Tencent Cloud Firewall
Last updated: 2025-12-04 09:08:18
Fundamental information
| Product | Abbreviation in CAM | Console | Authorization by Tag | Authorization Granularity | IP Restriction |
|---|---|---|---|---|---|
| Cloud Firewall | cfw | Supported | not supported | Operation level | Supported |
Note:
The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.
- Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
- Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
- Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.
API authorization granularity
Two authorization granularity levels of API are supported: resource level, and operation level.
- Resource level: It supports the authorization of a specific resource.
- Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.
Write operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| AddAclRule | Add Internet Access Control Rules | Operation level | * | Supported |
| AddDnsAclRule | Add Dns access control rules | Operation level | * | Supported |
| AddEnterpriseSGRulesForIPV6 | create ipv6 sg rule | Operation level | * | Supported |
| AddEnterpriseSecurityGroupRules | Create New Enterprise Security Group Rules | Operation level | * | Supported |
| AddNDRUser | AddNDRUser | Operation level | * | Supported |
| AddNatAcRule | Operation level | * | Supported | |
| AddNatFwTcRule | AddNatFwTcRule | Operation level | * | Supported |
| AddNewBindRoleUser | Firewall role authorization binding interface | Operation level | * | Supported |
| AddOrganAcl | Add organizational permissions | Operation level | * | Supported |
| AddVpcAcRule | Add VPC Firewall intranet rules. | Operation level | * | Supported |
| AddVpcFwTcRule | Add inter-VPC firewall traffic control policy | Operation level | * | Supported |
| AddZeroTrustWebService | Add zero trust web service | Operation level | * | Supported |
| CancelUpdateEngineReserveTask | CancelUpdateEngineReserveTask | Operation level | * | Supported |
| CreateAIInterpretationFeedBack | AI accuracy feedback | Operation level | * | Supported |
| CreateAcRules | Create ACL Rules | Operation level | * | Supported |
| CreateAddressTemplate | Create address template | Operation level | * | Supported |
| CreateAlertCenterOmit | Alarm Center-Ignore Handling Interface | Operation level | * | Supported |
| CreateAlertCenterRule | Alarm Center-Block, Release and Disposal Interface | Operation level | * | Supported |
| CreateApplyTrial | Request a trial firewall | Operation level | * | Supported |
| CreateAsyncTask | CreateAsyncTask | Operation level | * | Supported |
| CreateBakRuleList | Operation level | * | Supported | |
| CreateBetaTask | Establishing Beta Automation Tasks | Operation level | * | Supported |
| CreateBlockIgnoreRuleList | Add block list and ignore list rules in batches | Operation level | * | Supported |
| CreateBlockIgnoreRuleNew | Add intrusion prevention block list and allow list rules in batches (new) | Operation level | * | Supported |
| CreateClsDeliverTask | CreateClsDeliverTask | Operation level | * | Supported |
| CreateDatabaseWhiteListRules | CreateDatabaseWhiteListRules | Operation level | * | Supported |
| CreateHoneypotTrial | Apply for a trial firewall honeypot | Operation level | * | Supported |
| CreateIOAAccessGroup | Override Edit IOA User Group Access | Operation level | * | Supported |
| CreateNDRAnalysis | CreateNDRAnalysis | Operation level | * | Supported |
| CreateNDRPolicy | create NDR flow filter policy | Operation level | * | Supported |
| CreateNatFwInstance | Create a NAT firewall instance (Region parameter is required). | Operation level | * | Supported |
| CreateNatFwInstanceWithDomain | Create NAT firewall instance and connect a domain name (The Region parameter is required) | Operation level | * | Supported |
| CreatePcapTask | Create a packet capture task | Operation level | * | Supported |
| CreateProbeTask | create probe task | Operation level | * | Supported |
| CreateRemoteMtInstance | Create a zero-trust remote operation and maintenance instance | Operation level | * | Supported |
| CreateResourceGroup | CreateResourceGroup | Operation level | * | Supported |
| CreateSecurityGroupRules | Operation level | * | Supported | |
| CreateVpcFwGroup | Create an Inter-VPC Firewall (Firewall Group) | Operation level | * | Supported |
| CreateVpcFwInstance | Create an inter-VPC firewall instance | Operation level | * | Supported |
| CreateWhiteRule | Creating an Intrusion Prevention Whitelist | Operation level | * | Supported |
| CreateZeroTrustAclMulti | Adding Zero Trust Remote Operation and Maintenance Rules in Batch - Identity Perspective | Operation level | * | Supported |
| CreateZeroTrustCommandRule | Add zero trust remote operation and maintenance command control rules in batches | Operation level | * | Supported |
| CreateZeroTrustDomain | CreateZeroTrustDomain | Operation level | * | Supported |
| CreateZeroTrustTrial | Apply for Zero Trust Remote Operation and Maintenance Trial | Operation level | * | Supported |
| DeleteAcRule | Delete ACL Rule | Operation level | * | Supported |
| DeleteAddressTemplate | Delete address template rules | Operation level | * | Supported |
| DeleteAllAccessControlRule | DeleteAllAccessControlRule | Operation level | * | Supported |
| DeleteBlockIgnoreRuleAll | Delete all black and white lists (support filtering) | Operation level | * | Supported |
| DeleteBlockIgnoreRuleList | Delete intrusion prevention ban list and allow list rules in batches | Operation level | * | Supported |
| DeleteBlockIgnoreRuleNew | Deleting Intrusion Prevention Block List and Allow List Rules in Batch (New) | Operation level | * | Supported |
| DeleteClsDeliverTask | DeleteClsDeliverTask | Operation level | * | Supported |
| DeleteIOAAccessGroup | Delete iOA user group access | Operation level | * | Supported |
| DeleteNDRAssetIdentificationItem | Delete NDR asset identification results. | Operation level | * | Supported |
| DeleteNDRPolicy | delete NDR flow filter policy | Operation level | * | Supported |
| DeleteNatFwInstance | Delete Nat Firewall Instance | Operation level | * | Supported |
| DeletePcapTask | DeletePcapTask | Operation level | * | Supported |
| DeleteProbe | DeleteProbe | Operation level | * | Supported |
| DeleteRemoteAccessDomain | DeleteRemoteAccessDomain | Operation level | * | Supported |
| DeleteRemoteMtInstance | Delete a zero-trust remote operation and maintenance instance | Operation level | * | Supported |
| DeleteResourceGroup | delete cfw resource group | Operation level | * | Supported |
| DeleteSecurityGroupRule | Operation level | * | Supported | |
| DeleteVpcFwGroup | DeleteVpcFwGroup | Operation level | * | Supported |
| DeleteWeComCache | Clear WeChat Work cache | Operation level | * | Supported |
| DeleteWhiteRule | delete the whitelist | Operation level | * | Supported |
| DeleteWhiteRuleAll | Delete Whitelist-All | Operation level | * | Supported |
| DeleteZeroTrustAuthUserInfoById | Batch deletion of zero trust operation and maintenance users | Operation level | * | Supported |
| DeleteZeroTrustCommandRule | Delete zero trust remote operation and maintenance command control rules | Operation level | * | Supported |
