文档首页/ 安全云脑 SecMaster/ API参考/ API/ 威胁情报管理/ 查询威胁情报列表
更新时间:2024-12-13 GMT+08:00
在线调试
CLI示例
查看PDF
分享

查询威胁情报列表

功能介绍

查询威胁情报列表

调用方法

请参见如何调用API

URI

POST /v1/{project_id}/workspaces/{workspace_id}/soc/indicators/search

表1 路径参数

参数

是否必选

参数类型

描述

project_id

String

项目ID

workspace_id

String

工作空间ID

请求参数

表2 请求Header参数

参数

是否必选

参数类型

描述

X-Auth-Token

String

租户的Token

content-type

String

application/json;charset=UTF-8
表3 请求Body参数

参数

是否必选

参数类型

描述

ids

Array of strings

威胁情报ID列表

dataclass_id

String

数据类ID

condition

condition object

搜索条件表达式

offset

Integer

request offset, from 0

limit

Integer

request limit size

sort_by

String

sort by property, create_time.

from_date

String

查询起始时间,例如:2024-01-20T00:00:00.000Z+0800

to_date

String

查询截止时间,例如:2024-01-26T23:59:59.999Z+0800
表4 condition

参数

是否必选

参数类型

描述

conditions

Array of conditions objects

表达式列表

logics

Array of strings

表达式名称列表
表5 conditions

参数

是否必选

参数类型

描述

name

String

表达式名称

data

Array of strings

表达式内容列表

响应参数

状态码: 200

表6 响应Header参数

参数

参数类型

描述

X-request-id

String

请求ID,格式为:request_uuid-timestamp-hostname.
表7 响应Body参数

参数

参数类型

描述

code

String

错误码

message

String

错误信息

total

Integer

总数

data

Array of IndicatorDetail objects

指标列表数据
表8 IndicatorDetail

参数

参数类型

描述

id

String

威胁情报ID

name

String

威胁情报名称

data_object

IndicatorDataObjectDetail object

情报详情

workspace_id

String

工作空间ID

project_id

String

项目ID

dataclass_ref

DataClassRefPojo object

数据类对象信息

create_time

String

创建时间

update_time

String

更新时间
表9 IndicatorDataObjectDetail

参数

参数类型

描述

indicator_type

indicator_type object

情报类型对象

value

String

值,如:ip url domain等

update_time

String

更新时间

create_time

String

创建时间

environment

environment object

环境信息

data_source

data_source object

数据源信息

first_report_time

String

首次发生时间

is_deleted

Boolean

是否删除

last_report_time

String

最近发生时间

granular_marking

Integer

粒度(保密等级),由高到低:1(首次发现)、2(自产数据)、3(需购买)、4(外网直接查询)

name

String

名称

id

String

威胁情报ID

project_id

String

项目ID

revoked

Boolean

是否作废

status

String

状态, Open--打开,Closed--关闭, Revoked--作废

verdict

String

威胁度, Black--黑,White--白,Gray--灰

workspace_id

String

工作空间ID

confidence

Integer

置信度,取值范围是80-100
表10 indicator_type

参数

参数类型

描述

indicator_type

String

情报类型

id

String

情报类型ID
表11 environment

参数

参数类型

描述

vendor_type

String

环境供应商

domain_id

String

租户ID

region_id

String

区域ID

project_id

String

项目ID
表12 data_source

参数

参数类型

描述

source_type

Integer

数据源类型,取值范围如下:1 - 云上产品 2 - 第三方产品 3 - 租户私有产品

domain_id

String

租户ID

project_id

String

项目ID

region_id

String

区域ID
表13 DataClassRefPojo

参数

参数类型

描述

id

String

数据类ID

name

String

数据类名称

状态码: 400

表14 响应Header参数

参数

参数类型

描述

X-request-id

String

请求ID,格式为:request_uuid-timestamp-hostname
表15 响应Body参数

参数

参数类型

描述

code

String

错误码

message

String

错误描述

请求示例

查询id为id1、id2,名称为威胁情报名称,类型为DATA_SOURCE,数据类id为28f61af50fc9452aa0ed5ea25c3cc3d3的威胁情报列表,偏移量为0,查询上限10条,根据create_time排序

