HSS
功能说明
安全云脑系统内置插件,可调用 HSS(主机安全服务)云服务接口执行操作,主要用于管理主机状态、漏洞、安全事件等HSS资源。
系统内置插件均已存在对应内置的操作连接。
查看HSS插件详情和操作连接
- 登录安全云脑 SecMaster控制台。
- 单击管理控制台左上角的
,选择区域和项目。 - 在左侧导航栏选择,并在工作空间列表中,单击目标工作空间名称,进入目标工作空间管理页面。 图1 进入目标工作空间管理页面
- 在左侧导航栏选择,进入插件管理页面。 图2 插件管理页面
- 在插件管理页面,选择华为云目录下的HSS,默认进入插件“详情”页签。详情页签展示插件已关联操作连接的登录凭证信息。
- 单击HSS插件的“操作连接”页签,进入操作连接页面,可查看插件已关联的操作连接信息。
- 若用户需编辑或删除操作连接,可参见编辑操作连接、删除操作连接。新增插件操作连接可参见新增操作连接,一个插件可存在多个操作连接。
插件执行函数listHostStatus说明
- 函数listHostStatus参数说明:介绍函数的输入参数和输出参数。
- 函数listHostStatus输出示例:给出函数的输出示例。
函数listHostStatus参数说明
函数功能:调用 HSS(主机安全服务)云服务接口,列出主机状态信息,支持大量过滤参数。
| 参数名称 | 参数类型 | 参数描述 | 是否必填 |
|---|---|---|---|
| host_id | string | 主机ID | 否 |
| offset | string | 偏移量 | 否 |
| limit | string | 每页显示数量 | 否 |
| enterprise_project_id | string | 企业项目ID | 否 |
| agent_status | string | Agent状态 | 否 |
| host_name | string | 主机名称 | 否 |
| host_status | string | 主机状态:ACTIVE(运行中)、SHUTOFF(关机)、BUILDING(创建中)、ERROR(故障) | 否 |
| os_type | string | 操作系统类型:Linux、Windows | 否 |
| private_ip | string | 私有IP地址 | 否 |
| public_ip | string | 公网IP地址 | 否 |
| detect_result | string | 云主机安全检测结果 | 否 |
| ip_addr | string | 公网或私网IP | 否 |
| protect_status | string | 防护状态 | 否 |
| group_id | string | 服务器组ID | 否 |
| group_name | string | 服务器组名称 | 否 |
| vpc_id | string | VPC ID | 否 |
| has_intrusion | string | 存在告警事件 | 否 |
| has_vul | string | 存在漏洞风险 | 否 |
| has_baseline | string | 存在基线风险 | 否 |
| sort_key | string | 排序的key值,目前只支持按照 recent_scan_time排序,按照 recent_scan_time排序时,根据 sort_dir的值决定升序还是降序 | 否 |
| sort_dir | string | 排序方式,默认为降序,当 sort_key为按照 recent_scan_time排序时,根据当前值决定升序还是降序,当 sort_key为其他值时均为降序 | 否 |
| policy_group_id | string | policy_group_id参数 | 否 |
| policy_group_name | string | policy_group_name参数 | 否 |
| charging_mode | string | charging_mode参数 | 否 |
| refresh | string | 是否强制从ECS同步主机 | 否 |
| get_common_login_locations | string | get_common_login_locations参数 | 否 |
| above_version | string | 是否返回比当前版本高的所有版本 | 否 |
| outside_host | string | 是否华为云主机 | 否 |
| asset_value | string | 资产重要性,包含如下3种:
| 否 |
| label | string | label参数 | 否 |
| server_group | string | 下发任务的主机组列表 | 否 |
| agent_upgradable | string | agent_upgradable参数 | 否 |
| install_mode | string | 是否安装模式场景 | 否 |
| binding_key | string | 是否绑定DEW密钥 | 否 |
| protect_interrupt | string | 诱饵防护失败的目录(仅部分诱饵部署失败状态有值) | 否 |
| incluster | string | 是否集群内节点 | 否 |
| protect_degradation | string | protect_degradation参数 | 否 |
| cluster_id | string | cluster_id参数 | 否 |
| resultVariable | Object | 出参过滤参数,{"新的字段名称1":"$(代表原全量返回参数).xxx(全量返回参数的下一级)或{xxx1,xxx2}",{"新的字段名称2":...}...},例:{"alert_id":"$.body.data.id"} 或者{"alert":"$.body.data{id,name}"} | 否 |
| 参数名称 | 参数类型 | 参数描述 |
|---|---|---|
| headers | Object | 调用HSS接口返回的响应结果的headers,包含请求和响应的基本信息,如请求时间、响应服务、请求Id等信息。 |
| code | Int | 状态码,表明请求是否成功。 “code”取值示例说明:
|
| body | Object | 接口返回的具体内容。 |
函数listHostStatus输出示例
{
"headers": {
"Transfer-Encoding": "chunked",
"Server": "api-gateway",
"X-Request-Id": "86c1a4653fadf6cc0ab4acc6baed323d",
"X-Content-Type-Options": "nosniff",
"Connection": "keep-alive",
"X-Download-Options": "noopen",
"Date": "Mon, 25 May 2026 07:52:28 GMT",
"X-Frame-Options": "SAMEORIGIN",
"Strict-Transport-Security": "max-age=31536000; includeSubdomains;",
"Cache-Control": "no-cache, no-store, max-age=0, must-revalidate",
"Set-Cookie": "JSESSIONID=7A398C2C40223D1A28FB712C87A95C40; Path=/hss; Secure; HttpOnly",
"X-XSS-Protection": "1; mode=block;",
"Content-Type": "application/json; charset=UTF-8"
},
"code": 200,
"body": {
"data_list": [
{
"host_sources": "ecs",
"agent_update_time": 1776670824120,
"public_ip": "124.71.xxx.0",
"agent_id": "ed8bafxxx938a69306f3b44ae69812xxxxx17481639ea159cd1845805c700",
"charging_mode": "packet_cycle",
"enterprise_project_name": "default",
"vpc_id": "315xxxf2-a174-4ddc-bcc0-e44xxxxe1f3",
"open_time": 1776670861034,
"auto_open_version": "hss,hss-pc,ces",
"private_ip": "192.xxx.21.153",
"policy_group_id": "fe192900-d3e6-4a86-ab28-501xxxxa38949",
"mode": "default",
"upgradable": false,
"agent_status": "online",
"ransom_protection_status": "opened",
"os_bit": "64",
"protect_interrupt": false,
"protect_status": "opened",
"two_factor_auth": false,
"outside_host": false,
"detect_result": "risk",
"os_version": "10.0.2xxx8.2",
"service_provider_name": "",
"vulnerability": 3,
"baseline": 7,
"wtp_protect_status": "closed",
"host_status": "ACTIVE",
"version": "hss.version.premium",
"host_id": "eda720c2-e690-42f5-be13-b12xxxx9900",
"policy_group_name": "tenant_windows_premium_default_policy_group(default)",
"agent_version": "4.0.34",
"enterprise_project_id": "0",
"intrusion": 10,
"kernel_version": "10.0.2xxx48.2",
"os_type": "Windows",
"asset_value": "common",
"container_type": 0,
"os_name": "Windows Server 2022",
"resource_id": "d4758bae-16cd-4c2d-bd5b-8cxxxx43640",
"asset": 0,
"agent_create_time": 1776670725830,
"host_name": "ecs-495011-攻防测试专用"
}
],
"total_num": 1
}
} 插件执行函数changeVulStatus说明
- 函数changeVulStatus参数说明:介绍函数的输入参数和输出参数。
- 函数changeVulStatus输出示例:给出函数的输出示例。
函数changeVulStatus参数说明
函数功能:调用 HSS(主机安全服务)云服务接口,更改漏洞状态(忽略/取消忽略)。
| 参数名称 | 参数类型 | 参数描述 | 是否必填 |
|---|---|---|---|
| operateType | String | 处置操作类型,包含如下:
| 是 |
| vulID | String | 漏洞ID | 是 |
| hostIdList | String | 主机ID列表,需要进行操作的主机列表 | 是 |
| agency_type | String | 多账号统一适配参数,使用默认值即可。 | 否 |
| 参数名称 | 参数类型 | 参数描述 |
|---|---|---|
| headers | Object | 调用HSS接口返回的响应结果的headers,包含请求和响应的基本信息,如请求时间、响应服务、请求Id等信息。 |
| code | Int | 状态码,表明请求是否成功。 “code”取值示例说明:
|
| body | Object | 接口返回的具体内容。 |
函数changeVulStatus输出示例
{
"headers": {
"Transfer-Encoding": "chunked",
"Server": "api-gateway",
"X-Request-Id": "101a8a4a46892d9ad8e284805333a8b7",
"X-Content-Type-Options": "nosniff",
"Connection": "keep-alive",
"X-Download-Options": "noopen",
"Date": "Wed, 29 Apr 2026 09:30:12 GMT",
"X-Frame-Options": "SAMEORIGIN",
"Strict-Transport-Security": "max-age=31536000; includeSubdomains;",
"Cache-Control": "no-cache, no-store, max-age=0, must-revalidate",
"Set-Cookie": "JSESSIONID=5E4B3254xxxxE1965F2D6422ACD; Path=/hss; Secure; HttpOnly",
"Vary": "Origin, Access-Control-Request-Method, Access-Control-Request-Headers",
"X-XSS-Protection": "1; mode=block;",
"Content-Type": "application/json; charset=utf-8"
},
"code": 200,
"body": {}
} 插件执行函数listVulnerabilities说明
- 函数listVulnerabilities参数说明:介绍函数的输入参数和输出参数。
- 函数listVulnerabilities输出示例:给出函数的输出示例。
函数listVulnerabilities参数说明
函数功能:调用 HSS(主机安全服务)云服务接口,列出漏洞信息。
| 参数名称 | 参数类型 | 参数描述 | 是否必填 |
|---|---|---|---|
| type | String | 漏洞类型 | 否 |
| vulID | String | 漏洞ID | 否 |
| limit | String | 每页显示个数,取值范围10-200 | 否 |
| page | String | 页码,查询第几页的数据 | 否 |
| enterprise_project_id | string | 企业项目ID,用于过滤不同企业项目下的资产。查询所有企业项目传参"all_granted_eps" | 否 |
| vul_name | string | 漏洞名称,字符长度0-256位 | 否 |
| repair_priority | string | 漏洞修复优先级:Critical(紧急)、High(高)、Medium(中)、Low(低) | 否 |
| handle_status | string | 漏洞处置状态:unhandled(未处理)、handled(已处理) | 否 |
| label_list | string | 漏洞标签,字符长度0-128位 | 否 |
| status | string | 漏洞状态:
| 否 |
| asset_value | string | 存在漏洞主机的资产重要性:important(重要资产)、common(一般资产)、test(测试资产) | 否 |
| group_name | string | 存在漏洞主机的所属服务器组名称,字符长度0-256位 | 否 |
| 参数名称 | 参数类型 | 参数描述 |
|---|---|---|
| headers | Object | 调用HSS接口返回的响应结果的headers,包含请求和响应的基本信息,如请求时间、响应服务、请求Id等信息。 |
| code | Int | 状态码,表明请求是否成功。 “code”取值示例说明:
|
| body | Object | 接口返回的具体内容。 |
函数listVulnerabilities输出示例
{
"headers": {
"Transfer-Encoding": "chunked",
"Server": "api-gateway",
"X-Request-Id": "030d5594846a7c3786652c7fbbbc9e9a",
"X-Content-Type-Options": "nosniff",
"Connection": "keep-alive",
"X-Download-Options": "noopen",
"Date": "Wed, 29 Apr 2026 09:30:12 GMT",
"X-Frame-Options": "SAMEORIGIN",
"Strict-Transport-Security": "max-age=31536000; includeSubdomains;",
"Cache-Control": "no-cache, no-store, max-age=0, must-revalidate",
"Set-Cookie": "JSESSIONID=55FA148134245FC5BC7355B31A794479; Path=/hss; Secure; HttpOnly",
"Vary": "Origin, Access-Control-Request-Method, Access-Control-Request-Headers",
"X-XSS-Protection": "1; mode=block;",
"Content-Type": "application/json; charset=utf-8"
},
"code": 200,
"body": {
"data_list": [
{
"vul_name": "HCE2-SA-2026-0047 An update for libarchive is now available for HCE 2.0",
"label_list": [
"Exploit Disclosed",
"Exploited In The Wild",
"POC Disclosed"
],
"description": "Security Fix(es): An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash). (CVE-2025-60753)",
"type": "linux_vul",
"severity_level": "Medium",
"solution_detail": "To upgrade the affected software",
"url": "https://repo.huaweicloud.com/hce/2.0/sa/HCE2-SA-2026-0047.xml",
"unhandle_host_num": 2,
"host_id_list": [
"d27f2d2e-5b35-4228-9533-7axxxxf893",
"eddc1821-fd72-49e3-a59d-xxxxea",
"0f4e55e3-2bdf-4224-952b-8axxxxxb4a0a"
],
"cve_list": [
{
"cve_id": "CVE-2025-60753",
"cvss": 5.5
}
],
"repair_priority": "Medium",
"vul_id": "HCE2-SA-2026-0047",
"repair_priority_list": [
{
"repair_priority": "Critical",
"host_num": 0
},
{
"repair_priority": "High",
"host_num": 0
},
{
"repair_priority": "Medium",
"host_num": 3
},
{
"repair_priority": "Low",
"host_num": 0
}
],
"host_num": 3,
"repair_necessity": "Medium",
"scan_time": 1777454641685,
"max_cvss_score": 5.5,
"hosts_num": {
"important": 0,
"common": 3,
"test": 0
}
}
],
"total_num": 1
}
} 插件执行函数listEvents说明
- 函数listEvents参数说明:介绍函数的输入参数和输出参数。
- 函数listEvents输出示例:给出函数的输出示例。
函数listEvents参数说明
函数功能:调用 HSS(主机安全服务)云服务接口,列出安全事件。
| 参数名称 | 参数类型 | 参数描述 | 是否必填 |
|---|---|---|---|
| region | string | 区域 | 是 |
| category | string | 事件类别,例如:attack、illegal、vulnerability | 是 |
| 参数名称 | 参数类型 | 参数描述 |
|---|---|---|
| headers | Object | 调用HSS接口返回的响应结果的headers,包含请求和响应的基本信息,如请求时间、响应服务、请求Id等信息。 |
| code | Int | 状态码,表明请求是否成功。 “code”取值示例说明:
|
| body | Object | 接口返回的具体内容。 |
函数listEvents输出示例
{
"headers": {
"Transfer-Encoding": "chunked",
"Server": "api-gateway",
"X-Request-Id": "67c9d44e053cbab6a18a71256f3d4bbd",
"X-Content-Type-Options": "nosniff",
"Connection": "keep-alive",
"X-Download-Options": "noopen",
"Date": "Wed, 29 Apr 2026 06:43:08 GMT",
"X-Frame-Options": "SAMEORIGIN",
"Strict-Transport-Security": "max-age=31536000; includeSubdomains;",
"Cache-Control": "no-cache, no-store, max-age=0, must-revalidate",
"Set-Cookie": "JSESSIONID=8ABA80B620119E44C607C2BE421C2556; Path=/hss; Secure; HttpOnly",
"Vary": "Origin, Access-Control-Request-Method, Access-Control-Request-Headers",
