百度智能云

All Product Document

          Intrusion Detection System

          Intrusion Analysis Query Interface

          Query the Interface of Attack Source Summary Record

          Description

          • Specify startTime, endTime, attackResult, pageNo and pageSize to query the interface of attack source summary record
          • Limit on query time: endTime - startTime < = 31 days

          Request structure

          POST /v{version}/securityAudit/getAttackSource&clientToken={clientToken} HTTP/1.1
          Host: bss.bj.baidubce.com
          Authorization: authorization string

          Request header

          There are no other special headers except the public headers.

          Request parameter

          Parameter name Type Required or not Parameter position Description
          version String Yes URL parameter API version number (the current value is 2)
          startTime String Yes RequestBody parameter Start time, UTC standard time format
          endTime String Yes RequestBody parameter End time, UTC standard time format
          attackResult int Yes RequestBody parameter For the attack results to query, 0 indicates failure, 1 indicates success and 2 indicate all
          pageNo int Yes RequestBody parameter Page number to be queried
          pageSize int Yes RequestBody parameter Page size to be queried
          clientToken String Yes Query parameter Idempotence Token, for details, please see clientToken

          Return status code

          "200" for return successful and Error Code for return failed.

          Return header

          There are no other special headers except the public headers.

          Return parameter

          Parameter name Type Description
          status int Result status code
          description String Result description
          totalpage int Total page
          data list<AttackSourceSummaryModel> Summary list by attack source

          Request example

          POST /v2/securityAudit/getAttackSource&clientToken=be31b98c-5e41-4838-9830-9be700de5a20 HTTP/1.1
          HOST bss.bj.baidubce.com
          Authorization bce-auth-v1/5e5a8adf11ae475ba95f1bd38228b44f/2016-04-10T08:26:52Z/1800/host;x-bce-date/ec3c0069f9abb1e247773a62707224124b2b31b4c171133677f9042969791f02
          
          {
              "startTime": "2017-12-01T08:00:02Z",
              "endTime": "2017-12-02T08:00:02Z",
              "attackResult": 1,
              "pageSize": 10,
              "pageNo": 1,
          }

          Response example

          HTTP/1.1 200 OK
          x-bce-request-id: 946002ee-cb4f-4aad-b686-5be55df27f09
          Date: Wed, 10 Apr 2016 08:26:52 GMT
          Transfer-Encoding: chunked
          Content-Type: application/json;charset=UTF-8
          Server: BWS
          
          {
              "status": 0,
              "description": "ok",
              "totalpage": 5,
              "data": [
                  {
                      "attackSource": "1.2.3.4",
                      "attackSourceType": "",
                      "eipList": [
                                  {
                                      "instanceType": "BCC",
                                      "name": "eip-name",
                                      "eip": "180.76.1.1",
                                      "region": "bj",
                                  },
                                  ...
                      ] 
                      "domainList": ["www.a.com", "www.b.com", ...],
                      "attackTypeList": ["SQL Inject", "Access to Sensitive Files", ...], 
                      "attackCount": 100,
                      "startTime": "2017-12-01T09:00:02Z",
                      "endTime":   "2017-12-01T15:00:02Z",
                      "attackResult": 1
                  }£¬
                  {
                  ...
                  }
                  ...
              ] 
          }

          Query the Interface of the Summary Records on Attacked Assets

          Description

          • Specify startTime, endTime, attackResult, pageNo and pageSize to query the interface of attack interface summary record
          • Limit on query time: endTime - startTime <= 31 days

          Request structure

          POST /v{version}/securityAudit/getAttackTarget&clientToken={clientToken} HTTP/1.1
          Host: bss.bj.baidubce.com
          Authorization: authorization string

          Request header

          There are no other special headers except the public headers.

          Request parameter

          Parameter name Type Required or not Parameter position Description
          version String Yes URL parameter API version number (the current value is 2)
          startTime String Yes RequestBody parameter Start time, UTC standard time format
          endTime String Yes RequestBody parameter End time, UTC standard time format
          attackResult int Yes RequestBody parameter For the attack results to query, 0 indicates failure, 1 indicates success and 2 indicate all
          pageNo int Yes RequestBody parameter Page number to be queried
          pageSize int Yes RequestBody parameter Page size to be queried
          clientToken String Yes Query parameter Idempotence Token, for details, please see clientToken

          Return status code

          "200" for return successful and Error Code for return failed.

          Return header

          There are no other special headers except the public headers.

