产品动态

产品简介

产品概述

产品优势

应用场景

功能介绍与版本对比

购买指南

试用申请

购买专业版

购买镜像扫描

购买日志分析

快速入门

操作指南

安全概览

资产管理

漏洞管理

镜像风险管理

集群风险管理

基线管理

运行时安全

高级防御

策略管理

防护开关

告警设置

日志分析

混合云安装指引

失陷容器隔离说明

日志字段数据解析

实践教程

镜像漏洞扫描和漏洞管理

故障处理

Linux 客户端离线排查

集群接入排查

API 文档

History

Introduction

API Category

Making API Requests

Network Security APIs

Cluster Security APIs

Security Compliance APIs

Runtime security - High-risk syscalls

Runtime Security - Reverse Shell APIs

Runtime Security APIs

Alert Settings APIs

Advanced prevention - K8s API abnormal requests

Asset Management APIs

Security Operations - Log Analysis APIs

Runtime Security - Trojan Call APIs

Runtime Security - Container Escape APIs

Image Security APIs

Billing APIs

Data Types

Error Codes

常见问题

TCSS 政策

隐私政策

数据处理和安全协议

联系我们

词汇表

DescribeVirusDetail

PDF

聚焦模式

字号

最后更新时间： 2024-12-06 15:47:33

1. API Description

Domain name for API request: tcss.intl.tencentcloudapi.com.

This API is used to query the information of a trojan file at runtime.

A maximum of 20 requests can be initiated per second for this API.

We recommend you to use API Explorer

Try it

API Explorer provides a range of capabilities, including online call, signature authentication, SDK code generation, and API quick search. It enables you to view the request, response, and auto-generated examples.

2. Input Parameters

The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.

Parameter Name	Required	Type	Description
Action	Yes	String	Common Params. The value used for this API: DescribeVirusDetail.
Version	Yes	String	Common Params. The value used for this API: 2020-11-01.
Region	No	String	Common Params. This parameter is not required.
Id	Yes	String	Trojan file ID