"X-XSS-Protection": "1; mode=block;",
"Content-Type": "application/json; charset=utf-8"
},
"code": 200,
"body": {
"data_list": [
{
"handle_time": 1777443489307,
"handler": "System",
"public_ip": "100.93.XX.83",
"event_count": 1,
"recommendation": "For mining software alarm events, the following suggestions are provided:\r\n1. After receiving an alarm, check whether the related file or process is normal. If yes, select the corresponding alarm event, click Handle, and select Ignore or Add to Alarm Trustlist.\r\n2. After receiving an alarm, check whether the file or process is normal. If the file or process is malicious, select the alarm event, click Handle, and select Isolate and Kill or manually clean the virus.\r\n3. If malicious programs cause data loss and you have enabled the CBR service, you can restore data from the CBR service backup.\r\n4. To prevent further intrusion, you can fix vulnerabilities on the Vulnerability Management page of HSS Risk Prevention.",
"description": "After hackers intrude, mining programs are implanted to earn profits. Such programs occupy CPU resources, affecting normal services of users and causing great harm. In addition, the program may also have a self-deleting behavior, or disguised as a system program to evade detection.\r\n\r\n",
"private_ip": "192.xx8.0.246",
"event_abstract": "The suspected mining software exists on host test-a00607964. The confidence value is Medium, the file path is /opt/Auto_test/test/sample/病毒+恶意+木马+后门+蠕虫+挖矿+黑客/挖矿软件/Xmrig-mining-virus-samples-master/newinit.sh\n",
"event_type": 1016,
"occur_time": 1777443470000,
"agent_status": "online",
"operate_accept_list": [
"do_not_isolate_or_kill"
],
"att_ck": "Impact",
"event_details": "{\"\"Confidence\"\":\"\"90\"\",\"\"Trust Level\"\":\"\"Malicious\"\",\"\"Virus Type\"\":\"\"Linux.Miner.Coinminer\"\",\"\"Malware Family\"\":\"\"Linux.Miner.Coinminer\"\",\"\"file info\"\":[{\"\"File Hash\"\":\"\"196b528e7c816ef6dc101e193bb73338e2e6c696137302f991099682e52bc910\"\",\"\"File SHA256\"\":\"\"196b528e7c816ef6dc101e193bb73338e2e6c696137302f991099682e52bc910\"\",\"\"File Path\"\":\"\"/opt/Auto_test/test/sample/病毒+恶意+木马+后门+蠕虫+挖矿+黑客/挖矿软件/Xmrig-mining-virus-samples-master/newinit.sh\"\"}],\"\"Virus Name\"\":\"\"Linux.Miner.Coinminer\"\"}",
"handle_status": "handled",
"protect_status": "opened",
"recent_time": 1777443470000,
"severity": "Critical",
"resource_info": {
"host_ip": "192.xxx.0.246",
"public_ip": "100.xx.12.83",
"os_version": "2.0",
"host_id": "d27f2d2e-5b35-4228-9533-7axxxxf893",
"agent_version": "3.2.31.B010",
"enterprise_project_id": "0",
"vm_uuid": "d27f2d2e-5b35-4228-9533-7adxxxx7f893",
"project_id": "f69081793d9e4exxxx79dcef961989",
"asset_value": "common",
"os_type": "Linux",
"os_name": "HCE",
"region_name": "cn-north-7",
"cloud_id": "",
"host_name": "test-axxx964",
"vm_name": "test-axxx7964"
},
"file_info_list": [
{
"file_path": "/opt/Auto_test/test/sample/病毒+恶意+木马+后门+蠕虫+挖矿+黑客/挖矿软件/Xmrig-mining-virus-samples-master/newinit.sh",
"file_hash": "196b528e7c816ef6dc101e193bb73338xxxx37302f991099682e52bc910",
"file_sha256": "196b528e7c816ef6dc101e193bb7333xxxxx37302f991099682e52bc910"
}
],
"confidence": 90,
"attack_phase": "actions",
"operate_detail_list": [
{
"file_path": "/opt/Auto_test/test/sample/病毒+恶意+木马+后门+蠕虫+挖矿+黑客/挖矿软件/Xmrig-mining-virus-samples-master/newinit.sh",
"agent_id": "13b6130f9cdcb12de8951593eb111axxxf8a61158f7ace46aea76",
"is_parent": false
}
],
"malware_info": {
"severity": 4,
"detect_module": "av_det",
"detect_type": "disk_scan",
"event_detail": "{\"engineResultList\":[{\"detect_engine\":\"AV_03_A\",\"malware_class\":2},{\"detect_engine\":\"AV_02_CDE\",\"malware_class\":2}]}",
"event_type": "Linux.Miner.Coinminer",
"file_hash": "196b528e7c816ef6dc101e193bb73338xxxxxx37302f991099682e52bc910",
"event_name": "Linux.Miner.Coinminer",
"module_name": "agentEventAv",
"malware_class": "malware",
"detect_time": 1752568327697,
"recent_time": 1752568327697,
"malware_family": "Linux.Miner.Coinminer"
},
"host_status": "ACTIVE",
"host_id": "d27f2d2e-5b35-4228-9533-7adxxx893",
"handle_method": "isolate_and_kill",
"event_id": "261cab5c-4393-11f1-96a5-fa163e1e766c",
"event_class_id": "av_1016",
"os_type": "Linux",
"asset_value": "common",
"attack_tag": "collapsible_host",
"event_name": "Mining",
"host_name": "test-axxx964"
}
],
"total_num": 1
}
} 插件执行函数handEvent说明
- 函数handEvent参数说明:介绍函数的输入参数和输出参数。
- 函数handEvent输出示例:给出函数的输出示例。
函数handEvent参数说明
函数功能:调用 HSS(主机安全服务)云服务接口,处理安全事件(事件处置操作)。
| 参数名称 | 参数类型 | 参数描述 | 是否必填 |
|---|---|---|---|
| operateType | string | 操作类型 | 是 |
| handler | string | 处理人 | 是 |
| eventClassID | string | 事件分类ID | 是 |
| eventID | string | 事件ID | 是 |
| occurTime | string | 发生时间 | 是 |
| eventType | string | 事件类型 | 是 |
| operateDetailList | string | 操作详情列表,JSON格式 | 是 |
| agency_type | string | 多账号统一适配参数,使用默认值即可。 | 否 |
| 参数名称 | 参数类型 | 参数描述 |
|---|---|---|
| headers | Object | 调用HSS接口返回的响应结果的headers,包含请求和响应的基本信息,如请求时间、响应服务、请求Id等信息。 |
| code | Int | 状态码,表明请求是否成功。 “code”取值示例说明:
|
| body | Object | 接口返回的具体内容。 |
函数handEvent输出示例
{
"headers": {
"Transfer-Encoding": "chunked",