          Return parameter

          Parameter name Type Description
          status int Result status code
          description String Result description
          totalpage int Total page
          data list<AttackTargetSummaryModel> Summary list by attack source

          Request example

          POST /v2/securityAudit/getAttackTarget&clientToken=be31b98c-5e41-4838-9830-9be700de5a20 HTTP/1.1
          HOST bss.bj.baidubce.com
          Authorization bce-auth-v1/5e5a8adf11ae475ba95f1bd38228b44f/2016-04-10T08:26:52Z/1800/host;x-bce-date/ec3c0069f9abb1e247773a62707224124b2b31b4c171133677f9042969791f02
          
          {
              "startTime": "2017-12-01T08:00:02Z",
              "endTime": "2017-12-02T08:00:02Z",
              "attackResult": 1,
              "pageSize": 10,
              "pageNo": 1,
          }

          Response example

          HTTP/1.1 200 OK
          x-bce-request-id: 946002ee-cb4f-4aad-b686-5be55df27f09
          Date: Wed, 10 Apr 2016 08:26:52 GMT
          Transfer-Encoding: chunked
          Content-Type: application/json;charset=UTF-8
          Server: BWS
          
          {
              "status": 0,
              "description": "ok",
              "totalpage": 5,
              "data": [
                  {
                      "eipInfo":
                          {
                              "instanceType": "BCC",
                              "name": "eip-name",
                              "eip": "180.76.1.1",
                              "region": "bj",
                          },
                      "attackSourceList": [
                          {
                              "attackSource": "1.1.1.1",
                              "attackSourceType": ""
                          },
                          {
                              "attackSource":"1.1.1.2",
                              "attackSourceType": "CDN"
                          },
                           ...
                      ],
                      "domainList": ["www.a.com", "www.b.com", ...],
                      "attackTypeList": ["SQL Inject", "Access to Sensitive Files", ...], 
                      "attackCount": 100,
                      "startTime": "2017-12-01T09:00:02Z",
                      "endTime":   "2017-12-01T15:00:02Z",
                      "attackResult": 1
                  }£¬
                  {
                  ...
                  }
                  ...
              ] 
          }

          Customized Query of Attack Record Interface

          Description

          • The startTime, endTime, attackResult, pageNo and pageSize must be specified for customized query of the interface of attack source summary record
          • Optionally specify the query conditions for attackSource, eipList, domain, attackTypeKey and request
          • Limit on query time: endTime - startTime <= 31 days

          Request structure

          POST /v{version}/securityAudit/getCustomAttack&clientToken={clientToken} HTTP/1.1 
          Host: bss.bj.baidubce.com
          Authorization: authorization string

          Request header

          There are no other special headers except the public headers.

          Request parameter

          Parameter name Type Required or not Parameter position Description
          version String Yes URL parameter API version number (the current value is 2)
          startTime String Yes RequestBody parameter Start time, UTC standard time format
          endTime String Yes RequestBody parameter End time, UTC standard time format
          attackResult int Yes RequestBody parameter For the attack results to query, 0 indicates failure, 1 indicates success and 2 indicate all
          pageNo int Yes RequestBody parameter Page number to be queried
          pageSize int Yes RequestBody parameter Page size to be queried
          attackSource String No RequestBody parameter Attack source
          eipList list No RequestBody parameter List of attacked eip
          domain String No RequestBody parameter Domain name attacked
          attackTypeKey String No RequestBody parameter Attack type key
          request String No RequestBody parameter Request method
          clientToken String Yes Query parameter Idempotence Token, for details, please see clientToken

          Return status code

          "200" for return successful and Error Code for return failed.

          Return header

          There are no other special headers except the public headers.

          Return parameter

          Parameter name Type Description
          status int Result status code
          description String Result description
          totalpage int Total page
          data list<AttackRecordModel> Summary list by attack source

          Request example

          POST /v2/securityAudit/getCustomAttack&clientToken=be31b98c-5e41-4838-9830-9be700de5a20 HTTP/1.1
          HOST bss.bj.baidubce.com
          Authorization bce-auth-v1/5e5a8adf11ae475ba95f1bd38228b44f/2016-04-10T08:26:52Z/1800/host;x-bce-date/ec3c0069f9abb1e247773a62707224124b2b31b4c171133677f9042969791f02
          
          {
              "startTime": "2017-12-01T08:00:02Z",
              "endTime": "2017-12-02T08:00:02Z",
              "attackResult": 1,
              "pageSize": 10,
              "pageNo": 1,

              "attackSource": "1.1.1.1",
              "eipList": ["180.76.1.1", "182.61.1.1",...]
              "domain": "www.a.com",
              "attackTypeKey": "30003",
              "request": "GET",
          }