3. Output Parameters

Parameter Name	Type	Description
ImageId	String	Image ID Note: This field may return null, indicating that no valid values can be obtained.
ImageName	String	Image name Note: This field may return null, indicating that no valid values can be obtained.
CreateTime	String	Creation time Note: This field may return null, indicating that no valid values can be obtained.
Size	Integer	Trojan file size Note: This field may return null, indicating that no valid values can be obtained.
FilePath	String	Trojan file path Note: This field may return null, indicating that no valid values can be obtained.
ModifyTime	String	Last generation time Note: This field may return null, indicating that no valid values can be obtained.
VirusName	String	Virus name Note: This field may return null, indicating that no valid values can be obtained.
RiskLevel	String	Risk level. Valid values: `RISK_CRITICAL`, `RISK_HIGH`, `RISK_MEDIUM`, `RISK_LOW`, `RISK_NOTICE`. Note: This field may return null, indicating that no valid values can be obtained.
ContainerName	String	Container name Note: This field may return null, indicating that no valid values can be obtained.
ContainerId	String	Container ID Note: This field may return null, indicating that no valid values can be obtained.
HostName	String	Server name Note: This field may return null, indicating that no valid values can be obtained.
HostId	String	Server ID Note: This field may return null, indicating that no valid values can be obtained.
ProcessName	String	Process name Note: This field may return null, indicating that no valid values can be obtained.
ProcessPath	String	Process path Note: This field may return null, indicating that no valid values can be obtained.
ProcessMd5	String	Process MD5 Note: This field may return null, indicating that no valid values can be obtained.
ProcessId	Integer	Process ID Note: This field may return null, indicating that no valid values can be obtained.
ProcessArgv	String	Process parameter Note: This field may return null, indicating that no valid values can be obtained.
ProcessChan	String	Process chain Note: This field may return null, indicating that no valid values can be obtained.
ProcessAccountGroup	String	Process group Note: This field may return null, indicating that no valid values can be obtained.
ProcessStartAccount	String	Process initiator Note: This field may return null, indicating that no valid values can be obtained.
ProcessFileAuthority	String	Process file permission Note: This field may return null, indicating that no valid values can be obtained.
SourceType	Integer	Source. Valid values: `0` (quick scan); `1` (scheduled scan); `2` (real-time monitoring). Note: This field may return null, indicating that no valid values can be obtained.
Tags	Array of String	Tag Note: This field may return null, indicating that no valid values can be obtained.
HarmDescribe	String	Event description Note: This field may return null, indicating that no valid values can be obtained.
SuggestScheme	String	Solution Note: This field may return null, indicating that no valid values can be obtained.
Mark	String	Remarks Note: This field may return null, indicating that no valid values can be obtained.
FileName	String	Suspicious file name Note: This field may return null, indicating that no valid values can be obtained.
FileMd5	String	MD5 checksum of the file Note: This field may return null, indicating that no valid values can be obtained.
EventType	String	Event type Note: This field may return null, indicating that no valid values can be obtained.
PodName	String	Cluster name Note: This field may return null, indicating that no valid values can be obtained.
Status	String	`DEAL_NONE`: Pending. `DEAL_IGNORE`: Ignored. `DEAL_ADD_WHITELIST`: Allowed. `DEAL_DEL`: Deleted. `DEAL_ISOLATE`: Isolated. `DEAL_ISOLATING`: Isolating. `DEAL_ISOLATE_FAILED`: Isolation failed. `DEAL_RECOVERING`: Recovering. `DEAL_RECOVER_FAILED`: Recovery failed. Note: This field may return null, indicating that no valid values can be obtained.
SubStatus	String	Sub-status of the failure: `FILE_NOT_FOUND`: The file does not exist. `FILE_ABNORMAL`: The file is abnormal. `FILE_ABNORMAL_DEAL_RECOVER`: The file is abnormal when recovered. `BACKUP_FILE_NOT_FOUND`: The backup file does not exist. `CONTAINER_NOT_FOUND_DEAL_ISOLATE`: The container does not exist during isolation. `CONTAINER_NOT_FOUND_DEAL_RECOVER`: The container does not exist during recovery. Note: This field may return null, indicating that no valid values can be obtained.
HostIP	String	Private IP Note: This field may return null, indicating that no valid values can be obtained.
ClientIP	String	Public IP Note: This field may return null, indicating that no valid values can be obtained.
PProcessStartUser	String	Parent process initiator Note: This field may return null, indicating that no valid values can be obtained.
PProcessUserGroup	String	User group of the parent process Note: This field may return null, indicating that no valid values can be obtained.
PProcessPath	String	Path of the parent process Note: This field may return null, indicating that no valid values can be obtained.
PProcessParam	String	Command line parameters of the parent process Note: This field may return null, indicating that no valid values can be obtained.
AncestorProcessStartUser	String	Ancestor process initiator Note: This field may return null, indicating that no valid values can be obtained.
AncestorProcessUserGroup	String	Ancestor process user group Note: This field may return null, indicating that no valid values can be obtained.
AncestorProcessPath	String	Ancestor process path Note: This field may return null, indicating that no valid values can be obtained.
AncestorProcessParam	String	Command line parameters of the ancestor process Note: This field may return null, indicating that no valid values can be obtained.
OperationTime	String	Last processing time of the event Note: This field may return null, indicating that no valid values can be obtained.
ContainerNetStatus	String	Container isolation status Note: This field may return null, indicating that no valid values can be obtained.
ContainerNetSubStatus	String	Sub-status of container isolation Note: This field may return null, indicating that no valid values can be obtained.
ContainerIsolateOperationSrc	String	Container isolation operation source Note: This field may return null, indicating that no valid values can be obtained.
CheckPlatform	Array of String	Check platform `1`: Tencent Cloud Security Engine. `2`: tav. `3`: binaryAi. `4`: Unusual behavior. `5`: Threat intelligence. Note: This field may return null, indicating that no valid values can be obtained.
FileAccessTime	String	File accessed time Note: This field may return null, indicating that no valid values can be obtained.
FileModifyTime	String	File modified time Note: This field may return null, indicating that no valid values can be obtained.
NodeSubNetID	String	Node subnet ID
NodeSubNetName	String	Node subnet name
NodeSubNetCIDR	String	Subnet IP range
ClusterID	String	Cluster ID
PodIP	String	Pod IP
PodStatus	String	Pod status
NodeUniqueID	String	UID of the node
NodeType	String	Node type. Values: `NORMAL` (general node), `SUPER` (super node).
NodeID	String	Node ID
ClusterName	String	Cluster name
Namespace	String
WorkloadType	String
RequestId	String	The unique request ID, generated by the server, will be returned for every request (if the request fails to reach the server for other reasons, the request will not obtain a RequestId). RequestId is required for locating a problem.