"Server": "api-gateway",
"X-Request-Id": "2f1a90568708dd70223922bf7e045272",
"X-Content-Type-Options": "nosniff",
"Connection": "keep-alive",
"X-Download-Options": "noopen",
"Date": "Fri, 24 Apr 2026 01:38:18 GMT",
"X-Frame-Options": "SAMEORIGIN",
"Strict-Transport-Security": "max-age=31536000; includeSubdomains;",
"Cache-Control": "no-cache, no-store, max-age=0, must-revalidate",
"Set-Cookie": "JSESSIONID=C3BC36608xxxx80C9C1A2CF7A4; Path=/hss; Secure; HttpOnly",
"Vary": "Origin, Access-Control-Request-Method, Access-Control-Request-Headers",
"X-XSS-Protection": "1; mode=block;",
"Content-Type": "application/json; charset=utf-8"
},
"code": 200,
"body": {}
} 插件执行函数listSecurityEvents说明
- 函数listSecurityEvents参数说明:介绍函数的输入参数和输出参数。
- 函数listSecurityEvents输出示例:给出函数的输出示例。
函数listSecurityEvents参数说明
函数功能:调用 HSS(主机安全服务)云服务接口,列出安全事件详情。
| 参数名称 | 参数类型 | 参数描述 | 是否必填 |
|---|---|---|---|
| offset | string | 偏移量 | 否 |
| limit | string | 每页显示数量 | 否 |
| eventId | string | 事件ID | 否 |
| region | string | 区域ID | 是 |
| enterpriseProjectId | string | 企业项目ID | 否 |
| lastDays | string | 最近天数,查询最近多少天的数据 | 否 |
| hostName | string | 主机名称 | 否 |
| hostId | string | 主机ID | 否 |
| privateIp | string | 主机私有IP地址 | 否 |
| containerName | string | 容器名称 | 否 |
| eventTypes | string | 事件类型列表 | 否 |
| handleStatus | string | 处理状态:unhandled(未处理)、handled(已处理) | 否 |
| severity | string | 严重程度:security(安全)、low(低危)、medium(中危)、high(高危)、critical(致命) | 否 |
| category | string | 事件类别,例如:attack、illegal、vulnerability | 是 |
| beginTime | string | 查询开始时间,时间戳格式(毫秒) | 否 |
| endTime | string | 查询结束时间,时间戳格式(毫秒) | 否 |
| eventClassIds | string | 事件分类ID列表,多个ID用逗号分隔 | 否 |
| 参数名称 | 参数类型 | 参数描述 |
|---|---|---|
| headers | Object | 调用HSS接口返回的响应结果的headers,包含请求和响应的基本信息,如请求时间、响应服务、请求Id等信息。 |
| code | Int | 状态码,表明请求是否成功。 “code”取值示例说明:
|
| body | Object | 接口返回的具体内容。 |
函数listSecurityEvents输出示例
{
"headers": {
"Transfer-Encoding": "chunked",
"Server": "api-gateway",
"X-Request-Id": "67c9d44e053cbab6a18a71256f3d4bbd",
"X-Content-Type-Options": "nosniff",
"Connection": "keep-alive",
"X-Download-Options": "noopen",
"Date": "Wed, 29 Apr 2026 06:43:08 GMT",
"X-Frame-Options": "SAMEORIGIN",
"Strict-Transport-Security": "max-age=31536000; includeSubdomains;",
"Cache-Control": "no-cache, no-store, max-age=0, must-revalidate",
"Set-Cookie": "JSESSIONID=8ABA80B620119E44C607C2BE421C2556; Path=/hss; Secure; HttpOnly",
"Vary": "Origin, Access-Control-Request-Method, Access-Control-Request-Headers",
"X-XSS-Protection": "1; mode=block;",
"Content-Type": "application/json; charset=utf-8"
},
"code": 200,
"body": {
"data_list": [
{
"handle_time": 1777443489307,
"handler": "System",
"public_ip": "100.xx.12.83",
"event_count": 1,
"recommendation": "For mining software alarm events, the following suggestions are provided:\r\n1. After receiving an alarm, check whether the related file or process is normal. If yes, select the corresponding alarm event, click Handle, and select Ignore or Add to Alarm Trustlist.\r\n2. After receiving an alarm, check whether the file or process is normal. If the file or process is malicious, select the alarm event, click Handle, and select Isolate and Kill or manually clean the virus.\r\n3. If malicious programs cause data loss and you have enabled the CBR service, you can restore data from the CBR service backup.\r\n4. To prevent further intrusion, you can fix vulnerabilities on the Vulnerability Management page of HSS Risk Prevention.",
"description": "After hackers intrude, mining programs are implanted to earn profits. Such programs occupy CPU resources, affecting normal services of users and causing great harm. In addition, the program may also have a self-deleting behavior, or disguised as a system program to evade detection.\r\n\r\n",
"private_ip": "192.xx8.0.246",
"event_abstract": "The suspected mining software exists on host test-a00607964. The confidence value is Medium, the file path is /opt/Auto_test/test/sample/病毒+恶意+木马+后门+蠕虫+挖矿+黑客/挖矿软件/Xmrig-mining-virus-samples-master/newinit.sh\n",
"event_type": 1016,
"occur_time": 1777443470000,
"agent_status": "online",
"operate_accept_list": [
"do_not_isolate_or_kill"
],
"att_ck": "Impact",
"event_details": "{\"\"Confidence\"\":\"\"90\"\",\"\"Trust Level\"\":\"\"Malicious\"\",\"\"Virus Type\"\":\"\"Linux.Miner.Coinminer\"\",\"\"Malware Family\"\":\"\"Linux.Miner.Coinminer\"\",\"\"file info\"\":[{\"\"File Hash\"\":\"\"196b528e7c816ef6dc101e193bb73338e2e6c696137302f991099682e52bc910\"\",\"\"File SHA256\"\":\"\"196b528e7c816ef6dc101e193bb73338e2e6c696137302f991099682e52bc910\"\",\"\"File Path\"\":\"\"/opt/Auto_test/test/sample/病毒+恶意+木马+后门+蠕虫+挖矿+黑客/挖矿软件/Xmrig-mining-virus-samples-master/newinit.sh\"\"}],\"\"Virus Name\"\":\"\"Linux.Miner.Coinminer\"\"}",
"handle_status": "handled",
"protect_status": "opened",
"recent_time": 1777443470000,
"severity": "Critical",
"resource_info": {
"host_ip": "192.xx8.0.246",
"public_ip": "100.93.12.83",
"os_version": "2.0",
"host_id": "d27f2d2e-5b35-4228-9533-7axxxx893",
"agent_version": "3.2.31.B010",
"enterprise_project_id": "0",
"vm_uuid": "d27f2d2e-5b35-4228-9533-7ad2cxxx93",
