文档首页/ 安全云脑 SecMaster/ API参考/ API/ 告警管理/ 告警转事件
更新时间:2024-07-22 GMT+08:00
在线调试
CLI示例
查看PDF

告警转事件

功能介绍

告警转事件

调用方法

请参见如何调用API

URI

POST /v1/{project_id}/workspaces/{workspace_id}/soc/alerts/batch-order

表1 路径参数

参数

是否必选

参数类型

描述

project_id

String

项目id

最小长度:32

最大长度:36

workspace_id

String

工作空间id

最小长度:32

最大长度:36

请求参数

表2 请求Header参数

参数

是否必选

参数类型

描述

X-Auth-Token

String

用户Token。 通过调用IAM服务获取用户Token接口获取(响应消息头中X-Subject-Token的值)

最小长度:0

最大长度:2097152

content-type

String

内容类型

缺省值:application/json;charset=UTF-8

最小长度:0

最大长度:64
表3 请求Body参数

参数

是否必选

参数类型

描述

ids

Array of strings

转事件的告警id列表

最小长度:0

最大长度:100

数组长度:0 - 999

incident_content

incident_content object

事件内容
表4 incident_content

参数

是否必选

参数类型

描述

title

String

事件名称

最小长度:0

最大长度:255

incident_type

incident_type object

事件类型
表5 incident_type

参数

是否必选

参数类型

描述

id

String

事件类型id

最小长度:0

最大长度:255

category

String

事件类型父类

最小长度:0

最大长度:255

incident_type

String

事件类型子类

最小长度:0

最大长度:255

响应参数

状态码: 200

表6 响应Header参数

参数

参数类型

描述

X-request-id

String

请求ID,格式为:request_uuid-timestamp-hostname
表7 响应Body参数

参数

参数类型

描述

code

String

错误码

最小长度:0

最大长度:64

message

String

错误信息

最小长度:0

最大长度:1024

data

BatchOperateAlertResult object

批量操作告警返回对象
表8 BatchOperateAlertResult

参数

参数类型

描述

error_ids

Array of strings

失败id

最小长度:0

最大长度:100

数组长度:0 - 100

success_ids

Array of strings

成功id

最小长度:0

最大长度:100

数组长度:0 - 100

状态码: 400

表9 响应Header参数

参数

参数类型

描述

X-request-id

String

请求ID,格式为:request_uuid-timestamp-hostname
表10 响应Body参数

参数

参数类型

描述

code

String

错误码

最小长度:0

最大长度:64

message

String

错误描述

最小长度:0

最大长度:1024

请求示例

将一条告警转为事件,告警ID为909494e3-558e-46b6-a9eb-07a8e18ca62f,事件ID为909494e3-558e-46b6-a9eb-07a8e18ca621,告警状态为已关闭,是否标记为证据为否。

{
  "ids" : [ "909494e3-558e-46b6-a9eb-07a8e18ca62f" ],
  "incident_content" : {
    "title" : "XXX",
    "incident_type" : {
      "id" : "909494e3-558e-46b6-a9eb-07a8e18ca62f",
      "category" : "DDoS攻击",
      "incident_type" : "DNS协议攻击"
    }
  }
}

响应示例

状态码: 200

告警转事件返回body体

{
  "code" : "909494e3-558e-46b6-a9eb-07a8e18ca62f",
  "message" : "Error message",
  "data" : {
    "error_ids" : [ "909494e3-558e-46b6-a9eb-07a8e18ca62f" ],
    "success_ids" : [ "909494e3-558e-46b6-a9eb-07a8e18ca62f" ]
  }
}

SDK代码示例

SDK代码示例如下。

将一条告警转为事件,告警ID为909494e3-558e-46b6-a9eb-07a8e18ca62f,事件ID为909494e3-558e-46b6-a9eb-07a8e18ca621,告警状态为已关闭,是否标记为证据为否。

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
 
package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.secmaster.v2.region.SecMasterRegion;
import com.huaweicloud.sdk.secmaster.v2.*;
import com.huaweicloud.sdk.secmaster.v2.model.*;

import java.util.List;
import java.util.ArrayList;

public class CreateBatchOrderAlertsSolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");