| DeleteZeroTrustDomain | DeleteZeroTrustDomain | Operation level | * | Supported |
| DeleteZeroTrustWebService | delete zero trust web service | Operation level | * | Supported |
| DeleteZeroTrustWebServiceAccess | delete zero trust web service access info | Operation level | * | Supported |
| ExpandCfwVertical | ExpandCfwVertical | Operation level | * | Supported |
| IgnoreEnterpriseSecurityGroupDomainStatus | IgnoreEnterpriseSecurityGroupDomainStatus | Operation level | * | Supported |
| IgnoreZeroTrustError | Ignore Zero Trust Remote Operations error banner | Operation level | * | Supported |
| ImportBlockIgnoreRuleList | Batch import of intrusion prevention ban list and pass list rules | Operation level | * | Supported |
| ImportCFWFile | Import common methods | Operation level | * | Supported |
| ModifyAcRule | Modify ACL Rule | Operation level | * | Supported |
| ModifyAclApiDispatch | ACL write interface request transfer | Operation level | * | Supported |
| ModifyAclRule | Modify Internet Border Access Control Rules | Operation level | * | Supported |
| ModifyAclRuleStatus | ModifyAclRuleStatus | Operation level | * | Supported |
| ModifyActionShowStatus | ModifyActionShowStatus | Operation level | * | Supported |
| ModifyAddressTemplate | Modify address template | Operation level | * | Supported |
| ModifyAllPublicIPSwitchStatus | ModifyAllPublicIPSwitchStatus | Operation level | * | Supported |
| ModifyAllRuleStatus | ModifyAllRuleStatus | Operation level | * | Supported |
| ModifyApiDispatch | ModifyApiDispatch | Operation level | * | Supported |
| ModifyAssetNDRPolicy | modify NDR Policy Relation Asset List | Operation level | * | Supported |
| ModifyAssetScan | ModifyAssetScan | Operation level | * | Supported |
| ModifyAssetSync | Asset Synchronization | Operation level | * | Supported |
| ModifyBetaTask | ModifyBetaTask | Operation level | * | Supported |
| ModifyBlackListSwitchStatus | ModifyBlackListSwitchStatus | Operation level | * | Supported |
| ModifyBlockIgnoreList | Batch operation interface for ban list and release list | Operation level | * | Supported |
| ModifyBlockIgnoreRule | Edit individual intrusion prevention ban list and allow list rules | Operation level | * | Supported |
| ModifyBlockIgnoreRuleNew | Edit individual intrusion prevention block list and pass list rules (new) | Operation level | * | Supported |
| ModifyBlockTop | ModifyBlockTop | Operation level | * | Supported |
| ModifyChooseResourceGroup | Asset Center-Asset Group-Asset Operation | Operation level | * | Supported |
| ModifyClsDeliverSwitch | ModifyClsDeliverSwitch | Operation level | * | Supported |
| ModifyClsDeliverTask | ModifyClsDeliverTask | Operation level | * | Supported |
| ModifyClusterFwTransparentMode | Modify the Transparent Mode Switch of the Cluster Firewall | Operation level | * | Supported |
| ModifyClusterVpcFwSwitch | Modify the VPC firewall switch in cluster mode | Operation level | * | Supported |
| ModifyCommonStatus | Universal asynchronous table modification interface | Operation level | * | Supported |
| ModifyDNSFWSwitchAll | Enable all DNS firewall switches (support filtering) | Operation level | * | Supported |
| ModifyDnsAclRule | Modify DNS access control rules | Operation level | * | Supported |
| ModifyDnsAclRuleSwitch | Enable or disable DNS rule switches in batches | Operation level | * | Supported |
| ModifyDnsAclRuleSwitchAll | Edit all DNS ACL rules (support filtering) | Operation level | * | Supported |
| ModifyDnsResolveIp | Configure Dns to resolve IP | Operation level | * | Supported |
| ModifyEWRuleStatus | Operation level | * | Supported | |
| ModifyEdgeIpSwitch | Change boundary firewall switch (bypass, serial) | Operation level | * | Supported |
| ModifyEdgeIpSwitchAll | Edit serial firewall switches (all on, all off) | Operation level | * | Supported |
| ModifyEdgeIpSwitchWeight | Edit Internet border ip switch weights | Operation level | * | Supported |
| ModifyEdgeName | Modify the name of the VPC firewall edge. | Operation level | * | Supported |
| ModifyEnterpriseSGRulesForIPV6 | modify sg rule for ipv6 | Operation level | * | Supported |
| ModifyEnterpriseSecurityDispatchStatus | Operation level | * | Supported | |
| ModifyEnterpriseSecurityGroupRule | Operation level | * | Supported | |
| ModifyEnterpriseSecurityGroupRuleLst | Operation level | * | Supported | |
| ModifyEnterpriseSecurityGroupSequenceRules | Operation level | * | Supported | |
| ModifyFwAZone | Modify firewall availability zone | Operation level | * | Supported |
| ModifyFwConfig | Edit firewall configuration | Operation level | * | Supported |
| ModifyFwGroupSwitch | Modify firewall (group) switch (supporting single-point mode, multi-point mode, and full interconnection mode) | Operation level | * | Supported |
| ModifyFwGroupSwitchAll | Modify VPC firewall all switches | Operation level | * | Supported |
| ModifyIgnoreAsyncTaskErr | Ignore exception task information | Operation level | * | Supported |
| ModifyIgnoreNdrSwitchErr | ModifyIgnoreNdrSwitchErr | Operation level | * | Supported |
| ModifyIpsRuleList | Modify IPS rule list | Operation level | * | Supported |
| ModifyLogStorageConfig | ModifyLogStorageConfig | Operation level | * | Supported |
| ModifyNDRAssetIdentificationCustomizedColumn | Modify the custom display fields for NDR asset identification results. | Operation level | * | Supported |
| ModifyNDRBandwidth | Edit traffic analysis bandwidth | Operation level | * | Supported |
| ModifyNDRDataLeakAlertStatus | Update the status of sensitive data leak alert events | Operation level | * | Supported |
| ModifyNDRDataMaskingStatus | Modify the desensitization status of NDR sensitive data | Operation level | * | Supported |
| ModifyNDRPolicy | modify NDR flow filter policy | Operation level | * | Supported |
| ModifyNDRPortRiskStatus | Modify the NDR port risk alarm status | Operation level | * | Supported |
| ModifyNDRWeakPwdAlertStatus | Update the status of weak password alert events | Operation level | * | Supported |
| ModifyNatAcRule | Operation level | * | Supported | |
| ModifyNatAcRuleSwitchAll | Modify all NAT rule switches (support filtering) | Operation level | * | Supported |
| ModifyNatAclRuleSwitch | Enable or disable NAT rule switch | Operation level | * | Supported |
| ModifyNatFwConfig | Set up NAT firewall configuration | Operation level | * | Supported |
| ModifyNatFwReSelect | Reselect VPC or NAT for the NAT firewall instance. | Operation level | * | Supported |
| ModifyNatFwSwitch | Modify NAT firewall switch | Operation level | * | Supported |
| ModifyNatFwSwitchAll | Modify all switches of NAT firewall (support filtering) | Operation level | * | Supported |
| ModifyNatFwTcRule | Edit traffic control policy | Operation level | * | Supported |
| ModifyNatFwVpcDnsSwitch | NAT Firewall VPC DNS Switch Toggle | Operation level | * | Supported |
| ModifyNatInstance | ModifyNatInstance | Operation level | * | Supported |
| ModifyNatSequenceRules | Operation level | * | Supported | |
| ModifyNdrClusterSwitch | Enable cluster and node traffic analysis interface (support interface filtering) | Operation level | * | Supported |