"project_id": "f69081793d9e4ea8a2f4xxxx961989",
"asset_value": "common",
"os_type": "Linux",
"os_name": "HCE",
"region_name": "cn-north-7",
"cloud_id": "",
"host_name": "test-axxxx64",
"vm_name": "test-a0xxxx64"
},
"file_info_list": [
{
"file_path": "/opt/Auto_test/test/sample/病毒+恶意+木马+后门+蠕虫+挖矿+黑客/挖矿软件/Xmrig-mining-virus-samples-master/newinit.sh",
"file_hash": "196b528e7c816ef6dc101e193bb73338e2e6c696137302f991099682e52bc910",
"file_sha256": "196b528e7c816ef6dc101e193bb73338e2e6c696137302f991099682e52bc910"
}
],
"confidence": 90,
"attack_phase": "actions",
"operate_detail_list": [
{
"file_path": "/opt/Auto_test/test/sample/病毒+恶意+木马+后门+蠕虫+挖矿+黑客/挖矿软件/Xmrig-mining-virus-samples-master/newinit.sh",
"agent_id": "13b6130f9cdcb12de8951593eb111ab37e2812e30ef4f8a61158f7ace46aea76",
"is_parent": false
}
],
"malware_info": {
"severity": 4,
"detect_module": "av_det",
"detect_type": "disk_scan",
"event_detail": "{\"engineResultList\":[{\"detect_engine\":\"AV_03_A\",\"malware_class\":2},{\"detect_engine\":\"AV_02_CDE\",\"malware_class\":2}]}",
"event_type": "Linux.Miner.Coinminer",
"file_hash": "196b528e7c816ef6dc101e193bb7xxxxx9682e52bc910",
"event_name": "Linux.Miner.Coinminer",
"module_name": "agentEventAv",
"malware_class": "malware",
"detect_time": 1752568327697,
"recent_time": 1752568327697,
"malware_family": "Linux.Miner.Coinminer"
},
"host_status": "ACTIVE",
"host_id": "d27f2d2e-5b35-4228-9533-7ad2xxxx893",
"handle_method": "isolate_and_kill",
"event_id": "261cab5c-4393-11f1-96a5-fa163e1e766c",
"event_class_id": "av_1016",
"os_type": "Linux",
"asset_value": "common",
"attack_tag": "collapsible_host",
"event_name": "Mining",
"host_name": "test-a00607964"
}
],
"total_num": 1
}
} 插件执行函数changeEvent说明
- 函数changeEvent参数说明:介绍函数的输入参数和输出参数。
- 函数changeEvent输出示例:给出函数的输出示例。
函数changeEvent参数说明
函数功能:调用 HSS(主机安全服务)云服务接口,更改安全事件信息/状态。
| 参数名称 | 参数类型 | 参数描述 | 是否必填 |
|---|---|---|---|
| region | string | 区域ID | 是 |
| enterpriseProjectId | string | 企业项目ID | 否 |
| containerName | string | 容器名称 | 否 |
| containerId | string | 容器ID | 否 |
| operateType | string | 操作类型:ignore(忽略)、not_ignore(取消忽略)、block_ip(阻断IP)、unblock_ip(解除阻断)、isolate_file(隔离文件)、restore_file(恢复文件) | 否 |
| handler | string | 处理人账号 | 否 |
| eventClassId | string | 事件分类ID | 是 |
| eventId | string | 事件ID | 是 |
| eventType | string | 事件类型,整数类型 | 是 |
| occurTime | string | 事件发生时间,时间戳格式(毫秒) | 是 |
| operateDetailList | string | 操作详情列表,JSON格式 | 是 |
| eventWhiteRuleList | string | 事件白名单规则列表,JSON格式 | 是 |
| agency_type | string | 多账号统一适配参数,使用默认值即可。 | 否 |
| 参数名称 | 参数类型 | 参数描述 |
|---|---|---|
| headers | Object | 调用HSS接口返回的响应结果的headers,包含请求和响应的基本信息,如请求时间、响应服务、请求Id等信息。 |
| code | Int | 状态码,表明请求是否成功。 “code”取值示例说明:
|
| body | Object | 接口返回的具体内容。 |
函数changeEvent输出示例
{
"headers": {
"Transfer-Encoding": "chunked",
"Server": "api-gateway",
"X-Request-Id": "2f1a90568708dd70223922bf7e045272",
"X-Content-Type-Options": "nosniff",
"Connection": "keep-alive",
"X-Download-Options": "noopen",
"Date": "Fri, 24 Apr 2026 01:38:18 GMT",
"X-Frame-Options": "SAMEORIGIN",
"Strict-Transport-Security": "max-age=31536000; includeSubdomains;",
"Cache-Control": "no-cache, no-store, max-age=0, must-revalidate",
"Set-Cookie": "JSESSIONID=C3BC366082E2857DxxxxxxxCF7A4; Path=/hss; Secure; HttpOnly",
"Vary": "Origin, Access-Control-Request-Method, Access-Control-Request-Headers",
"X-XSS-Protection": "1; mode=block;",
"Content-Type": "application/json; charset=utf-8"
},
"code": 200,
"body": {}
} 插件执行函数getVirus说明
- 函数getVirus参数说明:介绍函数的输入参数和输出参数。
- 函数getVirus输出示例:给出函数的输出示例。
函数getVirus参数说明
函数功能:调用 HSS(主机安全服务)云服务接口,获取病毒/恶意软件信息。
| 参数名称 | 参数类型 | 参数描述 | 是否必填 |
|---|---|---|---|
| enterpriseProjectId | String | 企业项目ID,查询所有企业项目时填写:all_granted_eps | 否 |
| 参数名称 | 参数类型 | 参数描述 |
|---|---|---|
| headers | Object | 调用HSS接口返回的响应结果的headers,包含请求和响应的基本信息,如请求时间、响应服务、请求Id等信息。 |
| code | Int | 状态码,表明请求是否成功。 “code”取值示例说明:
|
| body | Object | 接口返回的具体内容。 |
函数getVirus输出示例
{
"headers": {
"Transfer-Encoding": "chunked",
"Server": "api-gateway",
"X-Request-Id": "b0c596ce0defd46122d7bf7d953a4634",
"X-Content-Type-Options": "nosniff",
"Connection": "keep-alive",
"X-Download-Options": "noopen",
"Date": "Mon, 25 May 2026 08:41:54 GMT",
"X-Frame-Options": "SAMEORIGIN",
"Strict-Transport-Security": "max-age=31536000; includeSubdomains;",
"Cache-Control": "no-cache, no-store, max-age=0, must-revalidate",
"Set-Cookie": "JSESSIONID=4F8F5DFE5FC0xxxxxxxx6992464B; Path=/hss; Secure; HttpOnly",
"Vary": "Origin, Access-Control-Request-Method, Access-Control-Request-Headers",
"X-XSS-Protection": "1; mode=block;",
"Content-Type": "application/json; charset=utf-8"
},
"code": 200,
"body": {
"enabled": true
}
} 插件执行函数killVirus说明
- 函数killVirus参数说明:介绍函数的输入参数和输出参数。
- 函数killVirus输出示例:给出函数的输出示例。
函数killVirus参数说明
函数功能:调用 HSS(主机安全服务)云服务接口,开启/关闭病毒查杀功能。
| 参数名称 | 参数类型 | 参数描述 | 是否必填 |
|---|---|---|---|
| enterpriseProjectId | string | 企业项目ID | 是 |
| enabled | string | 是否开启病毒查杀:true(开启)、false(关闭) | 是 |
| agency_type | string | 多账号统一适配参数,使用默认值即可。 | 否 |
| 参数名称 | 参数类型 | 参数描述 |
|---|---|---|
| headers | Object | 调用HSS接口返回的响应结果的headers,包含请求和响应的基本信息,如请求时间、响应服务、请求Id等信息。 |