{
  "ids" : [ "id1", "id2" ],
  "dataclass_id" : "28f61af50fc9452aa0ed5ea25c3cc3d3",
  "condition" : {
    "conditions" : [ {
      "name" : "name",
      "data" : [ "name", "=", "威胁情报名称" ]
    } ],
    "logics" : [ "title" ]
  },
  "offset" : 0,
  "limit" : 10,
  "sort_by" : "create_time",
  "from_date" : "2024-01-20T00:00:00.000Z+0800",
  "to_date" : "2024-01-26T23:59:59.999Z+0800"
}

响应示例

状态码: 200

请求成功响应信息

{
  "code" : "00000000",
  "data" : [ {
    "create_time" : "2023-07-24T20:54:19Z+0800",
    "data_object" : {
      "indicator_type" : {
        "indicator_type" : "ipv6",
        "id" : "ac794b2dfab9fe8c0676587301a636d3"
      },
      "revoked" : false,
      "workspace_id" : "d5baeef8-3e75-4e91-9826-fb208ac58987",
      "update_time" : "2023-07-24T20:54:19.038Z+0800",
      "project_id" : "15645222e8744afa985c93dab6341da6",
      "first_report_time" : "2023-07-31T20:54:12.000Z+0800",
      "id" : "ff61d1f8-0de4-4077-9e9b-e312f6829c6d",
      "granular_marking" : 1,
      "value" : "{}",
      "create_time" : "2023-07-24T20:54:19.038Z+0800",
      "confidence" : 80,
      "last_report_time" : "2023-07-25T20:54:15.000Z+0800",
      "data_source" : {
        "domain_id" : "ac7438b990ef4a37b741004eb45e8bf4",
        "project_id" : "15645222e8744afa985c93dab6341da6",
        "region_id" : "cn-XXX-7",
        "source_type" : 1
      },
      "environment" : {
        "domain_id" : "ac7438b990ef4a37b741004eb45e8bf4",
        "project_id" : "15645222e8744afa985c93dab6341da6",
        "region_id" : "cn-xxx-7",
        "vendor_type" : "xxx"
      },
      "verdict" : "Black",
      "name" : "test",
      "status" : "Open"
    },
    "dataclass_ref" : {
      "id" : "97ccf890-7480-31f6-a961-cf8da1f2f040",
      "name" : "name"
    },
    "id" : "ff61d1f8-0de4-4077-9e9b-e312f6829c6d",
    "update_time" : "2023-07-24T20:54:19Z+0800"
  } ],
  "message" : "",
  "total" : 2
}

SDK代码示例

SDK代码示例如下。

Java

查询id为id1、id2,名称为威胁情报名称,类型为DATA_SOURCE,数据类id为28f61af50fc9452aa0ed5ea25c3cc3d3的威胁情报列表,偏移量为0,查询上限10条,根据create_time排序

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
 
package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.secmaster.v2.region.SecMasterRegion;
import com.huaweicloud.sdk.secmaster.v2.*;
import com.huaweicloud.sdk.secmaster.v2.model.*;

import java.util.List;
import java.util.ArrayList;

public class ListIndicatorsSolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");
        String projectId = "{project_id}";

        ICredential auth = new BasicCredentials()
                .withProjectId(projectId)
                .withAk(ak)
                .withSk(sk);

        SecMasterClient client = SecMasterClient.newBuilder()
                .withCredential(auth)
                .withRegion(SecMasterRegion.valueOf("<YOUR REGION>"))
                .build();
        ListIndicatorsRequest request = new ListIndicatorsRequest();
        request.withWorkspaceId("{workspace_id}");
        IndicatorListSearchRequest body = new IndicatorListSearchRequest();
        List<String> listConditionLogics = new ArrayList<>();
        listConditionLogics.add("title");
        List<String> listConditionsData = new ArrayList<>();
        listConditionsData.add("name");
        listConditionsData.add("=");
        listConditionsData.add("威胁情报名称");
        List<IndicatorListSearchRequestConditionConditions> listConditionConditions = new ArrayList<>();
        listConditionConditions.add(
            new IndicatorListSearchRequestConditionConditions()
                .withName("name")
                .withData(listConditionsData)
        );
        IndicatorListSearchRequestCondition conditionbody = new IndicatorListSearchRequestCondition();
        conditionbody.withConditions(listConditionConditions)
            .withLogics(listConditionLogics);
        List<String> listbodyIds = new ArrayList<>();
        listbodyIds.add("id1");
        listbodyIds.add("id2");
        body.withToDate("2024-01-26T23:59:59.999Z+0800");
        body.withFromDate("2024-01-20T00:00:00.000Z+0800");
        body.withSortBy("create_time");
        body.withLimit(10);
        body.withOffset(0);
        body.withCondition(conditionbody);
        body.withDataclassId("28f61af50fc9452aa0ed5ea25c3cc3d3");
        body.withIds(listbodyIds);
        request.withBody(body);
        try {
            ListIndicatorsResponse response = client.listIndicators(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}