| ModifyNdrClusterSwitchWeight | Edit cluster and node traffic analysis switch weights | Operation level | * | Supported |
| ModifyNdrConfig | ModifyNdrConfig | Operation level | * | Supported |
| ModifyNdrSwitch | Enable/Disable Traffic Analysis Switch | Operation level | * | Supported |
| ModifyNdrSwitchAll | Enable all traffic analysis APIs (API filtering supported) | Operation level | * | Supported |
| ModifyNdrSwitchWeight | Edit traffic analysis switch weight | Operation level | * | Supported |
| ModifyNetflowRuleStatus | Operation level | * | Supported | |
| ModifyNetflowRuleStatusAll | Modify all internet boundary access control lists (support conditional filtering) | Operation level | * | Supported |
| ModifyNoticeCommonNew | General settings status modification (new) | Operation level | * | Supported |
| ModifyPacketDropAction | Modify Firewall Packet Drop Action | Operation level | * | Supported |
| ModifyProbeTask | modify probe task | Operation level | * | Supported |
| ModifyRemoteAccessInstance | ModifyRemoteAccessInstance | Operation level | * | Supported |
| ModifyRemoteMtInstance | Edit a zero-trust remote operation and maintenance instance | Operation level | * | Supported |
| ModifyResourceGroup | ModifyResourceGroup | Operation level | * | Supported |
| ModifyResourceGroupOrder | Asset Center Asset Group Movement | Operation level | * | Supported |
| ModifyRouteBackup | Modify backup route | Operation level | * | Supported |
| ModifySGRulesSequenceForIPV6 | modify sg Sequence for ipv6 | Operation level | * | Supported |
| ModifySecurityGroupItemRuleStatus | Enable and disable individual enterprise security group rules | Operation level | * | Supported |
| ModifySecurityGroupRule | Operation level | * | Supported | |
| ModifySecurityGroupRuleAll | Edit all enterprise security group rules (support filtering) | Operation level | * | Supported |
| ModifySecurityGroupSequenceRules | Operation level | * | Supported | |
| ModifySecurityGroupTableStatus | Modify Security Group List Status | Operation level | * | Supported |
| ModifySequenceAclRules | Internet Rules Quick Sort | Operation level | * | Supported |
| ModifySequenceRules | modify rule sequence | Operation level | * | Supported |
| ModifySerialRegion | Edit Serial Firewall Regional Bandwidth Allocation | Operation level | * | Supported |
| ModifyStorageLogTypeSetting | Modify the tenant log storage type configuration | Operation level | * | Supported |
| ModifyStorageProtocolLogTypeSetting | ModifyStorageProtocolLogTypeSetting | Operation level | * | Supported |
| ModifyStorageSetting | Log storage settings | Operation level | * | Supported |
| ModifyStrictModeConfig | Modify strict mode configuration | Operation level | * | Supported |
| ModifySwitchStatus | ModifySwitchStatus | Operation level | * | Supported |
| ModifyTableStatus | ModifyTableStatus | Operation level | * | Supported |
| ModifyUserConfig | Modify User Config | Operation level | * | Supported |
| ModifyUserTkeGrant | User TKE cluster authorization | Operation level | * | Supported |
| ModifyVpcAcRule | Operation level | * | Supported | |
| ModifyVpcAcRuleAll | Edit all internal network access control lists (support filtering) | Operation level | * | Supported |
| ModifyVpcAcRuleSwitch | Operation level | * | Supported | |
| ModifyVpcCfwWidth | Vertical expansion of firewall between vpc | Operation level | * | Supported |
| ModifyVpcFwConfig | Set up inter-VPC firewall configuration | Operation level | * | Supported |
| ModifyVpcFwGroup | Edit the inter-VPC firewall (firewall group) | Operation level | * | Supported |
| ModifyVpcFwReSelect | Reselect VPC for inter-VPC firewall | Operation level | * | Supported |
| ModifyVpcFwSequenceRules | Operation level | * | Supported | |
| ModifyVpcFwSwitch | Modify the firewall switch between VPCs | Operation level | * | Supported |
| ModifyVpcFwTcRule | Editing a VPC Traffic Control Policy | Operation level | * | Supported |
| ModifyWebServiceMod | ModifyWebServiceMod | Operation level | * | Supported |
| ModifyWhiteRule | Editing the Intrusion Prevention Whitelist | Operation level | * | Supported |
| ModifyZeroTrustAssetAcl | Edit Zero Trust Remote Operation and Maintenance Asset Permission Details | Operation level | * | Supported |
| ModifyZeroTrustAuthUserInfoById | Mass Modification of Zero Trust Operational Users | Operation level | * | Supported |
| ModifyZeroTrustBlockStatus | Zero Trust Unauthorized Block Button | Operation level | * | Supported |
| ModifyZeroTrustCommandRule | Modify zero trust remote operation and maintenance command control rules | Operation level | * | Supported |
| ModifyZeroTrustCommandRuleSwitch | Batch modification of zero trust remote operation and maintenance command control rule switches | Operation level | * | Supported |
| ModifyZeroTrustCommandRuleSwitchAll | Modify all zero trust remote operation and maintenance command control rules (supports filtering) | Operation level | * | Supported |
| ModifyZeroTrustDomain | ModifyZeroTrustDomain | Operation level | * | Supported |
| ModifyZeroTrustEip | Edit Zero Trust Regional Public IP | Operation level | * | Supported |
| ModifyZeroTrustInstancePort | Edit Zero Trust Remote Operation and Maintenance Server Instance Port | Operation level | * | Supported |
| ModifyZeroTrustRegionSwitch | Modify Zero Trust Operation and Maintenance Region Switch | Operation level | * | Supported |
| ModifyZeroTrustRule | ModifyZeroTrustRule | Operation level | * | Supported |
| ModifyZeroTrustRuleSwitch | Modify IOA permission rule switches in batches | Operation level | * | Supported |
| ModifyZeroTrustRuleSwitchAll | Modify all zero-trust permission rules (support filtering) | Operation level | * | Supported |
| ModifyZeroTrustUserAcl | Edit Zero Trust Remote Operation and Maintenance User Permissions Details | Operation level | * | Supported |
| ModifyZeroTrustVpcSwitch | Modify Zero Trust VPC Switch | Operation level | * | Supported |
| ModifyZeroTrustVpcSwitchAll | Batch Modify Zero Trust VPC Switches | Operation level | * | Supported |
| ModifyZeroTrustWebService | modify zero web service base info | Operation level | * | Supported |
| ProbeQuickly | probe quickly | Operation level | * | Supported |
| RemoveAcRule | RemoveAcRule | Operation level | * | Supported |
| RemoveAclRule | Delete Internet Access Control Rules | Operation level | * | Supported |
| RemoveDnsAclRule | Delete Dns Access Control Rules | Operation level | * | Supported |
| RemoveEnterpriseSGRuleForIPV6 | remove sg rule foripv6 | Operation level | * | Supported |
| RemoveEnterpriseSecurityGroupRule | Operation level | * | Supported | |
| RemoveEnterpriseSecurityGroupRuleLst | Operation level | * | Supported | |
| RemoveNatAcRule | Operation level | * | Supported | |
| RemoveOfflineExportTask | Delete offline log export tasks | Operation level | * | Supported |
| RemoveVpcAcRule | Operation level | * | Supported | |
| RemoveVpcFwTcRule | Deleting a VPC Traffic Control Policy | Operation level | * | Supported |
| ResetDnsRuleHitTimes | Reset hit count for DNS firewall rules | Operation level | * | Supported |
| ResetNatRuleHitTimes | Operation level | * | Supported | |