| code | Int | 状态码,表明请求是否成功。 “code”取值示例说明:
|
| body | Object | 接口返回的具体内容。 |
函数killVirus输出示例
{
"headers": {
"Transfer-Encoding": "chunked",
"Server": "api-gateway",
"X-Request-Id": "68e1221569967b3906c1b19cba30d655",
"X-Content-Type-Options": "nosniff",
"Connection": "keep-alive",
"X-Download-Options": "noopen",
"Date": "Mon, 25 May 2026 08:49:08 GMT",
"X-Frame-Options": "SAMEORIGIN",
"Strict-Transport-Security": "max-age=31536000; includeSubdomains;",
"Cache-Control": "no-cache, no-store, max-age=0, must-revalidate",
"Set-Cookie": "JSESSIONID=4681056F655D7B7FC9F62DA11A7B0FCA; Path=/hss; Secure; HttpOnly",
"Vary": "Origin, Access-Control-Request-Method, Access-Control-Request-Headers",
"X-XSS-Protection": "1; mode=block;",
"Content-Type": "application/json; charset=utf-8"
},
"code": 200,
"body": {}
} 插件执行函数createVulnerabilityScanTask说明
- 函数createVulnerabilityScanTask参数说明:介绍函数的输入参数和输出参数。
- 函数createVulnerabilityScanTask输出示例:给出函数的输出示例。
函数createVulnerabilityScanTask参数说明
函数功能:调用 HSS(主机安全服务)云服务接口,创建漏洞扫描任务。
| 参数名称 | 参数类型 | 参数描述 | 是否必填 |
|---|---|---|---|
| manualScanType | string | 手动扫描类型:vul_scan(漏洞扫描)、baseline_scan(基线扫描) | 是 |
| batchFlag | string | 是否批量扫描:true(批量)、false(单台) | 是 |
| rangeType | string | 扫描范围类型:all_host(全部主机)、specific_host(指定主机) | 是 |
| agentIdList | string | Agent ID列表,当rangeType为specific_host时需要指定 | 否 |
| urgentVulIdList | string | 紧急漏洞ID列表 | 否 |
| agency_type | string | 多账号统一适配参数,使用默认值即可。 | 否 |
| 参数名称 | 参数类型 | 参数描述 |
|---|---|---|
| headers | Object | 调用HSS接口返回的响应结果的headers,包含请求和响应的基本信息,如请求时间、响应服务、请求Id等信息。 |
| code | Int | 状态码,表明请求是否成功。 “code”取值示例说明:
|
| body | Object | 接口返回的具体内容。 |
函数createVulnerabilityScanTask输出示例
{
"headers": {
"Transfer-Encoding": "chunked",
"Server": "api-gateway",
"X-Request-Id": "68e1221569967b3906c1b19cba30d655",
"X-Content-Type-Options": "nosniff",
"Connection": "keep-alive",
"X-Download-Options": "noopen",
"Date": "Mon, 25 May 2026 08:49:08 GMT",
"X-Frame-Options": "SAMEORIGIN",
"Strict-Transport-Security": "max-age=31536000; includeSubdomains;",
"Cache-Control": "no-cache, no-store, max-age=0, must-revalidate",
"Set-Cookie": "JSESSIONID=4681056F655D7B7FC9F62DA11A7B0FCA; Path=/hss; Secure; HttpOnly",
"Vary": "Origin, Access-Control-Request-Method, Access-Control-Request-Headers",
"X-XSS-Protection": "1; mode=block;",
"Content-Type": "application/json; charset=utf-8"
},
"code": 200,
"body": {
"task_id": "d8a12cf7-6a43-4cd6-92b4-aabf1e917"
}
} 插件执行函数listContainerNodes说明
- 函数listContainerNodes参数说明:介绍函数的输入参数和输出参数。
- 函数listContainerNodes输出示例:给出函数的输出示例。
函数listContainerNodes参数说明
函数功能:调用 HSS(主机安全服务)云服务接口,列出容器节点。
| 参数名称 | 参数类型 | 参数描述 | 是否必填 |
|---|---|---|---|
| offset | string | 偏移量 | 否 |
| region | string | 区域ID | 否 |
| enterpriseProjectId | string | 企业项目ID | 否 |
| limit | string | 每页显示数量 | 否 |
| hostName | string | 主机名称 | 否 |
| agentStatus | string | Agent状态:installed(已安装)、not_installed(未安装)、online(在线)、offline(离线) | 否 |
| protectStatus | string | 防护状态:closed(关闭)、opened(开启)、protection_exception(防护异常) | 否 |
| containerTags | string | 容器标签 | 否 |
| resultVariable | Object | 出参过滤参数,{"新的字段名称1":"$(代表原全量返回参数).xxx(全量返回参数的下一级)或{xxx1,xxx2}",{"新的字段名称2":...}...},例:{"alert_id":"$.body.data.id"} 或者{"alert":"$.body.data{id,name}"} | 否 |
| language | string | 查询结果的响应语言,可取值范围:zh-cn、en-us,不支持大写,不支持其他取值。 其中zh-cn表示查询结果显示语言为简体中文;en-us表示查询结果显示语言为英语。 | 否 |
| 参数名称 | 参数类型 | 参数描述 |
|---|---|---|
| headers | Object | 调用HSS接口返回的响应结果的headers,包含请求和响应的基本信息,如请求时间、响应服务、请求Id等信息。 |
| code | Int | 状态码,表明请求是否成功。 “code”取值示例说明:
|
| body | Object | 接口返回的具体内容。 |
函数listContainerNodes输出示例
{
"headers": {
"Transfer-Encoding": "chunked",
"Server": "api-gateway",
"X-Request-Id": "d7650f84626f019a9a5aac61a5b2c83a",
"X-Content-Type-Options": "nosniff",
"Connection": "keep-alive",
"X-Download-Options": "noopen",
"Date": "Mon, 25 May 2026 08:57:56 GMT",
"X-Frame-Options": "SAMEORIGIN",
"Strict-Transport-Security": "max-age=31536000; includeSubdomains;",
"Cache-Control": "no-cache, no-store, max-age=0, must-revalidate",
"Set-Cookie": "JSESSIONID=FFA239FBB538B85123AF8E52B04EFF41; Path=/hss; Secure; HttpOnly",
"Vary": "Origin, Access-Control-Request-Method, Access-Control-Request-Headers",
"X-XSS-Protection": "1; mode=block;",
"Content-Type": "application/json; charset=utf-8"
},
"code": 200,
"body": {
"data_list": [
{
"public_ip": "xx1.36.76.xx9",
"agent_id": "ce88298ff7ecXXXXXXXXX71824b06711d8b2fd7854a5cc288175785f188cf9dc0",
"group_name": "容器(所有项目)",
"enterprise_project_name": "default",
"detect_result": "undetected",
"is_container_node": true,
"auto_open_version": "hss",
"host_status": "ACTIVE",
"host_id": "005e54ce-736a-436b-b7fb-8xxxxx53fb7",
"private_ip": "192.168.0.197",
"policy_group_id": "20210330-1430-1001-1002-10xxx0000",
"policy_group_name": "default_policy_group",
"agent_status": "online",
"container_tags": "other",
"asset_value": "common",
"os_type": "Linux",
"protect_interrupt": false,
"os_name": "EulerOS",
"protect_status": "closed",
"host_name": "ecs-poc-test",
"is_trial_quota": false
}
],
"total_num": 1
}
} 插件执行函数listRansomwareProtectionNodes说明
- 函数listRansomwareProtectionNodes参数说明:介绍函数的输入参数和输出参数。