Python

查询id为id1、id2,名称为威胁情报名称,类型为DATA_SOURCE,数据类id为28f61af50fc9452aa0ed5ea25c3cc3d3的威胁情报列表,偏移量为0,查询上限10条,根据create_time排序

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
 
# coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdksecmaster.v2.region.secmaster_region import SecMasterRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdksecmaster.v2 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]
    projectId = "{project_id}"

    credentials = BasicCredentials(ak, sk, projectId)

    client = SecMasterClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(SecMasterRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = ListIndicatorsRequest()
        request.workspace_id = "{workspace_id}"
        listLogicsCondition = [
            "title"
        ]
        listDataConditions = [
            "name",
            "=",
            "威胁情报名称"
        ]
        listConditionsCondition = [
            IndicatorListSearchRequestConditionConditions(
                name="name",
                data=listDataConditions
            )
        ]
        conditionbody = IndicatorListSearchRequestCondition(
            conditions=listConditionsCondition,
            logics=listLogicsCondition
        )
        listIdsbody = [
            "id1",
            "id2"
        ]
        request.body = IndicatorListSearchRequest(
            to_date="2024-01-26T23:59:59.999Z+0800",
            from_date="2024-01-20T00:00:00.000Z+0800",
            sort_by="create_time",
            limit=10,
            offset=0,
            condition=conditionbody,
            dataclass_id="28f61af50fc9452aa0ed5ea25c3cc3d3",
            ids=listIdsbody
        )
        response = client.list_indicators(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)

Go

查询id为id1、id2,名称为威胁情报名称,类型为DATA_SOURCE,数据类id为28f61af50fc9452aa0ed5ea25c3cc3d3的威胁情报列表,偏移量为0,查询上限10条,根据create_time排序

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
 
package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    secmaster "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/secmaster/v2"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/secmaster/v2/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/secmaster/v2/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")
    projectId := "{project_id}"

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        WithProjectId(projectId).
        Build()

    client := secmaster.NewSecMasterClient(
        secmaster.SecMasterClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.ListIndicatorsRequest{}
	request.WorkspaceId = "{workspace_id}"
	var listLogicsCondition = []string{
        "title",
    }
	var listDataConditions = []string{
        "name",
	    "=",
	    "威胁情报名称",
    }
	nameConditions:= "name"
	var listConditionsCondition = []model.IndicatorListSearchRequestConditionConditions{
        {
            Name: &nameConditions,
            Data: &listDataConditions,
        },
    }
	conditionbody := &model.IndicatorListSearchRequestCondition{
		Conditions: &listConditionsCondition,
		Logics: &listLogicsCondition,
	}
	var listIdsbody = []string{
        "id1",
	    "id2",
    }
	toDateIndicatorListSearchRequest:= "2024-01-26T23:59:59.999Z+0800"
	fromDateIndicatorListSearchRequest:= "2024-01-20T00:00:00.000Z+0800"
	sortByIndicatorListSearchRequest:= "create_time"
	dataclassIdIndicatorListSearchRequest:= "28f61af50fc9452aa0ed5ea25c3cc3d3"
	request.Body = &model.IndicatorListSearchRequest{
		ToDate: &toDateIndicatorListSearchRequest,
		FromDate: &fromDateIndicatorListSearchRequest,
		SortBy: &sortByIndicatorListSearchRequest,
		Limit: int32(10),
		Offset: int32(0),
		Condition: conditionbody,
		DataclassId: &dataclassIdIndicatorListSearchRequest,
		Ids: &listIdsbody,
	}
	response, err := client.ListIndicators(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

更多

更多编程语言的SDK代码示例,请参见API Explorer的代码示例页签,可生成自动对应的SDK代码示例。

状态码

状态码

描述

200

请求成功响应信息

400

请求失败响应信息

错误码

请参见错误码

父主题: 威胁情报管理