        ICredential auth = new BasicCredentials()
                .withAk(ak)
                .withSk(sk);

        SecMasterClient client = SecMasterClient.newBuilder()
                .withCredential(auth)
                .withRegion(SecMasterRegion.valueOf("<YOUR REGION>"))
                .build();
        CreateBatchOrderAlertsRequest request = new CreateBatchOrderAlertsRequest();
        OrderAlert body = new OrderAlert();
        OrderAlertIncidentContentIncidentType incidentTypeIncidentContent = new OrderAlertIncidentContentIncidentType();
        incidentTypeIncidentContent.withId("909494e3-558e-46b6-a9eb-07a8e18ca62f")
            .withCategory("DDoS攻击")
            .withIncidentType("DNS协议攻击");
        OrderAlertIncidentContent incidentContentbody = new OrderAlertIncidentContent();
        incidentContentbody.withTitle("XXX")
            .withIncidentType(incidentTypeIncidentContent);
        List<String> listbodyIds = new ArrayList<>();
        listbodyIds.add("909494e3-558e-46b6-a9eb-07a8e18ca62f");
        body.withIncidentContent(incidentContentbody);
        body.withIds(listbodyIds);
        request.withBody(body);
        try {
            CreateBatchOrderAlertsResponse response = client.createBatchOrderAlerts(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}

将一条告警转为事件,告警ID为909494e3-558e-46b6-a9eb-07a8e18ca62f,事件ID为909494e3-558e-46b6-a9eb-07a8e18ca621,告警状态为已关闭,是否标记为证据为否。

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
 
# coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdksecmaster.v2.region.secmaster_region import SecMasterRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdksecmaster.v2 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]

    credentials = BasicCredentials(ak, sk)

    client = SecMasterClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(SecMasterRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = CreateBatchOrderAlertsRequest()
        incidentTypeIncidentContent = OrderAlertIncidentContentIncidentType(
            id="909494e3-558e-46b6-a9eb-07a8e18ca62f",
            category="DDoS攻击",
            incident_type="DNS协议攻击"
        )
        incidentContentbody = OrderAlertIncidentContent(
            title="XXX",
            incident_type=incidentTypeIncidentContent
        )
        listIdsbody = [
            "909494e3-558e-46b6-a9eb-07a8e18ca62f"
        ]
        request.body = OrderAlert(
            incident_content=incidentContentbody,
            ids=listIdsbody
        )
        response = client.create_batch_order_alerts(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)

将一条告警转为事件,告警ID为909494e3-558e-46b6-a9eb-07a8e18ca62f,事件ID为909494e3-558e-46b6-a9eb-07a8e18ca621,告警状态为已关闭,是否标记为证据为否。

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
 
package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    secmaster "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/secmaster/v2"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/secmaster/v2/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/secmaster/v2/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        Build()

    client := secmaster.NewSecMasterClient(
        secmaster.SecMasterClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.CreateBatchOrderAlertsRequest{}
	idIncidentType:= "909494e3-558e-46b6-a9eb-07a8e18ca62f"
	categoryIncidentType:= "DDoS攻击"
	incidentTypeIncidentType:= "DNS协议攻击"
	incidentTypeIncidentContent := &model.OrderAlertIncidentContentIncidentType{
		Id: &idIncidentType,
		Category: &categoryIncidentType,
		IncidentType: &incidentTypeIncidentType,
	}
	titleIncidentContent:= "XXX"
	incidentContentbody := &model.OrderAlertIncidentContent{
		Title: &titleIncidentContent,
		IncidentType: incidentTypeIncidentContent,
	}
	var listIdsbody = []string{
        "909494e3-558e-46b6-a9eb-07a8e18ca62f",
    }
	request.Body = &model.OrderAlert{
		IncidentContent: incidentContentbody,
		Ids: &listIdsbody,
	}
	response, err := client.CreateBatchOrderAlerts(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

更多编程语言的SDK代码示例,请参见API Explorer的代码示例页签,可生成自动对应的SDK代码示例。

状态码

状态码

描述

200

告警转事件返回body体

400

告警转事件错误返回body体

错误码

请参见错误码

父主题: 告警管理