- 函数listRansomwareProtectionNodes输出示例:给出函数的输出示例。
函数listRansomwareProtectionNodes参数说明
函数功能:调用 HSS(主机安全服务)云服务接口,列出勒索软件防护节点。
| 参数名称 | 参数类型 | 参数描述 | 是否必填 |
|---|---|---|---|
| offset | string | 偏移量 | 是 |
| enterprise_project_id | string | 企业项目ID | 否 |
| limit | string | 每页显示数量 | 是 |
| host_name | string | 主机名称 | 否 |
| host_id | string | 主机ID | 否 |
| os_type | string | 操作系统类型:Linux、Windows | 否 |
| host_ip | string | 主机IP地址 | 否 |
| private_ip | string | 私有IP地址 | 否 |
| host_status | string | 主机状态:ACTIVE(运行中)、SHUTOFF(关机)、BUILDING(创建中)、ERROR(故障) | 否 |
| ransom_protection_status | string | 勒索防护状态:closed(未开启)、opened(防护中)、opening(开启中)、closing(关闭中)、protect_failed(防护失败)、protect_degraded(防护降级) | 否 |
| protect_policy_name | string | 防护策略名称 | 否 |
| policy_name | string | 策略名称 | 否 |
| policy_id | string | 策略ID | 否 |
| agent_status | string | Agent状态 | 否 |
| group_id | string | 服务器组ID | 否 |
| group_name | string | 服务器组名称 | 否 |
| last_days | string | 最近天数 | 否 |
| resultVariable | Object | 出参过滤参数,{"新的字段名称1":"$(代表原全量返回参数).xxx(全量返回参数的下一级)或{xxx1,xxx2}",{"新的字段名称2":...}...},例:{"alert_id":"$.body.data.id"} 或者{"alert":"$.body.data{id,name}"} | 否 |
| 参数名称 | 参数类型 | 参数描述 |
|---|---|---|
| headers | Object | 调用HSS接口返回的响应结果的headers,包含请求和响应的基本信息,如请求时间、响应服务、请求Id等信息。 |
| code | Int | 状态码,表明请求是否成功。 “code”取值示例说明:
|
| body | Object | 接口返回的具体内容。 |
函数listRansomwareProtectionNodes输出示例
{
"headers": {
"Transfer-Encoding": "chunked",
"Server": "api-gateway",
"X-Request-Id": "e3134584c0b749600c51b34ebf6679d6",
"X-Content-Type-Options": "nosniff",
"Connection": "keep-alive",
"X-Download-Options": "noopen",
"Date": "Mon, 25 May 2026 09:01:14 GMT",
"X-Frame-Options": "SAMEORIGIN",
"Strict-Transport-Security": "max-age=31536000; includeSubdomains;",
"Cache-Control": "no-cache, no-store, max-age=0, must-revalidate",
"Set-Cookie": "JSESSIONID=865A9AA9FD1B33DE8722444EC76E6485; Path=/hss; Secure; HttpOnly",
"Vary": "Origin, Access-Control-Request-Method, Access-Control-Request-Headers",
"X-XSS-Protection": "1; mode=block;",
"Content-Type": "application/json; charset=utf-8"
},
"code": 200,
"body": {
"data_list": [
{
"host_ip": "124.71.228.0",
"backup_policy_enabled": false,
"protect_policy_id": "dc32b365-97d7-308a-8923-52axxxxxx93",
"agent_id": "ed8bafe11a1938a69306f3b44ae69812a21fb51xxxxxxd1845805c700",
"backup_error": {
"error_code": 0
},
"host_status": "ACTIVE",
"count_protect_event": 0,
"host_id": "eda720c2-e690-42f5-be13-xxxx9900",
"private_ip": "192.xxx.21.153",
"agent_version": "4.0.34",
"enterprise_project_id": "0",
"project_id": "099706f40xxxx014b68c0527",
"host_source": "ecs",
"os_type": "Windows",
"ransom_protection_status": "opened",
"agent_status": "online",
"os_name": "Windows Server 2022",
"protect_policy_name": "tenant_windows_anti_default_policy(default)",
"protect_status": "opened",
"backup_protection_status": "closed",
"host_name": "ecs-495011-攻防测试专用"
}
],
"total_num": 1
}
} 插件执行函数listWtpProtectHost说明
- 函数listWtpProtectHost参数说明:介绍函数的输入参数和输出参数。
- 函数listWtpProtectHost输出示例:给出函数的输出示例。
函数listWtpProtectHost参数说明
函数功能:调用 HSS(主机安全服务)云服务接口,列出网页防篡改保护主机。
| 参数名称 | 参数类型 | 参数描述 | 是否必填 |
|---|---|---|---|
| offset | string | 偏移量 | 否 |
| enterprise_project_id | string | 企业项目ID | 否 |
| limit | string | 每页显示数量 | 否 |
| host_name | string | 主机名称 | 否 |
| host_id | string | 主机ID | 否 |
| os_type | string | 操作系统类型:Linux、Windows | 否 |
| private_ip | string | 私有IP地址 | 否 |
| public_ip | string | 公网IP地址 | 否 |
| agent_status | string | Agent状态 | 否 |
| wtp_status | string | 网页防篡改状态:closed(未开启)、opened(防护中)、opening(开启中)、closing(关闭中)、open_failed(防护失败) | 否 |
| group_name | string | 服务器组名称 | 否 |
| protect_status | string | 防护状态 | 否 |
| resultVariable | string | 出参过滤参数,{"新的字段名称1":"$(代表原全量返回参数).xxx(全量返回参数的下一级)或{xxx1,xxx2}",{"新的字段名称2":...}...},例:{"alert_id":"$.body.data.id"} 或者{"alert":"$.body.data{id,name}"} | 否 |
| 参数名称 | 参数类型 | 参数描述 |
|---|---|---|
| headers | Object | 调用HSS接口返回的响应结果的headers,包含请求和响应的基本信息,如请求时间、响应服务、请求Id等信息。 |
| code | Int | 状态码,表明请求是否成功。 “code”取值示例说明:
|
| body | Object | 接口返回的具体内容。 |
函数listWtpProtectHost输出示例
{
"headers": {
"Transfer-Encoding": "chunked",
"Server": "api-gateway",
"X-Request-Id": "8aa7f8b7e7197ca198d1037600d3ecfb",
"X-Content-Type-Options": "nosniff",
"Connection": "keep-alive",
"X-Download-Options": "noopen",
"Date": "Mon, 25 May 2026 09:03:22 GMT",
"X-Frame-Options": "SAMEORIGIN",
"Strict-Transport-Security": "max-age=31536000; includeSubdomains;",
"Cache-Control": "no-cache, no-store, max-age=0, must-revalidate",
"Set-Cookie": "JSESSIONID=0CD5CA1XXXXXXXX6AB301168CA3A1B; Path=/hss; Secure; HttpOnly",
"Vary": "Origin, Access-Control-Request-Method, Access-Control-Request-Headers",
"X-XSS-Protection": "1; mode=block;",
"Content-Type": "application/json; charset=utf-8"
},
"code": 200,
"body": {
"data_list": [],
"total_num": 0
}
} 插件执行函数listOtherVulnerabilities说明
- 函数listOtherVulnerabilities参数说明:介绍函数的输入参数和输出参数。
- 函数listOtherVulnerabilities输出示例:给出函数的输出示例。
函数listOtherVulnerabilities参数说明
函数功能:调用 HSS(主机安全服务)云服务接口,列出其他类型漏洞。
| 参数名称 | 参数类型 | 参数描述 | 是否必填 |
|---|---|---|---|
| projectId | String | 项目ID | 否 |
| domainId | String | 租户ID | 否 |
| type | String | 漏洞类型 | 否 |
