.NewHssClient(
        hss.HssClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.ChangeEventRequest{}
	agentIdOperateDetailList:= "c9bed5397db449ebdfba15e85fcfc36accee125c68954daf5cab0528bab59bd8"
	processPidOperateDetailList:= int32(3123)
	fileHashOperateDetailList:= "e8b50f0b91e3dce0885ccc5902846b139d28108a0a7976c9b8d43154c5dbc44d"
	filePathOperateDetailList:= "/usr/test"
	fileAttrOperateDetailList:= "33261"
	keywordOperateDetailList:= "file_path=/usr/test"
	hashOperateDetailList:= "e8b50f0b91e3dce0885ccc5902846b139d28108a0a7976c9b8d43154c5dbc44d"
	privateIpOperateDetailList:= "127.0.0.2"
	loginIpOperateDetailList:= "127.0.0.1"
	loginUserNameOperateDetailList:= "root"
	containerIdOperateDetailList:= "containerid"
	containerNameOperateDetailList:= "/test"
	var listOperateDetailListOperateEventList = []model.EventDetailRequestInfo{
        {
            AgentId: &agentIdOperateDetailList,
            ProcessPid: &processPidOperateDetailList,
            FileHash: &fileHashOperateDetailList,
            FilePath: &filePathOperateDetailList,
            FileAttr: &fileAttrOperateDetailList,
            Keyword: &keywordOperateDetailList,
            Hash: &hashOperateDetailList,
            PrivateIp: &privateIpOperateDetailList,
            LoginIp: &loginIpOperateDetailList,
            LoginUserName: &loginUserNameOperateDetailList,
            ContainerId: &containerIdOperateDetailList,
            ContainerName: &containerNameOperateDetailList,
        },
    }
	var listOperateEventListbody = []model.OperateEventRequestInfo{
        {
            EventClassId: "rootkit_0001",
            EventId: "2a71e1e2-60f4-4d56-b314-2038fdc39de6",
            EventType: int32(1010),
            OccurTime: int64(1672046760353),
            OperateDetailList: listOperateDetailListOperateEventList,
        },
    }
	handlerChangeEventRequestInfo:= "test"
	request.Body = &model.ChangeEventRequestInfo{
		OperateEventList: listOperateEventListbody,
		Handler: &handlerChangeEventRequestInfo,
		OperateType: "mark_as_handled",
	}
	response, err := client.ChangeEvent(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

For SDK sample code of more programming languages, see the Sample Code tab in API Explorer. SDK sample code can be automatically generated.

Status Codes

Status Code

Description

200

Request succeeded.

400

Invalid parameter.

401

Authentication failed.

403

Insufficient permission.

404

Resource not found.

500

System error.

Error Codes

See Error Codes.