| ResetVpcRuleHitTimes | Operation level | * | Supported | |
| RestartFwIns | Restart the firewall instance | Operation level | * | Supported |
| SaveAutoBackUpSetting | Operation level | * | Supported | |
| SetCfwInsBypass | Set firewall instance bypass | Operation level | * | Supported |
| SetLbDnatRule | SetLbDnatRule | Operation level | * | Supported |
| SetNatFwDnatRule | SetNatFwDnatRule | Operation level | * | Supported |
| SetNatFwEip | Set up an EIP address for the NAT firewall instance | Operation level | * | Supported |
| SetNatProbeEip | SetNatProbeEip | Operation level | * | Supported |
| StartUpdateResourceTask | StartUpdateResourceTask | Operation level | * | Supported |
| StopAsyncTask | StopAsyncTask | Operation level | * | Supported |
| StopSecurityGroupRuleDispatch | Operation level | * | Supported | |
| SwitchMaster | Firewall switchover | Operation level | * | Supported |
| SyncIOAUserAccess | Synchronize iOA user access data | Operation level | * | Supported |
| SyncWeChatWorkAccess | Synchronize enterprise WeChat access data | Operation level | * | Supported |
| UnbindEdgeCFW | Unbundling SD-WAN edge and CFW | Operation level | * | Supported |
| UpdateCfwIdpsMode | UpdateCfwIdpsMode | Operation level | * | Supported |
| UpdateEngine | Upgrading the firewall engine | Operation level | * | Supported |
Read operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| AddZBTiNotice | Important security information notification | Operation level | * | Supported |
| CheckNatFwTcRule | Check flow control rules for conflicts | Operation level | * | Supported |
| CheckVpcFwTcRule | CheckVpcFwTcRule | Operation level | * | Supported |
| CreateAlertCenterRuleAsync | Alarm Center-Asynchronous Processing Interface | Operation level | * | Supported |
| CreateChooseVpcs | CreateChooseVpcs | Operation level | * | Supported |
| CreateZeroTrustRule | CreateZeroTrustRule | Operation level | * | Supported |
| DeleteZeroTrustRule | DeleteZeroTrustRule | Operation level | * | Supported |
| DescribeAIInterpretation | Security incident AI summary | Operation level | * | Supported |
| DescribeAccessDomainInfoList | Operation level | * | Supported | |
| DescribeAclApiDispatch | Operation level | * | Supported | |
| DescribeAclRegInfo | Query the regions supported for configuring ACL rules. | Operation level | * | Supported |
| DescribeAclRuleExportStatus | Query the export status of Acl rules | Operation level | * | Supported |
| DescribeAclTag | Access control tag query | Operation level | * | Supported |
| DescribeAddressTemplateList | Query address template list | Operation level | * | Supported |
| DescribeAlertCenterEventNameSelectList | Dynamically obtain the alarm center security event filter list | Operation level | * | Supported |
| DescribeAlertCenterList | Alarm center alarm list query | Operation level | * | Supported |
| DescribeAlertCenterOverview | describe alert center overview data | Operation level | * | Supported |
| DescribeAlertEventDetail | Alarm center alarm details query | Operation level | * | Supported |
| DescribeAlertLogEventNameSelectList | Dynamically obtain the intrusion prevention log security event filter list | Operation level | * | Supported |
| DescribeAllRegionList | Query region configuration information | Operation level | * | Supported |
| DescribeAllYwUserByOrgan | Organization descendant member list interface | Operation level | * | Supported |
| DescribeAllZoneList | Availability zone information | Operation level | * | Supported |
| DescribeApiDispatch | DescribeApiDispatch | Operation level | * | Supported |
| DescribeAreaStatus | DescribeAreaStatus | Operation level | * | Supported |
| DescribeAssetEventTree | DescribeAssetEventTree | Operation level | * | Supported |
| DescribeAssetExportStatus | Query the asset export status of the asset center | Operation level | * | Supported |
| DescribeAssetFilterList | DescribeAssetFilterList | Operation level | * | Supported |
| DescribeAssetOverviewNew | DescribeAssetOverviewNew | Operation level | * | Supported |
| DescribeAssetScanList | DescribeAssetScanList | Operation level | * | Supported |
| DescribeAssetSync | Asset synchronization status query | Operation level | * | Supported |
| DescribeAssociatedInstanceList | Operation level | * | Supported | |
| DescribeAsyncTask | Query asynchronous task information | Operation level | * | Supported |
| DescribeAsyncTaskErr | Asynchronous task exception information | Operation level | * | Supported |
| DescribeAutoBackUpSettingList | Operation level | * | Supported | |
| DescribeBandWidthBanner | Bandwidth Exceeded Banner | Operation level | * | Supported |
| DescribeBetaTaskAclRuleList | DescribeBetaTaskAclRuleList | Operation level | * | Supported |
| DescribeBillingInfo | Query billing information | Operation level | * | Supported |
| DescribeBlackWhiteQuota | Query the total interface of blacklist and whitelist quotas | Operation level | * | Supported |
| DescribeBlockByIpTimesList | DescribeBlockByIpTimesList | Operation level | * | Supported |
| DescribeBlockIPBySGSwitch | DescribeBlockIPBySGSwitch | Operation level | * | Supported |
| DescribeBlockIgnoreImportCredential | DescribeBlockIgnoreImportCredential | Operation level | * | Supported |
| DescribeBlockIgnoreList | Operation level | * | Supported | |
| DescribeBlockIgnoreRulesImportProgress | DescribeBlockIgnoreRulesImportProgress | Operation level | * | Supported |
| DescribeBlockStaticList | Alarm center column chart | Operation level | * | Supported |
| DescribeBlockTimesList | Alarm Center-Blocking Line Chart | Operation level | * | Supported |
| DescribeBorderACLList | Operation level | * | Supported | |
| DescribeBorderFwRuleHitDetail | Query edge access control rule hit details | Operation level | * | Supported |
| DescribeBorderRuleStatus | Query Internet boundary rule quota and usage situation | Operation level | * | Supported |
| DescribeBuyPageInfo | Obtain firewall event vulnerability statistics | Operation level | * | Supported |
| DescribeCFWEngineStatus | Cloud Firewall Engine Status Full Link Interface | Operation level | * | Supported |
| DescribeCFWInfo | DescribeCFWInfo | Operation level | * | Supported |
| DescribeCcnSASEEdge | DescribeCcnSASEEdge | Operation level | * | Supported |
| DescribeCdcIds | Operation level | * | Supported | |
| DescribeCfwCidr | DescribeCfwCidr | Operation level | * | Supported |
| DescribeCfwEips | DescribeCfwEips | Operation level | * | Supported |
| DescribeCfwInsStatus | Operation level | * | Supported | |
| DescribeCfwUpdateStatus | Operation level | * | Supported | |
| DescribeCfwUserStatus | Query tenant cloud firewall usage | Operation level | * | Supported |
| DescribeCfwVersion | Query the engine mode and version number of the NAT VPC firewall. | Operation level | * | Supported |
| DescribeChangeGroupRuleNotice | Query whether it is necessary to display the rule changes of the security group | Operation level | * | Supported |
| DescribeChangeGroupRules | Operation level | * | Supported | |
| DescribeChangeSecurityGroupAssociateInstances | Operation level | * | Supported | |
| DescribeChangeSecurityGroupNum | Operation level | * | Supported | |