4. Example

Example1 Querying the trojan information

This example shows you how to query the trojan information.

Input Example

POST / HTTP/1.1
Host: tcss.intl.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: DescribeVirusDetail
<Common request parameters>

{
    "Id": "dskaldjskld"
}

Output Example

{
    "Response": {
        "ImageId": "abc",
        "ImageName": "abc",
        "CreateTime": "abc",
        "Size": 1,
        "FilePath": "abc",
        "ModifyTime": "abc",
        "VirusName": "abc",
        "RiskLevel": "abc",
        "ContainerName": "abc",
        "ContainerId": "abc",
        "HostName": "abc",
        "HostId": "abc",
        "ProcessName": "abc",
        "ProcessPath": "abc",
        "ProcessMd5": "abc",
        "ProcessId": 1,
        "ProcessArgv": "abc",
        "ProcessChan": "abc",
        "ProcessAccountGroup": "abc",
        "ProcessStartAccount": "abc",
        "ProcessFileAuthority": "abc",
        "SourceType": 0,
        "Tags": [
            "abc"
        ],
        "HarmDescribe": "abc",
        "SuggestScheme": "abc",
        "Mark": "abc",
        "FileName": "abc",
        "FileMd5": "abc",
        "EventType": "abc",
        "PodName": "abc",
        "Status": "abc",
        "SubStatus": "abc",
        "HostIP": "abc",
        "ClientIP": "abc",
        "PProcessStartUser": "abc",
        "PProcessUserGroup": "abc",
        "PProcessPath": "abc",
        "PProcessParam": "abc",
        "AncestorProcessStartUser": "abc",
        "AncestorProcessUserGroup": "abc",
        "AncestorProcessPath": "abc",
        "AncestorProcessParam": "abc",
        "OperationTime": "abc",
        "ContainerNetStatus": "abc",
        "ContainerNetSubStatus": "abc",
        "ContainerIsolateOperationSrc": "abc",
        "CheckPlatform": [
            "abc"
        ],
        "FileAccessTime": "abc",
        "FileModifyTime": "abc",
        "NodeSubNetID": "abc",
        "NodeSubNetName": "abc",
        "NodeSubNetCIDR": "abc",
        "ClusterID": "abc",
        "PodIP": "abc",
        "PodStatus": "abc",
        "NodeUniqueID": "abc",
        "NodeType": "abc",
        "NodeID": "abc",
        "ClusterName": "abc",
        "RequestId": "abc"
    }
}

5. Developer Resources

SDK

TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.

Command Line Interface

Tencent Cloud CLI 3.0

6. Error Code

The following only lists the error codes related to the API business logic. For other error codes, see Common Error Codes.

Error Code	Description
InternalError	An internal error occurred.
InternalError.MainDBFail	The database operation failed.
InvalidParameter	The parameter is incorrect.
ResourceNotFound	The resource does not exist.

帮助和支持

本页内容是否解决了您的问题？

您也可以联系销售或提交工单以寻求帮助。

填写满意度调查问卷，共创更好文档体验。

文档反馈

tencent cloud

容器安全服务