          Response example

          HTTP/1.1 200 OK
          x-bce-request-id: 946002ee-cb4f-4aad-b686-5be55df27f09
          Date: Wed, 10 Apr 2016 08:26:52 GMT
          Transfer-Encoding: chunked
          Content-Type: application/json;charset=UTF-8
          Server: BWS
          
          {
              "status": 0,
              "description": "ok",
              "totalpage": 5,
              "data": [
                  {
                      "attackSource":"1.2.3.4",
                      "attackSourceType": "",                         
                      "eipInfo":
                          {
                              "instanceType": "BCC",
                              "name": "eip-name",
                              "eip": "180.76.1.1",
                              "region": "bj",
                          },
                      "domain": "www.a.com",
                      "attackType": "SQL Inject",
                      "attackCount": 100,
                      "attackTime": "2017-12-01T09:00:02Z",
                      "request": "GET",
                      "attackResult": 1,
                      "headers": {
                          "content-length": "1504",
                          "accept-language": "zh-cn",
                          "connection": "Keep-Alive",
                          "accept": "*/*",
                          "user-agent": "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)",
                          "host": "tingwen.me",
                          "referer": "http://tingwen.me/1.php",
                          "content-type": "application/x-www-form-urlencoded"
                      },
                      "body": "sqzr=@eval(get_magic_quotes_gpc()?stripslashes($_POST[chr(122)",
          
                      "resheaders": {
                          "x-powered-by": "PHP/5.6.15",
                          "transfer-encoding": "chunked",
                          "set-cookie": "HBJnSD_think_language=zh-cn; expires=Sat, 21-Oct-2017 13:03:27",
                          "expires": "Thu, 19 Nov 1981 08:52:00 GMT",
                          "vary": "Accept-Encoding",
                          "server": "nginx-upupw/1.8.0",
                          "connection": "keep-alive",
                          "pragma": "no-cache",
                          "cache-control": "no-store, no-cache, must-revalidate, post-check=0, pre-check=0",
                          "date": "Sat, 21 Oct 2017 12:03:27 GMT",
                          "content-type": "text/html; charset=UTF-8"
                      },
                      "resbody": "4e8\r\n<!DOCTYPE html PUBLIC-//W3C//DTD XHTML 1.0 Transitional//EN",
                  },
                  {
                  ...
                  }
                  ...
              ] 
          }

          Access the Drop-down Information Interface

          Description

          • Including eip list, attack type list and attack request method list.

          Request structure

          GET /v{version}/securityAudit/getDropdownList&clientToken={clientToken} HTTP/1.1
          Host: bss.bj.baidubce.com
          Authorization: authorization string

          Request header

          There are no other special headers except the public headers.

          Request parameter

          Parameter name Type Required or not Parameter position Description
          version String Yes URL parameter API version number (the current value is 2)
          clientToken String Yes Query parameter Idempotence Token, for details, please see clientToken

          Return status code

          "200" for return successful and Error Code for return failed.

          Return header

          There are no other special headers except the public headers.

          Return parameter

          Parameter name Type Description
          status int Result status code
          description String Result description
          data DropdownModel Description of drop-down list

          Request example

          GET /v2/securityAudit/getDropdownList&clientToken=be31b98c-5e41-4838-9830-9be700de5a20 HTTP/1.1
          HOST bss.bj.baidubce.com
          Authorization bce-auth-v1/5e5a8adf11ae475ba95f1bd38228b44f/2016-04-10T08:26:52Z/1800/host;x-bce-date/ec3c0069f9abb1e247773a62707224124b2b31b4c171133677f9042969791f02

          Response example

          HTTP/1.1 200 OK
          x-bce-request-id: 946002ee-cb4f-4aad-b686-5be55df27f09
          Date: Wed, 10 Apr 2016 08:26:52 GMT
          Transfer-Encoding: chunked
          Content-Type: application/json;charset=UTF-8
          Server: BWS
          
              {
              "status": 0,
              "description": "ok",
              "data": {
                  "eipList": [                                                   
                      {
                          "instanceType": "BCC",
                          "name": "eip-name",
                          "eip": "180.76.1.1",
                          "region": "bj",
                      },
                      ...
                  ],
                  "attackResult": {                                             
                      0:"Attack Failed", 
                      1:"Attack Succeeded", 
                      2:"All" 
                  },
                  "attackType": {                                           
                      10004: "Access to Sensitive Files", 
                      30003: "SQL Inject", 
                      ...
                  }
                  "request": {                          
                      "POST": "POST",
                      "GET": "GET",
                      "HEAD": "HEAD",
                      ...
                  }
              }
          }
          Previous
          Error Code
          Next
          Statistic Analysis Query Interface