| DescribeCheckCLSStatus | Check if the current user has subscribed to CLS service | Operation level | * | Supported |
| DescribeChooseAsset | DescribeChooseAsset | Operation level | * | Supported |
| DescribeCidrRelatedInstances | Operation level | * | Supported | |
| DescribeClsDeliverTask | DescribeClsDeliverTask | Operation level | * | Supported |
| DescribeClusterVpcFwSwitchs | Query the Inter-VPC firewall switch in cluster mode | Operation level | * | Supported |
| DescribeConfig | Operation level | * | Supported | |
| DescribeCosBucketList | DescribeCosBucketList | Operation level | * | Supported |
| DescribeDNSFWAssetTrendList | Get DNS firewall status monitoring line chart | Operation level | * | Supported |
| DescribeDNSFWStatus | Get DNS Firewall Status Bar | Operation level | * | Supported |
| DescribeDNSFWSwitch | Get DSN firewall switch information | Operation level | * | Supported |
| DescribeDNSProtectList | Get DNS firewall intrusion prevention list | Operation level | * | Supported |
| DescribeDbOverview | Describe Database Overview | Operation level | * | Supported |
| DescribeDefenseSwitch | Get a list of attack and defense buttons | Operation level | * | Supported |
| DescribeDnsAclRule | Query the DNS access control list | Operation level | * | Supported |
| DescribeDnsFwRuleHitDetail | Query DNS access control rule hit details | Operation level | * | Supported |
| DescribeDnsRuleStatus | Query the quota and usage of DNS rules | Operation level | * | Supported |
| DescribeDomainParseIpLst | Query domain name ip resolution list | Operation level | * | Supported |
| DescribeEdgeCFWSwitch | Check whether sd-wan cloud firewall is allowed | Operation level | * | Supported |
| DescribeEdgeFwFlowStat | Border firewall status monitoring TAB page content | Operation level | * | Supported |
| DescribeEdgeIpFlowLists | Query the Internet border IP switch traffic statistics list | Operation level | * | Supported |
| DescribeElasticBandWidth | Tenant elastic bandwidth interval query | Operation level | * | Supported |
| DescribeEngineUpdateDetail | DescribeEngineUpdateDetail | Operation level | * | Supported |
| DescribeEnterpriseSGRuleProgress | query sg dispatch progress | Operation level | * | Supported |
| DescribeEnterpriseSecurityDispatchStatus | Operation level | * | Supported | |
| DescribeEnterpriseSecurityGroupDomainParseList | DescribeEnterpriseSecurityGroupDomainParseList | Operation level | * | Supported |
| DescribeEnterpriseSecurityGroupRule | DescribeEnterpriseSecurityGroupRule | Operation level | * | Supported |
| DescribeEnterpriseSecurityGroupRuleList | query enterprise security rule list | Operation level | * | Supported |
| DescribeEnterpriseSecurityNotDispatchCount | Operation level | * | Supported | |
| DescribeEsLog | DescribeEsLog | Operation level | * | Supported |
| DescribeEventNameList | DescribeEventNameList | Operation level | * | Supported |
| DescribeExportLogs | DescribeExportLogs | Operation level | * | Supported |
| DescribeFlowCenterAddressLists | DescribeFlowCenterAddressLists | Operation level | * | Supported |
| DescribeFlowCenterAssetLists | DescribeFlowCenterAssetLists | Operation level | * | Supported |
| DescribeFlowCenterLogsV1 | Internet traffic center list query | Operation level | * | Supported |
| DescribeFlowDistributeList | Internet Traffic Center Traffic Map Query | Operation level | * | Supported |
| DescribeFuncDynamics | Dynamic query of functions | Operation level | * | Supported |
| DescribeFwConfig | Query firewall configuration | Operation level | * | Supported |
| DescribeFwEdgeBar | Internet Boundary Page Overview Data | Operation level | * | Supported |
| DescribeFwEdgeIps | Serial firewall switch list | Operation level | * | Supported |
| DescribeFwFirstConfig | First time entering the firewall page configuration | Operation level | * | Supported |
| DescribeFwGroupIdNames | Get the ID name list of the user\\\\\\\'s firewall (group). | Operation level | * | Supported |
| DescribeFwGroupInstanceInfo | Obtain All Tenant VPC Firewalls (Groups) and VPC Firewall Instance Card Information | Operation level | * | Supported |
| DescribeFwProtectOverview | Get an overview of firewall protection | Operation level | * | Supported |
| DescribeFwSwitchOverview | Query firewall switch summary | Operation level | * | Supported |
| DescribeFwSyncStatus | Get firewall synchronization status | Operation level | * | Supported |
| DescribeGlobalSetting | Operation level | * | Supported | |
| DescribeGroupAddressIpList | Query IP information of asset groups | Operation level | * | Supported |
| DescribeGuideScanInfo | Novice guide to scan interface information | Operation level | * | Supported |
| DescribeGwlbVpcFwSwitch | VPC Horizontal Scaling Firewall Switch List | Operation level | * | Supported |
| DescribeHoneyPotAttacker | Query the Aggregator List | Operation level | * | Supported |
| DescribeHoneypotTrial | Check the Firewall Honeypot Trial Status | Operation level | * | Supported |
| DescribeIOAAccessDirectoryList | Query the IOA access directory list | Operation level | * | Supported |
| DescribeIOAAccountGroups | Query IOA account directory list | Operation level | * | Supported |
| DescribeIOALocalAccounts | Query iOA account list | Operation level | * | Supported |
| DescribeIPStatusList | DescribeIPStatusList | Operation level | * | Supported |
| DescribeImportCredential | Get temporary records of imported file uploads | Operation level | * | Supported |
| DescribeImportWeChatSpec | DescribeImportWeChatSpec | Operation level | * | Supported |
| DescribeIndex | Get index configuration information | Operation level | * | Supported |
| DescribeIndexs | Get multiple index configuration information | Operation level | * | Supported |
| DescribeInstanceTrafficStatData | Obtain instance traffic statistics | Operation level | * | Supported |
| DescribeInternetOutOverview | Query of Outbound Overview in Traffic Center | Operation level | * | Supported |
| DescribeIpStatLst | Get the peak bandwidth of a single cvm of nat vpc | Operation level | * | Supported |
| DescribeIpTcRule | Query the flow control policy of IP | Operation level | * | Supported |
| DescribeIsolateList | Query Isolation List | Operation level | * | Supported |
| DescribeLBFailureWarning | Query the relevant error information for the LB honeypot service | Operation level | * | Supported |
| DescribeLogAnalysisConfigs | Get collection rule configuration | Operation level | * | Supported |
| DescribeLogContext | Contextual search | Operation level | * | Supported |
| DescribeLogHistogram | Get the log quantity histogram | Operation level | * | Supported |
| DescribeLogStorageSetting | DescribeLogStorageSetting | Operation level | * | Supported |
| DescribeLogStorageStatistic | Tenant log storage statistics | Operation level | * | Supported |
| DescribeLogType | Get log type | Operation level | * | Supported |
| DescribeLogs | Log audit log query | Operation level | * | Supported |
| DescribeLogsAsync | Log audit log asynchronous query | Operation level | * | Supported |
| DescribeLogsCountAsync | Obtain the total number of log audit log asynchronous query results | Operation level | * | Supported |