| vulID | String | 漏洞ID | 否 |
| limit | String | 每页显示个数 | 否 |
| page | String | 偏移量:指定返回记录的开始位置 | 否 |
| 参数名称 | 参数类型 | 参数描述 |
|---|---|---|
| headers | Object | 调用HSS接口返回的响应结果的headers,包含请求和响应的基本信息,如请求时间、响应服务、请求Id等信息。 |
| code | Int | 状态码,表明请求是否成功。 “code”取值示例说明:
|
| body | Object | 接口返回的具体内容。 |
函数listOtherVulnerabilities输出示例
{
"headers": {
"Transfer-Encoding": "chunked",
"Server": "api-gateway",
"X-Request-Id": "030d5594846a7c3786652c7fbbbc9e9a",
"X-Content-Type-Options": "nosniff",
"Connection": "keep-alive",
"X-Download-Options": "noopen",
"Date": "Wed, 29 Apr 2026 09:30:12 GMT",
"X-Frame-Options": "SAMEORIGIN",
"Strict-Transport-Security": "max-age=31536000; includeSubdomains;",
"Cache-Control": "no-cache, no-store, max-age=0, must-revalidate",
"Set-Cookie": "JSESSIONID=55FA148134XXXXXXXXX794479; Path=/hss; Secure; HttpOnly",
"Vary": "Origin, Access-Control-Request-Method, Access-Control-Request-Headers",
"X-XSS-Protection": "1; mode=block;",
"Content-Type": "application/json; charset=utf-8"
},
"code": 200,
"body": {
"data_list": [
{
"vul_name": "HCE2-SA-2026-0047 An update for libarchive is now available for HCE 2.0",
"label_list": [
"Exploit Disclosed",
"Exploited In The Wild",
"POC Disclosed"
],
"description": "Security Fix(es): An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash). (CVE-2025-60753)",
"type": "linux_vul",
"severity_level": "Medium",
"solution_detail": "To upgrade the affected software",
"url": "https://repo.huaweicloud.com/hce/2.0/sa/HCE2-SA-2026-0047.xml",
"unhandle_host_num": 2,
"host_id_list": [
"d27f2d2e-5b35-4228-9533-7adxxxxxf893",
"eddc1821-fd72-49e3-a59d-26xxxxx8ea",
"0f4e55e3-2bdf-4224-952b-8axxxxxx4a0a"
],
"cve_list": [
{
"cve_id": "CVE-2025-60753",
"cvss": 5.5
}
],
"repair_priority": "Medium",
"vul_id": "HCE2-SA-2026-0047",
"repair_priority_list": [
{
"repair_priority": "Critical",
"host_num": 0
},
{
"repair_priority": "High",
"host_num": 0
},
{
"repair_priority": "Medium",
"host_num": 3
},
{
"repair_priority": "Low",
"host_num": 0
}
],
"host_num": 3,
"repair_necessity": "Medium",
"scan_time": 1777454641685,
"max_cvss_score": 5.5,
"hosts_num": {
"important": 0,
"common": 3,
"test": 0
}
}
],
"total_num": 1
}
} 插件执行函数changeOtherVulStatus说明
- 函数changeOtherVulStatus参数说明:介绍函数的输入参数和输出参数。
- 函数changeOtherVulStatus输出示例:给出函数的输出示例。
函数changeOtherVulStatus参数说明
函数功能:调用 HSS(主机安全服务)云服务接口,更改其他类型漏洞的状态。
| 参数名称 | 参数类型 | 参数描述 | 是否必填 |
|---|---|---|---|
| operateType | String | 处置操作类型:ignore(忽略)、not_ignore(取消忽略)、immediate_repair(修复)、manual_repair(人工修复)、verify(验证) | 是 |
| vulID | String | 漏洞ID | 是 |
| hostIdList | String | 主机ID列表,需要进行操作的主机列表 | 是 |
| projectId | String | 项目ID | 否 |
| domainId | String | 租户ID | 否 |
| agency_type | String | 多账号统一适配参数,使用默认值即可。 | 否 |
| 参数名称 | 参数类型 | 参数描述 |
|---|---|---|
| headers | Object | 调用HSS接口返回的响应结果的headers,包含请求和响应的基本信息,如请求时间、响应服务、请求Id等信息。 |
| code | Int | 状态码,表明请求是否成功。 “code”取值示例说明:
|
| body | Object | 接口返回的具体内容。 |
函数changeOtherVulStatus输出示例
{
"headers": {
"Transfer-Encoding": "chunked",
"Server": "api-gateway",
"X-Request-Id": "101a8a4a46892d9ad8e284805333a8b7",
"X-Content-Type-Options": "nosniff",
"Connection": "keep-alive",
"X-Download-Options": "noopen",
"Date": "Wed, 29 Apr 2026 09:30:12 GMT",
"X-Frame-Options": "SAMEORIGIN",
"Strict-Transport-Security": "max-age=31536000; includeSubdomains;",
"Cache-Control": "no-cache, no-store, max-age=0, must-revalidate",
"Set-Cookie": "JSESSIONID=5E4B3254438AB3BCDE1965F2D6422ACD; Path=/hss; Secure; HttpOnly",
"Vary": "Origin, Access-Control-Request-Method, Access-Control-Request-Headers",
"X-XSS-Protection": "1; mode=block;",
"Content-Type": "application/json; charset=utf-8"
},
"code": 200,
"body": {}
} 插件执行函数changeCheckRuleState说明
- 函数changeCheckRuleState参数说明:介绍函数的输入参数和输出参数。
- 函数changeCheckRuleState输出示例:给出函数的输出示例。
函数changeCheckRuleState参数说明
函数功能:调用 HSS(主机安全服务)云服务接口,更改检查规则状态。
| 参数名称 | 参数类型 | 参数描述 | 是否必填 |
|---|---|---|---|
| hostId | string | 主机ID | 否 |
| enterpriseProjectId | string | 企业项目ID | 否 |
| action | string | 操作动作:ignore(忽略)、not_ignore(取消忽略)、immediate_repair(修复)、manual_repair(人工修复)、verify(验证) | 是 |
| checkName | string | 检查项名称 | 是 |
| checkRuleId | string | 检查规则ID | 是 |
| standard | string | 基线标准:hw_standard(华为标准)、cis_standard(CIS标准)、custom_standard(自定义标准) | 是 |
| agency_type | string | 多账号统一适配参数,使用默认值即可。 | 否 |
| 参数名称 | 参数类型 | 参数描述 |
|---|---|---|
| headers | Object | 调用HSS接口返回的响应结果的headers,包含请求和响应的基本信息,如请求时间、响应服务、请求Id等信息。 |
| code | Int | 状态码,表明请求是否成功。 “code”取值示例说明:
|
| body | Object | 接口返回的具体内容。 |
函数changeCheckRuleState输出示例
{
"headers": {
"Transfer-Encoding": "chunked",
"Server": "api-gateway",
"X-Request-Id": "f7e759ff25266227a1d31f5068a5b3ed",
"X-Content-Type-Options": "nosniff",
"Connection": "keep-alive",
"X-Download-Options": "noopen",
"Pragma": "no-cache",
"Date": "Mon, 25 May 2026 09:10:00 GMT",
"X-Frame-Options": "SAMEORIGIN",
"Strict-Transport-Security": "max-age=31536000; includeSubdomains;",
"Cache-Control": "no-cache, no-store, max-age=0, must-revalidate",
"X-XSS-Protection": "1; mode=block;",
"Content-Type": "application/json; charset=UTF-8"
},
"code": 200,
"body": {}
} 