| DescribeLogsResultAsync | Log audit log asynchronous query result list acquisition | Operation level | * | Supported |
| DescribeModifyResourceUser | check modify privilege | Operation level | * | Supported |
| DescribeModuleConfig | Operation level | * | Supported | |
| DescribeNDRAnalysisStatus | DescribeNDRAnalysisStatus | Operation level | * | Supported |
| DescribeNDRAssetIdentificationCustomizedColumn | Query the custom display fields for NDR asset identification results. | Operation level | * | Supported |
| DescribeNDRAssetIdentificationExportStatus | Query the export status of the NDR asset identification results list. | Operation level | * | Supported |
| DescribeNDRAssetIdentificationList | Query the list of NDR asset identification results. | Operation level | * | Supported |
| DescribeNDRAssetList | DescribeNdrAssetList | Operation level | * | Supported |
| DescribeNDRAssetViewPortRiskList | Obtaining the NDR port risk-asset view alarm list | Operation level | * | Supported |
| DescribeNDRConfig | Get traffic analysis configuration | Operation level | * | Supported |
| DescribeNDRDataLeakAlertList | Retrieve the data leak alert list for sensitive data | Operation level | * | Supported |
| DescribeNDRDataLeakDataAnalysisList | Obtain List of Data Dimension Analysis Results within the Sensitive Data Leakage | Operation level | * | Supported |
| DescribeNDRDataLeakDataAnalysisTotal | Obtain Total Count for Analysis Results of Data Dimension within the Sensitive Data Leakage | Operation level | * | Supported |
| DescribeNDRDataLeakSrcAnalysisList | Obtain List of Source IP Dimension Analysis Results within the Sensitive Data Leakage | Operation level | * | Supported |
| DescribeNDRDataLeakSrcAnalysisTotal | Obtain Total Count for Source IP Dimension Analysis Results within the Sensitive Data Leakage | Operation level | * | Supported |
| DescribeNDRDataLeakSubAnalysisList | Obtain List of Sub Dimension Analysis Results within the Sensitive Data Leakage | Operation level | * | Supported |
| DescribeNDRDataLeakSubAnalysisTotal | Obtain Total Count for Analysis Results of Sub Dimension within the Sensitive Data Leakage | Operation level | * | Supported |
| DescribeNDRDataMaskingStatus | Query the desensitization status of NDR sensitive data | Operation level | * | Supported |
| DescribeNDRExportTaskStatus | Retrieve Export Task Status | Operation level | * | Supported |
| DescribeNDRFlowStatsData | NDR Monitoring Panel - Peak and Average Bandwidth Statistics | Operation level | * | Supported |
| DescribeNDRInstanceSwitchInfo | Retrieve the Enabled Status of an NDR Instance | Operation level | * | Supported |
| DescribeNDROverview | Traffic Analysis Overview | Operation level | * | Supported |
| DescribeNDRPacketExportStatus | Get NDR Alert PCAP Export Task Status | Operation level | * | Supported |
| DescribeNDRPolicyRuleList | Describe NDR Policy Rule List | Operation level | * | Supported |
| DescribeNDRPortRiskExportStatus | Get the NDR port risk alarm export status | Operation level | * | Supported |
| DescribeNDRPortViewPortRiskList | Get eth NDR port risk, port view alarm list | Operation level | * | Supported |
| DescribeNDRRiskOverview | Query NDR Risk Overview Data | Operation level | * | Supported |
| DescribeNDRRiskTrend | Query NDR Risk Trend Data | Operation level | * | Supported |
| DescribeNDRSensitiveType | Query NDR Sensitive Data Types | Operation level | * | Supported |
| DescribeNDRSwitchErr | Describe NDR Switch Error | Operation level | * | Supported |
| DescribeNDRSwitchTaskList | query ndr switch task list | Operation level | * | Supported |
| DescribeNDRTkeClusters | Get the TKE cluster list in NDR | Operation level | * | Supported |
| DescribeNDRTkeNodes | Get the TKE host node list in NDR | Operation level | * | Supported |
| DescribeNDRTkePods | Get the TKE Pod List in NDR | Operation level | * | Supported |
| DescribeNDRWeakPwdAlertList | Retrieve the weak password alert list | Operation level | * | Supported |
| DescribeNDRWeakPwdLogList | Retrieve the raw log list of weak password alerts | Operation level | * | Supported |
| DescribeNDRWeakPwdLogTotal | Retrieve the total count of raw logs for weak password alerts | Operation level | * | Supported |
| DescribeNDRWeakPwdSettings | Retrieve weak password detection configuration | Operation level | * | Supported |
| DescribeNatAcRule | Operation level | * | Supported | |
| DescribeNatConnectionsTrends | NAT Firewall monitoring panel-connection statistics | Operation level | * | Supported |
| DescribeNatExistRegions | DescribeNatExistRegions | Operation level | * | Supported |
| DescribeNatFwInfoCount | Get the number of all subnets and the number of natfw instances that the current user has access to the nat firewall. | Operation level | * | Supported |
| DescribeNatFwInstance | Operation level | * | Supported | |
| DescribeNatFwInstanceWithRegion | Query Tenant Maintainable NAT Instances | Operation level | * | Supported |
| DescribeNatFwInstancesInfo | Operation level | * | Supported | |
| DescribeNatFwRouteBackupLst | Query the details of the NAT firewall backup route | Operation level | * | Supported |
| DescribeNatFwRuleHitDetail | Query the hit details of NAT access control rules | Operation level | * | Supported |
| DescribeNatFwSwitch | Query NAT firewall switch list response | Operation level | * | Supported |
| DescribeNatFwVpcDnsLst | Display the VPC DNS switch corresponding to the current NATFW instance. | Operation level | * | Supported |
| DescribeNatGwJoinFwStatus | Query whether natgw is connected to the firewall | Operation level | * | Supported |
| DescribeNatIpConnections | NAT firewall monitoring panel-IP perspective connection number statistics | Operation level | * | Supported |
| DescribeNatNewFlowStatsData | NAT Monitoring Panel-Peak Average Bandwidth Statistics | Operation level | * | Supported |
| DescribeNatRuleScopes | Query the list of selectable effective scopes for Nat rules. | Operation level | * | Supported |
| DescribeNatRuleStatus | Query NAT rule quota and usage situation | Operation level | * | Supported |
| DescribeNatSessionConnections | NAT firewall monitoring panel-session perspective connection number statistics | Operation level | * | Supported |
| DescribeNatSubnetStatLst | NAT firewall subnet traffic statistics display | Operation level | * | Supported |
| DescribeNetFlowDomainInfo | Query the active external domain name list | Operation level | * | Supported |
| DescribeNetFlowDomainTop | Obtain the Top 5 active external domain name traffic | Operation level | * | Supported |
| DescribeNetflowBorderUsed | Internet border usage excess alarm | Operation level | * | Supported |
| DescribeNetflowCenterTrends | Traffic center traffic line chart query | Operation level | * | Supported |
| DescribeNewAuthInfo | Operation level | * | Supported | |
| DescribeNewNatCheckInfo | DescribeNewNatCheckInfo | Operation level | * | Supported |
| DescribeNoInsOfSecurityGroup | Operation level | * | Supported | |
| DescribeNodeEdge | Firewall Switch - VPC Boundary Firewall - Virtual Private Cloud VPC Topology Diagram | Operation level | * | Supported |
| DescribeNtaFile | nta file list | Operation level | * | Supported |
| DescribeNtaFileDownUrl | Query NTA file download link | Operation level | * | Supported |
| DescribeOfflineExportTask | DescribeOfflineExportTask | Operation level | * | Supported |
| DescribeOfflineExportTemporaryCredentials | DescribeOfflineExportTemporaryCredentials | Operation level | * | Supported |
| DescribeOperateLogSelect | Obtain operation log filter box data | Operation level | * | Supported |
| DescribeOrderDetailList | Get order details | Operation level | * | Supported |
| DescribeOrderList | Billing resource ID list | Operation level | * | Supported |
| DescribeOrganAcl | Organization permissions data | Operation level | * | Supported |
| DescribeOverviewFlowStat | Internet Boundary Traffic Bandwidth Statistics Overview | Operation level | * | Supported |
| DescribePacketDropAction | Query Firewall Packet Drop Action Setting | Operation level | * | Supported |
| DescribeProbeHistory | DescribeProbeHistory | Operation level | * | Supported |
| DescribeProbeTaskDetail | DescribeProbeTaskDetail | Operation level | * | Supported |
| DescribeProtectObjectInfo | Query Firewall Protection Instance Object Information | Operation level | * | Supported |
| DescribeQueryNotEmptyRuleListInfo | Operation level | * | Supported | |
| DescribeRainbowConfigs | Describe Rainbow Configs | Operation level | * | Supported |
| DescribeRemoteAccessIp | DescribeRemoteAccessIp | Operation level | * | Supported |
| DescribeReplayUrl | DescribeReplayUrl | Operation level | * | Supported |
| DescribeResourceGroup | Asset Center Asset Tree Information Query | Operation level | * | Supported |
| DescribeResourceGroupNew | Operation level | * | Supported | |
| DescribeRiskAssets | DescribeRiskAssets | Operation level | * | Supported |
| DescribeRuleOverview | describe rule overview | Operation level | * | Supported |
| DescribeSGRuleProgress | query sg dispatch progress | Operation level | * | Supported |
| DescribeSecurityGroupAssociateInstances | Operation level | * | Supported | |
| DescribeSecurityGroupList | DescribeSecurityGroupList | Operation level | * | Supported |
| DescribeSecurityGroupRuleStatus | Query enterprise security group rule quota and usage situation | Operation level | * | Supported |
| DescribeSecurityGroupVersionInfo | Security group rule change version information | Operation level | * | Supported |
| DescribeSelectAssetGroup | Asset information query under asset group | Operation level | * | Supported |
| DescribeSelectedAssetsByUserId | Query the detailed list of allocation permissions | Operation level | * | Supported |
| DescribeSerialRegion | DescribeSerialRegion | Operation level | * | Supported |
| DescribeShowBakRuleList | Operation level | * | Supported | |
| DescribeSourceAsset | Query all asset information of an asset group | Operation level | * | Supported |
| DescribeStrictModeConfig | DescribeStrictModeConfig | Operation level | * | Supported |
| DescribeSwitchError | Error message on the Internet border firewall switch banner | Operation level | * | Supported |
| DescribeSwitchLists | DescribeSwitchLists | Operation level | * | Supported |
| DescribeSwitchStatus | DescribeSwitchStatus | Operation level | * | Supported |
| DescribeSyncIOAUserAccessStatus | Get synchronization iOA user synchronization status | Operation level | * | Supported |
| DescribeSyncWeChatWorkAccessStatus | Get the synchronization status of enterprise WeChat | Operation level | * | Supported |
| DescribeTLogInfo | Describe TLog Info | Operation level | * | Supported |
| DescribeTLogIpList | Describe TLog IpList | Operation level | * | Supported |
| DescribeTableStatus | DescribeTableStatus | Operation level | * | Supported |
| DescribeTagIpList | Operation level | * | Supported | |
| DescribeTemplates | Get template list | Operation level | * | Supported |
| DescribeTiCenterList | DescribeTiCenterList | Operation level | * | Supported |
| DescribeTiContent | DescribeTiContent | Operation level | * | Supported |
| DescribeTkeNDRAssetList | Query Results: TKE Cluster Traffic Analysis Asset List | Operation level | * | Supported |
| DescribeTkeNDRNodeInsList | Query the details of NDR container cluster node instances | Operation level | * | Supported |
| DescribeTopics | Get a list of log topics | Operation level | * | Supported |
| DescribeTrialModuleConfig | Query resource configuration module | Operation level | * | Supported |
| DescribeUnHandleEventTabList | DescribeUnHandleEventTabList | Operation level | * | Supported |
| DescribeUserConfig | Get user configuration | Operation level | * | Supported |
| DescribeUserListByAssetId | Query asset permission overview | Operation level | * | Supported |
| DescribeVisitTimesAndFlowAssetMaxTop | DescribeVisitTimesAndFlowAssetMaxTop | Operation level | * | Supported |
| DescribeVpcAcRule | Operation level | * | Supported | |
| DescribeVpcAclEdgeRange | Operation level | * | Supported | |
| DescribeVpcConnectionsTrends | Inter-VPC firewall monitoring panel-connection statistics | Operation level | * | Supported |
| DescribeVpcDetail | Operation level | * | Supported | |
| DescribeVpcEdgeList | Operation level | * | Supported | |
| DescribeVpcEdgeStatus | DescribeVpcEdgeStatus | Operation level | * | Supported |
| DescribeVpcFlowCenterLogsV1 | Vpc traffic center list query | Operation level | * | Supported |
| DescribeVpcFwCrossStatus | Get the status of VPC firewall across tenant edge or vpc | Operation level | * | Supported |
| DescribeVpcFwGroupFlowStat | VPC firewall status monitoring TAB page content | Operation level | * | Supported |
| DescribeVpcFwGroupIns | Query the firewall (group) ID name and the corresponding relationship under the instance. | Operation level | * | Supported |
| DescribeVpcFwGroupSwitch | VPC Firewall (Group) Switch List | Operation level | * | Supported |
| DescribeVpcFwIpStat | Query traffic statistics at a single IP granularity under the VPC firewall | Operation level | * | Supported |
| DescribeVpcFwJoinInstances | DescribeVpcFwJoinInstances | Operation level | * | Supported |
| DescribeVpcFwRuleHitDetail | Query the hit details of access control rules between intranets | Operation level | * | Supported |
| DescribeVpcFwViewStat | DescribeVpcFwViewStat | Operation level | * | Supported |
| DescribeVpcFwVpcStat | Query traffic statistics at vpc granularity under the VPC firewall | Operation level | * | Supported |
| DescribeVpcInstance | Obtain the list of all VPC firewall instances of the tenant. | Operation level | * | Supported |
| DescribeVpcIpConnections | Inter-VPC firewall monitoring panel-IP perspective connection number statistics | Operation level | * | Supported |
| DescribeVpcLogEdge | Operation level | * | Supported | |
| DescribeVpcLogStatus | Operation level | * | Supported | |
| DescribeVpcRuleStatus | Query the quota and usage situation of intra-network rules | Operation level | * | Supported |
| DescribeVpcSessionConnections | Inter-VPC firewall monitoring panel - connection statistics from session perspective | Operation level | * | Supported |
| DescribeWeChatWorkUserList | Query the list of enterprise WeChat access personnel | Operation level | * | Supported |
| DescribeWeComBindLink | DescribeWeComBindLink | Operation level | * | Supported |
| DescribeWeComInstallLink | DescribeWeComInstallLink | Operation level | * | Supported |
| DescribeWeComStatus | Operation level | * | Supported | |
| DescribeWebAssetFilterList | DescribeWebAssetFilterList | Operation level | * | Supported |
| DescribeWebCosUrl | Operation level | * | Supported | |
| DescribeWebServiceStat | DescribeWebServiceStat | Operation level | * | Supported |
| DescribeWebServiceVisitLogDomainEnum | DescribeWebServiceVisitLogDomainEnum | Operation level | * | Supported |
| DescribeWebServices | Asset Center web service query list | Operation level | * | Supported |
| DescribeWhiteRule | DescribeWhiteRule | Operation level | * | Supported |
| DescribeYwUserList | Operation and maintenance user list | Operation level | * | Supported |
| DescribeZeroTrustAccessList | Query the list of zero trust remote operation and maintenance identity access cards | Operation level | * | Supported |
| DescribeZeroTrustAccessOverview | DescribeZeroTrustAccessOverview | Operation level | * | Supported |
| DescribeZeroTrustAccessSpecifications | DescribeZeroTrustAccessSpecifications | Operation level | * | Supported |
| DescribeZeroTrustAllAccessLog | zero trust asset access log | Operation level | * | Supported |
| DescribeZeroTrustAssetOverView | Zero Trust Assets Overview | Operation level | * | Supported |
| DescribeZeroTrustAuthorityOverview | Query Zero Trust Permissions Overview | Operation level | * | Supported |
| DescribeZeroTrustBlockPreview | Query Zero Trust Ban Preview | Operation level | * | Supported |
| DescribeZeroTrustBlockStatus | Query zero trust unauthorized access ban status | Operation level | * | Supported |
| DescribeZeroTrustCommandRule | Query the list of zero trust remote operation and maintenance command control rules | Operation level | * | Supported |
| DescribeZeroTrustCommandRuleHitDetail | Query zero trust remote operation and maintenance command control rule hit details | Operation level | * | Supported |
| DescribeZeroTrustConfig | Query zero trust remote operation and maintenance configuration | Operation level | * | Supported |
| DescribeZeroTrustDb | zero trust database asset list | Operation level | * | Supported |
| DescribeZeroTrustDomainInfo | DescribeZeroTrustDomainInfo | Operation level | * | Supported |
| DescribeZeroTrustDomainList | DescribeZeroTrustDomainList | Operation level | * | Supported |
| DescribeZeroTrustError | Query Zero Trust Remote Operation and Maintenance Error Banner | Operation level | * | Supported |
| DescribeZeroTrustRegionItem | DescribeZeroTrustRegionItem | Operation level | * | Supported |
| DescribeZeroTrustVpcList | Zero trust asset access VPC list | Operation level | * | Supported |
| ExportAclRules | Export ACL rule file | Operation level | * | Supported |
| ExportAlertCenterList | Export alarm list from alarm center | Operation level | * | Supported |
| ExportAsset | Asset center asset data export file | Operation level | * | Supported |
| ExportLogsOffline | Log audit log offline export | Operation level | * | Supported |
| ExportNDRAssetIdentificationList | Export the list of NDR asset identification results. | Operation level | * | Supported |
| ExportNDRDataLeakAlertList | Export API Sensitive Data Transfer Risk Alert List | Operation level | * | Supported |
| ExportNDRPacket | Export Pcap About NDR Alert | Operation level | * | Supported |
| ExportNDRPortRiskList | Exporting the NDR port risk alarm list | Operation level | * | Supported |
| ExportNDRWeakPwdAlertList | Export NDR Weak Password Risk Alert List | Operation level | * | Supported |
| ExportWhiteRule | Whitelist policy export interface - New | Operation level | * | Supported |
| ExportZeroTrustDb | export zero trust databases asset | Operation level | * | Supported |
| GetIocAnalysis | GetIocAnalysis | Operation level | * | Supported |
| GetIocSummary | GetIocSummary | Operation level | * | Supported |
| ModifyZeroTrustWebServiceAccess | modify zero trust web service access | Operation level | * | Supported |
| OpenZeroTrustWebServiceAccess | open zero trust web service access | Operation level | * | Supported |
| QueryUpdateResourceTaskStatus | Query the status of asset synchronization tasks | Operation level | * | Supported |
| QueryVpcFwSupportSwitchMode | Query the switch modes supported by the firewall between VPCs | Operation level | * | Supported |
| RemoveNatFwTcRule | Deleting a traffic control policy | Operation level | * | Supported |
| ResetAclRuleHitTimes | Reset hit count for internet rules | Operation level | * | Supported |
| SearchLog | Retrieve analysis logs | Operation level | * | Supported |
Other Operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| DeleteBillingResource | Billing active destruction | Operation level | * | Supported |
| ModifyLoginTime | Update login time | Operation level | * | Supported |
| ModifyPolicyAuthority | Report Policy Permissions | Operation level | * | Supported |
| ModifyUserAuthCheckStatus | Asset Sync Authorization Status Change | Operation level | * | Supported |
| SyncFwOperate | Synchronize firewall operations | Operation level | * | Supported |
List Operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| DescribeAcLists | Query Access Control List | Operation level | * | Supported |
| DescribeAclRule | Query the Internet Access Control List | Operation level | * | Supported |
| DescribeAddrTmplSelectList | rule select address Template liet | Operation level | * | Supported |
| DescribeBaradStatus | DescribeBaradStatus | Operation level | * | Supported |
| DescribeDefenseError | DescribeDefenseError | Operation level | * | Supported |
| DescribeDnsResolveIp | DescribeDnsResolveIp | Operation level | * | Supported |
| DescribeEmptySGSetInstanceListForIPV6 | query empty sg set instance list | Operation level | * | Supported |
| DescribeEnterpriseSGRuleListForIPV6 | query ipv6 sg rule list | Operation level | * | Supported |
| DescribeFwEngineZoneList | DescribeFwEngineZoneList | Operation level | * | Supported |
| DescribeNDRPolicyList | Describe NDR Policy List | Operation level | * | Supported |
| DescribeNatFwDnatRule | DescribeNatFwDnatRule | Operation level | * | Supported |
| DescribePresetAddrTmplList | query preset address template list | Operation level | * | Supported |
| DescribeRemoteInstances | Query the list of zero-trust remote operation and maintenance instances | Operation level | * | Supported |
| DescribeSGRuleAssociateInstanceListForIPV6 | query rule associate asset for ipv6 | Operation level | * | Supported |
| DescribeSetNatProbeEipTaskStatus | DescribeSetNatProbeEipTaskStatus | Operation level | * | Supported |
| DescribeUserBandwidthUsage | DescribeUserBandwidthUsage | Operation level | * | Supported |
| DescribeZeroTrustRule | DescribeZeroTrustRule | Operation level | * | Supported |
| DescribeZeroTrustRuleHitDetail | DescribeZeroTrustRuleHitDetail | Operation level | * | Supported |
| ExportNatFwDnatRule | ExportNatFwDnatRule | Operation level | * | Supported |
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No
Feedback